Netintercept and SSH Decryption

Jason Clinton me at jasonclinton.com
Thu Nov 20 21:34:08 CST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Densmore wrote:

| First off, no you are not reading my interpretation the way I meant
| it, but close. Secondly, I'm trying to think like a lawyer here.
| Thirdly, to say that a company that is transmitting copyrighted
| material is not trying to protect that material from copying is just
| not valid. If I >am writing a new super-duper-fantastic video game
| and I transmit that >source code from my home office to the physical
| office for compilation and testing, I most certainly *do not* want
| software pirates stealing my code and releasing it across the
| internet! This is clearly a valid use of the DMCA to use encryption
| (in the form of ssh) across the internet to protect copyrighted
| material from duplication. Also, 'sniffing' data from the internet is
| definitely not legal unless you have permission to do so from the
| parties you are sniffing. Just as it is illegal to tap into someone's
| phone line without a warrant or permission. There is nothing in the
| DMCA that say you must be the author of the encryption method you use
| to encrypt data. The fact that the >company may be trying to sell
| software that may have legitimate uses under the DMCA doesn't alter
| the fact that it could be used by persons unknown >for uses that *do*
| violate the DMCA and thus they are violating the DMCA.

What product are you talking about? We're not talking about the open
Internet, here. Cracking SSL requires the ability to easily plant an ARP
Poison in a router; something you can only do if you are behind the
router. (Gerald, correct me if I'm wrong.) Cracking SSHv1, OTHO, is
similar, IIRC. It's called a man in the middle attack.

I think we have strayed off course. I am talking about the product that
started this thread that is clearly marketed as a tool for /employers/
to spy on their /employees/ on /their own networks/. The mere
possibility that it might be used for something else is irrelevant. The
intention of the product is made clear by their advertisements.

Are you claiming that /all/ encryption cracking software is now illegal?
I assure you, it most certainly is not. I know a lot of people that
would sooner take up arms before that would happen. ;)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Understand the importance of encryption:

iD8DBQE/vSU+tSqjk42zvwkRAorqAJ4tHiuF8pIQLjI7qz9sIKQe7dLdDwCg3bD/
1GoUPq7bkIJ+lj7mnIA0vV0=
=gIsH
-----END PGP SIGNATURE-----

More information about the Kclug mailing list