October 01, 2004

Blizzard v. BNETD circumvention technical note, pseudo Broadcast Flag

I again read through the Blizzard v. BNETD case, partially because of Ernest Miller's comment:

It is isn't clear to me that the "secret handshake" is circumvented. Blizzard games send an encrypted packet with a key. The BNETD servers ignore the key (not that they would be able to do anything with it). If that constitutes an access control device, there is not much that wouldn't.

The key (err, pun unintended) to this part is to realize that Blizzard basically put a password validation routine for a game feature in a location external to the game, their server. So abstractly, there's the official Blizzard Battle.net routine which is something like:

int validate_key (struct handshake *key) { super-sekrit-magic-yada-yada-.... }

And the emulator stub:

int validate_key (struct handshake *key) { return 1; /* true */ }

According to the court, congratulations, you've just violated the DMCA. This is exactly the sort of interpretation that, had I proposed it, some optimistic lawyers would have told me that no, no, don't confuse it with the Broadcast Flag, see section 1201(c)(3):

o (3) Nothing in this section shall require that the design of, or design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure, so long as such part or component, or the product in which such part or component is integrated, does not otherwise fall within the prohibitions of subsection (a)(2) or (b)(1).

And the trick there seems to be in the phrase "does not otherwise fall within". Apparently, implicit in the Court's reasoning, if you know something is an encrypted password, you have some sort of affirmative duty of care to validate it. And if you just ignore it, that's circumventing it.

I can't say I'm happy about that. But I can't say I'm surprised at it either.

And I really, really, wish people would take into account this sort of court attitude when I talk about my reaction to my own risk of being sued :-(.

By Seth Finkelstein | posted in dmca | on October 01, 2004 11:59 PM (Infothought permalink) | Followups
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage