December 31, 2002

MIT Spam Conference, and cheap irony

I just registered for the MIT spam conference

Cheap irony: The registration page states:

(Don't use an address with over-aggressive spam filtering set up on it, because if the confirmation bounces, you won't be registered.)

Hmm ... it seems there's a lesson here somewhere ...

By Seth Finkelstein | posted in spam | on December 31, 2002 02:09 PM | (Infothought permalink) | Followups
December 30, 2002

OSCON speech quote, activism, and one's life

This quote from Lawrence Lessig's OSCON speech has been in my mind lately:

Because if you don't do something now, then in another two years, somebody else will say, OK, two years is enough; I got to go back to my life.

By Seth Finkelstein | posted in activism , quotes | on December 30, 2002 06:35 PM | (Infothought permalink)
December 29, 2002

N2H2 (censorware co) - financially "dead company walking"

I've finally finished ploughing through N2H2's recent financial report and attempting to figure out just how near they are to death's door (approaching? threshold? already through?). I think it's a matter of "dead company walking".

I've finally made sense of their announced "cash flow positive" quarter. Remember, N2H2 loses around $1.7million each quarter

Now, look at the N2H2 Balance Sheet

Note how "Cash and Cash Equivalents" takes a big jump up on Sep 30, 2002.

But projecting, the estimated numbers would be (in thousands)

"Net Tangible Assets":
+2,152(down 1,400 to) +752(down 1,017 to) -265(down 1,507 to) -1,772
"Cash and Cash Equivalents":
+6,000(down 1,740 to) +4,260(down 1,485 to) +2,775(now project) 728? (est?)
calculate "Cash and Cash Equivalents" - "Net Tangible Assets":
+3,848  +3,.508  +3,040(now project) +2,5? (est?)

That is, the next number in the series for "Cash and Cash Equivalents" should be down "1,something" , giving less than 1,000 remaining, around 728 from projecting from the drop in "Cash and Cash Equivalents" - "Net Tangible Assets"

Instead, they record a total "Cash and Cash Equivalents" UP to +4,684. That's an overage of (4,684 - 728? = 3956?). Where are they getting that extra 3956 or so ?

Note nothing dramatic has changed in terms of income and expenses for all of N2H2 fiscal year 2002 . So their recent layoffs can't be the cause of this dramatic change.

Look at the "Other Current Liabilities" line. They have a big change in going from 4,475 to 8,179 = 3704. That seems to be the jump.

The "Cash Flow Statement" agrees

Income hasn't changed much. The cash jump is from "Changes In Liabilities".

What's this 8,179 liability?

Searching the annual report, under
They have "Deferred revenue" of 8,179

What's this "Deferred revenue"? The only reference I can find is (my emphasis)

"Subscription agreements and most maintenance services are evidenced by signed contracts, which are generally 12, 24 or 36 months in duration. Subscription and maintenance revenues are recognized on a straight-line basis over the life of the contract. Contracts billed in advance of services provided are recorded as deferred revenue.

Hmm? What's going on here?

It appears they counted much of *expected Financial Year 2003* revenue, as "deferred revenue" for the last quarter of Financial Year 2002. And listed what they billed as part of "Cash and Cash Equivalents".

That is, the only reason they're "cash flow positive" is that they have gotten substantial billed money in advance of the services.

There's another obscure line where they list current "Working capital" as being -2,193 , with a footnote of "(3) Includes current portion of deferred revenue."

In brief, it's if someone were in debt, and took out a loan, and trumpeted having a "cash-flow-positive" event because the loan was money received now (that it'd have to be paid back later was irrelevant).

It's like the old saying about losing a little money on every sale, but making up in volume.

By Seth Finkelstein | posted in censorware , infothought | on December 29, 2002 04:27 PM | (Infothought permalink) | Followups
December 28, 2002

On Politics

"Political factions are the intellectual equivalent of street gangs"
- Seth Finkelstein

By Seth Finkelstein | posted in quotes | on December 28, 2002 05:35 PM | (Infothought permalink) | Followups
December 27, 2002

Another appearance of my DMCA guide

My guide on How To Win (DMCA) Exemptions And Influence Policy has now been mentioned on the Lawrence Lessig news blog!

That's impressive, for me

By Seth Finkelstein | posted in dmca | on December 27, 2002 11:58 PM | (Infothought permalink) | Followups
December 26, 2002

N2H2 (censorware co.) and bankruptcy

I'm still trying to get a good handle on the current financial status of N2H2 (a censorware company). It's given me a new respect for what sort of shenanigans can be pulled with the likes of WorldCom and Enron.

By Seth Finkelstein | posted in censorware | on December 26, 2002 11:58 PM | (Infothought permalink) | Followups
December 25, 2002

Spam Takes No Holiday

My email today still had a daily load of spam! Is spamming considered one of the vital occupations, such as firefighter or emergency medicine, which still has to be done on Christmas? I can understand that perhaps the Chinese and Korean spam doesn't consider Christmas a factor. But I still got a helping of good ol' American mortgage-rate (and other types of) spam.

Maybe those spammers felt there would be less competition today from other spammers?

By Seth Finkelstein | posted in spam | on December 25, 2002 11:19 PM | (Infothought permalink) | Followups
December 24, 2002

N2H2's (censorware co) views on censorware blacklist litigation

N2H2's (a censorware company) recently-issued current Financial Annual Report has another gem:

An individual represented by the American Civil Liberties Union has recently filed a lawsuit against us in federal court. The plaintiff is purportedly a computer researcher who allegedly seeks to conduct a quantitative analysis of the accuracy and comprehensiveness of our Internet filtering solutions for purposes of determining whether these solutions exclude some speech on the Internet that is constitutionally protected. He alleges that his activities in conducting this analysis, if he ever does so, would violate our standard license agreement and our intellectual property rights. The plaintiff alleges that the threat that we will enforce our license agreement and our other rights has deterred him from this activity, which he alleges is protected under the "fair use" doctrine of copyright law and other legal doctrines. He seeks a declaration to prohibit us from enforcing the license agreement against him based on his use of our software in his research activities. To the extent that this claim is resolved in the plaintiff's favor, it could materially affect our ability to enforce our license agreements and other intellectual property rights against certain users of our software filtering products. In addition, it could contribute to an increase in the number of people who seek to use our software in ways that we believe violate our proprietary rights. ...

Hmm, what an interesting idea .

By Seth Finkelstein | posted in censorware | on December 24, 2002 12:23 AM | (Infothought permalink) | Followups
December 23, 2002

N2H2 (censorware co) deathwatch spiral continues

N2H2, a now-infamous censorware company, recently issued its current Financial Annual Report. I'll just quote this paragraph:

We have incurred net losses in each quarter since we incorporated in 1995. We incurred net losses of $881,000 for 1997, $2.6 million for 1998, $7.7 million for 1999, $39.3 million for 2000, $35.5 million for 2001 and $6.6 million for 2002. If we fail to achieve and maintain profitability, our stock price will decline, our future capital raising efforts will be impaired and we may be forced to reduce or cease operations.

By Seth Finkelstein | posted in censorware | on December 23, 2002 11:47 PM | (Infothought permalink) | Followups
December 22, 2002

Elcomsoft verdict as jury nullification?

I've been pondering some of the recent techie muttering about the Elcomsoft verdict as jury nullification

Wins are good. We needed a victory. But I'm uncertain it was the sort of People Power victory some would like to see.

Hmm ... Seth Schoen has just commented:

Don argues that the jury's decision to acquit -- after Judge Whyte rejected jurisdictional and constitutional arguments -- shows that ordinary Americans think the DMCA has gone too far. It's hard for me to know what the jury was thinking, but that interpretation seems especially plausible since the jury foreman said jurors were troubled at the lack of rights afforded to readers under the law.

Could it be that they believed that "reading is a right, not a feature"?

What bothers me is that these comments seems to proceed as if the jury had affirmative views, and then acted to enforce them over the law. That story just doesn't sound likely to me. The DMCA is not an easy law to understand. I find most people go through a phase where they don't grasp how draconian it is. I wonder if the jury's reaction might be better rendered that they couldn't understand it, and since Elcomsoft didn't seem to be doing anything wrong ("fair use"), then Elcomsoft certainly couldn't have been willfully violating the law. That's good. But it's not the Nerd Militia either.

By Seth Finkelstein | posted in dmca | on December 22, 2002 11:58 PM | (Infothought permalink)
December 21, 2002

Dmitry Sklyarov on chilling effect of DMCA

Chilling quote from Sklyarov reflects on DMCA travails :

Anxiety over the DMCA

Sklyarov said many information security developers have been skittish since learning of his case, fearful that they, too, could face jail time for their work. "Nobody knows. Probably you'll do your work, and after that somebody comes for you to arrest you or something like that because the DMCA is very (broadly) written and many things can be linked with DMCA," he said.

By Seth Finkelstein | posted in dmca , quotes | on December 21, 2002 11:58 PM | (Infothought permalink)
December 20, 2002

DMCA exemption comments available

The Copyright Office has now put on their website, the complete text of ALL DMCA exemption comments

By Seth Finkelstein | posted in dmca | on December 20, 2002 06:11 PM | (Infothought permalink) | Followups

DMCA exemption comments - a second bite at the apple

The first round of DMCA comments is done. But if people want to submit DMCA exemptions material to the Copyright Office, there's a second chance.

The 2002 notice of inquiry says (my emphasis):

In the reply comments, persons who oppose or support any exemptions proposed in the initial comments will have the opportunity to respond to the proposals made in the initial comments and to provide factual information and legal argument addressing whether a proposed exemption should be adopted. Since the reply comments are intended to be responsive to the initial comments, reply commenters must identify what proposed class they are responding to, whether in opposition, support, amplification or correction. As with initial comments, reply comments should first identify the proposed class, provide a summary of the argument, and then provide the factual and/ or legal support for their argument. This format of class/ summary/ facts and/ or legal argument should be repeated for each reply to a particular class of work proposed.


Reply comments will be accepted from January 21, 2003, until February 19, 2003, at 5:00 P. M. Eastern Standard Time.

So there's another opportunity very soon.

Update: Note this is an even better opportunity then the first round. The 2002 rulemaking page says (my emphasis):

The initial round of comments (due December 18, 2002) is restricted to comments proposing exemptions for specific classes of works. Reply comments (due February 19) may be submitted in opposition to or in further support of exemptions proposed in the initial comments.

So you can file support comments for other comments. In fact, people can even make a reply comment in further support of their own initial comment!

By Seth Finkelstein | posted in dmca | on December 20, 2002 10:07 AM | (Infothought permalink) | Followups
December 19, 2002

SpamAssassin vs. Harvard Berkman Center Newsletter

Donna Wentworth at Copyfight says

Hoping's issue of The Filter will slip quietly under the wire.

Sadly, it looks like it's over the default line. Using SpamAssassin (2.31) with the defaults. I get

SPAM: ... Start SpamAssassin results ...
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See for more details.
SPAM: Content analysis details: (5.8 hits, 5 required)
SPAM: NO_REAL_NAME (0.5 points) From: does not include a real name
SPAM: GAPPY_TEXT (0.4 points) BODY: Contains 'G.a.p.p.y-T.e.x.t'
SPAM: DOUBLE_CAPSWORD (1.1 points) BODY: A word in all caps repeated on the line
SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below
SPAM: EXCUSE_1 (2.3 points) BODY: Gives a lame excuse about why you were sent this SPAM
SPAM: ... End of SpamAssassin results ...

Well, let's take a look:

NO_REAL_NAME (0.5 points) From: does not include a real name


GAPPY_TEXT (0.4 points) BODY: Contains 'G.a.p.p.y-T.e.x.t'

H a r v a r d  L a w  S c h o o l

DOUBLE_CAPSWORD (1.1 points) BODY: A word in all caps repeated on the line

Note sure about this, since line-breaking is unclear, but I think it has to do with "DMCA" being repeated in a line, as in

"... US Copyright Office's DMCA Rulemaking, proposing an exemption to the DMCA's anticircumvention provisions ..."

CLICK_BELOW (1.5 points) BODY: Asks you to click below

"The Rotisserie implements an innovative approach to online discussion that encourages measured, thoughtful discourse. Click on the link below to find out more or to download the software"

EXCUSE_1 (2.3 points) BODY: Gives a lame excuse about why you were sent this SPAM

"You are receiving this email because someone (perhaps you) requested that your name be added to our mailing list."

(frankly, that does sound spammish!)

The web version had some differences, and I had originally tested that. It doesn't have the line which make it fall foul of the EXCUSE_1 test. A small update on the web turned out to be enough to fall into a porn test, which isn't triggered in the email-version,

PORN_3 (0.5 points) Uses words and phrases which indicate porn

And the magic words are:

(?i-xsm:\baction) : (SDMI) were quashed by an RIAA letter threatening legal action under
(?i-xsm:\bhot) : for such hot-button terms as "Tibet" and "democracy."
(?i-xsm:\bstrip) : featuring music by the White Stripes and their creative cohorts, Red

That's "3 porn words in the whole message body", and adding an update about "legal action" put it over the threshold with "action" (lawyer jokes about old professions are coming to mind ... oops ...)

Spam-wars, spam-wars ...

By Seth Finkelstein | posted in spam | on December 19, 2002 07:02 PM | (Infothought permalink) | Followups
December 18, 2002

DMCA Exemption comment - it's done!

It's done! My DMCA Exemption comment (for censorware blacklists) has been submitted. A version is available at:

By Seth Finkelstein | posted in activism , dmca | on December 18, 2002 04:45 PM | (Infothought permalink)

The mystery of "domain registration spam body"

Donna Wentworth at Copyfight asks why an issue of the newsletter The Filter triggered a "domain registration spam body" test in SpamAssassin

As I read the test, anything mentioning ".biz" or ".name" or ".info", not at the end of a line (technically, within whitespace) will trigger the "Domain registration spam body" test! Ouch.

All these lines matched:

So how goes the nascent .BIZ business? Berkman Center Faculty
Usage of the .BIZ TLD"--online. Among the findings: three quarters of
currently registered .BIZ domains provide no web content or provide
only error messages or placeholders; a quarter of .BIZ registrations
corresponding .COM; and many .BIZ names fail to comply with .BIZ
> What's In a .NAME?: .BIZ isn't the only new TLD in town--ICANN also
introduced .NAME. Follow the links below for Edelman's study of .NAME

It's a problem with the genetic algorithm.

Excuse me, I must repeat to myself: Stay out of the spam-wars!

By Seth Finkelstein | posted in spam | on December 18, 2002 01:42 PM | (Infothought permalink) | Followups
December 17, 2002

Elcomsoft win!

Elcomsoft case victory!. The jury found the company innocent of charges (criminal charges)

Frankly, I was very pessimistic.

This quote is fascinating.

"Under the eBook formats, you have no rights at all, and the jury had trouble with that concept," said Strader.

Judges tend not to have trouble with that concept of no rights at all.

By Seth Finkelstein | posted in dmca , legal | on December 17, 2002 05:24 PM | (Infothought permalink) | Followups
December 16, 2002

Deadline nears for DMCA exemptions

The Register has a nice article article on my DMCA guide and related work:

Deadline nears for DMCA exemptions

By Seth Finkelstein | posted in dmca | on December 16, 2002 11:57 PM | (Infothought permalink) | Followups
December 15, 2002

Copyright Office exasperation on DMCA exemption comments

I hadn't realized how exasperated the Copyright Office sounds now, on their comment submission form :

Most of the comments we have received appear to address only technological measures that prohibit or limit "copying" rather than measures that prevent unauthorized access or limit access to copyrighted works. The adverse effect of "copy" protection measures is beyond the scope of this rulemaking. Similarly, the prohibitions against "trafficking" in any technology, product, service, device, component, or part thereof that circumvents access or copy protection measures contained in section 1201(a)(2) and 1201(b) are also beyond the scope and statutory authority of this rulemaking. 17 U.S.C. sec.1201(a)(1)(B) and (C). The scope of this rulemaking is limited, by statute, to the examination of evidence of the adverse effects of the prohibition on circumvention of measures that protect "access" to copyrighted works.

Translation (I think :-)): Stop bugging us about the DeCSS and Elcomsoft/Sklyarov cases! It's not our problem! We can't do anything about it!

By Seth Finkelstein | posted in dmca | on December 15, 2002 11:57 PM | (Infothought permalink) | Followups
December 14, 2002

Arguing Privacy Technology vs. Privacy Laws

Ed Felten has a note about Privacy Technology vs. Privacy Laws, responding to:

Politech reprints an anonymous, somewhat overheated essay arguing for a technology-only approach to privacy, as opposed to one based on laws. It's easy to dismiss an essay like this just because of its obnoxious tone. But we should be skeptical of its ideas too.

Just a note of caution - if anybody attempts to deal with these people, I'd suggest a little practice first, such as trying to convince your local evangelical street-preacher that God does not exist. The parallels will be uncanny.

That essay comes from the cypherpunks list, which is now mostly a kind of fundamentalist rant-fest for "overheated" Libertarian proselytizing. It's mostly harmless stuff, as long as one doesn't take it too seriously (as two people did, but that's a long story).

I've written an essay on the reasoning defects caused by Libertarianism. The basic flaw here, which may not be obvious at first glance, is a strategy I call "Fantasy vs. Reality". The Libertarian proselytizer sets up a fantasy world, and repeatedly tells you how great everything will be in the Kingdom Of Heaven, I mean, techno-crypto-Libertopia. As opposed to how much sin there is on this veil of tears, I mean, the real world. Endlessly. All will be perfect when we run society according to bible law, I mean, contract law. And all which is bad in the world just goes to show the evil of Satan, I mean, government.

See if I'm wrong. Hallelujah!

By Seth Finkelstein | posted in cyberblather | on December 14, 2002 12:33 AM | (Infothought permalink) | Followups
December 13, 2002

Censorware, "filtering", and the imperatives of control

[I've sent this message around a few places in discussion about the Kaiser Family Foundation censorware study]

One censorware aspect the Kaiser report does not discuss, is that in order for control to be effective, sites such as language-translators, privacy sites, anonymity protections, the GOOGLE CACHE, the Wayback Internet archives, etc tend to be banned. Otherwise, such sites act as a "LOOPHOLE" (to use N2H2's terminology) for the control of censorware. This is a structural, architectural, issue. Whether or not you consider this bad, good, or not a horribly high cost, it's factually a deep problem of censorware which is not going to go away from configuration. Take a look at my (sadly under-publicized) work, e.g.

BESS's Secret LOOPHOLE: (censorware vs. privacy & anonymity) - a secret category of BESS (N2H2), and more about why censorware must blacklist privacy, anonymity, and translators

BESS vs The Google Search Engine (Cache, Groups, Images) - N2H2/BESS bans cached web pages, passes porn in groups, and considers all image searching to be pornography.

The Pre-Slipped Slope - censorware vs the Wayback Machine web archive - The logic of censorware programs suppressing an enormous digital library.

Very broadly, the Kaiser study found that the more blacklists that are used, the more inaccurate bans there are. Viewed basically in terms of what censorware is - a bunch of blacklists - this should be clear.

That is, fundamentally, a censorware program is a collection of blacklists. Each blacklist has some accurate entries, and some wildly inaccurate ridiculous entries. If you use several blacklists, you get the accurate entries, and then all the wildly inaccurate ridiculous entries contained in all those several blacklists. Simple.

From this point of view, it's not a surprise that several blacklists, have in combination, a much higher number of wildly inaccurate ridiculous entries, than a few blacklists. Roughly, having more blacklists means more silliness, and fewer blacklists means fewer silliness. No special magic to "configuration" there. The less of the censorware you use, the less of the baleful effects you have.

And Kaiser didn't find that censorware bans all the porn sites either! At heart, it's not difficult to get a big list of porn sites. It's really not. But what "benefit", other than the political, is there in just making the outright porn-searchers work a little harder, while randomly denying some people the information they need, and denying everyone such tools as language-translators, google caches, etc?

I don't think this is a simplistic opposition to "filtering". But it is saying there is no magic - there's not going to be any configuration that makes all the naughty stuff go away, while having only nice remaining. Or even most of the way there. The best PR the censorware companies ever did, was to have the word "filtering" attached to their blacklists. Because that channels all the discussion into a focus on the supposedly worthless material, and far away from all the imperatives involved in controlling what people are forbidden to read.

By Seth Finkelstein | posted in censorware , infothought | on December 13, 2002 11:53 PM | (Infothought permalink) | Followups
December 12, 2002

Kaiser censorware study and health sites

Here, very roughly, is what is going on with the Kaiser Family Foundation censorware study and health sites.

It's not complicated. One just has to realized that censorware is not a "filter", but basically a collection of blacklists.

Suppose one has several censorware blacklists:

Blacklist Accurate items Inaccurate items
Sex X1 % accurate Y1 % inaccurate (including Z1 % health sites)
Drugs X2 % accurate Y2 % inaccurate (including Z2 % health sites)
Rock and Roll X3 % accurate Y3 % inaccurate (including Z3 % health sites)

If you blacklist all of Sex and Drugs and Rock and Roll sites, then the blacklist has the combined accurate items, plus combined also ALL of the inaccurate items, that is
(Y1 % + Y2 % + Y3 %) inaccurate including (Z1 % + Z2 % + Z3 %) health sites (neglecting any overlap).

The more blacklists that are used, the more wildly inaccurate bans are seen. The fewer blacklists that are used, the fewer wildly inaccurate bans are seen.

It's that simple.

Note the report does not address structural, architectural issues of censorware, such as the across-the-board banning of "loophole" sites (caches, anonymizers, and translation sites, etc.)

By Seth Finkelstein | posted in censorware | on December 12, 2002 04:31 PM | (Infothought permalink) | Followups

New report on Copyright and Free Expression from FEP

"The Progress Of Science And Useful Arts":
Why Copyright Today Threatens Intellectual Freedom

(press release)

"NEW REPORT ON COPYRIGHT & FREE EXPRESSION - Music swapping -- encryption -- the frozen public domain -- where should we draw the line between rewarding creativity through the copyright system and society's competing interest in the free flow of ideas? Check out the Free Expression Policy Project's newest policy report,

"The Progress of Science and Useful Arts": Why Copyright Today Threatens Intellectual Freedom.

It covers "fair use," copyright term extension, the Digital Millennium Copyright Act, and much more -- without legalese."

[Disclaimer - I'm mentioned and am one of the people thanked in the report]

By Seth Finkelstein | posted in copyblight | on December 12, 2002 04:12 PM | (Infothought permalink) | Followups
December 11, 2002

Australian net libel case (Gutnick), info from AUSTRALIAN expert

[I'm posting this because it deserves to be better known, as high-quality, expert, information - this is commentary from a public mailing-list]

[ Irene Graham is the Executive Director, Electronic Frontiers Australia ]

>Net libel actions can be brought anywhere in world
> From Roger Maynard in Sydney and Frances Gibb
>The Times, 11 December, 2002
>A LEGAL ruling made by an Australian court yesterday could clear the way
>for worldwide libel litigation over internet material, lawyers and industry
>leaders say. The decision by the High Court of Australia, sitting in
>Canberra, in effect allows litigants to mount libel cases anywhere in the
>world over website material, not just in the website's country of origin.

I'd strongly recommend that anyone interested in what the Aust. High Court said, read the decision at: rather than relying on newspaper reports. To date, I haven't seen a single one that seems to me to accurately reflect what the Court actually said. So far, they all seem to exaggerate some aspects, and/or fail to mention pertinent aspects.

There's no doubt the situation is of concern relative to freedom of expression, but the Court decision is unsurprising - it merely confirmed existing decades-old law. Reading newspaper reports one could get the impression the Court changed the law or further 'developed' the common law. The Court did not, and the decision makes clear that the judges were well aware of the issues and on reading the lengthy judgment it becomes, imo, apparent that the Court had good reasons for making the decision it did. To do otherwise it appears the Court would have had to re-write the law. Imo, there's an urgent need for defamation law reform in Australia. The need has been 'urgent' for over 20 years, but despite various Law Reform Commission recommendations etc, the Parliaments in the various Australian jurisdictions have not done anything about it.


By Seth Finkelstein | posted in legal | on December 11, 2002 03:58 PM | (Infothought permalink) | Followups

SmartFilter stupidity - health sites as SEX

The Kaiser Family Foundation just released a study concerning censorware and health sites. In honor of this study, I give some different health-related websites likely to be banned in some libraries and schools as pornography, as these sites are all blacklisted as "Sex". This is offered here as a simple, right-now, hot-off-the-presses, see-for-yourself, demonstration of what can be banned by censorware as porn.

By Seth Finkelstein | posted in censorware | on December 11, 2002 05:02 AM | (Infothought permalink)
December 10, 2002

Jon Johansen, DeCSS, more history

More good reading besides Jon Johansen's trial testimony: - "CSS chain of events"

And a great interview in

Jon Johansen: I'm 16 now, I was 15 when it happened ... and the encryption code wasn't in fact written by me, but written by the German member. There seems to be a bit of confusion about that part.

LinuxWorld: The other two people that you had worked with to make the player are remaining anonymous -- is that right?

Jon Johansen: Yes, that is correct.


LinuxWorld: Do you know why they want to remain anonymous?

Jon Johansen: They are both a lot older than me, and they are employed. So I guess they just didn't want the publicity, and they were perhaps afraid of getting fired.

By Seth Finkelstein | posted in dmca | on December 10, 2002 03:23 AM | (Infothought permalink) | Followups
December 09, 2002

Copyright Office - DMCA comments need to FOLLOW THE SPEC

The Copyright Office is reminding people who want to submit comments on the DMCA 2002 rulemaking, that comment have to follow their format. (see my guide - How To Win (DMCA) Exemptions And Influence Policy) If the comments don't follow the required format, the comments don't get considered.

The Copyright Office comment submission form now says (their emphasis):

Important Note: Most of the comments received thus far do not comply with the requirements for submission. Comments that do not meet all of the requirements will not be considered.

Before submitting your comment attachment, verify that your comment attachment:

  • Includes the commenter's name;

  • Includes an identification of a particular class of works proposed for exemption on the comment attachment;

  • Numbers each particular class of works, if more than one class of works is being proposed for exemption;

  • Provides a summary of the argument for each class of works proposed for exemption; and

  • Provides particular factual support/legal argument for each class of works proposed for exemption explaining how the prohibition on circumvention of technological measures that protect "access" to copyrighted works is adversely affecting identifiable noninfringing uses of that class of works.

By Seth Finkelstein | posted in activism , dmca | on December 09, 2002 03:07 PM | (Infothought permalink)
December 08, 2002

Jon Johansen and DeCSS

I've just mentioned the criminal (pun intended) Jon Johansen's trial is next week (December 9 - 13). For people interested in background on DeCSS, the best account of the origin of DeCSS is his trial testimony

(I feel for that anonymous German programmer)

Q. Who wrote DeCSS?
A. I and two other people wrote DeCSS.
Q. Mr. Johansen, what did you do next towards making DeCSS?
A. We agreed that the person who I met would reverse engineer a DVD player in order to obtain the CSS algorithm and keys.
Q. Who was this person that you met on the Internet?
A. A person from Germany. I don't know his identity.
Q. Okay. What happened next?
A. About three days later when I was on line again, he messaged me and told me that he had found the CSS algorithm. He also sent the algorithm to me with the CSS authentication source which are written by Eric [ed: this is a mishearing of Derek] Fawcus earlier. He also sent me information on where inside the player he had found the algorithm, and he also sent me a single player key.
Q. Thank you very much. Now, you testified on direct that a German person, I think, had reverse-engineered the Xing DVD player, is that correct?
A. Yes, that is correct.
Q. And that person goes by the nick Ham?
A. Yes, that's correct.
Q. And it's Ham who wrote the source code that performed the authentication function in DeCSS, is that correct?
A. No, that is not correct. He did not write the authentication code. He wrote the decryption code.
Q. He wrote the encryption code?
A. Decryption code.
Q. Decryption.
A. Yes.
Q. Ham is a member of Masters of Reverse Engineering or MORE?
A. That's correct.
Q. And are you also a member of MORE?
A. Yes.
Q. There are other members in Germany and Holland, is that correct?
A. Well, the third member is in the Netherlands.
Q. And it was Ham's reverse engineering of the Xing DVD player that revealed the CSS encryption algorithm, am I right?
A. Yes, that's correct.
Q. Reverse engineering by Ham took place in or about September 1999?
A. Yes, I believe it was late in September of 1999.
Q. And you testified that it was this revelation of the CSS encryption algorithm and not any weakness in the CSS cipher that allowed MORE to create DeCSS, is that correct?
A. Yes, that's correct.
Q. You obtained the decryption portions of the DeCSS source code from Ham, correct?
A. Yes, that's correct.
Q. You then compiled the source code and created the executable?
A. Well, in the form I received it, it was not compatible.

By Seth Finkelstein | posted in dmca , legal | on December 08, 2002 01:28 AM | (Infothought permalink)
December 07, 2002

Cases, Trials, Stakes

This week, we've had the Elcomsoft trial (Dmitry Sklyarov), which started out as a criminal case (Sklyarov spent months in jail even before the trial, then had the charges dropped against him in return for testimony).

Jon Johansen's trial is next week, December 9 - 13. Note this is also a criminal case.

I've been following, with great interest, Edelman v. N2H2 ("I don't want to go to jail. I want to go to law school.") - though that's a declaratory case (i.e., pre-emptive). I suspect a decision is near in that one, though I could be wrong.
(Update: I'm wrong - the latest information is that there won't be a decision until at least March 2003)

A week and a half from now is the deadline for DMCA exemption submissions. My slogan: "The lawsuit you prevent may be your own"

Sigh. This isn't a game. It's frustrating that so many people don't seem to understand that. This isn't a playground, where we go inside for milk and cookies after we finish calling each other names. It's not a pointless flame-war, where we can shut off our computers and go out for drinks later. The stakes are very, very, real.

By Seth Finkelstein | posted in activism | on December 07, 2002 05:11 PM | (Infothought permalink) | Followups
December 06, 2002

Elcomsoft trial, another chilling statement

I was again reading over the last eBooks ruling, from the Elcomsoft trial (the Adobe/Ebooks case that arose out of the arrest of Dmitry Sklyarov). It's full of chilling statements. Here's another. (emphasis added):

But, pirates and other infringers require tools in order to bypass the technological measures that protect against unlawful copying. Thus, targeting the tool sellers is a reasoned, and reasonably tailored, approach to "remedying the evil" targeted by Congress. In addition, because tools that circumvent copyright protection measures for the purpose of allowing fair use can also be used to enable infringement, it is reasonably necessary to ban the sale of all circumvention tools in order to achieve the objectives of preventing widespread copyright infringement and electronic piracy in digital media. Banning the sale of all circumvention tools thus does not substantially burden more speech than is necessary.

By Seth Finkelstein | posted in dmca , legal | on December 06, 2002 11:05 AM | (Infothought permalink) | Followups
December 05, 2002

With the passage into law of the "" subdomain, ( Dot Kids Implementation and Efficiency Act of 2002) which I refer to as "dot-kidding", I'm collecting in one post my earlier comments on why it's such a ill-fated idea. While the concept is certainly very pleasant, that political appeal seems to have completely overridden any thought about what is in fact being proposed. This is not a "children's room". It's a government whitelist. Below are some of my explanations as to where a government whitelist has all sorts of implementation problems. Blather, blather:

To facilitate the creation of a new, second-level Internet domain within the United States country code domain that will be a haven for material that promotes positive experiences for children and families using the Internet, provides a safe online environment for children, and helps to prevent children from being exposed to harmful material on the Internet, and for other purposes.

The Basic Problem:

The concept can be condensed down to one basic idea, that the US government will certify sites as OK-for-minors. There is no need to have this certification as a domain name. It could be done just as well with a simple list of US government certified OK-for-minors sites, and that would be vastly simpler to administer.

The dirty little secret of this boondoggle is as follows:


Almost nobody wants "whitelists". Whitelists have been around for years and years and years. I could write pages on this history of the idea. Just think about the basics. It's not like the concept just now occurred to people.

Is It OK To Be Happy and Gay?:

Here's why it's not a panacea. Consider the standard:

(5) SUITABLE FOR MINORS- The term `suitable for minors' means, with respect to material, that it--

`(A) is not psychologically or intellectually inappropriate for minors; and
`(B) serves--
`(i) the educational, informational, intellectual, or cognitive needs of minors; or
`(ii) the social, emotional, or entertainment needs of minors.'.

Now, the question: Does the book Heather Has Two Mommies meet this standard? Think about the implications.

Linking Lunacy:

Consider the requirement of no outside links:

"(11) Written agreements with registrars, which shall require registrars to enter into written agreements with registrants, to prohibit hyperlinks in the new domain that take new domain users outside of the new domain."

Besides being redundant (if one is already restricted to the sandbox, why prohibit hyperlinks?), there is a very deep problem here. Are they really saying that there is a profound difference between

"See the material at"


"See the material at (which is located at , as you have probably figured out, but is not a hyperlink, because if we made a hyperlink to we'd be violating our contract, so we can't make a hyperlink to"

Either they end up meaning "no URLs", which is even sillier, or we have a profound problem of not understanding that hyperlinks are nothing more than convenient references. That is, if the exact same reference is acceptable as long as it is not a "hyperlink", that seems to defeat the purpose.

I suppose none of the sites will be able to run common mailing-list or groups/bboard software which tends to turn URLs into hyperlinks.

Maybe it'll be like curse words, e.g. "s*cks" (umm, how many asterisks are going to be needed to be OK?). We can have http://p**f*r*.*rg

By Seth Finkelstein | posted in censorware , infothought | on December 05, 2002 02:45 PM | (Infothought permalink) | Followups
December 04, 2002

Elcomsoft trial

People following the Elcomsoft trial (the Adobe/Ebooks case that arose out of the arrest of Dmitry Sklyarov) might want to review what happened the last time around. The very same judge, Ronald Whyte, who is hearing the case now, is the judge who earlier ruled (emphasis added):

The inescapable conclusion from the statutory language adopted by Congress and the legislative history discussed above is that Congress sought to ban all circumvention tools because most of the time those tools would be used to infringe a copyright. Thus, while it is not unlawful to circumvent [ed note - ONLY "rights" restrictions, not "access" restrictions] for the purpose of engaging in fair use, it is unlawful to traffic in tools that allow fair use circumvention. That is part of the sacrifice Congress was willing to make in order to protect against unlawful piracy and promote the development of electronic commerce and the availability of copyrighted material on the Internet.

Accordingly, there is no ambiguity in what tools are allowed and what tools are prohibited because the statute bans trafficking in or the marketing of all circumvention devices. Moreover, because all circumvention tools are banned, it was not necessary for Congress to expressly tie the use of the tool to an unlawful purpose in order to distinguish lawful tools from unlawful ones. Thus, the multi-use device authorities cited by defendant, such as the statutes and case law addressing burglary tools and drug paraphernalia, offer defendant no refuge. The law, as written, allows a person to conform his or her conduct to a comprehensible standard and is thus not unconstitutionally vague.

By Seth Finkelstein | posted in dmca , legal | on December 04, 2002 08:46 AM | (Infothought permalink)
December 03, 2002

Searching Through The Great Firewall Of China

From: Seth Finkelstein
To: Seth Finkelstein's InfoThought list
Subject: IT: Searching Through The Great Firewall Of China
Date: Tue, 3 Dec 2002 11:59:29 -0500

[China censorware is much in the news these days. This is my contribution to the party - hopefully, the more the merrier.]

Searching Through The Great Firewall Of China
by Seth Finkelstein
Available at:

Abstract: This report describes a simple technique which can be used with some search engines to bypass censorware bans on searching for forbidden words. Particular emphasis is placed on the situation of the Great Firewall Of China.

Seth Finkelstein Consulting Programmer sethf[at-sign]
Anticensorware Investigations -
Seth Finkelstein's Infothought blog -

Infothought mailing list

By Seth Finkelstein | posted in censorware | on December 03, 2002 01:17 PM | (Infothought permalink)
December 02, 2002

Apache's mod_gzip module and anti-censorship encoding

I've come across many anti-censorship discussions which concern themselves with encoding web pages in transit, so that the packets cannot be inspected for prohibited content. For the record, in practice, this is a solved problem. The solution is an Apache server module which is called mod_gzip

mod_gzip is an Internet Content Acceleration module for the popular Apache Web Server. It compresses the contents delivered to the client. There is no need to install any additional software on the client!

So, it's integrated into a leading web-server, requires NO client effort - what more could one ask? To be sure, the stream could be decompressed by an eavesdropper. But in terms of random packet-scanning for keywords, the individual packets are simply incomprehensible binary data. And the module actually works and is useful, too! It's hard to do better than that.

By Seth Finkelstein | posted in censorware | on December 02, 2002 02:29 PM | (Infothought permalink) | Followups

A small dispatch from the spam-wars

Today I wrote a 'reply' to a message cross-posted to a half-dozen mailing lists, most of which I'm not a member. I expected some bounces from that, but one of the bounces was:

5.3.0 Rejected your system is a spam source see

My system? Whaa? C'mon, give a person a fighting chance. What is "my system"? Sigh. Time to go check the blacklist form. Now, which of the possible IP addresses involved didn't it like? Granted, statistically, I'm running on the extreme edge of mail sophistication, with my own custom configuration. But against that, were I an ordinary person, I'd be stopped cold at this obscure message.

So, I go to and try the IP's which might be problematic. Note, at least I know the IP's - another thing most people would have a hard time doing. Finally, I get to the source of the problem:

I generally list cable modem, dsl and adsl networks where the provider does not publish the customer contact information for the sub-allocations via either ARIN or rwhois. Examples of such providers include but are not limited to AT&T and GTE.

Blech. I suppose if I were a journalist, I could kick and scream and cry bloody murder, and get away with forwarding legal threats. But I have absolutely no desire to do that, and it wouldn't work for me anyway. And it wasn't a very important message in the first place. Loyalty oath: The blacklister has a complete legal right, the mailing-list has a complete legal right, blah, blah, blah ...

Sigh. There's perhaps a few thousands scammers and thieves who are ruining email for everyone, literally the entire Internet.

I hate the spam-wars.

By Seth Finkelstein | posted in spam | on December 02, 2002 11:34 AM | (Infothought permalink) | Followups
December 01, 2002

Press-reach of my DMCA exemptions guide

My guide on How To Win (DMCA) Exemptions And Influence Policy seems to be getting around. An item about it ran in EFF's newsletter EFFector:

Seth's guide explains the process in clear and simple English. The guide tells you how you can submit effective comments and participate in shaping copyright law policy. This is your opportunity to let the Librarian of Congress know how the DMCA is impacting you. If you are having difficulties making lawful use of particular digital media because of a technological protection access control, we encourage you to submit comments to the Librarian of Congress.

It's showing up in places from Dave Farber's IP list and comp.dcom.telecom to applelinks and even a blues-music listserv.

Impressive (well, by my poor coverage standards). It makes such a difference, to be supported. The risk/reward ratio of punditry and policy is so attractive sometimes, as opposed to programming.

By Seth Finkelstein | posted in activism , dmca | on December 01, 2002 10:14 AM | (Infothought permalink) | Followups