|
||||||||||
|
||||||||||
This is an unofficial archive site only. It is no longer maintained.
You can not post comments. You can not make an account. Your email
will not be read. Please read this
page or the footnote if you have questions. |
||||||||||
This week, Mr. Alan Cox, the chief maintainer of the Linux kernel series 2.2, put out kernel 2.2.20-pre11 with a changelog claiming that some of the fixes were "censored in accordance with the US DMCA". In other words, security fixes in the Linux kernel were being kept secret from Linux users. This article analyzes his actions and reaches some interesting conclusions.
|
|||||||||||||||
Although initially Mr. Cox's censorship affected all Linux users around the world equally, he and kernel developer Rik Van Riel hoped to establish a non-US website, somehow inaccessible to US readers, where uncensored changelogs could be posted in the future. (Update: This is now online at http://www.thefreeworld.net/non-US/.) He said that until the DMCA is overturned, "US citizens will have to guess about security issues [in the Linux kernel]."
The reference to the DMCA being overturned is revealing. Mr. Cox wants this to happen, and his little tinpot emperor censorship game is intended, in his apparently delusional mind, as a powerful political statement toward that end. It does not seem to have occurred to him, in his current seemingly megalomaniacal state, that members of the US Congress probably do not use Linux, and even those few Congressional staffers who might know what Linux is probably don't build their own kernels, and so will never know about Mr. Cox's protest. The only thing Mr. Cox has achieved, or has any chance of achieving, by his action is to annoy US-based Linux users -- which is probably quite all right with him, safely out of reach in England, with his typical English resentment of the former colonies who have long since outstripped England in world influence. Mr. Cox has attempted to support his ridiculous and obviously politically-motivated censorship with the claim that his decision was based on legal advice (implying that he fears that documenting security-related kernel fixes places him at risk of being prosecuted under the DMCA's anti-circumvention provisions), but this seems highly unlikely to be true. For one thing, Mr. Cox has refused to identify the person who gave him this alleged advice, or even to provide any details of their reasoning (or, for that matter, their qualifications). The statement that he was acting on a "legal opinion", vague as that is, is absolutely all he has been willing to say, although he was asked for clarification by several readers of the linux-kernel mailing list. Furthermore, adequacy.org has consulted with a senior official of the Electronic Frontier Foundation (who are quite active in DMCA-related litigation, contributing both to the defense of Dimitry Sklyarov, and Dr. Edward Felten's suit against the RIAA) and two Silicon Valley-based attorneys with experience in copyright litigation. All three of these well-qualified sources laughed at the idea that Alan Cox could be prosecuted under the DMCA for providing Linux kernel changelogs; furthermore, not one of these sources was inclined to believe that Mr. Cox seriously believed himself to be risking prosecution. One of the sources, who is a Linux user and is familiar with Mr. Cox's history, said with a chuckle, "Alan's just having his fun, trying to make a statement."
What amazes us most at adequacy.org is that Mr. Cox is willing to abuse his authority as the maintainer of the Linux 2.2 kernel in the service of his political goals. As one of the most significant kernel developers, he should see himself as someone working in the interest of all Linux users to improve the kernel. Concealing important security information from US-based Linux users is simply incompatible with responsible professional conduct for someone in his position. Mr. Cox is entitled to his political views, but he should find appropriate occasions to express them.
|