We had an interesting Internet Security lecture today. Some of it talked about how secure documents/files go through a few phases, one of which included litigation. The state of affairs is pretty sad, but the point was that a completely technical solution can be either impossible or undesirable from a business standpoint. Like Prof Adams said, it's better to have 70% of a $180M business than 98% of a $50M business.

The problem I have is when companies dupe the ignorant general public into thinking something is secure, sell it to them as such and then sue the pants off anyone who dares to break it.

The recent case of a "security" company suing a student for revealing how to "break" their security is absolutely laughable. Common sense dictates that there has to be some sort of decent security there for something to be called "secure". Simply bypassing the loading of a driver is not subverting anything, it is just a bad implementation.

Consider this analogy: If you voluntarily left an iPod in the hallway outside your locker and someone took it, would that still be stealing? Would anyone sympathize with you for expecting it not to be taken? I don't think so. Your principal wouldn't do anything but have a good chuckle.

If you put your iPod in your locker and someone stole it people would definitely sympathize. The combination lock, though easily broken with a crowbar, is an effective enough security device. People had to agressively (and irreversibly) subvert it to enter the locker and take the iPod.

OK, now what if your locker was held closed with a twist-tie? You still have to open the locker to steal the iPod or even see it. It's not in the wide open like in the first case -- the owner isn't effectively 'giving it away'. You still have to break the shoddy "protection", but was it good enough? Of course not. Common sense (used often enough in law to be relevant here) would dictate you should have had more protection. Curious people will come along and snoop in your unlocked locker. You can bet that an insurance company wouldn't cover your loses.

I definitely don't have a solution to this problem (if I did, I'd be a rich man no doubt) but what's going on in the courts in the US with the DMCA is pretty sad. The shift key is not a subversion of copy-protection, that is just absolutely ridiculous. Maybe if secure documents were actually more secure people would take copyright infringement more seriously.