[Free-sklyarov-uk] [Fwd: RE: ebooks] WHSmith on their ebooks

David Haworth david.haworth at fen-net.de
Thu, 20 Dec 2001 23:13:02 +0100

Previous message: [Free-sklyarov-uk] [Fwd: RE: ebooks] WHSmith on their ebooks
Next message: [Free-sklyarov-uk] [Fwd: RE: ebooks] WHSmith on their ebooks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--f2QGlHpHGjS2mn6Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 20, 2001 at 12:44:54PM +0000, Edward Welbourne wrote:
> [Quoth someone else]
> > Under current UK law, the eBook encryption is (imo, but ianal)
> > breaking the bit of law linked to above
>=20
> of even this I remain unconvinced.  The relevant bit of law says stuff
> about what the purchaser can do with the purchased work.

If I have to crack the encryption in order to sell the book as a
usable item, then I'm explicitly allowed to by that law.

> What might be interesting, though: the law may very well say things
> about how the first purchaser can only sell the work on `in its
> original condition'

AFAIK the law says no such thing. There are "conditions of sale"
printed on the inside cover of most books that say something
similar, but they're as enforcable as software EULAs (ie not at
all).  No-one takes any notice of them.

> Subsequently, those saved bytes can be used by a
> robot which will serve up the e-book to any reader which asks, without
> involving the vendor.  Again, no problem: utterly mundane attack; in
> the literature, but any idiot could have thought of it.

The problem with all these so-called secure copy protection
systems is that they weren't designed by cryptographers. On the
odd occasion that cryptographers have been involved, their
advice ("This can't possibly work"[1]) has been ignored.
Here's a good one: There's a document on the AAP website
that is attempting to specify some kind of DRM system. One
part of it made me fall off my chair laughing. There's a
cryptographic system used to detect if a book has been
changed (like the md5 checksum does). I'm not commenting on how
secure their checksum is, only on the author's method of testing
said system. He adds a single space character to the file,
and notices that the checksum is different and so the change
is detectable. What's so stupid about that is that a single
bit checksum (parity bit) would have spotted that change.
But the parity bit would fail to spot 2 extra spaces, whereas
it would be very difficult to create any other document
with the same md5 checksum. But we're not told anything
about this proposed system - the single-space test is the
only test result quoted.
These people are so clueless that they don't see
what's wrong with their methods, and they continue to
believe that if they can't read or modify the file, neither
can anyone else.

[1] the only way it can possibly work is for the user's
device to be securely tamper-proof. But then nobody
would buy one.

End of rant. Sorry about that

Dave

--=20
David Haworth                                            dave at fen-net.de
Baiersdorf, Germany.                     http://home.graffiti.net/pogue/

--f2QGlHpHGjS2mn6Y
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8ImJsHM6a+0rWdYoRAqXyAKDSShMIpZ01vFSAMVZU1ejWV/LjMACeMJid
oHNahVozSew9XNn/4VLe1jU=
=WEEj
-----END PGP SIGNATURE-----

--f2QGlHpHGjS2mn6Y--

Previous message: [Free-sklyarov-uk] [Fwd: RE: ebooks] WHSmith on their ebooks
Next message: [Free-sklyarov-uk] [Fwd: RE: ebooks] WHSmith on their ebooks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]