The copyright cops strike again

Two researchers at a computer security conference are served cease-and-desist orders moments before they're scheduled to speak.

Topics: Copyright, Intellectual Property,

The copyright cops strike again

Score another win for the forces of copyright protection. On Saturday, two computer science students decided to cancel their presentation to a security conference in Atlanta after they were threatened with prosecution under, among other statutes, the Digital Millennium Copyright Act.

The researchers, Billy Hoffman and Virgil Griffith, were scheduled to talk about possible security vulnerabilities in the Blackboard Transaction System, a computerized debit-card system widely used on college campuses. But on Friday Blackboard obtained a temporary restraining order against Hoffman and Griffith, preventing them from presenting their findings; the pair were also sent cease-and-desist letters threatening further legal action. In addition, Blackboard’s attorneys sent a cease-and-desist letter to the organizer of the conference — a person who goes by the name “Rockit” — letting him know that he too could face prosecution if he allowed Hoffman and Griffith to present their findings at the event, an annual gathering of hackers known as Interz0ne.

Instead of the scheduled discussion, several hundred conference attendees were read the cease-and-desist letter, said Scott Milliken, an attendee. Attendees said they saw the case as a clear infringement on the First Amendment rights of the two students, and they contacted the Electronic Frontier Foundation and Lawrence Lessig, a Stanford law professor who specializes in copyright issues, seeking advice on what to do next.

Representatives for Blackboard balked at the claim that they were stifling free speech. They portrayed the students as being substantially different from mere security researchers. “I’ve met one of the individuals at a trade show, and he was a very nice young gentleman, but his definition of ‘research’ was very different from ours,” said Greg Baker, Blackboard’s vice president of product development. “The things these people are doing are not what I’d call research but is closer to damage — kind of like you or I going to an ATM machine and cutting the phone line and then listening in as to what happens on it. It’s them of their own volition doing damage to physical cables.”

“The local Bank of America,” added Michael Stanton, a spokesman for the firm, “may have a physical bank machine at its location, and if I were to publish a guide to take it apart, telling you how to pull apart a circuit board and monitor the history of what transactions take place, I think it certainly does not fall under the guise of research and it’s not an inherent security issue, either.”

The Blackboard system — known as CampusWide — allows students to use debit cards to conduct transactions at their college campuses: at dining halls, on vending machines, and in laundry rooms, among other places. Neither Hoffman nor Griffith could be immediately contacted for comment.

Hoffman, a computer engineering student at Georgia Tech who goes by the name “Acidus,” published his first exposé on security flaws he says he found in Blackboard in 2002, in the spring issue of 2600 magazine. The article, titled “CampusWide Wide Open,” seems to draw on published technical specifications of the system and on interviews with Blackboard experts to conclude that “there are several ways to cheat the system” and that it is “horribly insecure.”

Hoffman also writes about times he physically broke in to Blackboard equipment on campus. “This metal box has a handle and a lock,” he writes of one Blackboard device, “but the front of the handle and lock assemble has 4 flat head screws. I used a cheap metal knife and opened this locked box. Inside I found the LCM [Laundry Center Multiplexes] that controlled the laundry room I was in. Everything had ‘AT&T CampusWide Access Solution’ written on it, as well as lots of Motorola chips. Sadly this was early in my investigation, and I haven’t gone back to look again.”

You Might Also Like

Although he does not indicate that he has done any of these things, Hoffman tells how a person might be able to fool the system to “get another load of wash” in a laundry room, say, or to “make the Coke machine think money has been paid” and cause it to “spit out a Coke!” Hoffman writes, “You fool door readers as well if you could get to the wires that go from the reader and go to the magnet holding the door shut. Just send the correct pulses.”

According to a timeline of his research posted on the Web, Hoffman called the company to tell them of his findings and was “blown off.” Only then, he says, did he publish them. After Blackboard learned of his article, officials at Hoffman’s college questioned him — “I basically got reamed” — about his research, but the campus police did not file any charges against him.

On its face, the case is similar to one involving Ed Felten, a computer science professor at Princeton, who in 2001 declined to present his findings of security flaws in technology meant to secure music files after attorneys for the recording industry seemed to suggest they’d sue him under the DMCA. The recording industry’s apparent threat caused civil libertarians to say that the DMCA should be struck down because it threatened legitimate academic research, but the recording industry, in a sudden about-face, announced that it had never had any intention of suing Felten. A judge later dismissed Felten’s efforts to have a court rule that the recording industry never had a case in the first place.

This case is somewhat different from the Felten case, however, in that Blackboard is claiming violations not just of the DMCA but also of less controversial state and federal computer security laws; some of the research that Hoffman and Griffith did might have involved breaking in to systems on campus, an act that might be illegal under those other laws. Attorneys at the Electronic Frontier Foundation said they were investigating the case in order to decide whether the group should become involved.

“We’re concerned right off the bat when we hear of speakers at a conference being served with a [temporary restraining order] moments before they’re supposed to speak,” said Wendy Seltzer, an attorney at the EFF. “It’s the kind of thing that makes us nervous.”

One attendee at the conference — an engineer who goes by the name “Decius” — said that after the cease-and-desist letter was read to the group, “a few of us got up and decided that the best thing that we could do was to make as many people aware of what happened as possible. In addition to contacting the press, several individuals said they wished to contact universities using the system to say they were unhappy to hear it was not secure and were unhappy to hear that the company was behaving in this manner.”

Decius added: “We live in a society in which we are increasingly dependent on this high-tech infrastructure which our lives are arranged around, and if we can’t take these things apart and understand how they work, then I think we have a very serious threat to our freedom.”

A courtroom hearing on whether to make the temporary restraining orders against the two students permanent will be held Thursday.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 13
  • Close
  • Fullscreen
  • Thumbnails

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    Young Daya has yet to become entirely jaded, but she has the character's trademark skeptical pout down pat. And with a piece-of-work mother like Aleida -- who oscillates between jealousy and scorn for her creatively gifted daughter, chucking out the artwork she brings home from summer camp -- who can blame her?

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    With her marriage to prison penpal Vince Muccio, Lorna finally got to wear the white veil she has fantasized about since childhood (even if it was made of toilet paper).

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    Cindy's embrace of Judaism makes sense when we see her childhood, lived under the fist of a terrifying father who preached a fire-and-brimstone version of Christianity. As she put it: "I was raised in a church where I was told to believe and pray. And if I was bad, I’d go to hell."

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    Joey Caputo has always tried to be a good guy, whether it's offering to fight a disabled wrestler at a high school wrestling event or giving up his musical ambitions to raise another man's child. But trying to be a nice guy never exactly worked out for him -- which might explain why he decides to take the selfish route in the Season 3 finale.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    In one of the season's more moving flashbacks, we see a young Boo -- who rejected the traditional trappings of femininity from a young age -- clashing with her mother over what to wear. Later, she makes the decision not to visit her mother on her deathbed if it means pretending to be something she's not. As she puts it, "I refuse to be invisible, Daddy. Not for you, not for Mom, not for anybody.”

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    We still don't know what landed Brooke Soso in the slammer, but a late-season flashback suggests that some seriously overbearing parenting may have been the impetus for her downward spiral.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    We already know a little about Poussey's relationship with her military father, but this season we saw a softer side of the spunky fan-favorite, who still pines for the loving mom that she lost too young.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    Pennsatucky had something of a redemption arc this season, and glimpses of her childhood only serve to increase viewer sympathy for the character, whose mother forced her to chug Mountain Dew outside the Social Security Administration office and stripped her of her sexual agency before she was even old enough to comprehend it.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    This season, we got an intense look at the teenage life of one of Litchfield's most isolated and underexplored inmates. Rebuffed and scorned by her suitor at an arranged marriage, the young Chinese immigrant stored up a grudge, and ultimately exacted a merciless revenge.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    It's difficult to sympathize with the racist, misogynist CO Sam Healy, but the snippets we get of his childhood -- raised by a mentally ill mother, vomited on by a homeless man he mistakes for Jesus when he runs to the church for help -- certainly help us understand him better.

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    This season, we learned a lot about one of Litchfield's biggest enigmas, as we saw the roots of Norma's silence (a childhood stutter) and the reason for her incarceration (killing the oppressive cult leader she followed for decades).

    The 12 most incredible pint-size look-alikes in "Orange Is the New Black" season 3

    While Nicki's mother certainly isn't entirely to blame for her daughter's struggles with addiction, an early childhood flashback -- of an adorable young Nicki being rebuffed on Mother's Day -- certainly helps us understand the roots of Nicki's scarred psyche.

  • Recent Slide Shows



Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>