Netintercept and SSH Decryption

Brian Densmore DensmoreB at ctbsonline.com
Thu Nov 20 22:12:25 CST 2003 

> -----Original Message-----
> From: Jason Clinton
>
> What product are you talking about? We're not talking about the open
> Internet, here. Cracking SSL requires the ability to easily 
> plant an ARP
> Poison in a router; something you can only do if you are behind the
> router. (Gerald, correct me if I'm wrong.) Cracking SSHv1, OTHO, is
> similar, IIRC. It's called a man in the middle attack.
Well then perhaps 
I misunderstood your post. It clearly led me to believe they were
talking about cracking ssh encrypted data. If you are talking about
about a keystroke logger, that has already been deemed illegal for
employers to spy on their employees that way. I can't refer you to the
particular cases that state that, but I'm sure a google would find them.
Unless my memory is worse than I think (entirely possible).

> 
> I think we have strayed off course. I am talking about the 
> product that
> started this thread that is clearly marketed as a tool for /employers/
> to spy on their /employees/ on /their own networks/. The mere
> possibility that it might be used for something else is 
> irrelevant. The
> intention of the product is made clear by their advertisements.
The intention of the product really isn't relevant in the words of the DMCA.
Intent is not listed anywhere in the DMCA as far as I can remember.
Hence the whole issue with our Russian friends. So based on that decision,
the company may be able to get off the hook as not being criminals, but the
code would be found in violation of the DMCA. 

> 
> Are you claiming that /all/ encryption cracking software is 
> now illegal?
> I assure you, it most certainly is not. I know a lot of people that
> would sooner take up arms before that would happen. ;)
I am not claiming it, but based on the extent of the DMCA it is only
a matter of time until someone does make that claim. After all if a garage
door opener is protected by the DMCA, then certainly decrypting
any code could be a violation. After all the judge only ruled that
they couldn't claim DMCA protection because they didn't specifically
say it was encrypted copyright material. So all anyone would have
to do here is include a signature that says this is an "encrypted copyrighted
data stream don't unencrypt it or face the DMCA police". I am not
saying I agree with the DMCA, just that it is an awfully big stick,
and the best way to get rid of it is to use it in a really utterly
stupid extension that would pass muster in court so as to get the DMCA 
thrown out as unconstitutional (which we all know it is).

More information about the Kclug mailing list