October 31, 2003

DMCA exemptions humor from the Register of Copyrights

From deep, deep, down in the Register's recommendation for DMCA exemptions, presented for your amusement:

A few commenters submitted comments relating to source code or data file formats. These comments, however, were at times more difficult to decipher than encryption algorithms.

By Seth Finkelstein | posted in dmca | on October 31, 2003 11:59 PM | (Infothought permalink) | Followups
October 30, 2003

DMCA censorware exemption and my press recognition

I've gotten a few more favorable articles (though, as Donna Wentworth at Copyfight.org accurately quoted me "Wow. Static Control is doing better in terms of press with their loss than I'm doing with my win!")

The Register, DMCA exemptions boost archivists, disabled:

The Library of Congress has the job of looking at rulemaking, or how the Act is interpreted, and it has identified four areas where copyright circumvention has legitimate, non-infringing applications. The DMCA criminalises circumvention of protected copyright digital material. But thanks in part to campaigner Seth Finkelstein, the oversight body has decided that for the next three years, bypassing access control in these areas won't result in a breach of the DMCA.

And I get to be one of the heroes on the Lessig blog:

"thanks, Seth"

The Copyright Office just released its report (pdf) on exemptions from DMCA restrictions. There’s good news and bad news. Let’s start with the good. The Office granted four exemptions. One of the four was an exemption for censorware. This exemption was argued for strongly by a number of people, but none argued it more effectively than Seth Finkelstein. Based largely on his testimony, “compilations consisting of lists of Internet locations blocked by commercially marketed filtering software applications that are intended to prevent access to domains, websites or portions of websites, but not including lists of Internet locations blocked by software applications that operate exclusively to protect against damage to a computer or computer network or lists of Internet locations blocked by software applications that operate exclusively to prevent receipt of email” are exempt from the DMCA.

I’ve been an admirer of Seth’s work for a long time, and as this shows, with good reason. Thanks, Seth.

Plus a Greplaw item DMCA Exemptions announced.

Also a Slashdot "leftover" on Librarian of Congress Posts DMCA Exemptions:

Update: 10/29 15:19 GMT by T: Take a look at Seth Finkelstein's site for an idea of how being pushy can sometimes be helpful; Finkelstein has loudly pushed for the importance of DMCA exemptions, including in Congressional testimony.

I shouldn't complain about that, it's nice and better than nothing, take what you get. etc.

I still want a New York Times quote though, as was given to someone else in the old 2000 rulemaking. I'm the "anonymous informant[s]" of that article - it was very painful to be confined behind the scenes, in fact being personally attacked, while seeing other people getting all the credit. The scars (and against me, the grudges) are still there.

By Seth Finkelstein | posted in activism , censorware , dmca | on October 30, 2003 04:33 PM | (Infothought permalink) | Followups
October 29, 2003

DMCA exemption and decryption-based censorware research

I'm in Wired News today: New Ways to Skirt DMCA - Legally!. They quote me:

"How sweet it is," said Seth Finkelstein, a programmer and anticensorship activist. "Without the exemption, the DMCA would make it a violation to decrypt the blacklist to find out what (filtering companies) are actually censoring. The actual contents of these blacklists are an important censorship issue.

"The Copyright Office has recognized the importance of fair use in this area affected by the DMCA," Finkelstein said. "It's not a blanket declaration of being legal, but it's an ability to argue fair use."

This is good.

The opponent to the censorware exemption, the Iraqi Information Minister, err, David Burt, is quoted as saying:

Filtering advocates had hoped the exemption would be dropped.

"I'm disappointed because I thought we had made it clear that the exemption is unnecessary to conduct meaningful evaluations of filters," said David Burt, a spokesman for Secure Computing, which purchased N2H2, a filtering company.

He cited extensive studies from the Henry J. Kaiser Family Foundation, Consumer Reports and the Department of Justice, among others, in his testimony and said that "these methods are adequate for evaluating filters."

Ah, but what did the Copyright Office already say about his objection to progress against the Iraq army decryption of censorware for research?

Opponents argued that circumvention is not necessary because other alternative sources for the information sought to be obtained are available, but the proponents of the exemption successfully discredited this assertion. While it is true that limited "querying" of the databases is available on some of the filtering software companies' sites, the circumscribed nature of this querying foreclosed comprehensive or meaningful results. Opponents produced evidence that many reviews of filtering software platforms reached conclusions based on these querying capabilities or by utilizing various sampling techniques, yet this evidence only proved that some parties were willing to settle for the results produced by such superficial tests. In light of the millions (or more) of potential URLs, it is indisputable that actually viewing the entire list of blocked Internet locations will produce data much more comprehensive than querying about one hundred URLs.

But then, last I heard, the real Iraqi Information Minister was doing OK too ...

By Seth Finkelstein | posted in censorware , dmca | on October 29, 2003 09:15 AM | (Infothought permalink) | Followups
October 28, 2003

DMCA censorware exemption win!

[How sweet it is ...!]


The Register's recommendation in favor of this exemption is based primarily on the evidence introduced in the comments and testimony by one person, Seth Finkelstein, a non-lawyer participating on his own behalf. In addition to identifying a class of works that related to the specific facts presented, he identified the qualitative nature of the noninfringing uses for which circumvention was necessary and generally identified the technological measure which controlled access to this class. There was no dispute that the lists of Internet locations blocked by filtering software are generally encrypted or otherwise protected by an access control measure. The remedy sought was causally related to the noninfringing uses that are necessary to conduct research, comment and criticism on the filtering software at issue. Mr. Finkelstein also anticipated objections to the exemption and proved that available alternatives to the exemption were insufficient to remedy the adverse effect caused by the prohibition. The insufficiency of alternatives was supported by testimony and demonstrative evidence at the hearing in California by James Tyre. Finally, Mr. Finkelstein's succinct initial comment addressed the statutory requirements and thoughtfully analyzed each of the statutory factors required to be considered in this rulemaking.

The case made by Mr. Finkelstein for this exemption is also instructive for the manner in which it met the requisite showing. The evidence produced did not prove that a substantial number of people have utilized or were likely to utilize an exemption. On the contrary, the evidence tended to prove that very few people have had the motivation or technological ability to circumvent this technological measure, to investigate the lists of blocked sites in filtering software or to report on, comment on or criticize such lists. Although there was little need for an exemption in quantitative terms (i.e., in terms of the number of persons likely to take advantage of it directly), it was the qualitative need for an exemption that was controlling in this case; absent the ability of a few to carry out their noninfringing efforts notwithstanding the prohibition set forth in section 1201, the many would not reap the fruits of such efforts the information, analysis, criticism and comment enabled by the quantitatively small number of acts of circumvention. The fact that the act of circumvention was unlikely to be widespread rebutted copyright owners' concerns of abuse and further supported the conclusion that the potential adverse effects to copyright owners would be minimal. The showing that the particular noninfringing use prevented was a result of the prohibition on circumvention and that these uses were necessary to criticism, comment, news reporting, teaching, scholarship, or research, further strengthened the argument.

By Seth Finkelstein | posted in activism , censorware , dmca | on October 28, 2003 04:30 PM | (Infothought permalink) | Comments (5)

DMCA Exemptions Diary, a.k.a. more Why I Quit Censorware Research

Or, as a subtitle, "I tried it that way, and it didn't work"

[A friend suggested I add this clarification:
I post the following in the same spirit as I imagine one has when donating one's body to medical science: to help others who might be inclined to take a similar path. There are harsh realities in activism, especially if done without organizational backing and support. Let's hope that what happened to me won't happen to you.

I also checked with James Tyre regarding the mentions of him below, so I'm not breaking any confidences]

People say to me, "Seth, ignore the snipers and smearers. Don't let them get you down. Just work on building up your own reputation, and you'll succeed" (with sometimes, an unvoiced - or even voiced - addendum, that if I don't succeed, it's all my fault for not working hard enough or not doing things right). The problem with this advice, is that I've never known a proponent to ever be convinced they were wrong.

The Digital Millennium Copyright Act (DMCA) law has a provision where one can petition for certain exemptions to the "1201(a)(1)" anticircumvention provision. This is a process done every three years, starting in 2000. Then, there were only two exemptions granted, 1) malfunctioning software 2) censorware:

The [Copyright] office received 235 comments in 2000 during the first review of the DMCA, says Rob Kasunic, a senior attorney in the Copyright Office. Congress mandated a review process every three years upon approving the law in 1998. However, only two of those hundreds of comments in 2000 resulted in new exemptions, Kasunic says.

Previous Success

Seth Finkelstein, a computer programmer from Cambridge, Massachusetts, wrote one of those successful proposals.

Over the past several months, I've been carrying almost all of the burden of advocating for the censorware exemption to be renewed. This should have gotten me enormous reputation-building. Yet it's been next to nothing.

To start, I write a long renewal proposal. Then the nightmare begins. I'm offered an opportunity to testify in Washington DC in further support. I accept hastily, then privately begin to have severe doubts. I'm a programmer, not a lawyer or policy person. I'm setting myself up as a big target. James Tyre, a lawyer and long-time anti-censorware advocate, argues to me that it's important to do this. If the censorware exemption isn't renewed, that would be like an admission of error by the Copyright Office, that it shouldn't have been made in the first place. And as a carrot, there would be (reputation-building) press coverage, since this was one of only two granted exemptions and the first DMCA testimony session.

With great trepidation and wavering, I go through with it, though fearing I'm going to be demolished. I have a long hassle getting identification documents so I can fly. At this point, I've been unemployed for a long time due to the economic tech-wreck. But nobody will pony up the hundreds of dollars in travel expenses (yes, I asked various sources, nothing, I'm not representing any organization, the money isn't there). I have to pay everything out of my own pocket, and I am extremely unhappy about that, given my having been out of work for so long. I'm getting up at 4:30am in the morning to be on a 6:30am plane to DC, thinking all along how very little I want to do this. As I start to make my way through the Washington Metro, someone snarls the entire system by jumping in front of a train. Which would be an irrelevant detail except that it strongly adds to my sense of being in a tragic movie via portentous omens.

But fate smiles on my testimony. My opponent from the censorware companies, David Burt of N2H2, self-destructs. He ends up compared to the "Iraqi Information Minister" (not by me, by a lawyer, Jonathan Band, also testifying in favor of the censorware exemption). It's a great victory, for the exemption, and me.

But there's practically no PR coverage or credit at all. Oh, it's mentioned here and there, on a few specialty sites and blogs. But I don't get e.g. covered by the New York Times. That's disheartening.

When the transcript of my session is released, James Tyre mentions that it would be great to do an excerpt for a Censorware Project article, but for various good reasons irrelevant here, he can't do it himself, so could I? Likely we can get it publicized in Slashdot. But it has to go under his name, because of all the grudges against me. Since Slashdot is supporting Michael Sims as an "editor", if my name appears as the author, he'll abuse his editorial powers to trash it immediately as a submission, and nobody will go against him. We really do have to work around that problem.

I agree to write it this way, though I'm not happy about it. Note in what follows, I'm partly to blame. Right afterwards, though, I go through a two-hour long legal consultation, briefing a lawyer on all my censorware and DMCA issues, which I find emotionally exhausting (my joke about this is that sometimes I don't believe all that happened to me myself, and I lived through it!). Then in the next two days, I get bad job-hunting news twice in quick succession. While this is going on, I try to structure the article, but have trouble organizing it, and ask James Tyre more about how long it should be. It turns out we don't have the same understanding, just one of those failures of communication between two people about an editorial perspective. He wants not just some cut-and-paste excerpts, but to cover background, history of the exemption, on and on. I try, but I just can't do it. Every word seems to be rubbing my nose in my marginalization. Remember, I have to write all this, to be published under someone else's name, with Censorware Project getting the PR, all because the pettiness cannot be put aside in the slightest. I am not imagining this.

Why the hell can't it be under my name? Goddamn it, I think I do deserve Slashdot coverage Why do we have to play these stupid grudge-games?

But the upshot is that he's "miffed" at me, and I will get - no - credit - at - all here. Again, partly my fault, and I accept that. We don't hate each other. He's not wrong, I'm not wrong, But still a disheartening outcome all around.

Then I help James Tyre prepare his own DMCA testimony, which goes very well. Afterwards, he says to me, that when the transcript is posted, I'll find myself mentioned favorably in many places. However, in the context of my quest for coverage, I misconceive that remark as more metaphorical, that this time around the PR circuit, I'll get some reputation-credit. It turns out, no, he merely meant I'll be mentioned favorably many times in his testimony. Well, that's nice, I appreciate it. But in practice, nobody hears it. Not compared to the way I'm being attacked every single day.

Then I basically write all of our third-round joint reply. Everything has to be researched, referenced, footnoted with page and line numbers, on and on. Remember, I'm not being paid for any of this. David Burt, writing the censorware companies' reply, is being paid for it, it's his job. He takes the opportunity to use Michael Sims' domain-hijacking and smears, against me, to try to discredit my research via personal attack. All implicitly backed-up with famous net lawyer Mike Godwin's support of those attacks. The end of that little story is that privately, I end up being brutally flamed. But this piece is long enough so I'm going to skip over an account of that.

After all was said and done, I felt somewhere between suckered and deluded. As I thought of it, it's another case where for a project, I'd had credit dangled in front of me. But when it came time to pay off, well, nobody home. Yes, I willingly took upon myself the burden of advocating the censorware exemption. At the same time, all the talk about how it was important, how there would be coverage, i.e. I'd be building-up my reputation - in the end, it came down to a very familiar refrain: So sorry, you really did deserve better, wish it were some other way, tsk-tsk what a shame ...

The bottom line, of course, being that I don't gain in terms of myself, and insult to injury, if I write of my displeasure at such an outcome, that's accounted even worse (WHINER!, want some cheese with that whine, opening a whinery, etc. etc.).

This all was, to me, the ultimate proof that the build-up-yourself advice just does not work (at least for me). I'm putting in effort way above and beyond here, spending money out of my own pocket while unemployed, drafting DMCA reply after reply. And I can't even get favorably mentioned for it! In contrast, while I'm making myself a target, there's no downside whatsoever to any of the snipers shooting at me. Well, it's not as if, perhaps, I was doing important things, like annoying an airline captain on a plane via a "political statement" (or troll-pattern behavior) about being a suspected terrorist.

There is no organizational backing for me. There is no PR support for me. No, it is not enough for a few people to say they think it's wonderful that I do all this. After a certain point, from sheer practicality, it has to be appreciated in a manner that provides me with the means to buy food and pay rent. When potential lawsuits enter the picture, my censorware work is completely unsustainable. It's not worth it.

The next time around, as far as I'm concerned, the DMCA exemptions can go censorware'd themselves.

By Seth Finkelstein | posted in activism , censorware , dmca , memoirs | on October 28, 2003 02:19 PM | (Infothought permalink)
October 27, 2003

Whitehouse.gov iraq robots.txt directories - an explanation?!

Update 10/28: The White House says it's merely a design issue, from


Per: http://www.bway.net/~keith/whrobots/whresp.html

[(10/27) Just sent this to Dave Farber's list, about the whitehouse iraq robots.txt directories (update: note for more background, see http://www.bway.net/~keith/whrobots/ )]

Archived at

The White House And Iraq Directories

Dave, I've been analyzing the robots.txt file, exactly because the directories are so strange. I have a theory on what's happened. But it's so jaw-dropping that I'm hesitant to rush it into a formal report/release. In short:

There's no conspiracy.

There's a real-life instance of the joke genre which runs "I thought you said ..."

For example, here's one of the jokes: "After a California earthquake, Dan Quayle is sent to visit the most damaged site. But he never arrives there. Finally, he's found in Florida. He says, shocked, "Go to the EPIcenter? I thought you said ..." [EPCOT Center]

The joke here? Someone said:

"Don't have the search engines looking at the Iraq documents index"

And that was heard as:

"Don't have the search engines looking at every "index" with Iraq"


The evidence for this is that the robots.txt file has lines for

Disallow: /disk2/www/htdocs/infocus/iraq
Disallow: /disk2/www/htdocs/infocus/iraq/news/infocus/iraq

These are the only lines where there's never any matching pattern of "iraq" and "text" at all. They're obviously special in some way. And they look like they're a searchable index.

Then there's the fact that some people are confused between directories, the function of the file "index.html", and that a bare directory will display as "Index of <directory name>" in some servers.

So ... "Iraq index" ... "Index of <directory name>" ... Oooops!

Never attribute to malice which can be explained by stupidity.

This is hard to believe. But it fits!

Update - the robots.txt file has been changed. Grab it from


Or while it lasts, the Google cache:

By Seth Finkelstein | posted in infothought | on October 27, 2003 09:46 PM | (Infothought permalink) | Comments (4) | Followups
October 26, 2003

October 25, 2003

My letter to Swarthmore supporting fight against Diebold

[I sent this just now. Maybe it'll do some good. I tried to address the legal risk problem as I see it]

October 25, 2003

Dear Dean Robert Gross

I wish to write in support of the students hosting the Diebold memos, and to argue against your reported statement that the position of Swarthmore College is "We can't get out in front in this fight against Diebold". I would be flattered to be ranked among the "tech celebrities" sending letters. I was awarded a 2001 Pioneer Award by the Electronic Frontier Foundation, for my decryptions of censorware in the service of civil-liberties.

I will attempt to construct an argument with more depth than mere exhortation or preaching. My reading of the situation is that Swarthmore feels chilled by the possible legal liability. I recognize it is no help to volunteer other people, to say to fight to the last drop of someone's else blood. In fact, I've been driven to quit my own research into censorware systems because I simply could not get the necessary legal and press backing to balance the tremendous risk of lawsuits. So I know whereof I speak, and do not write lightly.

Yet I would say that Swarthmore, as an educational institution, is in fact extremely well-positioned to fight against Diebold. Though I'm not a lawyer, I'd claim that courts are generally extremely well-disposed to colleges in a situation such as this. The public interest and educational purpose aspect weigh very heavily, formally in a fair use copyright defense, and also informally in terms of making for a sympathetic presentation.

And Diebold does not appear to be in a particularly strong position. They might be able to crush any particular individual through simple attrition tactics, but an educational institution is another matter. The material at issue is extremely embarrassing to them, building on security problems which have been revealed in their system. They've had much bad publicity in the past, and are receiving more bad publicity now. They come off like Nixonian thugs trying to suppress their version of the "Pentagon Papers".

My own censorware research exposed a reality of products far inferior to their manufacturer's absurd marketing claims. When the very mechanism of democracy (voting) is at stake, exposing how the product works - or more importantly, doesn't work - is profoundly important.

Again, I deeply respect the reasons of anyone who does not want to endure being sued. But I hope my missive can add some strategic assessment to offset chilling effect.


Seth Finkelstein
Programmer, EFF Pioneer Award Winner, and civil-libertarian activist

By Seth Finkelstein | posted in copyblight | on October 25, 2003 10:50 PM | (Infothought permalink) | Comments (3) | Followups
October 24, 2003

Diebold memos and linking prohibitions at Swarthmore

Ed Felten writes:

Ernest Miller reports that Swarthmore now is yanking the Net connections of students who linking to a page that links to a page containing the infamous Diebold memos.

In discussing these issues, it's instructive to review the discussion of the prohibitions against linking in the Reimerdes (DeCSS) case (my emphasis below). Key part:


This isn't a court case yet, but the same sort of thinking applies.

"The other concern--that a liability based on a link to another site simply because the other site happened to contain DeCSS or some other circumvention technology in the midst of other perfectly appropriate content could be overkill--also is readily dealt with. The offense under the DMCA is offering, providing or otherwise trafficking in circumvention technology. An essential ingredient, as explained above, is a desire to bring about the dissemination. Hence, a strong requirement of that forbidden purpose is an essential prerequisite to any liability for linking."

"Accordingly, there may be no injunction against, nor liability for, linking to a site containing circumvention technology, the offering of which is unlawful under the DMCA, absent clear and convincing evidence that those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not lawfully be offered, and (c) create or maintain the link for the purpose of disseminating that technology. [FN257] Such a standard will limit the fear of liability on the part of web site operators just as the New York Times standard gives the press great comfort in publishing all sorts of material that would have been actionable at common law, even in the face of flat denials by the subjects of their stories. And it will not subject web site operators to liability for linking to a site containing proscribed technology where the link exists for purposes other than dissemination of that technology."

"FN257. In evaluating purpose, courts will look at all relevant circumstances. Sites that advertise their links as means of getting DeCSS presumably will be found to have created the links for the purpose of disseminating the program. Similarly, a site that deep links to a page containing only DeCSS located on a site that contains a broad range of other content, all other things being equal, would more likely be found to have linked for the purpose of disseminating DeCSS than if it merely links to the home page of the linked-to site."

By Seth Finkelstein | posted in copyblight | on October 24, 2003 12:37 PM | (Infothought permalink) | Comments (1) | Followups
October 23, 2003

Diebold Election Systems memos, DMCA, and copyright infringement

The Diebold Election Systems memos, describing problems with their vote-counting machines, are being mirrored by Swarthmore student groups. The administration is apparently cutting-off network access to students mirroring the memos.

Edward Felten asks

Here is my question for the lawyers: Is this really copyright infringement? ... But don't the students have some kind of fair use argument?

I'm not a lawyer, and I don't play one, but I do hopefully have some insights.

The key aspect is that the take-down provision of the DMCA is an automatic escape from liability, whether or not the posting at issue is really copyright infringement. It's a situation of "shoot first and asks questions (or have defenses) later". The law says that if there's the immediate take-down on notice, there's no liability. If there isn't an immediate take-down, well then, do you feel lucky in court? So the obvious incentive is to err on the side of taking down. Or, in legalese (my emphasis):

(1) No liability for taking down generally. -

Subject to paragraph (2), a service provider shall not be liable to any person for any claim based on the service provider's good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.

Now, there's an open issue here of what the take-down provisions mean when people starting doing whack-a-mole. My guess is that the university is afraid that if they have "actual knowledge" that students are using this strategy, that a court may then believe in this situation that requiring endless specific notices of whackery is too much game-playing. The university could be scared a court may look to some concept of total knowledge, not compliance per-mole. And definitely not want to be a test case on the matter. All in all, again, though I'm not a lawyer, it doesn't seem like that unreasonable a thought.

DMCA, watch what you say, or have hell to pay ...

Update: Aaron Swartz asked about counter-notification. I strongly suspect that will be the next act in this drama. But it has to be done carefully, since it's under penalty of perjury. The more I think about it, the more I believe the issue driving Swarthmore's conduct is that it is trying to avoid being the deep-pocked defendant in an upcoming lawsuit.

Note Ernest Miller has new reporting on link-banning.

By Seth Finkelstein | posted in copyblight , dmca , legal | on October 23, 2003 09:59 PM | (Infothought permalink) | Comments (2) | Followups
October 22, 2003

N2H2 acquisition by SmartFilter (Secure Computing) censorware is done

It's the end of an era (in many ways). N2H2, the censorware company about which I've written much, has finally been acquired. It's been bought by another company Secure Computing, which makes the SmartFilter censorware. I discussed this earlier. What's new is that the acquisition process has been completed.

Thursday, October 16, 2003
Secure Computing seals takeover of N2H2

Secure Computing Corp. has completed its acquisition of N2H2, a Seattle company that provides Internet filters to libraries, schools and businesses.

San Jose, Calif.-based Secure Computing -- a publicly traded software company with second quarter revenue of $18.2 million -- paid $19.9 million to acquire N2H2's outstanding shares. N2H2's Seattle office will remain open with 27 employees.

Twenty-one employees have been laid off, whereas 23 others will remain at the company in transitional jobs for one to six months, a company spokeswoman said.

Pretty good outcome for a censorware company which had negative book value for so long, up to and including the time of being bought. Though no word on how David Burt, N2H2 PR person and long-time censorware advocate, has fared. Still, even if he's part of the layoffs from the buy-out, he won't have done any worse than many good people who lose their jobs in a downsizing or merger. And I'm sure that the Religious Right will always have a place for him.

For me, this acquisition means that even if N2H2's censorware survives in any form, there's even more money and resources available for a lawsuit againt me. It's another nail in the coffin, that I've been driven to quit censorware research, and have to write-off much material I can't publish.

By Seth Finkelstein | posted in censorware | on October 22, 2003 11:59 PM | (Infothought permalink) | Followups
October 21, 2003

"Cites & Insights" November 2003, and math of six degrees of separation

Walt Crawford just published the November 2003 edition of his library 'zine (not blog) "Cites & Insights". It's excellent reading over many topics. More excellent, to me :-), is that I'm mentioned in three different places, in discussions of censorware, copyright, and perspectives on legal risks. I sent a few clarifications, though I don't think it's worth the space of going through the items for a post.

Rather, to do a change of pace, the discussion of the "Six Degrees Of Separation" idea caught my eye:

Once you leave a field, you need to look for other communities--and lots of us don't belong to that many communities. I'd be astonished if "six degrees of separation" for the world as a whole, or even for the United States, worked out in practice. It's a community thing. I'd be astonished if "six degrees of separation" for the world as a whole, or even for the United States, worked out in practice. It's a community thing.

The result is right. Formally, it's a graph-theory mathematical result. Given a graph of 6 billion nodes, and each node connected to (a few hundred? a thousand?) or so total other nodes, what's the average length of the smallest path between two nodes? I don't have a reference to the exact answer, but it's low.

The interesting experimental result of these studies is that estimating a good path in the real-world is actually practical. The key is that, while there's community clustering, people can figure out how to "route" a message across communities, if they want. The critical factor is figuring out the maximal jump per each link. As the results show, it's do-able.

Note asking "What's the number of hops for a connection"? is very different from "How many connections are made, versus die of disinterest?". That's akin to the issue of average life expectancy, where historically, there's a big difference between "Average everyone's lifespans, from 0 to 100", versus "If you survive childhood, how much longer do you live?" - because many people used to die around "0". And many message chains die around "0" too.

That is, overall, very few people may be interested in being routers (there's a lot of dropped packets). So if a path completes (every person is being a router), it has only a few hops necessary. But don't expect many paths to complete. Two different ideas.

By Seth Finkelstein | posted in infothought | on October 21, 2003 11:59 PM | (Infothought permalink) | Comments (1) | Followups
October 20, 2003

IP Justice White Paper on Treaty Intellectual Property Implications

IP Justice has released a White Paper on intellectual property implications of a "the Free Trade Area of the Americas". It's quite alarming.

I'll echo the below to add to the protest. It think it's important to grasp that the world is not in fact evolving to a Libertopian Cryptoanarachy. Rather, it's becoming a multinational treaty-based system. Remember, we got the DMCA earlier supposedly from obligations (or excuse) of a treaty.

IP Justice has published a White Paper that analyzes key section of the Free Trade Area of the Americas (FTAA) Treaty chapter on intellectual property rights. According the IP Justice report "FTAA: A Threat to Freedom and Free Trade," the Treaty would require all 34 FTAA countries in the Western Hemisphere to send P2P file-sharers to prison. The FTAA Treaty also contains 'DMCA-like' anti-circumvention laws. IP Justice sponsored a petition calling upon the FTAA Treaty negotiators to delete the entire chapter on intellectual property rights from the FTAA Treaty. FTAA Treaty negotiators meet in Miami from Nov. 16-21, 2003, and if passed, the treaty will take effect in 2005 and govern the lives of 800 million citizens of the Americas.
Sign the petition!

By Seth Finkelstein | posted in copyblight , legal | on October 20, 2003 11:59 PM | (Infothought permalink) | Followups
October 19, 2003

"Watch Baseball London"

"Watch Baseball London" is another phrase which is problematic for Google Spam Filtering Gone Bad. There's another Register article (by Andrew Orlowski) "Options dwindle for London baseball mavens" noting the problem.

By Seth Finkelstein | posted in google | on October 19, 2003 03:03 AM | (Infothought permalink) | Comments (3) | Followups

"The Importance Of" - a new blog

"The Importance Of" (http://importance.typepad.com/) is Ernest Miller's (of LawMeme) new blog. He's an excellent writer. I'm joining the party of having an item and blogrolling it to help it launch. Check it out.

By Seth Finkelstein | posted in legal | on October 19, 2003 02:46 AM | (Infothought permalink) | Followups
October 18, 2003

Alex Halderman MediaMax CD3 paper legal threats, personal wrap-up

I've been writing much about the case where the SunnComm company threatened to sue Princeton graduate student Alex Halderman for his CD copy-protection research paper Analysis of the MediaMax CD3 Copy-Prevention System.

To conclude the series, I want to focus on a certain unintended consequence I know it'll have for me. In a paradoxical outcome, I suspect I'll get more grief, rather than less, for my own legal risks which drove me to finally quit my censorware research. That is, I can hear it already, people are not going to uniformly react along the lines of "Aha, now I see why such work is so stressful and dangerous, because of the legal threats involved". Rather I'm going to get too many reactions of "Look, the company made a lot of noise, but everyone rushed to Alex Halderman's defense, and he ended up a BIG HERO - so if you get threatened, you'll get that support too.". Unfortunately, this analysis, while superficially appealing (it means the person can feel good about berating me for being a coward, rather than feeling guilty they won't risk anything themselves to help me), isn't convincing.

Ernest Miller commented, in a Lawmeme article about the case:

I can't help but think that the immediate blogging firestorm and public outcry that occurred in response to the proposed lawsuit had something to do with the quick retraction of the threat.

I agree. As just discussed, the company was treated from the start as an "Internet laughingstock", and received intense ridicule. They were on the defensive, they were the ones who had to react to a storyline which painted them as idiots and charlatans (as opposed to the storyline they wanted, about "piracy and theft"). And I concur it made a huge difference in how much they wanted to pursue legal action.

When I talk about support, and how the lack of it has affected my own censorware work, people sometimes don't understand. One prominent activist has, privately, repeatedly flamed me for alleged vagueness in the term. But this incident is a perfect case study. The press reaction, the public outcry, in that crucial initial period, was all overwhelmingly favorable to Alex Halderman's work and plight.

However, that wasn't an accident, in my view, but flowed from the way events unfolded. Critically, researcher Halderman actually got the "first shot". That is, his work was covered favorably and extensively in its initial release. So the press already had a framework which put him in a strong position. And in contrast, this is why I keep saying it's such a problem that my own censorware research work will likely get marginal coverage, or even a hatchet-job or Slashdot-supported smear.

Imagine how differently events might have unfolded if the reporting was overwhelmingly echoing SunnComm's press release instead of laughing at it.

P.S.: As I was writing this, I happened to see Donna Wentworth's excellent DMCA v. Academic Research posting, concluding:

Eeyore has been saying this for a while now, but it bears repeating: if the Internet has opened up a new avenue for "amateur" investigation, the DMCA is closing it.

If even "legitimate" research is hampered by the DMCA, what about other kinds of research? What happens to the researcher who makes significant contributions to encryption or censorware research--but not within the traditional academic setting?

What would have happened to Alex Halderman, if he weren't a doctoral student at Princeton--and under the tutelage of Professor Edward Felten -- but, instead, next year's fifteen year-old genius, who happens to be schooled at home, with not a single lawyer-friend in sight?

[Note, that last isn't me, I'm Eeyore, and a thirty-eight year-old genius, with a lawyer-friend or two - but also more than one lawyer-enemy, and those matter too!]

By Seth Finkelstein | posted in activism , dmca , legal | on October 18, 2003 11:59 PM | (Infothought permalink) | Followups
October 17, 2003

Peter Jacobs (SunnComm DMCA bullies) - the saga continues

In a serendipitous follow-up to my last post about No Sympathy For The Devil - SunnComm's Peter Jacobs v. Alex Halderman, there's a letter by Peter Jacobs running right now in The Register

SunnComm CEO demands to be called a 'laughing stock'

I'm feeling a bit fisky:

[Begin Peter Jacobs letter - my comments in brackets]

Subject: In Britain...

does one re-write stories from other writers without talking to the principals?

[Sure! In Britain and everywhere else. It's the "echo chamber" at work. Running with the pack is always easy and safe.]

MediaMax under widespread ridicule? I think not.

[Almost no-one is going to understand what he's saying here, so he comes off like a raving lunatic. He means he doesn't consider Alex Halderman's paper to have valid conclusions. He keeps saying that, per next sentence, but nobody cares.]

You obviously didn't understand that Mr. Halderman discovered NOTHING except how to draw the press to him like a magnet.

[Umm, then why were you threatening him with DMCA charges, felony? Obviously he discovered something!]

Here's yesterday's BOSTON GLOBE article which you might consider using as a roadmap to help navigate the bandwagon you jumped on.

Boston Globe story

[I suppose that was worth a try, as a tactic. But it's hard to change the direction of the pack by pointing out a stray. Maybe he needs a blog ... ]


Peter H. Jacobs
Chief Executive Officer

[End Peter Jacobs letter]

Then The Register writer goes on to say:

For the record, we did call SunnComm for comment, but the PR specialist on the phone did not make Jacobs available.

That matter aside, we turn to Jacobs' recommended "roadmap" for reporting. The SunnComm CEO objected to our use of the phrase "widespread ridicule" to describe how hundreds of stories had lambasted his company's DRM technology. So how does the "roadmap" describe the situation?

"SunnComm became an Internet laughingstock, and the enraged CEO, Peter Jacobs, threatened to sue Halderman for spreading false information about MediaMax. He even suggested the possibility of prosecuting Halderman under the Digital Millennium Copyright Act, an absurd statute that forbids attempts to bypass antipiracy systems," the roadmap writes.

Sorry for being so harsh, Peter, next time we'll call you a laughingstock as well.

Be sure to read the roadmap in full. We think you'll find it's a bit of Apples to squirrels comparison of DRM technologies.

[Ba-da-boom! Peter Jacobs isn't going to get the story told his way in this column.]

Again, it's a little like watching a tyrant get torn apart by a wild-dog pack, which he wanted to 'sic' on a villager. It's not that one approves of wild-dog packs. But I have no sympathy for his plaints of mistreatment given how he wanted to ruin Halderman's life with legal action.

By Seth Finkelstein | posted in dmca , journo | on October 17, 2003 01:33 AM | (Infothought permalink) | Followups
October 16, 2003

No Sympathy For The Devil - SunnComm's Peter Jacobs v. Alex Halderman

But what's puzzling you
Is the nature of my game

- "Sympathy For The Devil" lyrics

Ordinarily, I have a great amount of sympathy for people on the wrong end of press machine. But in the case of SunnComm (the company which threatened to use the DMCA to sue a Princeton student over his research), I have no sympathy at all. None whatsoever.

Both Ed Felten and Derek Slater have excellent criticisms of the SunnComm positions. I want to point out a different dynamic at work.

I understand Peter Jacobs' (SunnComm CEO) complaint. I just don't find it pulling at my heartstrings. One major thread of his discontent is that the press echo-chamber is working against him, not for him. The pack-journalism is tearing him apart, not the grad student who he wants attacked.

If one carefully reads the SunnComm PR, the whole shift-key-as-circumvention sound bite isn't where they get to the DMCA. Instead, their core complaint is about reverse-engineering itself:

In addition, SunnComm believes that Mr. Halderman has violated the Digital Millennium Copyright Act (DMCA) by disclosing unpublished MediaMax management files placed on a users computer after user approval is granted. Once the file is found and deleted according to the instructions given in the Princeton grad students report, the MediaMax copy management system can be bypassed resulting in the copyrighted protected music being converted or misappropriated for potentially unauthorized and/or illegal use. SunnComm intends to refer this possible felony ...

That's what they use for the DMCA threat (possible felony!). In a way, it's actually worse, because this attacks the ability to critically describe how their product functions.

But they're unhappy. Because instead of being viewed as the aggrieved party of a "cat-and-mouse game that hackers and others like to play", they're portrayed as utter morons. I think they'd like a spin of being smart-good, they'd settle for smart-evil, but they've gotten stupid-evil.

It's not exactly factually right, but neither does my heart cry for them. My sympathy vanishes with the legal threats. It's less two wrongs making a right, but a "clean hands" doctrine. I'm not going to get worked-up about them getting bad press, when they've used legal threats to attempt to suppress examination of their system.

By Seth Finkelstein | posted in dmca | on October 16, 2003 11:11 AM | (Infothought permalink) | Followups
October 15, 2003

Slashdot Disaffect

So, yesterday I received yet another traffic-burst of "Slashdot Reflect". This is where my website gets traffic because Michael Sims is doing something abusive on Slashdot (new readers: the Slashdot "editor" who maliciously domain-hijacked the original website of Censorware Project, but Slashdot de facto supports him). The particulars of yesterday's Slashdot rant aren't very interesting to me. It had something to do with Michael Sims using the front page of Slashdot to flame a CNN article ("grossly misleading, almost propagandistic", etc). Heck, he might even be right. But hundreds of thousands of people heard him, and enough wanted to check on this sort of behavior so that I saw that "reflect".

Anyway, that's just background, to the following: The DMCA exemption proceeding rulings will be released soon (by October 28). These are where the public can petition for an exemption to the DMCA 1201(a)(1) circumvention prohibition (for circumvention as an action only, not "trafficing"). I testified some months ago, bearing the brunt of the effort for the censorware exemption.

Now, If the DMCA exemption for censorware is renewed, I believe that's a great journalistic opportunity for civil-libertarians to win a PR round over censorware companies. I had a passing thought, related to some other credit issues, of trying to get Slashdot to run an article by me, discussing that DMCA exemption process in retrospect. Not a rehash, so much as what victory here means for technical types (versus what it doesn't!), and how we could build on it. Note I don't want to talk to lawyers, I want to talk to programmers. And to be heard, not be in a corner shouting to the wind.

Then I gave myself a sanity-check. Forget it. I'm not even going to try. I quit. I don't want to devote the effort, and likely get personally attacked as my reward. It's not worth it. If there's a victory, I'm going to have enough trouble just getting recognized with some credit. (I joked to someone that the Copyright Office could write "We are renewing this censorware exemption because we [heart] Seth Finkelstein", and I'd still be helpless against either press maliciousness or stupidity).

By Seth Finkelstein | posted in activism , censorware , dmca | on October 15, 2003 08:32 PM | (Infothought permalink) | Followups
October 14, 2003

OS X Panther discussion

"OS X Panther discussion" isn't really the topic of this post. Rather, this is about Google's algorithms. Andrew Orlowski has an interesting Register article today, Blog noise achieves Google KO. He discusses a situation where several blog "TrackBack" pages fill the results of a Google search for OS X Panther Discussion.

In what must be a record, Google is - at time of writing - returning empty Trackback pages as No.1, No.2, No.3 and No.4 positions. No.5 gets you to a real web page - an Apple Insider bulletin board. Then it's back to empty Trackback pages for results No.6, No.7 and No.10. In short, Google returns blog-infested blanks for seven of the top entries.

Honestly, I think this isn't too much of a problem. I believe it's a confluence of at least three different major rules being triggered, having to do with fresh pages (some of the results are very recent), authority pages (Mac stuff, such as OS X Panther, is very popular with some well-linked bloggers), and trying to find a "best" match for all keywords. Here, in particular, the TrackBacks label themselves "Discussion", so Google is putting much weight on that word. Google's a complex system, and algorithmic oddities will happen.

Now, this post is going to trigger some of those rules as well. Sometimes the best way to make a point is to demonstrate something directly :-).

The Trackback creators are aware of the issue too, and seem to be working on fixing it.

Disclaimer: Andrew Orlowski has covered my Google writing before, most recently in "Google bug blocks thousands of sites" for my report last week:

Google Spam Filtering Gone Bad

So I hope he won't be angry at me for writing this. Sigh, politics.

Update: I had the number-1 spot on Google, for a day, for those search terms. It's nice to be right :-). More significantly, I'm learning interesting bits about how the freshness rule functions. I could even see when certain search indexes were swapped out or in, as the hit-flow to my website would drop off or pick up again. The implications are staggering ...

See also the follow-up article: Emergency fixes for blog-clogged Google.

By Seth Finkelstein | posted in google | on October 14, 2003 11:12 PM | (Infothought permalink) | Comments (5)

The DMCA As Seditious Libel

[See also previous The DMCA As Technical Obscenity]

Continuing the repercussions of SunnComm having threatened to use the DMCA to sue Princeton student Alex Halderman over his research), Ed Felten just commented (noting my previous post):

It seems to me that an accurate, truthful research report has more merit, rather than less, if its results are relevant to a public policy debate.

Which reminded me of something Lessig recently wrote:

I'm sure there will be a world of legal support to help Halderman establish what should be an obvious point: tell the truth is not yet a crime, and (fortunately for most professors) writing even wrong papers is not either.

The DMCA doesn't say this, but it might as well: "You can't handle the truth!"

Discussing 18th century English libel law, the Columbia Encyclopedia states (my emphasis):

Severe restrictions on the press continued, however, in the form of seditious libel laws under which the government was able to arrest and punish any printer who published material in any way critical of the government. There was no clear definition of what constituted seditious libel, ... At this time, both true and false criticism of the government was considered libel. In fact, legal doctrine proclaimed that "the greater the truth the greater the libel." Only in the mid-19th cent. did truth become admissible as a defense in English libel cases.

It strikes me that we are in a similar situation today with the DMCA, except in terms of copyright business, not government criticism. That is, with regard to how a copy control systems works, the truth of a technical statement is no defense. The theory is more like "the greater the truth the greater the libel.". That is, the more accurately one describes a problem, the more harm is deemed to be done (could one defend oneself from DMCA charges by pleading a paper was wrong? Shades of Galileo being forced to recant!).

Further in this metaphor, it used to be that reverse-engineering as a defense against intellectual-property charges, functioned like truth as a defense against libel charges. But that defense has been all but taken away now, with it being severely limited in the DMCA text, and eliminated by shrink-wrap license.

Indeed, in terms of the DMCA rationale, why should truth be a defense? When words are property, their truth-value is truly irrelevant.

By Seth Finkelstein | posted in dmca , legal | on October 14, 2003 10:36 PM | (Infothought permalink) | Followups
October 13, 2003

My question to SunnComm (CD paper DMCA bullies) president

Greplaw ran a story pointing out that SunnComm (the company which threatened to use the DMCA to sue a Princeton student over his research) has an "Ask The Prez" form.

The question currently on the top of the page doesn't look very "legit" to me ("I've heard your technology can be hacked. Does that mean it won't "work?"" - PR ensues). Though maybe it's just a FAQ. Anyway, I decided to submit my own query to the oracle:

Is it true that the RIAA - or other similar organization - asked SunnComm to retract the lawsuit threats against the Princeton student, because it was obvious that SunnComm would lose a DMCA case, and then that would provide a strong First Amendment precedent against the DMCA?

Let's see what, or if, they answer.

Maybe people would like to submit some interesting questions of their own, and post the replies. Or lack thereof.

Update: I must admit, they got back to me quickly. I assume the reply was public and OK to post:

No. We don't work for the RIAA. It's not so obvious that publishing proprietary file names and workarounds for someone's digital property is a losing battle. We withdrew because we didn't want our issue to leave a larger wake than it deserves given that we, too, place a high value on legitimate research and not political activism masquerading as research (which Mr. Halderman's paper was).

Thanks for writing,


Peter H. Jacobs
Chief Executive Officer
SunnComm Technologies, Inc,

[Hmm ... they don't have to "work for" the RIAA to have the RIAA or similar ask them to retract. But I don't want to keep asking here]

By Seth Finkelstein | posted in dmca | on October 13, 2003 11:59 PM | (Infothought permalink) | Comments (2) | Followups
October 12, 2003

Iraq "astroturf" letters, and Googling

I just sent this to Dave Farber's list, as a supplement for investigating the Olympian story where US newspapers barraged with same letter from different soldiers.

From: Seth Finkelstein
To: Dave Farber
Subject: Re: [IP] US newspapers barraged with same letter from different soldiers

On Sun, Oct 12, 2003 at 09:26:57AM -0400, Dave Farber wrote:
> Original URL: http://www.theinquirer.net/?article=12049
> A Google search by the INQ shows only two online newspapers so far
> including one of the key phrases: "The quality of life and security
> for the citizens has been largely restored, and we are a large part of
> why that has happened." ...
> The Google links are to the Register-Herald and the Pittsburgh Daily
> Courier.

I just replicated what they did. They made a searching procedure mistake. They searched the phrase as normal, but forgot or didn't know that by default, Google doesn't show "very similar" results. In this case, "very similar" results are exactly what they wanted. They should have followed the link on the search page which says:

"If you like, you can repeat the search with the omitted results included."

Many more online newspapers with the astroturf are then visible, e.g.

http://www.mvtelegraph.com/opinion/83932mtnview09-11-03.htm http://www.dailymail.com/news/Opinion/200309105/ http://www.uticaod.com/archive/2003/09/11/opinion/14782.html

Seth Finkelstein Consulting Programmer sethf[at-sign]sethf.com http://sethf.com

P.S.: Hmm, maybe I should go into "Google studies", market myself as a "Google-expert consultant" :-)

That PS is a reference to a recent report I wrote, which is currently a story.

Google Spam Filtering Gone Bad

Google studies. Definitely, Google studies. Google may have warts, but they aren't evil. They don't threaten or sue. They don't send out PR smears. One day I might even conceivably get paid for expertise here, which has never happened with my censorware research. Google, google, google ...

By Seth Finkelstein | posted in google , politics | on October 12, 2003 07:21 PM | (Infothought permalink) | Followups
October 10, 2003

SunnComm v Halderman - recanted!

LawMeme brings news that SunnComm wont sue "Alex Halderman for writing a report critical of SunnComm's MediaMax CD3 DRM technology" (see also Ed Felten) There's a Princeton newspaper report, but I also found a SunnComm press release for primary source.

They have seen the light! They have had a revelation!

Where before they roared:

The act of publishing instructions under the cloak of "academic research" showing how to defeat MediaMax such as those instructions found in Halderman's report is, at best, duplicitous and, at worst, a felony.

Now they reassess:

Because SunnComm is, itself, a company which relies on research and development for its survival, we feel that bringing legal action for damages against researchers in a higher learning environment may contribute to a chilling effect on the type of research that faculty, staff, and students elect to pursue.

Look, look, no more "hackers". It's now "researchers in a higher learning environment". And they're worried about a chilling effect, not a "cat-and-mouse game". Oh, they have undergone such a change of heart!

What a difference a day makes ...

By Seth Finkelstein | posted in dmca , legal | on October 10, 2003 11:59 PM | (Infothought permalink) | Comments (1) | Followups
October 09, 2003

SunnComm v Alex Halderman (MediaMax CD3 Copy-Prevention System), DMCA notes

The following is some examination on the DMCA portion SunnComm Press Release about threatening to sue Alex Halderman for his paper Analysis of the MediaMax CD3 Copy-Prevention System. Remember, I'm not a lawyer, but have studied the DMCA extensively. They say:

In addition, SunnComm believes that Halderman has violated the Digital Millennium Copyright Act (DMCA) by disclosing unpublished MediaMax management files placed on a user's computer after user approval is granted. Once the file is found and deleted according to the instructions given in the Princeton grad student's report, the MediaMax copy management system can be bypassed resulting in the copyright protected music being converted or misappropriated for potentially unauthorized and/or illegal use. SunnComm intends to refer this possible felony to authorities having jurisdiction over these matters because: 1. The author admits that he disabled the driver in order to make an unprotected copy of the disc's contents, and 2. SunnComm believes that the author's report was "disseminated in a manner which facilitates infringement" in violation of the DMCA or other applicable law.

It sounds, from the above, that they're trying to work-up charges both of "1201(a)(1)", doing circumvention, and "1201(a)(2)", trafficking (in "technology", not "device"). I think of these as possession and dealing, though the drug analogy may not be the most felicitous.

That quoted phrase "disseminated in a manner which facilitates infringement" is an attack on using the "1201(g) Encryption Research" exemption, which is a very narrow DMCA exemption for doing circumvention:

o (3) Factors in determining exemption. - In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include -
+ (A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;

Later, they state:

The act of publishing instructions under the cloak of "academic research" showing how to defeat MediaMax such as those instructions found in Halderman's report is, at best, duplicitous and, at worst, a felony.

Besides the general ranting here, it's also possible a swipe at the following exemption factor:

+ (B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology;

I've seen this playbook before, since the censorware companies ran it against me in the DMCA exemption proceedings

Part of the playbook is flaming, lots and lots of flaming, and this PR piece is no exception:

Concluded Jacobs, "This cat-and-mouse game that hackers and others like to play with owners of digital property is over. No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property. SunnComm is taking a stand here because we believe that those who own property, whether physical or digital, have the ultimate authority over how their property is used. Owning copying technology is not an unconditional 'free pass' to replicate or distribute protected work."

Just savor it: "hackers ... cover of academia ... facilitate piracy ... theft of digital property ...". I wonder if they get PR help from Jack "Boston Strangler" Valenti.

For many reasons, right now I'll offer no statement about whether this will succeed.

This moment seems like a good place for me to use the following joke:

When I describe my reasons for quitting censorware research, sometimes people say to me that I've won an EFF Pioneer Award, and thus am so honored, I shouldn't worry about prosecution. Sad to say, there are companies - and maybe judges - who will regard that as akin to being honored by the Order Of Lenin in the Soviet Union. They won't be impressed.

By Seth Finkelstein | posted in dmca , legal | on October 09, 2003 10:44 PM | (Infothought permalink) | Comments (6) | Followups

SunnComm v Halderman, speech, and the DMCA

One immediate note on SunnComm suing Alex Halderman case:


The DMCA forbids (emphasis mine):

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - ...

Technical papers - even "pure speech" papers - can arguably be considered as technology under the DMCA prohibition above.

See the chilling footnote 275 in the DeCSS case:

FN275. During the trial, Professor Touretzky of Carnegie Mellon University, as noted above, convincingly demonstrated that computer source and object code convey the same ideas as various other modes of expression, including spoken language descriptions of the algorithm embodied in the code. Tr. (Touretzky) ... He drew from this the conclusion that the preliminary injunction irrationally distinguished between the code, which was enjoined, and other modes of expression that convey the same idea, which were not, id., although of course he had no reason to be aware that the injunction drew that line only because that was the limit of the relief plaintiffs sought. With commendable candor, he readily admitted that the implication of his view that the spoken language and computer code versions were substantially similar was not necessarily that the preliminary injunction was too broad; rather, the logic of his position was that it was either too broad or too narrow. ... Once again, the question of a substantially broader injunction need not be addressed here, as plaintiffs have not sought broader relief.

[Updated later - This is the footnote I really wanted, #135]

FN135. In their Post-Trial Brief, defendants argue that "at least some of the members of Congress" understood 1201 to be limited to conventional devices, specifically 'black boxes,' as opposed to computer code. Def. Post-Trial Mem. at 21. However, the statute is clear that it prohibits "any technology," not simply black boxes. 17 U.S.C. 1201(a)(2) (emphasis added).

Disclaimer: I am not a lawyer

Claimer: This is why I've quit. I wanted to publish a paper taking the exact same approach as the above.


It's too risky for me, and not worth it to continue.

By Seth Finkelstein | posted in activism , dmca , legal | on October 09, 2003 06:46 PM | (Infothought permalink) | Followups
October 08, 2003

Slashdot Genuflect

So, I've been tracking the hits for the "Google Spam Filtering Gone Bad" report. Up to this evening, it was about 500. Then it became one part of a collection of follow-up notes on Slashdot ("Slashback"). Below the fold (ie, you have to click through).

More than 500 hits in a few hours. It won't be ten thousand, but I guess it'll be 1500.

Thanks, you-know-who. I appreciate it.

Sigh. I really want to write to the management of Slashdot:

[begin fantasy]

C'mon guys, help me out!. For example, I spent hundreds of dollars, which was out of my own pocket, while unemployed, to go do DMCA testimony. Over the years, I've poured a huge amount of work into preserving net freedoms, at an enormous cost to myself.

Yet Michael Sims, who outright domain-hijacked Censorware Project's website, is being _de facto_ supported as a Slashdot "editor", and given the ability to rant and make personal attacks on the front page to hundreds of thousands of people. He's already been ruinously destructive, from the domain-theft to even breaking trust with sensitive legal material. It's no paranoia at all, it's already happened.

This is the real world here. It's not a trivial flame-war where we turn-off our computers, and go out for a beer later. People get sued. Even jailed!

RESPECT. It's the lack of respect, on many levels, which bothers me so much.

[end fantasy]

But if I sent that, I'd probably get in trouble. I've learned better.

This is why I've quit.

By Seth Finkelstein | posted in activism | on October 08, 2003 10:56 PM | (Infothought permalink) | Followups
October 07, 2003

Google Spam Filtering Gone Bad

I believe I've uncovered the cause of the "Google NACK", a problem where Google is returning no or very few results for certain combinations of search terms. I conjecture it is a consequence of trying to eliminate spam search results, but instead wrongly eliminating all subsequent results. Read:

Google Spam Filtering Gone Bad

Abstract: This report describes a problem which caused Google to return very few, or no, results for particular combinations of search terms. It is almost certain this is a consequence of search results being post-processed by spam-defense which has gone awry.

Feel free to verify my methodology. Google has an incentive to rapidly patch any publicized examples.

[Hmm, maybe I should go into "Google studies", Google doesn't sue people!]

By Seth Finkelstein | posted in google , infothought | on October 07, 2003 03:37 PM | (Infothought permalink) | Followups
October 06, 2003

Blogs vs. Bicycles

Still thinking about BloggerCon, I posted the following in the comments section of Oliver Willis' excellent entry Deflating The Blog Bubble:

The problem [with blogs-as-revolution] is that if the optimist says "This post will reach a million people", and the pessimist says "This post will reach ten people", and it ends up reaching a hundred people, the truth isn't in the middle. The pessimist was basically right, the optimist very wrong.

It's not bad to reach a hundred people. But it's not anywhere near a million people.

The optimist says the equivalent of "Give everyone a bicycle, and cars are dead, no more oil, all Middle-East geopolitics will change ..." And the pessimist points out "No, it doesn't work like that, only a very small part of the population wants to ride bikes or will deal with them". Then the reply is "But isn't our biking club great fun? I love biking. You love biking. Let's all go ride around on our bikes and enjoy ourselves".

Which is fine. But not anything near the original statement.

By Seth Finkelstein | posted in cyberblather | on October 06, 2003 11:58 PM | (Infothought permalink) | Comments (7) | Followups
October 05, 2003

Blogs, Journalism, and Mathematics

The fallacy of "blogging == journalism revolution" has been on my mind today, from BloggerCon. I've figured out the key reasoning error:

People assume production is the same as audience

This is wrong. This is false. This is an unwarranted leap of logic ("then a miracle occurs") that has very little to recommend it, and much to argue against it.

A recent blog survey, "The Blogging Iceberg", has a good paragraph on this:

Nanoaudiences are the logical outcome of continued growth in blogs. Assume for a moment that one day 100 million people regularly read blogs and that they each read 50 other peoples' blogs. That translates into 5 billion subscriptions (50 * 100 million). Now assume on that same day there are 20 million active bloggers. That translates into 250 readers per blog (5 billion / 20 million) - far smaller audiences than any traditional one-to-many communication method. And this is just an average; in practice many blogs have no more than two dozen readers.

Everyone can't have an audience of millions. That's a simple mathematical fact.

So, what's the result of traditional media + blogs? Are the media which does have an audience of millions going to just go away? Why would that happen?

There's a reasoning disconnect, from a very idealist dream, of everyone reading and writing to each other (on an assumed equal or at least meritocracy basis), to the practical constraint that it can't happen in implementation. Because everything from economies of scale to clustering tendencies ("power laws") is going to produce a relatively few large-audience outlets, and everything else is noise.

By Seth Finkelstein | posted in cyberblather , infothought , journo | on October 05, 2003 11:58 PM | (Infothought permalink) | Followups
October 04, 2003

BloggerCon, or BlatherOn?

[Taking a break from why-I-can't-publish-censorware-research...]

I've been blogged-down in the past few days, attending or watching BloggerCon events. I think I'm too cynical for Dave Winer. I hate to be so much of an Eeyore, but the deja-vu was extremely strong.

I remember, I remember / The glorious bubble days / When all the net was floating / in a frothy heady haze. (apologies to Thomas Hood)
I've had no trouble with Big Questions, e.g. What Is Blogging. It's frequent writing, no less and no more. BloggerCon is a type of writer's convention, about the process of writing, writer's markets, and some tools which are good for supporting reading and writing.

That's nice. I like it, though I wouldn't pay $500 and fly across the country to attend such a convention. But if it's down the street from me, great.

However, sessions are larded with so much hype that it's almost painful. I lived the blather of the Internet Revolution. And I found out, very personally, how mistaken it was. Now I get to see evangelists and sensation-mongers do it all over again.

It's fine and dandy to be a well-off professional discussing writing about your job, or maybe having writing as your job, and meeting with people like you. Very cool, very fun, great parties. Being in a bubble is delicious.

But this is not going to revolutionize politics, overthrow journalism as we know it, or change the world into cyber-utopia. One of the most wince-worthy moments was when Dave Winer proposed giving every voter (in New Hampshire?) a blog. I couldn't help thinking, he's gone beyond the cliche of throwing money at a social problem. Now it's not even throwing money, he's throwing blogs at a social problem. I suppose that's the sort of thing one does as an evangelist. And maybe I'll get slammed since I'm such a wet-blanket. But having heard the optimism all before, way before, and seen what happened to it, I can't buy into it again (sigh, I'd probably do better if I could).

Update: I highly recommend Lis Riba's Essay on this topic. Says much I wanted to say in addition, but haven't.

By Seth Finkelstein | posted in cyberblather | on October 04, 2003 11:59 PM | (Infothought permalink) | Comments (4) | Followups
October 02, 2003

Code == Speech, or The DMCA As Technical Obscenity

Switching gears a bit (at last), another paper I can't do, censored censorware reports, is one I call:

Code == Speech, or The DMCA As Technical Obscenity

The title is a pun, a multilayered meaning between "technical obscenity" in the sense of being an abomination in the eyes of tech-types, and "technical obscenity" as a (somewhat metaphorical!) type of obscenity law applied to technological speech. This idea was impressive (if that's the word) in the recent Bunner decision in the DVD trade-secret case where the ruling stated "Thus, these trade secrets, ... address matters of purely private concern and not matters of public importance.". Note that's trade-secret law. But I'm trying to express the concept that the determination seems very much like a kind of obscenity test, with the values in that test being applied to technical communications rather than sexual ones.

And make no mistake, it is a speech issue. As I've discussed before:

The ROT13 algorithm explained ("Caesar Cipher"):

1) The decryption algorithm for ROT13 is to take the range of letters from a-z, and for those twenty-six letters, replace the first thirteen of them with the range of letters from n-z and the second thirteen of them with the range of letters from a-m

2) To un-ROT13, do a tr/a-z/n-za-m/ over each character in the file

3) perl -pe 'tr/a-z/n-za-m/;' < infile > outfile

Where did I step over the line, from "speech" to "code"?

Now, the difficulty with this paper is the "shouting to the wind"/"tell it to the judge" problem. As one entry in the vast amounts of pontification on the topic of code, speech, and the DMCA, it won't get read. If I put in a real, relevant example, which might get noticed - such as an unpublished censorware decryption - well, be careful what you wish for, because you might get it (here, getting noticed by the censorware company taking action from the decryption program).

Note a similar thought was done in the "Programmers' & Academics' Amici Brief in NY MPAA DeCSS Case" (which I had something to do with):

While an example of the Perl programming language might look like this:

  my ($xor_len) = $key_length{$request} ;
  my ($file_key) = substr($cipher_key, 0, $xor_len);
  while (read(FILE, $xor_block, $xor_len)) {
    $plain_text = $file_key ^ $xor_block;
    $plain_text =~ s/+$//;
    $plain_text =~ tr/A-Z/a-z/;
    print $plain_text,"";

     We chose this snippet of Perl for two reasons. Fi rst, when compared to the Visual BASIC, it is apparent that more symbolic characters and fewer natural-looking words are used, illustrating the variety of programming languages. Though it looks less like a natural text language, its meaning is as clear to those who read Perl as is this sentence to those who read English. ...

     The second reason is the more thematic. The snippet is from a program which decrypts the encrypted list of URLs blocked by the filtering software application known as X-Stop, the use of which in a public library was found to be unconstitutional in Mainstream Loudoun v. Board of Trustees, 24 F.Supp.2d 552 (E.D.Va 1998). In part by showing that X-Stop blocked valuable Internet speech, Plaintiffs prevailed, but on the face of 17 U.S.C. SS 1201(a)(1), such a decoder might be unlawful as a circumvention measure. In October 2000, the Librarian of Congress completed the first rulemaking mandated by §1201(a)(1). One exemption was for "[c]ompilations consisting of lists of websites blocked by filtering software applications." 37 CFR Part 201. If the LOC rulemaking now legitimizes the use of a program such as the X-stop decoder to compile such lists, it makes no sense under any theory of copyright law that §1201(a)(2) proscribes the distribution of such a program, but that is the effect of §1201(a)(2), the section at issue in this action.

Note "such a decoder might be unlawful as a circumvention measure". I don't want to play Russian-Roulette-plus-snipers these days to find out :-(

By Seth Finkelstein | posted in censorware , legal , memoirs | on October 02, 2003 11:57 PM | (Infothought permalink) | Followups
October 01, 2003

N2H2 "State Secrets" - censored censorware report and why - part 3

I never described why I called this recent series "State Secrets". That's a reference to an old joke about dictatorships:

Another joke is about a student marching down the Avenue of Eternal Peace with a banner saying "Li Peng is a pig"
The student is arrested, tried and sentenced to 20 years.
He complains that illegal protests carry a maximum sentence of five years.
"Yes," replies the judge. "Five years for an illegal protest and 15 for revealing state secrets."


That joke really sums it up - for revealing N2H2's censorware blacklist is a pig, I might get a minor penalty for one issue, but 15 years (of litigation) over revealing their state, err, trade secrets.

When I first circumvented the encryption of N2H2's blacklist, I was amazed at how much of it was junk and duplications and obvious errors. Just full of garbage. Logically, what do they care? Who is looking?! They have an incentive to add as much as possible, for PR puffery (a blacklist zillions long). It was very evident that there were silly keywords being used to blacklist sites.

I wanted to publish these results to coincide with the District Court CIPA trial. But during the expert-witness testimony of the trial, N2H2 went into court with extraordinary legal aggressiveness, to attempt to prevent the court experts from testifying in public about its blacklist (on "trade secret" grounds):

"They say that certain things we talk about them having blocked will show the nature of their software, ..."

(note small world, that quote is from Declan McCullagh's (sigh ...) coverage of the trial)

At roughly the same time (actually a little before, but adding to the legal risk), Michael Sims, the Slashdot "editor" who had domain-hijacked Censorware Project's website, broke trust that had, in earlier times, been placed in him by Censorware Project's main lawyer (James Tyre). As part of the process of obtaining nominations for me for the EFF Pioneer Award, James Tyre had written (with my full consent) a detailed message to Censorware Project members cataloging every censorware decryption I'd done up to that time - names, dates, methods used. This was sensitive legal information, more so for coming from such an unimpeachable source.

Michael Sims publicized this confidential message to the world, including every censorware company which might want to sue me, just when N2H2 was doing its attempts to suppress public testimony (privately, it's a great message, later I put it on my site with others - but there's a time and a place for everything!). If N2H2 was willing to take such legal action involving court experts serving as witnesses in a Federal trial, the risk for a mere programmer in publishing more detailed and revealing work (even a civil-liberties award-winning programmer) was terrifying. The betrayal of confidence was an incredibility vicious and vile action.

The import of this trust-breach is often lost in various smoke-blowing. (for example, Michael Sims was particularly upset that James Tyre hadn't trusted him with the sensitive information from the start, ironically showing by his dishonorable actions why that lack of trust was thoroughly justified). People tend to get focused on the name-calling. But it was putting legally sensitive information in censorware company hands, while aggressive legal action was underway, which was most destructive.

I made a decision then: I'm not going to publish this work. The legal risk is too high. I don't have the support I need. At best I'll get smeared, at worst I'll get sued.

Remember, Slashdot continues to _de facto_ support Michael Sims, in terms of pay, reputation, and press-power. It matters. This is why I have to quit.

By Seth Finkelstein | posted in activism , censorware , legal , memoirs | on October 01, 2003 11:58 PM | (Infothought permalink) | Followups