October 05, 2012

Aaron Swartz "JSTOR" case Defense Begins

[Not an echo! News from the filings!]

For people interested in following the details of the Aaron Swartz "JSTOR" case developments, the legal defense has begun. There are now filings such as a motion to dismiss "wire fraud" charges, and many "suppress" motions (i.e. challenging the legality of the collection of various pieces of proposed evidence).

One reason I'm hesitant to get too much into the popular case discussion is that the punditry tends to revolve around concepts people have regarding the overall morality of various supposed actions. Now, that's a valid discussion, involving topics ranging from Open Access, the appropriate conduct of activism, and proportional prosection response. But it's a different one than whether the charges brought are supported by the applied law and the legal evidence. And the costs (in several senses) of fighting, of maintaining the specific charges are not supported by the alleged law and evidence.

One of my favorite commentaries on this topic is from the Cyber Patrol break FAQ, about the lawsuit aftermath of two programmers who reverse-engineered censorware and published research and software about their results:

When we published the essay I didn't expect a lawsuit, but I had also thought, "Well, if there is a lawsuit it won't be a problem, because there are organizations that take care of things like that." I fondly imagined that in case of legal silliness, someone would just step in and say "We'll take it from here." What I found out was that those organizations, through no fault of their own, were able to give me a lot of sympathy and not enough of anything else, particularly money, to bring my personal risk of tragic consequences down to an acceptable level, despite, incredibly, the fact that what I had done was legal. Ultimately, I couldn't rely on anybody to deal with my problems but myself.

Some people learn that lesson a bit less impressively than I had to.

Note that particularly money phrase. As well as personal risk of tragic consequences. It matters. The sort of detailed and thorough legal argument in all those defense motions is not something that's going to be data-mined from a forum discussion thread, or lifted from a semi-plagiarized Wikipedia article.

Note: Aaron Swartz Legal Defense Fund. Disclosure: I know him socially, and have admired his work.

Posted by Seth Finkelstein at 05:53 PM
September 28, 2012

Aaron Swartz "JSTOR" case post reaction, and State charges were dropped

[Personal post reaction, and an under-reported aspect of the case]

Two weeks ago when I wrote about the indictment revision and expansion for the Aaron Swartz "JSTOR" case (disclosure: I know him socially, and have admired his work), actually breaking news, I only expected it to be read by my Z-list audience which amounts to handfuls, nay, veritable dozens, of readers. But due to being echoed by a few A-listers (thanks folks), it worked its way somewhat up the steep slope of power-law mountain, getting roughly 10,000 hits. As another proof of the Big-Head distribution effect, the readership was almost all from Hacker News.

The spike only brought me maybe 10 new subscribers though. All in all, given that the post wasn't a tremendous amount of research and writing work, that's fine. But overall it's the sort of gambling-jackpot result that evangelists point to for the froth, but neglect the lack of sustainability ("Look, little Z-lister, you got read, so you should keep working away for no money and no support, the startups need their buyouts").

Anyway, in several discussions about the case, I saw some people taking the view that while Aaron Swartz is alleged to have done minor physical entry violations, that's not part of indictment. It's important to know that the United States legal system is separated into different levels. As I wrote a while back, something like breaking-and-entering is a "State" charge. It's the domain of one of the fifty states which make up the United States of America, specifically Massachusetts. The United States government itself, is a different "sovereign", to use the legal jargon. The indictment being discussed is, literally, a Federal case.

It turns out that the State charges were dropped back in March, in favor of the Federal case.

State drops charges against Swartz; federal charges remain

March 16, 2012 John A. Hawkinson

The Commonwealth of Massachusetts has dropped all six charges against Aaron H. Swartz, ...

"In the interest of justice, we agreed to let the federal case have precedence," said Cara O'Brien, a spokeswoman for the Middlesex District Attorney's office. Many of the witnesses would have been the same in the two cases, she said, and since the state case would have gone to trial first, witnesses testimony might compromise the federal case.

... The charges dropped by Massachusetts were two counts of breaking and entering, one count of larceny over $250, and three counts of unauthorized access to a computer system.

Strategically, the thinking here is clear. I'm not a lawyer. But speculating, for a high-status first offender with a sterling record and no aggravating factors, I'd say the sort of charges above are ordinarily plea-bargained, and at worst would result in probation if there's a conviction. Swartz is blessed with the rare capability to mount a top-flight defense, and his legal team has every incentive to fight for an acquittal. If he's found innocent, that undercuts the Federal case against him in terms of the requirements to prove criminal legal violations of authorization. Thus the Massachussets prosecutor can at best hope for a piddling conviction on relatively minor (though still felony) charges, which they will have to work extremely hard for, and at worst work against a much larger Federal case. Hence they defer that Federal case, which has a huge amount of prosecutorial resources.

Note if Swartz didn't have the resources for an excellent defense, the overall prosecution strategy might have been to try to convict him on the State charges, and then leverage that result in the Federal case. There's significant practical calculation involved in these decisions.

For people who want case analysis from someone who is a lawyer, see Maxwell Kennerly: Examining The Outrageous Aaron Swartz Indictment For Computer Fraud.

And again, there is also a Aaron Swartz Legal Defense Fund.

Posted by Seth Finkelstein at 03:54 PM
September 14, 2012

Aaron Swartz "JSTOR" case indictment revised/expanded

[A little original, if boring, reporting below]

I'm continuing to follow the Aaron Swartz case, which is grinding away (disclosure: I know him socially, and have admired his work). The latest development, which seems to have not been reported anywhere but here (scoop! :-) breaking story! :-)), is that the prosecution has issued a "Superseding Indictment". That is, the charges against Swartz have been revised and expanded from the original form.

And as I've said before - they don't like him. They really don't like him. Previously the indictment had alleged four "counts" of different legal violations each, making four felonies in total. There are now 13 felony counts in the new indictment, derived from claims of multiple instances of breaking those four laws. In specific:

Wire Fraud - 2 counts
Computer Fraud - 5 counts
Unlawfully Obtaining Information from a Protected Computer - 5 counts
Recklessly Damaging a Protected Computer - 1 count

It's beyond my pay grade to figure out how many years in prison that all could be, when taking into account the complexities of sentencing law. Let's leave it at a large scary number. Enough to ruin someone's life.

A note regarding coverage - I'm surprised there isn't more close commentary about this case now. There's something of a paradox for Z-list bloggers, as to the extent that the dominant blogs on the top of the "power-law" curve cover it, there's not much more to say. While down at the bottom under the massive Long Tail, the potential risks are much higher than likely rewards. I'm not sure it's a good idea for me personally to be blogging about it extensively. It's a huge amount of effort to do any sort of journalistic legal analysis, and the social gains are basically all for ranting (whatever side one is on, popularity comes from telling people what they want to hear). "Citizen journalism", bah-humbug!

UPDATE: For fairness - Aaron Swartz Legal Defense Fund

Posted by Seth Finkelstein at 06:28 PM
July 31, 2012

Aaron Swartz "JSTOR" court case drags on

[Original, if boring, reporting below]

It's been more than a year since the Aaron Swartz indictment was announced (disclosure: I know him socially, and have admired his work). The court case has fallen out of the news now. But it hasn't been dropped or plea-bargained. It's still slowly and agonizingly grinding through the legal system. I've been following it via the court filings, out of personal interest in situations where programmers get sued for electronic activism.

Basically, Judge Learned Hand was right about lawsuits, they are dreadful. On and on the filing go, a slow-motion battle that is part war of attrition, part trial by ordeal before trial by jury. It appears that Aaron Swartz is fortunate enough to be able to mount a first-class defense, so his lawyers can challenge various evidence that the prosecution wants to introduce. Here's some of the flavor of the process, from a status conference:

[snip] ... The defense intends to file Motions to Suppress and Dismiss. The parties agree that such motions will be filed raise complex matters and that the Court should set a filing date for such matters 60 days from the date of the status conference;

(6) The parties propose that expert witness disclosure in this case take place in three phases. The government will make its initial expert witness disclosure 11 weeks before trial. The defense will make theirs 8 weeks before trial. The government may then make an additional expert disclosure 5 weeks before trial, if an additional expert or experts are necessary to address matters raised in the defense disclosure. [snip]

(9) The parties believe that trial is likely and that the trial will last around 3 weeks.

This apparently is going to continue on for a long time yet.

Update: As of August 2012, the trial date was set for February 4, 2013

Posted by Seth Finkelstein at 11:53 PM
July 26, 2011

Aaron Swartz / JSTOR case has STATE felony charges, not just Federal

[Under-echoed bit of detail]

I haven't written the obligatory Aaron Swartz indictment post, as, basically, what's the point? I wish him well (disclosure: I know Aaron Swartz socially, and have admired his work). But it's all way beyond my level of tens of blog-readers. Many, many, years ago, back before Twitter and blogs, when USENET was one of the centers of net.influence, I argued about the David LaMacchia case. I eventually turned out to be right about the legal outcome. But personally, it wasn't worth all the flaming over "theft" and similar. I don't need to relive that experience, I'm trying to learn from my mistakes.

Anyway, to say something people haven't heard, news only started to circulate last Friday that in addition to the Federal government charges of "Wire Fraud", "Computer Fraud", "Unlawfully Obtaining Information from a Protected Computer", "Recklessly Damaging a Protected Computer", there are also two State government charges. Per MIT also pressing charges against hacking suspect / Josh Gerstein

But his alleged use of MIT facilities and Web connections to access the JSTOR database also resulted in two state felony charges for breaking into a "depository" and breaking & entering in the daytime, according to local prosecutors.

This is partially corroborated by an online court document "Motion To Unseal Search Warrants, Asset Forfeiture Seizure Warrant, And Supporting Applications", which has a line:

In addition, the government has been asked by the Middlesex District Attorney's Office to make these materials available to it, as they contain facts potentially material to a criminal matter pending in Middlesex County regarding the defendant.

("Middlesex County" is the Massachusetts legal district where MIT is located).

Those are serious charges. He's being prosecuted as if he actually was a thief!

They don't like him. They really don't like him.

Posted by Seth Finkelstein at 02:53 PM | Comments (1)
August 27, 2008

My _Guardian_ column on Security by Obscurity = Ignorance is Strength

security by obscurity = ignorance is strength
http://www.guardian.co.uk/technology/2008/aug/28/security.law

Is research that uncovers flaws in transportation fare payment systems so dangerous as to justify censorship?

This is my reaction to the MBTA v. Anderson case, where three MIT students and MIT have been sued over their research showing security weaknesses in the MBTA subway fare system. I'm hoping my comparison of "security by obscurity" to the Orwellian slogan of "Ignorance is Strength" catches on. Happily, that comparison managed to make it into the title.

Blog bonus: My original draft had a paragraph "Some naive commentators have a ludicrous idea that there's teams of civil-libertarian lawyers on alert who scan the skies for the EFF-signal and then leap into the EFF-mobile to do battle. The reality may be heroic in its own way, but resembles battlefield triage far more than a bloodless inevitable triumph of good over evil."

But that either got cut for space or because the Batman references were too obscure.

[For all columns, see the page Seth Finkelstein | guardian.co.uk.]

Posted by Seth Finkelstein at 08:55 PM
August 15, 2007

Regulating Search Engines paper - detailed notes

I made some notes as I went through the "Federal Search Commission?" paper, and since I've already given an overview of my thoughts, I decided to post these for whatever value they have in terms of the specifics of the argument, and where I believe it doesn't work. Again, basically, I sympathize with the examination of the concentration of media power. But the claims as to why it's not like other media power simply don't seem to me to be valid.

The first dimension involves an important preliminary question: what exactly is the relevant speech in relation to which search engines assert first amendment rights?

This: "If you're looking for pages about "widgets", the most relevant page is this, the second most relevant page is that, the third, etc".

When, however, the frame of reference is the supposed speech embodied in rankings the claim that regulation of search results violates the first amendment becomes highly precarious. It is highly questionable that search results constitute the kind of speech recognized to be within the ambit of the first amendment by either existing doctrine or any of the common normative theories in the field. While having an undeniable expressive element, the prevailing character of such speech is performative rather than propositional.

Regrets, I don't buy it. I don't see a way you can claim "Vote for X" is "propositional" while "The most relevant page for X is Y" is "performative". This part in the reasoning seems flawed: "To use the terminology of Robert Post, the speech of search engines as embodied in rankings is not a form of social interaction that realizes first amendment values."

That claim is problematic in a very deep sense, because if search engines rankings embody social values, then they're a form of social interaction in the relevant sense. The argument can't have it both ways, that they're expressions of the algorithm-writer's bias and prejudice for the sake of criticizing them, but not social interaction when it comes to regulation.

After all, one could say everything from tabloid newspapers to book publishing is not social interaction, in that they're monologue or pontification, not a town hall meeting.

In short, extending the compelled speech rule to cover the mere observations on relevance implied in search engine rankings seems to take the doctrine to domains where it was never meant to go.

But the problem here is taking that view in the opposite direction, to wit:

The evaluation of the value of bonds which was found to be an "opinion" in that case, while not the strongest case of an expression subject to a dialogical relationship, still has some potentially-dialogical features. Listeners can agree or disagree with the evaluation, criticize or support it, and make arguments for or against it. Search engine rankings, by contrast, are not perceived by users as an expression with which they can interact in ways characteristic of what we usually refer to as an "opinion."

Again, this just doesn't seems correct to me. Generally we have as little ability to dialog with a statement like "Standard and Poors rated this bond as junk" as "Google blacklisted this site as spam". In both cases, the mechanism used to determine the result is proprietary, and the institution offers it on a take-it-or-leave-it basis.

As in the case of the compelled-speech rule, recognizing the incidental and limited form of "opinions" implicit in search results -- i.e. opinions about relevance to users -- might cause the doctrine to spin out of control.

Right, right, got it. This idea is seen (in the reverse) in a lot in net-ranting. You can't convert every statement into protected speech by the magic of prepending "It's my opinion that ...", and so it's an opinion, which is protected speech, ha-ha-ha gotcha. Calling every statement an opinion isn't a get-out-of-regulation-free card. Understood. However, trying to turn it around in the other direction is just as bad, in that there's a problem playing off the many senses of the word "opinion". A search engine result is more like a judicial "opinion", which doesn't map exactly to the most common use of the word either.

The Google does not need me to save it, and I certainly know how its results can be gamed. But I also don't think it can be so readily categorized as somehow apart from standard journalism.

Posted by Seth Finkelstein at 01:34 PM
January 10, 2007

Peter Junger obituary, Memorial Jan 11, reminiscences address below

[I'd known law professor Peter Junger for many years. He was one of my strongest supporters, wrote some of the best legal analyis I've ever read, as well as great humor. I am deeply saddened by his death and the world is lesser for it.]

[official memo from Marina P Corleto (mpc6[atsgn]case.edu) ]

Link: Peter Junger obituary

Any thoughts you would like to pass along would be appreciated.

JOIN US FOR A MEMORIAL SERVICE FOR PROFESSOR EMERITUS OF LAW PETER D. JUNGER

The law school will hold a memorial service for Professor Emeritus Peter D. Junger who passed away in November. The service will be Thursday, January 11 at 7:30 p.m. in Room 159 of Gund Hall.

Professor Junger grew up in Wyoming. He received his A.B in 1955 and his LL.B. in 1958, both from Harvard. He practiced as a real estate lawyer in the New York firm, Patterson Belknap Webb, from 1961-70. He began teaching as an Associate Professor at Case Western Reserve University School of Law in 1970 and served until 2001. He became Professor Emeritus in 2002.

Although his field was property law, Professor Junger was deeply involved in the computer revolution. He was active in an early artificial intelligence group on the campus and worked on issues relating to computer privacy and data encryption. He filed a lawsuit challenging a federal regulation that barred the export of data encryption software. Professor Junger argued that the regulation infringed his First Amendment rights in that it prevented him from showing encryption software to foreign nationals who were in his class on computers and law. The case was dismissed by the trial court but the 6th Circuit Court of Appeals reversed that decision and upheld Professor Junger's claim that computer source code was expression protected by the First Amendment. Just before he died, Professor Junger completed an article arguing against the patentability of software.

All of Professor Junger's students, colleagues, and friends are invited to attend the memorial service. Those who would like to speak at the service or to submit written anecdotes or reminiscences about Professor Junger should contact Professor Wilbur Leatherberry (368-3585 or wcl[atsgn]case.edu) or Professor Jonathan Entin (368-3321 or jle[atsgn]case.edu).

In my opinion Peter was one of the best.

Rosanna B. Masley, Acquisitions Coordinator
Judge Ben C. Green Law Library
Case Western Reserve University
216-368-5429

Posted by Seth Finkelstein at 01:35 PM
July 10, 2006

"CleanFlicks", copyright infringement, and DMCA

The "CleanFlicks" case concerning bowlderization versus copyright is prompting much tech/law discussion, see e.g. Joe Gratz and Ed Felten

Brief Summary:

Side 1: Companies, e.g. "CleanFlicks", which take existing movies and make version with offense parts cut out.
Side 2: Movie studios, etc.
Legal Issue: Is a bowlderization service a violation of copyright, even if the company buys an unaltered copy first, and is doing it For The Childen?

Court's answer, so far: Yes (note this is different from the "Family Movie Act", which addressed making on-the-fly alterations, not permanent copies).

In terms of having something original to add to the commentary pile, I'd just like disagree with my pundit brethren regarding the speculation that the reason the movie studios didn't bring a DMCA claim against the bowlderizers was that the studios did not want to inflame social conservatives against the DMCA. That doesn't make sense, as social conservatives have more than enough to be outraged in the lawsuit itself (and now, the unfavorable decision). Such fine distinctions as the exact nature of the legal claims are very much inside baseball, details. No, I believe the reason a DMCA claim was not made has much more to do with not presenting a court with the fabled sympathetic DMCA circumvention defendant, one charged with circumvention but making fair use in a socially approved cause (and you can't get more sympathetic than For The Children, that's better than even prestigious academic researchers!)

Think it through: If the studios win on the copyright claim, there's no need for a DMCA claim. If the studios lose on the copyright claim, they could then bring a DMCA claim. So they have nothing to gain from starting with a DMCA claim, and risk enormous loss in having a court possibly scale back the extent of the DMCA (especially given the temptation to be swayed by the perceived virtues of the defendant). Thus, it's strategically obvious what to do based simply on risk/reward ratio.

Anyway, politics makes strange bedfellows, err, parlorguests.

Posted by Seth Finkelstein at 03:11 PM
May 30, 2006

Apple v. Does (O'Grady v. Superior Court) and Wikipedia

The Apple v. Does (O'Grady v. Superior Court) case, where Apple tried to subpoena online publisher's information for an investigation, has been well-analyzed (big win for EFF). I'm going to skip the (somewhat misconstrued) Bloggers vs. Journalists! aspects, because they've been chewed to death, and focus on a synthesizing post about the Wikipedia elements, to highlight some other factors.

In "New Age judge blasts Apple", Andrew Orlowski states:

However Apple has struck gold in finding a techno utopian in a state of rapture. Judge Rushing cites Wikipedia as a source, a mistake which earns students an 'F' grade today. He talks about the need to disregard economics and sociology in favor of a "memetic marketplace" - whatever that is - and allows himself some flights of technological rapture.

[N.b. - I think "memetic marketplace" was the judge's way of being hip, where a more staid judge would have used the traditional phrase "marketplace of ideas"]

Actually, I suspect the problem was recognized, and Joe Gratz analyzed it in Apple v. Does Court Cites Wikipedia:

In 2003, I opined that citation to Wikipedia in the course of a legal argument was asking for trouble, since anyone - even opposing counsel - could pull the factual rug out from under one's argument.

The California Court of Appeal, though, dodges the problems I foresaw. It cites Wikipedia almost exclusively for the definitions of internet argot and geek pop culture references: ...

These articles are particularly likely to have reached an accurate and complete equilibrium, since the core Wikipedia constituency is deeply familiar with their subject matter, and that subject matter is not hotly contested. While one can imagine a flame war emerging over precisely what is or isn't a BBS or a blog, the opinion cites Wikipedia in the same situations I do - when the reader's general knowledge of the subject matter will assist understanding of the argument, but the underlying details aren't dispositive of the argument's merit.

In other words, citing a geek trivia collection to define popular geeky terms, is probably not dangerous.

And, besides taking apart some of the Bloggers vs. Journalists! hype, in Courting Wikipedia, Citing Wikipedia, Jon Garfunkel reveals:

In an earlier footnote, Judge Rushing defended his use of Wikipedia: "As with many of the concepts in this opinion, the most authoritative and current sources of information may themselves be found on the web." Of course, "on the web" is as precise as saying "in printed materials." The difference is that information printed materials generally can be traced. With the web, it's a bit trickier. One searches the Bear Flag League, and find out that they're a group of conservative California bloggers, and then search more to find out that the founder was Justene Adamec. As for who came up with "we blog," that is Peter Merholz, who explains such here. As for the quote in bold, it's a meaty passage out of Wikipedia. In this case, it's practically impossible to find out who had authored it, unless the author steps forward.

It was me. And I'm absolutely delighted.

Maybe this what they mean by anyone can contribute :-).

Posted by Seth Finkelstein at 03:38 PM
March 20, 2006

"Justices Pass on Internet Obscenity Case"

[This is about the Nitke v. Gonzales case, where I'm an expert witness. Check the The Wirenius Report Blog, from the case's main lawyer John Wirenius, for first-hand information in the near future. ]

[UPDATE 3/21: See "Supreme Abdication", John Wirenius' follow-up]

Justices Pass on Internet Obscenity Case

By GINA HOLLAND The Associated Press Monday, March 20, 2006; 10:27 AM

WASHINGTON -- The Supreme Court turned back an appeal on Monday from a photographer who claimed a federal decency law violated her free-speech rights to post pictures of sadomasochistic sexual behavior on the Web.

Justices affirmed a decision last year by a special three-judge federal panel upholding the 1996 law which makes it a crime to send obscenity over the Internet to children. ...

[I'm not sure they affirmed, versus refused to hear, those are different actions.
Update: 2:30 pm - Ouch! "The Judgment is Affirmed". ]

Sigh ... see: An Overview of Nitke v. Ashcroft:

However, the definition of "obscenity" approved in Miller does not fit well in an online world; it is based in part on the harmful effects that adult book and video stores have on the quality of life of a neighborhood, and further defines what is obscene by whether or not the material is "patently offensive" under "local community standards" based on geographic locality. See also Hamling v. United States, 418 U.S. 87, 99 (1974). Whether, and how, such a definition can apply to cyberspace has not yet been resolved by the Supreme Court.

[Again, what good does this tiny blog-squeak do, against the sheer volume of the Associated Press, and the inevitable blog echoing? sad face ]

Update: Official press release:

http://www.ncsfreedom.org/news/2006/032006CDA_Decision.htm

"We have proven that Miller does not work," says Susan Wright, Spokesperson for NCSF. "But the Supreme Court has declined to strike it down at this time. That means every website on the Internet can be judged by the most repressive local community standards in the U.S."
...
"We knew that the Bush administration was laying its plans to prosecute sexually explicit material on the Internet," says John Wirenius, attorney for the plaintiffs. "By filing our lawsuit in 2001, we may have slowed the Justice Department from prosecuting obscenity in 2002-3, but the number of obscenity prosecutions has steadily increased ever since. We believe in fighting this battle and we took our fight all the way to the Supreme Court."

"I think we've achieved a great victory in drawing attention to how politicized our judicial system has become," says co-plaintiff Barbara Nitke, a fine art photographer who explores sexual relationships in her work. "Our obscenity laws are outmoded, especially in conjunction with the Internet. We've made a huge dent in how obscenity will be judged in the future, and I hope others will now stand up and continue to fight against repressive laws like this."

Posted by Seth Finkelstein at 11:35 AM | Comments (2)
March 13, 2006

IAC v. Citrin, file deletion and the Computer Fraud and Abuse Act

Bob Helmer sent me a note about International Airport Centers, LLC v. Citrin, which involves:

The Seventh Circuit United States Appeals Court has ruled that employees cannot unlawfully delete their computers before handing them back to their employers. International Airport Centers (IAC) sued Jacob Citrin, a former employee, after he returned a laptop whose contents had been erased with a deletion program.

In a three to none decision the court said that Citrin violated the Computer Fraud and Abuse Act by installing a secure delete program. In addition the court said that Citrin effectively terminated his employment, not when he turned in the laptop, but when he started doing personal business while still being employed at IAC.

Despite hype elsewhere, it's been well-analyzed by: Groklaw: IAC v. Citrin - Deleting Files a Crime?, so I'll just point to that:

I know if I were on the jury, I'd find it hard to view such a [secure delete] program as a cracker tool, since I use the Mac OSX secure delete option every time I delete anything from trash. So, unlike Judge Posner, I just can't view it as an evil hacker tool, the way he does. However, if the guy deliberately destroyed the materials so as to prevent IAC from being able to compete, and the materials belonged to them and they had no other copy, obviously that isn't right either, and the wording of the CFAA [Computer Fraud and Abuse Act] then might well seem to cover what he did. But their other claims under state law are certainly sufficient to deal with that kind of behavior. What happened was, as I see it, a dance to keep it in federal court. That doesn't mean that in the end he'll be found guilty of violating the CFAA necessarily, but it does mean that anyone in the Seventh Circuit now can be, if the circumstances are right.

However, I personally found the most interesting part of the analysis to be:

And you'll notice that he bases his argument not on the parts of the CFAA that the plaintiffs cited but on [a different section]. When you see judges helping one side out like that it generally means that they are looking for a way to pin the guilty party, in their estimation. Frankly, if a judge wants to get you, you're going to get got. They know how.

In the past, I've had long arguments over risks regarding "authorization" and the Computer Fraud and Abuse Act. The problem is that any truth residing between pseudojournalistic wolf-criers, and overconfidence in the opposite direction, still ends up in a bad place.

Posted by Seth Finkelstein at 11:59 PM
February 23, 2006

Perfect10 vs Google, and copyright aspects of nude women pictures

I'm surprised there hasn't been much mention of some amusing aspects to be found within the Perfect10 vs Google ruling, since plaintiff "P10 publishes the adult magazine "PERFECT 10" and operates the subscription website, "perfect10.com," both of which feature high-quality, nude photographs of "natural" models".

Accept a substitute?

Merely because Google's thumbnails are not cropped does not necessarily make them exact copies of P10's images, but the record currently before the Court does suggest that the thumbnails here closely approximate a key function of P10's full-size originals, at least to the extent that viewers of P10's photos of nude women pay little attention to fine details.

It's creative, not objectification:

Google argues that P10's works are not creative because P10 "emphasizes the objects of the photographs (nude women) and [P10] assumes that persons seeking Perfect 10's photos are searching for the models and for sexual gratification." Google contends that this "implies a factual nature of the photographs." The Court rejects this argument. The P10 photographs consistently reflect professional, skillful, and sometimes tasteful artistry. That they are of scantily-clothed or nude women is of no consequence; such images have been popular subjects for artists since before the time of "Venus de Milo."

And, from a legal standpoint, it's not true that if you've seen one, you've seen them all:

The Court finds that Google's use of the infringing copies of P10's images also is no greater than necessary to achieve the objective of providing effective image search capabilities. In doing so, the Court rejects P10's contention that Google could have provided such assistance through the use of text, claiming that P10's images are more readily describable in words than Kelly's images. First, contrary to P10's contention, photographs of nude women can, like photographs of the American West, vary greatly.

It's always intriguing to see how this material is treated in legal cases.

Posted by Seth Finkelstein at 10:53 AM
February 21, 2006

Perfect 10 v Google - Google Image Search Can Be Copyright Infringement

In Perfect 10 v Google, a judge has ruled (news report), in a preliminary injunction:

The Court now concludes that Google's creation and public display of "thumbnails" likely do directly infringe P10's copyrights. The Court also concludes, however, that P10 is not likely to succeed on its vicarious and contributory liability theories.

This is a quite unfavorable outcome for the dispute over Google Print: Copyright vs. Innovation vs. commercial value.

Some key elements:

i. Commercial Versus Noncommercial Use

In assessing whether a use is commercial, the focus here is not on the individuals who use Google Image Search to locate P10's adult images. Nor is it on whether their subsequent use of the images is noncommercial (e.g., titillation) or commercial (e.g., to print and sell). Rather, it is Google's use that the Court is to consider. That use, P10 contends, is commercial in nature. The Court agrees.

Courts have defined "commercial uses" extremely broadly. [...] Google unquestionably derives significant commercial benefit from Google Image Search in the form of increased user traffic--and, in turn, increased advertising revenue. The more people who view its pages and rely on its search capabilities, the more influence Google wields in the search engine market and (more broadly) in the web portal market. In turn, Google can attract more advertisers to its AdSense and AdWords programs.

Note this is very unfavorable for the Google Book fair-use argument. Because there, Google's use is also commercial in nature, under similar reasoning.

A distinguishing factor from an earlier, more favorable, decision (Kelly v. Arriba Soft):

But unlike Arriba, Google offers and derives commercial benefit from its AdSense program. AdSense allows third party websites "to carry Google-sponsored advertising and share revenue that flows from the advertising displays and click-throughs."

And regarding the factor of effect on potential markets:

On the other hand, Google's use of thumbnails likely does harm the potential market for the downloading of P10's reduced-size images onto cell phones. Google argues that because "P10 admits [that] this market is growing," its "delivery of thumbnail search results" must not be having a negative impact. Apart from being more relevant to the quantification of damages, this weak argument overlooks the fact that the cell phone image-download market may have grown even faster but for the fact that mobile users of Google Image Search can download the Google thumbnails at no cost. Commonsense dictates that such users will be less likely to purchase the downloadable P10 content licensed to Fonestarz.

That's a strong legal rebuff to a commonly-seen argument on these issues.

And more:

D. Public Interest

Google argues that the "value of facilitating and improving access to information on the Internet . . . counsels against an injunction here." This point has some merit. However, the public interest is also served when the rights of copyright holders are protected against acts likely constituting infringement. Furthermore, in this case a preliminary injunction can be carefully tailored to balance the competing interests described in the first paragraph of this Order: those of intellectual property rights on the one hand and those promoting access to information on the other.

Though this is just a preliminary injunction, it's a stark reminder that courts do not necessarily agree with arguments we echo.

[Update - clarified this is only a preliminary injunction]

Posted by Seth Finkelstein at 11:58 PM | Comments (2)
January 21, 2006

Google Search Subpoena Origins

Further note on the basis for the subpoena for search queries. I suspect it's coming out of the following aspects of the previous COPA law legal briefs (COPA = Child Online Protection Act, the law at issue):

[Note I don't quote this passage as truth, but rather to illustrate the sort of argument that the government was making, and why they're doing a search query survey]

The House Report accompanying COPA further documents the serious problem that Congress sought to address. By 1998, the number of minors using the Internet had grown to 16 million. H.R. Rep. No. 775, supra, at 9. At the same time, the number of pornography Web sites had grown to 28,000. Id. at 7. Those sites offer "teasers"-free pornographic images designed to entice users to pay a fee to explore the whole site. Id. at 10. Because Web software is easy to use, "minors who can read and type are capable of conducting Web searches as easily as operating a television remote." Id. at 9-10. As a result, pornographic material on the Internet is "widely accessible" to minors. Id. at 9. While many minors deliberately search for pornographic Web sites, others accidentally stumble upon them. Id. at 10. Many pornographic sites use "copycat" Web addresses to take advantage of innocent mistakes. For example minors would find hard-core pornography by mistyping www.whitehouse.com rather than www.whitehouse.gov. Ibid. Searches using common terms such as toys, girls, boys, bambi, and doggy all lead to pornographic sites. Ibid. Most pornographic Web sites either provide no warning that their sites contain pornography or provide a warning on the very same Web page that displays pornographic teasers. Ibid.

Sigh. I give up. The fever-swampers win. Government bad! They're coming to get you!

It just takes too much time to research this stuff, for too little return.

Posted by Seth Finkelstein at 07:49 AM
September 23, 2005

Google Print, Statutory Damages, And The Library Exception

Ed Felten ponders:

"... because if Google loses, it won't just have to reimburse the authors for the economic harm they have suffered. Instead, Google will have to pay statutory damages ... In light of the risk Google is facing, it's surprising that Google went ahead with the project."

Aha! Now it all falls into place!

In fact, Google WON'T necessarily have to pay ANY statutory damages. Because of an obscure part of the statutory damages provision:

The court shall remit statutory damages in any case where an infringer believed and had reasonable grounds for believing that his or her use of the copyrighted work was a fair use under section 107, if the infringer was (my emphasis):

(i) an employee or agent of a nonprofit educational institution, library, or archives acting within the scope of his or her employment who, or such institution, library, or archives itself, which infringed by reproducing the work in copies or phonorecords; or ...

Google has the lawyer-power where, even if it loses on legal principle, it can likely persuade the judge to let it off the hook for ANY damages because of the "agent of a ...library" exception.

That explains a lot which has been going on. Quite a lot. Truly, follow the money, and much is revealed.

Posted by Seth Finkelstein at 11:01 AM | Comments (2)

Google Print Is Not Copyright's Enemy-Of-My-Enemy-Is-My-Friend

Siva Vaidhyanathan makes excellent points about the Google Print Lawsuit:

The issue is the effect on the "potential" markets, not the established markets. Because a market exists (and a greater potential market lurks) for licensed digital images of published books, the library project is about that market (see Amazon and Google Print) rather than the market for the physical book. ...

Again, please don't misunderstand me. I am not cheering for the authors here. I am just worried that admiration for Google is clouding judgements. ...

The copyright issue at hand here is not really fair use. That's just trivia.

It is this: Will copyright remain a copy right or will it become a distribution right? Which is better? Which should it become? What are the gains and losses if we were to see such a shift? Would Time-Warner and Disney (both major book publishers) let that happen?

Google is using an "open" business model here: Use the content, or services built on the content, as a loss-leader to draw eyeballs and so sell advertising. This is a venerable, workable, business model. Thus, people then think that boosting Google's use of this business model is a blow against the copyright business model. Therefore, it's called "fair use", it seems to me often more on the basis of this policy advocacy, rather than any detailed legal analysis.

It's an appealing thought. But sadly, I have the sense that in this case we're just replacing one boss with another. This is not an altruistic act where Google is merely contributing to the Commons. Rather, it's strategic business positioning for them. There's nothing intrinsically wrong with that. It's a good move, leveraging their current strengths. However, there's no need to automatically imbue it with an enemy-of-my-enemy-is-my-friend aspect, which isn't necessarily there.

Posted by Seth Finkelstein at 09:11 AM | Comments (6) | Followups
September 21, 2005

Google Print Lawsuit

The inevitable Google Print Lawsuit has been filed, by the Author's Guild.

The complaint doesn't appear to argue much beyond a simple claim that Google's actions are copyright infringement, the core is:

39. Google has made and reproduced for its own commercial use a copy of some of the literary works contained in the University of Michigan library, which contains the Works that are the subject of this action, and intends to copy most of the literary works in the collection of that library.

40. Google's conduct is in violation of the copyrights held by the Named Plaintiffs and other members of the Class.

As I wrote earlier in Google Print: Copyright vs. Innovation vs. commercial value, I think there are some inherent conflicts here:

That is, the technology company can't be right every time, almost by definition. Because copyright as a limited monopoly fundamentally restricts innovation in some ways. That's the trade-off.

I'm not in the business of writing legal briefs, and I don't have any particular passion for or against Google Print, so I'm not going to go deeply into the fair-use arguments (no point for me in that ...). Anyway, I suspect that it's just going to come down to a whether the relevant judges believe the project is useful or not, which is leading to a perception/PR battle.

Posted by Seth Finkelstein at 02:31 PM | Comments (3)
August 25, 2005

Supreme Court Appeal for Communications Decency Act Lawsuit

The Nitke v. Gonzales case, which challenges the conflict between obscenity, "community standards", and the Internet, is being appealed to the Supreme Court, in response to an unfavorable lower court ruling.

"The CDA contains provisions that ban speech and images from the Internet that any local community in the U.S. could deem obscene, even though that speech would be fully protected elsewhere. The CDA also contains a provision that states that it's illegal to put any obscene material on the web in such a way that minors can access it. However since the Internet can be accessed by anyone with a computer, anything on the web can be accessed by a minor as previously held by the Supreme Court in Reno v. ACLU."

Posted by Seth Finkelstein at 02:06 AM
August 06, 2005

The FBI chapter of the Thrilling Saga of Mike Lynn (Cisco/ISS presentation)

Back from the cliffhanger, with everything from comic relief ("... I definitely used the word "sleazy" more than once") to madcap confusion ("... crowd is filled with both conspiracy theorists and reporters, and sometimes the two types overlap. So all the hens were clucking, passing stories to each other ..."), lawyer Jennifer Granick concludes the exciting saga with the FBI chapter. My two take-away parts of general interest:

I notified the agent in charge that I represented Mike Lynn and that he was asserting his Fifth and Sixth Amendment rights not to be questioned outside my presence. (Tip: Always assert both your right to remain silent and your right to have an attorney present.)

And

(Another tip: Don't try to convince law enforcement of your own innocence. Get a lawyer. Really.)

[Indeed, I know people have messed-up here (though I don't want to seem to criticize anyone by a link)]

To me, the most interesting thing about this chapter (putting aside the human drama) is that apparently neither Cisco lawyers nor ISS lawyers called in the FBI. If it wasn't those lawyers, who was it? Some other part of Cisco or ISS? Doing it without telling the legal department? Looks like she can't say, even if known. But it's disturbing to see that FBI can be invoked so readily, with all the problems that causes.

Posted by Seth Finkelstein at 02:43 AM
August 03, 2005

Jennifer Granick on Defending Mike Lynn (Cisco/ISS router disclosures)

Read Jennifer Granick's inside account on the Mike Lynn case, explaining the legal issues regarding his disclosure of Cisco router security problems. Money quote (pun intended):

At the point that you get sued, or even charged with a crime, it matters less what actually happened and whether you did something wrong and more what it takes to get out of the case as unscathed as possible. It's sad, but true, that our legal system can often be more strategy than justice.

Core of the "interesting" legal controversy:

It seemed that Cisco was claiming that Mike's actions were improper because he violated the End User License Agreement (EULAs), which prohibited reverse engineering. So now I was having fun. I'm totally interested in EULAs and the circumstances under which they take away public rights that are otherwise guaranteed us. Usually, a breach of contract is no big deal. But increasingly in the tech field, we're seeing big penalties for what's essentially a contract violation. Under the Computer Fraud and Abuse Act, if you exceed your authorization to access a computer, you've committed a crime. Cases have said you exceed authorization when you breach a EULA, terms of service, or employment contract. Other cases have said that EULAs can waive fair use rights and other rights guaranteed under copyright law. Lynn's case presented the question of whether EULAs could subvert the legislature's express desire to allow people to reverse engineer trade secrets.

[Note - I've said this before, many times, but once again, here's more evidence that the types of legal risks I faced myself in investigating censorware were severe, and it was a very serious matter of extensive attacks combined with lack of support which made me quit censorware decryption research]

Posted by Seth Finkelstein at 11:53 PM | Comments (6)
July 13, 2005

Internet Archive DMCA Circumvention Lawsuit

The Internet Archive is a wonderful organization which keeps historical records of websites ('The Wayback Machine"). In Healthcare Advocates, Inc. v. Harding, Early, Follmer & Frailey, they are involved in a lawsuit alleging a violation of the DMCA. See William Patry for details and discussion.

The basic DMCA aspect of the case seems to be the Internet Archive uses (current website) "robots.txt" exclusion files to block access to archived material (they talk about "removing documents", but it's really "block access", not deletion). The defendants in the case were able to get to historical versions of the website in question anyway. The court complaint is unclear about exactly what happened. After thinking about it, the following is my speculation as to the technical aspect of the sequence of events (some material below taken for the lawsuit).

1) Fact - In order to decide whether to display the history version of a website, the Internet Archive queries the current website for the contents of the "robots.txt" file (to see if that file prohibits the display or not).
2) Fact - The check is supposed to be done once per day.
3) Fact - There was a bug in this check, which led to the lawsuit.
4) SPECULATION - The bug in the check was that if an attempt to retrieve the "robots.txt" file failed, that failure would be treated as if no "robots.txt" file existed, and that means no block on display (i.e. everything could be displayed for that attempt).
5) SPECULATION - At the time, this bug could be triggered by repeatedly attempting to retrieve pages from the historical site (which would, at the time, trigger repeated retrieval attempts of "robots.txt", some of which might have failed).

Hmmm ... I hate to say it, but if the above is a correct reconstruction, it does begin to at least arguably look like an access control circumvention under the DMCA. The Internet Archive relies on external files to "control access" to archived website content. The defendants here found that sometimes it appears to the Internet Archive as if the external file wasn't present, via an implementation flaw.

I think it comes down to whether buggy "technological measures" still count under the law, and if taking advantage of a malfunction counts as circumvention by the user. It seems to be a much tougher case than it first appeared.

Posted by Seth Finkelstein at 01:38 PM
June 14, 2005

EFF - Legal Guide for Bloggers

EFF's Legal Guide for Bloggers
http://www.eff.org/bloggers/lg/

I'll play, to add to the link 'pop/'rank/'rati.

The guide is well-done, and people who dislike EFF should not think it overly partisan. Many contentious political issues have been gently side-stepped, or treated neutrally to a fault. And it's useful.

But of course, no matter what your rights are, there's always a worrisome gulf between theory and practice. Perhaps the single most important statement in the guide is:

Can EFF defend me?

Maybe. EFF is a small, grassroots legal advocacy nonprofit supported by member contributions. We provide pro bono (free) legal assistance in cases where we believe we can help shape the law. Unfortunately, we have a relatively small number of very hard-working attorneys, so we do not have the resources to defend everyone who asks, no matter how deserving. If we cannot assist you, we will make every effort to put you in touch with attorneys who can. If you're in trouble, you can contact us at information@eff.org.

Posted by Seth Finkelstein at 11:59 PM
April 07, 2005

More on software licenses and the "Krause" case - the worse, the more valid?

Michael Madison replies, concerning the discussion of software licenses and the case Krause v. Titleserv:

I think that the [Krause] case is important, and Seth thinks that it's less so. I focus on two things. First, though the case isn't the first appellate decision to interpret Section 117 to limit the power of a licensor to declare unilaterally that code is licensed (DSC v. Pulse in the Federal Circuit purports to come to the same conclusion), it's the first significant opinion to make that point a holding, by actually finding in favor of the purported "licensee" In other words, this court puts its money where its mouth is. Second, the opinion is written by Judge Leval, who knows a lot about copyright law and whose opinions and articles on copyright are widely read and respected. He's a heavyweight, and when he speaks, the copyright world usually listens.

I believe - I fear - that it's a very long way from the situation where one programmer did a bad job on the legal specification of the software "license", and hence lost out against a business client (as in the case under discussion), to overruling of the general mass-market "EULA" license imposed by a big vendor (which will surely be drafted by attorneys with a full command of the legal necessities).

I certainly find no comfort from this case myself, due to the differences between the atypical facts and what's likely to be the situation for someone sued for reverse-engineering or copyright violations. Would it be reasonable to paraphrase the current situation as "Ownership of a copy can't be retained by the mere phrase "Licensed not sold" - more is required"? Focusing on the first part of that sentence sounds hopeful, but it appears that the second part is the killer in practice.

Looking at the "DSC" case noted above:

The concept of ownership of a copy entails a variety of rights and interests. The fact that the right of possession is perpetual, or that the possessor's rights were obtained through a single payment, is certainly relevant to whether the possessor is an owner, but those factors are not necessarily dispositive if the possessor's right to use the software is heavily encumbered by other restrictions that are inconsistent with the status of owner.

It all seems to be saying that the more restrictive a licensing "agreement", the more likely a court will find that it is a valid licensed-not-sold situation, and hence the most effective action is to make the "license" as onerous as possible!

In fact, the logical implications of these decisions seems to be to encourage EULA's to be worse, to satisfy the "heavily encumbered" condition.

I don't like that near-paradoxical outcome. But it seems to be the inevitable result.

[Disclaimer: As always, I'm not a lawyer, merely a hare running for his life.]

Posted by Seth Finkelstein at 11:59 PM
April 06, 2005

Krause v. Titleserv : software licenses limited - but outlier facts

(Michael) Madisonian Theory discusses a case concerning the "license" vs "owner" issues for software licenses (via Copyfight):

A win for software users: Krause v. Titleserv, Inc. (pdf), ... which contains a long and thoughtful analysis of Section 117 of the Copyright Act by Judge Leval. Section 117 grants certain rights to copy software to the "owner" of a particular copy, a phrasing that software companies have long seized on to justify many of the more onerous provisions of mass market software licenses. If a software user merely "licenses" the software, then (allegedly) the rights of "owners" don't apply. Judge Leval decisively and rightly rejects the idea that Section 117 can be bypassed by the software developer's unilateral characterization of the transaction as a "license." Importantly, the court goes on to hold that the defendant in the case could lawfully exercise the rights of a Section 117 "owner" even though it did not possess formal title to its copy of the program.

Having an intense interest in the topic of such onerous provisions, I spent the time to read through the case. Hold on to the party hats. It's not impressive, in my view (disclaimer: I'm not a lawyer, merely a hare running for his life).

The kicker is in this part of the decision (my emphasis):

We conclude in the absence of other evidence that Titleserv's right, for which it paid substantial sums, to possess and use a copy indefinitely without material restriction, as well as to discard or destroy it at will, gave it sufficient incidents of ownership to make it the owner of the copy for purposes of applying § 117(a)

Virtually every mass-market software license "EULA" has verbiage about terminating the license and restrictions on use. The basis of the court's decision seems to be that the programmer did not properly incant the magic phrases which run approximately "This is licensed, not sold. In the event of a dispute, your license may be terminated. You agree not to do the following list of actions ...".

So I can't see this case having much applicability to the general issue of the enforceability of mass-market software licenses. It's an outlier, where the facts of the dispute are sufficiently atypical so that the result isn't very meaningful regarding problems facing the vast majority of software users.

Moreover, the social framework of the case is a mid-ranking individual versus a business. Reading between the lines, the court seems to be being very expansive in legal construction in order to get to the outcome it sees as proper, of permitting the business use over the individual copyright claims:

Thus, a right to make those changes necessary to enable the use for which it was both sold and purchased should be provided. The conversion of a program from one higher-level language to another to facilitate use would fall within this right, as would the right to add features to the program that were not present at the time of rightful acquisition.

That's a very kind reading of the "right to make those changes necessary". I approve, of course. But given the "judicial flaming" I've now read over the years, I don't think this same kindness is going to be shown to any litigant viewed as a social trouble-maker. So I can't see it being much of a help overall. Sure, it'll go into any argument. But I can't see it'll do much good, sorry.

Posted by Seth Finkelstein at 01:09 AM
March 18, 2005

Reflections on "Code and Other Laws of Cyberspace"

I've been trying to come up with a way to concisely express why Code and Other Laws of Cyberspace is such an important book, in my view. Now, likely few people reading this will argue with me. Since almost all blogs are confined to a small self-selected fan audience, I know to the readers here I'm preaching to choir. Yet still, I feel there's something to say. Perhaps just to those few who are contrarian, or lump the book with cyberguru excesses (or maybe if censorware company people are still reading me daily, they'll learn something - I sometimes wonder if the government agents who made investigative files on writers and artists, ever obtained a second-hand education in high culture from their subjects).

To some, Code was an intellectual beacon. To me, the significance of its importance cannot be overstated as a standards-bearer. It's hard to explain this to many people nowadays. Years ago, far too much of the intellectual discussion about the Internet was dominated by a stifling net-libertarianism. There's a reason I developed a habit of writing so harshly about anything related to Libertarianism. That came from years and years of being harangued by what I call "the street-preachers of the Information Superhighway". Just compare Declaration of Independence, real and imaginary.

The book Code was a rallying-point for intellectual opposition to the net.libertarian view. It was someone with prestigious legal, public-intellectual, credentials, making the case for an important way of thinking. No-one (well, almost no-one), was going to listen to me, a no-credential no-status programmer writing on mailing lists, about these issues. But they would hear the arguments being made by a Professor at Harvard Law School and Fellow of the Berkman Center for Internet and Society.

I can't convey what a tangible, empirical, difference, the book made. Prior to it, when I talked about structural implications and outcomes, and how designs can have effects, I'd mostly just get bafflement. Or worse, Liberbabble. After Code came out, I found the magic phrase was "Like Lessig writes in Code". People may not in fact have understood, may only have thought they did. But soooo much of my typing was saved. Not to mention a great easing of the struggle for intellectual credibility.

This is one of the few times I could sincerely gush the PR phrase "I'm excited to be a part of this project". Though my full thoughts are actually more nuanced. Note I don't consider this free-speech activism (so I don't think I'm being inconsistent), merely volunteering editorial assistance. I had some trepidation, for complex reasons. But having a chance to be heard, to play a serious role in the rewrite of such an important book, won out.

My thinking is that Code truly made a difference, and I'm hoping my participation will make a difference.

Posted by Seth Finkelstein at 08:36 AM | Comments (3)
March 16, 2005

Lessig Code Book Wiki

Lessig Code Book Wiki
http://codebook.jot.com/

Lawrence Lessig and JotSpot Invite the Internet Community to Update 'Code':

SAN DIEGO, Calif., ETECH, March 16 /PRNewswire/ -- JotSpot, the first application wiki company, today announced that it is teaming up with Lawrence Lessig, Stanford law professor and renowned legal author, on an update to his 1999 book "Code and Other Laws of Cyberspace". Professor Lessig is inviting the online community to contribute its collective knowledge to his original work via a JotSpot wiki. Open today at http://codebook.jot.com , the project is an unprecedented experiment in group publishing. Contributions to the public wiki will be aggregated and published in a print update of Code later this year.

I am biased. Very biased. I am part of the project team.

Posted by Seth Finkelstein at 02:43 PM
February 19, 2005

EFF: Dangerous Terms A User's Guide to EULAs

"Dangerous Terms A User's Guide to EULAs" is EFF's latest white paper, written by Annalee Newitz:

They're called End User License Agreements, or EULAs. Sometimes referred to as "shrinkwrap" or "click-through" agreements, they are efforts to bind consumers legally to a number of strict terms ? and yet you never sign your name. Frequently, you aren't even able to see a EULA until after you've purchased the item it covers.

...

With consumer activism, as well as actions that push our legislatures and courts to change consumer protection laws, we can prevent corporations from taking away our rights one mouse click at a time.

If you have been harmed by a EULA, or threatened with legal action because of one, EFF wants to hear your story. E-mail us at EULAharm@eff.org.

[Via Copyfight] This seems to be connected to the legal proceeding of the Blizzard vs BNETD case.

Harmed ... Well, where do I start ...

Might as well just repost something I wrote a while back, about reverse-engineering vs. fair-use, and censorware examples


Findlaw [had] an interesting article "Should Software Companies Be Able, Through Contracts, To Prevent Competitors From "Reverse Engineering" Their Products", by Chris Sprigman. It's a very good discussion of the subject. But there's a few places which could use some commentary:

Minor point:

Now, however, some companies whose software has been reverse engineered have started to fight back. They have added anti-reverse engineering provisions to the "shrinkwrap" licenses that accompany their products.

"Now"? This isn't new. I can't recall ever seeing a commercial shrinkwrap license without prohibitions against reverse-engineering. I found a censorware example from 1997, with a reply indicating this issue goes back decades (n.b., this is in part why I did my pioneer work against censorware , in virtual anonymity for so long).

Major point:

Reverse engineering itself, then, has been held to be fair use.

There's a difference between the idea that "Reverse engineering itself, then, has been held to be fair use", per se, intrinsically, and that certain instances of reverse engineering have been held to be fair-use, but others have been denied as fair-use. That is, between is fair-use, versus could be, but also might not be, fair-use. A reader of that article can easily get the impression that the courts have said reverse-engineering itself is always permitted as fair-use, whereas they've also said in other cases that it's not fair-use.

In particular, of special interest to me, the Cyberpatrol lawsuit, regarding programmers who reverse-engineered that censorware, has the following nasty things to say about that reverse-engineering of censorware:

43. Jansson and Skala admitted that they reverse engineered and decompiled Cyber Patrol Cyber Patrol, which violates the Cyber Patrol license agreement and creates an intermediate copy of Cyber patrol. ... In either case, by creating an intermediate copy of the Cyber Patrol software the defendants committed a prima facie copyright violation. ...

No Fair Use Defense

44. Fair use is a statutory affirmative defense to conduct otherwise actionable under the copyright law. ...

45. In general, any claimed "fair use" must be "consistent with the ultimate aim [of the Copyright Act] to stimulate artistic creativity for the general public good" ...

46. It is the defendants' burden to demonstrate such "fair use." ...

47. The individual defendants have no "fair use" defense here because they have neither asserted it nor submitted evidence supporting any fair use defense. ...

48. In addition, the purpose of the copying here is inconsistent with the general public good. The individual defendants' avowed purpose for decompiling CyberPatrol was to allow "youth access" to inappropriate content on the World-Wide-Web. That purpose contradicts the public interest as specifically found by Congress ...

49. Finally, to negate fair use one need only show that if the challenged use should become widespread, it would adversely affect the potential market for the copyrighted work ...

50. By their own admission, Jansson and Skala created the Bypass Code to "break" CyberPatrol ... Software explicitly designed to make CyberPatrol ineffective for its intended use can do nothing other than "adversely affect the potential market for the copyrighted work" ...

So whether reverse-engineering is fair-use also has to do with whether the court finds the specifics to be in "the general public good".

Disclaimer: I'm not a lawyer. But as the saying goes, the hound was only running for his dinner, but the hare was running for his life.

Posted by Seth Finkelstein at 09:06 PM
February 08, 2005

John Wirenius Blog

The Wirenius Report Blog has recently been launched:

John Wirenius is a lawyer and scholar whose practice and writing centers around the balance of power between the individual and the state, and in preserving freedom of speech. John is presently representing pro bono the New York City artist Barbara Nitke and the NCSF in the First Amendment case Nitke v. Ashcroft, which challenges federal statutes allowing prosecutors to apply the most conservative community standards of decency in the Nation to the entire Internet.

In the interest of helping out, I thought I'd do post about it.

I am of course biased, since I worked with John Wirenius on the above-mentioned Nitke v. Ashcroft case. His initial post has a very long status update, and also says nice things about me (I am not too modest to quote that section, but there's important material in it):

We had two generous and brilliant tech-wizards--Ben Laurie and Seth Finkelstein--who purely for principle, agreed to appear in court and explain why speech on the Internet is an all-or-nothing thing--that you can't prevent visitors from the more conservative communities from accessing a website or other online speech.

The quality of his writing shines in other commentary too, e.g. analysis of the obscenity issues in Extreme Associates Dismissal:

Moreover, obscenity law chooses a side in the war of ideas--defending old fashioned propriety against libertinism, or pro-sex viewpoints. That advantaging one side of an ongoing social debate violates the very core of the First Amendment--the requirement that laws be viewpoint neutral. In other areas of so called "low value speech," such as "fighting words," the Court has held that restrictions must be viewpoint neutral. See RAV v. City of St. Paul, 505 U.S. 377, 382-383 (1992). But again, in obscenity, that rule does not apply, with the only reason set forth is that "traditionally" obscenity law is an exception to free speech. (The Court in obscenity cases is a little like Tevye asserting "Tradition!" when all other arguments fail.) But tradition is not enough; as Justice Holmes pungently put it "it is revolting to have no better reason for a rule of law than so it was laid down in the time of Henry IV." (Holmes, "The Path of the Law" in Collected Legal Papers (1921) at p. 187).

All well and good; but will the Court of Appeals (to say nothing of the Supreme Court) approve Judge Lancaster's daring in undermining these decades of settled authority? Stay tuned....

More to sample:

Catastrophic Success Against the English Language
NYC Gay Marriage Decision
Boxer v. Rice: What Liberal Media?

Blogdom is an oligarchy, where the cold equations of exponential distribution of attention dictate that there are many worthy voices which are barely heard. John Wirenius has brought a critical Internet free-speech fight through the courts, possibly going to the Supreme Court. Hear him.

Posted by Seth Finkelstein at 08:08 AM | Followups
January 13, 2005

Berkman Center's newsletter mentions me in Internet "community standards" case

The current edition of the Berkman Center for Internet and Society newsletter, "The Filter" No. 7.01 01.04.05, has an item on the Nitke case, and mentions my expert testimony. Thanks!


* Defining "Community Standards" for the Internet

Sections of the Communications Decency Act have concerned advocates for online freedoms since passage of the law in 1996. While many of the CDA's provisions about internet "indecency" were overturned in Reno v. ACLU in 1997, other provisions, such as limitations on ISP liability and restrictions about online "obscenity," remain intact. Plaintiffs in the recent lawsuit, Nitke v. Ashcroft, are now challenging these obscenity standards. New York artist Barbara Nitke, whose photography depicts sexual and controversial scenes, filed for declaratory judgment to protect online displays of her work in 2001, and written arguments in the case were finally submitted last month. One of the core issues raised in Nitke v. Ashcroft is the difficulty of determining "obscenity" on the internet, since its definition depends on measuring "contemporary community standards." Which community standards apply to the global Internet? Technology experts and internet activists have sided against the law based on this concern and as well as concerns about First Amendment freedoms and online anonymity. The case now falls to the Southern District of New York for a decision.

Plaintiff's Overview (John Wirenius): <http://www.wireniusreport.net/overview.html>
Original Media Coverage (CNN): <http://archives.cnn.com/2001/TECH/industry/12/20/obscenity.suit.idg/>
Expert Testimony about Challenges to Geolocation (Seth Finkelstein): <http://sethf.com/nitke/ashcroft.php

Posted by Seth Finkelstein at 09:17 AM | Followups
November 24, 2004

"EFFector" (EFF newsletter) CDA trial mention / credit

Credt ... Credit ... I'm mentioned in the current issue of EFF's newsletter, "EFFector", which has coverage of the Nitke case:

Last month, the case came to trial to resolve a number of disputed factual matters. The two-day trial featured testimony by expert witnesses including UK security expert Ben Laurie and EFF Pioneer Award Winner Seth Finkelstein, both of whom testified that trying to determine the true physical locations of Internet users is both difficult and costly.

...

NCSF press release on the trial, annotated with links by expert witness Seth Finkelstein:
http://sethf.com/nitke/cda-trial.php

Thanks much.

Posted by Seth Finkelstein at 12:18 AM | Followups
November 16, 2004

Reports You Won't See - A Survey Of Censorware Cryptography

[Another Censored Censorware Report]

Having examined more censorware internals than anyone else in the world, I've considered there might be an interesting academic survey paper describing the encryption algorithms employed various programs. It ranges all the way from the trivial encryption of "XOR" with a single byte (the original version of CyberSitter), to the full-blown Data Encryption Standard (DES). Of course, using the power of the Data Encryption Standard algorithm doesn't help too much when they give out the key in first place if one knows where to look.

Digression: During the DMCA exemptions testimony, when censorware company representative David Burt was taking the tactic that no American military was in Iraq no censorware decryption had been done, I thought of replying along the lines of "David, does the string [recite N2H2's private decryption key] mean anything to you?". But sadly, as a mere PR flack, he probably could have truthfully answered that the random letter/number combination which was N2H2's private decryption key, did not mean anything to him (and I couldn't remember it right then anyway).

But in terms of lawsuits, this isn't playing with fire, it's playing with WMD's (Weapons Of Mass Destruction). Or Lawsuits Of Massive Damages. A few years ago, when CyberPatrol sued two programmers, they opened with a $75,000 damage claim. Remember, that was just the start. These days, given the success of the music industry litigation tactic of loading up on claims of huge damages, gallows humor is whether a censorware lawsuit would confine itself to claiming mere millions of dollars, or go for billions of dollars.

Let's recall, even the DMCA 1201(g) research exemption is full of wiggles such as:

... the person made a good faith effort to obtain authorization before the circumvention;

[elsewhere] ... whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;

... whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; ...

There's almost a paradox here, in that low-hanging research fruit is likely snapped-up already by high-ranking researchers, leaving hard foraging for those further down the ranks. But that's exactly the sort of work which is going to involve more risk, yet at the same time apparently has less legal protection, because one almost needs to already have good formal credentials ("appropriately trained or experienced") in order to qualify in the first place! (i.e., want a job, get some experience, want some experience, get a job).

A paper which does very little for me personally, but has a reasonable chance of pauperizing litigation, yet I have no organization backing, is all a losing proposition. I am chilled.

Posted by Seth Finkelstein at 11:59 PM | Comments (4) | Followups
November 15, 2004

Banned Censorware Report - SmartFilter Reverse-Engineering

[I'm returning to my series of Censored Censorware Reports, where I describe research I cannot publish due to the lawsuit risk, and corresponding lack of necessary legal and journalistic support.]

There isn't all that much to describe regarding this report, because it was intended to outline some reverse-engineering of the censorware program SmartFilter. It's hard to give details here without actually writing the material, and so defeating the purpose.

However, the following news item, from Susan Crawford, should make the derailed and destroyed report relevant and perhaps even poignant (my emphasis below):

3. Speaking of EFF, they're looking for amicus briefs to be filed by December 22, 2004 in the Blizzard v. Internet Gateway case in the 8th Circuit. The district court decision [pdf] in that case upholds a very broad license agreement forbidding any kind of reverse engineering or fair use; key issues before the appellate court will be preemption and the scope of the 1201(f) exception in the DMCA for reverse engineering.

("Blizzard v. Internet Gateway" is the same case as the previously mentioned Blizzard vs BNETD, that's just a variation in the name)

Note it's unclear if my plight would even be fodder for an amicus ("friend of the court") brief here. There are legal details I don't completely understand, having to do with rules that appeals are supposed to refer only to facts already in the trial record. This is very different from e.g. the (failed) "affirmative" case against N2H2, where the facts there were developed specifically for the legal challenge.

It's not worth years of litigation to publish this research, even if I eventually won. Not when there's so little backing and support.

[Update: I should have explained than an amicus brief is by "someone who is not a party to the litigation, but who believes that the court's decision may affect its interest." - I hope the application is obvious ...]

Posted by Seth Finkelstein at 11:59 PM | Followups
November 08, 2004

PR for "Barbara Nitke and National Coalition for Sexual Freedom v John Ashcroft"

Nitke v. Ashcroft case # (01 CIV 11476 (RMB)) press release excerpt:

Full version: http://sethf.com/nitke/cda-trial.php

Challenge to the Communications Decency Act

Contact: Susan Wright, Spokesperson
917.848.6544
susanw[at-sign]ncsfreedom.org
http://www.ncsfreedom.org/

October 29, 2004, New York City - Testimony concluded on October 28, 2004, in Barbara Nitke and National Coalition for Sexual Freedom v John Ashcroft, in the Federal District Court for the Southern District of NY, case # 01 CIV 11476 (RMB). This lawsuit is challenging an unconstitutional law called the Communications Decency Act (CDA) which criminalizes free speech on the Internet. Plaintiffs are represented by noted First Amendment attorney, John Wirenius.
...
The reliability of geolocation software was challenged by testimony from Ben Laurie of The Apache Software Foundation. Seth Finkelstein, a computer technical expert, testified about the conflicts between geolocation software and the protection of privacy. Geolocation software allows website hosts to block visitors from certain states or areas of states. This is a critical component of the case because obscenity is determined by "local community standards." Testimony was sharply divided over the accuracy of geolocation software, varying over a range of 60-95% effective. ...

[Note this case concerns provisions of the Communications Decency Act, such as the definition of obscenity and its "community standards" aspect, which were not addressed in Communications Decency Act cases such as Reno v. ACLU]

Posted by Seth Finkelstein at 09:07 AM
October 31, 2004

CDA Internet obscenity trial, expert declaration on-line

My expert declaration in the Nitke v. Ashcroft case is now on-line. This addresses how the Internet and issues of community standards conflict with anonymity and privacy, as well as other problems with determining the location of users who are reading material from websites.

http://sethf.com/nitke/declaration.php

It's a condensed version of my Nitke v. Ashcroft expert report.

Posted by Seth Finkelstein at 11:59 PM | Comments (4) | Followups
October 30, 2004

Back from a week consumed by CDA obscenity case trial

I've just gotten back from a week consumed by the Nitke vs Ashcroft Internet censorship court case trial, where I was an expert witness (as I had to keep reminding myself, that's witness, not defendant).

Seth David Schoen (aka "the EFF Seth" - he's EFF Staff, I've never been employed by EFF) has some notes about what happened at the trial. I fit in as a part of the sentence "The morning was taken up with technical experts, who sparred over the question of how accurate geolocation technology can be under various circumstances".

More later. It's been a draining week.

Posted by Seth Finkelstein at 11:55 PM | Followups
August 19, 2004

MGM v. Grokster appeal victory, and The INDUCE Act Cometh

As will be noted by everyone in the whole copyfight universe, the MGM v. Grokster appeal concerning copyright liability for file-sharing programs, has been decided in a victory for the civil-liberties side (congratulations!)

In short, from the evidence presented, the district court quite correctly concluded that the software was capable of substantial noninfringing uses and, therefore, that the Sony-Betamax doctrine applied.

As also will be noted, this is not the end of the story, and there's likely to be further action from Congress:

Indeed, the Supreme Court has admonished us to leave such matters to Congress. In Sony-Betamax, the Court spoke quite clearly about the role of Congress in applying copyright law to new technologies. As the Supreme Court stated in that case, "The direction of Art. I is that Congress shall have the power to promote the progress of science and the useful arts. When, as here, the Constitution is permissive, the sign of how far Congress has chosen to go can come only from Congress."

As I said a while ago in an old post concerning Grokster, "Streamcast copyright win, vs. LaMacchia case",


This reminds me much of the concluding part of the LaMacchia case:

This is not, of course, to suggest that there is anything edifying about what LaMacchia is alleged to have done. If the indictment is to be believed, one might at best describe his actions as heedlessly irresponsible. and at worst as nihilistic, self-indulgent, and lacking in any fundamental sense of values. Criminal as well as civil penalties should probably attach to willful, multiple infringements of copyrighted software even absent a commercial motive on the part of the infringer. One can envision ways that the copyright law could be modified to permit such prosecution. But, "'[i]t is the legislature, not the Court which is to define a crime, and ordain its punishment.'

And the result there was the .NET act . I wonder what we'll get here?


And now, the answer is clear - IICA/INDUCE Act!

Posted by Seth Finkelstein at 03:14 PM | Followups
July 31, 2004

JibJab vs. Ludlow - Court Info

It's true - from the Court electronic database (no link, since subscription needed):


                            U.S. District Court
                  California Northern District (San Jose)
                 CIVIL DOCKET FOR CASE #: 5:04-cv-03097-PVT

   Jibjab Media Inc., v. Ludlow Music, Inc.,
   Assigned to: Hon. Patricia V Trumbull
   Referred to:
   Demand: $
   Lead Docket: None
   Related Cases: None
   Case in other court: None
   Cause: 28:2201 Declaratory Judgement
                                            Date Filed: 07/29/04
                                            Jury Demand: Plaintiff
                                            Nature of Suit: 820 Copyright
                                            Jurisdiction: Federal Question

[ Update: EFF announces JibJab / Ludlow lawsuit: http://eff.org/deeplinks/archives/001782.php ]

Posted by Seth Finkelstein at 04:24 PM | Followups
July 24, 2004

S.2560 (IICA/INDUCE Act) and "substantial noninfringing use"

During the recent IICA/INDUCE Act hearing, there was much discussion about the "Sony" standard concerning the copyright defense for product-makers of having substantial non-infringing use. For example, Senator Hatch stated:

Second, S. 2560 uses a proven model for structuring secondary liability. The substantial-noninfringing-use rule that Sony imported from the Patent Act coexists there alongside liability for intent to induce infringement [,] a concept that the Patent Act calls active inducement. This proven model can address cases of intent to induce infringement that were explicitly not covered or addressed by the Supreme Court in Sony.

In the above quote, I assume he means the following S.2560 paragraph:

`(3) Nothing in this subsection shall enlarge or diminish the doctrines of vicarious and contributory liability for copyright infringement or require any court to unjustly withhold or impose any secondary liability for copyright infringement.'.

However, I believe the recent history of such claims provides a substantive argument that he is mistaken. Remember, we've been here before, with the DMCA, in the infamous 1201(c)(1) passage (emphasis added):

* (c) Other Rights, Etc., Not Affected. -

(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.

The INDUCE Act may preserve the "substantial non-infringing use" standard of _Sony_, in the same way the DMCA preserved fair-use: only as a very abstract theory, not in practice.

Let's recall what the DeCSS case ruled:

When Sony was decided, the only question was whether the manufacturers could be held liable for infringement by those who purchased equipment from them in circumstances in which there were many noninfringing uses for their equipment. But that is not the question now before this Court. The question here is whether the possibility of noninfringing fair use by someone who gains access to a protected copyrighted work through a circumvention technology distributed by the defendants saves the defendants from liability under Section 1201. But nothing in Section 1201 so suggests. By prohibiting the provision of circumvention technology, the DMCA fundamentally altered the landscape. A given device or piece of technology might have "a substantial noninfringing use, and hence be immune from attack under Sony's construction of the Copyright Act--but nonetheless still be subject to suppression under Section 1201." [FN169] Indeed, Congress explicitly noted that Section 1201 does not incorporate Sony. [FN170]

That is, the line with the DMCA, is that you're not being charged with the old infringement offense, to which one can defend via fair use. You're being charged under the all-new circumvention offense, which doesn't have that defense. But the old defense isn't affected, since if you were changed with the old offense, you could still plead that, got it? (I call this a "legal hack").

So, I think in any case under the IICA/INDUCE Act, we'd get a similar line: _Sony_ standard ("substantial-noninfringing-use")? What _Sony_ standard? That's a defense to "vicarious and contributory liability". You're not being charged with "vicarious and contributory liability". You're being charged with the brand-new INDUCTION liability. But if you were charged with "vicarious and contributory liability", you'd have a great defense under the _Sony_ standard, you betcha. But how sad for you, that you're being charged for inducing-infringement, for which that defense doesn't exist. After all, the whole reason for the new law was to create a new offense for conduct just like you're being charged with, got it?

Having seen this happen so recently, it's quite reasonable to believe it'll happen again.

Posted by Seth Finkelstein at 12:46 PM | Comments (2) | Followups
July 22, 2004

EFF Deep Links on Barbara Nitke et al. v. John Ashcroft, 01 Civ. 11476

EFF Deep Links has an article "Will Obscenity Ruling Break Online Anonymity?", about the Nitke vs. Ashcroft case regarding obscenity law, and "community standards" applied to the Internet. I'm mentioned prominently, thanks folks:

"But if the outcome is less than stellar, it could affect a lot more than Internet pornography. In fact, many forms of online anonymity that we take for granted would be placed in peril. Experts testifying on behalf of the government have argued that community standards can be maintained on the Internet through the pervasive use of geolocation software. Seth Finkelstein has argued on behalf of the plaintiffs that implementing such software is cost-prohibitive and that the software itself is inaccurate. But we may nevertheless be facing a future where we are forced to reveal where we live in order to access websites with content that could be interpreted as obscene in some communities."

Posted by Seth Finkelstein at 02:01 PM | Followups
June 29, 2004

Internet Censorship Law and Censorware Politics

[This is a REPOST of a message I wrote a few months ago. I'm putting it here again since I'm busy today with paid work, and besides, it says just about what I'd say anyway in reaction to the recent "COPA" net censorship decision.]


I probably shouldn't waste my time writing these posts, but the recent net censorship Supreme Court argument struck a deep chord with me:

Ms. Beeson argued that there were less restrictive alternatives to the pornography law: parents could now take matters into their own hands by using Internet filtering software and configuring it to reflect their own values. Congress already requires that schools and libraries use filters.

Chief Justice William H. Rehnquist and Justice Antonin Scalia seemed skeptical of that argument, however, and both noted that the civil liberties union had opposed the library filtering bill. Mr. Olson also noted that a number of Web sites gave step-by-step instructions on defeating the technology.

Here - not ancient history, not years ago, but this week's Supreme Court Internet censorship law arguments [update 6/29 - and now Supreme Court decision] - is an illustration of the problem I faced for so many years. Because the part of the civil-liberties strategy was, and remains, arguing favorably about censorware in this legal context. See Peter Junger's "least restrictive means" message for the best legal analysis (in my view).

I never opposed this as a legal argument. But for too long, for too many prominent people, that legal argument turned into a social argument for touting censorware. And so ...

If you said censorware didn't work, you were going against the strategy.

And that was bad. And thus the censorware critics had to be discredited. And here my trouble began.

In 1995, when I first decrypted censorware. I called my then-friend Mike Godwin, famous net.legend Internet civil-liberties lawyer, for help. Well, at that time, he was making policy advocacy statements such as:

This is why I believe that the right role for Congress to play is to encourage the development of software filters that prevent my child and others from being harmed in the first place.

Recall that the basic technology we're talking about here is the computer -- the most flexible, programmable, "intelligent" technology we build and market.

-- Mike Godwin, 1995 Congressional testimony

Thus he was not pleased to be informed about censorware's lack of "intelligent" technology. And I got an earful of all the (my description) dirty deals that were trying to be cut behind the scenes. I suppose now it's no secret that the ACLU blew me off when I tried to get their help (I still have the messages). But they didn't go on a personal attack-campaign about it.

Anyway, much has happened since then. However, some of the fundamental paradoxes are still in evidence - this week, in the Supreme Court.

I note this in an attempt at a "teachable moment". When I try to explain the background of censorware politics, the factors which caused things to evolve as they did, I often get trivialization and dismissiveness ("Petty bickering! Size measuring! Pissing contest!"). It's so easy to scream "EGO!", which means you don't have to think about anything.

There were, and are, reasons which drove it all, and still matter right now. But looking back on how it affected me, over nearly a decade: If I had to do it all over again, I wouldn't. Personally, it wasn't worth it.

Posted by Seth Finkelstein at 05:13 PM | Comments (3) | Followups
June 28, 2004

My Expert Witness Report quoted in FCC filing by EFF

I've just found that there is an on-line reference for an EFF filing to the FCC which quotes my expert witness work:

COMMENTS OF ELECTRONIC FRONTIER FOUNDATION (May 28, 2004)

Before the Federal Communications Commission Washington, D.C. 20554

In the Matter of

WC Docket No. 04-36 IP-Enabled Services

I'm on page 7, as footnote 17 (URLs added):

A tangle of local regulations may also lead to a wasteful and privacy-undermining effort by service providers and even publishers to determine the physical locations of all Internet users. [footnote 17]

[17] See Expert Witness Report of Seth Finkelstein, Barbara Nitke et al. v. John Ashcroft, 01 Civ. 11476 (RMB), S.D.N.Y., available at http://sethf.com/nitke/ashcroft.php (noting limitations and expense of geolocation technology; distinguishing "co-operative" from "oppositional" geolocation).

I'm an authority! :-)

Posted by Seth Finkelstein at 11:59 PM | Followups
June 18, 2004

Patent Infringement INDUCEment No Excuse for INDUCE Act?

[Not an echoing of newsreports! Uncommon information!]
One justification which has been made for the newly proposed inducement-to-infringe copywrong, the (INDUCE Act), is that patent law already has an inducement provision (so, implicitly, what's the problem?). Besides the obvious difference between patent law and copyright law, it seems the patent law inducement to infringe offense may not be such a good recommendation.

I found an interesting article, in "Intellectual Property Today", MARCH, 2004, by Richard Roos :

LURKING DANGERS COMPOUNDED BY UNCERTAIN LAW

As most people know, it is a criminal offense to aid and abet the commission of a crime, the logic being that if one participates in furtherance of a crime, one is as much a criminal in the eyes of the law as whoever perpetrated the offense. However, not all companies realize that somewhat analogous scenarios exist in the patent world due to the laws of contributory infringement and inducement to infringe.

That article describes a set of pitfalls and uncertainties with patent law inducement to infringe.

Does it sound like an improvement to take this "uncertain law", expand it, and apply it widely in a fast-changing context? Am I a radical for thinking this is not a good idea?

Posted by Seth Finkelstein at 10:49 PM | Comments (1) | Followups
June 15, 2004

Atari v 321 Studios, DMCA lawsuit over Games X Copy

321 Studios, which makes backup-software, is being sued under the DMCA by Atari and other Entertainment Software Association members, over 321's Games X Copy backup product (via Copyfight).

Press Release: Leading video game companies sue 321 studios

Text of complaint against 321

By coincidence, I was just going through the decision of 321 v MGM, a similar DMCA case, which 321 lost. Notable excerpts (my emphasis):

This Court finds, as did both the Corley and Elcom courts, that legal downstream use of the copyrighted material by customers is not a defense to the software manufacturer's violation of the provisions of S 1201 (b)(1).

And

Fair use and misuse are defenses only to copyright infringement claims, which are not at issue in this motion. Additionally, as this Court has already related in some detail in the summary judgment portion of this opinion, the First Amendment is not an affirmative defense to a claim under the DMCA. Therefore, as 321's proposed amended defenses are futile, this Court DENIES the motion to amend counterclaims.

Frankly, I don't think 321 Studios has a chance here.

Posted by Seth Finkelstein at 06:55 PM | Comments (2) | Followups
May 26, 2004

Deposition preparation for Nitke v. Ashcroft expert witness appearance

So today went through preparation for being deposed as an expert witness in the case Nitke v. Ashcroft (an Internet censorship challenge). Repeat: I'm serving as an expert witness on the topic of the Internet, anonymity, privacy, as it all relates to net censorship. My expert witness report is now available on-line:

Nitke v. Ashcroft : Seth Finkelstein expert witness report
http://sethf.com/nitke/ashcroft.php

Courts makes me nervous. I have to keep reminding myself:

"I'm appearing as a witness, not a defendant."

[Update 5/28: Still getting my blog write-up cleared]

[Update 5/29: I guess they're away for the holiday weekend - I'll post about the deposition some time in the future]

Posted by Seth Finkelstein at 11:59 PM | Comments (2) | Followups
May 21, 2004

Peter Junger blog launched (Junger v. Daley, law professor, Buddhist)

Peter Junger has launched his new blog:

Samsara
http://samsara.law.cwru.edu/blog/.

Blogroll it. I have some of his posting on my website, as he's written the best explanation and analysis I ever saw of the "least restrictive means" censorware politics, one of the most provocative historical insights, as well as the funniest true personal lawyer joke.

More formally, Peter Junger is a (now retired) law professor, who is most well-known for the Junger v. Daley case, which established:

Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.

The Samsara blog looks like it'll cover net legal theory/Buddhism/politics/personal reflection For example, take this recent post:

Expression Has Nothing to Do with It

The fact remains, however, that there is a much simpler reason for holding that the publication of computer programs--and not just source code--is protected by the First Amendment. To publish a computer program is to publish information and it is the publication of information that is protected by the freedom of the press. It's that simple. Expression has nothing to do with it

Posted by Seth Finkelstein at 11:59 PM | Followups
March 08, 2004

PDF, DMCA, and "Do Not Remove This Tag Under Penalty Of Law"

Tech Law Advisor (Kevin Heller) very kindly noted my previous "fair use" post, but the summary was just a little bit off:

Seth F. makes fair use of the report on "Big Media" Meets The "Bloggers" [pdf] by printing to file and removing some text in a nicely marked tag that says "Do not remove this tag under penalty of (DMCA) law".

Umm ... no offense meant. But the whole point of my postings is to avoid removing anything from that tag, because to do so is arguably a DMCA violation. And Adobe does not play nice with programmers who decrypt PDF's (note the Tech Law Advisor item was written before I updated my post with a procedure that could more closely be misdescribed per above).

[Not-a-digression: People don't understand why I worry so much about the impact of, e.g., a hatchet-job from Declan McCullagh, or a Slashdot-smear given the de facto support of "editor" Michael Sims. If I get into serious DMCA trouble, I'm never going to be able to defend myself from malicious press attacks.]

Anyway, if one prints (with the Adobe Acrobat reader) a usage-restricted PDF document to a file, that file begins with the following almost literal "Do Not Remove This Tag Under Penalty Of Law (DMCA)" notice:

% Removing the following eight lines is illegal, subject to the Digital Copyright Act of 1998.
mark currentfile eexec
54dc5232e897cbaaa7584b7da7c23a6c59e7451851159cdbf40334cc2600
30036a856fabb196b3ddab71514d79106c969797b119ae4379c5ac9b7318
33471fc81a8e4b87bac59f7003cddaebea2a741c4e80818b4b136660994b
18a85d6b60e3c6b57cc0815fe834bc82704ac2caf0b6e228ce1b2218c8c7
67e87aef6db14cd38dda844c855b4e9c46d510cab8fdaa521d67cbb83ee1
af966cc79653b9aca2a5f91f908bbd3f06ecc0c940097ec77e210e6184dc
2f5777aacfc6907d43f1edb490a2a89c9af5b90ff126c0c3c5da9ae99f59
d47040be1c0336205bf3c6169b1b01cd78f922ec384cd0fcab955c0c20de
000000000000000000000000000000000000000000000000000000000000
cleartomark

Is it actually illegal to remove the lines under the DMCA? Maybe. Again, talk about "Do Not Remove This Tag Under Penalty Of Law"!

Now, this is well-known, and the decryption of it can even be found in a PDF FAQ

But my observation was that for the particular document under discussion the relevant text was already in the clear at this point. So one didn't have to circumvent the PDF restrictions, merely extract the available text.

I hope the previous many lines are not illegal, subject to the Digital Copyright Act of 1998. I hope.

Posted by Seth Finkelstein at 08:18 AM | Comments (2) | Followups
March 04, 2004

Internet Censorship Law and Censorware Politics

I probably shouldn't waste my time writting these posts, but the recent net censorship Supreme Court argument struck a deep chord with me:

Ms. Beeson argued that there were less restrictive alternatives to the pornography law: parents could now take matters into their own hands by using Internet filtering software and configuring it to reflect their own values. Congress already requires that schools and libraries use filters.

Chief Justice William H. Rehnquist and Justice Antonin Scalia seemed skeptical of that argument, however, and both noted that the civil liberties union had opposed the library filtering bill. Mr. Olson also noted that a number of Web sites gave step-by-step instructions on defeating the technology.

Here - not ancient history, not years ago, but this week's Supreme Court Internet censorship law arguments - is an illustration of the problem I faced for so many years. Because the part of the civil-liberties strategy was, and remains, arguing favorably about censorware in this legal context. See Peter Junger's "least restrictive means" message for the best legal analysis (in my view).

I never opposed this as a legal argument. But for too long, for too many prominent people, that legal argument turned into a social argument for touting censorware. And so ...

If you said censorware didn't work, you were going against the strategy.

And that was bad. And thus the censorware critics had to be discredited. And here my trouble began.

In 1995, when I first decrypted censorware. I called my then-friend Mike Godwin, famous net.legend Internet civil-liberties lawyer, for help. Well, at that time, he was making policy advocacy statements such as:

This is why I believe that the right role for Congress to play is to encourage the development of software filters that prevent my child and others from being harmed in the first place.

Recall that the basic technology we're talking about here is the computer -- the most flexible, programmable, "intelligent" technology we build and market.

-- Mike Godwin, 1995 Congressional testimony

Thus he was not pleased to be informed about censorware's lack of "intelligent" technology. And I got an earful of all the (my description) dirty deals that were trying to be cut behind the scenes. I suppose now it's no secret that the ACLU blew me off when I tried to get their help (I still have the messages). But they didn't go on a personal attack-campaign about it.

Anyway, much has happened since then. However, some of the fundamental paradoxes are still in evidence - this week, in the Supreme Court.

I note this in an attempt at a "teachable moment". When I try to explain the background of censorware politics, the factors which caused things to evolve as they did, I often get trivialization and dismissiveness ("Petty bickering! Size measuring! Pissing contest!"). It's so easy to scream "EGO!", which means you don't have to think about anything.

There were, and are, reasons which drove it all, and still matter right now. But looking back on how it affected me, over nearly a decade: If I had to do it all over again, I wouldn't. Personally, it wasn't worth it.

Posted by Seth Finkelstein at 11:59 PM | Comments (5) | Followups
March 03, 2004

Free porn, Google, spam, Internet censorship, and the Supreme Court

[Yes, this post really seriously concerns *all* the topics listed, it's truly that _tour de force_]

The Supreme Court just heard arguments on another Internet censorship law, "COPA", ( Ashcroft v. ACLU, 03-218). The Boston Globe reported:

Ordinarily, US Solicitor General Theodore B. Olson prepares for an appearance before the Supreme Court by acting out his argument before a pretend court. This time, for a case about the Internet, he added a new twist: searching online for free porn.

At his home last weekend, Olson told the justices yesterday, he typed in those two words in a search engine, and found that "there were 6,230,000 sites available."

The top lawyer who represents the Bush administration before the Supreme Court said the search's results illustrate how pornography on websites "is increasing enormously every day," a central point in his argument for saving an antipornography law that was enacted six years ago but has yet to go into effect.

Now, let's do something often unrewarded in this world - think. What search did he do exactly? It seems to be the following search in Google:

http://www.google.com/search?q=free+porn

That gives me now "about 6,320,000" results, close enough, the total number returned often varies a bit.

Now, what that search means is roughly the number of pages containing the words "free" and "porn" anywhere in the entire page (or links with those words). This blog entry will qualify as one of those results as soon as it is indexed. I don't think this blog entry is proof of how pornography on websites "is increasing enormously every day,", much less the need for an Internet censorship law.

I've written about the problems of Google and stupid journalism tricks before. But, sigh, nobody reads me, so this won't get reported. Anyway, the story gets even better.

I started digging down into the results to see if I could find some non-sex-site mentions before the Google 1000 results display limit (Yes, Mr. Olson, there are more than 1000 sites devoted to sex in the world, that's true). Google's display crashed stopped in the high 800's! That is, displayed at the bottom, for:

http://www.google.com/search?q=free+porn&num=100&start=900

In order to show you the most relevant results, we have omitted some entries very similar to the 876 already displayed.
If you like, you can repeat the search with the omitted results included.

The number varies, but it's been under 900.

Joke: Hear ye! Hear ye! Instead of "6,230,000 sites available", there's really uniquely less than 900! At least, according to Google.

Now, this is the Google display crash from bugs in the Google spam filtering. Google has cleaned-up their index so the crash is not happening on the first screen of results. But it's still in their results display code. Usually, people don't see the bug in practice, since the crash has now been pushed very far down in the sequence of results.

But here I had a reason to go looking out as far as I could, and ran into the crash in a bona-fide real-world situation. Not just a trivial query too, but one with profound implications for Censorship Of The Internet.

[Update 3/4: Michael Masnick brings to my attention that what I thought was the old Google spam crash is now reduced to duplicate-removal processing on the 1000 results display limit - the point is still that I can use fallacious superficial search "logic" to assert there's less than 900 sites, because Google "says" so. But the technical reason is not quite what I wrote originally]

Humor: If the evidence from a Google search was good enough to be used to justify censorship when it said "6.2 million", why isn't it good enough to justify no censorship if on further investigation it says less than 900? That is, if you thought it was valid before, with a big number, why isn't it valid now, with a small number? (garbage in, garbage out)

Look at me, I'm a journalist (or grandstanding lawyer) - Google says there's no practically no porn on the net!

Posted by Seth Finkelstein at 09:52 AM | Comments (9) | Followups
February 23, 2004

321 Studios v MGM, DMCA, fair use, and the _Eldred_ pony-hunt

Last year, there was a DMCA / fair use "pony hunt" to find a way to argue that a sentence in the Eldred decision would undo the legal hack where the DMCA hacks-away fair use. Unfortunately, we are still left with a pile of manure: (my emphasis below)

http://www.eff.org/IP/DMCA/MGM_v_321Studios/20040219_Order.pdf

"This Court concludes that the challenged portions of the DCMA do not unconstitutionally burden the fair use rights of users of the copyrighted material. In reaching this result, the Court rejects as too sweeping plaintiff's claim that such users have a First Amendment right to make fair use of copyrighted works based on Eldred v. Ashcroft, 123 S. Ct. 769 (2003). The Eldred case stated that "in addition to spurring the creation and publication of new expression, copyright law contains built-in First Amendment accommodations . . . the `fair use' defense allows the public to use not only facts and ideas contained in a copyrighted work, but also the expression itself in certain circumstances." Eldred, 123 S. Ct. at 788-89. However, the Court went on to state: "[t]he First Amendment securely protects the freedom to make or decline to make one's own speech; it bears less heavily when speakers assert the right to make other people's speeches. To the extent such assertions raise First Amendment concerns, copyright's built-in free speech safeguards are generally adequate to address them." Id. at 789. While the Court further declared that copyrights are not immune from challenges under the First Amendment, it is a stretch to claim that Eldred mandated absolute First Amendment protection for fair use of copyrighted works. As the First Amendment bears "less heavily" in situations such as this, this Court determines that the burdens concededly imposed by the DMCA do not unconstitutionally impinge fair use rights. Although not all content on DVDs may be available in other forms, plaintiffs have conceded that it is possible to copy the content in other ways than in an exact DVD copy. This Court agrees with this analysis in Corley: We know of no authority for the proposition that fair use, as protected by the Copyright Act, much less the Constitution, guarantees copying by the optimum method or in the identical format of the original. . ."

Posted by Seth Finkelstein at 04:45 PM | Comments (1) | Followups

321 Studios (DVD-X COPY) loses (badly!) DMCA legal ruling

321 Studios, the makers of DVD backup program DVD-X COPY, have lost (and lost big) in a legal decision.

http:/ /www.eff.org/IP/DMCA/MGM_v_321Studios/20040220_eff_pr.php

Court Endorses Ban on DVD Copy Technology

Electronic Frontier Foundation Urges Digital Copyright Law Reform

San Francisco - Consumers suffered a setback to their digital rights today when a California federal court sided with the major motion picture studios in ruling that a company creating tools people can use to make backup copies of their DVDs is liable under copyright law. Citing the Digital Millennium Copyright Act (DMCA), the court ordered 321 Studios, creator of DVD backup tools, to stop selling its DVD Copy Plus and DVD-X COPY products within seven days. 321 Studios is likely to appeal the ruling.

[Source material at:
http://www.eff.org/IP/DMC A/MGM_v_321Studios/
http:// www.eff.org/IP/DMCA/MGM_v_321Studios/20040219_Order.pdf

Read it and weep, folks. In the Order, every single geek argument is slammed, and slammed hard. In particular:

"This Court finds, as did both the Corley and Elcom courts, that legal downstream use of the copyrighted material by customers is not a defense to the software manufacturer's violation of the provisions of - 1201 (b)(1)."

Fair Use is no defense to the DMCA tools provision, sayeth this Court.]

Posted by Seth Finkelstein at 04:15 PM | Followups
January 28, 2004

Seth Schoen - The History of the DeCSS Haiku

Highly recommended:

The History of the DeCSS Haiku
http://www.loyalty.org/~schoen/haiku.html

I wrote the poem known as the "DeCSS Haiku" three years ago, in 2001.
...
Impressed by other people's contributions to the rapidly-growing gallery, I decided I had to make some kind of effort of my own.

Some quick observations:

An observer might be shocked to compare the Bernstein and Corley cases. She would perceive that the courts have concluded that it's wrong to censor software in the name of preventing terrorism, but it's all right when what's at stake is the ability to copy movies.

Well, yes. Because terrorism is about politics, but copying movies is about money. Just like it's 100.0% First Amendment protected to advocate bona-fide Nazi-ism (I mean real bring-back-the-Third-Reich, not hyperbole), but if you give your friends copies of a few some favorite songs, that can literally be a criminal offense.

Meanwhile, serious problems with the DMCA go unaddressed, and the traditional legal status of reverse engineering is under attack. Public opinion is not rising to defend it; since I wrote the DeCSS Haiku, property rhetoric has continued to its success in making people "brand / tinkerers as thieves". We are not communicating effectively, even though so many of our best cultural traditions are on our side.

Right on. Tell me about it. We aren't communicating effectively in part because too many people (present company excepted!) think talking among themselves is the epitome of political activism, and someone else will do the hard work. But I hardly have a solution.

Posted by Seth Finkelstein at 11:59 PM | Followups
January 26, 2004

Cites & Insights - February 2004

Walt Crawford's library 'zine (not blog) "Cites & Insights" has come out with the February 2004 issue, just a short time after the extensive Midwinter 2004 edition (which I mentioned earlier). It's an amazing amount of writing, covering a wide range of material: Early vs. late adopter psychology, equipment reviews and PC benchmarks, articles about Google and portals, copyright and compulsory licensing, and more. Part of the "more" is reactions to the previous issue, and I figure in there (links mine, and my emphasis added to the last statement below):

Seth Finkelstein, January 7

Finkelstein also makes me nervous by calling the Glossary Special a "handbook/reference/scorecard for the players and controversies in these topics." His direct note covered more ground:

COPA isn't really a predecessor to CIPA; it has a very different history and is a criminal law rather than a funding-based mandate. COPA is a direct successor to CDA, the Communications Decency Act. He's right, of course: I was thinking of it as a predecessor in Congress' ongoing attempts to censor the Internet.

"Harmful to children" in one definition was simply wrong--"harmful to minors" is the right phrase, and as I've noted at some length, 16-year-olds are not "children" in any meaningful sense. As Finkelstein notes, "Under CIPA, a 16-year-old might be prevented from researching sexual material to the sex he's already having!"

Finkelstein is dubious about my assertion that the Supreme Court "gutted [CIPA] for adults." "Whatever the justices expect in theory tends to be a world away from practice." That's true, and an important nuance.

Finkelstein would have liked a stronger statement about the problems in censorware research. I failed to say that the Censorware Project website was hijacked by another participant, but I don't doubt Finkelstein's historical record (readily available at his website). He's right: "Hijacking the Censorware Project website is wrong. It's utterly reprehensible." To the extent that I trivialized that, my apologies. Sometimes I'm too nonconfrontational for my own good, or for the good of those who do important work.

Thank you.

Posted by Seth Finkelstein at 11:48 PM | Comments (1) | Followups
January 22, 2004

DVD DeCSS trade-secret case withdrawn

Today's big tech civil-liberties news is that the Bunner DVD trade-secret case, that is, about whether posting DeCSS violated trade-secret law, has been dropped at the request of the industry. After four years of litigation. See, for example, the EFF report.

This is a good thing. Victories are few and far between, and this was one. However ... it's also important to realize it's only one of many legal grounds, and there are many others. Way down, in the ZDNET report is the critical analysis:

The ruling in the Corley [DMCA] case ultimately made the California case redundant, since the code was already illegal to distribute, attorneys said. If it had pursued its case further, the DVD CCA would have also risked prompting a ruling against it, since the California Supreme Court had expressed skepticism in its last ruling that there were any trade secrets to protect.

In its statement Thursday, the DVD CCA said it will pursue other avenues in protecting its code, including possibly filing patent infringement suits. It also said several outstanding Hollywood cases against commercial publishers that offer DVD-copying software will help protect its rights.

Posted by Seth Finkelstein at 11:58 PM | Comments (2) | Followups
January 15, 2004

Nitke v. Ashcroft (Internet obscenity law)Expert Witness Reports Submitted

http://www.ncsfreedom.org/news/2003/1203cdaexperttestimony.htm

[ One notable expert witness report:

"5. Geo-Location and the Internet ...
+ Seth Finkelstein - anti-censorship activist and programmer, recently hailed by the Library of Congress's Copyright Office

]

National Coalition for Sexual Freedom

FOR IMMEDIATE RELEASE December 18, 2003

Contact: Susan Wright (917-848-6544)

Expert Witness Reports Submitted in Nitke v. Ashcroft

New York, December 18, 2003 - The National Coalition for Sexual Freedom has submitted expert witness reports for their landmark Communications Decency Act lawsuit, Nitke v. Ashcroft (Case No. 01 Civ. 11476). John Wirenius, attorney for plaintiffs NCSF and photographer Barbara Nitke, provided 31 expert witness reports and witnesses who will testify before the three-judge panel for the Southern District of New York.

The expert witness reports support the plaintiffs' contention that "local community standards" cannot be accurately applied to the Internet and, therefore, cannot be used to determine what is obscene. If the most restrictive communities can control what is placed on the Internet, then everyone will be restricted to that standard. The Internet is a world-wide phenomenon, therefore websites should not be held to standards specific to geo-location because community standards vary significantly from region to region and community to community.

Expert witness reports were submitted that establish self-censoring by artists because of the vagueness of this law. The importance of anonymity because of the frequent persecution of sexual minorities was also established as well as the social importance of sexually explicit speech in both art and education.

"This phase of the trial is critical because the evidence is on the table," said John Wirenius, First Amendment attorney and author of First Amendment, First Principles: Verbal Acts and Freedom of Speech. "The plaintiffs are providing the scientific grounds for our contention that visitors to the Internet cannot be tracked, and therefore limiting content on the Internet will limit free speech. The government is obligated to show, if they can, why our experts are incorrect."

[snipped very long list of expert witness reports]

National Coalition for Sexual Freedom
822 Guilford Avenue, Box 127
Baltimore, MD 21202-3707
e-mail: ncsfreedom[at-sign]ncsfreedom.org
phone: 410-539-4824
fax: 410-385-2827
2003 NCSF
Last update: 1/13/04; 9:41:50 PM

Posted by Seth Finkelstein at 11:59 PM | Followups
December 22, 2003

Jon Johansen acquittal upheld!

Jon Johansen has been acquitted again! (link credit - Lessig )

A panel of judges Monday cast aside the appeal that prosecutors had filed to a lower court decision handed down in January. That means the lower court's decision will stand, at least until another eventual appeal takes the case to Norway's supreme court.

The lower court had ruled that Johansen, now 20, did nothing illegal when he helped crack DVD copy protection codes in 1999 and then publicized how he did it. The prosecution had sought a suspended jail term, confiscation of his computer equipment and a fine of NOK 20,000 (less than USD 3,000).

This is great news. A win is always great news. It would have been very bad news if he had lost.

HOWEVER ...

This is NOT quite so great news as people will think, for two reasons:

1) Contrary to myth, Jon Johansen's DeCSS work wasn't the reverse-engineering of CSS. That part of the creation of DeCSS was done by an anonymous German.

2) With new more DMCA-type laws being proposed and passed all the time, being found innocent here, does not mean the next programmer charged, will be found innocent. That is, they'll just change the law. See my old post on Grokster, Streamcast copyright win, vs. LaMacchia case

Again, victory is good. But let's keep in mind what's been won - and what hasn't!

Posted by Seth Finkelstein at 11:51 AM | Followups
December 02, 2003

Jon Johansen Trial

Jon Johansen, one of the three people of a group creating the DVD decryption program DeCSS (note DeCSS history is not at all the common media portrayal of the lone teen cracker breaking Hollywood's codes, no disrespect intended), is now undergoing his second criminal trial. I just mentioned he's in fact one of three people in the group - the other two are staying anonymous. And as I say, it should thus be screamingly obvious why they are staying anonymous - including the German programmer "Ham" who actually did that particular DeCSS reverse-engineering.

There's coverage, of course. IP Justice has a nice press release, and a very good DeCSS Litigation Timeline. EFF has useful Johansen DeCSS case archives

Jon Johansen's been facing criminal prosecution for around four years now. My heart goes out to him on that point. A criminal trial is one of the most stressful things a person can face. And he wasn't the critical decryption programmer either, keep that in mind (again, no offense meant). People just don't get it, whenever I talk about how I don't want to go through something like that myself. It's an abstraction. They see him being made into a hero, at least getting a defense, and they tell me I'll be a hero too. But I've never, ever, gotten a defense, quite the opposite. The lack of support drove me to quit. And these sorts of risks are part of the reason.

Posted by Seth Finkelstein at 01:35 PM | Followups
November 17, 2003

Open Censorware vs. Child Pornography Sites

As part of the discussion touching on "better censorware", I've updated with the info below, my page regarding Open Censorware issues
http://sethf.com/anticensorware/legal/open.php

Many people believe there is a kind of legal paradox for censorware companies to compile blacklists of child pornography sites. The argument runs that to compile a list, they must have viewed the child pornography sites, so they have confessed to a crime (and if they didn't view the sites, then they admit they are making a claim with no evidence)

I'm not a lawyer, but my legal research is below. It turns out that there is no legal paradox. Note the following section of the US code:
http://www4.law.cornell.edu/uscode/18/2252A.html

d) Affirmative Defense. -

It shall be an affirmative defense to a charge of violating subsection (a)(5) that the defendant -

(1) possessed less than three images of child pornography; and

(2) promptly and in good faith, and without retaining or allowing any person, other than a law enforcement agency, to access any image or copy thereof -

(A) took reasonable steps to destroy each such image; or

(B) reported the matter to a law enforcement agency and afforded that agency access to each such image

In effect, this allows for law enforcement to approve any censorware blacklist creators. If they like the blacklister, they'll say they are convinced that the affirmative defense above applies, and no violation of the law is in process. If they want to go after any Open Censorware effort, they can say they have suspicions about the participants, who are then welcome to plead the affirmative defense in court. Good luck facing charges as a possessor of child pornography.

I'm convinced this is the killer of any effective Open Censorware project (unless that project has powerful sponsors).

Posted by Seth Finkelstein at 11:59 PM | Followups
November 14, 2003

Chamberlain v. Skylink - Garage Door Opener as (not) DMCA Violation, confirmed

"Chamberlain v. Skylink - Garage Door Opener as (not) DMCA Violation" case has now been decided, in favor of the freedom to open garage doors.

The earlier decision was preliminary, but this district court decision is the end of this round, no more arguments at the district court level (but there could still be appeals).

It is a great day if you're a garage door, or interested in them. Most interestingly, the basis for the decision seems to again put much stress on "expectations":

Chamberlain concedes that it never warned customers against using unauthorized transmitters but explains that it did not do so because it had no idea that other transmitters could be made to operate its rolling code [garage door openers]. ... Chamberlain's failure to anticipate such technology, however, does not refute the fact that homeowners have a reasonable expectation of using the technology now that it is available.

And

[garage door openers] transmitters are similar to television remote controls in that consumers of both products may need to replace them at some point due to damage or loss, and may program them to work with other devices manufactured by different companies. In both cases, consumers have a reasonable expectation that they can replace the original product with a competing, universal product without violating federal law.

Well, there's many people who think they have all sorts of "reasonable expectations" of what they can do with the DVD's they have purchased, but sadly, that hasn't ever seemed to sway a court (yet?).

Posted by Seth Finkelstein at 01:43 AM | Followups
October 23, 2003

Diebold Election Systems memos, DMCA, and copyright infringement

The Diebold Election Systems memos, describing problems with their vote-counting machines, are being mirrored by Swarthmore student groups. The administration is apparently cutting-off network access to students mirroring the memos.

Edward Felten asks

Here is my question for the lawyers: Is this really copyright infringement? ... But don't the students have some kind of fair use argument?

I'm not a lawyer, and I don't play one, but I do hopefully have some insights.

The key aspect is that the take-down provision of the DMCA is an automatic escape from liability, whether or not the posting at issue is really copyright infringement. It's a situation of "shoot first and asks questions (or have defenses) later". The law says that if there's the immediate take-down on notice, there's no liability. If there isn't an immediate take-down, well then, do you feel lucky in court? So the obvious incentive is to err on the side of taking down. Or, in legalese (my emphasis):

(1) No liability for taking down generally. -

Subject to paragraph (2), a service provider shall not be liable to any person for any claim based on the service provider's good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.

Now, there's an open issue here of what the take-down provisions mean when people starting doing whack-a-mole. My guess is that the university is afraid that if they have "actual knowledge" that students are using this strategy, that a court may then believe in this situation that requiring endless specific notices of whackery is too much game-playing. The university could be scared a court may look to some concept of total knowledge, not compliance per-mole. And definitely not want to be a test case on the matter. All in all, again, though I'm not a lawyer, it doesn't seem like that unreasonable a thought.

DMCA, watch what you say, or have hell to pay ...


Update: Aaron Swartz asked about counter-notification. I strongly suspect that will be the next act in this drama. But it has to be done carefully, since it's under penalty of perjury. The more I think about it, the more I believe the issue driving Swarthmore's conduct is that it is trying to avoid being the deep-pocked defendant in an upcoming lawsuit.

Note Ernest Miller has new reporting on link-banning.

Posted by Seth Finkelstein at 09:59 PM | Comments (2) | Followups
October 20, 2003

IP Justice White Paper on Treaty Intellectual Property Implications

IP Justice has released a White Paper on intellectual property implications of a "the Free Trade Area of the Americas". It's quite alarming.

I'll echo the below to add to the protest. It think it's important to grasp that the world is not in fact evolving to a Libertopian Cryptoanarachy. Rather, it's becoming a multinational treaty-based system. Remember, we got the DMCA earlier supposedly from obligations (or excuse) of a treaty.

IP Justice has published a White Paper that analyzes key section of the Free Trade Area of the Americas (FTAA) Treaty chapter on intellectual property rights. According the IP Justice report "FTAA: A Threat to Freedom and Free Trade," the Treaty would require all 34 FTAA countries in the Western Hemisphere to send P2P file-sharers to prison. The FTAA Treaty also contains 'DMCA-like' anti-circumvention laws. IP Justice sponsored a petition calling upon the FTAA Treaty negotiators to delete the entire chapter on intellectual property rights from the FTAA Treaty. FTAA Treaty negotiators meet in Miami from Nov. 16-21, 2003, and if passed, the treaty will take effect in 2005 and govern the lives of 800 million citizens of the Americas.
Sign the petition!

Posted by Seth Finkelstein at 11:59 PM | Followups
October 19, 2003

"The Importance Of" - a new blog

"The Importance Of" (http://importance.typepad.com/) is Ernest Miller's (of LawMeme) new blog. He's an excellent writer. I'm joining the party of having an item and blogrolling it to help it launch. Check it out.

Posted by Seth Finkelstein at 02:46 AM | Followups
October 18, 2003

Alex Halderman MediaMax CD3 paper legal threats, personal wrap-up

I've been writing much about the case where the SunnComm company threatened to sue Princeton graduate student Alex Halderman for his CD copy-protection research paper Analysis of the MediaMax CD3 Copy-Prevention System.

To conclude the series, I want to focus on a certain unintended consequence I know it'll have for me. In a paradoxical outcome, I suspect I'll get more grief, rather than less, for my own legal risks which drove me to finally quit my censorware research. That is, I can hear it already, people are not going to uniformly react along the lines of "Aha, now I see why such work is so stressful and dangerous, because of the legal threats involved". Rather I'm going to get too many reactions of "Look, the company made a lot of noise, but everyone rushed to Alex Halderman's defense, and he ended up a BIG HERO - so if you get threatened, you'll get that support too.". Unfortunately, this analysis, while superficially appealing (it means the person can feel good about berating me for being a coward, rather than feeling guilty they won't risk anything themselves to help me), isn't convincing.

Ernest Miller commented, in a Lawmeme article about the case:

I can't help but think that the immediate blogging firestorm and public outcry that occurred in response to the proposed lawsuit had something to do with the quick retraction of the threat.

I agree. As just discussed, the company was treated from the start as an "Internet laughingstock", and received intense ridicule. They were on the defensive, they were the ones who had to react to a storyline which painted them as idiots and charlatans (as opposed to the storyline they wanted, about "piracy and theft"). And I concur it made a huge difference in how much they wanted to pursue legal action.

When I talk about support, and how the lack of it has affected my own censorware work, people sometimes don't understand. One prominent activist has, privately, repeatedly flamed me for alleged vagueness in the term. But this incident is a perfect case study. The press reaction, the public outcry, in that crucial initial period, was all overwhelmingly favorable to Alex Halderman's work and plight.

However, that wasn't an accident, in my view, but flowed from the way events unfolded. Critically, researcher Halderman actually got the "first shot". That is, his work was covered favorably and extensively in its initial release. So the press already had a framework which put him in a strong position. And in contrast, this is why I keep saying it's such a problem that my own censorware research work will likely get marginal coverage, or even a hatchet-job or Slashdot-supported smear.

Imagine how differently events might have unfolded if the reporting was overwhelmingly echoing SunnComm's press release instead of laughing at it.

P.S.: As I was writing this, I happened to see Donna Wentworth's excellent DMCA v. Academic Research posting, concluding:

Eeyore has been saying this for a while now, but it bears repeating: if the Internet has opened up a new avenue for "amateur" investigation, the DMCA is closing it.

If even "legitimate" research is hampered by the DMCA, what about other kinds of research? What happens to the researcher who makes significant contributions to encryption or censorware research--but not within the traditional academic setting?

What would have happened to Alex Halderman, if he weren't a doctoral student at Princeton--and under the tutelage of Professor Edward Felten -- but, instead, next year's fifteen year-old genius, who happens to be schooled at home, with not a single lawyer-friend in sight?

[Note, that last isn't me, I'm Eeyore, and a thirty-eight year-old genius, with a lawyer-friend or two - but also more than one lawyer-enemy, and those matter too!]

Posted by Seth Finkelstein at 11:59 PM | Followups
October 14, 2003

The DMCA As Seditious Libel

[See also previous The DMCA As Technical Obscenity]

Continuing the repercussions of SunnComm having threatened to use the DMCA to sue Princeton student Alex Halderman over his research), Ed Felten just commented (noting my previous post):

It seems to me that an accurate, truthful research report has more merit, rather than less, if its results are relevant to a public policy debate.

Which reminded me of something Lessig recently wrote:

I'm sure there will be a world of legal support to help Halderman establish what should be an obvious point: tell the truth is not yet a crime, and (fortunately for most professors) writing even wrong papers is not either.

The DMCA doesn't say this, but it might as well: "You can't handle the truth!"

Discussing 18th century English libel law, the Columbia Encyclopedia states (my emphasis):

Severe restrictions on the press continued, however, in the form of seditious libel laws under which the government was able to arrest and punish any printer who published material in any way critical of the government. There was no clear definition of what constituted seditious libel, ... At this time, both true and false criticism of the government was considered libel. In fact, legal doctrine proclaimed that "the greater the truth the greater the libel." Only in the mid-19th cent. did truth become admissible as a defense in English libel cases.

It strikes me that we are in a similar situation today with the DMCA, except in terms of copyright business, not government criticism. That is, with regard to how a copy control systems works, the truth of a technical statement is no defense. The theory is more like "the greater the truth the greater the libel.". That is, the more accurately one describes a problem, the more harm is deemed to be done (could one defend oneself from DMCA charges by pleading a paper was wrong? Shades of Galileo being forced to recant!).

Further in this metaphor, it used to be that reverse-engineering as a defense against intellectual-property charges, functioned like truth as a defense against libel charges. But that defense has been all but taken away now, with it being severely limited in the DMCA text, and eliminated by shrink-wrap license.

Indeed, in terms of the DMCA rationale, why should truth be a defense? When words are property, their truth-value is truly irrelevant.

Posted by Seth Finkelstein at 10:36 PM | Followups
October 10, 2003

SunnComm v Halderman - recanted!

LawMeme brings news that SunnComm wont sue "Alex Halderman for writing a report critical of SunnComm's MediaMax CD3 DRM technology" (see also Ed Felten) There's a Princeton newspaper report, but I also found a SunnComm press release for primary source.

They have seen the light! They have had a revelation!

Where before they roared:

The act of publishing instructions under the cloak of "academic research" showing how to defeat MediaMax such as those instructions found in Halderman's report is, at best, duplicitous and, at worst, a felony.

Now they reassess:

Because SunnComm is, itself, a company which relies on research and development for its survival, we feel that bringing legal action for damages against researchers in a higher learning environment may contribute to a chilling effect on the type of research that faculty, staff, and students elect to pursue.

Look, look, no more "hackers". It's now "researchers in a higher learning environment". And they're worried about a chilling effect, not a "cat-and-mouse game". Oh, they have undergone such a change of heart!

What a difference a day makes ...

Posted by Seth Finkelstein at 11:59 PM | Comments (1) | Followups
October 09, 2003

SunnComm v Alex Halderman (MediaMax CD3 Copy-Prevention System), DMCA notes

The following is some examination on the DMCA portion SunnComm Press Release about threatening to sue Alex Halderman for his paper Analysis of the MediaMax CD3 Copy-Prevention System. Remember, I'm not a lawyer, but have studied the DMCA extensively. They say:

In addition, SunnComm believes that Halderman has violated the Digital Millennium Copyright Act (DMCA) by disclosing unpublished MediaMax management files placed on a user's computer after user approval is granted. Once the file is found and deleted according to the instructions given in the Princeton grad student's report, the MediaMax copy management system can be bypassed resulting in the copyright protected music being converted or misappropriated for potentially unauthorized and/or illegal use. SunnComm intends to refer this possible felony to authorities having jurisdiction over these matters because: 1. The author admits that he disabled the driver in order to make an unprotected copy of the disc's contents, and 2. SunnComm believes that the author's report was "disseminated in a manner which facilitates infringement" in violation of the DMCA or other applicable law.

It sounds, from the above, that they're trying to work-up charges both of "1201(a)(1)", doing circumvention, and "1201(a)(2)", trafficking (in "technology", not "device"). I think of these as possession and dealing, though the drug analogy may not be the most felicitous.

That quoted phrase "disseminated in a manner which facilitates infringement" is an attack on using the "1201(g) Encryption Research" exemption, which is a very narrow DMCA exemption for doing circumvention:

o (3) Factors in determining exemption. - In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include -
+ (A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;

Later, they state:

The act of publishing instructions under the cloak of "academic research" showing how to defeat MediaMax such as those instructions found in Halderman's report is, at best, duplicitous and, at worst, a felony.

Besides the general ranting here, it's also possible a swipe at the following exemption factor:

+ (B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology;

I've seen this playbook before, since the censorware companies ran it against me in the DMCA exemption proceedings

Part of the playbook is flaming, lots and lots of flaming, and this PR piece is no exception:

Concluded Jacobs, "This cat-and-mouse game that hackers and others like to play with owners of digital property is over. No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property. SunnComm is taking a stand here because we believe that those who own property, whether physical or digital, have the ultimate authority over how their property is used. Owning copying technology is not an unconditional 'free pass' to replicate or distribute protected work."

Just savor it: "hackers ... cover of academia ... facilitate piracy ... theft of digital property ...". I wonder if they get PR help from Jack "Boston Strangler" Valenti.

For many reasons, right now I'll offer no statement about whether this will succeed.


This moment seems like a good place for me to use the following joke:

When I describe my reasons for quitting censorware research, sometimes people say to me that I've won an EFF Pioneer Award, and thus am so honored, I shouldn't worry about prosecution. Sad to say, there are companies - and maybe judges - who will regard that as akin to being honored by the Order Of Lenin in the Soviet Union. They won't be impressed.

Posted by Seth Finkelstein at 10:44 PM | Comments (6) | Followups

SunnComm v Halderman, speech, and the DMCA

One immediate note on SunnComm suing Alex Halderman case:

RESEARCH PAPERS CAN COUNT UNDER THE DMCA!

The DMCA forbids (emphasis mine):

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - ...

Technical papers - even "pure speech" papers - can arguably be considered as technology under the DMCA prohibition above.

See the chilling footnote 275 in the DeCSS case:

FN275. During the trial, Professor Touretzky of Carnegie Mellon University, as noted above, convincingly demonstrated that computer source and object code convey the same ideas as various other modes of expression, including spoken language descriptions of the algorithm embodied in the code. Tr. (Touretzky) ... He drew from this the conclusion that the preliminary injunction irrationally distinguished between the code, which was enjoined, and other modes of expression that convey the same idea, which were not, id., although of course he had no reason to be aware that the injunction drew that line only because that was the limit of the relief plaintiffs sought. With commendable candor, he readily admitted that the implication of his view that the spoken language and computer code versions were substantially similar was not necessarily that the preliminary injunction was too broad; rather, the logic of his position was that it was either too broad or too narrow. ... Once again, the question of a substantially broader injunction need not be addressed here, as plaintiffs have not sought broader relief.

[Updated later - This is the footnote I really wanted, #135]

FN135. In their Post-Trial Brief, defendants argue that "at least some of the members of Congress" understood 1201 to be limited to conventional devices, specifically 'black boxes,' as opposed to computer code. Def. Post-Trial Mem. at 21. However, the statute is clear that it prohibits "any technology," not simply black boxes. 17 U.S.C. 1201(a)(2) (emphasis added).

Disclaimer: I am not a lawyer

Claimer: This is why I've quit. I wanted to publish a paper taking the exact same approach as the above.

AND I COULDN'T GET SUPPORT FOR IT!!!

It's too risky for me, and not worth it to continue.

Posted by Seth Finkelstein at 06:46 PM | Followups
October 02, 2003

Code == Speech, or The DMCA As Technical Obscenity

Switching gears a bit (at last), another paper I can't do, censored censorware reports, is one I call:

Code == Speech, or The DMCA As Technical Obscenity

The title is a pun, a multilayered meaning between "technical obscenity" in the sense of being an abomination in the eyes of tech-types, and "technical obscenity" as a (somewhat metaphorical!) type of obscenity law applied to technological speech. This idea was impressive (if that's the word) in the recent Bunner decision in the DVD trade-secret case where the ruling stated "Thus, these trade secrets, ... address matters of purely private concern and not matters of public importance.". Note that's trade-secret law. But I'm trying to express the concept that the determination seems very much like a kind of obscenity test, with the values in that test being applied to technical communications rather than sexual ones.

And make no mistake, it is a speech issue. As I've discussed before:

The ROT13 algorithm explained ("Caesar Cipher"):

1) The decryption algorithm for ROT13 is to take the range of letters from a-z, and for those twenty-six letters, replace the first thirteen of them with the range of letters from n-z and the second thirteen of them with the range of letters from a-m

2) To un-ROT13, do a tr/a-z/n-za-m/ over each character in the file

3) perl -pe 'tr/a-z/n-za-m/;' < infile > outfile

Where did I step over the line, from "speech" to "code"?

Now, the difficulty with this paper is the "shouting to the wind"/"tell it to the judge" problem. As one entry in the vast amounts of pontification on the topic of code, speech, and the DMCA, it won't get read. If I put in a real, relevant example, which might get noticed - such as an unpublished censorware decryption - well, be careful what you wish for, because you might get it (here, getting noticed by the censorware company taking action from the decryption program).

Note a similar thought was done in the "Programmers' & Academics' Amici Brief in NY MPAA DeCSS Case" (which I had something to do with):

While an example of the Perl programming language might look like this:

  my ($xor_len) = $key_length{$request} ;
  my ($file_key) = substr($cipher_key, 0, $xor_len);
 
  while (read(FILE, $xor_block, $xor_len)) {
    $plain_text = $file_key ^ $xor_block;
    $plain_text =~ s/+$//;
    $plain_text =~ tr/A-Z/a-z/;
    print $plain_text,"";
  }
}

     We chose this snippet of Perl for two reasons. Fi rst, when compared to the Visual BASIC, it is apparent that more symbolic characters and fewer natural-looking words are used, illustrating the variety of programming languages. Though it looks less like a natural text language, its meaning is as clear to those who read Perl as is this sentence to those who read English. ...

     The second reason is the more thematic. The snippet is from a program which decrypts the encrypted list of URLs blocked by the filtering software application known as X-Stop, the use of which in a public library was found to be unconstitutional in Mainstream Loudoun v. Board of Trustees, 24 F.Supp.2d 552 (E.D.Va 1998). In part by showing that X-Stop blocked valuable Internet speech, Plaintiffs prevailed, but on the face of 17 U.S.C. SS 1201(a)(1), such a decoder might be unlawful as a circumvention measure. In October 2000, the Librarian of Congress completed the first rulemaking mandated by §1201(a)(1). One exemption was for "[c]ompilations consisting of lists of websites blocked by filtering software applications." 37 CFR Part 201. If the LOC rulemaking now legitimizes the use of a program such as the X-stop decoder to compile such lists, it makes no sense under any theory of copyright law that §1201(a)(2) proscribes the distribution of such a program, but that is the effect of §1201(a)(2), the section at issue in this action.

Note "such a decoder might be unlawful as a circumvention measure". I don't want to play Russian-Roulette-plus-snipers these days to find out :-(

Posted by Seth Finkelstein at 11:57 PM | Followups
October 01, 2003

N2H2 "State Secrets" - censored censorware report and why - part 3

I never described why I called this recent series "State Secrets". That's a reference to an old joke about dictatorships:

Another joke is about a student marching down the Avenue of Eternal Peace with a banner saying "Li Peng is a pig"
The student is arrested, tried and sentenced to 20 years.
He complains that illegal protests carry a maximum sentence of five years.
"Yes," replies the judge. "Five years for an illegal protest and 15 for revealing state secrets."

http://www.dcs.shef.ac.uk/~yorick/com334/documents/a1f.txt

That joke really sums it up - for revealing N2H2's censorware blacklist is a pig, I might get a minor penalty for one issue, but 15 years (of litigation) over revealing their state, err, trade secrets.

When I first circumvented the encryption of N2H2's blacklist, I was amazed at how much of it was junk and duplications and obvious errors. Just full of garbage. Logically, what do they care? Who is looking?! They have an incentive to add as much as possible, for PR puffery (a blacklist zillions long). It was very evident that there were silly keywords being used to blacklist sites.

I wanted to publish these results to coincide with the District Court CIPA trial. But during the expert-witness testimony of the trial, N2H2 went into court with extraordinary legal aggressiveness, to attempt to prevent the court experts from testifying in public about its blacklist (on "trade secret" grounds):

"They say that certain things we talk about them having blocked will show the nature of their software, ..."

(note small world, that quote is from Declan McCullagh's (sigh ...) coverage of the trial)

At roughly the same time (actually a little before, but adding to the legal risk), Michael Sims, the Slashdot "editor" who had domain-hijacked Censorware Project's website, broke trust that had, in earlier times, been placed in him by Censorware Project's main lawyer (James Tyre). As part of the process of obtaining nominations for me for the EFF Pioneer Award, James Tyre had written (with my full consent) a detailed message to Censorware Project members cataloging every censorware decryption I'd done up to that time - names, dates, methods used. This was sensitive legal information, more so for coming from such an unimpeachable source.

Michael Sims publicized this confidential message to the world, including every censorware company which might want to sue me, just when N2H2 was doing its attempts to suppress public testimony (privately, it's a great message, later I put it on my site with others - but there's a time and a place for everything!). If N2H2 was willing to take such legal action involving court experts serving as witnesses in a Federal trial, the risk for a mere programmer in publishing more detailed and revealing work (even a civil-liberties award-winning programmer) was terrifying. The betrayal of confidence was an incredibility vicious and vile action.

The import of this trust-breach is often lost in various smoke-blowing. (for example, Michael Sims was particularly upset that James Tyre hadn't trusted him with the sensitive information from the start, ironically showing by his dishonorable actions why that lack of trust was thoroughly justified). People tend to get focused on the name-calling. But it was putting legally sensitive information in censorware company hands, while aggressive legal action was underway, which was most destructive.

I made a decision then: I'm not going to publish this work. The legal risk is too high. I don't have the support I need. At best I'll get smeared, at worst I'll get sued.

Remember, Slashdot continues to _de facto_ support Michael Sims, in terms of pay, reputation, and press-power. It matters. This is why I have to quit.

Posted by Seth Finkelstein at 11:58 PM | Followups
September 15, 2003

"Open Censorware" and recent legal advice to libraries

A recent article from the American Library Association, ALA: Lawyers Sift through CIPA Regulations discusses: "At the request of the American Library Association, the law firm of Ropes and Gray issued an advisory letter August 28 to libraries regarding their legal obligations under CIPA" (CIPA is the Federal library censorware law) [link credit lisnews. com]

Looking through that advisory letter, I don't think it's very favorable to "Open Censorware":

Public libraries that routinely submit untimely certifications, do not submit certifications, certify compliance with CIPA with the knowledge that they are not in compliance, install an Internet filter known to be nonworking, or fail to enforce their Internet safety policy or operate their Internet filter will likely to be found to be acting in bad faith and not in compliance with CIPA. These libraries will be subject to a loss of their federal E-rate or LSTA funding and may have to reimburse the federal government for E-rate funds utilized during noncompliance. Libraries that fail to remain diligent regarding upgrades in Internet filtering technology may also be determined to be acting in bad faith.4 ...

4The Restatement (Second) of Contracts states, "A complete catalogue of types of bad faith is impossible, but the following types are among those which have been recognized in judicial decisions: evasion of the spirit of the bargain, lack of diligence and slacking off, willful rendering of imperfect performance, abuse of a power to specify terms, and interference with or failure to cooperate in the other party's performance."Restatement (Second) of Contracts S 205 cmt. d (1981).

And later:

CIPA does not provide for any penalties for noncompliance beyond the withholding and reimbursement of federal funding; there are no criminal penalties provided for under CIPA. However, there are federal criminal laws that apply to the submission of fraudulent information or false certifications to the government. See 18 U.S.C. S 1001 (2003).

If I were putting myself on the line, as a library director, I wouldn't be inclined to do anything which looked like playing games with such a requirement. Requiring a judicial specification of a blacklist just might work, as a straightforward and direct position. But not pretending the blacklist problem doesn't exist.

Posted by Seth Finkelstein at 11:57 PM | Followups
September 08, 2003

RIAA "Clean Slate" Amnesty - fishing expedition for targeting lawsuits?

As the RIAA starts lawsuits, their "Clean Slate" amnesty program is obviously receiving much attention. Just what sort of trouble can one expect from admitting to copyright infringements? (the RIAA can't stop lawsuits from other copyright owners such as the MPAA, nor the government, etc. - see e.g. postings at bIPlog and Freedom To Tinker)

The RIAA's description says:

OUR PRIVACY POLICY Information provided on the Clean Slate Program Affidavit will be used solely in connection with conducting and enforcing the Clean Slate Program. Information will not be used for marketing, promotional or public relations purposes. Information will not be made public or given to third parties, including individual copyright owners, except if necessary to enforce a participant's violation of the pledges set forth in the Affidavit or otherwise required by law.

But those who followed the story of TrustE know that privacy polices are slippery things. And besides, who is going to sue the RIAA if they wiggle on the meaning of "conducting and enforcing"?

Now, this certainly could be a way of entrapping people, given that "Clean Slate" affidavit signers are then liable for wilful infringement.

But large-scale infringers aren't going to rely on such a promised "amnesty". Perhaps the idea is that it's a way to get leads from scared "little fish" to go after "big fish" ("... tell us who your connection is, boyo, and you can walk ...").

That is, if the RIAA gets a large collection of applications from one particular location, that would seem to indicate there's good lawsuit-hunting in that area, with plenty of other fish who can be fried. The amnesty-seekers then act as quasi-informants. Perhaps explicit informants, if they're then interrogated to "verify" details of what they've submitted ("We're not prosecuting you, we're just checking up to make sure you told the truth, there's severe penalties if you lied ...")

And the most immediate use of the affidavits is as PR-fodder, i.e., "X pirates have admitted to crimes against copyright. The problem is worse than anyone thought!". This segues well into future prosecutions.

Quasi-Valenti-ism: "This amnesty is to the RIAA as UN Security Resolutions were to Saddam Hussein"

Posted by Seth Finkelstein at 11:13 PM | Followups
September 04, 2003

Chamberlain v. Skylink - Garage Door Opener as (not) DMCA Violation

Chamberlain v. Skylink, aka "Is a Garage Door Opener a Circumvention Device?" is the hot DMCA topic now. A decision has been rendered that it not automatically (pun intended), as a matter of law ("summary judgment") such a circumvention device. This is what passes for a DMCA victory nowadays ...

IP Justice has been publicizing the outcome, with comments and a case archive (Hmm, competition, there's more items there than in the EFF case archive)

I've seen commentary today from at least Ed Felten, Ernest Miller at Lawmeme and Derek Slater.

The key passage causing the most argument seems to be this (emphasis mine):

Furthermore, the homeowner has a legitimate expectation that he or she will be able to access the garage even if his transmitter is misplaced or malfunctions. During oral arguments on this motion, Plaintiff acknowledged that under its interpretation of DMCA, a garage owner violates the Act if he or she loses the transmitter that came with its Chamberlain rolling code GDO, but manages to operate the opener by somehow circumventing the rolling code. This court agrees with Defendant that the DMCA does not require such a conclusion.

I submit this is an instructive illustration of my focus on whether the court considers the plaintiff or the defendant to be a good guy or a bad guy. This passage is in essence "The defendant is not a Bad Guy. It's arguably a Good Guy. So they aren't required to be slammed".

That sort of analysis is NOT the whole of any decision, and I'd be misinterpreted if it were thought that was my view. However, reading decisions, I've come to believe that perception matters much more than lawyers like to admit, at least in public.

The following passage, a little earlier, has a slight misspeaking, but that's not the problem (again emphasis mine)

The district court in Reimerdes was looking at a set of facts quite distinct from those presented here: Plaintiff there had encoded its DVD's and licensed the software necessary to circumvent this encoding process to manufacturers of DVD players. As a result, the plaintiff in Reimerdes did in fact authorize certain circumvention of its technological protective measure pursuant to a license. It did not authorize circumvention by means of nonlicensed software.

The judge obviously meant to say decryption where she has circumvention. But again, that's just a small misuse of wording.

Honestly, what I think she's struggling to say, is that in Reimerdes (the 2600 DeCSS case) the plaintiffs were Good Guys protecting Intellectual Property threatened by Pirates/Bad Guys. But here, "activating a Garage Door Opener" (GDO) isn't Intellectual Property, the defendant isn't a Bad Guy, so the plaintiff should stop being silly.

Indeed, in a way, that's the core of the actually decision:

CONCLUSION The court concludes there are disputes of material fact concerning whether the computer program in Chamberlain's rolling code is a work protected by copyright and whether the owner of a Chamberlain rolling code GDO is authorized to use the Model 39 universal transmitter.

But to consider this a big DMCA victory only shows how bad is everything else.

Posted by Seth Finkelstein at 11:59 PM | Comments (1) | Followups
August 27, 2003

DVD-CCA v. Bunner, my punditry on What It Means

What follows are some thoughts I have about what the Bunner DVD trade-secret case recent decision actually means. Note I am not a lawyer, and the views below are my own, no warranty expressed or implied, free advice is worth what you pay for it, and so on.

In general, this is in the abstract, a formal, procedural, decision. It is not a factual ruling. It's a matter of law. However within those formal, procedural, matter-of-law constraints, I see things as being said, which are not good. But I see it as problematic in a much more complex fashion than the popular press is reporting it.

The popular reporting may be that this decision ruled the facts against Bunner. That's wrong. But I also think it's too abstract (though not strictly wrong), to infer nothing at all about how the facts are likely to be ruled on "remand" stemming from what's written in this decision.

My understanding is that the Appeals Court says:
(emphasis mine in all the below)
http://www.eff.org/IP/Video/DVDCCA_case/20011101_bunner_appellate_decision.html

"Preliminary injunctions are ordinarily reviewed under the deferential abuse-of-discretion standard. We consider only whether the trial court abused its discretion in evaluating two interrelated factors."

They would like to let Bunner off. But they have a problem. They will have a very hard time doing that under a "deferential" "abuse-of-discretion standard". So they make a big jump:

"However, not all restraining preliminary injunctions are entitled to such deferential review. ... Thus, in order to determine the appropriate standard of review, we must first decide whether the restraint imposed by the trial court's preliminary injunction implicated Bunner's First Amendment right to free expression. If so, we exercise independent review. "

This jump gets them out of the "deferential" state, and into the "independent review" state. And they are happy, because they then can write on about the importance of free speech, as a principle.

But this jump lands in the CA Supreme Court. The CA Supreme Court slams it, hard. Not valid, error, core dump, etc. They send it back to the Appeals Court.

We have now returned from the jump. Since no further ruling on facts has formally been made, we could abstractly be said to be no worse off than before. That would be the formal answer. However, informally, I think the key is in this part:

"If, after this examination, the court finds the injunction improper under California's trade secret law, then it should find that the trial court abused its discretion. (See ibid. [holding that, in determining whether the "issuance of a preliminary injunction constitutes an abuse of " discretion under the First Amendment, the reviewing court must independently review the factual findings subsumed in the constitutional determination]; ... [holding that preliminary injunctions are reviewed "under an abuse of discretion standard"].) Otherwise, it should uphold the injunction.

The Appeals Court didn't want to do that review under an "abuse of discretion" standard. So though the case is now being returned back to a favorably-inclined court, it's going back with extremely strong "guidance" to be decided in a way that the Appeals Court wanted to avoid - for the obvious reason that such a path strongly implied upholding the injunction, as a practical matter.

The Appeals Court is now locked back into the "abuse of discretion" box. Along with plenty of attitude conveyed, that the defendant is a bad guy and the plaintiff is a good guy. In theory, they could still have a favorable ruling. But I see them as being told here to uphold the injunction unless they can come up with an extremely good reason why not (again. "abuse of discretion").

Of course, I-Am-Not-A-Lawyer. But I'm trying not to be a defendant either 1/2 :-).

Update: A smart, top-flight, veteran, California lawyer tells me that I'm misreading that key standard of review aspect. The Appeals Court is in fact being told to exercise a fully independent review, not a deferential review. If so, I'll own up to misreading the above.

Again, IANAL

Posted by Seth Finkelstein at 12:57 AM | Comments (9) | Followups
August 26, 2003

DVD-CCA v. Bunner, reverse-engineering, and trade-secret

I came across another especially interesting passage in one opinion in decision from the DVD trade-secret case, This discusses reverse-engineering as applied to the case (remember, for contrast, the Bowers v. Baystate case upholding shrinkwrap prohibitions against reverse-engineering):

I also note that it is highly doubtful the alleged trade secret was acquired by improper means within the meaning of the trade secret law. Civil Code section 3426.1, subdivision (a), defining "improper means," states "[r]everse engineering . . . alone shall not be considered improper means." Apparently the word "alone" refers to the fact that the item reverse engineered would have to be obtained "by a fair and honest means, such as purchase of the item on the open market for reverse engineering to be lawful." ... According to the allegations of the complaint, the alleged initial misappropriator of CSS, Jon Johannsen, acquired the secret through reverse engineering. There is no allegation that he acquired the product containing CSS unlawfully, and that therefore improper means were employed. The DVD CCA argument below that violation of a "click license" agreement prohibiting reverse engineering constituted the improper means does not appear to have merit. To be sure, contract plays an important role in trade secret law by protecting the trade secret holder against "unauthorized use or disclosure through a contract with the recipient of a disclosure" or others who have had special access to trade secret information, via confidentiality agreements and the like. ... But nowhere has it been recognized that a party wishing to protect proprietary information may employ a consumer form contract to, in effect, change the statutory definition of "improper means" under trade secret law to include reverse engineering, so that an alleged trade secret holder may bring an action even against a nonparty to that contract. Moreover, if trade secret law did allow alleged trade secret holders to redefine "improper means" to include reverse engineering, it would likely be preempted by federal patent law, which alone grants universal protection for a limited time against the right to reverse engineer.

Note, regarding Jon Johansen and DeCSS, that he did not in fact do the reverse-engineering. It was actually done by an anonymous German (and as I say, it's obvious why the person is remaining anonymous).

In any case, the above is one opinion, and it's arguing against the finding of the lower court. So while it's a piece of evidence, I'm not exactly reassured (and it's California, other places may vary).

Posted by Seth Finkelstein at 10:25 PM | Followups
August 25, 2003

DVD-CCA v Bunner, technical information, and public concern

This part of today's decision in the DVD trade-secret case, deserves special note. It addresses what the court considers the unimportance of "technical information":

DVD CCA's trade secrets in the CSS technology are not publicly available and convey only technical information about the method used by specific private entities to protect their intellectual property. Bunner posted these secrets in the form of DeCSS on the Internet so Linux users could enjoy and use DVD's and so others could improve the functional capabilities of DeCSS. He did not post them to comment on any public issue or to participate in any public debate. Indeed, only computer encryption enthusiasts are likely to have an interest in the expressive content-- rather than the uses--of DVD CCA's trade secrets. (See Tien, Publishing Software as a Speech Act, supra, 15 Berkeley Tech. L.J. at pp. 662-663 ["Programming languages provide the best means for communicating highly technical ideas--such as mathematical concepts--within the community of computer scientists and programmers"].) Thus, these trade secrets, as disclosed by Bunner, address matters of purely private concern and not matters of public importance. ...

Only "computer encryption enthusiasts"? Not "matters of public importance"??

Calling Ed Felten ...

Posted by Seth Finkelstein at 06:23 PM | Followups

DVD-CCA v. Bunner - loss!

The California DVD trade-secret case has just had a loss.

Background: http://www.eff.org/IP/Video/DVDCCA_case/

http://www.courtinfo.ca.gov/opinions/documents/S102588.PDF

"Today we resolve an apparent conflict between California's trade secret law (Civ. Code, 3426 et seq.) and the free speech clauses of the United States and California Constitutions. In this case, a Web site operator posted trade secrets owned by another on his Internet Web site despite knowing or having reason to know that the secrets were acquired by improper means. The trial court found that the operator misappropriated these trade secrets in violation of section 3426.1 and issued a preliminary injunction pursuant to section 3426.2, subdivision (a), prohibiting the operator from disclosing these secrets. Accepting as true the trial court's findings, we now consider whether this preliminary injunction violates the First Amendment of the United States Constitution and article I, section 2, subdivision (a) of the California Constitution. We conclude it does not."

But later [cites to various cases cut-out for readability]

"Our decision today is quite limited. We merely hold that the preliminary injunction does not violate the free speech clauses of the United States and California Constitutions, assuming the trial court properly issued the injunction under California's trade secret law. On remand, the Court of Appeal should determine the validity of this assumption. Because there appears to be some confusion over the proper standard of review, we offer guidance below."

"In upholding the preliminary injunction against Bunner's First Amendment challenges, we rely on the assumption that DVD CCA is likely to prevail on the merits of its trade secret claim against Bunner. As such, "any factual findings subsumed" in the trade secret misappropriation determination "are subject to constitutional fact review." ...

"[W]here a Federal right has been denied as the result of a [factual] finding . . . or where a conclusion of law as to a Federal right and a finding of fact are so intermingled as to make it necessary, in order to pass upon the Federal question, to analyze the facts," the reviewing court must independently review these findings. ... "[F]acts that are germane to" the First Amendment analysis "must be sorted out and reviewed de novo, independently of any previous determinations by the trier of fact." ... And "the reviewing court must ` "examine for [itself] the statements in issue and the circumstances under which they were made to see . . . whether they are of a character which the principles of the First Amendment . . . protect." ' " ...

On remand, the Court of Appeal must therefore "make an independent examination of the entire record" ... and determine whether the evidence in the record supports the factual findings necessary to establish that the preliminary injunction was warranted under California's trade secret law ... [noting that appellate courts must independently review factual findings relevant to the resolution of any First Amendment issues]). If, after this examination, the court finds the injunction improper under California's trade secret law, then it should find that the trial court abused its discretion. (See ibid. [holding that, in determining whether the "issuance of a preliminary injunction constitutes an abuse of " discretion under the First Amendment, the reviewing court must independently review the factual findings subsumed in the constitutional determination]; ... [holding that preliminary injunctions are reviewed "under an abuse of discretion standard"].) Otherwise, it should uphold the injunction.

Posted by Seth Finkelstein at 01:22 PM | Followups
August 16, 2003

ACLU CIPA censorware memo

The ACLU released a legal memo for libraries on coping with CIPA, the Federal library censorware law. It came out two weeks ago, but it seems to have been little publicized.

Library filtering after US v. ALA: What does it all mean and what should we do
http://www.aclu.org/Privacy/Privacy.cfm?ID=13270&c=252

It prominently mentions the "visual depictions" aspect of CIPA, and makes interesting recommendations.

There's a notable paragraph, which is think is extremely important for any idea of Open Censorware :

"Some libraries have suggested creating their own software. Libraries can certainly do that. The statute does not require any particular product. But, any product used has to represent a "good faith" attempt to comply. It seems unlikely that any individual library could create a blocked sites list and keep it up to date."

I must say I got a big laugh out of the recommendation of:

"3. Join with ALA in pressuring the software companies to make their lists of blocked sites public"

Hmm, censorware companies should make their blacklist public. They ought to. They should. Blacklists should be public from the censorware companies. I say so. That's the way to do it. Right on. Have I mentioned the blacklists should be public?

That is, no matter how may times any civil-liberties group says it, the censorware companies don't care (see, for example DMCA testimony). But then, the ACLU certainly knows this.

Sigh. I'm about ready to quit, because I just can't publish more censorware research due to the legal risk involved. For all the talk of pressuring censorware companies above, there's just no support for my work.

Posted by Seth Finkelstein at 07:37 PM | Followups
August 15, 2003

A Fair And Balanced look at the Fox / Al Franken lawsuit

It's a little late, but I should add my small contribution to Fair And Balanced day protesting Fox News lawsuit against Al Franken over the use of the term "Fair and balanced" in the title of his new book.

To be fair and balanced, some of Fox's objections make a little more sense when one looks at the Franken book cover. The title "Lies and the Lying Liars Who Tell Them: A Fair and Balanced Look at the Right" buries the "Fair and Balanced" phrase among other words. The graphics design of the cover makes the "Fair and Balanced" phrase a bit more standalone and eye catching. The title is visually more along the lines of:

Lies
And the
Lying Liars
Who Tell
Them

A Fair and Balanced
        Look at the Right

That still doesn't justify Fox's reaction, in my view, but it does make it more understandable why they are complaining. However, the tag usage is clearly a fair and balanced parody.

More interesting is all the flaming in Fox's lawsuit:

77. Franken has recently been described as a "C-level political commentator" who is increasingly unfunny". ... Franken is neither a journalist nor a television news personality. He is not a well-respected voice in American politics, rather, he appears to be shrill and unstable. His views lack any serious depth or insight. Franken is commonly perceived as having to trade off of the name recognition of others to make money. One commentator has referred to Franken as a "parasite" for attempting to trade off of Fox News' brand and O'Reilly's fame in the Preliminary Cover of his Book.

...

79. Defendants' use of the Trademark also tarnishes the mark by associating the mark with Franken's sophomoric approach to political commentary. Such a use lessens the reputation of FNC for having a team of first-rate journalists and news personalities who gather, report, and analyze the news.

Note the insults serve a legal purpose. The idea is that Franken is a bad guy, so that the judge should decide against him, and associating him with the trademark is bad for the trademark. It does sound silly in print. But is the judge more likely to be a viewer of Al Franken on Saturday Night Live, or of Fox News?

Some of those slams come from an article "Al Franken is a Conservative Commentator Parasite and Other Observations", which in itself is parodying Franken's book RUSH LIMBAUGH IS A BIG FAT IDIOT and other observations." (Isn't it great how culture builds on itself?). But there's the source, "parasite", "Franken is a "C" level political commentator and usually unfunny", "needs to attack conservatives by name and then call them names to get attention", etc.

It's amazing what third-party flaming ends up in legal papers in court.

Posted by Seth Finkelstein at 11:59 PM | Followups
August 10, 2003

Mike Hawash

Mike Hawash, an Intel engineer involved in a terrorism case pled guity to one of the charges against him. This is slightly old news, I was catching-up today.

From the details, it's virtually certain he is actually guilty (pleading is not the same as truth).

I never did say anything when the story was first going around. But I was just musing on the heat I would have taken back then, if I'd have said that I thought he was in fact guilty.

Anyway, I was curious as to how well the cheap talk was matched with expensive donations. According to the Portland Tribune:

Some of Hawash's supporters started a legal defense fund after his arrest, raising approximately $20,000. To some of the people who wrote on the site, Hawash's arrest was proof that the war on terrorism had spun out of control and was trampling the rights of American citizens.

So, $20,000, which is consistent with what was posted earlier on the freemikehawash.org, regarding $15,000 (or maybe from the same source). It's nice that his coworkers supported him.

Not bad in relative terms, though he was cause-celebre. But in absolute terms, it's not close to what a criminal trial costs.

Posted by Seth Finkelstein at 11:59 PM | Followups
August 05, 2003

Peter Davies rebutted on DMCA liability by Ed Felten

Edward Felten has noted my posting on Peter Davies, Felten, DMCA liability and written a searing rebuttal to Davies' dismissive stance:

When it's not your house on the line, when it's not your job, then probably may be enough. To people like Davies, who had nothing personally at risk, a lawsuit would have been no more than a scholarly conversation piece.

Hear, hear!

There was an interesting line in Peter Davies IP paper which I didn't mention earlier, but found particularly revealing:

This may look like ghastly legalese to most of you, but it's meat and drink to people like me.

It reminded me of the old lawyer joke:

"A defense lawyer loses a criminal trial. His client turns to him and asks "Where do we go from here?" The lawyer replies: "Well, I go back to my office. You go to jail."

One thing I have noticed in many of my interactions with a certain type of lawyer, is a frustrating lack of comprehension regarding how ordinary people view lawsuits. It is not our "meat and drink". Rather, as in the classic Judge Learned Hand quote, lawsuits are next to sickness and death. The people at risk of being ground-up like sausages are in a very different position than the sausage-makers.

I suspect this also affects Peter Davies' perception of the "astonishing volume of vitriolic comment" on these issues. When it's a scholarly conversation piece, it is easy to be distant. But when it is you who may lose much, that's a different situation.

I've gotten enough dismissiveness myself over my own censorware research, over trying to convey the simple idea that I don't want to be sued, that in reaction, I have no doubt I come across as vitriolic too.

Posted by Seth Finkelstein at 11:59 PM | Followups
August 02, 2003

Peter Davies, Felten, DMCA liability

John Palfrey has some interesting reports about the goings-on at the Oxford Internet Institute. I found the following report of particular interest:

Second session: Peter Davies, an very impressive ex-industry lawyer who's a fellow here at OII, reviewed the Felten case. He made the very good point that IP issues have become dominated by more hyperbole than serious debate. Mr Davies and I disagreed, however, about the impact of the DMCA anti-circumvention on research. There have been multiple research projects that we've decided not to pursue or to publish, despite our belief that the information would be useful, because of our fear that the method of garnering the information could expose us to DMCA liability. The counter-point: that we wouldn't really get sued and that there's not so much to be worried about. Maybe so.

I've seen this argument many times. In fact, it's a good example of what I just discussed as stage one of the three stages of a free-speech lawsuit - "You won't get sued". For how I tend to reply, see my old blog entry about the "chicken little" copyright argument:

I have a standard offer for lawyers who write things such as the "chicken littles" paragraph above. I say: Since, according to you, there is no risk, well then, there should be no problem at all for you to agree to represent me pro bono for any relevant charges arising from my censorware work. No risk, right? So there's no risk in your making such agreement, right? Here's how you can show you believe it yourself, when there's a risk to you!

I have yet to find a lawyer, who makes derisive comments like that quoted remark, who will then take me up on that offer. ...

I was going to segue into one of my stories about lawyers telling me there was no risk to something, when it suited their advocacy position. But a quick search turned up the Peter Davies IP paper! (I love the Internet, this is why I spent so much effort in my life to try to keep it free and open). The key passage is:

I find this David and Goliath picture somewhat unconvincing because, as I said, it was Professor Felten who sued the Record industry and not the other way around, secondly there are clear exceptions permitting use of works for educational and research purposes, and thirdly, a few minutes' research on the Internet into these controversial cases reveals an astonishing volume of vitriolic comment and organised campaigning against the rightholders.

Now, I know I should be veddy polite, but it's going to take me a page just to go through in this paragraph. From the top...

Felten who sued the Record industry and not the other way around

This is improper moral equivalencing between a lawsuit assuring the ability to publish, and a lawsuit threatening the ability to publish. If the Felten lawyers had won, all that would have happened is that the RIAA would not have been able to sue the various researchers for publishing. If the RIAA had sued, all the "David"s would immediately have to deal with years of PERSONAL legal liability. The sentence above seems to require that one take no defensive legal measures when threatened.

clear exceptions permitting use of works for educational and research purposes

It's unclear if this means traditional copyright fair use, or the narrow DMCA exceptions. I think from the phrasing it's the former, but I'll deal with both. Traditional copyright fair use is not a defense to the DMCA. This has been repeated in many decisions, references if needed. The DMCA exception for "(g) Encryption Research" is a horribly complex and convoluted tangle, which is not at all clear. And hardly the basis from which to deny all potential liability.

thirdly, a few minutes' research on the Internet into these controversial cases reveals an astonishing volume of vitriolic comment and organised campaigning against the rightholders.

Let me see if I understand this clause - the vitriolic comment contributes to NOT being David and Goliath? Wouldn't a David and Goliath situation quite naturally generate vitriolic comment? (I can just hear a Monty Python type skit "Can't be vitriolic, you know, David. It's not done to be angry. The proper response to facing Goliath is a stiff upper lip. That will go a long way to showing how you're truly overmatched") As to "organised campaigning against the rightholders", well, as I write this, the techie news is filled with reaction against perhaps the largest subpoena carpet-bombing ever seen - certainly the largest that nonlawyers have ever seen. And some of that comment is extremely vitriolic.

Again, that's detailing one paragraph, and I'm tired already. I'm unable to convey the emotion of seeing the potential for years of devastating litigation, so airily dismissed.

Posted by Seth Finkelstein at 11:50 PM | Followups
July 25, 2003

CIPA-compliance, N2H2, and free market

In response to the FCC's recent decision, mentioned yesterday, to again not set any standards for the CIPA Federal library censorware law, censorware company N2H2 has been claiming another victory. David Burt, their PR flack, posted:

N2H2 filed ex parte comments with the FCC two weeks ago asking that the FCC not set any standards for filtering software to comply with CIPA, such as the ability to be unblocked or a level of effectiveness. We feel these are decisions best left to the free market and the libraries themselves to decide. So we are pleased by the ruling.

Law professor Peter Junger made the following illuminating remark about N2H2's FCC comments:

"It does seem perverse to argue that a decision is best left to the free market when the subject matter of the decision is kept secret."

That sentence finally led me to understand the reasoning behind N2H2's arguments. It's not that N2H2 is a Libertarian believer in free-markets, even to the detriment of its own business interests. Rather, if there were a government standard, N2H2 fears that standard could be a lever with which to get access to censorware blacklists - in order to test compliance with the standard! The government compliance procedure would provide a focal point for pressure with Freedom-Of-Information Act requests and similar.

By arguing "free market", in fact, they are able to keep the subject matter secret. They can take the position of: "You can use our censorware, or not, but we don't have to tell you how it works, what's on the secret blacklist. If you don't like it, use something else."

It's another example of what I term "privatIZED censorship". Government imposes a censorship system, but which would normally be accountable through the judicial process, but the implementation is done by private businesses, and hence unaccountable.

Posted by Seth Finkelstein at 09:58 PM | Comments (2) | Followups
July 24, 2003

FCC CIPA (library censorware) order

The FCC issues regulations on CIPA today - good links at "Blue Highways".

I've skimmed through the document, and as far as I can parse it out (keeping in mind I'm not a lawyer). it basically says "School and library censorware is now going into effect". But it doesn't say anything new as to what's valid censorware for the purposes of the law. I assume this means the old compliance ruling is still in place:

25. Some commenters have requested that we require entities to certify to the effectiveness of their Internet safety policy and technology protection measures. However, such a certification of effectiveness is not required by the statute. Moreover, adding an effectiveness standard does not comport with our goal of minimizing the burden we place on schools and libraries. Therefore, we will not adopt an effectiveness certification requirement.

26. A large majority of commenters express concern that there is no technology protection measure currently available that can successfully block all visual depictions covered by CIPA. Such commenters seek language in the certification or elsewhere "designed to protect those who certify from liability for, or charges of, having made a false statement in the certification" because available technology may not successfully filter or block all such depictions. Commenters are also concerned that technology protection measures may also filter or block visual depictions that are not prohibited under CIPA.

27. We presume Congress did not intend to penalize recipients that act in good faith and in a reasonable manner to implement available technology protection measures. Moreover, this proceeding is not the forum to determine whether such measures are fully effective.

Note that part regarding act in good faith and in a reasonable manner. I think it's the key element for any ideas of "Open Censorware"

Posted by Seth Finkelstein at 11:05 PM | Followups
July 02, 2003

Aimster and Encryption

The Aimster decision, to keep an injunction against that file-sharing service, has generated a great deal of commentary (e.g. Derek Slater has much). I just have some observations regarding Aimster's use of encryption.

Ed Felten writes

The opinion assumes that Aimster did this because it wanted to remain ignorant of the infringing nature of the traffic. ...

But there is another good reason to use end-to-end encryption in such a service. Users might want to transfer sensitive but noninfringing materials. ... The opinion hints at all of this; but apparently Aimster did not offer arguments on this point.

I think the court recognized that reason straightforwardly, in this part:

4. Aimster's users might appreciate the encryption feature because as their friendship deepened they might decide that they wanted to exchange off-color, but not copyrighted, photographs, or dirty jokes, or other forms of expression that people like to keep private, rather than just copyrighted music.

This passage is in fact rather thoughtful on the encryption issue:

He did not escape liability by this maneuver; no more can Deep by using encryption software to prevent himself from learning what surely he strongly suspects to be the case: that the users of his service--maybe all the users of his service--are copyright infringers. This is not to say that the provider of an encrypted instant-messaging service or encryption software is ipso factor a contributory infringer should his buyers use the service to infringe copyright, merely because encryption, like secrecy generally, facilitates unlawful transactions. ("Encryption" comes from the Greek word for concealment.) Encryption fosters privacy, and privacy is a social benefit though also a source of social costs. "AOL has begun testing an encrypted version of AIM [AOL Instant Messaging]. Encryption is considered critical for widespread adoption of IM in some industries and federal agencies." Vise, supra. Our point is only that a service provider that would otherwise be a contributory infringer does not obtain immunity by using encryption to shield itself from actual knowledge of the unlawful purposes for which the service is being used.

Though there's a paradox lurking here, almost a kind of poetic justice or irony. Roughly:

Service: We've implemented encryption to protect our users' piracy, err, we meant privacy. So gosh-darn-golly, we can't know of any copyright infringement by our users, since the files shared are secret. We win!

Court: How interesting. You say you can't know what files your users are sharing? It's a secret? You absolutely, positively, don't know? Hmmm ... then you can't provide any evidence that there are actually any substantial noninfringing uses. You lose!

That's oversimplified, but the court does seem to have said something along those lines:

Aimster failed to make that showing too, by failing to present evidence that the provision of an encryption capability effective against the service provider itself added important value to the service or saved significant cost. Aimster blinded itself in the hope that by doing so it might come within the rule of the Sony decision. It complains about the district judge's refusal to hold an evidentiary hearing. ... [snip] ... Aimster hampered its search for evidence by providing encryption. It must take responsibility for that self-inflicted wound.

Posted by Seth Finkelstein at 04:46 AM | Followups
June 30, 2003

Intel v. Hamidi

Intel v. Hamidi verdict is in, let the interesting times begin ...

Hamidi's an ex-Intel employee who has been sending messages critical of Intel to tens of thousands of Intel employees, unsolicited, at their Inte work addresses. Intel sought an injunction against him, won in lower court, and just lost by a narrow 4-3 ruling in California Supreme Court

I've always thought this was a "hard cases make bad law" situation. Most civil-libertarians I know, who aren't dedicated anti-spammers, analyze it in term of a Little Guy being shut-up by A Big Corporation. And indeed, on the facts of it, I rather agree. On the other hand, in general, the law simply doesn't seem to have a "Little Guy vs. Big Corporation" exception in it. There's something to that effect in labor law, but Hamidi's cause itself didn't fall under it. I thought he was going to lose his case.

Well, hail California, they actually found for him, if narrowly To me, it's very interesting how, in my view, the majority basically seemed to want to write "We hold that he's a Little Guy being shut-up by A Big Corporation, and we're going to let him slide here because he's just not doing any real damage":

Intel's e-mail system was equipment designed for speedy communication between employees and the outside world; Hamidi communicated with Intel employees over that system in a manner entirely consistent with its design; and Intel objected not because of an offense against the integrity or dignity of its computers, but because the communications themselves affected employee-recipients in a manner Intel found undesirable.

The problem is, that fits every spammer, in terms of "consistent with its design". Spammers use email systems to deliver email, that's the whole point. The majority then lets Hamidi off the hook, as Intel objected for content (and hence, in practice, making a "Little Guy" exception). There's long sections in their opinion where they seem to try to say "Real spammers, don't try to use this, we don't mean to help you, no, no, no". They're commercial, Hamidi's non-commercial, which is a fair point. But spammers aren't noted for their honesty and strict construction in legal matters.

I suspect California is going to have some very interesting spam cases soon. ("My company must tell your employees about this great new way to improve their marital happiness, because an employee happier at home is happier and more productive at work ...")

And it must be wonderful to have legal backing ...

Posted by Seth Finkelstein at 11:19 PM | Comments (3) | Followups
June 22, 2003

"Children's Internet Protection Act" predictions

Here's my predictions, made purely for the exercise in punditry, as to how the "Children's" Internet Protection Act (library censorware case) will be decided. Keep in mind, censorware is not just for kids anymore.

Main: CIPA will be upheld, but with a mess of splintered concurring and dissenting opinions.

Rehnquist will write an upholding opinion.

O'Connor will join what Rehnquist writes

ScaliaThomas will vote to uphold. I don't know if it'll be part of the Rehnquist opinion or separate.

Kennedy on the upholding side, probably with Rehnquist and O'Connor

Same for Breyer.

Souter will dissent, strongly.

I'm not going to try for the others.

Yes, I'm a pessimist.

Posted by Seth Finkelstein at 11:58 PM | Followups
June 20, 2003

New York Times on wait for library censorware court decision

The New York Times recently had an article on upcoming Supreme Court decisions. Mandatory library censorware (CIPA) was mentioned.

The portion below is being posted in some places:

Of the 11 cases argued in February, only one is undecided and only Chief Justice Rehnquist has not written a majority opinion. The case, United States v. American Library Association, raises the First Amendment question of whether the government can require public libraries to install antipornography filters restricting Internet access.
If Chief Justice Rehnquist is in fact writing the majority opinion, there is little doubt that the court will uphold the law, the Children's Internet Protection Act.

With the following portion omitted:

On the other hand, he is one of the court's fastest writers, raising the question of why the decision in what is now the term's oldest undecided case is taking so long. One possibility is that there are many separate opinions, both concurring and dissenting. Perhaps he started out writing a majority opinion but lost the majority along the way.

Amusingly, when I posted that second part, someone responded, "Dream on, loser."

Posted by Seth Finkelstein at 11:58 PM | Followups
June 19, 2003

DMCA, fair use vs "access to copyrighted material"

I don't know how long I should drag out the Eldred discussion with Derek, but the following part motivated me to write yet another item on the topic:

That's why I don't really think of this discussion as people naively reading too much into the Eldred opinion. I look at it as a starting place for the next person who gets sued.

As I just said, cough, cough, cough ...

It's exactly because of being a starting place for the next person who gets sued, that I think people are naively reading too much into the Eldred opinion!

Quite frankly, nothing is worse for such a person than a pundit-lawyer on a hobby-horse, who needs a reality-check (nothing personal to anyone involved in this discussion, just a comment/example from more "intense" times).

I think I've found a fairly concise way of illustrating where I think there's a small (very small) gain, and a large gap:

Here's the good news, regarding this part of the 2600 Appeals decision:

Preliminarily, we note that the Supreme Court has never held that fair use is constitutionally required, although some isolated statements in its opinions might arguably be enlisted for such a requirement. ...

[And the fair use discussion in Eldred fits right here. One could say that it establishes there is such a requirement. Eldred at least unarguably adds strongly to the pile of evidence in favor of that point.]

Here's the bad news. Contrast the key fair use paragraph in Eldred here:

Second, the "fair use" defense allows the public to use not only facts and ideas contained in a copyrighted work, but also expression itself in certain circumstances. Codified at 17 U. S. C. 107, the defense provides: "[T]he fair use of a copyrighted work, including such use by reproduction in copies . . . , for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." The fair use defense affords considerable "latitude for scholarship and comment," Harper & Row, 471 U. S., at 560, and even for parody, see Campbell v. Acuff-Rose Music, Inc., 510 U. S. 569 (1994) (rap group's musical parody of Roy Orbison's "Oh, Pretty Woman" may be fair use).

With this pronouncement in the 2600 Appeals decision:

A film critic making fair use of a movie by quoting selected lines of dialogue has no constitutionally valid claim that the review (in print or on television) would be technologically superior if the reviewer had not been prevented from using a movie camera in the theater, nor has an art student a valid constitutional claim to fair use of a painting by photographing it in a museum. Fair use has never been held to be a guarantee of access to copyrighted material in order to copy it by the fair user's preferred technique or in the format of the original.

Where is there anything, anything, in what was said in Eldred, which screams that a Supreme Court opinion on the DMCA would reject that baleful phrase "Fair use has never been held to be a guarantee of access to copyrighted material ..."?

Try it as a positive assertion: "The Eldred decision establishes the contention that fair use is a guarantee of access to copyrighted material ...". See how stretched it is? How much it sounds like wishful thinking?

Posted by Seth Finkelstein at 11:32 PM | Followups
June 18, 2003

DMCA, fair use, and "traditional contours" argument

Replying to Derek, about Eldred decision meaning:

I reject the argument that the "traditional contours" argument is just a "vague phrase" without any meaning. It's not just that one phrase; it's a thread that runs through her entire argument. If none of that argument is important, then she would not have said that the lower court had erred in any way - her opinion would be equal to a categorical first amendment immunity for all copyright legislation. Given that she specifically said no such immunity exists, I don't see how one can ignore the traditional contours portion of her argument.

Consider the whole paragraph:

The First Amendment securely protects the freedom to make or decline to make one's own speech; it bears less heavily when speakers assert the right to make other people's speeches. To the extent such assertions raise First Amendment concerns, copyright's built-in free speech safeguards are generally adequate to address them. We recognize that the D. C. Circuit spoke too broadly when it declared copyrights "categorically immune from challenges under the First Amendment." 239 F. 3d, at 375. But when, as in this case, Congress has not altered the traditional contours of copyright protection, further First Amendment scrutiny is unnecessary.

Let me say, as a disclaimer, that I'm not a lawyer, not even a lawyer-in-training. But my reading of court decisions has made me very cynical. So when I encounter a passage such as the above, I don't see a ringing clarion-call for the ramparts of fair use. Rather, I hear, bluntly, a blow-off. A "But ...". Someone clucking "Now, that Circuit Court went a little too far, but don't you get any crazy ideas about First Amendment arguments overturning these laws."

The problem with Balkin's "pony-hunt" is where he's assuming exactly the conclusion he wants to reach (my emphasis:)

Does the DMCA "alter[] the traditional contours of copyright protection"? Yes, it does, in two respects. ...

Congress clearly did mess with those horizontal aspects in the DMCA, and so, under the logic of Eldred, it infringed on the "built-in free speech safeguards" of copyright law.

However, the "legal hack" argument of the DMCA is that it does not infringe on "built-in free speech safeguards" of copyright law, because it doesn't affect fair use in terms of a technical exception (as opposed to a substantive limit).

I am absolutely certain that in a DMCA Supreme Court opinion, they will analyze the issue of fair use extensively, instead of dismissing it out of hand. To this extent, I'll agree Eldred established fair use as a Constitutional requirement, rather than something which exists at the whim of Congress.

But I fear in that analysis, we are likely to see pages and pages explaining how in fact, in the court's view, the DMCA does not alter the "traditional contours of copyright protection" And the blueprint for that is in all the lower court decisions enthusiastically saying how the DMCA is not a fair use issue. Channeling Ginsburg, we'll get:

In addition to spurring the creation and publication of new expression, copyright law contains built-in First Amendment accommodations. First, it distinguishes between ideas and expression and makes only the latter eligible for copyright protection.

[Now insert: The DMCA doesn't affect idea/expression]

Second, the "fair use" defense allows the public to use not only facts and ideas contained in a copyrighted work, but also expression itself in certain circumstances.

[NOW insert: There's no right to access, fair use is merely a technical exception not a substantive limit - this is the whole argument]

I can see this very easily. Very easily indeed.

I believe people are reading into the Court's fair use discussion, something they themselves deeply believe is true, and so desperately want the Court to endorse as true. I share these feelings. But that can be a fatal error. I sadly see little evidence that the Court is saying anything DMCA-unfriendly.

C'mon. Do they sound business/copyright-power unfriendly to you?

Posted by Seth Finkelstein at 01:19 PM | Followups
June 16, 2003

Pamela Samuelson IP Law After Eldred

So, I started digging through Pamela Samuelson's recent paper on The Constitutional Law of Intellectual Property After Eldred v. Ashcroft (per blog recommendation of Derek Slater). I spotted a technical error, my pet peeve of the DeCSS history.:

The controversy concerned a Norwegian teenager who reverse engineered the Content Scramble System (CSS), an encryption program used by major motion picture studios to protect DVD movies. This teenager figured out how CSS worked, developed the DeCSS program to bypass CSS, and then posted the program on the Internet, to the dismay of major motion picture studios.

No, an anonymous German reverse-engineered CSS. Said German remaining anonymous for very obvious reasons ... I feel for that anonymous programmer ...

Oh, I was vastly "amused" by this summary remark:

Samuelson suggests that even if we couldn't mount an attack on the entire DMCA, we could see more successful challenges by particular defendants. They might have more success as fair users rather than traffickers (think Felten).

Sigh, cough, cough, cough ...

Posted by Seth Finkelstein at 08:33 PM | Followups
June 12, 2003

Jesse Jordan, RIAA, and direct copyright infringement

In a reply to my entry concerning Jesse Jordan being sued by RIAA, Edward Felten  commented and discussed the elephant in the room:

But let's not forget the plaintiffs' other claim, that Jordan was a direct infringer, based on his alleged redistribution of hundreds of copyrighted works from his own computer. If proven, this claim would have cost Jordan much more than $12,000 in damages. And it seems reasonable to assume that the direct infringement claim was not baseless, especially given that Jordan has not denied it.

Note I've now had some correspondence with him about this, and he does in fact deny that direct infringement allegation.

That direct infringement claim was much on my mind, as I dug through the RIAA complaint documents. It's a very touchy matter to ask someone if they are in fact guilty, especially in a high-profile case. But not following the crowd wins me few friends :-(. I felt very uncomfortable suggesting that someone targeted by the RIAA might, in fact, be guilty. And that feeling was much intensified by my sympathies for the underdogs. There's definitely an opportunity here for some journalist to write a "contrarian" article ("Debunking RIAA myths"?), but it's not for me.

I was bothered by the thought: When is it reasonable to assume a claim is not baseless? The mere fact that it was made, didn't seem sufficient. I know in my life, I've had people lie through their teeth about me, on the abstract rational basis that whatever mud sticks, whatever doubts are raised, even the smallest amount, is to the attacker's benefit. It's not as if a judge is going to laugh the RIAA out of court for making a claim of direct infringement in a copyright case! It would seem an obvious allegation to make here, even if completely false. On the other hand, direct infringement is not exactly an absurd claim either. As pointed out, many people (especially college students), do formally violate copyright law on a regular basis.

So ultimately, I couldn't find a compelling analytical argument either for or against the direct infringement claim. Perhaps someone else would like to ask the other "RIAA 4" defendants if they're actually guilty :-)

Posted by Seth Finkelstein at 11:58 PM | Followups
June 11, 2003

Jesse Jordan on being sued by RIAA

Jesse Jordan is one of the "RIAA 4", four students who have been sued by the RIAA, and have settled the lawsuits

For some reason I frankly don't understand, Jesse Jordan's settlement is in the news once more, which is leading his particular settlement being reported all over again. Not that the re-reporting is a bad thing itself. The free-speech side needs all the help it can get.

Anyway, deep down, in a huge discussion on his site http://www.chewplastic.com/ , are his comments on why he settled, paying his life's saving of $12,000, versus the cost of fighting a lawsuit. I find them cautionary:

*Re: Review, cont'd.* (Score: 1)
by chew on Tuesday, June 10 @ 16:08:36 EDT

Actually, almost all of my legal advice indicated to me that I would be able to win this lawsuit. If I won this lawsuit, I would be in for much more than just $12,000. Defending a lawsuit of this size would cost $250,000 at a minimum, so I'm told.

Even if I win... I get nothing back from them. If I lost? I would have to declare bankruptcy after giving up all of my money anyways, and I would have a judgement against me. Going to court in this sort of lawsuit (where the defendent is not a company and did not profit from its operations) is a lose-lose situation.

For the RIAA to take all my money in a settlement is very nasty of them. Even so, it was my best choice - as they did not give me any other.

Posted by Seth Finkelstein at 08:14 AM | Followups
June 06, 2003

Aimster and "judicial flaming"

The Aimster argument has been well-covered, extensively. What I have to add here is an interesting observation I dug up from the previous decision. This was sparked by a remark in A Copyfighter's Musings post on Thoughts on Aimster:

It seems much of Judge Aspen's reasoning evolves from a distrust for Johnny Deep, considering the encryption part of a mischievous willful ignorance.

Yes indeed. Sayeth the judge:

If Deep's declaration were the only means by which we could evaluate the Aimster system, we might be convinced that it is as innocent as Defendants claim. Unfortunately for Defendants, however, Plaintiffs have submitted numerous declarations to demonstrate that Deep's description of the Aimster service is less than complete.

And you can just see the venom dripping in the Opinion, especially in the portion below. The judge might just as well have written "They're all a bunch of pirates", it would be shorter. I'm adding this to my collection of items about "judicial flaming". It's especially notable for being an instance where trivial message board postings DO end up in court.

3. Chat Rooms and Bulletin Boards Aimster's service includes message (or bulletin) boards on which Aimster users would regularly post messages to each other. Schafer Decl. 3, Ex. 1 (containing screen shots of bulletin board messages). The discussions on these bulletin boards generally fell into a range of particular topics, including: (1) Aimster users seeking to download copyrighted recordings ("I'm trying to find downloads from the Purafunalia album. Specifically the song Blast" (posted by SeanKoury, July 4, 2001)); (2) Aimster users offering recordings for download ("I have a lot of hip hop shared at all times when I'm on, usually over 500 MP3s... [F]eel free to get whatever you want" (posted by biggvince, July 17, 2001)); (3) Aimster as an alternative to Napster ("I'm a long time Napster user, with about 900 MP3s...like everyone else, the RIAA has forced me to try other mp3 websites, so here I am" (posted by honey, March 17, 2001), "Use Aimster like Napster" (posted by Marcella42, May 27, 2001)); (4) comments on the illegality of sharing copyrighted music files ("What you have with Aimster is a way to share, copy, listen to, and basically in a nutshell break the law using files from other people's computers.... I suggest you accept aimster for what it is, an unrestricted music file sharing database" (posted by zhardoum, May 18, 2001)); and (5) bashing of the music industry and the RIAA ("LET'S ALL FUCK OVER THE MUSIC INDUSTRY. . . LETS CHEAT THE VERY ARTISTS WE LISTEN TO" (posted by poiuytrewqm May 20, 2001), "I AM NOT GOING TO BUY CDS ANYMORE!" (posted by OKOK, October 9, 2001)). See, generally, Schafer Decl. Ex. 1 (attaching screen shots).

Posted by Seth Finkelstein at 08:57 AM | Followups
June 01, 2003

N2H2 - "Edelman v N2H2 is now officially closed"

N2H2's (censorware company) Public Relations, David Burt, is currently posting around many places that the Edelman v. N2H2 case, a declaratory action to reverse-engineer censorware, is now closed:

Edelman v. N2H2, a case filed by the ACLU that sought to remove N2H2's legal protections preventing the publication of N2H2's copyright-protected database code, was dismissed in April.

The appeal deadline passed on Monday, 5/19. N2H2 was not served with any notice of appeal, and the court docket shows no notice has been filed.

So Edelman v. N2H2 is now officially closed.

I find his phrasing "remove N2H2's legal protections" to be interesting. Anyway, I've been responding:

As the saying goes: "Remember, no matter how hard you work, no matter how right you are - sometimes the dragon wins."

http://www.snapdragongifts.com/musgrave/dt1537.jpg
http://www.gryphonsmoon.com/Catalog/CrossStitch/pix/Dragon-Wins.jpg
http://www.simplyweb.net/jhirschy/dragon/sometime.gif

Given the various places he's posted it, and the fact that I have circumvented N2H2's secrecy about its blacklist (note MY phrasing), I wonder if he's gloating. Or maybe it's a warning.

Sigh. I used to tell David Burt, years ago, that he owed Mike Godwin a HUGE "Thank You". But I'd never tell him exactly why. Maybe he's figured it out

I don't mind saying that I didn't consider the case outcome to be good news for me.

Posted by Seth Finkelstein at 10:08 PM | Followups
May 29, 2003

Hello to Gator's lawyer(s)(?) at Cooley Godward

Greetings to a dedicated reader, who has taken such an interest in my poor corner of the web. Welcome, to someone from Gator's law firm "Cooley Godward". I have no objection, since of course this blog is to draw as many readers as possible. But will you indulge me in some of my curiosity?

1) Are you a senior person, junior person, or not even a lawyer?

2) How did you get stuck with the job of reading me? I always wonder at this. It's known, for example, that the cypherpunks list has (or at least had) Federal agents reading it. I always wondered about the sad sack who drew that job. Because I could imagine few more hellish tasks than being obligated to read, as a job, that Liberbabbling flame-pit. I've wanted to ask the person how they stood it. Hopefully, reading my material is less onerous. But I still would like to know how it comes off to someone not perusing it because they want to.

3) What did you think of my analysis of reverse-engineering ? Note, if you say "Wow, it was brilliant, we never thought of that before you said it" - then that doesn't reflect very well on your law firm! I suppose the best answer is "It was great, our senior intellectual property counsel wrote a very similar memo earlier." (i.e. you agree, but knew it already :-)).

4) Does your firm in fact, as John Palfrey suggested I ask, have a position for which you'd like to hire me? Preferably for a fat expert-witness fee? I am job-hunting! I don't work cheap, but I'm worth it. I wouldn't help you harm Ben Edelman personally. But I have no inhibition about being an expert opposing his expertise (and as he's in training to be a lawyer, he shouldn't mind). In fact, having studied his work extensively, I know its weaknesses and soft spots :-).

5) You can move down from Orange Alert regarding me. No promises, but at this time, I have no plans to do any more reverse-engineering work with Gator myself. It's just not worth all the hassle. I did analysis of censorware for years, because I thought it was important for the freedom of the net. Gator's merely vaguely interesting to me as a what's-inside issue. I'm pretty tired of playing lawsuit Russian Roulette, and I don't have the protection of the Berkman Center (this is not an invitation to sue me - it's an explanation of why I feel that Gator analysis is not worth taking any legal risk whatsoever).

Let me know! I've kept a few details of your host private, so hopefully I can distinguish a real reply from any fake.

[I haven't had this much fun with such a pseudo-reply since Mike Godwin brought up the idea of my being a government expert witness in a censorship trial. Then I got to do an elaborate riff on how disappointed I was, that Janet Reno never called me and personally begged for my invaluable help.]

Posted by Seth Finkelstein at 03:28 AM | Followups
May 23, 2003

Gator and reverse-engineering, more discussion

Regarding my reverse-engineering comment yesterday, John Palfrey kindly responded:

See Seth Finkelstein's blog  post of last night for a critique of the thinking around the methodology in Ben Edelman's Gator study.   Seth has done many good works in this field -- he's been cited by the EFF and others for his efforts -- and is certainly worth listening to as a general matter.  I don't happen to agree with this particular post, but in the interest of true open discourse, please go and check it out.

Thanks very much (not too many people did look, but it's the thought which counts).

Anyway, one of the very odd things for me, observing the evolution of the Net, is seeing certain arguments make their way up the status-chain. This particular issue, legal aspects of reverse-engineering and shrink-wrap licenses, is near and dear to my heart, since I've been dealing with it for many, many, years now. To demonstrate, I just dug up a discussion example from 1997, featuring this censorware item:

Unauthorized reverse engineering of the Software, whether for educational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Again, that was being talked about in 1997 (in part as a result of my work, and in part others done independently).

Moreover, if the Gator license is modified in the future to say we-really-mean-it, no reverse-engineering, whether by decompiling, packet-sniffing, or Ouija board, it wouldn't at all be the first time that sort of thing had been done.

Now, fully aware of to whom I'm replying, take a look at the "Chilling Effects" Reverse Engineering FAQ, pointing to the case Kewanee Oil v. Bicron: (my emphasis below)

The law protects the holder of a trade secret against disclosure or use when the knowledge is gained, not by the owner's volition, but by some improper means, which may include theft, wiretapping, or even aerial reconnaissance; however, a trade secret does not offer protection against discovery by fair and honest means, such as by independent invention, accidental disclosure, or by so-called reverse engineering, that is by starting with a known product and working backward to divine the process which aided in its development or manufacture.

That seems a very good description of the kind of testing being done to investigate Gator (except here it's more at "functioning" instead of "development or manufacture"). Certainly a good enough fit to be sued over it, if one was vulnerable.

Now regarding:

P.S., Seth, as to your note about employment: You might check with Cooley Godward, Gator's lawyers, to see if they have a position open.  :)

I'd like a fat expert-witness fee, thank you :-). No offense taken, but this part of the discussion is very familiar too. To me, Mike Godwin did the defining example of it, when, while he was losing a debate regarding censorware blacklists being subject to copyright, he proclaimed "You friends of CyberPatrol, have at me!" At the time, Peter Junger wrote an excellent reply article which has stayed with me:

If one insists on discussing imaginary facts and also on ignoring the arguments that favour the bad guys, one is going to have one's head handed to one when one actually goes into court willfully unprepared.

Posted by Seth Finkelstein at 10:19 PM | Followups
May 22, 2003

GATOR and reverse-engineering

[I've gone back and forth as to whether to post this, I've gotten some indication I won't come out ahead for saying it. Maybe saying unhappy things like the following is why I'm doomed never to be a political success :-(]

With regard to testing Gator, Donna Wentworth at Copyfight has reported a discussion in Berkman Center, in part:

The question arose as to whether this research is potentially barred by the DMCA. It is not. Nor, observed Ben in some surprise, does the Gator license agreement speak to the situation. Dave Winer said, "It will soon, I imagine." To which John Palfrey replied, "Ah, yes--the Ben Edelman clause."

Well, here goes my chance of ever working at the Berkman Center ...

Sigh. I've just written, with regard to Google-ranking, about it being a different world for columnists at the New York Times, than bloggers. With regard to legal threats, it must be a very different world over there at the Berkman Center. Double sigh. Harvard lawyers and similar don't have to worry about SLAPP-like lawsuits. It's a matter of perspective.

Folks, of course the license prohibits any reverse-engineering! I have yet to see a commercial software license which did not.

This would be blindingly, blatantly, obvious to you if you had ever had to seriously worry about being sued, and needed to consider what could be thrown at you. Not what could be argued in defense by a legal team. But rather, what the prosecuting lawyer would claim in the lawsuit. The Gator license (I grabbed it out of the binary) states explicitly:

You may not modify, reverse-engineer, decompile, disassemble, or otherwise discover or disassemble Licensed Materials equivalent of Licensed Materials in any way. You do not have the right to create derivative works of Licensed Materials, and you agree not to attempt, or allow others to attempt, to reverse engineer Licensed Materials and/or modify Licensed Materials source code.

It doesn't say "You may not reverse-engineer, unless you do it in part by asking many, many, people to each help out a little bit with the testing". Or "You may not allow others to attempt, unless you do it ON THE INTERNET". In fact, I'd say the license is extremely clear on this point - look at that clause about "allow others to attempt". Now, it may not be legally enforceable, if one has the ability to fight a lawsuit. But it sure doesn't seem unaddressed.

Remember, my point here isn't against it being possible, advisable, wise, valuable, laudatory, etc, to make a public policy argument as to the social benefits for reverse-engineering. Or a complex First Amendment argument for allowing observation-based testing. I'm all for it! But rather, there's some sort of notable cross-cultural phenomena here in any belief that the general topic isn't even addressed. Consider this part of Bowers v. Baystate:

In this case, the contract unambiguously prohibits "reverse engineering." That term means ordinarily "to study or analyze (a device, as a microchip for computers) in order to learn details of design, construction, and operation, perhaps to produce a copy or an improved version." Random House Unabridged Dictionary (1993); see also The Free On-Line Dictionary of Computing (2001), at http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?reverse+engineering (last visited Jul. 17, 2002). Thus, the contract in this case broadly prohibits any "reverse engineering" of the subject matter covered by the shrink-wrap agreement.

That's what someone not in a privileged position would have to face. It's right there.

Posted by Seth Finkelstein at 05:25 PM | Followups
May 19, 2003

N2H2 (censorware co.) case document research trip report

Donna Wentworth at Copyfight has written
"... a little bird tells me we will be hearing more from a certain Mr. Edelman 'round about mid-week."

By pure coincidence, Friday I went by the Massachusetts US District Court clerk's office, and examined the case file (court documents) of Edelman v. N2H2. Note I'm not involved in the case in any way, just a very interested spectator.

I was hoping there would be a transcript of the oral argument regarding the motion to dismiss. The case was dismissed for lack of standing, so technically that doesn't tell us anything about the issues themselves. But having been in the courtroom myself, to me the attitude of the judge was, err, chilling.

But there didn't seem to be a transcript of that oral argument. Just the clerk's note that the result of the argument was under advisement. I was later told by a lawyer that such transcripts usually have to be ordered, and aren't normally made unless there's some specific interest in a transcript.

There was nothing all that interesting in the case file. I was disappointed to find out that the material concerning "budget for costs" (apparently something to do with mediation as an alternative) didn't have any figures. I wonder sometimes how much the litigation cost N2H2, because I know lawyers don't come cheap.

Posted by Seth Finkelstein at 11:57 PM | Followups
May 18, 2003

N2H2 (censorware co) on "Edelman v. N2H2" case

The N2H2 (censorware company) recent financial filing makes this interesting statement about the Edelman v. N2H2 declaratory action to reverse-engineer censorware. I like how N2H2 talks about him as being "purportedly a computer researcher". I'm probably "purportedly" chopped liver.

We have been named as a defendant in an action by the American Civil Liberties Union that could weaken our intellectual property rights and result in substantial costs to the company.

In July 2002, an individual represented by the American Civil Liberties Union filed a lawsuit against us in federal court. The plaintiff is purportedly a computer researcher who allegedly seeks to conduct a quantitative analysis of the accuracy and comprehensiveness of our Internet filtering solutions for purposes of determining whether these solutions exclude some speech on the Internet that is constitutionally protected. He alleges that his activities in conducting this analysis, if he ever does so, would violate our standard license agreement and our intellectual property rights. The plaintiff alleges that the threat that we will enforce our license agreement and our other rights has deterred him from this activity, which he alleges is protected under the "fair use" doctrine of copyright law and other legal doctrines. He seeks a declaration to prohibit us from enforcing the license agreement against him based on his use of our software in his research activities. Our Motion to Dismiss this action has been granted, and judgment was entered in our favor on April 17, 2003. If the plaintiff decides to appeal, he has until no later than May 17, 2003 to do so. If Mr. Edelman does appeal, the litigation could result in substantial costs to the company and divert management's time and attention away from business operations. If the appeal and the claim are ultimately resolved in the plaintiff's favor, it could materially affect our ability to enforce our license agreements and other intellectual property rights against certain users of our software filtering products. In addition, it could contribute to an increase in the number of people who seek to use our software in ways that we believe violate our proprietary rights.

Posted by Seth Finkelstein at 06:00 PM | Followups
May 17, 2003

N2H2 (censorware co) on library censorware

N2H2 (censorware company) has this little gem in their recent financial filing, concerning CIPA:

Free speech and privacy concerns could adversely affect the demand for our Internet filtering solutions.

There has been a public-policy debate regarding Internet filtering in schools and libraries within the U.S. Congress. This debate has resulted in the CIPA, a law mandating Internet filtering in schools and libraries receiving certain federal funds, among other requirements. A United States District Court, however, has declared this act as it applies to public libraries unconstitutional. This decision has been appealed to the United States Supreme Court, which has accepted the case and is expected to rule by June 2003. If CIPA is ultimately held unconstitutional, some of our current customers may decide to no longer provide filtering in their organizations. This in turn would lead them to not renew contracts with us and would thereby harm an important source of our revenues. If the Supreme Court determines that filtering by public libraries is unconstitutional, plaintiffs and advocacy groups may rely on this decision to challenge the constitutionality on First Amendment grounds of mandatory filtering in public schools. Because public school customers still represent the majority of our revenue, an ultimate finding by the Supreme Court that mandatory filtering in public schools is unconstitutional could have a serious adverse effect on our future revenues.

Posted by Seth Finkelstein at 10:21 PM | Followups
May 05, 2003

There Is No Lawsuit-Funding-Fairy

Following up my comments on the "RIAA 4" lawsuit settlement, I went and researched some numbers for showing that there is no lawsuit-funding-fairy.

In the old State of Oregon v. Randal Schwartz case (unauthorized security testing and remote access by a consultant turning into felonies), I just checked the amounts from the message at his information server, "The Fund Daemon" <fund[at]stonehenge.com>

Legal costs, total: $186159.85 . Defense fund: $22319.19

That is, 12% of the legal bill was covered by donations.

Another old one, the LaMacchia case (though very relevant to the recent Grokster, Streamcast win, for the David LaMacchia Defense Fund total defense contributions, I get $8343.20 .

I don't have good data for recent individual-defendant cases. I think people stopped publishing the specific numbers because the amounts were either embarrassing or discouraging.

But that's reality.

Posted by Seth Finkelstein at 11:59 PM | Followups
May 01, 2003

"RIAA 4" lawsuit settlement

The news is making the rounds now, that the "RIAA 4" lawsuit for copyright infringements, against four students running network services, has been settled. I'd like to focus on the following paragraph:

The settlements will see each student making payments to the RIAA totaling between $12,000 and $17,000, split into annual installments between 2003 and 2006. The lawsuits as filed could have entailed damages (in theory) of up to $100 million.

ORDINARY HUMANS CANNOT FIGHT CORPORATE LAWSUITS! Nobody hears me when I say that. Last week, Matthew Skala had mentioned:

I remember that I drew a lot of criticism for settling the Cyber Patrol break case "prematurely", or "at the first threat of a lawsuit", but that wasn't accurate - Mattel et al. actually never threatened me, they just went ahead and filed two lawsuits without stopping to make threats, and an injunction was issued and the cases got pretty far before I settled.

I remember the arguments that settlement sparked, as I got some grief myself for privately defending his decision. It's too easy to fight to the last drop of someone else's blood.

When I talk about how these problems have chilled my own censorware work, too often it's just ignored and dismissed, because it's not in people's experience. Maybe the real-world aspects are just starting to penetrate the mass net-mind now. This isn't a game.

Update: Edward Felten has similar comments, ending:

In my view, these lawsuits tell us nothing new about the legal status of the kinds of general-purpose search engines these students were running. The lessons of these suits are simpler: (1) don't be a direct infringer, and (2) getting sued by the RIAA is expensive.

Now, I agree with those statements. But I'd like to amplify that these lawsuits do tell us something new - or at least reiterated - about who can afford to defend the legal status of such cases. That's the big problem. And too many people don't realize it. I quote Matthew Skala much on this point:

When we published the essay I didn't expect a lawsuit, but I had also thought, "Well, if there is a lawsuit it won't be a problem, because there are organizations that take care of things like that." I fondly imagined that in case of legal silliness, someone would just step in and say "We'll take it from here." What I found out was that those organizations, through no fault of their own, were able to give me a lot of sympathy and not enough of anything else, particularly money, to bring my personal risk of tragic consequences down to an acceptable level, despite, incredibly, the fact that what I had done was legal. Ultimately, I couldn't rely on anybody to deal with my problems but myself.

Some people learn that lesson a bit less impressively than I had to.

Too many people, especially techies, believe that someone is just going to step in and write a blank check for legal expenses. It's not going to happen. The implications which stem from this mistaken belief, however, are seriously debilitating. Just personally, I can't convey how much grief I've gotten from those under the mistaken notion that all I have to do is get sued, and the lawsuit-funding-fairy will appear. Or more generally, how much blather is based on the idea that someone else is going to do the legally-risky work (I call this the theory of the "Secret Society of Civil-Libertarian Circumventors"). THAT lesson, that there is no lawsuit-funding-fairy, and the consequences thereof, is profound.

Posted by Seth Finkelstein at 07:30 PM | Followups
April 25, 2003

Grokster, Streamcast copyright win, vs. LaMacchia case

As has been making the rounds, a Federal judge found in favor of file-sharing technology. The Grokster, Streamcast decision is interesting. I was struck by the end:

CONCLUSION The Court is not blind to the possibility that Defendants may have intentionally structured their businesses to avoid secondary liability for copyright infringement, while benefitting financially from the illicit draw of their wares. While the Court need not decide whether steps could be taken to reduce the susceptibility of such software to unlawful use, assuming such steps could be taken, additional legislative guidance may be well-counseled. ...
... Sound policy, as well as history, supports our consistent deference to Congress when major technological innovations alter the market for copyrighted materials. Congress has the constitutional authority and the institutional ability to accommodate fully the raised permutations of competing interests that are inevitably implicated by such new technology.

This reminds me much of the concluding part of the LaMacchia case:

This is not, of course, to suggest that there is anything edifying about what LaMacchia is alleged to have done. If the indictment is to be believed, one might at best describe his actions as heedlessly irresponsible. and at worst as nihilistic, self-indulgent, and lacking in any fundamental sense of values. Criminal as well as civil penalties should probably attach to willful, multiple infringements of copyrighted software even absent a commercial motive on the part of the infringer. One can envision ways that the copyright law could be modified to permit such prosecution. But, "'[i]t is the legislature, not the Court which is to define a crime, and ordain its punishment.'

And the result there was the .NET act . I wonder what we'll get here?

Don't get me wrong, it's nice to win one. But I have a strong feeling it's not going to be a permanent win.

Posted by Seth Finkelstein at 07:37 PM | Followups
April 23, 2003

USA v. ALA (CIPA) Transcript updated

Skip Auld sent me an updated, modified, version he made of the transcript of the CIPA (Federal law about censorware in libraries) oral argument in the Supreme Court. The official version is at:

http://supremecourtus.gov/oral_arguments/argument_transcripts/02-361.pdf

And I've put it into HTML, for ease of reading and cut-and-paste, at:

http://sethf.com/censorware/legal/cipa_sc.php

But he had previously made a partial version with the names of the Justices. So he transfered that information, regarding which Justice asked what question, to the latest transcript. The merged version of everything, incorporating his naming information, is now available in place of the old partial version, at:

http://sethf.com/censorware/legal/cipa_auld.php

Posted by Seth Finkelstein at 03:02 PM | Followups
April 20, 2003

Laws and sausages

These quotes make for a deep juxtaposition:

Laws are like sausages, it is better not to see them being made. -- Otto von Bismarck

Litigation: A machine which you go into as a pig and come out of as a sausage. -- Ambrose Bierce

Posted by Seth Finkelstein at 11:58 PM | Followups
April 17, 2003

What Blackboard May Be Thinking

Edward W. Felten writes, regarding the Blackboard lawsuit:

Most businesses know that it's wise to honor the values of their customers. So you've got to wonder what Blackboard was thinking when it sued to block a conference presentation last weekend.

Blackboard's customers are colleges and universities. As Karl-Friedrich Lenz observes, these are organizations that hold freedom of speech and freedom of inquiry as central values. Seeking an injunction against both speech and inquiry, as Blackboard did, and making that injunction so broad, has got to rub many of Blackboard's customers the wrong way.

With respect, it seems to me that there is a fundamental reasoning error here, of excessive generalization. That is, the logic seems to be:

1) Blackboard's customers are "universities"
2) But "universities" value free speech
3) So Blackboard's actions are contrary to the value of its customers

This is a very appealing chain of inferences. But it's also a chain with many holes. First off, the idea that customers-are-universities conflates many different factions. Are they selling their product to students? To professors? Even deans? No, they're selling to the administration. It's not hard to consider that the specific administrative buyers, might not be as dedicated to free speech and open security investigation, as the computer-science department. Indeed, in large organizations, it's not unknown for one faction to consider something that upsets another faction to be a positive rather than a negative ("If those bloody X'ers over at Y are against it, it must be good!")

There's also people who might be more critical of the overall idea that universities support free-speech. They certainly do in some cases, but that's another generalization in itself. But that's a whole different topic.

Moreover, are Blackboards customer's only universities? That doesn't seem so - they have Government and Corporate customers. Having a few universities squawk might be an acceptable loss in the short run if the tough-guy image helps with government and corporate customers. Indeed, the press release tends to spin this way, in terms of action-against-competitor which might be viewed well by another business.

I'm not claiming that Blackboard analyzed things to this level of detail. Or even thought about the issue at all. But we should be wary of preaching to the choir, and then concluding that opponents are behaving in an utterly irrational and incomprehensible manner

Posted by Seth Finkelstein at 01:28 PM | Followups
April 09, 2003

Edelman v. N2H2 - N2H2 gets case dismissed

Flash: N2H2 has gotten the Edelman v. N2H2 case dismissed for lack of "standing". See my earlier write-up on the case:

Edelman v. N2H2 dismissal hearing report
http://sethf.com/censorware/legal/edelman_n2h2_hearing.php

From the docket

4/7/03 27 Judge Richard G. Stearns . Memorandum and Order entered. granting [9-1] motion to dismiss the complaint [EOD Date 4/8/03] cc: all counsel of record. (eaf) [Entry date 04/08/03]

Update: Decision now available: http://sethf.com/censorware/legal/edelman_n2h2_order.pdf

Posted by Seth Finkelstein at 10:46 AM | Followups
April 01, 2003

Edelman v. N2H2 dismissal hearing. court report

Edelman v. N2H2 dismissal hearing report
http://sethf.com/censorware/legal/edelman_n2h2_hearing.php

This is my full report, with introduction and commentary.

Sigh ...

At times, Stearns seemed almost palpably hostile to the ACLU side. At one point, he intoned "What he [Edelman] really wants to do is destroy the efficacy of their [N2H2's] product".

Posted by Seth Finkelstein at 09:28 PM | Followups
March 31, 2003

Preview note on court report on Edelman v. N2H2 dismissal hearing

Today, I attended the court hearing on N2H2's motion to dismiss the Edelman v. N2H2 case. That is, N2H2 was claiming that, roughly there is no "there" there - no reason for a court to rule. Because no actual censorware decryption work had been done in the case, and hence nobody had been sued. Of course, in a way, that situation is the rationale for the case in the first place. It's a "declaratory judgment" case, concerning whether some action is permissible, before it's in fact done. These sorts of cases seem to be caught in a tension between being Catch-22's and being speculations.

The judge started off the hearing by stating that he found the case "extremely dubious", and asked the ACLU to convince him otherwise. And it didn't get much better from there. Full report to follow.

Posted by Seth Finkelstein at 11:43 PM | Followups
March 19, 2003

CIPA Supreme Court Oral Argument official transcript on-line

The official transcript of the CIPA (Federal law about censorware in libraries) oral argument in the Supreme Court, is now available on-line. It's at:

http://supremecourtus.gov/oral_arguments/argument_transcripts/02-361.pdf

I've put it into HTML, for ease of reading and cut-and-paste, at

http://sethf.com/censorware/legal/cipa_sc.php

Posted by Seth Finkelstein at 03:01 PM | Followups
March 13, 2003

Walt Crawford "Cites & Insights" on CIPA legal briefs

Walt Crawford's Cites & Insights for April 2003: Vol. 3 No. 4 has an excellent, extensive, section reviewing the various CIPA legal briefs. It's many pages long, going into detail on the briefs both pro- and con-, with great analysis of their arguments. Highly recommended.

I may of course be biased, because one of those briefs mentioned is the one for the Online Policy Group and Seth Finkelstein

P.S.: The comments about weblogs are good reading too.

Posted by Seth Finkelstein at 02:40 PM | Followups
March 08, 2003

CIPA Transcript - USA v. ALA

I've made this available in HTML at http://sethf.com/censorware/legal/cipa_auld.php

From: Skip Auld <auldh[at-sign]co.chesterfield.va.us>
Subject: CIPA Transcript - USA v. ALA
Date: Sat, 08 Mar 2003 16:27:09 -0500

To ALA Member-Forum, Publib, VLA, VEMA, and other lists (Please forgive
duplication):

On Wednesday, March 5, I attended the Supreme Court oral arguments on the CIPA case (Children's Internet Protection Act), United States of America, et al. v. American Library Association, et al. This case was the government's appeal of the unanimous decision on May 31, 2002 of a 3-judge panel of the U.S. District Court for the Eastern District of Pennsylvania. That court decided in favor of ALA's position that requiring filters on all public Internet access computers, in order to receive federal funding, was unconstitutional.

For those of you who are interested, I have attached my transcription of the arguments. It is from handwritten notes I made during the oral arguments and therefore is not complete and may contain inaccuracies, despite my best efforts to write exactly what was said and all that was said. (This was, admittedly, an impossible task given the speed, substance, and variety of the one-hour debate). If you have any questions, please call me at 804-748-1767 or send an email message.

Posted by Seth Finkelstein at 07:21 PM | Followups
March 07, 2003

Censorware and less/least restrictive means

The Free Expression Policy Project has some interesting material in their CIPA argument analysis. I remember the following well:

Seven years ago, many advocates were arguing that Internet filters were a "less restrictive alternative" to criminal laws banning "indecent" speech on the Internet. But some prescient ones opined that filters would actually be even worse. Despite the chilling tenor of the Supreme Court argument in US v. ALA, one hopes that at least five of the justices will come to the same conclusion.

At the time, law professor Peter Junger wrote the best the best legal analysis on the above topic I've ever seen.

Posted by Seth Finkelstein at 03:25 PM | Followups
March 05, 2003

"CIPA" Federal censorware law in Supreme Court

[ http://sethf.com/pipermail/infothought/2003-March/000025.html ]

From: Seth Finkelstein
To: Seth Finkelstein's InfoThought list
Subject: IT: Federal censorware law "CIPA", in Supreme Court
Date: Wed, 5 Mar 2003 16:45:15 -0500

Today, the Supreme Court heard arguments regarding the Federal censorware law "CIPA", concerning censorware in libraries (this law applies to everyone, adults and minors). For more information, see:

http://www.ala.org/cipa/
http://www.ala.org/pio/presskits/cipa/cipa_statement.html

I'm involved in this case as an amicus curiae, part of a friend-of-the-court brief, see:

"Online Policy Group, Seth Finkelstein Submit CIPA Court Brief"
http://www.sethf.com/infothought/blog/archives/000184.html http://onlinepolicy.org/media/cipasupreme030210.shtml
http://www.eff.org/Censorship/Censorware/

I'd like to remind everyone that although the issue is continually reported and debated as "filtering" "porn" or "smut", that description is in fact technically inaccurate. Instead, architecturally, censorware is about control over what people are permitted to read. This is a profoundly different problem. It means no archive or service can be allowed if it can be an escape from control.

That is, using the N2H2 censorware as an example, image searching cannot be allowed. See for yourself, by clicking on the following link:
http://database.n2h2.com/cgi-perl/catrpt.pl?req_URL=http://images.google.com/

This should return:

The Site: http://images.google.com/ is categorized by N2H2 as:
Pornography
Search

Now, an image search engine is not pornography. It's a tool. But it's banned here, just in case anyone could use it to see forbidden material.

Another example is the Wayback Machine, a huge archive of sites:
http://database.n2h2.com/cgi-perl/catrpt.pl?req_URL=http://web.archive.org/

This is considered one of N2H2's "Loop Hole Sites", a no-longer-secret (due to my work :-) ) blacklist category of "loophole" sites which are banned by default everywhere, since they represent routes outside the blinder-box.

Language translation is prohibited also, because translating a website written in English from, e.g. Chinese to English, works very well.
http://database.n2h2.com/cgi-perl/catrpt.pl?req_URL=http://translate.google.com/

The Google cache is considered a "loophole" too:
http://database.n2h2.com/cgi-perl/catrpt.pl?req_URL=http://www.google.com/search%3Fq=cache

And of course, privacy and anonymity (to prevent one's reading from being monitored, by either the government or censorware) is right out:
http://database.n2h2.com/cgi-perl/catrpt.pl?req_URL=http://www.anonymizer.com/

In sum:

Image searching is not pornography.
Large web archives (e.g. The Wayback Machine) are not pornography.
Language translation is not pornography.
The Google cache is not pornography.
Privacy or anonymity is not pornography.

This won't be fixed in the next release. And my work on this issue seems to have been one factor in the lower court decision which earlier struck down this law. See:

Federal censorware law down! (and Seth Finkelstein's reports!)
http://sethf.com/pipermail/infothought/2002-May/000010.html

BESS's Secret LOOPHOLE: (censorware vs. privacy & anonymity) - a secret category of BESS (N2H2), and more about why censorware must blacklist privacy, anonymity, and translators
http://sethf.com/anticensorware/bess/loophole.php

BESS vs The Google Search Engine (Cache, Groups, Images) - BESS bans cached web pages, passes porn in groups, and considers all image searching to be pornography.
http://sethf.com/anticensorware/bess/google.php

SmartFilter's Greatest Evils - why censorware must blacklist privacy, anonymity, and language translators
http://sethf.com/anticensorware/smartfilter/greatestevils.php

The Pre-Slipped Slope - censorware vs the Wayback Machine web archive - The logic of censorware programs suppressing an enormous digital library.
http://sethf.com/anticensorware/general/slip.php

Remember this all, against the argument onslaught of "POORRRNNNN!"...

-- Seth Finkelstein Consulting Programmer sethf[at-sign]sethf.com http://sethf.com
Anticensorware Investigations - http://sethf.com/anticensorware/
Seth Finkelstein's Infothought blog - http://sethf.com/infothought/blog/


Infothought mailing list
http://sethf.com/mailman/listinfo.cgi/infothought

Posted by Seth Finkelstein at 07:46 PM | Followups
February 13, 2003

"Operation Decrypt", DMCA-related satellite TV case (DirecTV, Dish Network, etc.)

I've been digging around to try to find the original material on the satellite TV DMCA-related case (DirecTV, Dish Network, etc.) The case involved others laws besides the DMCA, conspiracy and "manufacturing a device for the purpose of stealing satellite signals, 47 U.S.C. S 605(e)(4);"

I wish so many reporters didn't have such an aversion to referencing primary sources (probably because it would show how little work they did in, rewriting or excerpting a press release). Here's what I've found:

U.S. Department of Justice press release on "Operation Decrypt":
http://www.usdoj.gov:80/criminal/cybercrime/OPdecrypt_walterPlea.htm

"Operation Decrypt" defendants and charges:
http://www.usdoj.gov:80/criminal/cybercrime/OPdecrypt.htm

Computer Crime and Intellectual Property Section
http://www.usdoj.gov:80/criminal/cybercrime/ipcases.htm

Posted by Seth Finkelstein at 11:56 PM | Followups
February 10, 2003

Online Policy Group, SethFinkelstein, CIPA brief now on-line

The Supreme Court friend-of-the-court brief representing the Online Policy Group and Seth Finkelstein in the CIPA case (Federal mandatory censorware law) is now available.

OPG:
http://www.onlinepolicy.org/action/legpolicy/cipasupremebrief030210.pdf

SethF.com:
http://sethf.com/anticensorware/legal/OPG_Seth_Finkelstein.pdf

and automatically converted to HTML:
http://sethf.com/anticensorware/legal/OPG_Seth_Finkelstein.html

Seth Finkelstein is a computer programmer and civil liberties advocate. Since 1995, he has dedicated thousands of hours to studying commercially developed Internet blocking software. These efforts have revealed many of the mechanisms employed by blocking software, which Mr. Finkelstein has described in articles and reports. For his efforts "in the fight against government mandated use" of such software, Mr. Finkelstein received the Electronic Frontier Foundation's Pioneer Award. Mr. Finkelstein is interested in ensuring that the Court understands how commercially developed blocking software operates and the dangers that it poses to free speech.

Posted by Seth Finkelstein at 07:51 PM | Followups

Online Policy Group, Seth Finkelstein Submit CIPA Court Brief

http://onlinepolicy.org/media/cipasupreme030210.shtml

San Francisco - The Online Policy Group (OPG) and software expert Seth Finkelstein today submitted a brief to the U.S. Supreme Court supporting a lower court decision that the Children's Internet Protection Act (CIPA) places unconstitutional limitations on free speech of library patrons by requiring the use of technology protection measures in libraries receiving certain federal funding or discounts.

Media Release: U.S. Supreme Court Considers Internet Blocking in Libraries

For Immediate Release: Monday, February 10, 2003

Contact:

Will Doherty
Executive Director
Online Policy Group
press[at-sign]onlinepolicy.org

Seth Finkelstein
EFF 2001 Pioneer Award Winner
sethf[at-sign]sethf.com

Daniel Bromberg
Attorney
Jones Day
dhbromberg[at-sign]JonesDay.com

U.S. Supreme Court Considers Internet Blocking in Libraries

Online Policy Group, Seth Finkelstein Submit Court Brief

San Francisco - The Online Policy Group (OPG) and software expert Seth Finkelstein today submitted a brief to the U.S. Supreme Court supporting a lower court decision that the Children's Internet Protection Act (CIPA) places unconstitutional limitations on free speech of library patrons by requiring the use of technology protection measures in libraries receiving certain federal funding or discounts.

OPG and Finkelstein's brief, prepared by attorneys Daniel H. Bromberg, Charles Morse, and Josh Fairfield of the law firm Jones Day, argues that CIPA's technology protection requirement forces libraries to use commercial blocking software. Because blocking software censors speech that receives full First Amendment protection and may discriminate against certain viewpoints, OPG and Finkelstein argue that CIPA should be subject to strict scrutiny.

"Using commercial Internet blocking software to comply with CIPA, libraries force the political, social, and cultural biases of software manufacturers with differing community standards onto library patrons in their own communities," said OPG Executive Director Will Doherty. "Especially for 'controversial' topics -- such as politics, medical health, child abuse, abortion, sexual orientation, and gender identity -- the biases inherent in Internet blocking software are unacceptable."

"Censorware is not filtering, it is electronic book-burning," commented Seth Finkelstein. "It's a pre-slipped slope denying any privacy, since all reading must be monitored."

"Technology is no panacea for those who wish to regulate speech on the Internet," observed Daniel Bromberg. "As CIPA shows, attempts to regulate speech on the Internet through purely technological means can pose special dangers to free speech."

The amicus brief from OPG and Finkelstein accompanies the main legal argument from the American Civil Liberties Union (ACLU) and other plaintiffs in the U.S. government's appeal from a decision of a special three-judge panel striking down the library portion of CIPA on May 31, 2002.

For this media release:
http://www.onlinepolicy.org/media/cipasupreme030210.shtml

OPG/Finkelstein brief to the U.S. Supreme Court:
http://www.onlinepolicy.org/action/legpolicy/cipasupremebrief030210.shtml

ACLU brief to the U.S. Supreme Court:
http://www.eff.org/Legal/Cases/Multnomah_Library_v_US/20030210_multnomah_brief.php

More on Children's Internet Protection Act:
http://www.onlinepolicy.org/action/legpolicy/cipa.shtml

Seth Finkelstein's website:
http://sethf.com/

About OPG:

The Online Policy Group (OPG) is a nonprofit organization dedicated to online policy research, outreach, and action on issues such as access, privacy, and digital defamation. The organization fulfills its motto of "one Internet with equal access to all" through projects such as donation-based email list hosting, web hosting, domain registrations, and now colocation services. OPG focuses on Internet participants' civil liberties and human rights, like access, privacy, safety, and serving schools, libraries, disabled, elderly, youth, women, and sexual, gender, and ethnic minorities. Find out more at http://www.onlinepolicy.org/

- end -


Infothought mailing list
http://sethf.com/mailman/listinfo.cgi/infothought

Posted by Seth Finkelstein at 03:22 AM | Followups
January 30, 2003

Bowers v. Baystate update (shrinkwrap against reverse-engineering)

Bowers v. Baystate is a case where a district court upheld as law that a shrinkwrap license can forbid reverse-engineering (see my earlier blog entry)

Yesterday (January 29, tip thanks due to Donna Wentworth at Copyfight), the decision was apparently updated with a "concurring/dissenting opinion" by one of the other judges in the case. That now-available opinion by "Judge Dyk", is well worth reading, as it delves into all the copyright/fair-use/reverse-engineering issues:

"By holding that shrinkwrap licenses that override the fair use defense are not preempted by the Copyright Act, 17 U.S.C. - 101 et seq., the majority has rendered a decision in conflict with the only other federal court of appeals decision that has addressed the issue - the Fifth Circuit decision in Vault Corp. v. Quaid Software Ltd., 847 F.2d 255 (5th Cir. 1988). The majority's approach permits state law to eviscerate an important federal copyright policy reflected in the fair use defense, and the majority's logic threatens other federal copyright policies as well. I respectfully dissent. ..."

"However, state law giving effect to shrinkwrap licenses is no different in substance from a hypothetical black dot law. Like any other contract of adhesion, the only choice offered to the purchaser is to avoid making the purchase in the first place. See Fuentes v. Shevin, 407 U.S. 67, 95 (1972). State law thus gives the copyright holder the ability to eliminate the fair use defense in each and every instance at its option. In doing so, as the majority concedes, it authorizes "shrinkwrap agreements . . . [that] are far broader than the protection afforded by copyright law." Ante at 13."

Posted by Seth Finkelstein at 02:48 PM | Followups
January 21, 2003

Jon Johansen case appealed!

Apparently, in Norway, acquittals can be appealed. So the Jon Johansen DVD prosecution is happening again.

Greplaw has the best coverage on the case which I've seen. Mikael Pawlo has both excellent legal and geographic familiarity here.

Posted by Seth Finkelstein at 09:03 AM | Followups
January 07, 2003

Jon Johansen/DeCSS win!

See the Norwegan news article (thanks, Copyfight)

It's good. Analysis will have to wait until later. Maybe I should use this entry to practice my blathering skills. Let's roll ...

"The forces of the dark have been dealt another blow by the forces of the light. The MPAA/RIAA/Hollywood cartel has suffered yet another setback in the courts, foiled again in their machinations to imprison a heroic programmer. Victory is ours, victory is sweet. The struggle will be hard, but our enemies are being routed, time after time. Onward, hacker soldiers!"

Y'know, that was incredibly easy. Hmm ...

Posted by Seth Finkelstein at 11:35 AM | Followups
January 04, 2003

Andre Hedrick and free software problems

I've been trying to figure out this resignation message from Andre Hedrick (Linux ATA driver deity). I think there's something important going on here, but unraveling the issues is very difficult. It seems to have something to do with Nvidia graphics card drivers and GPL licensing problems.
(link from Kuro5hin.org, but not on the site now)

Posted by Seth Finkelstein at 11:46 PM | Followups
December 17, 2002

Elcomsoft win!

Elcomsoft case victory!. The jury found the company innocent of charges (criminal charges)

Frankly, I was very pessimistic.

This quote is fascinating.

"Under the eBook formats, you have no rights at all, and the jury had trouble with that concept," said Strader.

Judges tend not to have trouble with that concept of no rights at all.

Posted by Seth Finkelstein at 05:24 PM | Followups
December 11, 2002

Australian net libel case (Gutnick), info from AUSTRALIAN expert

[I'm posting this because it deserves to be better known, as high-quality, expert, information - this is commentary from a public mailing-list]

[ Irene Graham is the Executive Director, Electronic Frontiers Australia ]

>Net libel actions can be brought anywhere in world
> From Roger Maynard in Sydney and Frances Gibb
>The Times, 11 December, 2002
>http://www.timesonline.co.uk/article/0,,2-510022,00.html
>A LEGAL ruling made by an Australian court yesterday could clear the way
>for worldwide libel litigation over internet material, lawyers and industry
>leaders say. The decision by the High Court of Australia, sitting in
>Canberra, in effect allows litigants to mount libel cases anywhere in the
>world over website material, not just in the website's country of origin.

I'd strongly recommend that anyone interested in what the Aust. High Court said, read the decision at: http://www.austlii.edu.au/au/cases/cth/high_ct/2002/56.html rather than relying on newspaper reports. To date, I haven't seen a single one that seems to me to accurately reflect what the Court actually said. So far, they all seem to exaggerate some aspects, and/or fail to mention pertinent aspects.

There's no doubt the situation is of concern relative to freedom of expression, but the Court decision is unsurprising - it merely confirmed existing decades-old law. Reading newspaper reports one could get the impression the Court changed the law or further 'developed' the common law. The Court did not, and the decision makes clear that the judges were well aware of the issues and on reading the lengthy judgment it becomes, imo, apparent that the Court had good reasons for making the decision it did. To do otherwise it appears the Court would have had to re-write the law. Imo, there's an urgent need for defamation law reform in Australia. The need has been 'urgent' for over 20 years, but despite various Law Reform Commission recommendations etc, the Parliaments in the various Australian jurisdictions have not done anything about it.

Irene

Posted by Seth Finkelstein at 03:58 PM | Followups
December 08, 2002

Jon Johansen and DeCSS

I've just mentioned the criminal (pun intended) Jon Johansen's trial is next week (December 9 - 13). For people interested in background on DeCSS, the best account of the origin of DeCSS is his trial testimony

(I feel for that anonymous German programmer)

Q. Who wrote DeCSS?
A. I and two other people wrote DeCSS.
...
Q. Mr. Johansen, what did you do next towards making DeCSS?
A. We agreed that the person who I met would reverse engineer a DVD player in order to obtain the CSS algorithm and keys.
Q. Who was this person that you met on the Internet?
A. A person from Germany. I don't know his identity.
Q. Okay. What happened next?
A. About three days later when I was on line again, he messaged me and told me that he had found the CSS algorithm. He also sent the algorithm to me with the CSS authentication source which are written by Eric [ed: this is a mishearing of Derek] Fawcus earlier. He also sent me information on where inside the player he had found the algorithm, and he also sent me a single player key.
Q. Thank you very much. Now, you testified on direct that a German person, I think, had reverse-engineered the Xing DVD player, is that correct?
A. Yes, that is correct.
Q. And that person goes by the nick Ham?
A. Yes, that's correct.
Q. And it's Ham who wrote the source code that performed the authentication function in DeCSS, is that correct?
A. No, that is not correct. He did not write the authentication code. He wrote the decryption code.
Q. He wrote the encryption code?
A. Decryption code.
Q. Decryption.
A. Yes.
Q. Ham is a member of Masters of Reverse Engineering or MORE?
A. That's correct.
Q. And are you also a member of MORE?
A. Yes.
Q. There are other members in Germany and Holland, is that correct?
A. Well, the third member is in the Netherlands.
Q. And it was Ham's reverse engineering of the Xing DVD player that revealed the CSS encryption algorithm, am I right?
A. Yes, that's correct.
Q. Reverse engineering by Ham took place in or about September 1999?
A. Yes, I believe it was late in September of 1999.
Q. And you testified that it was this revelation of the CSS encryption algorithm and not any weakness in the CSS cipher that allowed MORE to create DeCSS, is that correct?
A. Yes, that's correct.
Q. You obtained the decryption portions of the DeCSS source code from Ham, correct?
A. Yes, that's correct.
Q. You then compiled the source code and created the executable?
A. Well, in the form I received it, it was not compatible.

Posted by Seth Finkelstein at 01:28 AM
December 06, 2002

Elcomsoft trial, another chilling statement

I was again reading over the last eBooks ruling, from the Elcomsoft trial (the Adobe/Ebooks case that arose out of the arrest of Dmitry Sklyarov). It's full of chilling statements. Here's another. (emphasis added):

But, pirates and other infringers require tools in order to bypass the technological measures that protect against unlawful copying. Thus, targeting the tool sellers is a reasoned, and reasonably tailored, approach to "remedying the evil" targeted by Congress. In addition, because tools that circumvent copyright protection measures for the purpose of allowing fair use can also be used to enable infringement, it is reasonably necessary to ban the sale of all circumvention tools in order to achieve the objectives of preventing widespread copyright infringement and electronic piracy in digital media. Banning the sale of all circumvention tools thus does not substantially burden more speech than is necessary.

Posted by Seth Finkelstein at 11:05 AM | Followups
December 04, 2002

Elcomsoft trial

People following the Elcomsoft trial (the Adobe/Ebooks case that arose out of the arrest of Dmitry Sklyarov) might want to review what happened the last time around. The very same judge, Ronald Whyte, who is hearing the case now, is the judge who earlier ruled (emphasis added):

The inescapable conclusion from the statutory language adopted by Congress and the legislative history discussed above is that Congress sought to ban all circumvention tools because most of the time those tools would be used to infringe a copyright. Thus, while it is not unlawful to circumvent [ed note - ONLY "rights" restrictions, not "access" restrictions] for the purpose of engaging in fair use, it is unlawful to traffic in tools that allow fair use circumvention. That is part of the sacrifice Congress was willing to make in order to protect against unlawful piracy and promote the development of electronic commerce and the availability of copyrighted material on the Internet.

Accordingly, there is no ambiguity in what tools are allowed and what tools are prohibited because the statute bans trafficking in or the marketing of all circumvention devices. Moreover, because all circumvention tools are banned, it was not necessary for Congress to expressly tie the use of the tool to an unlawful purpose in order to distinguish lawful tools from unlawful ones. Thus, the multi-use device authorities cited by defendant, such as the statutes and case law addressing burglary tools and drug paraphernalia, offer defendant no refuge. The law, as written, allows a person to conform his or her conduct to a comprehensible standard and is thus not unconstitutionally vague.

Posted by Seth Finkelstein at 08:46 AM
November 27, 2002

DMCA, more on substantial non-infringing use

Further on the frequently-seen DMCA and substantial non-infringing use argument, this passage from the eBooks ruling should be studied (emphasis added);

The inescapable conclusion from the statutory language adopted by Congress and the legislative history discussed above is that Congress sought to ban all circumvention tools because most of the time those tools would be used to infringe a copyright. Thus, while it is not unlawful to circumvent [ed note - ONLY "rights" restrictions] for the purpose of engaging in fair use, it is unlawful to traffic in tools that allow fair use circumvention. That is part of the sacrifice Congress was willing to make in order to protect against unlawful piracy and promote the development of electronic commerce and the availability of copyrighted material on the Internet.

Accordingly, there is no ambiguity in what tools are allowed and what tools are prohibited because the statute bans trafficking in or the marketing of all circumvention devices. Moreover, because all circumvention tools are banned, it was not necessary for Congress to expressly tie the use of the tool to an unlawful purpose in order to distinguish lawful tools from unlawful ones. Thus, the multi-use device authorities cited by defendant, such as the statutes and case law addressing burglary tools and drug paraphernalia, offer defendant no refuge. The law, as written, allows a person to conform his or her conduct to a comprehensible standard and is thus not unconstitutionally vague.

Posted by Seth Finkelstein at 08:49 AM | Followups
November 26, 2002

DMCA and substantial non-infringing use

I've noticed in some of the DMCA-exemption discussions, that one of the very first things people tend to do is basically re-invent the "capable of substantial non-infringing use" argument - that is, if something has any use at all which is non-infringing, that should dominate. This has been thought-of before, and addressed. The principles are worthy, but arguing it as just as theory isn't so simple. It's very important to read what has gone before, in the 2000 DMCA rulemaking results (emphasis added) :

Proponents of such an exemption make two related arguments. First, some commenters argue that using Section 1201(a)(1) to prohibit circumvention of access controls on works that are primarily factual, or in the public domain, bootstraps protection for material that otherwise would be outside the scope of protection. It would, in effect, create legal protection for even the uncopyrightable elements of the database, and go beyond the scope of what Section 1201(a)(1) was meant to cover. An exemption for these kinds of works, proponents argue, is necessary to preserve an essential element of the copyright balance `` that copyright does not protect facts, U.S. government works, or other works in the public domain. Without such an exemption, users will be legally prevented from circumventing access controls to, and subsequently making noninfringing uses of, material unprotected by copyright.

...

On the record developed in this proceeding, the need for such an exemption has not been demonstrated. First, although proponents argue that 1201(a)(1)(A) bootstraps protection for uncopyrightable elements in copyrightable databases, the copyrightable elements in databases and compilations usually create significant added value. Indeed, in most cases the uncopyrightable material is available elsewhere in ``raw'' form, but it is the inclusion of that material in a copyrightable database that renders it easier to use. Search engines, headnotes, selection, and arrangement, far from being a thin addition to the database, are often precisely the elements that database users utilize, and which make the database the preferred means to access and use the uncopyrightable material it contains. Because it is the utility of those added features that most users wish to access, it is appropriate to protect them under Section 1201(a)(1)(A). Moreover, all copyrightable works are likely to contain some uncopyrightable elements, factual or otherwise. This does not undermine their protection under copyright or under 1201(a)(1)(A). [footnote] \8\

[footnote] \8\ One commenter suggested an exemption for ``compilations and other works that incorporate works in the public domain, unless the compilation or work was marked in such a way as to allow identification of public domain elements and separate circumvention of the technological measures that controlled access to those elements.'' PH4 (Ginsburg). While this approach could address some of the concerns raised by proponents, it is unclear whether it would be technologically feasible for copyright owners to implement. Furthermore, as discussed below, the Register has not yet been presented with evidence that there have been or are likely to be adverse impacts in this area.

Posted by Seth Finkelstein at 09:05 AM | Followups
November 25, 2002

How To Win (DMCA) Exemptions And Influence Policy

Date: Mon, 25 Nov 2002 08:07:11 -0800
From: Lee Tien
Subject: guide to DMCA "exemption" process -- 3 weeks left
To: Law & Policy of Computer Communications

EFF is pleased to present a guide to the DMCA "exemption" process.

http://www.eff.org/IP/DMCA/finkelstein_on_dmca.html

Under this process, the Copyright Office of the Library of Congress must make a triennial inquiry regarding adverse effects of the DMCA's prohibition on circumvention on "certain classes of works."

If adverse effects are shown, the office can "exempt certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works." The exemptions only last 3 years.

The author, Seth Finkelstein, is one of the very few people who succeeded in arguing for an exemption (for the act of circumventing access/copy controls on censorware blacklists) in the last round (2000). [The Copyright Office received many comments and rejected the overwhelming majority of them; I think in the end only 2 or 3 exemptions were created.]

The upcoming round is the next one, for 2003. "Written comments are due by December 18, 2002."

This is about the only part of the DMCA that can mitigate its fell sway, so if you have any interest in the topic at all, it's well worth reading.

Lee
--
**********************************
Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation

Posted by Seth Finkelstein at 11:41 AM | Comments (0) | Followups
November 24, 2002

DMCA and criminal penalties

I've been looking into the criminal penalties section of the DMCA. This is scary stuff. You do NOT have to be a big-time infringement business to trigger criminal liability in modern copyright law (as most famously demonstrated by Dmitry Sklyarov) . In fact, it's surprisingly easy.

From the Department of Justice Criminal Resource Manual:

Copyright Infringement -- Fourth Element -- Commercial Advantage or Private Financial Gain (emphasis added)

It is a common misconception that if infringers fail to charge subscribers a monetary fee for infringing copies, they cannot be held to have engaged in criminal copyright infringement. It is the position of the Department that the term "for purposes of commercial advantage or private financial gain" does not require the payment in money for the infringing works, but includes payment by trading anything of value for them. Thus, when "bartering" (i.e., the practice of exchanging infringing works for other infringing works) results in the unauthorized dissemination of substantial amounts of infringing product without recompense to the copyright holders, prosecution appears to be fully consistent with the purposes of the criminal copyright statute.

Posted by Seth Finkelstein at 11:51 PM | Followups
November 13, 2002

Supreme Court to review CIPA (censorware law)

[This is a well-reported item, but I believe I have something valuable to say, per below]

As reported in many standard places. the Supreme Court has decided to review the CIPA case, concerning the Federal law which links library funding to mandatory censorware.

By the way, it's important to keep in mind that while almost all news coverage will tout this as filtering pornography, censorware also usually bans anonymizers, language translations sites, google caches , even the archive WayBack Machine. This is because sites such represent a threat, a LOOPHOLE in censorware's control. This overbroadness has been a factor in the CIPA decision.

Update Nov 15: I've revised and updated the report
BESS's Secret LOOPHOLE

It now has revised and updated examples of LOOPHOLE sites, as well as containing the various mentions of the topic in the CIPA case.

Posted by Seth Finkelstein at 03:49 AM
October 31, 2002

ACLU reply to N2H2 in censorware case

Today brings the ACLU reply in the legal case of Edelman v. N2H2. This is a legal action about being able conduct research concerning censorware, free from the chilling effect of being sued. I'm following the case, for obvious reasons

My (nonlawyer) guess, is that the core of the issue in the reply is this:

N2H2 has also made public statements regarding its intention to assert all legal rights against Edelman if he engages in his proposed research. In N2H2's latest 10-Q quarterly filing with the Securities and Exchange Commission, N2H2 stated:

We intend to defend the validity of our license agreement and to enforce the provisions of this agreement to protect our proprietary rights. We also intend to assert all of our legal rights against Edelman if he engages in future activity that violates the agreement or our proprietary rights.

N2H2 Form 10-Q (filed Aug. 13, 2002), at 22 (emphasis added).4 Further, in the Wall Street Journal, N2H2 spokesman David Burt said the company would defend its license and intellectual property rights:

We think that our rights to protect our intellectual property and our software licensing agreements are valid. And we do intend to defend them.

Suit Seeks Exemption to Digital Copyrights, WALL ST. J., July 26, 2002, attached at Exhibit 2.

Posted by Seth Finkelstein at 09:49 AM
October 28, 2002

Shrinkwrap Ban On Reverse-Engineering Appealed

The Massachusetts court case which upheld a software shrinkwrap contract prohibition against reverse-engineering (Bowers v Baystate Technologies), is now being challenged in an appeal. See the article:

Legal Scholars and Library Groups Seek Clarification From Court on Software Licenses(via GrepLaw)

Worth reading, on this topic:

"Should Software Companies Be Able, Through Contracts, To Prevent Competitors From "Reverse Engineering" Their Products", by Chris Sprigman.

I commented about this in an earlier blog entry. To get an idea of what sort of onerous terms are being put in licenses, take a look at this one, just to use Websense's form for looking up sites on Websense's blacklist:

Site Lookup Terms of Use

By using the Websense Site Lookup, you warrant that you are a Websense customer or you are evaluating Websense Enterprise software as a prospective Subscriber. You acknowledge and agree that the information contained in the Websense Site Lookup is to be accessed or used strictly for your own internal use as a Subscriber of Websense Enterprise or in evaluating the performance of Websense Enterprise to facilitate your purchase decision. You may not transfer or assign your right to access or use the information to any other party for any reason. Any other access or use of the information contained in the Websense Site Lookup is strictly prohibited. Websense may terminate your right to access or use the information contained in the Websense Site lookup at any time and for any reason.

Posted by Seth Finkelstein at 03:13 PM
October 21, 2002

Classic Judge Learned Hand quote on lawsuits

This quote should be better known:

"I must say that, as a litigant, I should dread a lawsuit beyond almost anything short of sickness and death."

-- Judge Learned Hand, from "The Deficiencies of Trials to Reach the Heart of the Matter", in 3 "Lectures On Legal Topics" 89, 105 (1926), quoted in Fred R. Shapiro, "The Oxford Dictionary Of American Legal Quotations" 304 (1993).

Posted by Seth Finkelstein at 11:51 PM
October 19, 2002

Who-gets-paid, and an N2H2 (censorware company) potkettleblack

I've been through N2H2's (a censorware company) motion to dismiss the case Edelman v. N2H2 (regarding the right to examine censorware blacklists). Let me write just one note today.

On page 3 of the motion, N2H2 starts off a section by writing:

"Edelman, who has in the past been paid to examine N2H2's system opposed to Internet filtering, ...."

Now, now, N2H2, you're not a charity. Moreover, it's not as if employees of N2H2 haven't been paid by parties seeking to impose mandatory censorware laws, such as: (emphasis added)

Courts: Library Filtering Of Internet Sites Found Unconstitutional
...

Filtering companies reacted defensively. "I think they are just holding filters up to too high a standard," said David Burt, director of public relations for N2H2. Although Burt's company is officially neutral on CIPA, he was a paid consultant to the Justice Department on defense strategy.

National Journal's Technology Daily, 05-31-2002

Note: Myself, I've never gotten paid for any of my anticensorware investigations, but I wish I had!

Posted by Seth Finkelstein at 11:56 PM
October 12, 2002

DMCA exemptions rulemaking

It's DMCA exemption rulemaking time again.

The Copyright Office is preparing to conduct rulemaking proceedings mandated by the Digital Millennium Copyright Act, which provides that the Librarian of Congress may exempt certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works. The purpose of this proceeding is to determine whether there are particular classes of works as to which users are, or are likely to be, adversely affected in their ability to make noninfringing uses due to the prohibition on circumvention. This page will contain links to published documents in this proceeding.

Last time, I was one of the people who persuaded the Librarian of Congress to grant one of two exemptions, for censorware.

But the exemptions only hold for three years each time, and now we have to do it all over again:

There is a presumption that the prohibition will apply to any and all classes of works, including those as to which an exemption of applicability was previously in effect, unless a new showing is made that an exemption is warranted. Final Reg., 65 FR 64556, 64558. Exemptions are reviewed de novo and prior exemptions will expire unless the case is made in the rulemaking proceeding that the prohibition has or will more likely than not have an adverse effect on noninfringing uses. A prior argument that resulted in an exemption may be less persuasive within the context of the marketplace in the next 3-year period. Similarly, proposals that were not found to warrant an exemption in the last rulemaking could find factual support in the present rulemaking.

Amusingly, the last time around they said in part (emphasis added)

A number of commenters urged that a broader encryption research exemption is needed than is contained in section 1201(g). See, e.g., C185, C30, R55, R70. Dissatisfaction was expressed with the restrictiveness of the requirement to attempt to secure the copyright owner's permission before circumventing. C153. See 17 U.S.C. 1201(g)(2)(C). Most of the references to statutory deficiencies regarding encryption research, however, merely state that the provisions are too narrow. See, e.g., PH20.

That last reference was me. Wow, can I give them examples this time!

Posted by Seth Finkelstein at 11:55 PM
October 05, 2002

Twofer - reverse-engineering and legal-brief flaming

I'm still pondering various nastiness in legal briefs. I recalled a part of the DeCSS case where the plaintiffs even introduced Slashdot comments as evidence against the defendants. I went and looked-up that portion, and it even had invocation of prohibitions against reverse-engineering.

The following is from the John Hoy declaration in the DeCSS (president of the DVD DVD Copy Control Association, Inc. -"DVD CCA")

... To my knowledge, all of the software licensees of CSS technology, including Xing, require end users to enter a "click wrap" license which specifically prohibits reverse engineering.

8. Moreover, the Internet postings of those individuals who were developing and/or discussing the means to hack through the master keys to gain access to CSS technology, referred to in the Shapiro Reply Declaration, demonstrate that they knew, or had reason to know, that such actions were wrongful.

9. For example, postings on slashdot.org as early as July 1999 clearly establish the state of mind of the hacker community. The following is a sample of posts made on July 15, 1999:

(much Slashdot flaming follows)

Hmm - "the state of mind of the hacker community"? It's amazing what gets into these things.

Posted by Seth Finkelstein at 11:57 PM
October 04, 2002

Flaming to/from courts

The nastiness in the material from N2H2 in Edelman v. N2H2 reminds me a great deal of the judicial flaming done by Judge Kaplan in the DeCSS case. In particular, the remarks about the plaintiffs and defendants here:

VI. Conclusion

In the final analysis, the dispute between these parties is simply put if not necessarily simply resolved.

*346 Plaintiffs have invested huge sums over the years in producing motion pictures in reliance upon a legal framework that, through the law of copyright, has ensured that they will have the exclusive right to copy and distribute those motion pictures for economic gain. They contend that the advent of new technology should not alter this long established structure.

Defendants, on the other hand, are adherents of a movement that believes that information should be available without charge to anyone clever enough to break into the computer systems or data storage media in which it is located. ...

His sympathies were clear ...

Posted by Seth Finkelstein at 11:17 PM
October 02, 2002

The Wit And Wisdom of N2H2

Today's Chronicle of Higher Education reports, about the case Edelman v. N2H2 :

The Internet filtering company N2H2 Inc. is asking a judge to dismiss a lawsuit that a Harvard University law school student brought against the firm.

But ...

In a filing in August with the Securities and Exchange Commission, N2H2 stated that it will take legal action against those who threaten its trade secrets.

I believe it is helpful to read all The Wit And Wisdom of N2H2 as encompassed in that filing (my emphasis below):

On July 25, 2002, Benjamin Edelman filed suit against us in the U.S. District Court for the District of Massachusetts. Mr. Edelman is purportedly a computer researcher who seeks to conduct a quantitative analysis of the accuracy and comprehensiveness of our "Bess" and "Sentian" Internet content filtering products. If Mr. Edelman downloads our filtering software to conduct his analysis, he will be required to enter into our standard license agreement. The license agreement prohibits users from copying or decrypting our software and from using or disclosing confidential information that belongs to us and cannot be obtained through normal use of the software. Mr. Edelman's proposed activities would violate these provisions of the license agreement or applicable law, or both. He seeks a declaratory judgment that he cannot be held liable for breach of certain provisions of the license agreement as a result of his proposed activities. In addition, Mr. Edelman seeks a declaration that he will not be prosecuted for violations of the Copyright Act of 1976, the Digital Millennium Copyright Act, or laws protecting trade secrets if he conducts his proposed analysis. Finally, Mr. Edelman seeks to enjoin us from initiating litigation against him on the basis of his proposed activities. We intend to defend the validity of our license agreement and to enforce the provisions of this agreement to protect our proprietary rights. We also intend to assert all of our legal rights against Mr. Edelman if he engages in future activity that violates the agreement or our proprietary rights. To the extent that this matter is resolved in Mr. Edelman's favor, however, it could have a material adverse affect on our business, future results of operations, financial position and cash flows. Even if Mr. Edelman's claims are not successful, the litigation could result in substantial costs to the company and divert management's time and attention away from business operations.

I've mentioned the following before, but this portion, right from the horse's, err, mouth, deserves repeating (my emphasis):

Our filtering services have been accused of overbreadth by free speech groups.

In a recent federal court case, a federal appeals court held that certain provisions of the Children's Internet Protection Act resulted in an unconstitutional restriction of freedom of speech. These provisions required public libraries receiving federal funds to install Internet filtering programs like N2H2's on all of their computer terminals. The basis for this ruling is, in part, that such programs are overbroad in the types of speech that they filter out. This ruling is currently on appeal to the United States Supreme Court. To the extent that this decision is upheld, it will negatively impact our ability to market our products to libraries without modification, which could be time-consuming and costly.

Again, they said it, not me ....

Posted by Seth Finkelstein at 10:15 PM