That attitude is naive--even dangerous--in a society that must deal with the risk of cyberterrorism, the cost of identity theft, and the loss of essential services such as electricity and telephones caused by a tool that was developed without considering what the tool might be used for.
The changing views of acceptable behavior have even reached college campuses. Actions that were once accepted, or at least tolerated, at universities are not considered cool any longer, students say. Eric Ogren, a computer-science major at Stanford University, says breaking into computer systems, even without doing any damage, is "pretty frowned upon now around here." But Ogren says there are still plenty of students who hack their own systems and software to learn or to improve security. "There's a lot of that going on, especially here with research into security or just seeing how things work," he says. But the Digital Millennium Copyright Act has changed the way students and others view their activities. "I don't know too many fans of the DMCA," Ogren says.
The DMCA has tempered discussion of security research since its passage in 1998. Researchers began pulling some security tools off their Web sites following the arrest of Russian programmer Dmitry Skyarov at the DefCon security convention in July 2001. Skyarov developed a program published by ElcomSoft Ltd. that made it possible to convert encrypted Adobe Acrobat eBook Reader files into unprotected Adobe PDF files.
A few months earlier, a team of security researchers from Princeton University, Rice University, and Xerox decided not to publicly present research that they had completed on circumventing watermark techniques for digital music. The research was the result of a challenge issued by the Secure Digital Music Initiative, a consortium of companies trying to create open protection specifications. The SDMI tried to block disclosure of the research, saying the DMCA might be applied if the research were disclosed.
In August 2002, Hewlett-Packard sent a memo to a security-research firm, Secure Network Operations Inc. (better known as SnoSoft), citing the DMCA and threatening legal action after the group published code that exposed a serious hole in HP's Tru64 Unix operating system. Ultimately, HP took no legal action.
