文档结构  
可译网翻译有奖活动正在进行中,查看详情 现在前往 注册?
原作者:Jeremy Kun    来源:medium.com [英文]
CY2    计算机    2016-07-31    0评/353阅
翻译进度:29%   参与翻译: ypddw (1), 烊叔 (1)

2011年索尼起诉乔治·霍兹和他的朋友越狱了索尼产品Playstation3(电视游戏机3),其中一条主要诉由便是霍兹利用索尼没有遵守一项数字签名的基本规则的漏洞,发布了一个在线的密钥。

这个案件最终庭外和解结案,但是关于在网络上发布特殊序列,是否合法的问题仍然存在,法律目前似乎支持索尼的论据,但是不会对于霍兹的案件朔及既往。

一种反对观点认为:如果发布特殊序列是非法的,那么根据序列衍生的一切都是非法的。一个典型案件便是 Free Speech Flag

第 1 段(可获 1.35 积分)

The colors of this flag, when decoded to hexadecimal, contain the PlayStation3 signing key

Likewise, so called “illegal numbers” were put on t-shirts, embedded in poems, and amusingly bad YouTube songs.

The illegality of publishing these numbers is probably tightly connected to their relevance. Since the PlayStation3 was superseded by the next generation of video game consoles, I doubt PlayStation would sue anyone for publishing the old keys.

But what about more long-term sensitive numbers, such as social security numbers? On that front the law is much clearer. In California, penal code1798.85(1) on the confidentiality of social security numbers:

第 2 段(可获 1.26 积分)

(a) Except as provided in this section, a person or entity may not do any of the following:

(1) Publicly post or publicly display in any manner an individual’s social security number. “Publicly post” or “publicly display” means to intentionally communicate or otherwise make available to the general public.

If this applied to the PlayStation key, then publishing the key in plaintext would clearly be illegal. Then later in the same law:

(g) A person or entity may not encode or embed a social security number in or on a card or document, including, but not limited to, using a barcode, chip, magnetic strip, or other technology, in place of removing the social security number, as required by this section.

第 3 段(可获 1.51 积分)

So this would rule out publishing someone’s social security number using a flag, since that is both encoding and embedding the number in a document using “other technology” (or really, a barcode, but other technology captures all computer programs I suppose).

But all of this seems to assume that these rules only apply if the social security number is hard for people in the general public to get access to. The law makes special exceptions for all of these provided that the social security number is securely encrypted.

Of course, what it means for something to be securely encrypted depends heavily on how power current computers are. For example, here’s my social security number, encrypted using Keybase. It seems pretty clear that it’s not illegal to do that, but now that it’s public, you have to wonder whether this will bite me in the ass when I’m 60, computational power has exceeded the security of this particular cryptosystem, and my identity gets stolen.

第 4 段(可获 2.1 积分)

But it makes you wonder how many SSN-like documents, encrypted using old, broken encryption schemes (or using weak secret keys), are still lying around on the internet. Would it be illegal to decrypt them and publish the results, seeing that anyone with a sufficient skill set could do it?

Or worse, what if I told you that the California Governor’s social security number was one of the numbers on this webpage? It contains 10 thousand social security numbers. But if that were actually true, given enough time an average person could conceivably find it. This would be even easier if there were a programmatic method for verifying that a name is tied to a social security number, and I don’t doubt that various automated phone/computer systems are weak enough to allow a sufficiently motivated programmer to do this.

第 5 段(可获 1.76 积分)

So is it illegal for that website to publish these huge lists of SSNs? Is it illegal for me to say that his social security number is on that webpage, if it actually is?

What if I gave you a list of the digits of the Governor’s SSN, but not in the correct order? Here they are: 000013488. Is publishing that illegal? It probably doesn’t correspond to more than a few hundred valid social security numbers, so you could write a simple computer program to search through them all.

But is that a “public display”? It’s not an encoding or an embedding, any more than a big list of all SSNs is. And moreover, SSNs are so short that they almost certainly occur naturally in other contexts. For example, here’s a random social security number I took from that list of SSNs: 289-03-0001. If I Google this number (without dashes) I get 500 results. This SSN turns out to be the product number of this Sony bracket, the ID number of this dog walk, and the SKU of this macbook sticker, and more.

第 6 段(可获 2.34 积分)

那么法律的底线在哪里?

我能从中得出的唯一一条真正的结论是,法律必然依赖于当前的计算能力,但法律并没有在我听说过的任何文件或法院判决意见中明确这点。

第 7 段(可获 0.59 积分)

文章评论