My _Guardian_ column on Security by Obscurity = Ignorance is Strength
security by obscurity = ignorance is strength
http://www.guardian.co.uk/technology/2008/aug/28/security.law
Is research that uncovers flaws in transportation fare payment systems so dangerous as to justify censorship?
This is my reaction to the MBTA v. Anderson case, where three MIT students and MIT have been sued over their research showing security weaknesses in the MBTA subway fare system. I'm hoping my comparison of "security by obscurity" to the Orwellian slogan of "Ignorance is Strength" catches on. Happily, that comparison managed to make it into the title.
Blog bonus: My original draft had a paragraph "Some naive commentators have a ludicrous idea that there's teams of civil-libertarian lawyers on alert who scan the skies for the EFF-signal and then leap into the EFF-mobile to do battle. The reality may be heroic in its own way, but resembles battlefield triage far more than a bloodless inevitable triumph of good over evil."
But that either got cut for space or because the Batman references were too obscure.
[For all columns, see the page Seth Finkelstein | guardian.co.uk.]
Regulating Search Engines paper - detailed notes
I made some notes as I went through the "Federal Search Commission?" paper, and since I've already given an overview of my thoughts, I decided to post these for whatever value they have in terms of the specifics of the argument, and where I believe it doesn't work. Again, basically, I sympathize with the examination of the concentration of media power. But the claims as to why it's not like other media power simply don't seem to me to be valid.
The first dimension involves an important preliminary question: what exactly is the relevant speech in relation to which search engines assert first amendment rights?
This: "If you're looking for pages about "widgets", the most relevant page is this, the second most relevant page is that, the third, etc".
When, however, the frame of reference is the supposed speech embodied in rankings the claim that regulation of search results violates the first amendment becomes highly precarious. It is highly questionable that search results constitute the kind of speech recognized to be within the ambit of the first amendment by either existing doctrine or any of the common normative theories in the field. While having an undeniable expressive element, the prevailing character of such speech is performative rather than propositional.
Regrets, I don't buy it. I don't see a way you can claim "Vote for X" is "propositional" while "The most relevant page for X is Y" is "performative". This part in the reasoning seems flawed: "To use the terminology of Robert Post, the speech of search engines as embodied in rankings is not a form of social interaction that realizes first amendment values."
That claim is problematic in a very deep sense, because if search engines rankings embody social values, then they're a form of social interaction in the relevant sense. The argument can't have it both ways, that they're expressions of the algorithm-writer's bias and prejudice for the sake of criticizing them, but not social interaction when it comes to regulation.
After all, one could say everything from tabloid newspapers to book publishing is not social interaction, in that they're monologue or pontification, not a town hall meeting.
In short, extending the compelled speech rule to cover the mere observations on relevance implied in search engine rankings seems to take the doctrine to domains where it was never meant to go.
But the problem here is taking that view in the opposite direction, to wit:
The evaluation of the value of bonds which was found to be an "opinion" in that case, while not the strongest case of an expression subject to a dialogical relationship, still has some potentially-dialogical features. Listeners can agree or disagree with the evaluation, criticize or support it, and make arguments for or against it. Search engine rankings, by contrast, are not perceived by users as an expression with which they can interact in ways characteristic of what we usually refer to as an "opinion."
Again, this just doesn't seems correct to me. Generally we have as little ability to dialog with a statement like "Standard and Poors rated this bond as junk" as "Google blacklisted this site as spam". In both cases, the mechanism used to determine the result is proprietary, and the institution offers it on a take-it-or-leave-it basis.
As in the case of the compelled-speech rule, recognizing the incidental and limited form of "opinions" implicit in search results -- i.e. opinions about relevance to users -- might cause the doctrine to spin out of control.
Right, right, got it. This idea is seen (in the reverse) in a lot in net-ranting. You can't convert every statement into protected speech by the magic of prepending "It's my opinion that ...", and so it's an opinion, which is protected speech, ha-ha-ha gotcha. Calling every statement an opinion isn't a get-out-of-regulation-free card. Understood. However, trying to turn it around in the other direction is just as bad, in that there's a problem playing off the many senses of the word "opinion". A search engine result is more like a judicial "opinion", which doesn't map exactly to the most common use of the word either.
The Google does not need me to save it, and I certainly know how its results can be gamed. But I also don't think it can be so readily categorized as somehow apart from standard journalism.
Peter Junger obituary, Memorial Jan 11, reminiscences address below
[I'd known law professor Peter Junger for many years. He was one of my strongest supporters, wrote some of the best legal analyis I've ever read, as well as great humor. I am deeply saddened by his death and the world is lesser for it.]
[official memo from Marina P Corleto (mpc6[atsgn]case.edu) ]
Link: Peter Junger obituary
Any thoughts you would like to pass along would be appreciated.
JOIN US FOR A MEMORIAL SERVICE FOR PROFESSOR EMERITUS OF LAW PETER D. JUNGER
The law school will hold a memorial service for Professor Emeritus Peter D. Junger who passed away in November. The service will be Thursday, January 11 at 7:30 p.m. in Room 159 of Gund Hall.
Professor Junger grew up in Wyoming. He received his A.B in 1955 and his LL.B. in 1958, both from Harvard. He practiced as a real estate lawyer in the New York firm, Patterson Belknap Webb, from 1961-70. He began teaching as an Associate Professor at Case Western Reserve University School of Law in 1970 and served until 2001. He became Professor Emeritus in 2002.
Although his field was property law, Professor Junger was deeply involved in the computer revolution. He was active in an early artificial intelligence group on the campus and worked on issues relating to computer privacy and data encryption. He filed a lawsuit challenging a federal regulation that barred the export of data encryption software. Professor Junger argued that the regulation infringed his First Amendment rights in that it prevented him from showing encryption software to foreign nationals who were in his class on computers and law. The case was dismissed by the trial court but the 6th Circuit Court of Appeals reversed that decision and upheld Professor Junger's claim that computer source code was expression protected by the First Amendment. Just before he died, Professor Junger completed an article arguing against the patentability of software.
All of Professor Junger's students, colleagues, and friends are invited to attend the memorial service. Those who would like to speak at the service or to submit written anecdotes or reminiscences about Professor Junger should contact Professor Wilbur Leatherberry (368-3585 or wcl[atsgn]case.edu) or Professor Jonathan Entin (368-3321 or jle[atsgn]case.edu).
In my opinion Peter was one of the best.
Rosanna B. Masley, Acquisitions Coordinator
Judge Ben C. Green Law Library
Case Western Reserve University
216-368-5429
"CleanFlicks", copyright infringement, and DMCA
The "CleanFlicks" case concerning bowlderization versus copyright is prompting much tech/law discussion, see e.g. Joe Gratz and Ed Felten
Side 1: Companies, e.g. "CleanFlicks", which take existing movies and
make version with offense parts cut out.
Side 2: Movie studios, etc.
Legal Issue: Is a bowlderization service a violation of copyright, even if the
company buys an unaltered copy first, and is doing it For The Childen?
Court's answer, so far: Yes (note this is different from the "Family Movie Act", which addressed making on-the-fly alterations, not permanent copies).
In terms of having something original to add to the commentary pile, I'd just like disagree with my pundit brethren regarding the speculation that the reason the movie studios didn't bring a DMCA claim against the bowlderizers was that the studios did not want to inflame social conservatives against the DMCA. That doesn't make sense, as social conservatives have more than enough to be outraged in the lawsuit itself (and now, the unfavorable decision). Such fine distinctions as the exact nature of the legal claims are very much inside baseball, details. No, I believe the reason a DMCA claim was not made has much more to do with not presenting a court with the fabled sympathetic DMCA circumvention defendant, one charged with circumvention but making fair use in a socially approved cause (and you can't get more sympathetic than For The Children, that's better than even prestigious academic researchers!)
Think it through: If the studios win on the copyright claim, there's no need for a DMCA claim. If the studios lose on the copyright claim, they could then bring a DMCA claim. So they have nothing to gain from starting with a DMCA claim, and risk enormous loss in having a court possibly scale back the extent of the DMCA (especially given the temptation to be swayed by the perceived virtues of the defendant). Thus, it's strategically obvious what to do based simply on risk/reward ratio.
Anyway, politics makes strange bedfellows, err, parlorguests.
Apple v. Does (O'Grady v. Superior Court) and Wikipedia
The Apple v. Does (O'Grady v. Superior Court) case, where Apple tried to subpoena online publisher's information for an investigation, has been well-analyzed (big win for EFF). I'm going to skip the (somewhat misconstrued) Bloggers vs. Journalists! aspects, because they've been chewed to death, and focus on a synthesizing post about the Wikipedia elements, to highlight some other factors.
In "New Age judge blasts Apple", Andrew Orlowski states:
However Apple has struck gold in finding a techno utopian in a state of rapture. Judge Rushing cites Wikipedia as a source, a mistake which earns students an 'F' grade today. He talks about the need to disregard economics and sociology in favor of a "memetic marketplace" - whatever that is - and allows himself some flights of technological rapture.
[N.b. - I think "memetic marketplace" was the judge's way of being hip, where a more staid judge would have used the traditional phrase "marketplace of ideas"]
Actually, I suspect the problem was recognized, and Joe Gratz analyzed it in Apple v. Does Court Cites Wikipedia:
In 2003, I opined that citation to Wikipedia in the course of a legal argument was asking for trouble, since anyone - even opposing counsel - could pull the factual rug out from under one's argument.
The California Court of Appeal, though, dodges the problems I foresaw. It cites Wikipedia almost exclusively for the definitions of internet argot and geek pop culture references: ...
These articles are particularly likely to have reached an accurate and complete equilibrium, since the core Wikipedia constituency is deeply familiar with their subject matter, and that subject matter is not hotly contested. While one can imagine a flame war emerging over precisely what is or isn't a BBS or a blog, the opinion cites Wikipedia in the same situations I do - when the reader's general knowledge of the subject matter will assist understanding of the argument, but the underlying details aren't dispositive of the argument's merit.
In other words, citing a geek trivia collection to define popular geeky terms, is probably not dangerous.
And, besides taking apart some of the Bloggers vs. Journalists! hype, in Courting Wikipedia, Citing Wikipedia, Jon Garfunkel reveals:
In an earlier footnote, Judge Rushing defended his use of Wikipedia: "As with many of the concepts in this opinion, the most authoritative and current sources of information may themselves be found on the web." Of course, "on the web" is as precise as saying "in printed materials." The difference is that information printed materials generally can be traced. With the web, it's a bit trickier. One searches the Bear Flag League, and find out that they're a group of conservative California bloggers, and then search more to find out that the founder was Justene Adamec. As for who came up with "we blog," that is Peter Merholz, who explains such here. As for the quote in bold, it's a meaty passage out of Wikipedia. In this case, it's practically impossible to find out who had authored it, unless the author steps forward.
It was me. And I'm absolutely delighted.
Maybe this what they mean by anyone can contribute :-).
"Justices Pass on Internet Obscenity Case"
[This is about the Nitke v. Gonzales case, where I'm an expert witness. Check the The Wirenius Report Blog, from the case's main lawyer John Wirenius, for first-hand information in the near future. ]
[UPDATE 3/21: See "Supreme Abdication", John Wirenius' follow-up]
Justices Pass on Internet Obscenity Case
By GINA HOLLAND The Associated Press Monday, March 20, 2006; 10:27 AM
WASHINGTON -- The Supreme Court turned back an appeal on Monday from a photographer who claimed a federal decency law violated her free-speech rights to post pictures of sadomasochistic sexual behavior on the Web.
Justices affirmed a decision last year by a special three-judge federal panel upholding the 1996 law which makes it a crime to send obscenity over the Internet to children. ...
[I'm not sure they affirmed, versus refused to hear, those are different actions.
Update: 2:30 pm - Ouch! "The Judgment is Affirmed".
]
Sigh ... see: An Overview of Nitke v. Ashcroft:
However, the definition of "obscenity" approved in Miller does not fit well in an online world; it is based in part on the harmful effects that adult book and video stores have on the quality of life of a neighborhood, and further defines what is obscene by whether or not the material is "patently offensive" under "local community standards" based on geographic locality. See also Hamling v. United States, 418 U.S. 87, 99 (1974). Whether, and how, such a definition can apply to cyberspace has not yet been resolved by the Supreme Court.
[Again, what good does this tiny blog-squeak do, against the sheer volume of the Associated Press, and the inevitable blog echoing?
]
Update: Official press release:
http://www.ncsfreedom.org/news/2006/032006CDA_Decision.htm
"We have proven that Miller does not work," says Susan Wright, Spokesperson for NCSF. "But the Supreme Court has declined to strike it down at this time. That means every website on the Internet can be judged by the most repressive local community standards in the U.S."
...
"We knew that the Bush administration was laying its plans to prosecute sexually explicit material on the Internet," says John Wirenius, attorney for the plaintiffs. "By filing our lawsuit in 2001, we may have slowed the Justice Department from prosecuting obscenity in 2002-3, but the number of obscenity prosecutions has steadily increased ever since. We believe in fighting this battle and we took our fight all the way to the Supreme Court.""I think we've achieved a great victory in drawing attention to how politicized our judicial system has become," says co-plaintiff Barbara Nitke, a fine art photographer who explores sexual relationships in her work. "Our obscenity laws are outmoded, especially in conjunction with the Internet. We've made a huge dent in how obscenity will be judged in the future, and I hope others will now stand up and continue to fight against repressive laws like this."
IAC v. Citrin, file deletion and the Computer Fraud and Abuse Act
Bob Helmer sent me a note about International Airport Centers, LLC v. Citrin, which involves:
The Seventh Circuit United States Appeals Court has ruled that employees cannot unlawfully delete their computers before handing them back to their employers. International Airport Centers (IAC) sued Jacob Citrin, a former employee, after he returned a laptop whose contents had been erased with a deletion program.
In a three to none decision the court said that Citrin violated the Computer Fraud and Abuse Act by installing a secure delete program. In addition the court said that Citrin effectively terminated his employment, not when he turned in the laptop, but when he started doing personal business while still being employed at IAC.
Despite hype elsewhere, it's been well-analyzed by: Groklaw: IAC v. Citrin - Deleting Files a Crime?, so I'll just point to that:
I know if I were on the jury, I'd find it hard to view such a [secure delete] program as a cracker tool, since I use the Mac OSX secure delete option every time I delete anything from trash. So, unlike Judge Posner, I just can't view it as an evil hacker tool, the way he does. However, if the guy deliberately destroyed the materials so as to prevent IAC from being able to compete, and the materials belonged to them and they had no other copy, obviously that isn't right either, and the wording of the CFAA [Computer Fraud and Abuse Act] then might well seem to cover what he did. But their other claims under state law are certainly sufficient to deal with that kind of behavior. What happened was, as I see it, a dance to keep it in federal court. That doesn't mean that in the end he'll be found guilty of violating the CFAA necessarily, but it does mean that anyone in the Seventh Circuit now can be, if the circumstances are right.
However, I personally found the most interesting part of the analysis to be:
And you'll notice that he bases his argument not on the parts of the CFAA that the plaintiffs cited but on [a different section]. When you see judges helping one side out like that it generally means that they are looking for a way to pin the guilty party, in their estimation. Frankly, if a judge wants to get you, you're going to get got. They know how.
In the past, I've had long arguments over risks regarding "authorization" and the Computer Fraud and Abuse Act. The problem is that any truth residing between pseudojournalistic wolf-criers, and overconfidence in the opposite direction, still ends up in a bad place.
Perfect10 vs Google, and copyright aspects of nude women pictures
I'm surprised there hasn't been much mention of some amusing aspects to be found within the Perfect10 vs Google ruling, since plaintiff "P10 publishes the adult magazine "PERFECT 10" and operates the subscription website, "perfect10.com," both of which feature high-quality, nude photographs of "natural" models".
Accept a substitute?
Merely because Google's thumbnails are not cropped does not necessarily make them exact copies of P10's images, but the record currently before the Court does suggest that the thumbnails here closely approximate a key function of P10's full-size originals, at least to the extent that viewers of P10's photos of nude women pay little attention to fine details.
It's creative, not objectification:
Google argues that P10's works are not creative because P10 "emphasizes the objects of the photographs (nude women) and [P10] assumes that persons seeking Perfect 10's photos are searching for the models and for sexual gratification." Google contends that this "implies a factual nature of the photographs." The Court rejects this argument. The P10 photographs consistently reflect professional, skillful, and sometimes tasteful artistry. That they are of scantily-clothed or nude women is of no consequence; such images have been popular subjects for artists since before the time of "Venus de Milo."
And, from a legal standpoint, it's not true that if you've seen one, you've seen them all:
The Court finds that Google's use of the infringing copies of P10's images also is no greater than necessary to achieve the objective of providing effective image search capabilities. In doing so, the Court rejects P10's contention that Google could have provided such assistance through the use of text, claiming that P10's images are more readily describable in words than Kelly's images. First, contrary to P10's contention, photographs of nude women can, like photographs of the American West, vary greatly.
It's always intriguing to see how this material is treated in legal cases.
Perfect 10 v Google - Google Image Search Can Be Copyright Infringement
In Perfect 10 v Google, a judge has ruled (news report), in a preliminary injunction:
The Court now concludes that Google's creation and public display of "thumbnails" likely do directly infringe P10's copyrights. The Court also concludes, however, that P10 is not likely to succeed on its vicarious and contributory liability theories.
This is a quite unfavorable outcome for the dispute over Google Print: Copyright vs. Innovation vs. commercial value.
Some key elements:
i. Commercial Versus Noncommercial Use
In assessing whether a use is commercial, the focus here is not on the individuals who use Google Image Search to locate P10's adult images. Nor is it on whether their subsequent use of the images is noncommercial (e.g., titillation) or commercial (e.g., to print and sell). Rather, it is Google's use that the Court is to consider. That use, P10 contends, is commercial in nature. The Court agrees.
Courts have defined "commercial uses" extremely broadly. [...] Google unquestionably derives significant commercial benefit from Google Image Search in the form of increased user traffic--and, in turn, increased advertising revenue. The more people who view its pages and rely on its search capabilities, the more influence Google wields in the search engine market and (more broadly) in the web portal market. In turn, Google can attract more advertisers to its AdSense and AdWords programs.
Note this is very unfavorable for the Google Book fair-use argument. Because there, Google's use is also commercial in nature, under similar reasoning.
A distinguishing factor from an earlier, more favorable, decision (Kelly v. Arriba Soft):
But unlike Arriba, Google offers and derives commercial benefit from its AdSense program. AdSense allows third party websites "to carry Google-sponsored advertising and share revenue that flows from the advertising displays and click-throughs."
And regarding the factor of effect on potential markets:
On the other hand, Google's use of thumbnails likely does harm the potential market for the downloading of P10's reduced-size images onto cell phones. Google argues that because "P10 admits [that] this market is growing," its "delivery of thumbnail search results" must not be having a negative impact. Apart from being more relevant to the quantification of damages, this weak argument overlooks the fact that the cell phone image-download market may have grown even faster but for the fact that mobile users of Google Image Search can download the Google thumbnails at no cost. Commonsense dictates that such users will be less likely to purchase the downloadable P10 content licensed to Fonestarz.
That's a strong legal rebuff to a commonly-seen argument on these issues.
And more:
D. Public Interest
Google argues that the "value of facilitating and improving access to information on the Internet . . . counsels against an injunction here." This point has some merit. However, the public interest is also served when the rights of copyright holders are protected against acts likely constituting infringement. Furthermore, in this case a preliminary injunction can be carefully tailored to balance the competing interests described in the first paragraph of this Order: those of intellectual property rights on the one hand and those promoting access to information on the other.
Though this is just a preliminary injunction, it's a stark reminder that courts do not necessarily agree with arguments we echo.
[Update - clarified this is only a preliminary injunction]
Google Search Subpoena Origins
Further note on the basis for the subpoena for search queries. I suspect it's coming out of the following aspects of the previous COPA law legal briefs (COPA = Child Online Protection Act, the law at issue):
[Note I don't quote this passage as truth, but rather to illustrate the sort of argument that the government was making, and why they're doing a search query survey]
The House Report accompanying COPA further documents the serious problem that Congress sought to address. By 1998, the number of minors using the Internet had grown to 16 million. H.R. Rep. No. 775, supra, at 9. At the same time, the number of pornography Web sites had grown to 28,000. Id. at 7. Those sites offer "teasers"-free pornographic images designed to entice users to pay a fee to explore the whole site. Id. at 10. Because Web software is easy to use, "minors who can read and type are capable of conducting Web searches as easily as operating a television remote." Id. at 9-10. As a result, pornographic material on the Internet is "widely accessible" to minors. Id. at 9. While many minors deliberately search for pornographic Web sites, others accidentally stumble upon them. Id. at 10. Many pornographic sites use "copycat" Web addresses to take advantage of innocent mistakes. For example minors would find hard-core pornography by mistyping www.whitehouse.com rather than www.whitehouse.gov. Ibid. Searches using common terms such as toys, girls, boys, bambi, and doggy all lead to pornographic sites. Ibid. Most pornographic Web sites either provide no warning that their sites contain pornography or provide a warning on the very same Web page that displays pornographic teasers. Ibid.
Sigh. I give up. The fever-swampers win. Government bad! They're coming to get you!
It just takes too much time to research this stuff, for too little return.
Google Print, Statutory Damages, And The Library Exception
"... because if Google loses, it won't just have to reimburse the authors for the economic harm they have suffered. Instead, Google will have to pay statutory damages ... In light of the risk Google is facing, it's surprising that Google went ahead with the project."
Aha! Now it all falls into place!
In fact, Google WON'T necessarily have to pay ANY statutory damages. Because of an obscure part of the statutory damages provision:
The court shall remit statutory damages in any case where an infringer believed and had reasonable grounds for believing that his or her use of the copyrighted work was a fair use under section 107, if the infringer was (my emphasis):
(i) an employee or agent of a nonprofit educational institution, library, or archives acting within the scope of his or her employment who, or such institution, library, or archives itself, which infringed by reproducing the work in copies or phonorecords; or ...
Google has the lawyer-power where, even if it loses on legal principle, it can likely persuade the judge to let it off the hook for ANY damages because of the "agent of a ...library" exception.
That explains a lot which has been going on. Quite a lot. Truly, follow the money, and much is revealed.
Google Print Is Not Copyright's Enemy-Of-My-Enemy-Is-My-Friend
Siva Vaidhyanathan makes excellent points about the Google Print Lawsuit:
The issue is the effect on the "potential" markets, not the established markets. Because a market exists (and a greater potential market lurks) for licensed digital images of published books, the library project is about that market (see Amazon and Google Print) rather than the market for the physical book. ...
Again, please don't misunderstand me. I am not cheering for the authors here. I am just worried that admiration for Google is clouding judgements. ...
The copyright issue at hand here is not really fair use. That's just trivia.
It is this: Will copyright remain a copy right or will it become a distribution right? Which is better? Which should it become? What are the gains and losses if we were to see such a shift? Would Time-Warner and Disney (both major book publishers) let that happen?
Google is using an "open" business model here: Use the content, or services built on the content, as a loss-leader to draw eyeballs and so sell advertising. This is a venerable, workable, business model. Thus, people then think that boosting Google's use of this business model is a blow against the copyright business model. Therefore, it's called "fair use", it seems to me often more on the basis of this policy advocacy, rather than any detailed legal analysis.
It's an appealing thought. But sadly, I have the sense that in this case we're just replacing one boss with another. This is not an altruistic act where Google is merely contributing to the Commons. Rather, it's strategic business positioning for them. There's nothing intrinsically wrong with that. It's a good move, leveraging their current strengths. However, there's no need to automatically imbue it with an enemy-of-my-enemy-is-my-friend aspect, which isn't necessarily there.
Google Print Lawsuit
The inevitable Google Print Lawsuit has been filed, by the Author's Guild.
The complaint doesn't appear to argue much beyond a simple claim that Google's actions are copyright infringement, the core is:
39. Google has made and reproduced for its own commercial use a copy of some of the literary works contained in the University of Michigan library, which contains the Works that are the subject of this action, and intends to copy most of the literary works in the collection of that library.
40. Google's conduct is in violation of the copyrights held by the Named Plaintiffs and other members of the Class.
As I wrote earlier in Google Print: Copyright vs. Innovation vs. commercial value, I think there are some inherent conflicts here:
That is, the technology company can't be right every time, almost by definition. Because copyright as a limited monopoly fundamentally restricts innovation in some ways. That's the trade-off.
I'm not in the business of writing legal briefs, and I don't have any particular passion for or against Google Print, so I'm not going to go deeply into the fair-use arguments (no point for me in that ...). Anyway, I suspect that it's just going to come down to a whether the relevant judges believe the project is useful or not, which is leading to a perception/PR battle.
Supreme Court Appeal for Communications Decency Act Lawsuit
The Nitke v. Gonzales case, which challenges the conflict between obscenity, "community standards", and the Internet, is being appealed to the Supreme Court, in response to an unfavorable lower court ruling.
"The CDA contains provisions that ban speech and images from the Internet that any local community in the U.S. could deem obscene, even though that speech would be fully protected elsewhere. The CDA also contains a provision that states that it's illegal to put any obscene material on the web in such a way that minors can access it. However since the Internet can be accessed by anyone with a computer, anything on the web can be accessed by a minor as previously held by the Supreme Court in Reno v. ACLU."
The FBI chapter of the Thrilling Saga of Mike Lynn (Cisco/ISS presentation)
Back from the cliffhanger, with everything from comic relief ("... I definitely used the word "sleazy" more than once") to madcap confusion ("... crowd is filled with both conspiracy theorists and reporters, and sometimes the two types overlap. So all the hens were clucking, passing stories to each other ..."), lawyer Jennifer Granick concludes the exciting saga with the FBI chapter. My two take-away parts of general interest:
I notified the agent in charge that I represented Mike Lynn and that he was asserting his Fifth and Sixth Amendment rights not to be questioned outside my presence. (Tip: Always assert both your right to remain silent and your right to have an attorney present.)
And
(Another tip: Don't try to convince law enforcement of your own innocence. Get a lawyer. Really.)
[Indeed, I know people have messed-up here (though I don't want to seem to criticize anyone by a link)]
To me, the most interesting thing about this chapter (putting aside the human drama) is that apparently neither Cisco lawyers nor ISS lawyers called in the FBI. If it wasn't those lawyers, who was it? Some other part of Cisco or ISS? Doing it without telling the legal department? Looks like she can't say, even if known. But it's disturbing to see that FBI can be invoked so readily, with all the problems that causes.
Jennifer Granick on Defending Mike Lynn (Cisco/ISS router disclosures)
Read Jennifer Granick's inside account on the Mike Lynn case, explaining the legal issues regarding his disclosure of Cisco router security problems. Money quote (pun intended):
At the point that you get sued, or even charged with a crime, it matters less what actually happened and whether you did something wrong and more what it takes to get out of the case as unscathed as possible. It's sad, but true, that our legal system can often be more strategy than justice.
Core of the "interesting" legal controversy:
It seemed that Cisco was claiming that Mike's actions were improper because he violated the End User License Agreement (EULAs), which prohibited reverse engineering. So now I was having fun. I'm totally interested in EULAs and the circumstances under which they take away public rights that are otherwise guaranteed us. Usually, a breach of contract is no big deal. But increasingly in the tech field, we're seeing big penalties for what's essentially a contract violation. Under the Computer Fraud and Abuse Act, if you exceed your authorization to access a computer, you've committed a crime. Cases have said you exceed authorization when you breach a EULA, terms of service, or employment contract. Other cases have said that EULAs can waive fair use rights and other rights guaranteed under copyright law. Lynn's case presented the question of whether EULAs could subvert the legislature's express desire to allow people to reverse engineer trade secrets.
[Note - I've said this before, many times, but once again, here's more evidence that the types of legal risks I faced myself in investigating censorware were severe, and it was a very serious matter of extensive attacks combined with lack of support which made me quit censorware decryption research]
Internet Archive DMCA Circumvention Lawsuit
The Internet Archive is a wonderful organization which keeps historical records of websites ('The Wayback Machine"). In Healthcare Advocates, Inc. v. Harding, Early, Follmer & Frailey, they are involved in a lawsuit alleging a violation of the DMCA. See William Patry for details and discussion.
The basic DMCA aspect of the case seems to be the Internet Archive uses (current website) "robots.txt" exclusion files to block access to archived material (they talk about "removing documents", but it's really "block access", not deletion). The defendants in the case were able to get to historical versions of the website in question anyway. The court complaint is unclear about exactly what happened. After thinking about it, the following is my speculation as to the technical aspect of the sequence of events (some material below taken for the lawsuit).
1) Fact - In order to decide whether to display the history version
of a website, the Internet Archive queries the current
website for the contents of the "robots.txt" file (to see if that
file prohibits the display or not).
2) Fact - The check is supposed to be done once per day.
3) Fact - There was a bug in this check, which led to the lawsuit.
4) SPECULATION - The bug in the check was that if an attempt to
retrieve the "robots.txt" file failed, that failure would be treated
as if no "robots.txt" file existed, and that means no block on display
(i.e. everything could be displayed for that attempt).
5) SPECULATION - At the time, this bug could be triggered by
repeatedly attempting to retrieve pages from the historical site
(which would, at the time, trigger repeated retrieval attempts of
"robots.txt", some of which might have failed).
Hmmm ... I hate to say it, but if the above is a correct reconstruction, it does begin to at least arguably look like an access control circumvention under the DMCA. The Internet Archive relies on external files to "control access" to archived website content. The defendants here found that sometimes it appears to the Internet Archive as if the external file wasn't present, via an implementation flaw.
I think it comes down to whether buggy "technological measures" still count under the law, and if taking advantage of a malfunction counts as circumvention by the user. It seems to be a much tougher case than it first appeared.
EFF - Legal Guide for Bloggers
EFF's Legal Guide
for Bloggers
http://www.eff.org/bloggers/lg/
I'll play, to add to the link 'pop/'rank/'rati.
The guide is well-done, and people who dislike EFF should not think it overly partisan. Many contentious political issues have been gently side-stepped, or treated neutrally to a fault. And it's useful.
But of course, no matter what your rights are, there's always a worrisome gulf between theory and practice. Perhaps the single most important statement in the guide is:
Can EFF defend me?
Maybe. EFF is a small, grassroots legal advocacy nonprofit supported by member contributions. We provide pro bono (free) legal assistance in cases where we believe we can help shape the law. Unfortunately, we have a relatively small number of very hard-working attorneys, so we do not have the resources to defend everyone who asks, no matter how deserving. If we cannot assist you, we will make every effort to put you in touch with attorneys who can. If you're in trouble, you can contact us at information@eff.org.
More on software licenses and the "Krause" case - the worse, the more valid?
Michael Madison replies, concerning the discussion of software licenses and the case Krause v. Titleserv:
I think that the [Krause] case is important, and Seth thinks that it's less so. I focus on two things. First, though the case isn't the first appellate decision to interpret Section 117 to limit the power of a licensor to declare unilaterally that code is licensed (DSC v. Pulse in the Federal Circuit purports to come to the same conclusion), it's the first significant opinion to make that point a holding, by actually finding in favor of the purported "licensee" In other words, this court puts its money where its mouth is. Second, the opinion is written by Judge Leval, who knows a lot about copyright law and whose opinions and articles on copyright are widely read and respected. He's a heavyweight, and when he speaks, the copyright world usually listens.
I believe - I fear - that it's a very long way from the situation where one programmer did a bad job on the legal specification of the software "license", and hence lost out against a business client (as in the case under discussion), to overruling of the general mass-market "EULA" license imposed by a big vendor (which will surely be drafted by attorneys with a full command of the legal necessities).
I certainly find no comfort from this case myself, due to the differences between the atypical facts and what's likely to be the situation for someone sued for reverse-engineering or copyright violations. Would it be reasonable to paraphrase the current situation as "Ownership of a copy can't be retained by the mere phrase "Licensed not sold" - more is required"? Focusing on the first part of that sentence sounds hopeful, but it appears that the second part is the killer in practice.
Looking at the "DSC" case noted above:
The concept of ownership of a copy entails a variety of rights and interests. The fact that the right of possession is perpetual, or that the possessor's rights were obtained through a single payment, is certainly relevant to whether the possessor is an owner, but those factors are not necessarily dispositive if the possessor's right to use the software is heavily encumbered by other restrictions that are inconsistent with the status of owner.
It all seems to be saying that the more restrictive a licensing "agreement", the more likely a court will find that it is a valid licensed-not-sold situation, and hence the most effective action is to make the "license" as onerous as possible!
In fact, the logical implications of these decisions seems to be to encourage EULA's to be worse, to satisfy the "heavily encumbered" condition.
I don't like that near-paradoxical outcome. But it seems to be the inevitable result.
[Disclaimer: As always, I'm not a lawyer, merely a hare running for his life.]
Krause v. Titleserv : software licenses limited - but outlier facts
(Michael) Madisonian Theory discusses a case concerning the "license" vs "owner" issues for software licenses (via Copyfight):
A win for software users: Krause v. Titleserv, Inc. (pdf), ... which contains a long and thoughtful analysis of Section 117 of the Copyright Act by Judge Leval. Section 117 grants certain rights to copy software to the "owner" of a particular copy, a phrasing that software companies have long seized on to justify many of the more onerous provisions of mass market software licenses. If a software user merely "licenses" the software, then (allegedly) the rights of "owners" don't apply. Judge Leval decisively and rightly rejects the idea that Section 117 can be bypassed by the software developer's unilateral characterization of the transaction as a "license." Importantly, the court goes on to hold that the defendant in the case could lawfully exercise the rights of a Section 117 "owner" even though it did not possess formal title to its copy of the program.
Having an intense interest in the topic of such onerous provisions, I spent the time to read through the case. Hold on to the party hats. It's not impressive, in my view (disclaimer: I'm not a lawyer, merely a hare running for his life).
The kicker is in this part of the decision (my emphasis):
We conclude in the absence of other evidence that Titleserv's right, for which it paid substantial sums, to possess and use a copy indefinitely without material restriction, as well as to discard or destroy it at will, gave it sufficient incidents of ownership to make it the owner of the copy for purposes of applying § 117(a)
Virtually every mass-market software license "EULA" has verbiage about terminating the license and restrictions on use. The basis of the court's decision seems to be that the programmer did not properly incant the magic phrases which run approximately "This is licensed, not sold. In the event of a dispute, your license may be terminated. You agree not to do the following list of actions ...".
So I can't see this case having much applicability to the general issue of the enforceability of mass-market software licenses. It's an outlier, where the facts of the dispute are sufficiently atypical so that the result isn't very meaningful regarding problems facing the vast majority of software users.
Moreover, the social framework of the case is a mid-ranking individual versus a business. Reading between the lines, the court seems to be being very expansive in legal construction in order to get to the outcome it sees as proper, of permitting the business use over the individual copyright claims:
Thus, a right to make those changes necessary to enable the use for which it was both sold and purchased should be provided. The conversion of a program from one higher-level language to another to facilitate use would fall within this right, as would the right to add features to the program that were not present at the time of rightful acquisition.
That's a very kind reading of the "right to make those changes necessary". I approve, of course. But given the "judicial flaming" I've now read over the years, I don't think this same kindness is going to be shown to any litigant viewed as a social trouble-maker. So I can't see it being much of a help overall. Sure, it'll go into any argument. But I can't see it'll do much good, sorry.
Reflections on "Code and Other Laws of Cyberspace"
I've been trying to come up with a way to concisely express why Code and Other Laws of Cyberspace is such an important book, in my view. Now, likely few people reading this will argue with me. Since almost all blogs are confined to a small self-selected fan audience, I know to the readers here I'm preaching to choir. Yet still, I feel there's something to say. Perhaps just to those few who are contrarian, or lump the book with cyberguru excesses (or maybe if censorware company people are still reading me daily, they'll learn something - I sometimes wonder if the government agents who made investigative files on writers and artists, ever obtained a second-hand education in high culture from their subjects).
To some, Code was an intellectual beacon. To me, the significance of its importance cannot be overstated as a standards-bearer. It's hard to explain this to many people nowadays. Years ago, far too much of the intellectual discussion about the Internet was dominated by a stifling net-libertarianism. There's a reason I developed a habit of writing so harshly about anything related to Libertarianism. That came from years and years of being harangued by what I call "the street-preachers of the Information Superhighway". Just compare Declaration of Independence, real and imaginary.
The book Code was a rallying-point for intellectual opposition to the net.libertarian view. It was someone with prestigious legal, public-intellectual, credentials, making the case for an important way of thinking. No-one (well, almost no-one), was going to listen to me, a no-credential no-status programmer writing on mailing lists, about these issues. But they would hear the arguments being made by a Professor at Harvard Law School and Fellow of the Berkman Center for Internet and Society.
I can't convey what a tangible, empirical, difference, the book made. Prior to it, when I talked about structural implications and outcomes, and how designs can have effects, I'd mostly just get bafflement. Or worse, Liberbabble. After Code came out, I found the magic phrase was "Like Lessig writes in Code". People may not in fact have understood, may only have thought they did. But soooo much of my typing was saved. Not to mention a great easing of the struggle for intellectual credibility.
This is one of the few times I could sincerely gush the PR phrase "I'm excited to be a part of this project". Though my full thoughts are actually more nuanced. Note I don't consider this free-speech activism (so I don't think I'm being inconsistent), merely volunteering editorial assistance. I had some trepidation, for complex reasons. But having a chance to be heard, to play a serious role in the rewrite of such an important book, won out.
My thinking is that Code truly made a difference, and I'm hoping my participation will make a difference.
Lessig Code Book Wiki
Lessig Code Book Wiki
http://codebook.jot.com/
Lawrence Lessig and JotSpot Invite the Internet Community to Update 'Code':
SAN DIEGO, Calif., ETECH, March 16 /PRNewswire/ -- JotSpot, the first application wiki company, today announced that it is teaming up with Lawrence Lessig, Stanford law professor and renowned legal author, on an update to his 1999 book "Code and Other Laws of Cyberspace". Professor Lessig is inviting the online community to contribute its collective knowledge to his original work via a JotSpot wiki. Open today at http://codebook.jot.com , the project is an unprecedented experiment in group publishing. Contributions to the public wiki will be aggregated and published in a print update of Code later this year.
I am biased. Very biased. I am part of the project team.
EFF: Dangerous Terms A User's Guide to EULAs
"Dangerous Terms A User's Guide to EULAs" is EFF's latest white paper, written by Annalee Newitz:
They're called End User License Agreements, or EULAs. Sometimes referred to as "shrinkwrap" or "click-through" agreements, they are efforts to bind consumers legally to a number of strict terms ? and yet you never sign your name. Frequently, you aren't even able to see a EULA until after you've purchased the item it covers.
...
With consumer activism, as well as actions that push our legislatures and courts to change consumer protection laws, we can prevent corporations from taking away our rights one mouse click at a time.
If you have been harmed by a EULA, or threatened with legal action because of one, EFF wants to hear your story. E-mail us at EULAharm@eff.org.
[Via Copyfight] This seems to be connected to the legal proceeding of the Blizzard vs BNETD case.
Harmed ... Well, where do I start ...
Might as well just repost something I wrote a while back, about reverse-engineering vs. fair-use, and censorware examples
Findlaw [had] an interesting article "Should Software Companies Be Able, Through Contracts, To Prevent Competitors From "Reverse Engineering" Their Products", by Chris Sprigman. It's a very good discussion of the subject. But there's a few places which could use some commentary:
Minor point:
Now, however, some companies whose software has been reverse engineered have started to fight back. They have added anti-reverse engineering provisions to the "shrinkwrap" licenses that accompany their products.
"Now"? This isn't new. I can't recall ever seeing a commercial shrinkwrap license without prohibitions against reverse-engineering. I found a censorware example from 1997, with a reply indicating this issue goes back decades (n.b., this is in part why I did my pioneer work against censorware , in virtual anonymity for so long).
Major point:
Reverse engineering itself, then, has been held to be fair use.
There's a difference between the idea that "Reverse engineering itself, then, has been held to be fair use", per se, intrinsically, and that certain instances of reverse engineering have been held to be fair-use, but others have been denied as fair-use. That is, between is fair-use, versus could be, but also might not be, fair-use. A reader of that article can easily get the impression that the courts have said reverse-engineering itself is always permitted as fair-use, whereas they've also said in other cases that it's not fair-use.
In particular, of special interest to me, the Cyberpatrol lawsuit, regarding programmers who reverse-engineered that censorware, has the following nasty things to say about that reverse-engineering of censorware:
43. Jansson and Skala admitted that they reverse engineered and decompiled Cyber Patrol Cyber Patrol, which violates the Cyber Patrol license agreement and creates an intermediate copy of Cyber patrol. ... In either case, by creating an intermediate copy of the Cyber Patrol software the defendants committed a prima facie copyright violation. ...
No Fair Use Defense
44. Fair use is a statutory affirmative defense to conduct otherwise actionable under the copyright law. ...
45. In general, any claimed "fair use" must be "consistent with the ultimate aim [of the Copyright Act] to stimulate artistic creativity for the general public good" ...
46. It is the defendants' burden to demonstrate such "fair use." ...
47. The individual defendants have no "fair use" defense here because they have neither asserted it nor submitted evidence supporting any fair use defense. ...
48. In addition, the purpose of the copying here is inconsistent with the general public good. The individual defendants' avowed purpose for decompiling CyberPatrol was to allow "youth access" to inappropriate content on the World-Wide-Web. That purpose contradicts the public interest as specifically found by Congress ...
49. Finally, to negate fair use one need only show that if the challenged use should become widespread, it would adversely affect the potential market for the copyrighted work ...
50. By their own admission, Jansson and Skala created the Bypass Code to "break" CyberPatrol ... Software explicitly designed to make CyberPatrol ineffective for its intended use can do nothing other than "adversely affect the potential market for the copyrighted work" ...
So whether reverse-engineering is fair-use also has to do with whether the court finds the specifics to be in "the general public good".
Disclaimer: I'm not a lawyer. But as the saying goes, the hound was only running for his dinner, but the hare was running for his life.
John Wirenius Blog
The Wirenius Report Blog has recently been launched:
John Wirenius is a lawyer and scholar whose practice and writing centers around the balance of power between the individual and the state, and in preserving freedom of speech. John is presently representing pro bono the New York City artist Barbara Nitke and the NCSF in the First Amendment case Nitke v. Ashcroft, which challenges federal statutes allowing prosecutors to apply the most conservative community standards of decency in the Nation to the entire Internet.
In the interest of helping out, I thought I'd do post about it.
I am of course biased, since I worked with John Wirenius on the above-mentioned Nitke v. Ashcroft case. His initial post has a very long status update, and also says nice things about me (I am not too modest to quote that section, but there's important material in it):
We had two generous and brilliant tech-wizards--Ben Laurie and Seth Finkelstein--who purely for principle, agreed to appear in court and explain why speech on the Internet is an all-or-nothing thing--that you can't prevent visitors from the more conservative communities from accessing a website or other online speech.
The quality of his writing shines in other commentary too, e.g. analysis of the obscenity issues in Extreme Associates Dismissal:
Moreover, obscenity law chooses a side in the war of ideas--defending old fashioned propriety against libertinism, or pro-sex viewpoints. That advantaging one side of an ongoing social debate violates the very core of the First Amendment--the requirement that laws be viewpoint neutral. In other areas of so called "low value speech," such as "fighting words," the Court has held that restrictions must be viewpoint neutral. See RAV v. City of St. Paul, 505 U.S. 377, 382-383 (1992). But again, in obscenity, that rule does not apply, with the only reason set forth is that "traditionally" obscenity law is an exception to free speech. (The Court in obscenity cases is a little like Tevye asserting "Tradition!" when all other arguments fail.) But tradition is not enough; as Justice Holmes pungently put it "it is revolting to have no better reason for a rule of law than so it was laid down in the time of Henry IV." (Holmes, "The Path of the Law" in Collected Legal Papers (1921) at p. 187).
All well and good; but will the Court of Appeals (to say nothing of the Supreme Court) approve Judge Lancaster's daring in undermining these decades of settled authority? Stay tuned....
More to sample:
Catastrophic Success Against the English Language
NYC Gay Marriage Decision
Boxer v. Rice: What Liberal Media?
Blogdom is an oligarchy, where the cold equations of exponential distribution of attention dictate that there are many worthy voices which are barely heard. John Wirenius has brought a critical Internet free-speech fight through the courts, possibly going to the Supreme Court. Hear him.
Berkman Center's newsletter mentions me in Internet "community standards" case
The current edition of the Berkman Center for Internet and Society newsletter, "The Filter" No. 7.01 01.04.05, has an item on the Nitke case, and mentions my expert testimony. Thanks!
* Defining "Community Standards" for the Internet
Sections of the Communications Decency Act have concerned advocates for online freedoms since passage of the law in 1996. While many of the CDA's provisions about internet "indecency" were overturned in Reno v. ACLU in 1997, other provisions, such as limitations on ISP liability and restrictions about online "obscenity," remain intact. Plaintiffs in the recent lawsuit, Nitke v. Ashcroft, are now challenging these obscenity standards. New York artist Barbara Nitke, whose photography depicts sexual and controversial scenes, filed for declaratory judgment to protect online displays of her work in 2001, and written arguments in the case were finally submitted last month. One of the core issues raised in Nitke v. Ashcroft is the difficulty of determining "obscenity" on the internet, since its definition depends on measuring "contemporary community standards." Which community standards apply to the global Internet? Technology experts and internet activists have sided against the law based on this concern and as well as concerns about First Amendment freedoms and online anonymity. The case now falls to the Southern District of New York for a decision.
Plaintiff's Overview (John Wirenius): <http://www.wireniusreport.net/overview.html>
Original Media Coverage (CNN): <http://archives.cnn.com/2001/TECH/industry/12/20/obscenity.suit.idg/>
Expert Testimony about Challenges to Geolocation (Seth Finkelstein): <http://sethf.com/nitke/ashcroft.php
"EFFector" (EFF newsletter) CDA trial mention / credit
Credt ... Credit ... I'm mentioned in the current issue of EFF's newsletter, "EFFector", which has coverage of the Nitke case:
Last month, the case came to trial to resolve a number of disputed factual matters. The two-day trial featured testimony by expert witnesses including UK security expert Ben Laurie and EFF Pioneer Award Winner Seth Finkelstein, both of whom testified that trying to determine the true physical locations of Internet users is both difficult and costly.
...
NCSF press release on the trial, annotated with links by expert witness Seth Finkelstein:
http://sethf.com/nitke/cda-trial.php
Thanks much.
Reports You Won't See - A Survey Of Censorware Cryptography
[Another Censored Censorware Report]
Having examined more censorware internals than anyone else in the world, I've considered there might be an interesting academic survey paper describing the encryption algorithms employed various programs. It ranges all the way from the trivial encryption of "XOR" with a single byte (the original version of CyberSitter), to the full-blown Data Encryption Standard (DES). Of course, using the power of the Data Encryption Standard algorithm doesn't help too much when they give out the key in first place if one knows where to look.
Digression: During the DMCA exemptions testimony, when censorware company representative
David Burt
was taking the tactic that no American military was in Iraq
no censorware decryption had been done, I thought of replying along
the lines of "David, does the string [recite N2H2's private decryption key]
mean anything to you?". But sadly, as a mere PR flack, he probably
could have truthfully answered that the random letter/number
combination which was N2H2's private decryption key, did not mean
anything to him (and I couldn't remember it right then anyway).
But in terms of lawsuits, this isn't playing with fire, it's playing with WMD's (Weapons Of Mass Destruction). Or Lawsuits Of Massive Damages. A few years ago, when CyberPatrol sued two programmers, they opened with a $75,000 damage claim. Remember, that was just the start. These days, given the success of the music industry litigation tactic of loading up on claims of huge damages, gallows humor is whether a censorware lawsuit would confine itself to claiming mere millions of dollars, or go for billions of dollars.
Let's recall, even the DMCA 1201(g) research exemption is full of wiggles such as:
... the person made a good faith effort to obtain authorization before the circumvention;
[elsewhere] ... whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;
... whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; ...
There's almost a paradox here, in that low-hanging research fruit is likely snapped-up already by high-ranking researchers, leaving hard foraging for those further down the ranks. But that's exactly the sort of work which is going to involve more risk, yet at the same time apparently has less legal protection, because one almost needs to already have good formal credentials ("appropriately trained or experienced") in order to qualify in the first place! (i.e., want a job, get some experience, want some experience, get a job).
A paper which does very little for me personally, but has a reasonable chance of pauperizing litigation, yet I have no organization backing, is all a losing proposition. I am chilled.
Banned Censorware Report - SmartFilter Reverse-Engineering
[I'm returning to my series of Censored Censorware Reports, where I describe research I cannot publish due to the lawsuit risk, and corresponding lack of necessary legal and journalistic support.]
There isn't all that much to describe regarding this report, because it was intended to outline some reverse-engineering of the censorware program SmartFilter. It's hard to give details here without actually writing the material, and so defeating the purpose.
However, the following news item, from Susan Crawford, should make the derailed and destroyed report relevant and perhaps even poignant (my emphasis below):
3. Speaking of EFF, they're looking for amicus briefs to be filed by December 22, 2004 in the Blizzard v. Internet Gateway case in the 8th Circuit. The district court decision [pdf] in that case upholds a very broad license agreement forbidding any kind of reverse engineering or fair use; key issues before the appellate court will be preemption and the scope of the 1201(f) exception in the DMCA for reverse engineering.
("Blizzard v. Internet Gateway" is the same case as the previously mentioned Blizzard vs BNETD, that's just a variation in the name)
Note it's unclear if my plight would even be fodder for an amicus ("friend of the court") brief here. There are legal details I don't completely understand, having to do with rules that appeals are supposed to refer only to facts already in the trial record. This is very different from e.g. the (failed) "affirmative" case against N2H2, where the facts there were developed specifically for the legal challenge.
It's not worth years of litigation to publish this research, even if I eventually won. Not when there's so little backing and support.
[Update: I should have explained than an amicus brief is by "someone who is not a party to the litigation, but who believes that the court's decision may affect its interest." - I hope the application is obvious ...]
PR for "Barbara Nitke and National Coalition for Sexual Freedom v John Ashcroft"
Nitke v. Ashcroft case # (01 CIV 11476 (RMB)) press release excerpt:
Full version: http://sethf.com/nitke/cda-trial.php
Challenge to the Communications Decency Act
Contact: Susan Wright, Spokesperson
917.848.6544
susanw[at-sign]ncsfreedom.org
http://www.ncsfreedom.org/
October 29, 2004, New York City - Testimony concluded on October 28,
2004, in Barbara Nitke and National Coalition for Sexual Freedom v
John Ashcroft, in the Federal District Court for the Southern District
of NY, case # 01 CIV 11476 (RMB). This lawsuit is challenging an
unconstitutional law called the Communications Decency Act (CDA) which
criminalizes free speech on the Internet. Plaintiffs are represented
by noted First Amendment attorney, John Wirenius.
...
The reliability of geolocation software was challenged by testimony
from Ben Laurie of The Apache Software Foundation. Seth Finkelstein,
a computer technical expert,
testified about the
conflicts between
geolocation software and the protection of privacy. Geolocation
software allows website hosts to block visitors from certain states or
areas of states. This is a critical component of the case because
obscenity is determined by "local community standards." Testimony was
sharply divided over the accuracy of geolocation software, varying
over a range of 60-95% effective. ...
[Note this case concerns provisions of the Communications Decency Act, such as the definition of obscenity and its "community standards" aspect, which were not addressed in Communications Decency Act cases such as Reno v. ACLU]
CDA Internet obscenity trial, expert declaration on-line
My expert declaration in the Nitke v. Ashcroft case is now on-line. This addresses how the Internet and issues of community standards conflict with anonymity and privacy, as well as other problems with determining the location of users who are reading material from websites.
http://sethf.com/nitke/declaration.php
It's a condensed version of my Nitke v. Ashcroft expert report.
Back from a week consumed by CDA obscenity case trial
I've just gotten back from a week consumed by the Nitke vs Ashcroft Internet censorship court case trial, where I was an expert witness (as I had to keep reminding myself, that's witness, not defendant).
Seth David Schoen (aka "the EFF Seth" - he's EFF Staff, I've never been employed by EFF) has some notes about what happened at the trial. I fit in as a part of the sentence "The morning was taken up with technical experts, who sparred over the question of how accurate geolocation technology can be under various circumstances".
More later. It's been a draining week.
MGM v. Grokster appeal victory, and The INDUCE Act Cometh
As will be noted by everyone in the whole copyfight universe, the MGM v. Grokster appeal concerning copyright liability for file-sharing programs, has been decided in a victory for the civil-liberties side (congratulations!)
In short, from the evidence presented, the district court quite correctly concluded that the software was capable of substantial noninfringing uses and, therefore, that the Sony-Betamax doctrine applied.
As also will be noted, this is not the end of the story, and there's likely to be further action from Congress:
Indeed, the Supreme Court has admonished us to leave such matters to Congress. In Sony-Betamax, the Court spoke quite clearly about the role of Congress in applying copyright law to new technologies. As the Supreme Court stated in that case, "The direction of Art. I is that Congress shall have the power to promote the progress of science and the useful arts. When, as here, the Constitution is permissive, the sign of how far Congress has chosen to go can come only from Congress."
As I said a while ago in an old post concerning Grokster, "Streamcast copyright win, vs. LaMacchia case",
This reminds me much of the concluding part of the LaMacchia case:
This is not, of course, to suggest that there is anything edifying about what LaMacchia is alleged to have done. If the indictment is to be believed, one might at best describe his actions as heedlessly irresponsible. and at worst as nihilistic, self-indulgent, and lacking in any fundamental sense of values. Criminal as well as civil penalties should probably attach to willful, multiple infringements of copyrighted software even absent a commercial motive on the part of the infringer. One can envision ways that the copyright law could be modified to permit such prosecution. But, "'[i]t is the legislature, not the Court which is to define a crime, and ordain its punishment.'
And the result there was the .NET act . I wonder what we'll get here?
And now, the answer is clear - IICA/INDUCE Act!
JibJab vs. Ludlow - Court Info
It's true - from the Court electronic database (no link, since subscription needed):
U.S. District Court
California Northern District (San Jose)
CIVIL DOCKET FOR CASE #: 5:04-cv-03097-PVT
Jibjab Media Inc., v. Ludlow Music, Inc.,
Assigned to: Hon. Patricia V Trumbull
Referred to:
Demand: $
Lead Docket: None
Related Cases: None
Case in other court: None
Cause: 28:2201 Declaratory Judgement
Date Filed: 07/29/04
Jury Demand: Plaintiff
Nature of Suit: 820 Copyright
Jurisdiction: Federal Question
[ Update: EFF announces JibJab / Ludlow lawsuit: http://eff.org/deeplinks/archives/001782.php ]
S.2560 (IICA/INDUCE Act) and "substantial noninfringing use"
During the recent IICA/INDUCE Act hearing, there was much discussion about the "Sony" standard concerning the copyright defense for product-makers of having substantial non-infringing use. For example, Senator Hatch stated:
Second, S. 2560 uses a proven model for structuring secondary liability. The substantial-noninfringing-use rule that Sony imported from the Patent Act coexists there alongside liability for intent to induce infringement [,] a concept that the Patent Act calls active inducement. This proven model can address cases of intent to induce infringement that were explicitly not covered or addressed by the Supreme Court in Sony.
In the above quote, I assume he means the following S.2560 paragraph:
`(3) Nothing in this subsection shall enlarge or diminish the doctrines of vicarious and contributory liability for copyright infringement or require any court to unjustly withhold or impose any secondary liability for copyright infringement.'.
However, I believe the recent history of such claims provides a substantive argument that he is mistaken. Remember, we've been here before, with the DMCA, in the infamous 1201(c)(1) passage (emphasis added):
* (c) Other Rights, Etc., Not Affected. -
(1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
The INDUCE Act may preserve the "substantial non-infringing use" standard of _Sony_, in the same way the DMCA preserved fair-use: only as a very abstract theory, not in practice.
Let's recall what the DeCSS case ruled:
When Sony was decided, the only question was whether the manufacturers could be held liable for infringement by those who purchased equipment from them in circumstances in which there were many noninfringing uses for their equipment. But that is not the question now before this Court. The question here is whether the possibility of noninfringing fair use by someone who gains access to a protected copyrighted work through a circumvention technology distributed by the defendants saves the defendants from liability under Section 1201. But nothing in Section 1201 so suggests. By prohibiting the provision of circumvention technology, the DMCA fundamentally altered the landscape. A given device or piece of technology might have "a substantial noninfringing use, and hence be immune from attack under Sony's construction of the Copyright Act--but nonetheless still be subject to suppression under Section 1201." [FN169] Indeed, Congress explicitly noted that Section 1201 does not incorporate Sony. [FN170]
That is, the line with the DMCA, is that you're not being charged with the old infringement offense, to which one can defend via fair use. You're being charged under the all-new circumvention offense, which doesn't have that defense. But the old defense isn't affected, since if you were changed with the old offense, you could still plead that, got it? (I call this a "legal hack").
So, I think in any case under the IICA/INDUCE Act, we'd get a similar line: _Sony_ standard ("substantial-noninfringing-use")? What _Sony_ standard? That's a defense to "vicarious and contributory liability". You're not being charged with "vicarious and contributory liability". You're being charged with the brand-new INDUCTION liability. But if you were charged with "vicarious and contributory liability", you'd have a great defense under the _Sony_ standard, you betcha. But how sad for you, that you're being charged for inducing-infringement, for which that defense doesn't exist. After all, the whole reason for the new law was to create a new offense for conduct just like you're being charged with, got it?
Having seen this happen so recently, it's quite reasonable to believe it'll happen again.
EFF Deep Links on Barbara Nitke et al. v. John Ashcroft, 01 Civ. 11476
EFF Deep Links has an article "Will Obscenity Ruling Break Online Anonymity?", about the Nitke vs. Ashcroft case regarding obscenity law, and "community standards" applied to the Internet. I'm mentioned prominently, thanks folks:
"But if the outcome is less than stellar, it could affect a lot more than Internet pornography. In fact, many forms of online anonymity that we take for granted would be placed in peril. Experts testifying on behalf of the government have argued that community standards can be maintained on the Internet through the pervasive use of geolocation software. Seth Finkelstein has argued on behalf of the plaintiffs that implementing such software is cost-prohibitive and that the software itself is inaccurate. But we may nevertheless be facing a future where we are forced to reveal where we live in order to access websites with content that could be interpreted as obscene in some communities."
Internet Censorship Law and Censorware Politics
[This is a REPOST of a message I wrote a few months ago. I'm putting it here again since I'm busy today with paid work, and besides, it says just about what I'd say anyway in reaction to the recent "COPA" net censorship decision.]
I probably shouldn't waste my time writing these posts, but the recent net censorship Supreme Court argument struck a deep chord with me:
Ms. Beeson argued that there were less restrictive alternatives to the pornography law: parents could now take matters into their own hands by using Internet filtering software and configuring it to reflect their own values. Congress already requires that schools and libraries use filters.
Chief Justice William H. Rehnquist and Justice Antonin Scalia seemed skeptical of that argument, however, and both noted that the civil liberties union had opposed the library filtering bill. Mr. Olson also noted that a number of Web sites gave step-by-step instructions on defeating the technology.
Here - not ancient history, not years ago, but this week's Supreme Court Internet censorship law arguments [update 6/29 - and now Supreme Court decision] - is an illustration of the problem I faced for so many years. Because the part of the civil-liberties strategy was, and remains, arguing favorably about censorware in this legal context. See Peter Junger's "least restrictive means" message for the best legal analysis (in my view).
I never opposed this as a legal argument. But for too long, for too many prominent people, that legal argument turned into a social argument for touting censorware. And so ...
If you said censorware didn't work, you were going against the strategy.
And that was bad. And thus the censorware critics had to be discredited. And here my trouble began.
In 1995, when I first decrypted censorware. I called my then-friend Mike Godwin, famous net.legend Internet civil-liberties lawyer, for help. Well, at that time, he was making policy advocacy statements such as:
This is why I believe that the right role for Congress to play is to encourage the development of software filters that prevent my child and others from being harmed in the first place.
Recall that the basic technology we're talking about here is the computer -- the most flexible, programmable, "intelligent" technology we build and market.
-- Mike Godwin, 1995 Congressional testimony
Thus he was not pleased to be informed about censorware's lack of "intelligent" technology. And I got an earful of all the (my description) dirty deals that were trying to be cut behind the scenes. I suppose now it's no secret that the ACLU blew me off when I tried to get their help (I still have the messages). But they didn't go on a personal attack-campaign about it.
Anyway, much has happened since then. However, some of the fundamental paradoxes are still in evidence - this week, in the Supreme Court.
I note this in an attempt at a "teachable moment". When I try to explain the background of censorware politics, the factors which caused things to evolve as they did, I often get trivialization and dismissiveness ("Petty bickering! Size measuring! Pissing contest!"). It's so easy to scream "EGO!", which means you don't have to think about anything.
There were, and are, reasons which drove it all, and still matter right now. But looking back on how it affected me, over nearly a decade: If I had to do it all over again, I wouldn't. Personally, it wasn't worth it.
My Expert Witness Report quoted in FCC filing by EFF
I've just found that there is an on-line reference for an EFF filing to the FCC which quotes my expert witness work:
COMMENTS OF ELECTRONIC FRONTIER FOUNDATION (May 28, 2004)
Before the Federal Communications Commission Washington, D.C. 20554
In the Matter of
WC Docket No. 04-36 IP-Enabled Services
I'm on page 7, as footnote 17 (URLs added):
A tangle of local regulations may also lead to a wasteful and privacy-undermining effort by service providers and even publishers to determine the physical locations of all Internet users. [footnote 17]
[17] See Expert Witness Report of Seth Finkelstein, Barbara Nitke et al. v. John Ashcroft, 01 Civ. 11476 (RMB), S.D.N.Y., available at http://sethf.com/nitke/ashcroft.php (noting limitations and expense of geolocation technology; distinguishing "co-operative" from "oppositional" geolocation).
I'm an authority! :-)
Patent Infringement INDUCEment No Excuse for INDUCE Act?
[Not an echoing of newsreports! Uncommon information!]
One justification which has been made for the newly proposed
inducement-to-infringe copywrong, the
(INDUCE
Act), is that patent law already has an inducement provision (so,
implicitly, what's the problem?). Besides the obvious difference
between patent law and copyright law, it seems the patent law
inducement to infringe offense may not be such a good recommendation.
I found an interesting article, in "Intellectual Property Today", MARCH, 2004, by Richard Roos :
LURKING DANGERS COMPOUNDED BY UNCERTAIN LAW
As most people know, it is a criminal offense to aid and abet the commission of a crime, the logic being that if one participates in furtherance of a crime, one is as much a criminal in the eyes of the law as whoever perpetrated the offense. However, not all companies realize that somewhat analogous scenarios exist in the patent world due to the laws of contributory infringement and inducement to infringe.
That article describes a set of pitfalls and uncertainties with patent law inducement to infringe.
Does it sound like an improvement to take this "uncertain law", expand it, and apply it widely in a fast-changing context? Am I a radical for thinking this is not a good idea?
Atari v 321 Studios, DMCA lawsuit over Games X Copy
321 Studios, which makes backup-software, is being sued under the DMCA by Atari and other Entertainment Software Association members, over 321's Games X Copy backup product (via Copyfight).
Press Release: Leading video game companies sue 321 studios
By coincidence, I was just going through the decision of 321 v MGM, a similar DMCA case, which 321 lost. Notable excerpts (my emphasis):
This Court finds, as did both the Corley and Elcom courts, that legal downstream use of the copyrighted material by customers is not a defense to the software manufacturer's violation of the provisions of S 1201 (b)(1).
And
Fair use and misuse are defenses only to copyright infringement claims, which are not at issue in this motion. Additionally, as this Court has already related in some detail in the