Cracker education site folds on DMCA threat
Fair Use provision too shaky to stand on
The threat of legal action can be an effective, preemptive weapon in the ever-shifting front lines of copyright law, as the well-known (and now former) cracker-education Web site Icefortress.com has recently learned. The ICE crew have decided to pack up their operation rather than defend a lengthy court battle threatened by on-line porno billing outfit IBILL, a frequent, and fairly challenging, target for password crackers.
The Icefortress site, which had been on line for approximately two years, included a guest area with a forum where newbies could post questions, a download area where they could obtain tools such as password-list manipulators and brute-force cracking applications (many developed by members of the ICE crew), a news page, and a collection of essays and tips on various aspects of Net security and cracking Web sites.
The Icefortress crew believes that the issue for IBILL was an outdated essay on the site's guest area, written by a former member, containing a brief tip, not on methods of cracking IBILL-protected sites, but merely on how to prevent IBILL from detecting one's real IP. IBILL, according to the essay's author, Lucifer Fallen, connects to one's security port; it is therefore advisable to see that a proxy is loaded there if one wishes to remain anonymous.
While the objectionable information in this case might well be ruled by a court to be too general to qualify as a violation of trade secrets or the skirting of technical access controls, the ICE crew feel they have neither the resources nor the time to test it and find out firsthand. It would not be the first time that a controversial Web site has been forced to close shop because the operators had not the means to fight a court challenge by a well-heeled opponent.
From IBILL's point of view, the issue is quite clear. A sufficiently large compilation of non-proprietary, original information, however un-artistic it may be, can be copyrighted under US law. This might include such dry items as work products, technical standards, a customer database and the like. Password cracking can easily lead to a compromise of such data; therefore, the skirting of access controls can be taken as a copyright violation under the Digital Millennium Copyright Act (DMCA).
"If I have copyrighted material protected by a password device, and a third party circumvents that password device, he is committing a violation and causing economic harm," IBILL Director of Intellectual Property Edward Cherry told The Register in no uncertain terms.
The dispute with Icefortress.com "appears to have been amicably resolved through diligent representation by [IBILL attorney] Steven Workman," Cherry added, making reference to the fact that the site has been taken down. He warned that "any password site that we find will be dealt with accordingly."
Attorney Workman did have an impressive attack in mind. A memo from him to Icefortress' former host, Xyrid, which The Register has obtained, suggests the plan.
"The operator of this site, and all persons or entities which facilitate dissemination of this protected information, are subject to civil and criminal liability under the Digital Millennium Copyright Act," Workman wrote.
It was that appeal to the DMCA, the full implications of which have yet to be explored in the courts, that aroused The Register's interest in this case.
Workman believes that the DMCA, which makes it illegal to circumvent any technical access control protecting copyrighted material, also protects compiled data as it does the more traditional items such as artistic works and proprietary information.
"I would argue that once behind a password-protected area, everything might be copyrightable," Workman told The Register.
"The [full] reach of the DMCA hasn't been tested" in the courts yet, Workman said, but added that he would be "more than happy to test it" himself.
All that makes sense, but it does leave the issue of 'Fair Use' well up in the air. The DMCA's most glaring internal inconsistency is the fact that it outlaws the skirting of technical controls protecting copyrighted material, while at the same time asserting in very plain language that nothing in the Act may be construed to hamper the fair use of copyrighted material.
Thus, if the desired information is protected by an access control, it becomes a crime to exercise the very fair use which the Act defends - clearly an unintentional paradox which will need to be repaired in the courts as the Act is invoked in future legal disputes.
The frustrating contradiction, or felicitous loophole, depending on which side of the fence you sit, becomes relevant here when we consider that in the case of IBILL, the only way to get a look at their copyrighted material for the perfectly legitimate purposes of writing a critique or analysis of their security methods would be to crack their security in the first place.
'Copyrighted' and 'secret' are two very different things. While it is clear that proprietary information is secret, and anyone making it public is liable to legal action; IBILL is not claiming that the information ICE published is proprietary, but merely copyrighted.
Copyrighted material, as distinct from proprietary trade secrets, has always been recognised as fair game for publication within certain, long-established limitations under the principle of fair use.
An entire work may not be reproduced; no part of it may be sold by a third party without permission; the copyright holder must be acknowledged when snippets are published; and so on. But parts of a copyrighted body of work may indeed be reproduced freely for purposes of criticism, analysis or argumentation, a use which we believe the offending essay at Icefortress represented.
Thus the essay might well have survived in court as a legitimate analysis of IBILL security under the rules of fair use; though if not, at least the DMCA would have got a decent test in the field, which it very much needs.
Attorney Workman indicates that he's eager to give it a go at the first opportunity he receives, and we fully expect to see him doing so in the near future; but for the Icefortress crew, a lack of financial resources means that a largely untested, and patently defective, piece of federal legislation has become the occasion for a sudden curtain call. ®
Sponsored: 2016 Cyberthreat defense report