My expert declaration in the Nitke v. Ashcroft case is now on-line. This addresses how the Internet and issues of community standards conflict with anonymity and privacy, as well as other problems with determining the location of users who are reading material from websites.
http://sethf.com/nitke/declaration.php
It's a condensed version of my Nitke v. Ashcroft expert report.
I've just gotten back from a week consumed by the Nitke vs Ashcroft Internet censorship court case trial, where I was an expert witness (as I had to keep reminding myself, that's witness, not defendant).
Seth David Schoen (aka "the EFF Seth" - he's EFF Staff, I've never been employed by EFF) has some notes about what happened at the trial. I fit in as a part of the sentence "The morning was taken up with technical experts, who sparred over the question of how accurate geolocation technology can be under various circumstances".
More later. It's been a draining week.
A while back, I did a small experiment:
Let's say I linked a certain phrase "EBig EBrother" to somewhere (such as Google ...). I've used an uncommon phrase here, so as to make it easy. The words "Big Brother" have many hits, but there's no occurrence "EBig EBrother". Well, there wasn't until this post gets indexed.
What happens?
Time to try the experiment again. It turns out that small-scale Google-bombs in fact might be useful probes into the functioning of Google's index. We already know that large-scale Google bombs tell us something about how it functions (remember, popularity vs. authority). So I suspect there's also insight which can be gleaned from lesser efforts.
[Update: For variety: EBiggest EBrother]
John Palfrey talks about a Berkman Center Conference and Internet & Society, "to consider, from a skeptical viewpoint, the impact of the Internet on politics."
I probably shouldn't do this, but their recent Filter newsletter asked for the "hardest, most interesting questions that might serve as the organizing principle for a specific panel or discussion session on the primary day of conference, December 10, 2004.". So, despite my not being in the best graces there, and perhaps against what would be better judgment, I had sent them some of the following comments:
> An example might be: "Are campaigns more effective at engaging young
> people in campaigns by using Internet technologies?" Give us a
> better one.
>
> The Question: Is this a question you'd show up to hear discussed?
No. In fact, it sounds like a softball question designed to be an advertisement for somebody's pet project. Here's some of my thoughts as to "the hardest, most interesting questions":
"The Selling of the President 2004 - from Detergent-Boxes to IPO's?"
[The reference is a riff on the classic Selling of the President 1968,
which talked about the candidate being a bar of soap or box of detergent]
As technology advances, so does marketing. Are we merely witnessing
innovations in candidates-as-products? That is, is the political pitch
moving from consumer staples to a bubble-stock public offering?
[Clay Shirky did an excellent analysis of the Dean implosion]
"Meet The New Boss, Same As The Old Boss?"
Most people don't want to be political junkies, they have lives. This
creates opportunities for a class of professionals to spin and control
the political debate. Maybe we are just seeing a shift in the base of
that professional class, from one media to another.
[a.k.a. "Power Law"]
"You Talk Too Much: Does The Internet Really Matter To Voter
Involvement?"
Some have said that one blogger is worth ten votes, via political engagement.
Others counter that one blogger is worth one-tenth of a vote, due to
isolation in an echo chamber. Which is right?
[Note only would I show up, but I would pay, to see a debate here between Jim Moore ("Second Superpower") and Andrew Orlowski :-)]
We'll have to see if these provided anything besides amusement.
[Note: Blog items may be sporadic due to problems with my net connection, and time available]
Walt Crawford's "Cites & Insights" high-quality library 'zine has already put out the November 2004 issue.
Besides the discussions of open-access, WikiPedia, etc, one item struck me as deeply interesting (note for this one, the quoting of me arises because I found it so interesting, not the other way around, really):
INTERESTING & PECULIAR PRODUCTS in Cites & Insights 4:12 ended with an item on the Sima GoDVD!, a box that "enhances" analog video so you can convert it to digital form to burn to DVD -- and in the process apparently undoes Macrovision copy protection. I noted that Macrovision's president had suggested that GoDVD! violates DMCA and commented "but that's the wrong law: GoDVD! operates entirely in the analog domain, and VHS is an analog medium, so DMCA simply doesn't apply." Seth Finkelstein, who reads more of the law than I ever will, corrected that sentence. Section 1201k of DMCA relates to "Certain Analog Devices and Certain Technological Measures," and is in effect a provision that protects Macrovision copy protection, called "automatic gain control copy control technology" in the law. It outlaws manufacture, import, offering to the public, providing or otherwise trafficking in VHS VCRs, 8mm analog camcorders, Beta VCRs, 8mm analog VCRs if they ever become popular (sell 20,000 copies in a calendar year in the U.S.), or any other analog VCR using NTSC format. My sentence was wrong--but it can still be argued that GoDVD! doesn't violate DMCA. After all, it isn't a VCR or a camcorder; it's just a video enhancement box.
My emphasis on the last sentence. Here's the interesting issue - the DMCA basically mandates Macrovision in recorders. Macrovision, technically, is basically a "bug" in the video signal. So ... does selling signal-enhancing equipment like the GoDVD! (which specifically corrects that bug) violate the mandate? According to the letter of the law, I'd say no. On the other hand, this looks very much like what a hostile judge would view as a loophole. Or at least fodder for a quick amendment. The DMCA was definitely trying to outlaw the anti-Macrovision functionality which is part of the GoDVD! box.
I suppose the upshot is that even if it's true now that the GoDVD! box does not violate the Macrovision section of the DMCA, I'm not optimistic as to how long it will remain true.
Today I was quoted in The Register (accurately!), about the email surveillance case US v. Councilman:
"Extending the court's disturbing approach, an entire surveillance system wouldn't be considered interception if it were built into local mail processing," internet researcher Seth Finkelstein told us.
Thanks!
I also should have mentioned earlier the latest issue of Walt Crawford's always-excellent library 'zine (not blog), "Cites & Insights". In the October 2004 issue, it's got an extensive recent copyright issues overview, which I am undoubtably biased in recommending because the coverage includes me (for the post Copyright Is Broken And Nobody Knows How To Fix It).
So I'm not at absolute zero with regard to notice. Just practically so, with regard to where I'd need to be in order to have much of an effect.
The fact that I don't write with a smiley-face () might be the difference between 300 and 400 readers. But I doubt it's the difference between 300 and 3,000. Press notice matters. Now, I don't mean to imply it's as simplistic as getting mentions, it's a complex process. I should be grateful for what I have. But, honestly, unedited voice, it also rubs my nose in what I can't have.
The IICA/INDUCE Act (a new copywrong of legal liability for "inducing" infringement) keeps threatening to appear in the Senate.
Now, I am hors de combat, on the basis that either anything I do won't have an effect, in which case it would be a waste of effort, or it would have an effect, in which case I wouldn't get any credit (sorry, that's just the truth).
But for those low on the power scale who want to try to make a difference, it might be useful to look at a personal letter I drafted during the Dmitry Skylarov case. I hope it's helpful in terms of showing how to structure a good advocacy letter:
Dmitry Skylarov case letter to Senator Kennedy
http://sethf.com/essays/minornet/dmitry-skylarov-kennedy.php
[Update: Seems dead for now. Hopefully no more revisions for a while. But one never knows ...]
Yet one more noted atrocious aspect of the Blizzard v. BNETD case is the contact-supremacy view which overrides other consideration. Again, the relevant passage (my notes in brackets):
The Court finds the reasoning in [the case] Bowers [v Baystate] persuasive. The defendants in this [Blizzard v. BNETD] case waived their "fair use" right to reverse engineer by agreeing to the licensing agreement. Parties may waive their statutory rights under law in a contract. See, e.g, The Older Workers Benefit Protection Act, 29 U.S.C. § 626(f) (2004) (statute outlines minimum requirements for waiver of statutory right to sue under the ADEA). In this case, defendants gave up their fair use rights and must be bound by that waiver.
That's about as clear a statement of reasoning as one can get. It's a contract. But the overall difficulty with challenging this view of contract, is that, for example, one can readily contract-away one's free-speech rights. That's exactly what a non-disclosure agreement (NDA) is. It's a contract to bargain away the right to talk about a topic in return for some benefit. Some Libertarians will literally argue that you should be able to sell all your internal organs, or even sell your children (excuse me, your "parental rights").
So the question is about the limits of contract. Now, I can say that a contract to take away one's fair use and reverse-engineering rights should not be permitted, as against public policy. Do you hear me? This ruling is an abomination, a stink in the nostrils, unfit to be bird-cage liner.
But, who cares if I say that? It's not my opinion which matters. I can point out that the market won't fix this, and reverse-engineering is a very much a minority right. But that's not likely to get far either. Saying the decision is wrong unfortunately provides no way to change it.
At Copyfight, Donna Wentworth notes concerning the Blizzard v. BNETD case and reverse-engineering:
A reader over @ Freedom-to-Tinker observes that "This ruling even implies that the only way to do it is to ask the copyright holder for explicit permission. I'd love to see that: 'Mr. Software developer, I'd like your permission to become your competitor.'" Me too. And pigs growing wings.
Just to clarify people's understanding, that's mixing up two parts of the decision. It's confusing, because the discussion is interleaved, switching back and forth between circumvention itself and the reverse-engineering defense. The relevant passage (my notes in brackets):
The Court finds that the defendants' actions constitute a circumvention of [a work protected by] copyright under the DMCA. It is undisputed that defendants circumvented Blizzard's technological measure, the "secret handshake" between Blizzard games and Battle.net, that effectively controlled access to Battle.net mode. It is true the defendants lawfully obtained the right to use a copy of the computer programs when they agreed to the EULAs and TOU. The statute, however, only exempts those who obtained permission to circumvent [i.e. allowed to decrypt] the technological measure, not everyone who obtained permission to use the games and Battle.net. See Universal City Studios, Inc. v. Corley, [...] (court rejects argument that because DVD buyer has authority to view DVD, buyer has authority of copyright owner to view DVD in a competing platform; court finds that argument misreads - 1201(a)(3) because the provision exempts from liability those who would "decrypt" -- not "use" -- an encrypted DVD with the authority of copyright owner). The defendants did not have the right to access Battle.net mode using the bnetd emulator. Therefore, defendants' access was without the authority of the copyright owner.
A rough translation of the above is "Just like unauthorized Linux DVD players violate the DMCA despite a buyer having a right to view a DVD, unauthorized game emulators violate the DMCA despite a buyer having a right to use a game" (n.b., I am paraphrasing, not agreeing).
This is all concerned with saying that the BNETD emulator is indeed a DMCA circumvention violation, before even discussing reverse-engineering. The "permission" refers to the fact that to be a circumvention violation, the decryption must be "without the authority of the copyright owner". One argument in defense of the legality of independent Linux DVD players, or here, open-source emulators, is that by purchasing the DVD or the game, that purchase is a grant of authority of the copyright owner to decrypt the DVD or game in order to use it (otherwise, what are you buying?). But the courts have so far said that this argument is wrong. You buy the ability to use the DVD or game, but not to decrypt it. The new decryption-right remains with copyright-owner, who can license that right separately. So if you buy a DVD, and want to view it on a Linux machine, but there are no authorized Linux players, tough luck. In essence, for encrypted copyright material, you've subject both to copyright AND the new decryption right ('paracopyright"), which are different sets of laws.
The reverse-engineering is a horror, but it's a different horror.
Disclaimer: I am a programmer, not a lawyer. I just study the DMCA with great personal interest (as in, I don't want to get sued, personally).
I again read through the Blizzard v. BNETD case, partially because of Ernest Miller's comment:
It is isn't clear to me that the "secret handshake" is circumvented. Blizzard games send an encrypted packet with a key. The BNETD servers ignore the key (not that they would be able to do anything with it). If that constitutes an access control device, there is not much that wouldn't.
The key (err, pun unintended) to this part is to realize that Blizzard basically put a password validation routine for a game feature in a location external to the game, their server. So abstractly, there's the official Blizzard Battle.net routine which is something like:
int validate_key (struct handshake *key) { super-sekrit-magic-yada-yada-.... }
And the emulator stub:
int validate_key (struct handshake *key) { return 1; /* true */ }
According to the court, congratulations, you've just violated the DMCA. This is exactly the sort of interpretation that, had I proposed it, some optimistic lawyers would have told me that no, no, don't confuse it with the Broadcast Flag, see section 1201(c)(3):
o (3) Nothing in this section shall require that the design of, or design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure, so long as such part or component, or the product in which such part or component is integrated, does not otherwise fall within the prohibitions of subsection (a)(2) or (b)(1).
And the trick there seems to be in the phrase "does not otherwise fall within". Apparently, implicit in the Court's reasoning, if you know something is an encrypted password, you have some sort of affirmative duty of care to validate it. And if you just ignore it, that's circumventing it.
I can't say I'm happy about that. But I can't say I'm surprised at it either.
And I really, really, wish people would take into account this sort of court attitude when I talk about my reaction to my own risk of being sued :-(.