Intellectual "Property" in the Digital Age
Frank Field
Links Home : IP Controversies : HP and SnoSoft

Suggest a link for this category

[30 hits, 1 votes, Average Rating 0.00] [Added: 19th Aug 2002]

InfoWorld; P. J. Connolly; August 19, 2002.

The pitiful thing is that copyright law is only going to become more absurd if some interests get their way; just punch "Fritz chip" into Google and you'll see exactly what I mean. We live in a world where "fair use" is taking a back seat to the deep pockets of industry.

We know that we can't depend on hardware and software vendors to deliver secure products or be upfront about risks and responsibility. But if a neighbor knocked on your door and pointed out that your barn was on fire, you'd thank him -- not threaten him with a trespassing charge.

Rate this:
-Hewlett Packard's Troubling Attempt to Use the Digital Millenium Copyright Act in the Computer
[26 hits, 0 votes, Average Rating 0] [Added: 14th Aug 2002]

Findlaw's Writ; Brad Levang; August 14, 2002.

In late July, Hewlett Packard sent a letter to SnoSoft threatening to sue the company for the actions of their employee for posting a link to the code. HP threatened, in particular, to invoke the Digital Millennium Copyright Act (DMCA) - thereby marking one of the first attempts to invoke the DMCA in a computer security context. Moreover, it threatened SnoSoft employees with $500,000 fines and 5 years in jail when the DMCA case went to court.

On August 2, HP informed the world that it was not going to pursue legal action against SnoSoft. But it appears to have done so as a result of public pressure - not because it is backing down on its aggressive interpretation of the DMCA to reach SnoSoft.

HP's attempt at applying the DMCA in a new context supports opponents' fears of the controversial Act. It also underlines the importance of the public's speaking out against abuses of the DMCA.

Rate this:
-HP Exploit Suit Threat Has Holes
[36 hits, 0 votes, Average Rating 0] [Added: 4th Aug 2002]; Bruce McWilliams; August 2, 2002.

In a novel legal argument, HP claimed SnoSoft violated the 1998 Digital Millennium Copyright Act when one of its researchers released an exploit in mid-July that could give remote attackers control of systems running HP's Tru64 Unix operating system. In a July 29 letter to SnoSoft, HP warned that the incident exposed SnoSoft to potential imprisonment and half a million dollars in fines.

... By threatening SnoSoft with legal action, HP has awkwardly stepped into the middle of the debate over what security professionals call "full disclosure." At issue is what constitutes the responsible handling of vulnerable information.

To SnoSoft co-founder Adriel T. Desautels, the bizarre timing of Bobco's request for Neohapsis' OpenSSL exploit code was like a slap in the face.

"I almost feel insulted by it. We offered to work with HP and help them harden their systems in a big way. Yet HP refused our help. And now they are out digging for exploit code?" Desautels said Thursday.

Rate this:
-HP withdraws DMCA threat
[29 hits, 0 votes, Average Rating 0] [Added: 4th Aug 2002]

The Register; John Leyden; August 2, 2002.

In a statement released yesterday, the firm withdrew threats of using the Act against Snosoft, a loose confederation of security researchers who publicised a serious, and as yet unfixed, buffer overflow bug within the su utility of Tru 64.

HP states that it has verified the vulnerability, details of which, it says, was brought to its attention on July 18 (a date disputed by Snosoft, incidentally), and promises to release a fix for the problem within the next 48 hours.

...Faced with a backlash from developers and activists - and the prospect of plunging itself into a public relations nightmare - HP has backed down, like Adobe before it. At least in this case HP acted swiftly to withdraw its threats, before the Feds got involved...

Rate this:
-Security warning draws DMCA threat
[25 hits, 0 votes, Average Rating 0] [Added: 31st Jul 2002]

CNet News; Declan McCullagh; July 30, 2002. Slashdot discussion: HP Uses DMCA To Quash Vulnerability Publication

Invoking both the controversial 1998 DMCA and computer crime laws, HP has threatened to sue a team of researchers who publicized a vulnerability in the company's Tru64 Unix operating system.

In a letter sent on Monday, an HP vice president warned SnoSoft , a loosely organized research collective, that it "could be fined up to $500,000 and imprisoned for up to five years" for its role in publishing information on a bug that lets an intruder take over a Tru64 Unix system.

HP's dramatic warning appears to be the first time the DMCA has been invoked to stifle research related to computer security. Until now, it's been used by copyright holders to pursue people who distribute computer programs that unlock copyrighted content such as DVDs or encrypted e-books.

LawMeme writeup
Rate this:
-SnoSoft WWW page
[27 hits, 0 votes, Average Rating 0] [Added: 31st Jul 2002]

SnoSoft's WWW page:

Secure Network Operations, Inc. (SNOsoft) provides highly detailed security research to both public and private parties. Our advisory release policy is full disclosure unless bound by contract. Secure Network Operations is home to the Cerebrum Project which focuses on software and system vulnerability discoveries, supported by proof of concept code development and release. Network penetration and topology revision services are also available. Please contact Adriel Desautels or Kevin Finisterre at for more information on offered services or custom service inqueries.

Rate this:

Digital IP Links Home | Search Links | New Links | Popular Links | Top Rated | Admin Login | Powered by ssLinks v1.22