[Wrote this for a mailing-list, some time back. David Burt's worst moment.]
> As for some of the claims made in DC that Seth F. hadn't decrypted
> the database...duhhh
That part was just hilarious. David Burt, censorware company representative, ended up being compared (not by me!) to the infamous Iraqi Information Minister:
MR. BURT: Well, again, as I said earlier, it didn't have any harm because nobody has used the exemption that we know of.
MR. BAND: But Mr. Finkelstein has --
MR. BURT: Excuse me. I'm being censored here. I've got to talk. (Laughter.)
I'm a librarian; I can say that.
As far as I know, no one has used this exemption to do this kind of research. That's why there hasn't been any harm that I'm aware of. But, again, as I said, the harm could be quite bad. If the exemption were heavily used and people were trafficking these lists quite widely, the harm could be quite widespread.
MR. FINKELSTEIN: David, will you authorize me to send to the members of the Panel the complete N2H2 blacklist to prove that I have, indeed, circumvented the encryption?
MR. BURT: Again, as I said earlier, I can't make legal decisions like that for my company. I'm not empowered to do that.
MR. FINKELSTEIN: Well, then, will you reserve your characterization because of the fact that I have offered to prove it?
MR. BAND: I also, not to belabor the point, but this is a little bit like the Iraqi Information Minister saying, "No, there are no American troops in Baghdad," when, you know, the American troops were right there. You keep on saying, "No, no circumvention has occurred," when right next to you there's a guy who has said a dozen times, "I circumvented it and this is what I did." I am a little surprised. That's all I can say. (Laughter.)
MR. BURT: Well, I think it's certainly illustrative that you have compared the filtering industry to the Baath Party, what you think of it. (Laughter.) I think Mr. Finkelstein would probably agree with you. (Laughter.)
MR. FINKELSTEIN: I think more like China.
Interesting - I also have a cameo appearance in the DMCA May 2 testimony about "Damaged, malfunctioning, obsolete, other noninfringing uses"
(page 246, Joe Montoro, Spectrum Software)
One of the examples that was raised by Shawn and some other papers on our first day of hearings was Mr. Finkelstein I believe is the cost of litigation is so prohibitive against a small defendant that quite simply a lot of times a small guy can't afford to litigate these matters. At the time, that was the case. We just don't have the resources that companies with those kind of $500 million or $1 billion companies can actually come at us with.
Greetings to a dedicated reader, who has taken such an interest in my poor corner of the web. Welcome, to someone from Gator's law firm "Cooley Godward". I have no objection, since of course this blog is to draw as many readers as possible. But will you indulge me in some of my curiosity?
1) Are you a senior person, junior person, or not even a lawyer?
2) How did you get stuck with the job of reading me? I always wonder at this. It's known, for example, that the cypherpunks list has (or at least had) Federal agents reading it. I always wondered about the sad sack who drew that job. Because I could imagine few more hellish tasks than being obligated to read, as a job, that Liberbabbling flame-pit. I've wanted to ask the person how they stood it. Hopefully, reading my material is less onerous. But I still would like to know how it comes off to someone not perusing it because they want to.
3) What did you think of my analysis of reverse-engineering ? Note, if you say "Wow, it was brilliant, we never thought of that before you said it" - then that doesn't reflect very well on your law firm! I suppose the best answer is "It was great, our senior intellectual property counsel wrote a very similar memo earlier." (i.e. you agree, but knew it already :-)).
4) Does your firm in fact, as John Palfrey suggested I ask, have a position for which you'd like to hire me? Preferably for a fat expert-witness fee? I am job-hunting! I don't work cheap, but I'm worth it. I wouldn't help you harm Ben Edelman personally. But I have no inhibition about being an expert opposing his expertise (and as he's in training to be a lawyer, he shouldn't mind). In fact, having studied his work extensively, I know its weaknesses and soft spots :-).
5) You can move down from Orange Alert regarding me. No promises, but at this time, I have no plans to do any more reverse-engineering work with Gator myself. It's just not worth all the hassle. I did analysis of censorware for years, because I thought it was important for the freedom of the net. Gator's merely vaguely interesting to me as a what's-inside issue. I'm pretty tired of playing lawsuit Russian Roulette, and I don't have the protection of the Berkman Center (this is not an invitation to sue me - it's an explanation of why I feel that Gator analysis is not worth taking any legal risk whatsoever).
Let me know! I've kept a few details of your host private, so hopefully I can distinguish a real reply from any fake.
[I haven't had this much fun with such a pseudo-reply since Mike Godwin brought up the idea of my being a government expert witness in a censorship trial. Then I got to do an elaborate riff on how disappointed I was, that Janet Reno never called me and personally begged for my invaluable help.]
[I wrote this for many DMCA/DVD mailing-lists]
On Wed, May 28, 2003 at 08:20:57PM -0400, Seth Johnson wrote:
> > http://www.copyright.gov/1201/2003/hearings/transcript-may15.pdf
> IP Justice, EFF and Ernest Miller laid out a lot of the key, essential
> points. Most interesting of all to me was the interchange between Mary Beth
> Peters and Robin Gross on the licensing issue. Peters clearly brings up the
> contention that circumvention involves license violations as if it were a
> bugbear issue and appears totally unprepared for Robin's clear statement
> that these "licenses" do not actually constitute contracts.
I think there, Marybeth Peters was confusing shrinkwrap licenses with the licensing terms of CSS for DVD players : (emphasis added)
MS. PETERS: I had a question about this side of the aisle which had to do with tethered DVDs or space shifting, those kind of things, which appear at points to violate licenses. I just wanted a comment on how you view the various licenses that come attached with a lot of the material in digital form.
She seems to have been thinking of the common "You don't own this, you only license it" boilerplate, and under the impression that applies to DVDs too. Note the spread of the idea that material in digital format is necessarily "licensed". Good reply:
MS. GROSS: [excerpt]
Consumers are not licensees. Consumers do not -- are not parties to any contract. Their rights haven't been restricted legally in any way. The manufacturer of the DVD player and the technology company may have license agreements between them but that's between them.
The consumer is not obligated to follow the agreements in their contracts. They are not a party to those agreements. I'm a little confused when you're saying overriding licenses. People who aren't a party to contracts aren't -- they are not overriding the contract. They are simply not a party. They are engaging in activity outside of the scope of the license.
So she's talking about any contracts binding the DVD player manufactures who have licensed CSS.
However, lest this point be misunderstood, I think it's clear Robin Gross wasn't addressing whether shrinkwrap licenses were valid contracts - that's an entirely different issue.
> There's a lot on this last day that's extremely good. It's the longest
> transcript, but if you want to get a sense of the best stuff that got
> brought out in these hearings, that's the one to read.
I still like my hearing best :-). I think it's got the most "(Laughter.)" moments.
MR. FINKELSTEIN: ... I would also like to say that, for all this talk of the pornography sites, since they were blacklists, they are really bad collections of pornography sites. (Laughter.)
Blog addition - James Tyre pointed out to me this moment in his hearing
MR. KASUNIC: Okay. I have just a couple of questions, mostly for Mr. Metalitz. Mostly we haven't heard him talk as much. And in the interest of time I'm going to censor myself today.
MR. TYRE: You can't do that. You have to speak freely.
More censorware DMCA testimony!
This features James Tyre (civil-libertarian lawyer and a coFounder of Censorware Project) verus Steve Metalitz (lawyer for many "Axis-Of-Evil" copyright associations)
This is also good reading, if I do say so myself.
This features me (unpaid award-winning anticensorware activist), David Burt (censorware company N2H2), and Jonathan Band (lawyer for many library associations).
It's good reading, if I do say so myself.
People who haven't seen the Evil Overlord List, should read it. It's full of practical advice on do's and dont's for aspiring Evil Overlords. As in, e,g.:
29. I will dress in bright and cheery colors, and so throw my enemies into confusion.
I have my own "Evil Journalist" rules (but from the standpoint of dealing with them, not trying to be one of them, even in jest). One of the rules is:
If I ever release a program which might be legal trouble, I will not name it anything with "-HACK" or "-CRACK" in the name. These look bad on court papers. Instead, I will name it something which sounds good in the press.
I'm not intending to write it, but I was just musing on "Investi-Gator" as a Gator reverse-engineering program name.
Sigh. In general, the closer my technical work is to being blockbuster and revelatory and an effort which absolutely demands attention - the closer it is to risking a lawsuit :-(.
See Seth Finkelstein's blog post of last night for a critique of the thinking around the methodology in Ben Edelman's Gator study. Seth has done many good works in this field -- he's been cited by the EFF and others for his efforts -- and is certainly worth listening to as a general matter. I don't happen to agree with this particular post, but in the interest of true open discourse, please go and check it out.
Thanks very much (not too many people did look, but it's the thought which counts).
Anyway, one of the very odd things for me, observing the evolution of the Net, is seeing certain arguments make their way up the status-chain. This particular issue, legal aspects of reverse-engineering and shrink-wrap licenses, is near and dear to my heart, since I've been dealing with it for many, many, years now. To demonstrate, I just dug up a discussion example from 1997, featuring this censorware item:
Unauthorized reverse engineering of the Software, whether for educational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.
Again, that was being talked about in 1997 (in part as a result of my work, and in part others done independently).
Moreover, if the Gator license is modified in the future to say we-really-mean-it, no reverse-engineering, whether by decompiling, packet-sniffing, or Ouija board, it wouldn't at all be the first time that sort of thing had been done.
The law protects the holder of a trade secret against disclosure or use when the knowledge is gained, not by the owner's volition, but by some improper means, which may include theft, wiretapping, or even aerial reconnaissance; however, a trade secret does not offer protection against discovery by fair and honest means, such as by independent invention, accidental disclosure, or by so-called reverse engineering, that is by starting with a known product and working backward to divine the process which aided in its development or manufacture.
That seems a very good description of the kind of testing being done to investigate Gator (except here it's more at "functioning" instead of "development or manufacture"). Certainly a good enough fit to be sued over it, if one was vulnerable.
P.S., Seth, as to your note about employment: You might check with Cooley Godward, Gator's lawyers, to see if they have a position open. :)
I'd like a fat expert-witness fee, thank you :-). No offense taken, but this part of the discussion is very familiar too. To me, Mike Godwin did the defining example of it, when, while he was losing a debate regarding censorware blacklists being subject to copyright, he proclaimed "You friends of CyberPatrol, have at me!" At the time, Peter Junger wrote an excellent reply article which has stayed with me:
If one insists on discussing imaginary facts and also on ignoring the arguments that favour the bad guys, one is going to have one's head handed to one when one actually goes into court willfully unprepared.
[I've gone back and forth as to whether to post this, I've gotten some indication I won't come out ahead for saying it. Maybe saying unhappy things like the following is why I'm doomed never to be a political success :-(]
The question arose as to whether this research is potentially barred by the DMCA. It is not. Nor, observed Ben in some surprise, does the Gator license agreement speak to the situation. Dave Winer said, "It will soon, I imagine." To which John Palfrey replied, "Ah, yes--the Ben Edelman clause."
Well, here goes my chance of ever working at the Berkman Center ...
Sigh. I've just written, with regard to Google-ranking, about it being a different world for columnists at the New York Times, than bloggers. With regard to legal threats, it must be a very different world over there at the Berkman Center. Double sigh. Harvard lawyers and similar don't have to worry about SLAPP-like lawsuits. It's a matter of perspective.
Folks, of course the license prohibits any reverse-engineering! I have yet to see a commercial software license which did not.
This would be blindingly, blatantly, obvious to you if you had ever had to seriously worry about being sued, and needed to consider what could be thrown at you. Not what could be argued in defense by a legal team. But rather, what the prosecuting lawyer would claim in the lawsuit. The Gator license (I grabbed it out of the binary) states explicitly:
You may not modify, reverse-engineer, decompile, disassemble, or otherwise discover or disassemble Licensed Materials equivalent of Licensed Materials in any way. You do not have the right to create derivative works of Licensed Materials, and you agree not to attempt, or allow others to attempt, to reverse engineer Licensed Materials and/or modify Licensed Materials source code.
It doesn't say "You may not reverse-engineer, unless you do it in part by asking many, many, people to each help out a little bit with the testing". Or "You may not allow others to attempt, unless you do it ON THE INTERNET". In fact, I'd say the license is extremely clear on this point - look at that clause about "allow others to attempt". Now, it may not be legally enforceable, if one has the ability to fight a lawsuit. But it sure doesn't seem unaddressed.
Remember, my point here isn't against it being possible, advisable, wise, valuable, laudatory, etc, to make a public policy argument as to the social benefits for reverse-engineering. Or a complex First Amendment argument for allowing observation-based testing. I'm all for it! But rather, there's some sort of notable cross-cultural phenomena here in any belief that the general topic isn't even addressed. Consider this part of Bowers v. Baystate:
In this case, the contract unambiguously prohibits "reverse engineering." That term means ordinarily "to study or analyze (a device, as a microchip for computers) in order to learn details of design, construction, and operation, perhaps to produce a copy or an improved version." Random House Unabridged Dictionary (1993); see also The Free On-Line Dictionary of Computing (2001), at http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?reverse+engineering (last visited Jul. 17, 2002). Thus, the contract in this case broadly prohibits any "reverse engineering" of the subject matter covered by the shrink-wrap agreement.
That's what someone not in a privileged position would have to face. It's right there.
of Gator Advertisements and Targeting is
just-announced Gator ad study. Out of
curiosity, I started digging into the details of
It does send back some information from your computer to its servers.
So far, I've found most common action of calling home seems to be an ordinary
HTTP POST to the URL
The data fields then are the following:
More as interest/discovery permits ...
HB 3101, the Oregon library censorware bill I discussed earlier, "has stalled in committee after legislative counsel said it is unconstitutional.". LISnews.com noted an AP story, but the original source seems to be an Oregonian story. Note the following:
Librarians contend that a [censorware] requirement would pose significant costs of installing and maintaining software. The Baker County Library District reported it paid $3,000, along with a $1,000 annual maintenance charge, for [censorware] on each of its Internet terminals.
"It's an unfunded mandate," said Connie Bennett, president of the Oregon Library Association and director of the Eugene Public Library. In testimony in late April, Bennett estimated installing [censorware] on Eugene's 89 public computers would carry an initial cost of $267,000 and an annual maintenance cost of $89,000.
[Grumble ... 267k + 89k = 356k ... when do I get paid!]
These sort of costs should thoroughly refute the idea that censorware is in any way like selection. Imagine a line-item in a library budget for special censor employees to look over every reader's shoulder, and stop them from reading any forbidden material. Yet the moment this is done using machines instead of humans, and called "filtering", it acquires a patina of respectability.
[Semi-name-dropping disclaimer - I like Andrew Orlowski's articles, and think they're asking good questions even if not immediately having the best answer to the question. I've even been quoted, willingly, in one Register Google piece. I've never talked to Nunberg, but I believe he's used some of my censorware investigations research in his CIPA expert testimony, so I also have incentive to favor him.]
I was puzzled recently when Edward W. Felten wrote:
Sunday's New York Times ran a piece by Geoffrey Nunberg complaining about (among other things) the relative absence of major-press articles from the top ranks of Google search results. ...
The real explanation is simpler : The Times forbids Google to index its site.
Huh? This took me aback. I couldn't even find that "complaining" in the piece at first. Some digging, via John Palfrey to Doc Searls finally let me figure it out. I believe what's fueling a certain reaction is this:
People think that the Nunberg/New York Times article is in part complaining about their Google PageRank - because that is what concerns net-writers!
No, folks. New York Times writers don't care about their PageRank. They don't need it!. They're heard already. By people who read short briefing papers prepared by staff. The New York Times is at the top, and it's a very diferent world up there, from down here.
If anything, I read Nunberg as being ever so slightly critical of Orlowski, and quite accepting of the Google results. I think he was saying very roughly that Google returns what people were talking about, and more people were talking about a "blog" topic than a "major-press" topic here, so that's what you get. Then people viewed this as somehow being a "complaint". But I didn't see Nunberg as complaining, so much as stating that chatter may be popular, but it isn't authoritative, and shouldn't be expected to be so. The same sentiment I express as "Google is good, but not God."
By pure coincidence, Friday I went by the Massachusetts US District Court clerk's office, and examined the case file (court documents) of Edelman v. N2H2. Note I'm not involved in the case in any way, just a very interested spectator.
I was hoping there would be a transcript of the oral argument regarding the motion to dismiss. The case was dismissed for lack of standing, so technically that doesn't tell us anything about the issues themselves. But having been in the courtroom myself, to me the attitude of the judge was, err, chilling.
But there didn't seem to be a transcript of that oral argument. Just the clerk's note that the result of the argument was under advisement. I was later told by a lawyer that such transcripts usually have to be ordered, and aren't normally made unless there's some specific interest in a transcript.
There was nothing all that interesting in the case file. I was disappointed to find out that the material concerning "budget for costs" (apparently something to do with mediation as an alternative) didn't have any figures. I wonder sometimes how much the litigation cost N2H2, because I know lawyers don't come cheap.
The N2H2 (censorware company) recent financial filing makes this interesting statement about the Edelman v. N2H2 declaratory action to reverse-engineer censorware. I like how N2H2 talks about him as being "purportedly a computer researcher". I'm probably "purportedly" chopped liver.
We have been named as a defendant in an action by the American Civil Liberties Union that could weaken our intellectual property rights and result in substantial costs to the company.
In July 2002, an individual represented by the American Civil Liberties Union filed a lawsuit against us in federal court. The plaintiff is purportedly a computer researcher who allegedly seeks to conduct a quantitative analysis of the accuracy and comprehensiveness of our Internet filtering solutions for purposes of determining whether these solutions exclude some speech on the Internet that is constitutionally protected. He alleges that his activities in conducting this analysis, if he ever does so, would violate our standard license agreement and our intellectual property rights. The plaintiff alleges that the threat that we will enforce our license agreement and our other rights has deterred him from this activity, which he alleges is protected under the "fair use" doctrine of copyright law and other legal doctrines. He seeks a declaration to prohibit us from enforcing the license agreement against him based on his use of our software in his research activities. Our Motion to Dismiss this action has been granted, and judgment was entered in our favor on April 17, 2003. If the plaintiff decides to appeal, he has until no later than May 17, 2003 to do so. If Mr. Edelman does appeal, the litigation could result in substantial costs to the company and divert management's time and attention away from business operations. If the appeal and the claim are ultimately resolved in the plaintiff's favor, it could materially affect our ability to enforce our license agreements and other intellectual property rights against certain users of our software filtering products. In addition, it could contribute to an increase in the number of people who seek to use our software in ways that we believe violate our proprietary rights.
Free speech and privacy concerns could adversely affect the demand for our Internet filtering solutions.
There has been a public-policy debate regarding Internet filtering in schools and libraries within the U.S. Congress. This debate has resulted in the CIPA, a law mandating Internet filtering in schools and libraries receiving certain federal funds, among other requirements. A United States District Court, however, has declared this act as it applies to public libraries unconstitutional. This decision has been appealed to the United States Supreme Court, which has accepted the case and is expected to rule by June 2003. If CIPA is ultimately held unconstitutional, some of our current customers may decide to no longer provide filtering in their organizations. This in turn would lead them to not renew contracts with us and would thereby harm an important source of our revenues. If the Supreme Court determines that filtering by public libraries is unconstitutional, plaintiffs and advocacy groups may rely on this decision to challenge the constitutionality on First Amendment grounds of mandatory filtering in public schools. Because public school customers still represent the majority of our revenue, an ultimate finding by the Supreme Court that mandatory filtering in public schools is unconstitutional could have a serious adverse effect on our future revenues.
These mailing-list messages are good info:
[Posted with permission. Thanks!]
I just wanted to thank you for bothering to read the original Klingon interpreter story. I was appalled when I saw the AP version that went out over the wires. You were right on in your remarks. Thanks again.
Sigh ... I just saw the following spam/blacklist article, I have to remind myself once more to stay out of the spam-wars:
Much better information is in the court documents for Media3 v MAPS:
"Haselton found out that his organization had been placed on the Mail Abuse Prevention System (MAPS) list because of complaints that his Internet service provider, Media3 Technologies, refused to cut off service to companies suspected of doing business with spammers."
"MAPS responds that its assertion that Media3 is "spam-friendly" is true because Media3 does, in fact, host companies that provide services exclusively to spammers."
"Media3 has not established a likelihood that it will prevail on the merits of its defamation claim because, on the present record, MAPS has made a strong showing that its characterization of Media3 as "spam-friendly," is true. Media3's actions may well be found to outweigh its "Acceptable Use Policy." As described above, Media3 hosts several websites which provide support services that are used either exclusively or predominantly by spammers. See Def.'s Exhibits 1-4. These services include the sale of hundreds of thousands and even millions of e-mail addresses which are sold without any indication whatsoever that they are sold with the permission of the e-mail user. As the record stands, there is a serious question whether MAPS's assertion that Media3 is "spam-friendly" is defamatory because the statement appears to be accurate."
[ snopes.com is the "Urban Legends Reference Pages" site]
Claim: An Oregon county health services department hired a Klingon interpreter to assist psychiatric patients who would speak no other language.
[This is the full text of the press release about the so-called "Klingon Language Interpreter". It doesn't appear to be available anywhere else on the Web, and only snippets have been reported in the press. The following was mailed to me directly]
MULTNOMAH COUNTY OREGON
May 12, 2003
Contact: Becca Uherbelau, Multnomah County Chair's Office 503-988-5273
Klingon Interpreter Services Removed From List
Recent media attention on Multnomah County RFPQ (Request for Programmatic Qualifications) RO37745 for translator and interpreter services requires clarification.
There is no cost to the county and no contractors are selected or paid through this RFPQ. "Not a penny of public money has been or will be spent on Klingon translation. I have issued an addendum to the RFPQ that officially removes it from the list of languages for county translation services effective immediately," states Multnomah County Chair Diane Linn.
"Certainly, the idea that Klingon is on a list of languages that our safety net services might have to translate sounds absurd and about as far out as you can get. It was a mistake and a result of an overzealous attempt to ensure that our safety net systems can respond to all customers and clients," states Diane Linn, Multnomah County Chair.
The county deals with a wide range of clients with severe mental health issues including manic depression, schizophrenia, multiple personalities, and delusions. It is our legal responsibility to respond with all resources and means necessary to communicate with clients.
The intent of the RFPQ is to standardize rates and the rules of service delivery for language services across the county. Additionally, the target of the RFPQ process is to develop a more comprehensive, cost effective approach to providing required and valuable translation services to clients in need. The end result is a list of qualified providers available to all county agencies, including languages spoken by a small number of potential clients.
Over 50 languages are included in the RFPQ. The county's responsibility is to provide the best possible care to the people who seek our help, particularly in the midst of a mental health or health crisis, whatever the language they speak.
"While this may sound like a quirky, peripheral issue, I would like people to take a moment to think about the kinds of things we are confronted with when we must help those who are mentally ill. The problems faced by those with mental illness are no joke, especially when they pose a threat to themselves or others. And what I hope people understand is that thanks to state budget cuts, we have little ability to help the severely mentally ill in any language. That is why we are working so hard to pass Measure 26-48," added Linn.
# # #
Public Affairs Office
501 SE Hawthorne Blvd., #600
Portland, Oregon 97214
See my debunking of the now-spawning
"Klingon Language Interpreter" Urban Legend:
The front page of kuro5hin.org is not a bad place. But it doesn't have anything near the power of the Mighty Media Echo Chamber (and this blog has even less ...)
It's now been a little less than two weeks from the website crash. The new installation of the blog is debugged, and I've fixed any critical file-not-found errors. Old provider http://www.phpwebhosting.com/ remains very apologetic that they didn't have one bit of backup. But sorry and lost mailing-list data still leaves me with painful loss of mailing-list data. That's another personal discouragement.
The other notable after-effect was that I was no longer being visited by My Friend The Freshbot (the Google crawler which checks certain sites for daily updates). It turns out that the daily Google crawler still thinks that my site is hosted on the old location (http://www.phpwebhosting.com/), even though it's now been moved for many days.
That's interesting, as it indicates that the daily Google crawler is rather slow to update its DNS. I've got a log full of errors. That log shows a pattern which seems to confirm that the highest PR or most-linked pages are what forms the basis of the daily crawl (which makes sense).
I'm seeing a brief daily visit from a Google crawler on my new location (Project Geek). But it's just checking the front page and robots.txt. This is probably Google's general crawler to keep track of what websites exist and what shouldn't be searched on them (robots.txt).
As an interim measure, I put some pages back on the old host, so hopefully Google/Freshbot will find them soon. I'm going to keep track of when Freshbot Comes Home (new home, that is).
Or as Seth Finkelstein reminds us,"Google is good, but not God."
So, my site got a burst of activity yesterday generated from referers from Slashdot. Was it some hard-earned credit from my extensive activism work? No ...
It turned out that Michael Sims, Slashdot "editor", had thrown a tiny
temper-tantrum on Slashdot's front page, posting an
article about Microsoft full of ranting e.g.
"You have seen the stupid Passport hole in an earlier story; also the iLoo, although that hasn't stopped you from submitting stories about it, oh no.".
How does this suddenly result in many hits on my site? Well, "FortKnox", a popular and prolific commenter, took Michael to task in a comment, for editorial conduct "Childish... just pathetic"". Which then generated a thread with enough references to Michael Sims' domain-hijacking so that there was spike in traffic to me.
Frankly, this all impresses me - and scares me - on many levels. It's easy to dismiss as merely pointless flaming. But no, I believe there's a great deal to ponder here. Initially, there's the humbling fact of how much comparative traffic it generated. That is, even a fairly minor critical thread is order-of-magnitude comparable to my site-readership.
More troubling, though, is someone's comment of:
I see references to Seth Finkelstein appearing already. With any Michael thread this is no surprise. I don't know who was right or who was wrong, but I do know that it has no bearing on Digital Rights Management. It's a private spat, let it stay that way. Taco clearly feels confident in Michael Sims and frankly, it's Taco's call.
There's one of the activism-problems for me, in a nutshell - "Taco clearly feels confident in Michael Sims ..." (Taco's in charge of Slashdot). Bennett Haselton has said "The only legitimacy that Michael has is through his position as a Slashdot writer ...", and it's true. Jonathan Wallace lamented "If the ACLU's webmaster had trashed the organization's site, I think everyone would pretty well recognize he was a Bad Character and Not To Be Trusted.".
But Slashdot keeps up Michael's reputation, and so his massive destructiveness, no matter how much it's denounced, has no consequences. Now, people tend to tune-out here, complaining about whining, but this is profound.
If Michael Sims goes a bit nutty about Microsoft and unappreciative readers, that hardly matters much per se, But it's part of a pattern of abusiveness, where he's overall given carte-blanche to make accusations on the front page of Slashdot, and the worst thing that seems to happen is it later might be changed. That's the power of journalism.
People do not understand my deep desire not to do legally-risk activism work in the face of journalistic invulnerability used with malice aforethought. If I get sued, I don't want to be fighting a hatchet-job posted the front-page of Slashdot (nor elsewhere, but that's another article). And that just doesn't get across. It's so monstrous, so contrary to mental models of reasonableness, that it's not credited.
To me, every element of my concern is backed-up with solid evidence. Michael Sims stole the Censorware Project domain (search for "flipping out on us", and I didn't write that!), broke legal trust placed in him with sensitive information about my censorware decryptions, and more. Yet he remains backed by Slashdot, and regularly rants and attacks from their front-page. It's no stretch at all that he'd do me ill there if he had the opportunity. After all, he's already done everything from hijacking an organization's domain, to breaching legal confidences, it happened.
It's not a "private spat", when I have extreme legal liability as my downside and the opposing downside is ... what? ... a few comments in a discussion-thread???
It's not worth it.
The "Tripoli" anti-spam proposal looks like it'll be making the rounds. It's got an excellent pedigree (Lauren Weinstein and Peter G. Neumann). But I'm dubious.
First, anything which has the word "Empowered" in it ("An Empowered E-Mail Environment"), is a big red flag to me. Purely a Bayesian test :-). But in my experience, "empowered" is "a system that we're trying to sell as helpful to someone else, even though they never asked for it."
More technically, the problem seems to be right here:
A key aspect of the Tripoli environment is the concept of a third-party certified, encrypted authentication token that would be cryptographically linked with every e-mail message. Within the Tripoli architecture, this token is referred to by the acronym "PIT" (Payload Identity Token, henceforth referred to as "Pit") and is at the core of Tripoli.
[Note: "Tripoli PIT" tended to make me wonder if that was a subtle joke, akin to "Amontillado CASK" or "Telltale HEART". There's a Tripoli mineral which is pit-mined, but that didn't seem like the reference]
EVERY e-mail is going to be third-party certified? I can see the dollar signs in some people's eyes now (not the proposers, rather certain readers). A mint. An e-mint. There's already several I-am-not-a-spammer certification systems, for businesses which want to send legitimate (requested) commercial bulk email. I suppose there's a value in unifying an interface to these systems. But I'm not sure that's much empowerment. Maybe the certification will be useful for innocent senders caught-up in spam-blacklist wars.
I mistrust elaborate technical proposals to social problems. The gee-whiz always sounds nice in the White Paper, with fun buzzwords. But overall, people tend not to want it.
[A reply to a message on Report from FTC Spam Conference . (I probably should remind myself there's no benefit to me in the spam-wars)]
> ... I believe that the long history of law developed around
> governmental censorship can aid us in looking at where the current
> systems are going wrong and what they could do to make things better.
As an only slightly tongue-in-cheek idea, I wonder if the key analogy is not censorship law, but anti-terrorism law. To a first approximation, spammers seem to me to be much more akin to terrorists than traditional censorship-targets. That is, they're taking advantage of an open society (US/Internet) in order to "hijack" infrastructure so as to convert it for their own typically criminal actions (I don't mean to trivialize mass-murder versus tawdry scams, but a thief and fraud con man is still a criminal).
The Spam Wars have very much the flavor of the War-On-Terrorism. There's strikes at territories (Afghanistan or ISPs) which are "harboring" enemy forces, and woe unto any civilians who are caught in the middle. There's "If you are not with us, you're against us" attitudes of collective-guilt towards many other parties, and pariah powers using innocents as human shields in order to generate sympathy (cough what the "spam-friendly" ISP Media3 did with Peacefire cough).
Spam blacklists seem to be somewhat like "no-fly" lists, where there's a database which is checked before one can travel (whether passenger or email) via the facilities. And there's the whole issue of cloaking/hiding/anonymity, as the bad guys often try to get service under forged identities, to avoid detection. There's even the same sort of urgency to say "I agree those are bad guys, but ..." (there's some of this in censorship, but the intensity is much higher with terrorists than typical censored material, and the spam-wars look to have the intensity-level of terrorism, not censorship). Though there are some real bad guys indeed, well-financed and ruthless.
If we destroy the open Internet, the spammers will have won?
Seth Finkelstein Consulting Programmer sethf[at-sign]sethf.com http://sethf.com
From: Seth Finkelstein
Subject: Isolating spammers is good (was proposal to end spam ...)
> For one thing, an increasing percentage of it comes from overseas, and
> you can be certain that offshore bulk mailers will gleefully thumb their
> noses at Congress. ...
> Everyone would start quarantining ADV-tagged mail as rigorously as Hong
> Kong is isolating suspected SARS patients.
> If Lofgren's bill is enacted, U.S.-based spam operations are likely to
> shift operations elsewhere, just as gambling sites set up shop in the
Dave, can I point out that, far from being a clever Unintended
Consequence, this argument is in fact something of a Straw Man. Way
before Lessig, some of the most technically knowledgeable anti-spammers
have not regarded spammers-will-just-set-up-shop-elsewhere as being a
killer issue. That's been an argument/counter-argument right from
the start over the MAPS Realtime Blackhole List. One position is that
driving spammers overseas is good, because it makes them more
isolated, and helps reject their connections with minimal other damage:
http://www.mail-abuse.com/rbl/candidacy.html (emphasis mine)
"And if it becomes widely known that selling e-mail or web services only to have them advertised in the text of spam is a great way to lose connectivity, then spammers will not be able to hide behind legitimate service providers and we'll smoke them out into the open, which means into using their own (blackholable) links."
The difference between gambling and spamming, is that people want to gamble, but nobody wants to be spammed. If spammers set up in the Caribbean, that's an invitation to make the Caribbean its own INTRA-net.
Note, by the way, the article also contradicts itself. The same "overseas" issue would apply to "long-standing common law rights" too - an approval of Blackstone over Lessig is purely ideological, not technological.
A law which helps to burden spammers, to isolate them, to deny them operations in a country, can thus be part of a solution, even without any international treaty.
Following up my comments on the "RIAA 4" lawsuit settlement, I went and researched some numbers for showing that there is no lawsuit-funding-fairy.
In the old State of Oregon v. Randal Schwartz case (unauthorized security testing and remote access by a consultant turning into felonies), I just checked the amounts from the message at his information server, "The Fund Daemon" <fund[at]stonehenge.com>
Legal costs, total: $186159.85 . Defense fund: $22319.19
That is, 12% of the legal bill was covered by donations.
I don't have good data for recent individual-defendant cases. I think people stopped publishing the specific numbers because the amounts were either embarrassing or discouraging.
But that's reality.
Given the latest lawsuit topic, I decided to do a review of my last month or so of free-speech work. Is it worth it?
Late March: My proposed tutorial on censorware had been accepted for presentation at the 13th Annual Conference on Computers, Freedom & Privacy (aka CFP 2003). Then (literal) war was declared, and all conference tutorials were cut. And also cut was the travel/hotel expense money for tutorial presenters. I simply couldn't justify spending hundreds of dollars of my own money for travel/hotel expenses in order to attend the conference (it's not my job)
Late March - Early April: Went to the court dismissal-motion Edelman v. N2H2 hearing. This was a case asking researchers be declared to have every right to reverse-engineer censorware, and publish tools to do so. Ultimately, N2H2 prevailed, getting the case dismissed, roughly because the plaintiff hadn't done anything (not yet "ripe" for judgment). The legal core of the case, issues of "standing", (rightly) dominates discussion about it. However, as one of the few people in the courtroom (as a spectator! - this time ...), the most relevant aspect to me was the attitude of the judge. It was an almost palpable hostility against the ACLU side.
April 11: I testify at the Copyright Office DMCA exemption hearings. A grueling 22-hour trip, where I had to pay all my expenses out of my own pocket. I seem to have done well and made good points. Might even have preserved the DMCA censorware exemption, to be immodest. I received some private compliments for my efforts. But very few people hear about it all.
Late April: An opportunity collapses regarding my getting some extensive recognition for the above testimony. An off-and-on week of wrangling with various issues. Between certain legal discussions, my job-hunting woes, and various politics, it doesn't happen. It's the sort of thing where I think that if I were perfect, I could maneuver among all the grudge-holding and work/credit issues. But I'm just human. It's not a solution to tell me to be perfect, as nobody is.
April 30: Website server crash. The hosting company seems to have lost backup data too, and I relied on them. Days of work rebuilding everything. No, it's not just a matter of putting back static pages. When you have PHP variables, a cgi-script based blog, web-driven mailing-list software, and more, it's a massive job even to debug the restoration. The mailing-list isn't back yet, and some of its important data may be permanently lost.
Sigh. I don't know. I have a deep sense that, as I think of it, I'm disbelieving mathematics. It's again the old issue of what is sustainable.
[For IP] Ah, another easy one. Just from my experience, the problem is with the sentence:
"One technique is to misspell words, like "Viagra" or "pornography," that set off the filters.
You can't say "Viagra" or "pornography". Because if you say "Viagra" or "pornography", even in the context of discussing why you can't say "Viagra" or "pornography", well, we see what happens :-)
I'm reminded of this scene from the movie Life Of Brian:
Look. I don't think it ought to be blasphemy, just saying 'Jehovah'.
Oooh! He said it again! Oooh!...
You're only making it worse for yourself!
Making it worse?! How could it be worse?! Jehovah! Jehovah! Jehovah!
I'm warning you. If you say 'Jehovah' once more--
[MRS. A. stones OFFICIAL]
Right. Who threw that?
The news is making the rounds now, that the "RIAA 4" lawsuit for copyright infringements, against four students running network services, has been settled. I'd like to focus on the following paragraph:
The settlements will see each student making payments to the RIAA totaling between $12,000 and $17,000, split into annual installments between 2003 and 2006. The lawsuits as filed could have entailed damages (in theory) of up to $100 million.
I remember that I drew a lot of criticism for settling the Cyber Patrol break case "prematurely", or "at the first threat of a lawsuit", but that wasn't accurate - Mattel et al. actually never threatened me, they just went ahead and filed two lawsuits without stopping to make threats, and an injunction was issued and the cases got pretty far before I settled.
I remember the arguments that settlement sparked, as I got some grief myself for privately defending his decision. It's too easy to fight to the last drop of someone else's blood.
When I talk about how these problems have chilled my own censorware work, too often it's just ignored and dismissed, because it's not in people's experience. Maybe the real-world aspects are just starting to penetrate the mass net-mind now. This isn't a game.
In my view, these lawsuits tell us nothing new about the legal status of the kinds of general-purpose search engines these students were running. The lessons of these suits are simpler: (1) don't be a direct infringer, and (2) getting sued by the RIAA is expensive.
Now, I agree with those statements. But I'd like to amplify that these lawsuits do tell us something new - or at least reiterated - about who can afford to defend the legal status of such cases. That's the big problem. And too many people don't realize it. I quote Matthew Skala much on this point:
When we published the essay I didn't expect a lawsuit, but I had also thought, "Well, if there is a lawsuit it won't be a problem, because there are organizations that take care of things like that." I fondly imagined that in case of legal silliness, someone would just step in and say "We'll take it from here." What I found out was that those organizations, through no fault of their own, were able to give me a lot of sympathy and not enough of anything else, particularly money, to bring my personal risk of tragic consequences down to an acceptable level, despite, incredibly, the fact that what I had done was legal. Ultimately, I couldn't rely on anybody to deal with my problems but myself.
Some people learn that lesson a bit less impressively than I had to.
Too many people, especially techies, believe that someone is just going to step in and write a blank check for legal expenses. It's not going to happen. The implications which stem from this mistaken belief, however, are seriously debilitating. Just personally, I can't convey how much grief I've gotten from those under the mistaken notion that all I have to do is get sued, and the lawsuit-funding-fairy will appear. Or more generally, how much blather is based on the idea that someone else is going to do the legally-risky work (I call this the theory of the "Secret Society of Civil-Libertarian Circumventors"). THAT lesson, that there is no lawsuit-funding-fairy, and the consequences thereof, is profound.
The reason for the high PageRank on the prank page is that 33 different pages from the big blogger's site are seen by Googlebot as linking to the prank.
I don't believe this claim is correct. There has to be a limit on how much PageRank a single site can contribute for a link. For example, it's a frequent practice for all pages on a site, to link to the root URL of the site. This doesn't generate an astronomical PageRank. Moreover, even if the own site is an exception, it's a very common to have a page structure where there's a frame or table of associated sites, on each page of the site. A "blogroll" is just one example of this structure. I just looked at Privacy.org, for an example, and note the "Privacy Resources" table on every page, for all thousand or so Privacy.org articles.
Now, there's a deep social issue about information here, which I don't mean to dismiss. But the explanation given by Google Watch for the effect is not right. And in fact, it muddies the issue. It implies a kind of technical bug: "But only about one-third of the page is duplicated in this case, so Google thinks they're all worth indexing.". The problem isn't that Google's duplicate-detection algorithm was fooled. Rather, it's a social "bug", in that the ranking algorithm produces results which are in some ways problematic.