[IP] more on The second sincerest form of flattery
------ Forwarded Message
From: "Dr. A. Michael Berman" <amberman@xxxxxxxxxxxxx>
Date: Thu, 20 Jan 2005 16:34:45 -0800
To: <dave@xxxxxxxxxx>
Subject: RE: [IP] The second sincerest form of flattery
I'm glad to hear that Penn has handled this case appropriately.
According to copyright law, a University does not have to act like an
ISP when it receives a DMCA takedown request the applies to materials
posted by a faculty member (as opposed to most others served by the
institution). There is explicit "safe harbor" language in the
regulations that states that the institution is not responsible for the
infringing material posted by a faculty member, and therefore the
faculty member should deal directly with the claimant without
intervention from the institution. Specifically:
Special Rules Regarding Liability of Nonprofit Educational Institutions
Section 512(e) determines when the actions or knowledge of a faculty
member
or graduate student employee who is performing a teaching or research
function may affect the eligibility of a nonprofit educational
institution for one of the four limitations on liability. As to the
limitations for transitory communications or system caching, the faculty
member or student shall be considered a "person other than the
provider," so as to avoid disqualifying the institution from
eligibility. As to the other limitations, the knowledge or awareness of
the faculty member or student will not be attributed to the institution.
The following conditions must be met:
! the faculty member or graduate student's infringing activities do not
involve providing online access to course materials that were required
or recommended during the past three years;
! the institution has not received more than two notifications over the
past three years that the faculty member or graduate student was
infringing; and
! the institution provides all of its users with informational materials
describing and promoting compliance with copyright law.
This language can be found at
http://www.copyright.gov/legislation/dmca.pdf on p. 13.
> -----Original Message-----
> From: owner-ip@xxxxxxxxxxxxxx [mailto:owner-ip@xxxxxxxxxxxxxx] On
Behalf
> Of David Farber
> Sent: Thursday, January 20, 2005 3:02 AM
> To: Ip
> Subject: [IP] The second sincerest form of flattery
>
>
> ------ Forwarded Message
> From: Matt Blaze <mab@xxxxxxxxxx>
> Date: Wed, 19 Jan 2005 20:53:58 -0500
> To: David Farber <dave@xxxxxxxxxx>
> Subject: The second sincerest form of flattery
>
> One of my research interests is applying the principles of
> "human-scale" security (such as mechanical locks and alarm systems) to
> computer science. Although human-scale systems are almost always
> imperfect, their failure mechanisms are often much more gradual and
> more predictable than their information systems counterparts, and I
> believe that by better understanding why this is we might be able to
> build computer systems that behave in similar ways.
>
> Several particularly interesting illustrations of the phenomenon of
> gradual and predictable security failure can be found in safes and
> vaults. I'm working on a survey paper, tentatively entitled
> "Safecracking for the computer scientist," that I hope will stimulate
> other researchers to think along similar lines. Last month I finished
> a first draft and put it on my web site. (For those who've not seen
> it, it's at http://www.crypto.com/papers/safelocks.pdf )
>
> Although the paper is only of rather narrow interest, a couple of
> weeks ago the wildly popular "Slashdot" news site discovered and
> linked to the draft; somewhere around 50,000 people downloaded the
> (large) pdf file that weekend.
>
> My web server survived Slashdot's attention, but I was somewhat taken
> aback by what happened next.
>
> A couple of years ago I wrote a paper about weaknesses in the
> keyspaces of master-keyed mechanical locks (it marked the beginning of
> my understanding of the similarities between information and physical
> security). Some locksmiths were outraged that I would publish a paper
> "revealing" security vulnerabilities in what they believed to be a
> closed field. See http://www.crypto.com/papers/kiss.html for details,
> but to make a long story short, some locksmiths do not approve of
> disclosing vulnerabilities in locks to the "general public," on the
> grounds that open discussion aids the bad guys more than it helps the
> good guys. (I don't agree -- and the scientific method's requirement
> for open scrutiny and debate does not provide an exemption when the
> subject involves security -- but that's another story for another
> time.)
>
> Perhaps predictably, there has been a similar reaction to my recent
> draft on safe locks. Shortly after Slashdot linked to the paper, one
> or more locksmithing trade groups discovered it as well . The
> response of some locksmiths to the draft has been at least as negative
> as it was to my master keying paper. I've received quite a bit of
> uncomplimentary email from locksmiths, and I'm told that locksmithing
> message boards have recently been abuzz with messages about what a
> scoundrel I must be to again have written such an "unethical" and
> "irresponsible" paper.
>
> Ironically, the theme of my safecracking survey is that while safes
> aren't perfect, they largely meet their requirements, and indeed,
> computer security would do well to emulate their security principles.
> Nothing in my paper (and indeed, no techniques of which I'm aware)
> allow one to quickly open decent quality safes. The paper's
> conclusion is that even if one is fluent in the (not very) secrets of
> the safecracking trade, the measurable security of even relatively
> modest safes allows them to be used quite effectively for their
> intended applications (especially as part of larger security system
> that complement the safes' limitations). I certainly don't think it
> would have been unethical to have published an analysis that reached a
> different conclusion, of course, but my paper as written could hardly
> be considered an attack against the safe industry or its products.
>
> As with the reaction to my master keying paper, many of the complaints
> I've received are self-contradictory and emotionally charged, often
> invoking "homeland security" in unspecified but ominous ways. I've
> developed a thick skin against this sort of thing, and I try not to
> take it personally (although it's a bit disturbing to have so many
> people so angry with me over my work). It's rather like being accused
> of witchcraft; many of the complainers don't seem to be seeking a
> reasoned debate but are instead venting a broder range of unspoken
> frustrations that go well beyond either me or my papers. There is
> simply no effective way to debate on these terms against an angry mob.
>
> In any case, some locksmiths are apparently trying to organize a
> letter writing campaign aimed at various officials at my university,
> and I'm told that my department chair, my dean, the provost, and the
> head of campus security have each received (a handful of) letters
> complaining about me. While Penn's support for the basic principles
> of academic freedom would protect me even if these officials agreed
> that my paper was somehow inappropriate, some of the letter writers
> seem to have unwittingly stumbled upon a weapon that could potentially
> be very effective (in other contexts) at silencing Internet-based
> debate. They have accused me of copyright infringement.
>
> My paper is heavily illustrated with photographs of safe locks and
> their components. Several letters have (accurately) pointed out that
> these photographs are protected by copyright and that by distributing
> my paper I'm also distributing copyrighted material. This, I must
> admit, is entirely correct. But I created every one of the images
> myself, in my own studio, and with my own materials, cameras and
> computers. I arranged the subjects, lit them, and photographed them.
> The results are copyrighted, to be sure, but I hold the copyrights.
>
> Fortunately, my university is not in the habit of removing the online
> papers of its faculty without checking with us first, and my paper has
> remained on my web site unmolested by these spurious copyright claims.
> But it occurs to me that, given the relevant provisions of the DMCA, a
> more timid ISP might have reacted quite differently, choosing instead
> to take down the controversial content until I could prove (or at
> least assert) that I have the rights to the images in question. This
> could take days or even weeks, depending on the level of proof
> demanded. Such a tactic could be a very effective way to harass or
> suppress authors of contraversial material, and, if done with the sort
> of vague wording used in the letters about me, would appear to leave
> the author with no recourse against anybody. The letter writers
> didn't actually claim copyright, but simply raised the issue. An
> ISP (had it over-reacted) could plausibly claim that they were
> simply protecting their interests in quickly taking the questionable
> material offline.
>
> I suspect that, in my case, the organizers of the letter-writing
> campaign were not dishonestly attempting to exploit the DMCA, but
> instead genuinely assumed that I had copied my images from some
> commercial source. A friend suggested that I should take this as a
> compliment; after all, if imitation is the sincerest form of flattery,
> perhaps being accused of copyright infringement is the second
> sincerest.
>
> Matt Blaze
> 19 January 2004
>
>
> ------ End of Forwarded Message
>
>
> -------------------------------------
> You are subscribed as amberman@xxxxxxxxxxxxx
> To manage your subscription, go to
> http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting-
> people/
------ End of Forwarded Message
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/