Donna Wentworth
( Archive | Home | Technorati Profile)

Ernest Miller
( Archive | Home )

Elizabeth Rader
( Archive | Home )

Jason Schultz
( Archive | Home )

Wendy Seltzer
( Archive | Home | Technorati Profile )

Aaron Swartz
( Archive | Home )

Alan Wexelblat
( Archive | Home )

About this weblog
Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development, and technological innovation that creates -- and will recreate -- the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.

Disclaimer: the opinions expressed in this weblog are those of the authors and not of their respective institutions.

What Does "Copyfight" Mean?

Copyfight, the Solo Years: April 2002-March 2004

a Typical Joe
Academic Copyright
Jack Balkin
John Perry Barlow
Blogbook IP
David Bollier
James Boyle
Robert Boynton
Brad Ideas
Ren Bucholz
Cabalamat: Digital Rights
Cinema Minima
Consensus @ Lawyerpoint
Copyfighter's Musings
Copyright Readings
CopyrightWatch Canada
Susan Crawford
Walt Crawford
Creative Commons
Cruelty to Analog
Culture Cat
Deep Links
Derivative Work
Julian Dibbell
Digital Copyright Canada
Displacement of Concepts
Downhill Battle
Exploded Library
Bret Fausett
Edward Felten - Freedom to Tinker
Edward Felten - Dashlog
Frank Field
Seth Finkelstein
Brian Flemming
Frankston, Reed
Free Culture
Free Range Librarian
Michael Froomkin
Michael Geist
Michael Geist's BNA News
Dan Gillmor
Mike Godwin
Joe Gratz
James Grimmelmann
Groklaw News
Matt Haughey
Erik J. Heels
Induce Act blog
Inter Alia
IP & Social Justice
IPac blog
Joi Ito
Jon Johansen
JD Lasica
Legal Theory Blog
Lenz Blog
Larry Lessig
Jessica Litman
James Love
Alex Macgillivray
Madisonian Theory
Maison Bisson
Kevin Marks
Tim Marman
Matt Rolls a Hoover
Mary Minow
Declan McCullagh
Eben Moglen
Dan Moniz
Danny O'Brien
Open Access
Open Codex
John Palfrey
Chris Palmer
Promote the Progress
PK News
PVR Blog
Eric Raymond
Joseph Reagle
Recording Industry vs. the People
Lisa Rein
Thomas Roessler
Seth Schoen
Doc Searls
Seb's Open Research
Shifted Librarian
Doug Simpson
Stay Free! Daily
Sarah Stirland
Swarthmore Coalition
Tech Law Advisor
Technology Liberation Front
Siva Vaidhyanathan
Vertical Hold
Kim Weatherall
David Weinberger
Matthew Yglesias

Timothy Armstrong
Bag and Baggage
Charles Bailey
Beltway Blogroll
Between Lawyers
Blawg Channel
Chief Blogging Officer
Drew Clark
Chris Cohen
Crooked Timber
Daily Whirl
Dead Parrots Society
Delaware Law Office
J. Bradford DeLong
Betsy Devine
Ben Edelman
Ernie the Attorney
How Appealing
Industry Standard
IP Democracy
IP Watch
Dennis Kennedy
Rick Klau
Wendy Koslow
Elizabeth L. Lawley
Jerry Lawson
Legal Reader
Likelihood of Confusion
Chris Locke
Derek Lowe
MIT Tech Review
Paper Chase
Frank Paynter
Scott Rosenberg
Scrivener's Error
Jeneane Sessum
Silent Lucidity
Smart Mobs
Trademark Blog
Eugene Volokh
Kevin Werbach

Berkman @ Harvard
Chilling Effects
CIS @ Stanford
Copyright Reform
Creative Commons
Global Internet Proj.
Info Commons
IP Justice
ISP @ Yale
NY for Fair Use
Open Content
Public Knowledge
Shidler Center @ UW
Tech Center @ GMU
U. Maine Tech Law Center
US Copyright Office
US Dept. of Justice
US Patent Office

In the Pipeline: Don't miss Derek Lowe's excellent commentary on drug discovery and the pharma industry in general at In the Pipeline


« Patry on the Senate Commerce Committee on Grokster | Main | What Does "Copyfight" Mean? »

July 29, 2005

Hammers and Mercury Again

Email This Entry

Posted by Alan Wexelblat

... or, doesn't anyone EVER learn? Or, Internet... censorship... damage. It's not possible that this could surprise any sentient being. But here's the headline:

Lynn presentation leaks onto Net

Well, no kidding. For those not following this gem, the Lynn in question is researcher Michael Lynn. The presentation is a talk Lynn prepared on known exploits against Cisco routers. Apparently this is stuff that has been known for some time and Cisco is working to fix amid a sea of misconceptions about the basic security of the hardware/software that powers much of the Internet. And what has leaked onto the Net is a PDF file that contains the presentation Lynn was scheduled to give at Black Hat in Las Vegas.

UPDATE: RickF of InfoWarrior commented that he has recieved a takedown notice and has removed the PDF. Please read his update in the Comments.)

I say "was," because earlier this week Cisco pressured Internet Security Systems (Lynn's employer at the time) into removing the presentation from Black Hat. Lynn then threatened to go ahead anyway and resigned from ISS. Cisco got an injunction; Lynn gave the presentation. Now it's getting ugly. According to blogger Brian Krebs, the FBI is involved and this is after an agreement was reached among Cisco, Lynn, ISS and the Black Hat organizers not to further distribute the material. Krebs' blog has a blow-by-blow including the agreement text. (There's also an interesting aside that at least 16 WIRED reporters were laid off this week - anyone have the story on that?)

Kieren McCarthy at Techworld hits the nail on the head, noting that Cisco has been "heavy handed" and the result has been a backfire of major proportions. The story is everywhere; the presentation is hot. Note to all you control freaks: do not, repeat DO NOT hit the blob of mercury with the hammer. Really.

Comments (4) + TrackBacks (0) | Category: Speech


1. Crosbie Fitch on July 29, 2005 7:11 PM writes...

Unless... the hammer is made of mecury and is at a temperature of -40C, and hits the blob of mercury extremely gently (which is at a temperature of -35C) in ambient conditions of -40C, such that the mecury melds with the hammer upon contact.

Permalink to Comment

2. Seth Finkelstein on July 29, 2005 9:09 PM writes...

Don't underestimate the Chilling Effect, of discouraging other people who may be watching. I think it's a BIG, BIG, error to reason roughly that "They tried to stop it, they failed, GO 'NET!!!".

Rather, if there's something that's going to get out anyway, making a big fuss may only marginally increase the negatives of exposure (really, how many people care about the gory details of security research?). But there may be much discouragement to be had in conveying to the next person: "Try it, and we will come after you with everything from lawsuits to instigating an FBI investigation - do you feel lucky, hacker punks?"

I know every time I see one of these case, I'm further chilled myself regarding having been forced to abandon censorware decryption research.

Permalink to Comment

3. RickF on July 29, 2005 11:51 PM writes...

This evening, I received a cease-and-desist (e.g., takedown) notice from attorneys representing Internet Security Systems (ISS). Having received and reviewed their letter, I have removed the file containing Michael Lynn's controversial Blackhat presentation. A copy of the notice can be found at:

Looking back at this week's events, my sense is that had the two companies involved (Cisco and ISS) said nothing about this briefing, it's quite likely that few if any people or news outlets would've given it more than a passing thought like so many other vulnerabilities being reported this week in Vegas -- after which, it likely would have gotten caught up in the "noise" of regular security community chatter. But as a result of their heavy-handed tactics this week, both Cisco and ISS have ended up publicizing a serious vulnerability quite significantly and thusly re-ignited the discussion over how the Internet security community handles vulnerability disclosure and product updates. By serving takedown notices in response to such situations, a company demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues.

Improvements to internet security will NOT become a reality as the result of questionable secrecy or from commercial lawsuits that serve to mask the more substantial and fundamental problems within the information security industry and Internet community at large. Security through obscurity doesn't work, and neither does security through lawyering. These practices make the Internet more, not less, vulnerable.

I will close with a note of appreciation to my web hosting provider for their understanding and assistance in resolving this situation promptly and satisfactorily for all concerned tonight. As for me, it's now time to enjoy the weekend.


Permalink to Comment

4. Seth Finkelstein on July 30, 2005 1:19 AM writes...

"... demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues."

Bingo. They've traded the public interest for their financial benefit. But I fear that it's a tradeoff they consider worth it, since the financial costs are almost all externalized.

Permalink to Comment


Email this entry to:

Your email address:

Message (optional):

Sherlock Holmes as Classical Fairytale
Trademark Law Includes False Endorsement
Kickstarter Math
IP Without Scarcity
Crash Patents
Why Create?
Facebook Admits it Might Have a Video Piracy Problem
A Natural Superfood, and Intellectual Property