お知らせ:CyberNewsFlash「2024年1月以降のIvanti Connect Secureなどの脆弱性の状況について(更新)」
JVN: 三菱電機製放電加工機におけるリモートコード実行の脆弱性
お知らせ:JPCERT/CC Eyes「PyPIを悪用した攻撃グループLazarusのマルウェア拡散活動」
JVN: Commend製WS203VICMにおける複数の脆弱性
JVN: CISA製Ethercat Zeek Pluginにおける複数の脆弱性
Weekly Report: JPCERT/CCが「インターネット定点観測レポート(2023年10-12月)」を公開
「MVNOに係る電気通信事業法及び電波法の適用関係に関するガイドライン」改定案に対する意見募集
令和6年度「スタートアップ創出型萌芽的研究開発支援事業」研究開発課題の公募
非常時における事業者間ローミング等に関する検討会(第11回)開催案内
情報通信審議会 情報通信技術分科会 技術戦略委員会 革新的情報通信技術プロジェクトWG(第5回)
令和6年能登半島地震に係る被害状況等について(第78報)
我が国のインターネットにおけるトラヒックの集計・試算
接続料の算定等に関する研究会(第81回)
Defending Access to the Decentralized Web
Decentralized web technologies have the potential to make the internet more robust and efficient, supporting a new wave of innovation. However, the fundamental technologies and services that make it work are already being hit with overreaching legal threats.
Exhibit A: the Interplanetary File System (IPFS). IPFS operates via a “distributed hash table,” essentially a way to look up the number (or “hash”) corresponding to a given file and see which network locations have chosen to offer the file. Using the hash, a machine then learns where to request the file from, and then retrieves it in pieces from those locations. IPFS gateways in particular perform these functions on behalf of a user who tells it what hash to retrieve the file for. It’s a conduit, like a traditional proxy server, virtual private network, or ISP.
Our client, computer scientist Mike Damm, offers a free IPFS gateway. He doesn’t control how people user it or what files they access. But a company called Jetbrains insists that that Mr. Damm could be liable under Section 1201 of the Digital Millennium Copyright Act because JetBrains’ lawyers are allegedly able to use his gateway to request and retrieve software keys for Jetbrains software from the IPFS network.
We were glad to have the opportunity to set them straight.
Section 1201 is a terrible law, but it doesn’t impose liability on a general-purpose conduit for information. First, a conduit does not fall into any of the three categories of trafficking under Section 1201: its primary purpose is not circumvention, it has extensive other uses, and it is not marketed for circumvention. Second, Congress has expressly recognized the need to protect conduits from legal risk given their crucial role in supporting the basic functioning of the internet. In Section 512(a) of the DMCA, Congress singled out conduits to receive the highest level of safe harbor protection, recognizing that the ability to dispose of copyright claims at an early stage of litigation was crucial to the operation of these services. It would be absurd to suggest that Congress granted conduits special immunity for copyright claims based on third party activity but then, in the same statute, made them liable for pseudo-copyright Section 1201 claims.
The DMCA has serious flaws, but one thing Congress got right was protecting basic infrastructure providers from being liable for the way that third parties choose to use them. This is in line with longstanding legal principles whereby courts require plaintiffs to target their complaints towards the individuals choosing to misuse general-purpose services, rather than assigning blame to service providers.
Deviating from this rule could have extinguished the internet in its infancy and threatens to do the same with new information technologies. As always, EFF stands ready to defend the open web.