Cracker education site folds on DMCA threat

Fair Use provision too shaky to stand on

  • alert
  • submit to reddit

Build a business case: developing custom apps

The threat of legal action can be an effective, preemptive weapon in the ever-shifting front lines of copyright law, as the well-known (and now former) cracker-education Web site Icefortress.com has recently learned. The ICE crew have decided to pack up their operation rather than defend a lengthy court battle threatened by on-line porno billing outfit IBILL, a frequent, and fairly challenging, target for password crackers.

The Icefortress site, which had been on line for approximately two years, included a guest area with a forum where newbies could post questions, a download area where they could obtain tools such as password-list manipulators and brute-force cracking applications (many developed by members of the ICE crew), a news page, and a collection of essays and tips on various aspects of Net security and cracking Web sites.

The Icefortress crew believes that the issue for IBILL was an outdated essay on the site's guest area, written by a former member, containing a brief tip, not on methods of cracking IBILL-protected sites, but merely on how to prevent IBILL from detecting one's real IP. IBILL, according to the essay's author, Lucifer Fallen, connects to one's security port; it is therefore advisable to see that a proxy is loaded there if one wishes to remain anonymous.

While the objectionable information in this case might well be ruled by a court to be too general to qualify as a violation of trade secrets or the skirting of technical access controls, the ICE crew feel they have neither the resources nor the time to test it and find out firsthand. It would not be the first time that a controversial Web site has been forced to close shop because the operators had not the means to fight a court challenge by a well-heeled opponent.

From IBILL's point of view, the issue is quite clear. A sufficiently large compilation of non-proprietary, original information, however un-artistic it may be, can be copyrighted under US law. This might include such dry items as work products, technical standards, a customer database and the like. Password cracking can easily lead to a compromise of such data; therefore, the skirting of access controls can be taken as a copyright violation under the Digital Millennium Copyright Act (DMCA).

"If I have copyrighted material protected by a password device, and a third party circumvents that password device, he is committing a violation and causing economic harm," IBILL Director of Intellectual Property Edward Cherry told The Register in no uncertain terms.

The dispute with Icefortress.com "appears to have been amicably resolved through diligent representation by [IBILL attorney] Steven Workman," Cherry added, making reference to the fact that the site has been taken down. He warned that "any password site that we find will be dealt with accordingly."

Attorney Workman did have an impressive attack in mind. A memo from him to Icefortress' former host, Xyrid, which The Register has obtained, suggests the plan.

"The operator of this site, and all persons or entities which facilitate dissemination of this protected information, are subject to civil and criminal liability under the Digital Millennium Copyright Act," Workman wrote.

It was that appeal to the DMCA, the full implications of which have yet to be explored in the courts, that aroused The Register's interest in this case.

Workman believes that the DMCA, which makes it illegal to circumvent any technical access control protecting copyrighted material, also protects compiled data as it does the more traditional items such as artistic works and proprietary information.

"I would argue that once behind a password-protected area, everything might be copyrightable," Workman told The Register.

"The [full] reach of the DMCA hasn't been tested" in the courts yet, Workman said, but added that he would be "more than happy to test it" himself.

All that makes sense, but it does leave the issue of 'Fair Use' well up in the air. The DMCA's most glaring internal inconsistency is the fact that it outlaws the skirting of technical controls protecting copyrighted material, while at the same time asserting in very plain language that nothing in the Act may be construed to hamper the fair use of copyrighted material.

Thus, if the desired information is protected by an access control, it becomes a crime to exercise the very fair use which the Act defends - clearly an unintentional paradox which will need to be repaired in the courts as the Act is invoked in future legal disputes.

The frustrating contradiction, or felicitous loophole, depending on which side of the fence you sit, becomes relevant here when we consider that in the case of IBILL, the only way to get a look at their copyrighted material for the perfectly legitimate purposes of writing a critique or analysis of their security methods would be to crack their security in the first place.

'Copyrighted' and 'secret' are two very different things. While it is clear that proprietary information is secret, and anyone making it public is liable to legal action; IBILL is not claiming that the information ICE published is proprietary, but merely copyrighted.

Copyrighted material, as distinct from proprietary trade secrets, has always been recognised as fair game for publication within certain, long-established limitations under the principle of fair use.

An entire work may not be reproduced; no part of it may be sold by a third party without permission; the copyright holder must be acknowledged when snippets are published; and so on. But parts of a copyrighted body of work may indeed be reproduced freely for purposes of criticism, analysis or argumentation, a use which we believe the offending essay at Icefortress represented.

Thus the essay might well have survived in court as a legitimate analysis of IBILL security under the rules of fair use; though if not, at least the DMCA would have got a decent test in the field, which it very much needs.

Attorney Workman indicates that he's eager to give it a go at the first opportunity he receives, and we fully expect to see him doing so in the near future; but for the Icefortress crew, a lack of financial resources means that a largely untested, and patently defective, piece of federal legislation has become the occasion for a sudden curtain call. ®

Related Story

Linux users protest DVD regs on Capitol Hill

Next gen security for virtualised datacentres

More from The Register

next story
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Microsoft exits climate denier lobby group
ALEC will have to do without Redmond, it seems
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.