Feeds

Cracker education site folds on DMCA threat

Fair Use provision too shaky to stand on

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

The threat of legal action can be an effective, preemptive weapon in the ever-shifting front lines of copyright law, as the well-known (and now former) cracker-education Web site Icefortress.com has recently learned. The ICE crew have decided to pack up their operation rather than defend a lengthy court battle threatened by on-line porno billing outfit IBILL, a frequent, and fairly challenging, target for password crackers.

The Icefortress site, which had been on line for approximately two years, included a guest area with a forum where newbies could post questions, a download area where they could obtain tools such as password-list manipulators and brute-force cracking applications (many developed by members of the ICE crew), a news page, and a collection of essays and tips on various aspects of Net security and cracking Web sites.

The Icefortress crew believes that the issue for IBILL was an outdated essay on the site's guest area, written by a former member, containing a brief tip, not on methods of cracking IBILL-protected sites, but merely on how to prevent IBILL from detecting one's real IP. IBILL, according to the essay's author, Lucifer Fallen, connects to one's security port; it is therefore advisable to see that a proxy is loaded there if one wishes to remain anonymous.

While the objectionable information in this case might well be ruled by a court to be too general to qualify as a violation of trade secrets or the skirting of technical access controls, the ICE crew feel they have neither the resources nor the time to test it and find out firsthand. It would not be the first time that a controversial Web site has been forced to close shop because the operators had not the means to fight a court challenge by a well-heeled opponent.

From IBILL's point of view, the issue is quite clear. A sufficiently large compilation of non-proprietary, original information, however un-artistic it may be, can be copyrighted under US law. This might include such dry items as work products, technical standards, a customer database and the like. Password cracking can easily lead to a compromise of such data; therefore, the skirting of access controls can be taken as a copyright violation under the Digital Millennium Copyright Act (DMCA).

"If I have copyrighted material protected by a password device, and a third party circumvents that password device, he is committing a violation and causing economic harm," IBILL Director of Intellectual Property Edward Cherry told The Register in no uncertain terms.

The dispute with Icefortress.com "appears to have been amicably resolved through diligent representation by [IBILL attorney] Steven Workman," Cherry added, making reference to the fact that the site has been taken down. He warned that "any password site that we find will be dealt with accordingly."

Attorney Workman did have an impressive attack in mind. A memo from him to Icefortress' former host, Xyrid, which The Register has obtained, suggests the plan.

"The operator of this site, and all persons or entities which facilitate dissemination of this protected information, are subject to civil and criminal liability under the Digital Millennium Copyright Act," Workman wrote.

It was that appeal to the DMCA, the full implications of which have yet to be explored in the courts, that aroused The Register's interest in this case.

Workman believes that the DMCA, which makes it illegal to circumvent any technical access control protecting copyrighted material, also protects compiled data as it does the more traditional items such as artistic works and proprietary information.

"I would argue that once behind a password-protected area, everything might be copyrightable," Workman told The Register.

"The [full] reach of the DMCA hasn't been tested" in the courts yet, Workman said, but added that he would be "more than happy to test it" himself.

All that makes sense, but it does leave the issue of 'Fair Use' well up in the air. The DMCA's most glaring internal inconsistency is the fact that it outlaws the skirting of technical controls protecting copyrighted material, while at the same time asserting in very plain language that nothing in the Act may be construed to hamper the fair use of copyrighted material.

Thus, if the desired information is protected by an access control, it becomes a crime to exercise the very fair use which the Act defends - clearly an unintentional paradox which will need to be repaired in the courts as the Act is invoked in future legal disputes.

The frustrating contradiction, or felicitous loophole, depending on which side of the fence you sit, becomes relevant here when we consider that in the case of IBILL, the only way to get a look at their copyrighted material for the perfectly legitimate purposes of writing a critique or analysis of their security methods would be to crack their security in the first place.

'Copyrighted' and 'secret' are two very different things. While it is clear that proprietary information is secret, and anyone making it public is liable to legal action; IBILL is not claiming that the information ICE published is proprietary, but merely copyrighted.

Copyrighted material, as distinct from proprietary trade secrets, has always been recognised as fair game for publication within certain, long-established limitations under the principle of fair use.

An entire work may not be reproduced; no part of it may be sold by a third party without permission; the copyright holder must be acknowledged when snippets are published; and so on. But parts of a copyrighted body of work may indeed be reproduced freely for purposes of criticism, analysis or argumentation, a use which we believe the offending essay at Icefortress represented.

Thus the essay might well have survived in court as a legitimate analysis of IBILL security under the rules of fair use; though if not, at least the DMCA would have got a decent test in the field, which it very much needs.

Attorney Workman indicates that he's eager to give it a go at the first opportunity he receives, and we fully expect to see him doing so in the near future; but for the Icefortress crew, a lack of financial resources means that a largely untested, and patently defective, piece of federal legislation has become the occasion for a sudden curtain call. ®

Related Story

Linux users protest DVD regs on Capitol Hill

Top three mobile application threats

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.