EFF Breaking News
Tech News World
Chris Rush Cohen
E.D. Tex. Weblog
Hacking the Law
Online Liability Blog
Promote The Progress
Tech Law Advisor
Tech & Marketing
Cocktail Party Physics
Freedom to Tinker
Lawyers Don't Get It
Tech Liberation Front
Numbers Guy, The
Dump & Chase
On Frozen Blog
Off Wing Opinion
View From The Cheap Seats
Regret the Error
TiVo/Gizmo Lovers Blog
Friday, 6 June 2008
The War on Photography
Bruce Schneier is a security expert, civil libertarian, and all-around interesting guy. I like his blog ("Schneier on Security"); he has a fresh, conversational writing style and isn't condescending to non-experts. His writings on "security theater" have brought him a lot of media attention since September 11. Lately, he's been writing a lot on what he calls The War on Photography.
This week brings two especially good posts. On Tuesday, he discussed a network news crew that was accosted by the security team at Union Station in Washington DC. The security guard instructed the crew to stop filming — interrupting an interview with an Amtrak spokesman who was explaining that the station has no policy against photography. Left hand, meet right hand. (Video here.)
On Thursday, he wrote a more general essay about the illogical ban on photography in public places. The whole post is worth reading. Here's a taste (links in the original):
Since 9/11, there has been an increasing war on photography. Photographers have been harrassed, questioned, detained, arrested or worse, and declared to be unwelcome. nbsp;We've been repeatedly told to watch out for photographers, especially suspicious ones. Clearly any terrorist is going to first photograph his target, so vigilance is required.
Wednesday, 29 November 2006
Photo ID required to eat pancakes
QUINCY, Mass. — John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. "'You want my license? I'm going for pancakes, I'm not buying the Hope diamond,' and they refused to seat us," Russo said, recounting his experience this week at the Quincy IHOP.
Wednesday, 28 June 2006
Ratings and warnings of "sexually explicit material"
According to a C|Net article, the Senate Commerce Committee approved an amendment to a bill that would require web site operators to place a label on their home pages if the site contains "sexually explicit material" and to "rate 'each page or screen of the website that does contain sexually explicit material' with a system to be devised by the Federal Trade Commission'" ("Senators adopt Web labeling requirement").
There is no hope that a workable system could be based upon that rule. Set aside for the moment the probably-fatal First Amendment concern that "sexually explicit material" is unlikely ever to be defined clearly enough to survive judicial scrutiny and that we would need such a definition for multiple categories of sexually explicit material. The stated purpose of the bill presumes that children do not want to see sexually explicit material. According to the article:
"This will protect children from accidentally typing in the wrong address and immediately viewing indecent material," said Sen. Conrad Burns, a Montana Republican who is the co-founder of the Congressional Internet Caucus.Have you ever known a child to walk away from something sexually explicit without looking at it? I doubt such a child exists.
Thursday, 1 December 2005
First Amendment analysis of Berkeley evolution web site
A lawsuit filed by Jeanne and Larry Caldwell against the operators of an educational web site about evolution (called "Understanding Evolution"), hosted by the University of California at Berkeley, has received international attention. Apparently, they claim that the use of public funds (a National Science Foundation grant) to write and publish documents that promote belief in evolution (which the Caldwells appear to believe contradicts their religion) violates the establishment clause of the First Amendment.[FN1] This is my "quick and dirty" First Amendment analysis.[FN2]
In general, the Berkeley site seems, to me, to be on solid ground, although the First Amendment establishment caselaw sometimes requires a very narrow focus on the particular statements at issue, as opposed to on the web site in general. From what I gather from news reports, only one element (or a small number of elements) of the site appears to be under attack. I think that element will survive First Amendment scrutiny, although, personally, I think it was a bonehead thing to publish in the first place. The statements being attacked are pretty foolish.
Some news articles report that the suit seeks to force the site operators not to "mention" religion. I doubt those reports are accurate, since a prohibition on "mentioning" religion would clearly be too broad. The courts have upheld or favorably discussed many government mentionings of or references to (1) religion generally, (2) particular religions, and (3) religious doctrines. For example: "In God We Trust" printed on money, presidential proclamations declaring a national day of prayer and thanksgiving, public offices closing on "Christmas Day," prohibitions on selling alcohol on Sundays, and the recitation of a prayer at the beginning of each session of Congress and of the Supreme Court.
The First Amendment analysis most often used by federal courts is the "Lemon test," named for the Supreme Court decision in Lemon v. Kurtzman, 403 U.S. 602 (1971). The original Lemon test had three prongs: (1) whether the state action (or law) has a religious purpose, (2) whether the state action has the primary effect of advancing or inhibiting religion, and (3) whether the state action excessively entangles the government and religion. In more recent cases, the last two prongs have been merged (or at least brought close together), so today there are really two prongs: a "purpose" prong and an "effects" prong. The prongs were further muddied in the late 1990s when one of the Justices wrote in Agostini v. Felton that excessive entanglement is one factor to consider in determining whether a state action's primary effect is religious (the other two factors being government indoctrination and defining the recipients of government aid based on religious criteria).
Courts also sometimes use the so-called "endorsement test" when the government is engaged in expressive activities like publishing documents or sponsoring speakers (such as commencement speakers at public schools). The endorsement test asks whether the state action somehow endorses a particular religious viewpoint. The rationale, according to Justice O'Connor, is that such endorsement can make some people appear to be favored and others appear to be outsiders in the political community on the basis of whether they share the religious belief endorsed by the government. (Justice O'Connor urged adoption of this test in 1984, in a concurring opinion in Lynch v. Donelly, 465 U.S. 668 (1984). I am not sure if the Supreme Court has ever expressly adopted it, but the Court does now use it as part of the Lemon test, as a factor to consider in determining if the state action has the purpose or effect of advancing religion.)
Finally, where the use of public funds is concerned, the Supreme Court applies the "neutrality" test, which asks whether the state action treats religious groups in the same manner as other similarly-situated groups. Use of the neutrality test is a more recent trend, and it has been applied most often in cases involving government aid to schools that are affiliated with religious entities (e.g., vouchers, textbook handouts, and E-Rate).
That is a nutshell of the law. Now for some facts about the Understanding Evolution site.
The site's search engine returns three hits for "religion." One is the particular FAQ (frequently asked question) that is receiving all the attention. It is only one FAQ among many. That FAQ also provides a link to a web page of the National Center for Science Education (NCSE) which contains statements about evolution from religious organizations. The second hit contains the site credits, where a biographical blurb for Alan D. Gishlick states that Dr. Gishlick is interested in "the interface between science and religion, especially as it relates to biological evolution." The third hit is a list of FAQs on the controversies surrounding the teaching of evolution, which mentions the word religion solely in the context of a link to the same NCSE web page mentioned above. The rest of the FAQ answers on that page appear to be external links to other web sites with a terse description of what is on each external page.
Looking at the Understanding Evolution site as a whole, its mentionings of religion seem, to me, to be tangential and incidental to its main focus. The main focus appears, to me, to be just what is set forth in the site's "About" page: "Understanding Evolution is a non-commercial, education website, teaching the science and history of evolutionary biology. This site is here to help you understand what evolution is, how it works, how it factors into your life, how research in evolutionary biology is performed, and how ideas in this area have changed over time." That seems, to me, to be a good faith description of the contents of the site.
In the framework of existing caselaw, I doubt a court would rule any part of the site unconstitutional. It would be hard to construct a convincing argument that the site's primary purpose is other than scientific and educational. The site's primary effect is to disseminate facts about evolution and explanations of related concepts, with the intent of helping educators teach. I doubt anyone can plausibly argue that the site excessively entangles the government in any church or religious doctrine. The mere mention of a handful of religious entities and providing links to copies of their public statements hosted elsewhere does not seem, to me, to be particularly entangling or to endorse those particular religions over others.
Under the neutrality test, I think the proper question is whether the National Science Foundation (NSF) would, under the right circumstances, give a grant similar to the one it gave to Berkeley to a church if the church had submitted a proposal to create an educational web site about evolution that meets the same criteria as the Berkeley site — i.e., that it disseminates valid scientific information, that it is helpful to teachers, etc.
On the other hand, the particular FAQ that mentions religion does have some endorsement problems. It makes specific, declarative statements that evolution and "religion" are not incompatible and states that many religious groups accept evolution as fact. Those statements clearly have the effects of inhibiting (however slightly) religions which purport to be incompatible with evolution and of endorsing or advancing (however slightly) religions which purport to be compatible with evolution. They also have the effect (however slight) of making some people (e.g., fundamentalist protestants?) feel like outsiders.
Just how slight or not-slight those effects are is debatable — hence the endorsement problem and the need for good lawyers.
On the whole, I think the operators of the site have little to worry about. They might be ordered to revise or remove that particular FAQ. Rewording it in terms of particular religious groups rather than "religion" would make it more likely to survive First Amendment scrutiny. The site's controversy FAQs are instructive: they address much narrower concepts than "religion" (e.g., "What is Creationism?" and "What is intelligent Design?"), and they simply provide links to other web sites with terse introductions, without editorializing.
Believe it or not, that is the "quick" analysis.
Tuesday, 15 February 2005
ChoicePoint & Privacy
I used to consider myself reasonably well informed about the issues surrounding privacy and information technology. I admit to feeling a little smug when I read Bob Sullivan's article on MSNBC yesterday, about breaches of consumer privacy admitted by ChoicePoint ("Database giant gives access to fake firms"). Mostly, I felt smug about one consumer whom Sullivan quoted as saying she had never heard of ChoicePoint the data mining company that tries to collect and organize information about every consumer, business, and transaction that occurs in the United States.
However, my smugness vanished when I clicked through to a linked article, by Robert O'Harrow, Jr., of the Washington Post, that describes ChoicePoint in some detail ("ChoicePoint finds wealth in information"). I had no idea the company had reached such an enormous size and was still growing so fast. It was pretty humbling.
Wednesday, 3 November 2004
California voters, hoodwinked, expand DNA database
I generally respect reasonable disagreements on complex issues. Even when I think the majority gets it wrong, I rarely think voters were bamboozled. Unfortunately, that is what happened yesterday when California voters approved Proposition 69.
The proposition was popularly called a measure to expand the state's "Felon DNA Database" see, for example, the San Francisco Chronicle's return page for this proposition. I have never seen a ballot initiative so deceptively described. Every supporting editorial, radio spot, and flier touted how it would help "catch criminals" which it just might do. Unfortunately, they ignored its devestating effect on everyone else's privacy. Privacy was rarely, if ever, mentioned in the supporting arguments not even to refute the compelling arguments against the measure.
Privacy was not even a blip on the radar screen: it was a speck of dust flicked off the screen by a bored radar operator. I cannot recall the last time my level of frustration with a public debate was this high.
Saturday, 30 October 2004
Grand Canyon: A Questionless Inquiry
Last year, the National Park Service began distributing a book by Tom Vail, a veteran tour guide at Grand Canyon National Park and head of Canyon Ministries. The book, Grand Canyon: A Different View (available online at the Institute for Creation Research) argues that the eponymous gorge was formed quickly Diluvially, in the Noachian flood and not gradually, by millennia of erosion.
After a (relatively anemic) public outcry, President Bush promised that his administration would "review" the sale of the book at national park gift shops. According to Public Employees for Environmental Responsibility (PEER), the review was discarded the moment the public had turned its attention elsewhere. The book is still on sale at the park, where the administration has also reinstalled bronze plaques bearing bible verses at scenic overlooks (from which they had previously been removed, on the advice of Interior Department lawyers). PEER's press release has more details. PEER also claims to have compiled numerous other examples of what it has dubbed Bush's "faith-based parks" agenda.
Wednesday, 27 October 2004
Obituary: Richard M. Schmidt, Jr.
Sadly, yesterday I heard that Richard M. Schmidt, Jr. had passed away on the 17th. First Amendment buffs will remember Schmidt as a champion of the free press and counsel for the Miami Herald in Miami Herald Publishing Co. v. Tornillo, 418 U.S. 241, 94 S. Ct. 2831, 41 L. Ed. 2d 730 (1974). In that case, the Supreme Court struck down a Florida "right of reply" law that forced newspapers to publish responses to critical editorials. Chief Justice Burger wrote this memorable passage:
The Florida statute operates as a command in the same sense as a statute or regulation forbidding appellant to publish specified matter. Governmental restraint on publishing need not fall into familiar or traditional patterns to be subject to constitutional limitations on governmental powers. The Florida statute exacts a penalty on the basis of the content of a newspaper. The first phase of the penalty resulting from the compelled printing of a reply is exacted in terms of the cost in printing and composing time and materials and in taking up space that could be devoted to other material the newspaper may have preferred to print. It is correct, as [Tornillo] contends, that a newspaper is not subject to the finite technological limitations of time that confront a broadcaster but it is not correct to say that, as an economic reality, a newspaper can proceed to infinite expansion of its column space to accommodate the replies that a government agency determines or a statute commands the readers should have available. [ ]
Thursday, 19 August 2004
MGM v. Grokster affirmed
Right now I have nothing to add to what is being said on the 9th Circuit's affirmation [pdf] of MGM v. Grokster — except to recommend Ernest's comments, then Derek's Leftovers and Frank's link collection.
...And then let's raise our voices with a collective WOOHOO!!!
Tuesday, 10 August 2004
CBO releases report: "Copyright Issues in Digital Media"
I have not had time to read the whole thing yet. Having only skimmed the summary and the first few sections, it seems that it could provide a good starting point for debates over new legislation. It is not as heavily laden with economic or legal terms as other analyses have been.
Oh, yeah...and I like the frame it created for the debate. From the summary:
Thursday, 5 August 2004
FCC subjects VoIP to CALEA
The FCC acted this week on Uncle Fed's request that it subject VoIP providers to CALEA, the Communications Assistance for Law Enforcement Act. Last month, the FBI asked the Commission to exercise its authority to extend the group of technologies to which the act applies to include VoIP — in other words, to expand the reach of cheap and easy "wiretapping" for Uncle Fed and other law enforcement agencies. (Well, not literally "wiretapping," as I explained in detail a few months ago: "Wiretapping & VoIP.")
Yesterday, the FCC adopted a Notice of Proposed Rulemaking and Declaratory Ruling [pdf] in which it concluded that broadband providers whose facilities can be used for VoIP should be subject to the surveillance rules that govern traditional phone service providers:
[T]he Commission tentatively concludes that CALEA applies to facilities-based providers of any type of broadband Internet access service — including wireline, cable modem, satellite, wireless, and powerline — and to managed or mediated Voice over Internet Protocol ("VoIP") services. These tentative conclusions are based on a Commission proposal that these services fall under CALEA as "a replacement for a substantial portion of the local telephone exchange service."
Now, it wants public comment on implementation:
The Commission seeks comment on telecommunications carriers' obligations under section 103 of CALEA and compliance solutions as they relate to broadband Internet access and VoIP. In particular, the Commission seeks comment on the feasibility of carriers relying on a trusted third party to manage their CALEA obligations and whether standards for packet-mode technologies are deficient and thus preclude carriers from relying on them as safe harbors for complying with CALEA.
The kicker? Broadband providers are expected to bear the full cost of this law government program:
With regard to costs, the Commission tentatively concludes that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities; seeks comment on cost recovery issues for wireline, wireless and other carriers; and refers to the Federal-State Separations Joint Board cost recovery issues for carriers subject to Title II of the Communications Act.
The New York Times has coverage: "F.C.C. Supports Surveillance Rules on Internet Calls". See also Declan's column from last week, for background info: "FBI targets Net phoning."
Wednesday, 28 July 2004
Arlo uppercuts Jib Jab
The latest Flash cartoon floating around is a hilarious parody of the U.S. Presidential campaign. The animated creation of Jib Jab stars President Bush and John Kerry, dancing to the tune of Arlo Guthrie's classic "This Land Is Your Land" and calling each other names like "right-wing nutjob" and "liberal sissy."
Despite the dangers (see: Idiot's guide to combatting satire), the company that owns the rights to Arlo's song has sicced its lawyers on Jib Jab. (See this CNN report.) President Bush learned first-hand in the last election that nearly any attempt to suppress Internet-based satire will fail spectacularly. Even if you have forgotten the incident, you probably remember Bush's (in)famous quote: "There ought to be limits to freedom."
CORRECTION (28 Aug.): Two days after posting this, I realized that Woody Guthrie not his son, Arlo wrote "This Land Is Your Land." I meant to post a correction but, unfortunately, managed to leave it in "save as draft" limbo. Yesterday, a concerned neighbor of Arlo's emailed me to set me straight on the facts. She also said that Arlo was unhappy with the record company's actions and that he thought his father would be, too. Then she pointed me to this link. I appreciate it when people constructively (and politely!) point out my mistakes.
Monday, 14 June 2004
Supreme Court dismisses Newdow's action on standing grounds
Time for me to live up to a promise made last October: "If the Supreme Court decides [Newdow v. Elk Grove Unified School District] on Article III (standing) grounds, I will be the first person to leap to its defense." I now leap to its defense.
Monday, 17 May 2004
Hasta la vista, bobble
The governor's goon squad (his film company, actually) filed suit today against Ohio Discount Merchandise, the company that created the collectible Arnold Schwarzenegger bobbing head doll. I have little time to write about this tonight, but I will predict right now that this will be this decade's landmark publicity/free speech case. I just hope Judge Kozinski has a chance to stretch before he goes to the mat.
As a bodybuilder and movie star (i.e., a member of the private sector), Arnold had a strong claim that his persona and likeness were worth millions and protectible. As a governor, however, the First Amendment demands that he relinquish most of the control he used to enjoy. The doll at issue is obviously a parody, and it is part of a series that depicts public figures from Tom Daschle to Abraham Lincoln to Al Capone to Jesus. This lies somewhere between a Three Stooges T-shirt and Vanna White, circa 2012.
Monday, 15 March 2004
FBI proposes expansive broadband "wiretap" rules
Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).
Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.
I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.
Friday, 12 March 2004
Blundering through security
It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)
Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.
Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):
Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.
Thursday, 11 March 2004
FTC "primary purpose" spam rule is a chance to revisit Central Hudson
Yesterday the Federal Trade Commission (FTC) announced that it would begin hearing public comments today on a rule that the CAN-SPAM Act requires it to propound — a definition that permits a determination whether an email's "primary purpose" is commercial. (Click here to read the proposed rule and here to submit a comment.)
The statute applies to commercial messages, so someone has to define precisely what commercial means. Naturally, Congress passed that buck to the FTC. The U.S. Supreme Court has grappled with the definition of "commercial speech" since it first recognized the concept in 1976, in Virginia Pharmacy (abstract). I rarely agree with Clarence Thomas, but I find his logic on commercial speech unassailable. There is simply no articulable definition that captures all commerciality without also capturing noncommercial elements. Likewise, there is no articulable definition that avoids capturing noncommercial speech without missing large swaths of the commercial sector. To borrow two terms from another line of constitutional jurisprudence, all definitions of "commercial speech" that have ever been suggested have been overinclusive or underinclusive. How can we justify regulating a class of speech that we cannot even define?
Since 1995, Justice Thomas has consistently railed against the commercial-speech doctrine of Central Hudson. In the last few years, the Court seems to have been moving slowly, reluctantly towards his position in 44 Liquormart, Ruben, and Glickman. Although he lost the Glickman fight, it was a 5-4 decision, and the commercial speech issue was not squarely implicated. With a challenge to the FTC's "primary purpose" rule propounded under CAN-SPAM — no matter what the final rule actually says — there will be no room for the Court to dodge the underlying First Amendment question. One can only hope the case rises that far.
Wednesday, 25 February 2004
IP practitioners and the public interest
This past month my first as an IP attorney has uncovered many wonderful things for me. The most wonderful has been the attitude of several attorneys that it has been my pleasure to work with. Although none of them have ever (to my knowledge) been an activist or "copyfighter," they seem genuinely concerned for the public interest in the area of IP law.
Like all good patent litigators, they avidly watch the Federal Circuit for interesting decisions. However, these folks occassionally cheer when the court limits the scope of patent law in ways that limit the rights of patent holders and expand the public domain. They cheer notwithstanding that such decisions may ultimately mean less money in their own pockets. When I described the size of statutory damges authorized by the Copyright Act, one partner refused to believe me until I showed him a copy of ง 504. Even then, his reaction was, "Hmmm...what did Disney pay to get that?"
There are many good reasons why I chose to join this firm.
Tuesday, 27 January 2004
Patriot Act provision struck down
It was bound to happen sooner or later. A federal District Judge in Los Angeles has struck down a provision of the USA PATRIOT Act as unconstitutional. The New York Times highlights the First Amendment argument advanced by the Humanitarian Law Project: "[S]everal humanitarian groups that work with Kurdish refugees in Turkey and Tamil residents of Sri Lanka had sued the government, arguing in a lawsuit that the antiterrorism act was so ill defined that they had stopped writing political material and helping organize peace conferences for fear that they would be prosecuted."
The provision at issue forbids U.S. citizens from giving "expert advice or assistance" to known terrorist groups. As written, this language would prevent a dentist from cleaning a terrorist's teeth there is nothing to limit the prohibition to advice or assistance that could be used to further terrorism. The court summarized this shortcoming: "The USA Patriot Act places no limitation on the type of expert advice and assistance which is prohibited, and instead bans the provision of all expert advice and assistance regardless of its nature." Naturally, this vague rule would encompass "unequivocally pure speech and advocacy protected by the First Amendment." Therefore, the First Amendment demanded that it be struck down.
Monday, 12 January 2004
Wiretapping & VoIP
Last week, Uncle Fed (specifically, the Department of Justice, the FBI, and the Drug Enforcement Administration (DEA)) asked the FCC to force providers of voice-over-Internet protocol (VoIP) services to provide easy "wiretapping" capability to federal and local authorities. See Declan's report on C|Net: "Feds seek wiretap access via VoIP." A few comments are in order before the press mangles this situation and manages to obscure the facts. (Not to impugn Declan; I thought his article was good.)
Lawyers are in the language business, so we should examine the word wiretap to shed some light on exactly what Uncle Fed is asking for. Webster's Dictionary defines wiretap as an intransitive verb meaning "to tap a telephone or telegraph wire in order to get information." This definition is too circular to be useful at first, but this circularity becomes important later. Dictionary.com's nominal definition is a better starting point: "A concealed listening or recording device connected to a communications circuit." This was an accurate physical description when the term arose, during electric telegraphy's youth.
In those days, telegraphic circuits were hard-wired — that is, each pair of telegraph stations was connected by a single wire with one operator at each end. (Busy pairs of stations were connected by multiple wires, each one having operators at both ends.) Each transmission wire was plugged into a magnet-driven apparatus at each end that translated incoming electric signals into audible sounds and generated outgoing electric signals when the operator pressed a button. For an excellent beginner's text on early telegraphic technology and the economic and cultural developments it spawned, see Tom Standage, The Victorian Internet (1998).
In this environment, police had two options for surreptitious surveillance: (1) force the operator to disclose a message's contents after he received it, or (2) intercept the signal between the stations. Option 1 was inefficient because it was slow (the police had to wait for someone else to translate the message from Morse code and deliver it to them), and operators could not always be trusted to keep surveillance secret. Therefore, laws were passed that made option two mandatory. Telegraph companies were required to cooperate with the installation of a device (the "tap") onto their transmission wires that allowed the police to siphon off a tiny amount of the electric signal between two stations and send that signal to a police-operated station.
Later, switching technology made telegraphy more flexible. A switching device made temporary connections between transmission wires coming into the telegraph station. This allowed one operator (or more, at busy stations) connected to the switch to monitor several incoming wires simultaneously. Wiretap devices evolved in lock-step with switches and were quickly moved inside the switches so that fewer taps could monitor more transmissions without being physically reinstalled over and over. Whether this new configuration continued to qualify as "tapping" a "wire" is debatable. Early switching devices made temporary physical connections between telegraph wires by means of a third wire. Early switch tapping devices siphoned the electric signal off this switching wire, so there is a plausible argument that the term was still an accurate physical descriptor. Today we would understand the tapping devices as monitoring the operation of the switch device, not an individual wire within the switch. While wiretapping remained a reasonably good logical description of the tapping device's function, its accuracy as a physical descriptor was highly questionable.
The point to take from this is that wiretap first became an ambiguous term more than a century ago. Now reconsider Webster's circular definition, "to tap a telephone or telegraph wire in order to get information." Webster probably intended to denote the tapping of a circuit, not a wire, but we can forgive lexicographers for not being electrical engineers. However, Webster's definition unambiguously means eavesdropping on a single transmission or group of transmissions between two specified end points. In my experience, this is how law enforcers, laymen, and journalists all use the term. To convey the idea of collecting more than this information, they use such words as surveillance, eavesdropping, or data sniffing.
If the introduction of circuit switching made wiretap an ambiguous term, then the introduction of packet switching renders it positively useless. Packet switching is the transmission technology underlying the Internet Protocol, which is used for all Internet (and most local area network (LAN)) transmissions. Packet switching involves breaking data down into tiny pieces ("packets") and sending each packet across the network individually. This system eliminates the need for circuit switching, which dedicates a circuit to each transmission for the duration of that transmission. Few transmissions use the circuit continuously, so circuit switching inevitably involves inefficient "down time" for active circuits. Consider, for example, how frequently people pause while talking on the telephone. No information is transmitted during these pauses, but their circuit is monopolized nonetheless. Other callers cannot use this circuit until the first call ends — which forces the phone company to install a sufficient number of circuits to carry the maximum foreseeable number of transmissions simultaneously. This extra infrastructure is expensive to install and maintain.
Packet switching allows a small number of circuits to accommodate many transmissions because each one uses the circuit only while information is being actively sent. During each pause, the circuit is used for other transmissions. Additionally, different packets from the same transmission often take different routes across the network. Intermediate nodes will send packets along different routes to bypass busy sections of the network to avoid delays, among other reasons. Since packets must reach the destination individually, it must contain complete addressing information so that intermediate nodes can route it appropriately.
The same features that make packet switching more efficient than circuit switching also make it cheaper. (Sarcastic aside: This is as close to a "law" as the "science" of economics can offer us.) They also make it much more difficult to monitor communications. By definition, packets of information do not all travel through a packet-switched network by the same route. Therefore, there is no central box inside which to install a tapping device, as there is in circuit-switched networks.
The good news for law enforcers is that there does exist a place where all packets of a transmission must pass through before they are dispersed. That place is wherever the sender connects to the Internet backbone. "Backbone" is the name for high-speed networks that carry most Internet data until that data gets very close to its destination, at which time it is moved to a smaller (and usually private) network. All packets must travel from the sender's computer to the backbone through some identifiable means of transmission, be it in a cable or via wireless transmission in a form such as Wi-Fi.
The bad news for law enforcers is that each computer (or network) that connects to the Internet is connected via its own "pipe." They must install "tapping" devices on the connection used by each individual computer whose users' communications they intend to monitor. This requires that they get much closer to the target of the surveillance than they did with circuit-switched networks. In the old days, they could install tapping devices inside the switch at the telephone company's office. Conceivably they might do something similar at the target's Internet service provider (ISP). The FBI's (since-renamed) Carnivore project was an example of this. Unfortunately, this arrangement monitored traffic from all the ISP's customers, not just the intended surveillance target. In order to separate the target's transmissions from everyone else's, Carnivore has to read all packets that pass through. The only real solution to this problem is to install a device very close to the target — for example, in the cable that physically connects him to his ISP or at the antenna via which he transmits information to his ISP. This poses two main problems. First, the target may notice an unfamiliar device outside his house or office and become aware of the surveillance. Second, it is expensive because the police need to build many more devices and pay officers for the time it takes to install them at disparate locations.
By now, the linguistic difficulty of referring to any surveillance of data transmitted via the Internet as "wiretapping" should be obvious. At this point, I would like to shift direction slightly and briefly address a few related problems.
First, it is far from clear that the FCC has the authority to regulate VoIP as if it were a telecommunication service. It was widely reported last October that a federal judge in Minnesota ruled that VoIP companies provide "information" services, not "telecommunication" services, which means that states cannot regulate them under the Telecommunications Act of 1996. On the other hand, the 9th Circuit ruled earlier that month that the FCC erred in classifying cable broadband as an "information" service rather than a "telecommunication" service.
Second, according to Declan, Uncle Fed wants the FCC to require VoIP providers "to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations." This is technically possible only for a few such services. In my understanding, Vonage sells black boxes that take input from a telephone and transmit data through the user's broadband ISP connection to Vonage's network, where Vonage routes it to another Vonage device or to a circuit-switched telephone network. Therefore, Vonage may be able to install devices that "tap" a specified user's conversations. Other services, however, operate in a fundamentally different way. Skype, for example, does not have any communications network at all. Its client software transmits voice data using the same decentralized P2P architecture found in Kazaa, the popular file-sharing client. (Skype was, after all, designed by the makers of Kazaa.) Therefore, Skype has no capability to install tapping devices, even if it wanted to cooperate with a hypothetical FCC order.
Third, as discussed above, to surveil transmissions on a packet-switched network, the police must read all data packets that pass through. If they ignore any individual packet, they may miss a piece of the message they intend to intercept. This makes it an unavoidable certainty that any "packet sniffer" will collect data that is not legally subject to surveillance — it would exceed the scope of all but the most expansive warrants. (Never mind that any warrant so expansive is probably unconstitutional because it would fail to state with particularity the information intended to be collected). Depending on the environment where the sniffer is installed, it may also collect data transmitted by third parties, who are not the intended targets of surveillance and who have a reasonable expectation of privacy in their communications. This is a Fourth Amendment problem of enormous magnitude — one that is well beyond the scope of this weblog.
Fourth, Uncle Fed's own statistics for 2002 show that about 80% of all wiretaps — both federal and state — were for criminal investigations in the course of enforcing drug laws. Only the remaining 20% were used for all other types of investigations. One is left to wonder whether the alarmist language in Uncle Fed's letter to the FCC was disingenuous: "criminals, terrorists, and spies (could) use VoIP services to avoid lawfully authorized surveillance." Uncle Fed tries to make it sound as if wiretaps are already an effective tool against such people when his own statistics show that wiretaps are rarely used against them. It would be another matter entirely if Uncle Fed intended to use VoIP monitoring technology to enforce drug laws. Even then, none of the dope dealers I knew of in college even knew what "broadband" meant — so it was unlikely that any of them had the equipment necessary to use VoIP. Even if drug importers are more sophisticated, the police can still monitor their communications through conventional warrants and responsible police work.
In conclusion, the only thing I can really say is that Uncle Fed's request is problematic, at best — and I am just a guy with an interest in Internet law, not an expert in history, technology, or constitutional law. If Uncle Fed was trying to start a national debate on the merits of Internet surveillance, it is about time we had one. If he thought he could slip this in under the radar, shame on him.
Wednesday, 7 January 2004
Grand Canyon: An Evidenceless View
Tom Vail, a veteran tour guide at Grand Canyon National Park has written a new book called Grand Canyon: A Different View (on sale at the Institute for Creation Research). This book encapsulates everything that is wrong with the creation "science" movement, and Vail's own words in the introduction summarize the main problem nicely, despite his obvious contrary intention:
For years, as a Colorado River guide I told people how the Grand Canyon was formed over the evolutionary time scale of millions of years. Then I met the Lord. Now, I have a different view of the Canyon, which according to a biblical time scale, can't possibly be more than a few thousand years old.
In other words, Vail once held a scientifically-justifiable opinion as to the Grand Canyon's origin. Then he underwent a religious conversion and decided that his prior conclusion was inaccurate without having seen any evidence contradicting it. Finally, he set out to collect evidence supporting his new conclusion. This last step would be a good thing (having more evidence to evaluate is almost always a good thing), except that Vail has decided to cherry-pick the evidence he wants to believe. The geological evidence surrounding the Grand Canyon's formation points overwhelmingly to a slow formation over millions of years, but Vail refuses to give the evidence a fair shake.
The book is currently on sale at the Grand Canyon National Park gift shop, among many other places. It is a small consolation that "the book was moved from the natural sciences section to the inspirational reading section of park bookstores" after the park's irate staff complained, according to the Julie Cart of the Los Angeles Times (via Arizona Republic). At the same time, President Bush's faith-based National Park Service has blocked the distribution of informational pamphlets to park rangers and guides that would allow them to answer visitors' questions on the subject. (Source)
FBI uses web bug to track extortionist?
Abandoning the incentives not to report cybercrime (see my last blog entry), Best Buy called in the FBI when it received emails threatening to expose security weaknesses in its e-commerce site unless the retail giant forked over $2.5 million. The Bureau worked with Best Buy to snare Thomas E. Ray III, of Mississippi, the would-be scammer. The most interesting feature of this case is in the tools used by the FBI to catch the alleged blackmailer. The Bureau responded to Ray's messages with its own emails laced with something that allowed it to trace the IP address from which he read them.
Unfortunately, the early press reports are unclear as to exactly what that something was. The St. Paul Pioneer Press reports that the investigation "was aided by a computer-tracing technique." The FBI got "permission from the courts to use a specialized e-mail device — called the Internet Protocol Address Verifier — to track down the author." I have no idea what an "Internet Protocol Address Verifier" is, but it sounds an awful lot like a web bug.
Web bugs are tiny pictures embedded in email messages using HTML. When an HTML-enabled mail client opens the message, it renders the HTML — including any image tags. The sender can embed an image tag that will query his own web server for an image file, then examine his server logs to determine from what IP address the query came. For example, I could send an email with HTML tags pointing to images stored on www.danfingerman.com, then record the IP addresses of all requests for that image. After I collect the IP addresses and dates & times the image was accessed, I could take a page from RIAA's playbook and find a way to intimidate ISPs into telling me which individuals were using each IP address at the relevant date and time. Then I would know who read my email, the exact date and time, and I could get more information with some extra effort — like the reader's home address and phone number or the geographic location where he read the message.
Web bugs got the name bug after spammers started using them to verify email addresses. Recording calls to an image stored in a static location on a web server is not very helpful when you send email to millions of addresses and have no good way to link each IP address & time/date combination to a particular email address. (Believe it or not, the DMCA does have limits.) Spammers began to design web server software with dynamic links to a single image measuring 1x1 pixel. The images are tiny so that most people will not notice them (how often do you really view the source code of your email?) and to make them load quickly — before most people could hit the delete key. The relevant HTML tag written into each individual email would include a directory path that included the address to which that message was sent. Then, the web server's log would record the image request with the email address (as a simple text string) as part of the directory path to the image. This made it obvious which email addresses the queries were coming from. "Verified" email addresses are like gold for spammers, and they would use this information to charge higher prices for their services — because they could now guarantee that a higher percentage of their emails were being delivered to addresses where an actual person would see them.
The Pioneer Press article makes the FBI's Internet Protocol Address Verifier sound a bit like a web bug, but it is ambiguous. For example, it calls the verifier "a specialized e-mail device." Furthermore, the St. Paul Star Tribune had this to say ("Feds thwart extortion plot against Best Buy"):
The federal search warrant was obtained the morning of Oct. 24  and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.
Did you see that? The Star Tribune called the verifier "a program." A web bug could never be confused with a "program." The source of my confusion should now be obvious.
If anyone knows what the heck an Internet Protocol Address Verifier really is, please let me know.
Tuesday, 6 January 2004
Diebold/DMCA summary & analysis
Monday, 5 January 2004
EFF calling for Pioneer nominations
Mattel v. Walking Mountain Productions as a teaching case
This morning I finally got a chance to read the 9th Circuit's decision in Mattel v. Walking Mountain Productions [pdf], handed down last week. The decision affirms a District Court's grant of summary judgment to Tom Forsythe, the man selling photos of nude Barbie dolls being attacked by kitchen appliances. I think the 9th Circuit's opinion will make an excellent teaching tool in law school courses.
When I took courses on Copyright and Trademarks & Unfair Competition, my casebooks included a few cases that discussed the First Amendment, but I never felt like any case tied up all the loose ends for me. I think Mattel does this. The court did a nice job explaining the intersections between copyright, trademark, trade dress, the First Amendment, and fair use. However, it does not seem to have assumed that many laymen would read its opinion, so it did not spend an excessive amount of ink reasoning from first principles.
Despite its sympathy for free expression interests (which ultimately won the day), the court was not unmindful of the business realities in this case. It began its analysis where Mattel's real interest lay — the market value of its Barbie brand and the potential future value of Barbie dolls and authorized derivative works. However, after detailing the small income that Forsythe realized from his parodic photographs, the court gave us this gem: "Purchases by Mattel investigators comprised at least half of Forsythe's total sales." (page 5, note 3)
The court sprinkled its opinion with language that strongly reinforced the freedom of expression concerns at stake in a case like this. For example, on Mattel's copyright claim:
However one may feel about [Forsythe's] message — whether he is wrong or right, whether his methods are powerful or banal — his photographs parody Barbie and everything Mattel's doll has come to signify. Undoubtedly, one could make similar statements through other means about society, gender roles, sexuality, and perhaps even social class. But Barbie, and all the associations she has acquired through Mattel's impressive marketing success, conveys these messages in a particular way that is ripe for social comment. (page 15)This was immediately followed by footnote 7:
Mattel strongly argues that Forsythe's work is not parody because he could have made his statements about consumerism, gender roles, and sexuality without using Barbie. Acceptance of this argument would severely and unacceptably limit the definition of parody. We do not make judgments about what objects an artist should choose for their art. For example, in [Campbell v. Acuff-Rose Music, Inc., 510 U.S. 569 (1994)], the Supreme Court found that hip-hop band 2-Live Crew's rendition of "Pretty Woman" was a parody because it targeted the original song and commented "on the naivete of the original of an earlier day, as a rejection of its sentiment that ignores the ugliness of street life and the debasement that it signifies." [Campbell,] 510 U.S. at 583. No doubt, 2-Live Crew could have chosen another song to make such a statement. Parody only requires that "the plaintiff's copyrighted work is at least in part the target of the defendant's satire," not that the plaintiff's work be the irreplaceable object for its form of social commentary. [Dr. Suess Enters., L.P. v. Penguin Books USA, Inc., 109 F.3d 1394, 1400 (9th Cir. 1997).]
On the trademark infringement claim:
As we recently recognized in [Mattel, Inc. v. MCA Records, Inc. [pdf], 296 F.3d 894 (9th Cir. 2002), cert. denied, 123 S. Ct. 993 (2003)], however, when marks transcend their identifying purpose and enter public discourse and become an integral part of our vocabulary, they assume a role outside the bounds of trademark law. Where a mark assumes such cultural significance, First Amendment protections come into play. In these situations, the trademark owner does not have the right to control public discourse whenever the public imbues his mark with a meaning beyond its source-identifying function. [Internal quotation marks and citations ommitted.]
The court spent nearly a page distinguishing fair use from its First Amendment analysis on the trade dress claim (following the 2d Circuit's precedent in Rogers v. Grimaldi [pdf], 875 F.2d 994 (2d Cir. 1989)), in a long footnote (#14) on pages 20-21. I have never seen a court spend that much time on the fair use/First Amendment distinction. It was especially helpful in this case, after the court had analyzed the issues in light of Rogers:
The Rogers balancing test requires courts to construe the Lanham Act "to apply to artistic works only where the public interest in avoiding consumer confusion outweighs the public interest in free expression." Rogers, 875 F.2d at 999 (emphasis added [by the Mattel court]). Accordingly, the Rogers test prohibits application of the Lanham Act to titles of artistic works unless the title "has no artistic relevance to the underlying work whatsoever or, if it has some artistic relevance, unless the title explicitly misleads as to the source or the content of the work." [Some internal citations omitted]
The court did a simiarly good job explaining the trademark dilution and trade dress infringement issues. I will not belabor my point here; the examples above show how good a teaching case this would be. The only issues that the court treated summarily were Mattel's state law claims, dismissing them on First Amendment grounds for the reasons it stated in other sections.
The major downside to using this case as a teaching tool is its length — forty pages. Fortunately, the last seven pages deal with procedural issues and attorney fees under the copyright and Lanham acts. These sections could easily be separated from the rest when discussing free expression issues.
Norweigan authorities drop DeCSS case
Monday, 29 December 2003
Cyberbullying and school (in)action
The Christian Science Monitor has a feature article by Amanda Paulson on "cyberbullying." The article outlines the problem, analyzes it as merely a new platform for old-fashioned bullying, and discusses the perils of censoring speach for short-term disciplinary goals. I think that analysis is on the right track, but I would like to add a few points.
The article ignores the grandaddy of all cyberbullying cases and the publicity that surrounded it the case of Jake Baker and the University of Michigan. Mr. Baker's First Amendment defense ultimately led to his exoneration of charges of making threats. (See the EFF case archive for comprehensive information.) The CS Monitor article does, however, discuss the more recent case of "Ghyslain, the Canadian teenager who gained notoriety this year as 'the Star Wars kid.'" This young man videotaped himself goofing around with a broomstick, as if it were a fighting staff.
Some peers got hold of the video, uploaded it to the Internet, and started passing it around. Doctored videos, splicing him into "The Matrix," "The Terminator," or the musical "Chicago," with added special effects and sounds, soon followed. He's now the most downloaded male of the year. According to news reports, he was forced to drop out of school and seek psychiatric help.
The article also mentions that (public) schools may lack the authority to shut down off-campus channels of speech used for bullying. The author seems to divide this into two distinct points, one practical and one legal, but it could stand some clarification. First, schools lack the practical ability to censor such centralized speech channels as web-based bulletin boards and instant messaging networks because the school is not the central entity. These are generally physically controlled by private companies. When it comes to open and decentralized channels (like email, IRC, or usenet), the school has no chance. Second, the legal barriers. Any action that schools take or fail to take can open them up to the modern American passtime, lawsuits. Any course of action necessarily requires the school to make judgments that pit one student's civil rights against another's specifically, the right of the bully to speak vs. the right of the victim to have a public education free from harassment. Schools are understandably reluctant to break any new ground in this context. If I were a school board lawyer, I might recommend the most conservative course of action I could think of.
However, schools are not always so loathe to target Internet speech that is generated off-campus. Some get trigger happy when a student's web site criticizes teachers or administrators. Just the other day, I blogged on a recent case involving the Oceanport School District in New Jersey. I could probably turn up ten more examples in as many minutes on Google.
Finally, I want to highlight a case described in the article that displays the best the First Amendment has to offer. "J. Guidetti, principal of Calabasas High School, did get involved, after comments on schoolscandals.com caused many of his students to be depressed, angry, or simply unable to focus on school." All of Guidetti's initial efforts failed as long as he used a law-enforcement approach. Then, he decided to counter speech with speech:
Eventually, a local radio station got involved and put enough pressure on the people running the site a father-son duo that they took it down in the spring. Already, there's a schoolscandals2 relatively harmless, so far. Guidetti checks it regularly for offensive content, one of the ever-growing tasks of a 21st-century principal.
To be clear, I do not advocate publicly shaming people for their speech. However, opinions that wilt in sunlight are exactly the sort that the Framers of the constitution believed could be controlled by encouraging counter-speech. Guidetti engaged in honest public debate, convinced more people than his opponents, and won the day. By taking his case to the airwaves, Guidetti created speech where he had previously tried to destroy it, and liberty had a rare chance to serve a utilitarian purpose.
Sunday, 28 December 2003
The New York Times points out, rather amusingly, that most members of Congress were engaged in sending a massive wave of unsolicited email to their constituents this weekend — barely ten days after unanimously approving the CAN-SPAM Act. Article: "We Hate Spam, Congress Says (Except Ours)."
"They are regulating commercial spam, and at the same time they are using the franking privilege to send unsolicited bulk communications which aren't commercial," David Sorkin, a professor at the John Marshall Law School in Chicago, said. "When we are talking about constituents who haven't opted in, it's spam."
Thursday, 25 December 2003
Florida launches faith-based prison
The Associated Press reports that Jeb Bush, the Governor of Florida and brother of the President, quarterbacked the opening ceremony of a new social experiment: a faith-based prison. (Via Washington Post) The experiment is being hailed as the first such prison in the United States.
The "new" prison is really a rededicated old prison that has been in operation for some time. Now, however, it will cater to its prisoners' spiritual "needs" where the old system did not. The state claims that all 791 prisoners therein are living there voluntarily either because they chose not to transfer out or because they applied to transfer in. AP reports a different story, however:
Many of the prisoners who did not transfer from Lawtey stayed simply because they did not want to move, and not because they wanted to become more involved in religion. But inmates who want to make use of the faith initiative say those who do not participate eventually will be released and replaced by others who will make the program stronger.
The cynic in me wants to ask why this prison is the "first" of its kind in the country when the prison in Guantanamo Bay has been operating for two years. Oh yeah the governor's brother declared that prison not to be on American soil and not subject to the jurisdiction of the U.S. judiciary. That prison is also mostly (entirely?) Muslim, and the President does not seem to consider it of the same stripe as a Christian prison.
Meanwhile, I will ask how long it will take for a court to declare the new experiment unconstitutional. Unless Florida plans to provide identical religious services to every person in every prison within the state, I do not see how it can escape the obvious problems under the establishment clause of the First Amendment and the equal protection clause of the 14th Amendment. Each prisoner quoted in the AP article practiced some flavor of Christianity. Does the State also provide spiritual counseling to Jews, Hindus, Buddhists, Wiccans, atheists, secular humanists, agnostics, and Jedis? Does such counseling receive equal per-prisoner funding? How do the minister-to-prisoner ratios compare? Are their faiths' holy scriptures available in the prison library, alongside the Christian bible? Are the Jews provided with a Torah scroll? Do the Jedis get light sabers?
All the published interviews I can find thus far with prison officials, politicians, prisoners, volunteer ministers, and their families have been with Christians. Each one makes a point of saying that prisoners will be free to practice whatever faith they choose and that no one will proselytize. Unfortunately, their actions and attitudes belie this as dishonest.
For example, Paul Smith, pastor of Miracle Baptist Church in Stuart, Florida, said in an interview with TCPalm.com: "An inmate can be selected [to live in Lawtey prison] whether he has faith, whether he doesn't have faith, or whether he wants to come to faith." In other words, this volunteer was told something different than what Governor Bush told the press at the opening ceremony that some prisoners are not there because they chose to practice a particular faith. When asked whether the prison would cater to Christians, Pastor Smith said, "absolutely not. A faith-based prison is for all faiths and all denominations." When asked about those other faiths and denominations, however, he named only Catholics and Muslims. Later, he revealed the depth of his bias:
It does not violate separation of church and state, one, because all of the inmates have volunteered to be there. If they were being forced or if they were given some type of reduced sentence, or early release to participate in the program, then I think it's a violation. The only thing that this program is a violation to is the devil and the fact he wants to have more souls go to hell.
As established by AP, not all prisoners are there voluntarily, and the problems are compounded by the program's reliance on volunteer ministers. The motivation of all the volunteers appears to be wholly religious. The rationale behind the reliance on volunteers is to prevent the State from paying ministers' salaries on the theory that not spending money in such a manner will solve the establishment-clause problem. The Christian Science Monitor reports:
In the program, volunteers will act as personal mentors, offering support to each inmate both during their incarceration and as they settle back into the community after serving their sentences. Inmates will participate in all the usual day-to-day prison activities, but during evenings and at weekends will undergo extra classes examining issues such as anger management, good parenting, and the effect of crime on victims, run by representatives from a variety of faiths including Islam, Judaism, and Christianity.
Floridians have more than 26 religions, and I would bet that their prisoners do, too. Until they solve that problem and the problem of the "many" current Lawtey prisoners who want no part of this religious program this experiment will remain unconstitutional.
Tuesday, 23 December 2003
LPC gets nasty
The Liberal Party of Canada went off on a funny tirade against the proprietors of PaulMartinTime.ca — a spoof of the Canadian Prime Minister's official site, PaulMartinTimes.ca. This is, of course, the Canadian equivalent of G. W. Bush's famous campaign gaffe, "There ought to be limits on this kind of freedom." (Via BoingBoing)
Saturday, 20 December 2003
DC Circuit stumps RIAA
By now the world has heard of the D.C. Circuit decision in RIAA v. Verizon. Previously, the D.C. District Court ruled that Verizon must comply with RIAA's subpoenas, issued under § 512 of the Digital Millennium Copyright Act (DMCA). Those subpoenas are designed to force ISPs to disclose the identities of users whom RIAA suspects of illegally making copyrighted music available for others to download. RIAA can trace users by itself as far as their IP addresses (the sets of numbers that uniquely identifies every computer on the Internet), but it needs the cooperation of ISPs to connect an IP address with an individual's name and address. Once it has that information, it can send a cease & desist letter or file a lawsuit.
Yesterday's Circuit decision reverses the District Court's interpretation of the statute. The appeals court gave the statute an extremely close reading in rendering its decision. The relevant section has a complex sentence structure and many cross references, so it is no wonder that the parties (and two different courts) disagreed as to its meaning. Derek Slater makes a few interesting points, including: "I find it fascinating when opinions contrast in this way — when they see the same issue clearly, unambiguously, but oppositely. [District] Judge Bates, just like [Circuit Judge] Ginsburg, claims to stick to the statute's text and go no further, yet their opinions are night and day."
The decision is a victory for privacy, but not a victory for privacy as such. The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. […] The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.
The Circuit panel adopted most of Verizon's statutory argument — that § 512(h) authorizes subpoenas only in cases where the plaintiff alleges that the infringing material is stored on media controlled by the ISP. However, when the ISP is a mere conduit for data stored on media controlled by a third party (the ISP's subscriber, in this case), § 512(h) does not permit subpoenas outside of the context of a lawsuit.
This line of reasoning rests on the cross references between § 512(h) and § 512(c). Subsection (h) permits a copyright owner to apply to the Clerk of the court for a subpoena so long as the application contains "a copy of a notification [of claimed copyright infringement, as] described in [§ 512](c)(3)(A)." The relevant language in § 512(c)(3)(A) is: "To be effective under this subsection, a notification of claimed infringement must be a written communication … that includes substantially the following" six elements. The third enumerated element is "(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material." (Emphasis added)
The court agreed with Verizon that this language requires the subpoena application to assert that the ISP has the ability to remove or disable access to the allegedly infringing material. However, most current P2P applications use a decentralized architecture. This means that all shared data is stored on users' computers, not on any central server — except for temporary copies incidental to transmission, which the DMCA permits. Therefore, the ISP has no legal right to remove or disable access to the material shared on the P2P network:
No matter what information the copyright owner may provide [in its subpoena application], the ISP can neither "remove" nor "disable access to" the infringing material because that material is not stored on the ISP's servers. Verizon can not remove or disable one user's access to infringing material resident on another user's computer because Verizon does not control the content on its subscribers' computers.
This holding does have some privacy implications, but they are small compared to Verizon's alternative argument. Having decided this case on statutory grounds, the court ducked the larger First Amendment questions.
So what implications does it have? Dozens of people predict that RIAA will lobby Congress to close what it surely sees as a loophole in the DMCA. Ernest quipped, "[T]he RIAA has nearly hosed itself." The trade group has been trying to consolidate all its DMCA subpoena litigation in Washington, D.C. for administrative convenience. Now, however, it cannot be happy with its "success" in transferring the SBC case to the D.C. District from the Northern District of California in San Francisco — because the Verizon decision is now binding precedent in the nation's capital. This will not stop RIAA from getting users' information, however. It will only make the process slower and more expensive. Instead of paying its lawyers simply to draft subpoena applications, it now has to pay them to draft and file complaints and motions in addition to subpoena applications. These costs will be passed on to consumers in the form of higher average settlements.
John Palfrey sees a broader trend: "Add this development to the Grokster opinion, and the trend of the law in favor of digital rights holders is at least in a holding pattern." The trend may be even broader than Palfrey recognizes — this was a banner week for civil liberties everywhere. (It could, however, be just a blip on the post-9/11 radar screen.) The Dutch supreme court ruled that the makers of Kazaa are not liable under Dutch law for copyright infringement committed by the software's users. A day earlier, the Second Circuit ruled that the U.S. government may not classify Jose Padilla as an enemy combatant — which should assure that his constitutional rights are no longer suspended. Just a few hours later, the Ninth Circuit wrote "that the [Bush] administration's policy of imprisoning about 660 non-citizens on a naval base in Guantanamo Bay, Cuba, without access to U.S. legal protections 'raises the gravest concerns under both American and international law'" (source).
If nothing else, we live in interesting times.
Friday, 19 December 2003
Student sues school for censoring his web site
News 12 New Jersey reports ("Teenager sues Oceanport School District over freedom of speech") that Ryan Dwyer of New Jersey has filed a lawsuit against the Oceanport School District, which operates his former middle school. Dwyer suffered several punishments for operating a web site that criticized the school. If we believe his description of the site (which has been taken offline), this may be a good test case, because he kept the site "clean:"
The Web site was launched in April. It greeted users with, "Welcome to the Anti-Maple Place — Your Friendly Environment," and said: "This page is dedicated to showing students why their school isn't what it's cracked up to be. You may be shocked at what you find on this site," Dwyer says students were allowed to post opinions, but profanity was prohibited and no threats were allowed to be made.
Thursday, 18 December 2003
Padilla not an "enemy combatant"
Score one for the good guys! The U.S. Court of Appeals for the Second Circuit has ruled that the President cannot simply classify Jos้ Padilla, a.k.a. Abdullah al Muhajir, as an enemy combatant on faith. The government alleges that Padilla was plotting to detonate a "dirty bomb" when it arrested him in Chicago in mid-2002. Since that time, the government has held Padilla — a U.S. citizen — in jail, incommunicado, and without bringing charges against him. The court gave the President 30 days to release him him or charge him with a crime under the rules of civilian criminal procedure. Links: majority opinion [pdf] and dissent [pdf]. News coverage: Washington Post, CNN.
Tuesday, 16 December 2003
CRIA Follows Big Brother's Lead
The millions of Canadians who share music files on the Internet should be prepared for the possibility of facing a lawsuit early in the new year, the head of the Canadian Recording Industry Association said yesterday. … [Brian] Robertson would not specify how many lawsuits would be filed, but he did say the legal action would be similar to the lawsuits filed in the United States. For some time, CRIA has been using software that tracks and identifies users involved in trading free music files. "Users should be aware that using file-sharing services is a very public process," Mr. Robertson said.Since Canada has no analog to the Digital Millennium Copyright Act (DMCA), it will be interesting to see whether CRIA's tracking software is anywhere near as effective as RIAA's subpoenas. Neither one, it cannot be pointed out often enough, has any judicial oversight. And both are ripe for abuse.
Monday, 15 December 2003
God Considers Smiting Copyright Pirates
God is considering his options for action against Bible pirates. "God did not rule out smiting as a final measure against those who share his most famous work, the Bible, on the Internet," wrote Kristian Werner of BBspot Technology News.
Citing misuse of His word, misquotation, and putting hardworking Bible printers out of work, God said he would now start hunting Bible pirating around the globe. "I have to defend both my world-famous brand the Bible and its distinctive likenesses and the livelihood of those who create and distribute legal copies of it. Sure, they live not by bread alone, but website hits someone else's website mind you don't pay the bills for these folks."
Spam rage defendant pleads not guilty
Saturday, 13 December 2003
I would like to comment briefly on one post in ATAC's weblog, "Face Recognition and False Positives." This post raises the point of "a classic security mistake: ignoring the false positive problem." I addressed this issue in "Static Measurements & Moving Targets," my law-school thesis paper on biometrics and privacy in the context of consumer banking. In that paper, I looked at the problem from a perspective opposite Ed's. He describes facial recognition in an identification application, where its goals are substantially different from what its goals would be in an authentication application.
The designer of an application that flags passers-by as registered sex offenders has an incentive to overinclude suspects for security reasons — that is, to err on the side of false positives. The designer of an ATM authentication application, on the other hand, has the opposite incentive — to err on the side of false negatives, to prevent fraud. The point is that false positives are not solely a privacy issue: they also represent a security risk, depending on the context.
That said, I do agree with Ed's basic point, as I wrote back in October ("Terrified of Terror Profiling?"). I supported the point there with links to articles by computer security expert Bruce Schneier and mathematician John Allen Paulos.
Cringely, part 2
Robert Cringely has released part 2 of his column on e-voting. His analysis of e-voting problems from an IT project management perspective is refreshing; it is a perspective that has been sorely lacking in the debate thus far. Links: part 1 and part 2.
Friday, 12 December 2003
ECPA permits employer to search stored email
Law.com reports that a Third Circuit panel has interpreted the Electronic Communications Privacy Act (ECPA) to permit an employer to search its employees' email messages that are stored on its network ("Federal Law Allows Employer's Search of Worker's E-Mails"). Such a search, the court held, does not constitute "interception" of messages during "transmission," as prohibited by the ECPA. The full text of the decision in Fraser v. Nationwide Mutual Insurance Co. is available via FindLaw.
Thursday, 11 December 2003
Nevada demands e-vote paper trail; Gamblers reject Diebold's voting machines
Nevada Secretary of State Dean Heller announced yesterday that his state was the first in the country to demand that e-voting machines produce voter-verifiable paper receipts. The state's Gaming Control Board gave Diebold's products a harsh denunciation, writing that they "represented a legitimate threat to the integrity of the election process." After rejecting Diebold equipment, Heller settled on a system from Sequoia Voting Systems. "A paper trail is an intrinsic component of voter confidence," Heller said. Printers make e-voting systems cost more, he acknowledged, but "money takes a back seat to accuracy, security and voter confidence."
Tuesday, 9 December 2003
Robert Cringely on the e-vote paper trail
Robert Cringely, the venerable PBS columnist, wrote an interesting column on the lack of a paper trail in e-voting machines ("No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable").
Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self- service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines — every one — creates a paper trail and can be audited. ould Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.Thanks go to LawGeek for the heads up.
CNet summarizes e-voting developments
Monday, 8 December 2003
Mexico threatens 3 with treason charges for data sale
The government of Mexico is threatening to charge three of its citizens with treason. They are executives of a company called Soluciones Mercadologicas en Bases de Datos, which sold a database private information on 65 million Mexican voters to ChoicePoint, an Atlanta-based database company. ChoicePoint bought the data at the behest of the U.S. government shortly after 11 Sept. 2001 to help bolster Uncle Sam's investigation of terrorism.
The database contained such private information as the number of cars owned in households and unlisted phone numbers. If nothing else, this episode highlights the incumbent dangers when a government any government collects massive amounts of data on its citizens without a compelling and clearly articulated purpose. What, for example, does voter registration have to do with the number of cars one owns?
The Macon Telegraph has the story: "Mexican company officials may face treason charges."
Sunday, 7 December 2003
Ohio moves to block e-voting
The State of Ohio moved to block deployment of e-voting machines last week. The move follows the release of a report [pdf] commissioned by the Secretary of State that revealed serious security flaws. Wired News reports ("Ohio Halts E-Voting Machines") that "some of Ohio's 88 counties still will be using punch-card systems for the 2004 election." Unfortunately, there seems to be no viable alternative.
Borland on P2P
John Borland of C|Net wrote an interesting column last Thursday, asking whether RIAA's lawsuits against P2P users were having the desired deterrant effect ("RIAA lawsuits yield mixed results"). "At the core of the RIAA's strategy has been the attempt to persuade as many people as possible to stop trading copyrighted files online. This appears to be working in at least some groups, but the evidence is mixed at best." That same day, he also wrote a good summary of the compulsory licensing discussion in Canada: "Should ISP subscribers pay for P2P?"
Friday, 5 December 2003
Google files DJ action against American Blind
I love it when companies are willing to spend money to clarify the law in areas where it is murky. Playboy used to be great in this area, filing many suits that pushed copyright and trademark law into the digital age at a time when the Internet had barely entered the popular lexicon. Many of those cases went all the way to judgment and appeal — which gave something back to the public, in exchange for the judicial resources that Playboy consumed.
Now Google has started. Last week the search company filed a declaratory judgment action against American Blind & Wallpaper Factory, asking the U.S. District Court in San Jos้ to clarify its rights. American Blind (among many others) has complained recently to Google about Google's sale of keywords to its advertisers. Google has been fairly responsive about such trademark requests, but AB and others frequently claim to have rights in words and phrases that do not precisely match their registered or common law trademarks. They do have some trademark-like rights in such terms, but it is often difficult to discern exactly what they are. This case should help.
Thursday, 4 December 2003
Johns Hopkins still bars publication of Diebold memos
Derek Slater reports the tribulations of Asheesh Laroia, a student at Johns Hopkins University. Despite never having received a cease & desist letter, JHU cut off access to the memoranda. Even after Laroia informed JHU that Diebold had retreated (1, 2), the university persisted, writing that it "cannot allow its resources to be used in violation of copyright law, whether or not the holder of the copyright (in this case Diebold) plans to prosecute."
All I can say is I am glad I am not a student there.
Wednesday, 3 December 2003
Clarifying my position on opt-out
Some feisty discussion has broken out in the comments section of my blog post where I summarized and explained some features of the CAN-SPAM Act. I have been accused of favoring an opt-out system over opt-in. This is probably my fault for overstating my position as a reaction to most people's knee-jerk favoring of opt-in.
I do not favor opt-out in all its manifestations — I just think that most people decide to favor opt-in without considering the issues thoroughly. There are serious free-speech problems with the government mandating a regime that forbids a certain type of speech to be distributed in a certain channel. Those problems are reduced (although not entirely eliminated) by an opt-out regime that provides consumers with an en mass opt-out mechanism like a do-not-spam registry. The problems are further reduced the more fine-tuned the en mass mechanism becomes. The present FTC/FCC do-not-call registry is a blunt instrument, requiring consumers to choose all or nothing.
Someone may yet convince me that opt-in is the way to go; but, until that happens, I choose to err on the side of free expression.
Tuesday, 2 December 2003
Standing questions in Newdow
Monday, 1 December 2003
Crimson confirms Diebold will not sue students
Zachary Seward reports in the Harvard Crimson that a Diebold spokesman confirmed that the company will not sue students who posted internal company memoranda on the Internet ("Diebold Won't Sue Students"). Thanks go to John Palfrey for the heads up. The article has one interesting point that bears mentioning here:
In one memorandum from April 23, 1999, [a Diebold] employee acknowledges a flaw in one of the company's electronic ballots. "I don't expect you will see a fix in time for the election," the employee writes, "since it is tomorrow." Diebold will not comment on the memoranda but has said that any imperfections in their systems have subsequently been fixed.Note that this claim can be interpreted to apply only that those particular ballot problems tailor-made plausible deniability. It does not claim to have fixed the security flaws found in two independent reviews earlier this year. In one review, researchers at Johns Hopkins and Rice universities found weaknesses that could easily allow someone to cast multiple votes for one candidate. (Report (pdf), press release) The other report, conducted for the State of Maryland, concluded that flaws exist but that they were unlikely to cause practical problems in real elections but only if external safeguards are in place. (Report (pdf))
Also recall that Diebold is the only manufacturer of ATMs in the world whose machines have become infected with a worm.
Friday, 28 November 2003
P2P & anonymity
Four years ago I wrote my senior thesis at Yale, The Futures of e-Politics, in which I complimented several Congressmen and Senators for having done well to educate themselves on digital communications technologies in a relatively short time. Today I may recant that compliment.
I just got around to reading C|Net's coverage of a letter sent last week from several Senators to the executives of several P2P companies. The lawmakers asked the companies to regulate themselves — i.e., to censor their networks for pornography and copyrighted material. C|Net reports (Senators ask P2P companies to police themselves) a quote from Senator Lindsey Graham (R-N.C.) that I did not see reported elsewhere. In a "statement" accompanying the letter, he said (emphasis added):
Purveyors of peer-to-peer technology have a legal and moral obligation to conform to copyright laws, and end the pornographic trade over these networks. These programs expose our children to sexually explicit materials and provide an anonymous venue for child pornographers to hide behind the veil of technology.If we have learned anything from RIAA this year, it is that P2P activity is not anonymous. If you are going to make national policy, or at least pretend to, it is not unreasonable to ask that you pay attention.
Thursday, 27 November 2003
Worm infects Diebold ATMs
Diebold, the very same company being raked over hot coals for its authoritarian response to criticism, now has the ignoble honor of being the first ATM manufacturer to have its machines infected with a worm. (New Scientist: "Cash machines infected with worm")
The controversy over Diebold's electronic voting machines is no longer theoretical (if it ever was). This is a real-world, already-happened, no-excuses problem affecting a Diebold product very similar to its voting machines. How could this happen? Simple — Diebold's ATMs run Windows XP.
Diebold backs down
Diebold filed court papers on Monday, stating that it would not file copyright infringement suits against people who hosted and linked to the infamous cache of damaging documents. Kudos go to the Stanford Cyberlaw Clinic, which represented two Swarthmore students in their lawsuit against the voting machine manufacturer. Too bad Rule 11 does not apply to DMCA notice-and-takedown letters. You have my best wishes if you sue Diebold under anti-SLAPP laws and for intentional infliction of emotional distress.
Wednesday, 26 November 2003
Man charged in "spam rage" case
This seems to be a first. Charles Booher of Sunnyvale, California has been arrested and charged with 11 counts for threats he made to a company he blamed for sending him spam and causing web popup ads on his computer. Wired News reports ("Man Arrested Over 'Spam Rage'"):
Booher threatened to send a "package full of Anthrax spores" to the company, to "disable" an employee with a bullet and torture him with a power drill and ice pick; and to hunt down and castrate the employees unless they removed him from their e-mail list, prosecutors said.
This case presents a good opportunity to mention a recurring a point about defining classes of speech for legal purposes. I have yet to see a case where this was not problematic, but it is never more so than when the communication of words alone constitutes a crime. Mr. Booher's words (as reported in Wired) clearly threatened physical violence, his intent to make a threat seems clear, and he communicated the threat to the threatened person satisfying the basic requirements of most threat statutes. Do prosecutors have a slam dunk case? Maybe. But the inquiry only starts there.
It is what Wired failed to report that I find interesting. The article in Saturday's San Jose Mercury News makes Booher look much more sympathetic. (Article: "Spam sends local man into rage") There, we learn that Booher "is a three-time survivor of testicular cancer" and that the overwhelming flood of spam that triggered his emotional outburst was hawking you guessed it penile enlargement products. Suddenly, his response is understandable.
Before you send me angry email, note that I do not condone what Booher did. My point here is that it is irresponsible to condemn someone based on a small amount of information. When the condemnation implicates the most basic liberties of any free society, we have to be especially careful. Some of you may remember Jake Baker, the University of Michigan student who wrote a revolting rape/torture/murder fantasy story about a classmate and posted it on alt.sex.stories. Baker was charged with making threats, notwithstanding that he had unambiguously stated that the story was fiction. The subsequent uproar ended with his exoneration of all charges of making threats a result demanded by the First Amendment. For those unfamiliar with the case, the Electronic Frontier Foundation (EFF) maintains an archive of relevant documents. (If you have a strong stomach, the story is still available online. However, you have been warned: This is pretty sick stuff.)
Friday, 21 November 2003
California to require e-vote paper trail
Wired News (among others: 1, 2) reports that California Secretary of State Kevin Shelley, announced today that he will require all voting machines used in that state to produce a paper trail of all ballots by 2006. (Article: E-Votes Must Leave a Paper Trail)
Beginning July 1, 2005, counties will not be able to purchase any machine that does not produce a paper trail. As of July 2006, all machines, no matter when they were purchased, must offer a voter-verifiable paper audit trail. This means machines currently in use by four counties in the state will have to be fitted with new printers to meet the requirement.
This measure addresses one of the major problems with electronic voting machines, but other problems remain. Shelley has been active in this area recently, so he may yet address the remaining problems.
Wednesday, 19 November 2003
Kucinich slaps Diebold
Congressman and presidential candidate Dennis Kucinich (D-OH) has come out decisively in favor of civil liberties. On his Voting Rights issue web page, he posts excerpts from and links to the memoranda that Diebold has tried so hard to erase from the public hivemind. Thanks to Donna at Copyfight for the heads up.
The Congressman writes:
Stopping False Copyright Claims
Earlier today, Doug Simpson of Unintended Consequences pointed out (Article: Congressman Posts Diebold Document Excerpts) that the Speech or Debate Clause of the U.S. Constitution (Art. I, ง 6, cl. 1) may put Rep. Kucinich beyond Diebold's long reach if the company should choose to serve him with a DMCA notice-and-takedown letter. This clause immunizes members of Congress from "arrest" during any speech or debate in the course of their Congressional duties or while traveling thereto or therefrom. It further provides that members "shall not be questioned in any other place" "for any speech or debate in either House" of Congress.
Doug also brings up the similarity between this hypothetical case and Brown & Williamson Tobacco Company v. Williams, 62 F.3d 408 (D.C. Cir 1995), where a paralegal working for the law firm representing B&W (a tobacco company) leaked juicy documents to the press and to Congress. In this decision, the D.C. Circuit Court affirmed the District Court's quashing of the subpoena served on Rep. Waxman by B&W. Doug asks, "Can we expect Diebold to send Congressman Kucinich a cease and desist letter, with a takedown notice to the ISP hosting [his web site at] House.gov? I'd like to be a fly on the wall when those arrive."
Tuesday, 18 November 2003
Court hears Diebold arguments
Declan McCullagh reports on C|Net that the U.S. District Court in San Jose, California heard arguments in the case brought by students and the Electronic Frontier Foundation (EFF) against Diebold Election Systems. (Article: Students fight e-vote firm's DMCA claims)
As discussed here (1, 2) and elsewhere, Diebold manufactures electronic ("touch screen") voting machines. Students at Swarthmore launched what has since become a widespread electronic civil disobedience movement. Internal Diebold documents indicating mismanagement and a lack of security were publicly distributed, and protesters sought to bring them to the fore of public debate while Diebold sought to repress them, by sending threatening letters under the notice-and-takedown provision of the Digital Millenium Copyright Act (DMCA). There are also other political concerns, which Declan summarizes concisely:
Diebold gave at least $195,000 to the Republican party during a two-year period starting in 2000, and its chief executive, Walden W. O'Dell, once pledged to deliver Ohio's electoral votes for President George W. Bush. Earlier this month, California started an investigation into whether Diebold had improperly installed software into Alameda County's machines that had not been certified.
Up to this point, Diebold has been maintaining a stern face on the copyright front while hedging its bets behind the scenes by claiming that it could not tell whether any or all of the documents at issue had been altered. In court filings in the present case, however, it wrote, "Wholesale publication of unpublished, stolen materials, with no transformation or creativity and nothing other than a request that others download them in their entirety, is infringement, not fair use." This sounds to me like an admission that the documents are authentic. There goes Diebold's plausible deniability when it defends its products in the court of public opinion.
Monday, 17 November 2003
H&R Block bats both ways
SiliconValley.com reprints a story from the Kansas City Star, reporting a defamation lawsuit filed by H&R Block (H&R Block sues anonymous online critic). Essentially, the accounting firm believes that an employee is behind a series of postings on a Yahoo! message board that criticize the company. The article is a bit sketchy, but apparently both the complaint and company a spokesman said that the message board posts constituted (1) false and misleading statements and (2) improper disclosures of confidential information.
H&R Block is trying to bat from both sides here. If the anonymous poster's statements were accurate, they would prove highly embarassing to the company, and he would have disclosed confidential information. If they are not accurate, they would be defamatory. Either way, H&R Block maintains plausible deniability for long enough to force Yahoo! to reveal the anonymous poster's identity. Ultimately, H&R Block may have a difficult time proving either claim because damages (an essential element of both claims) would be too speculative. The author writes, "The defendant's comments don't appear to have had a material effect on Block stock," and goes on to detail the fluctuation of H&R Block's share price during the relevant time period and concluding that it was a mere penny off its 52-week high shortly after the statements. Proving a link between these statements and any trend in revenue would be exceedingly difficult, if not impossible.
This is a SLAPP — a strategic lawsuit against public participation. After Yahoo! breaches the poster's anonymity, we have no guarantee that H&R Block will pursue the lawsuit. More likely, it merely needed a subpoena to learn whether the poster was an employee — and will promptly forget about the suit after getting what it wants. Better to make an example by loudly firing a wayward employee than to waste time and money on a lawsuit against someone who will not have millions of dollars to pay in damages, in the unlikely event that you win. The last portion of the article begins, "Lawsuits aimed at forcing Internet service providers to provide the names of anonymous Internet users have become increasingly common in recent years." Little question exists as to the effect this is having on the freedom of speech.
Saturday, 15 November 2003
Extent of secrecy in Wal-Mart's RFID testing
Controversy over the use of radio frequency identification (RFID) chips in retailing has raged for some time. Although I have not covered RFID developments in this blog, I do follow them closely. Yesterday C|Net published a once-over of the newest RFID front, and I want to highlight one important point that the author glossed over too quickly. (Article: 'Smart shelf' test triggers fresh criticism)
Wal-Mart, the world's largest retailer, stopped a small RFID trial in Boston last year, after CASPIAN (Consumers Against Supermarket Privacy Invasion And Numbering) called public attention to it. Wal-Mart tried again last summer, in Tulsa, with a larger group of products. C|Net reports that company "sold, from March to July, Max Factor Lipfinity products embedded with the special tracking chips. A Wal-Mart representative, who told CNET News.com in July that the company had never sold products with chips in them, now says he only recently became aware of the Lipfinity test." In other words: Not only did Wal-Mart hide its activities from the public, it also hid them from its own spokespeople, causing them to deceive the press.
Friday, 14 November 2003
Roy gets rocked
An ethics panel in Alabama ruled yesterday that Roy Moore, the controversial Justice of that state's Supreme Court who placed a monument bearing the protestant ten commandments on the courthouse steps, had violated his profession's canons of ethics. Moore openly defied a federal district court order to remove the monument, known among his supporters as "Roy's Rock." (View image.) The ethics panel emphasized that Moore lacked contrition for his flouting of the rule of law. "Indeed," wrote the New York Times, "just minutes later, Mr. Moore strode out of the courthouse into a crush of his supporters and announced, 'I have absolutely no regrets.'" (Article: Alabama Panel Ousts Judge Over Ten Commandments Monument) Throughout this episode, Moore has characterized the dispute over the monumen as one between the faithful and faithless, Christians and atheists, and Alabamans and "the feds." His comments yesterday underscore the depth of his misunderstanding of the U.S. Constitution.
Thursday, 13 November 2003
Diebold & Democracy
The venerable Mary Hodder over at bIPlog gives us a terse summary of the goings on in California, with respect to Diebold Election Systems. (Article: Diebold Latest: The Effects of Student Spread Memos on CA Secretary of State) More importantly, I cannot overstate my support for her synopsis of the implications this affair holds for the future of American democracy.
Mary hit the nail on the head when she wrote:
[S]tudents at Swarthmore, followed by students at many other institutions…in spreading the Diebold memos around, have accomplished the goal of causing those with review power over Diebold systems to take another look at Diebold's work. … Even if the review doesn't cause the state to discontinue using Diebold systems or require severe changes (and I'm sure the pressure is enormous TO certify), the fact is the memos raise disturbing issues and the review is very necessary. If companies providing services of this sort feel that they can quash documents out on the Internet by using the DMCA, if Diebold succeeds on this point, we and our democracy will be the poorer for it.
The Diebold affair neatly illustrates two points. First, it shows the unconscionable overbreadth of the Digital Millenium Copyright Act (DMCA) — in this case, the "notice and takedown" provision. Second, it underscores the growing relevance of the blogosphere to national politics. The activists hosting the internal Diebold memoranda that triggered this affair deserve the lion's share of the credit for bringing this issue to light. Bloggers deserve the credit for keeping it there. While bloggers were giving the issue its due, the mainstream press was comparatively slow to report the acts of civil disobedience at Swarthmore and elsewhere. Bloggers can force the media to pay attention to important issues. We can force public officials to take notice. We can make a difference.
Sunday, 9 November 2003
Update: Dictionaries as social commentary
A few minutes after publishing my last piece, I saw this article in today's New York Times: Assisted Living to Viagra: A Dictionary Nod to Aging. It bolsters my argument about dictionaries being a lagging bellwether of commentary and social trends. The article quotes John M. Morse, the president and publisher of Merriam-Webster:
The words being added to the dictionary are a fascinating barometer of what's going on in our society. … When I read the tea leaves in the new dictionary, what I see is, yes, the Internet is the biggest thing in the world. But aging baby boomers may be the second-biggest thing. … What's in the dictionary is important beyond just looking up words. It's a sign — or warning — for advertisers and even politicians who have to appeal to the public. Significant changes in society create significant changes in the lexicon. And a dictionary is telling us where change is taking place.
McJam over McJob
James Grimmelmann reports on LawMeme that McDonald's is in a tiff over Merriam-Webster's (MW) inclusion of McJobs in the new edition of its Collegiate Dictionary. (Article: Tales of Trademark Abuse: McDonald's Goes After the Dictionary?) The Associated Press (via MSNBC) reports MW's definition: "low paying and dead-end work." (Article: McDonald’s balks at 'McJob' entry) AP writes, "In an open letter to Merriam-Webster, McDonald’s CEO Jim Cantalupo said the term is 'an inaccurate description of restaurant employment' and 'a slap in the face to the 12 million men and women' who work in the restaurant industry." The company's lawyers also noticed the similarity between McJob and McJobs — the trademarked name of McDonald's training program for mentally- and physically-challenged people. James comments, "McDonald's wants to censor the dictionary in order to protect their brand, and they'll use trademarks to do it." He is right, of course, but I am not sure it matters.
Federal trademark law is governed by the Lanham Act. What part of the law might MW have violated? Section 43 of the Act (codified in 15 U.S.C. ง 1125) is the chief provision establishing civil liability in the trademark context. While McDonald's arguments in this area may rise above the Rule 11 bar, they are probably not winners in court.
Section 43(a) prohibits one from using a word or other mark "in commerce" in a manner that constitutes a "false designation of origin…or [a] false or misleading representation of fact." This false or misleading usage must be "likely to cause confusion" as to the origin of a product or as to some connection to a third party. Using a mark in "commercial advertising" that misrepresents the nature or characteristics of a product can also trigger civil liability. This is known as the infringement section of the Lanham Act, and it is most often applied where Competitor 1 sells a product under a mark that is confusingly similar to Competitor 2's mark. See Polaroid Corp. v. Polarad Elect. Corp., 287 F.2d 492 (2d Cir. 1961). This tort is known as trademark infringement, and ง 43(a) provides both a cause of action and a right of action for the owner of the mark (Competitor 2, in my example) to bring an action in federal court.
Did MW commit trademark infringement? There has been no suggestion that MW used the word McJob in any advertisement, to designate the origin of its dictionary, or to make any representation about the dictionary's contents. Can any reasonable argument be made that MW's inclusion of McJob in the dictionary suggests any kind of association, sponsorship, or approval by McDonald's? If so, I would love to hear it. First, the word is only one of approximately ten thousand new words added in the new edition — in addition to the tens of thousands of words already there from prior editions. It might be different if MW had added only a handful of new terms or placed McJob on the dust jacket, as a pithy excerpt designed to market the book. Second, MW's dictionaries contain a host of words that match registered trademarks precisely, such as Xerox, Teflon, and Polaroid. All of these entries mention the relevant trademarks, then define these words in generic terms — the antithesis of what a trademark owner would want. Xerox Corp., for example, is famous for buying advertisements and sending letters by the bushel, urging people to use its famous mark only as a modifier for its brand, not as a generic word. Meanwhile, McDonald's is objecting to a word that is merely similar and not identical to its trademark. The owners of any of those other marks could make a stronger argument than McDonald's can.
However, none of the companies owning these marks are complaining about their inclusion in the dictionary. Trademark law recognizes that some types of speech and writing are socially useful — especially expression that is at the heart of the First Amendment, such as commentary and satire. Dictionaries fall in this category because they disseminate knowledge more than any other type of reference work, and they provide us with the means of communicating intelligibly. Without dictionaries, there would be no standardization in language, and the volume of core First-Amendment activity would be reduced. Such important uses of language are given a wide berth in trademark law.
The other major provision of ง 43 is subsection (c), entitled "Remedies for dilution of famous marks." The principal function of trademarks is to designate the origin of products in commerce, so marks become more valuable as they become more well-known. Additionally, the more "distinctive" a mark is, the more it does to distinguish the products to which it is attached from competing products. Therefore, it makes sense that the law would accord more protection to marks that are both famous and distinctive than to marks that are only one or neither. Section 43(c) therefore requires a trademark to be "famous" and that someone use the mark in a manner that "causes dilution of [the mark's] distinctive quality." When these conditions are satisified, the person using the mark without permission (Competitor 1, in my example above) would be liable for trademark dilution.
Few trademarks are more famous than McDonald's McX family of marks, where X can be replaced by many different words. The company has spent enormous sums on marketing over several decades to gain that recognition. The marks are so famous that appending "Mc" to nearly any word connotes the qualities that we generally attribute to McDonald's restaurants. The association between McX and the homogenization of culture and commerce is firmly embedded in the American zeitgeist. McHouses fill cookie-cutter subdivisions typified by Levittown. McMusic is the predictable tunes played by the "boy bands" of the late 1990s.
Thus, McDonald's can establish the "famous" element of a trademark dilution claim. Ironically, however, that fame works against the company because of the equally-famous association between McX and homogenization — notwithstanding that such usage is without McDonald's consent. The public has, over many years, infused McX with a meaning entirely unrelated to the offerings on a restaurant menu. Many acts of dilution by millions of people over many years have impaired McX's ability to differentiate McDonald's entrees from those of, say, Burger King. MW's inclusion of McJob in its new dictionary causes, if anything, only an infinitesimal amount of marginal dilution. As a lexicographer, MW merely reports dilution that has already occurred in American English.
As a side note, I should note that McDonald's might also make an argument about the "tarnishment" of its trademark. MW's definition of McJob is unflattering, and it suggests that McDonald's restaurants' employees are miserable. The law of large numbers suggests that this cannot be true for each of McDonald's 400,000+ employees. However, the tarnishment argument falls to the same rebuttal as the dilution argument. MW is a lexicographer and merely reports any tarnishment that may have occurred over time, as millions of people have spoken or written McJob with the reported definition. Furthermore, the definition is not libelous of McDonald's as a company, nor of any particular employee (because no particular employee is identifiable in the definition). Rather, the definition remains a form of reporting on a public controversy and therefore embodies several activities at the core of First-Amendment protection.
The definition "low paying and dead-end work" shows the commentary-laden meaning that the public has already attached to McX. Unfortunately for McDonald's, that meaning is wrapped up in the controversial economics and politics of globalization. The First Amendment protects political speech more zealously than any other type of speech, and strong trademarks must often yield to free-speech interests in the realm of public debate. As James Grimmelmann noted, McDonald's is trying to remove a word from the dictionary and is using trademark law as its tool. The company may have created a family of words, but that does not give it the right to control its development in perpetuity. The public must have the right to discuss political and social issues.
Thursday, 6 November 2003
Penn State lends credibility to Napster 2.0
Pennsylvania State University announced today that it would offer its students a chance to partake in Napster 2.0. The original incarnation of Napster — once synonymous with wanton copyright violation — shut down two years ago, under the crushing weight of a legal assault from the Recording Industry Association of America (RIAA). Sometime thereafter, a small software company named Roxio purchased the defunct Napster's source code and brand, betting that Napster's worldwide name recognition would help it launch a legal music distribution service. Not long ago, Napster 2.0 launched, selling individual songs for 99ข and monthly "subscriptions" for $9.95. The Nittany Lions intend to fund their new service from the $160-per-year "information technology fee" that its students are required to pay. The university declined to state how much it paid per student in the deal but claims the amount was "substantially less" than Napster's standard $9.95 per month. See the New York Times' coverage: "Penn State Will Pay to Allow Students to Download Music."
Update: Sony Music and BMG intend to merge
After reporting yesterday on the burgeoning business of partnerships among media companies (Media Giants Getting Together), the Washington Post reports today that "Sony Music Entertainment Inc. and BMG Entertainment have signed a nonbinding letter of intent to merge, creating a goliath that would control a quarter of the world's music business." (New Duet in Music World) See yesterday's blog on media partnerships.
Wednesday, 5 November 2003
Partnerships mask media consolidation
The Washington Post has an interesting article about the rise of partnerships in the news media industry. (Media Giants Getting Together) In a field where scoops were once jealously guarded, they are now shared with abandon.
More and more media organizations — newspapers, magazines, television networks, Web sites — are forming globe-spanning, interlocking and often-cyclic partnerships with each other; some paid, others not. In an effort to hold budgets in line while expanding out of their traditional niches, newspapers give stories to each other, print reporters appear on television news shows and Web sites link to newspapers, television networks and magazines.In recent years, civil libertarians have lamented media consolidation with increasing frequency and volume. The more outlets that are controlled by Big Media, they argue, the fewer voices will be heard in the marketplace of ideas. If, for example,
The partnership model is supposed to mitigate this dystopia. No single company could possibly expand fast enough to grow all the businesses mentioned above internally. Therefore, they must either acquire other companies or form partnerships with other companies to extend their reach as far as possible. Mergers and takeovers result in unified control from the top down. Partnerships are more fluid, usually comprising only a small number of specified joint projects and lasting only for limited times. Projects and their durations are specified in advance in contracts between the partners. Partnerships are likely to focus on efforts most likely to deliver a cost-savings benefit or extend the partners' "reach" as far as possible in a short time. As reported in the Washington Post:
"One of the major justifications proffered for broadcast mergers and newspaper/broadcast combos is 'efficiencies' and 'synergies,'" said Andrew Schwartzman, president of the Media Access Project, which has opposed many media mergers. "As these deals demonstrate, it is possible to achieve both without actually purchasing or controlling both properties." [Hyperlink mine] At the same time, however, Schwartzman warned that such partnerships "can be abused as a means of reducing service, especially at the local level."
What does this mean for the average consumer of news, entertainment, and other information? One can no longer determine the ultimate source of information from the medium in which it is received or from the "brand name" at the top of the page or at the beginning of the broadcast. An article in the Washington Post may come from the Dow Jones company (via the Post's partnership with the Wall Street Journal). A Discovery Channel documentary may come from the New York Times (via their collaboration on the Discovery Times cable channel).
Would you trust an NBC news report on the latest consumer electronics? Before you answer, consider that NBC is owned by General Electric and has a 50% stake in MSNBC, along with Microsoft. Consider whether NBC has a financial incentive to make people more inclined to buy products made by GE or Microsoft. Now answer the question.
Tuesday, 4 November 2003
Diebold's reaction to California's prudence
California election officials at the state's State Department added fuel to the fiery blogosphere two days ago, when they announced they would halt the certification process for new voting machines manufactured by Diebold Election Systems. The announcement came in the wake of multiple, independent, public revelations that the software running the machines is horribly insecure and Diebold's infamous attempts to squelch public discussion of the issue. (Sources: 1, 2, 3) Amazingly, the blog furor has apparently overlooked one interesting bit. A recent Wired News article mentions the reaction of Diebold officials who attended the meeting where the State Department announced its decision. (Article: Calif. Halts E-Vote Certification) Quoth the article: "Diebold officials, who were attending the meeting, seemed surprised by the announcement and expressed displeasure to several panelists afterward that it had been introduced in a public forum. They were unavailable [after the meeting] for comment."
Is anyone surprised that Diebold's chief concern was the public nature of the announcement and not the problems underlying it?
Update: MIT suspends music-on-demand service
The New York Times reports that the Massacusetts Institute of Technology (MIT)has "temporarily suspended" its ballyhooed music-on-demand service. (Article: Music-Sharing Service at M.I.T. Is Shut Down) (See my prior blogs on this issue: 1, 2.)
NYT summarizes Diebold brouhaha
Yesterday the New York Times (NYT) published an excellent overview of the situation that Diebold Election Systems has created for itself. (Article: File Sharing Pits Copyright Against Free Speech) (See my previous blog entries on Diebold: 1, 2, 3, 4.) The crux of the summary:
Diebold Election Systems, which makes voting machines, is waging legal war against grass-roots advocates, including dozens of college students, who are posting on the Internet copies of the company’s internal communications about its electronic voting machines.
Sunday, 2 November 2003
Scientific freedom in the age of bioterrorism
The Washington Post reports a sterling example of how scientific freedom should be preserved in this age of bioterrism. (Article: Engineered Virus Related to Smallpox Evades Vaccine) President Bush has categorized large swaths of research as either classified or "sensitive but unclassified" with the intent of controlling the direction of research and restricting the dissemination of knowledge gained therefrom. For all the reasons already argued in the two-year-old debate on these restrictions, this purported secrecy is doomed to fail and will retard responses to bioterror attacks. The research reported in this article, however, was conducted and disseminated scientifically, without any attempt at secrecy — yet also without compromising national security.
No, I do not suggest that an altered smallpox virus is without national security implications. The lead researcher, virologist Mark Buller of Saint Louis University, explains why he has "absolutely no biosafety issues" with his work:
Although he acknowledged that someone could, in theory, apply similar techniques to smallpox, he said he had no qualms about presenting his data at the Geneva meeting because his team had found two different ways of countering the enhanced virulence with drugs and vaccines, and is close to perfecting a third way.
This is precisely the sort of security disclosure (simultaneous exposure of problems and solutions) that has served the IT industry for decades.
Reagan apologist-revisionists seek script approval
The Washington Post reports that the Republican National Committee (RNC) and several of its most powerful members have asked CBS for the right to approve the contents of its forthcoming miniseries, "The Reagans," which tells the story of the former President and First Lady. (Article: GOP Wants Review of Reagan Miniseries) The RNC's letter requested CBS to submit the script to "historians to review the program for historical accuracy" so as to "avoid any confusion as to what constitutes treating the President, Mrs. Reagan and the Reagan administrations in an honest sort of way." The RNC apparently heard that the miniseries would portray the Reagans in an unflattering light — but conveniently forgot that its "historical accuracy" is due in large part to the former President's own authorized biography and the First Lady's own memoirs. Not to be overbearing, however, the RNC offered CBS a reasonable alternative to script approval. CBS may, at its option, "inform…viewers via a crawl every 10 minutes that the program is a fictional portrayal of the Reagans and the Reagan Presidency, and they should not consider it to be historically accurate."
I might suggest that the RNC could respond with essays or its own documentary if it finds specific inaccuracies in CBS's work. I won't, however, since this is the same party whose current President believes that the First Amendment should not allow people to discuss him frankly.
Monsanto sues farmers for saving soybeans
Taking a page from the RIAA playbook, agriculture giant Monsanto Corp. has taken to suing farmers to enforce its patent on Roundup Readyฎ (RR) Soybeans. Monsanto developed the patented soybean seeds (bearing a trademarked name, no less) to resist its best-selling herbicide, Roundupฎ. The new plants allow farmers to apply more herbicide to control weeds without killing their crops. However, Monsanto does not simply sell the seeds. It licenses them, and the license terms prohibit saving seeds from one season for planting in the next. Never mind that saving seeds has been standard operating procedure in farming for the entire history of human agriculture.
I have no beef with Monsanto licensing its patented technology rather than selling outright the products based on it. However, it has done an inexcusably negligent job of informing farmers of the contents of the form contracts by which it sells RR soybeans. The New York Times (NYT) reports (Saving Seeds Subjects Farmers to Suits Over Patent) that farmers sign the contracts without reading them believing they are the same standard seed-sale agreements they have signed in previous years. Although some farmers are aware of the $6.50 "technology fee" per sack of seeds, Monsanto appears to have made no effort to call attention to the anti-saving provision. Obviously, many farmers saved some seeds and replanted them in the next season, violating both the contract and Monsanto's patent. The NYT article says that many farmers are fighting the lawsuits, taking them all the way to judgment, and that the first is now up on appeal. It is only a matter of time before we get appellate-level decisions on the enforceability of these contracts under contract-of-adhesion and antitrust law.
Friday, 31 October 2003
Update: MIT lacks music licenses
As I blogged a few days ago, a group of MIT students devised an analog system for transmitting music via the university's cable television infrastructure. They intended to distribute streaming music free of charge to students without triggering copyright rules that mandate royalties for digital on-demand distribution. Today the Los Angeles Times reports that MIT had to suspend service for part of its music library because Loudeye Corp., the company from which it believed it had purchased licenses for the music, did not have the relevant licenses to sell. (Article: Music Service at MIT Hits a Snag) MIT and Loudeye are now engaged in very public finger-pointing.
Thursday, 30 October 2003
Idiot's guide to combating satire & criticism
If there were a rule #1 in public relations for responding to satire, it would be: "If someone satirizes you, don't give him free advertising." Fortunately, most American corporations and political entities have yet to learn this lesson. This gives the rest of us endless entertainment as they add to the "who's who" list of good satire that comes from their PR blunders.
My first exposure to this maxim came in the 2000 U.S. Presidential campaign, when then-governor Bush excoriated the plucky web site GWBush.com in front of a large crowd and television cameras. His staff had registered all the Internet domains it could think of that contained variations of the candidate's name, but this one slipped through the cracks and was registered by a gadfly. The site satirized Bush and all the silly things he said.
Instead of ignoring this relatively unknown crank, Bush stood atop his soapbox and uttered the phrase that will live longer than his children's children: "There ought to be limits on this kind of freedom." The site enjoyed an instant (and long-lived) boost in popularity, growing from 1,000 visitors per day to over 1 million visitors per day for the rest of the campaign, with somewhat lower levels thereafter. The t-shirts it introduced the next day (with the "There ought to be limits on…freedom" speech bubble) were its hottest item for the rest of the campaign.
A group near and dear to Bush's heart, the Republican Party of Texas (RPT) is not outdone by its leader. Last March, the RPT threatened to sue the operators of a web site, EnronownstheGOP.com. The parody site mimics the RPT's site and "contains a banner which reads 'Republican Party of Texas…brought to you by Enron.' The letter 'e' in the word 'Republican' is in the form of the crooked 'e' symbol for Enron. The Web site contains 'humorous takes on the GOP's ties to Enron'" and parodic representations of its elephant logo. (Source) The site promptly displayed RPT's "cease and desist" letters, and the story was picked up by the national media. That same week, my Trademarks professor, David Byer, brought it to the attention of our law school class. "I had three or four associates ask if we could represent this site pro bono," he said. "That is not the reaction you want people to have when they read about your lawsuit."
The most recent bonehead example comes from Fox. (I am not trying to paint this as a right-wing problem (honest!) the best recent examples just happen to come from "right field.") On Tuesday Matt Groening, creator of "The Simpsons," reported during an interview on NPR that Fox News nearly sued the network's entertainment division over a Simpsons episode that parodied "the Fox News rolling news ticker" by highlighting what is widely-perceived as "the channel's anti-Democrat stance, with headlines like 'Do Democrats Cause Cancer?'" (Source) If Fox News had the self-control to ignore its sister channel's show, only those who saw the show would have seen it, and only a few Simpsons devotees would remember it an hour later. Now, however, over a dozen news outlets have picked up the story.
Laser printers, razor blades, and the DMCA
The much-blogged-on exemptions from the Digital Millennium Copyright Act (DMCA), issued by the Copyright Office earlier this week, contain an interesting passage beginning at page 172. (The report is 198 pages long.) Lexmark, the #2 printer manufacturer, brought a widely publicized lawsuit against Static Control Corporation (SCC) alleging, inter alia, violations of the DMCA. When SCC filed for an exemption under the copyright rulemaking procedures, the Register was backed into the unusual corner of commenting on pending litigation.
Razor & Blades Business Model
Laser printers use an "ink" called toner, which comes in cartridges that are inserted into the printer. A new printer is sold with a full cartridge, and a moderate level of printing will use up one cartridge's worth of toner in about six months. Once this occurs, the user has two options: buy a new or refurbished (refilled) cartridge. Printer manufacturers sell new cartridges with full warranties against defective parts and workmanship. Refurbished cartridges are refilled by either the manufacturer or a third party in an aftermarket, and they generally do not carry warranties. Refurbished cartridges have two major selling points — one theoretical and one practical. First, refurbishing is a form of recycling and is more environmentally-friendly. Second, refurbished cartridges are cheaper than new ones.
The laser printer industry has long used the razor-and-blades business model famously pioneered by King C. Gillette. Shaving razors are a classic consumable good because ordinary wear and tear render them useless after a short time. A week or so of shaving will render the blade too dull to shave effectively, so the consumer discards the old blade and buys a new one. Once upon a time, razor blades were manufactured with their handles attached, as a single piece. Since each purchase entailed buying the entire unit, purchasing a Brand X blade one week did not bind a customer to buying the same brand the next week. While there may have been differences in quality among the various blades, most consumers could not objectively detect those differences, so there was no brand loyalty, and price was the chief (and perhaps only) discriminator. Gillette's innovation changed all that.
Gillette realized that he could manufacture the handles separately from the blades and that blades alone would be cheaper to make than the blade-handle combination. At the same time, he could make his handles and blades in a special shape so that neither unit would "fit" another brand. Once a consumer bought a Gillette handle, he would be locked into buying Gillette blades because nobody would want to buy relatively cheap blades that would not fit into an already-owned and relatively expensive handle. Consumers benefitted because they paid less money for blades in the long run — because they were consuming less material, since they discarded only the blades. Gillette benfitted with a steady stream of blade sales, proportional to the number of handles previously sold. (In IT jargon, the number of handles was Gillette's "installed user base.") To induce consumers to buy into this system, Gillette sold his handles as cheaply as possible, often just breaking even or taking a loss. He could afford to do this because the markup on blades was quite high, yielding a high per-blade profit, so he would make up for any loss on the handle after just a few blades.
The laser printer industry uses the same basic business model. Lexmark and competitors like Hewlett-Packard (HP) sell printers at- or below-cost, in an attempt to make them seem as inexpensive as possible in the first instance. Each manufacturer's printers work only with its own toner cartridges, as each company seeks to guarantee that its customers have to buy its toner for the life of the printer. Toner sales drive these companies' profits. (See, e.g., third quarter profit reports released by Lexmark and HP earlier this month.)
With this razor-and-blades model foremost in mind, Lexmark designed its T-series printers so that certain features that would work only with new toner cartridges or those refurbished by Lexmark but would fail with cartridges refurbished by third parties. Third-party refurbishers, Lexmark believes, hijack its aftermarket revenue stream from toner sales that "subsidize" the cheap initial price of printers. For example, T-series printers display a message when the level of toner in the current cartridge falls below a certain level, to warn the user that he should buy a new cartridge. A microchip in the cartridge feeds this information to the printer, and this chip cannot read the toner level after the cartridge has been refilled. Lexmark can correct this when it recycles its own cartridges, putting a new chip in the old cartridge that can read the toner level. However, when another company puts new chips in old cartridges (or manufactures its own cartridges and microchips in the same shape, that will fit in Lexmark printers), Lexmark cries foul. This is exactly what SCC did and how Lexmark responded. Lexmark sued SCC, alleging patent infringement and copyright infringement under the DMCA.
The reader should understand one additional point, too. Lexmark introduced an additional step into the razor-and-blades model, selling two types of toner cartridges. The first type embodies the classic model described above. The second type, called "prebate" cartridges, are sold at a $50 discount — but only under a contract that obligates the purchaser to return the empty cartridge to Lexmark once the toner is gone. In addition to this contractual protection, Lexmark builds into prebate cartridges an additional, technological measure of protection. As the Register explains, prebate cartridges contain microchips that engage
in an authentication sequence, or 'secret handshake,' with the Printer Engine Program on the Lexmark T-series printers. This authentication sequence runs each time a toner cartridge is inserted into a Lexmark T-series printer, each time the printer is turned on, or whenever the printer is opened and closed. This authentication sequence must be successfully performed in order for the Toner Loading Program to exchange information with Printer Engine Program and to allow the printer to function. If, on the other hand, the authentication sequence does not successfully occur, the printer will not recognize the toner cartridge as authorized and access to the Printer Engine Program will be disabled. [pages 174–75]
SCC designed its own printer cartridges and microchips that mimicked the functionality of Lexmark's products. Of course, SCC did this without Lexmark's permission; Lexmark never would grant permission for a product would deprive it of its most important revenue stream. So Lexmark sued SCC for patent and copyright infringement, seeking damages (money, measured as the sales of toner that Lexmark lost due to SCC's actions) and an injunction (a court order for SCC to stop).
The Register's Report
Patent law is supposed to protect inventions, devices and other functional technology, whereas copyright law is supposed to protect creative works like writings and music. This is why Lexmark's decision to invoke copyright law to protect its printers is so discordant. In my opinion, Lexmark alleged just enough creative/expressive content in its chips to avoid Rule 11 sanctions, but the District Court obviously disagreed with me — and granted it a preliminary injunction. It is generally understood in the industry and in (at least) some courts that computer software is expressive for copyright and first-amendment purposes — notwithstanding that it has functional (non-expressive) characteristics. It is also generally-accepted that someone may copy another's computer program for the sole purpose of reverse engineering it, so long as the reverse-engineered code is original and no copyrighted code is used in the final product. This is what Lexmark alleged that SCC did when it claimed copyright infringement. The District Court agreed with Lexmark that this constitutes "circumvent[ion of] a technological measure that effectively controls access to a work protected under" copyright law — which the very first section of the DMCA renders illegal.
The Register of Copyrights, in her report, pointed to § 1201(f) of the statute, which Congress "intended 'to avoid hindering competition and innovation in the computer and software industry.' Congress did not intend the DMCA to change the effect of pre- DMCA case law that allowed legitimate software developers to continue engaging in certain activities for the purpose of achieving interoperability between computer programs." (page 178, quoting House Manager's Report at 14 and citing the landmark case, Sega Enterprises Ltd. v. Accolade, Ind., 977 F.2d 1510 (9th Cir. 1992)) This concern for interoperatbility covers "not only … individual use, but [extends to] enabling competitive choices in the marketplace." (Id.) This "statutory exemption," the Register wrote, "goes far beyond the limits of this rulemaking" proceeding. (Id. at 180)
While the report denies a specific exemption to SCC, it recognizes that the exemption in § 1201(f) is broad and that SCC's activity falls within it. This interpretation of the statutory language — on the public record, by an entity with great persuasive authority in the courts — is a boon for competition. Furthermore, it reflects the instinctive dichotomy between patent and copyright law, leaving patents to protect technology and keeping copyrights focused on expression. The Register's opinion does not bind the Sixth Circuit, where the Lexmark suit is now pending, but courts of appeal do take notice when a specialized regulatory agency publishes such a strongly-worded opinion on the public record — so while SCC nominally "lost" (the Register refused to grant it an exemption), it may have "won" in a broader sense that it did not anticipate.
Wednesday, 29 October 2003
Update: Press coverage of DMCA exemptions
The Wired article has this succinct summary of the exemptions granted yesterday: "People may bypass a digital lock to access lists of websites blocked by commercial filtering companies, circumvent obsolete dongles to access computer programs, access computer programs and video games in obsolete formats, and access e-books where the text-to-speech function has been disabled."
Tuesday, 28 October 2003
Copyright Office issues DMCA exemptions
The U.S. Copyright Office today issued its report creating a new set of exemptions under the DMCA for the next three years. (Links: short version and long version) The Register granted two major exemptions and denied many others. Ernest Miller has a collection of blog links. Derek Slater has a good, short summary.
Elvis' income tops among dead celebrities
Interesting development that brings the law of publicity to the fore: Last week Forbes magazine reported the top-earning dead celebrities. (Article: Top-Earning Dead Celebrities) Elvis Presley ($40 million) has held the top spot since Forbes introduced this ranking three years ago. This year, he is followed by the likes of "Peanuts" cartoonist Charles Schulz ($32 million), J.R.R. Tolkien ($22 million), and former Beatles John Lennon ($19 million) and George Harrison ($16 million). Tolkien's rank is temporary, I suspect, and will fall once the Lord of the Rings films finish their theater and video runs.
Monday, 27 October 2003
AP picks up the Diebold story
The Associated Press has picked up the story of Diebold's cease & desist demands under the DMCA. (Article: Diebold threatens publishers of leaked electronic-voting documents.) This should lead more mainstream news outlets to carry the story, beyond the paltry few that have carried it thus far (1, 2, 3). This could be the third major story with national political implications broken in the blogosphere after the mainstream press ignored it.
Sunday, 26 October 2003
Update: Indirect linking & the DMCA
Today, LawMeme asked essentially the same question I asked on Friday. I cannot link directly to the LawMeme article, in order to preserve the experiment I proposed on Friday (due to trackbacking effects). You can find it easily, however. The title is "How Direct is Too Direct When It Comes to Hyperlinks?," the author is James Grimmelmann, the publication date is 26 Oct 2003, and the category is copyright.
Friday, 24 October 2003
Antipiracy indoctrination gets off to rocky start
The Motion Picture Association of America (MPAA), the chief Hollywood lobbyist, has launched an indoctrination campaign in public schools. Although MPAA calls it "education," the program fits all the elements of the definition of indoctrination in Webster's Dictionary. MPAA paid $100,000 to deliver its message to 900,000 children over the next two years, taking advantage of public schools' budget crises. Although the program's title is "A Guide to Digital Citizenship," its curriculum is more accurately reflected by its slogan, "If you haven't paid for it, you've stolen it."
As a statement of law, this slogan is absolutely wrong. There are many situations in which one can lawfully acquire property without paying for it, and a good number of those apply to file sharing, the main target of MPAA's effort. As reported by AP, the MPAA curriculum is a simplistic and one-sided presentation on a complex area of law, delivered to children, many of whom are likely to lack the knowledge and sophistication to engage the instructors in productive discussion. In one example reported by AP, one knowledgable student was cut off by the teacher when he disagreed with the scripted lesson.
Note to MPAA: Discussion is good, but proselytization is not.
Thursday, 23 October 2003
Mark Fingerman posted a comment asking some good questions about my entry on the propriety of using copyright to quell criticism ("Diebold detractors defy DMCA desist demands"). I will try to answer them all here.
First, whether Bill Gates "should be allowed to profit from" software that he designs. Of course! The law should forbid people to profit from their labor only in rare circumstances — like murders for hire. Should Ford be allowed to sell cars at a profit? And Dole to sell pineapples? Surely, no one would argue that these companies are not permitted to build and grow physical products with their own factories and land, then place those items in the stream of commerce. The difference is that cars and pineapples are physical goods, which are rivalrous, meaning that only one person can consume them at any time (and, in the case of pineapples, only one person can eat a pineapple before it becomes useless to everyone else). Software is a nontangible good, which can be copied and used by two or more people at the same time — so if you copy my Office 2002 CD, my enjoyment of the software is not diminished. That is where copyright law comes in: the law erects an artificial barrier to some activities to imbue nontangible goods with some of the same qualities that allow producers to profit from tangible goods. (Note that "artificial" sometimes carries a negative connotation, but that is not what I intend here. I mean that a legal barrier does not exist in a "natural" world without laws.)
Second, on "intermediate" products of a copyrightable nature. Surely, Tom Clancy holds a copyright in chapter 1 before he finishes writing chapter 12. Copyright law protects the expression in any creative work beginning at the instant it is "fixed in a tangible medium of expression." Courts have interpreted the term "tangible medium of expression" broadly, as anything that can hold information in a stable form for a measurable period of time — e.g., paper, rock, clay, glass, wood, magnetic disks and RAM. Section 101 of the Copyright Act defines the moment of fixation:
A work is "fixed" in a tangible medium of expression when its embodiment in a copy or phonorecord, by or under the authority of the author, is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration.
The Copyright Act does not distinguish between "finished" and "unfinished" works, and the copyrights in intermediate stages of production can be analyzed separately from the copyright in a finished work. Normally we need not bother, because the copyright in the finished product is much more valuable and is the focus of disputes that arise.
Next, Mark takes exception to my claim that "The public enjoys the right to make 'fair use' of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression." He asks, "So the public has the right to break into your home, steal your private correspondence, and publish it 'especially for purposes such as criticism, satire, parody, scholarly analysis...?' Can I rob a bank for the purpose of holding them up to 'scholarly analysis?'"
The answer, of course, is no, because the actions you describe are crimes and torts. Diebold has clear legal remedies against the person who broke into its computer network. It can sue him for, among other claims, trespass, theft of trade secrets, and interference with business relations. It can also press criminal charges under the Computer Fraud & Abuse Act. Take note that Diebold has done none of these legitimate things. Instead, the company has taken aim at people who have, unquestionably, never committed a crime or tort against it. The harm that Diebold fears is not further loss of trade secrets (these "secrets" are already public knowledge so, by definition, they are no longer trade secrets). Rather, it is trying to use copyright law to stymie discussion its products after the public has learned of their flaws.
The Lanham Act, the foundation of American trademark law, explicitly allows us to reproduce trademarked words, phrases, and symbols for the purpose of discussing the products they represent. This limits the general rule that reproducing a trademark without permission is infringement, and it is necessary to avoid rendering the trademark regime unconstitutional under the First Amendment. If we can write Diebold's name but cannot discuss its products, then the limitation is meaningless. Forcing the public to discuss the voting machines' shortcomings without sufficient supporting facts is tantamount to the same thing. Yes, the person who "stole" Diebold's documents should be held responsible, if Diebold chooses to press the issue. The general public, however, should not be held responsible for one person's wrongdoing.
Finally, the questions "Is Diebolds product better than hanging chads? And did Diebold provide what the state requested?" I take it, you are referring to the Georgia election I discussed in a previous article. For all the reasons stated in that article: no, Diebold's products (in their current form and with current election laws) are not better than hanging chads. And no, it did not provide what the state requested. The state certified the machines prior to the election, according to its laws. Sometime thereafter, Diebold made changes to its software and did not disclose that changes had been made — let alone the content of those changes — to anyone. There has been no allegation that these particular changes compromised the election, but one can easily imagine a scenario where such changes would cause problems. If the government is not informed of the changes and has no opportunity to examine them, what is to stop Diebold or another manufacturer from changing every tenth Republican vote to a Democratic one?
I sympathize with Diebold's problems. Nobody likes criticism. It invested a lot of time and money in developing its touch-screen voting machines, and it wants to prevent that work from being wasted. But we live in a democracy that values the integrity of its elections and a capitalist economy that values the operation of market forces in an environment of as-nearly-perfect-as-possible information. Diebold could subvert the first and has subverted the second.
Wednesday, 22 October 2003
Diebold detractors defy DMCA desist demands
As I explained in a previous article (E-lection security in Georgia), the voting machine products and related services sold by Diebold Election Systems raise serious election-integrity concerns. After a hacker broke into Diebold's computer network and downloaded ("stole," in Diebold's words) several internal memoranda, he distributed those documents widely, including some copies to journalists and activists. The compromising documents confirm that the company has known of its voting machines' shortcomings for some time. Embarassed, Diebold played the great American trump card, the lawsuit.
Diebold has sent an unknown number of "cease and desist" letters to people who posted the documents on their web sites. The letters threaten that the company will sue under the Digital Millennium Copyright Act (DMCA) if the recipient does not promptly remove the offending memos from his web site. Diebold (correctly) insists that it owns a copyright in those documents and that they are being publicly displayed without permission. It then invokes the provision of the law which requires Internet Service Providers (ISPs) to remove material that infringes a copyright promptly upon being notified of its presence on its servers. Any webmaster who does not take down the memos, Diebold threatens, will soon stare down the barrel of a copyright infringement lawsuit.
How is this wrong? Let me count the ways.
Copyright law, including the DMCA, is intended to give authors and artists a chance to earn rewards for their creative work. It grants them the exclusive rights to copy, distribute, perform, and publicly display their literature and art. In the U.S., the rationale behind copyright goes like this: if an author has the legal right to prevent others from doing these things, he will hold a limited monopoly on his own work and will be able to derive income from it. In Europe (and especially in France), the rationale is different: authors and artists are naturally and morally attached to their work, and this attachment endows them with the right to control the distribution and use of their work. Diebold, on the other hand, has never had the intention of profiting from the writings at issue. In fact, these writings harm Diebold's profit interests because they expose flaws in its revenue-generating products. The company's desire to suppress public discussion of these documents is understandable, but its method of suppressing them bends copyright law past the breaking point.
Copyright law has always granted only a limited monopoly to authors. The public enjoys the right to make "fair use" of copyrighted works especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression. These limitations on the copyright monopoly are deeply affected with First Amendment interests, and they are the Copyright Act's last line of defense against constitutional challenges. See, e.g., Eldred v. Ashcroft, 123 S.Ct. 769, 154 L.Ed.2d 683 (2003).
It is axiomatic in First Amendment jurisprudence that "political speech," broadly defined, is at the core of what the Amendment protects. Few, if any, topics are more fundamentally political than the process by which citizens in a democracy elect their government's officials. As states and counties update their voting machinery in the wake of the 2000 Presidential election debacle and the California recall lawsuit, most of them are adopting (or at least considering) "touch screen" machines like Diebold's. In perhaps ten to 15 years, all American elections will be conducted on such machines. Diebold, by choosing to manufacture and sell voting machines, has thrust itself into the the election process and made itself a focal point of public debate. Unfortunately, the company has asserted its copyrights for the sole purpose of stifling the public discussion that is so vital if our communities are going to adopt the best election machinery and conduct the fairest possible elections.
Civil libertarian organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) are fighting to protect the public's right to access, read and discuss documents that directly affect the right to vote. Without public discussion, our communities might buy inferior equipment, and future elections would be tained with, at best, inefficiency and, at worst, fraud and corruption. Two brave groups of students at Swarthmore College are engaged in an "electronic civil disobedience" campaign to thwart Diebold's machinations. The groups, Why War? and the Swarthmore Coalition for the Digital Commons (whose web site Diebold has, at least temporarily, succeeded in shutting down), have organized a network of students and others who are willing to host the Diebold documents for at least a short time. Why War? maintains a web page with links to the "current" location of the documents, and the location changes as soon as Diebold sends another cease and desist letter. Efforts like this give life to John Gilmore's prescient statement, "The Net treats censorship as damage and routes around it."
We should support efforts like Why War?'s not only because they bolster the long-term integrity of the American electoral system (their narrowest goal) but because they also enable the free exchange of ideas (their broadest goal). The First Amendment embodies some of the most fundamental rights and liberties that our society recognizes. Pinching them through copyright law can only hurt our society.
Terrified of Terror Profiling?
Bruce Schneier, the renowned expert in computer security (as well as founder and Chief Technical Officer of Counterpane Internet Security, Inc.) wrote a column this week for Newsday: "Terror Profiles By Computers Are Ineffective." As the title suggests, Schneier argues that all the approaches yet taken to "profiling" terrorists suffer from the same fundamental design flaw. "There's a common belief — generally mistaken — that if we only had enough data we could pick terrorists out of crowds," Schneier writes. He goes on to show that the types of information that we have endeavored to gather — indeed, the types of information that we can gather — bear no statistically significant relationship with terrorist acts, or even propensity toward terrorism.
Schneier's argument is bolstered by the simple, elegant, and compelling mathematical analysis done by Temple University mathematician John Allen Paulos, in the January 2003 installment of his column "Who's Counting?." The article, "Future World: Privacy, Terrorists, and Science Fiction," assumes that a project such as the recently de-funded Terrorist Information Awareness program (n้e "Total Information Awareness"), has succeeded beyond the wildest dreams of its founders by 2054, the year when the film Minority Report is set. This hypothetical program has a predictive success rate of 99%. Examining this number and assuming that the U.S. has 300 million citizens, Paulos proves that it would imprison just under 1,000 terrorists and just under 3 million innocent people.
Outsourced medical transcription causes privacy snafu
It is common practice for doctors to dictate notes that are later transcribed by clerical staff. This makes healthcare delivery more efficient because it frees doctors to spend more time with patients and less time with paperwork. With the advent of portable tape recorders and, more recently, personal digital recorders, healthcare organizations have found it even more efficient to "outsource" this transcription — to hire someone on a contract basis to record the oral notes in written form. Over time, a network of contractors and subcontractors developed to serve what became a $20 billion dollar medical transcription industry. Naturally, not all of these subcontractors are in the United States.
The Chronicle reports that Lubna Baloch, a medical transcription subcontractor in Pakistan, sent an email to the UCSF Medical Center which complained about her low wages and threatened to post patients' records on the Internet if she was not paid hundreds of dollars. To back up her threat, Ms. Baloch attached two patients' records to the email. "Your patient records are out in the open to be exposed," she wrote, "so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet."
The records have apparently not been posted to the Internet — yet. A subcontractor between her and the Medical Center paid her $500 on the condition that she withdraw her threat. Shortly thereafter, she sent another email to the medical center, writing, "I verify that I do not have any intent to distribute/release any patient health information out and I have destroyed the said information. I am retracting any statements made by me earlier." A spokesman for the Medical Center points out, however, that "We do not have any evidence that the person has destroyed the files."
The United States has a law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under this law, the Department of Health & Human Services has issued detailed regulations that govern how medical information must be kept confidential. Those rules are difficult or impossible to enforce abroad, however. While Ms. Baloch is at least three subcontracts removed from the UCSF Medical Center, it is not clear whether the hospitals or doctors could be held responsible in the event of a breach of its patients' privacy. The Medical Center claims that it was aware of only two levels of subcontracting and had no idea that its medical files were being sent offshore. The current regulations permit subcontracting of work like transcription, so long as the contracts have provisions requiring confidentiality. Details are still sketchy as to the content of the contract involved in this case. Time will tell if the law has been violated.
Even if the Medical Center did not break the law, this story should send shivers down the spines of all Americans who have ever been treated by a doctor. Economic globalization and digital communications technology have made outsourcing and "offshoring" routine, and no one knows how much of this work is being done outside the United States. Most of the work is going to countries where wages are low — otherwise, there would be no cost savings, and the medical staff would transcribe the notes in-house. Developing countries do not have privacy laws as comprehensive and sophisticated as those in the U.S. and Europe.
Ms. Baloch has come up with the idea for this extortion and it has become public, so it is only a matter of time before someone else tries it. The next person may demand much more than $500, and the next hospital may not be willing to pay. (Note that in this case a subcontractor paid the bribe, not the hospital.) Who loses in this situation? The patients. The most intimate details of our lives will be exposed to everyone with a computer and a telephone line.
How should we respond? Amend HIPAA? Possibly. Perhaps we need more stringent requirements for contracting and subcontracting. Maybe we should bar outsourcing to offshore companies, or at least restrict the countries where outsourcing is permitted to those having strong privacy laws. Maybe we need to do something else. But these problems will not go away — they will only become more pervasive.
Tuesday, 21 October 2003
CDT report on broadcast flag
Today, the Center for Democracy and Policy (CDT), Public Knowledge and Consumers Union (publisher of Consumer Reports) issued a 31-page report entitled "Implications of The Broadcast Flag: A Public Interest Primer" [pdf]. The report has an excellent description of the background of the broadcast flag and explains how the issues affect the television and film industries, the government, and the public interest with remarkable clarity. This is a must-read for anyone interested in the most active area of debate in copyright law for the next three years.
The report's three most important findings (in my opinion) are:
Wednesday, 15 October 2003
Standing questions in Newdow may prevent a ruling on the merits
Yesterday the U.S. Supreme Court granted certiorari to the Elk Grove Unified School District in its dispute with Michael Newdow. In lay terms, it agreed to hear the case. Newdow indirectly sparked a firestorm of national protest last summer, when the U.S. Court of Appeals for the 9th Circuit ruled that a 1954 act of Congress that inserted the phrase "under god" into the Pledge of Allegiance violated the first amendment to the constitution. While some of the debate has been intelligent and productive (1, 2), some of it has been invective and immature. As the parties and government-intervenors prepare to argue before the Supreme Court, suggestions have been raised that the Court should "dismiss" the case on "procedural grounds."
While the laymen journalists have gotten the terminology wrong, they may have the substance right.
Article III of the U.S. Constitution begins, "The judicial power of the United States, shall be vested in one supreme court, and in such inferior courts as the Congress may, from time to time, ordain and establish." Section 2 of Article III establishes the subject-matter jurisdiction of the federal courts — that is, the types of cases that the courts are empowered to hear. That section reads, in part:
The judicial power shall extend to all cases, in law and equity, arising under this constitution, the laws of the United States, and treaties made, or which shall be made under their authority; to all cases affecting ambassadors, other public ministers and consuls; to all cases of admiralty and maritime jurisdiction; to controversies to which the United States shall be a party; to controversies between two or more states, between a state and Citizens of another state, between Citizens of different states, between Citizens of the same state, claiming lands under grants of different states, and between a state, or the Citizens thereof, and foreign states, Citizens or subjects.
Together, these provisions give rise to the five-or-so (depending on how you count) sub-doctrines of justiciability: actual case or controversy, standing, ripeness, mootness, and political questions. These doctrines are complex in their detail, but their basic outlines are easy to understand. The long quote above from ง 2 has been interpreted to require an "actual case or controversy" between two or more parties before a federal court can exercise the judicial power of the United States. The dispute must be a real one, not merely hypothetical, and the courts cannot issue "advisory opinions." The sub-doctrine of standing arises from this requirement.
To have standing to assert a claim, a plaintiff must show that he has incurred some injury, that the injury has been caused by the defendant, and that the court has the power to redress the injury if it rules in the plaintiff's favor. In this context, "injury" is defined broadly as prejudice to any right or interest that the plaintiff is legally entitled to assert. This covers everything from physical/bodily injuries to loss of money or property and harm to the plaintiff's reputation.
After the 9th Circuit ruled last summer, the school district and the federal government moved to disqualify Newdow as a plaintiff, arguing that he lacked standing to sue in this case. Their arguments revolved around Newdow's relationship with his daughter and her mother, Sandra Banning, whom Newdow never married. When Newdow filed the suit, Banning had sole legal custody of her daughter — meaning that Newdow arguably did not have a legal right to give input into her upbringing. Newdow has since obtained a revised custody order in a California state court that clarifies his rights with respect to his daughter. Under that order, Newdow has a clear, legally-cognizable interest in his daughter's upbringing. The standing doctrine, however, recognizes the plaintiff's status only at the time he filed the federal lawsuit. The Supreme Court has asked the parties to brief and argue the issues of whether Newdow had such an interest when he filed the present lawsuit three years ago and, if not, what should be done with this case.
The Court's critics argue that it may use the standing issue as an excuse to shirk its duty to rule on the merits of the case. They are probably right, since the Court has clearly gained a sense of its political status in the wake of Bush v. Gore (the 2000 Presidential election case), Lawrence v. Texas (the Texas sodomy case), and Gratz v. Bollinger and Grutter v. Bollinger (the University of Michigan affirmative action cases). The facts of the Newdow case permit only one outcome — legally — but the Court will probably reach the opposite result for nonlegal reasons. The present Supreme Court is more conservative than any in recent history, and it would be highly entertaining to see it try to squirm its way out of its own precedents to find the Pledge constitutional in its current form — especially after Justice Scalia recused himself from this case.
However, as an honest man, I could not profess respect for the First Amendment without showing an equal respect for the rest of the Constitution. Although the First Amendment codifies the most basic liberties of our society, it coexists with other provisions of the Constitution as equals. Those other provisions, while not as morally compelling as the First Amendment, are equally demanding of our respect. Serious questions exist as to Newdow's standing in this case. Those questions will require a detailed examination of family law in California, which is the final arbitor of Newdow's legal rights with respect to his daughter. If the Supreme Court decides this case on Article III (standing) grounds, I will be the first person to leap to its defense. If it reaches the merits of the First Amendment dispute by shortchanging its analysis of the federal courts' jurisdiction, I will be the first to pen an editorial against it. I do hold out hope, however, that the Court can resolve the Article III question in Newdow's favor and reach the First Amendment question legitimately.
The worst harm that can come out of this situation will be for the Court to rule that Newdow lacks standing and dismiss the suit for that reason, then for supporters of the pledge in its current form to hail that decision as a ruling on the pledge. So let us try to avoid such misdirection, shall we?
Tuesday, 14 October 2003
E-lection security in Georgia
The issue of election integrity has gained widespread public attention since the 2000 Presidential election debacle. Demagogues have taken up electronic voting systems as the silver bullet to cure all the ills of paper-based elections. While it is true that electronic systems do eliminate some problems, they introduce just as many which are not solvable with current technology and election laws.
It has been apparent for some time that electronic voting systems lack sufficient safeguards to guarantee their security and integrity. David Dill, a computer science profesor at Stanford, has been pointing out these flaws for over a year now. For example, the companies that produce "touch screen" voting machines guard their equipment (both hardware and software) as trade secrets. Very little information about the equipment (beyond marketing literature, of course) is available to the public or to local election authorities before they enter contracts with these companies to provide products and services. The methods of keeping ballots physically secure and safe from hacker-tamperers are proprietary information in this burgeoning industry. In other words, the public is not permitted to know how their elections are being kept secure. Furthermore, there is ample opportunity for deliberate tampering with election results from the inside.
No balloting machine currently on the market creates a hard copy of a ballot as it is cast. This would require installing a printer in each machine, which would increase the machine's cost, or connecting each machine to a central printer, which would destroy the secrecy of the ballot. Either way, the local jurisdiction must absorb the additional costs of printing (paper, ink, and maintenance on the printers). So why is a paper trail necessary when the point of these machines is to decrease costs while improving accuracy? Because the balloting machines' software is proprietary, nobody outside the company that manufactures it knows what it is doing. A first-year programming student could write a program that displays input from a keyboard on a screen while recording different information on a disk. A voter might press the button for Gray Davis and see his name on the screen, but Arnold Schwarzenegger's name could be recorded. If the voter cannot see a paper record to verify his vote, there is no way to ensure that the proper votes are being recorded. These paper ballots would be verified by each voter in the polling booth, then secured in a locked box in much the same way that paper ballots are stored now. Without paper records, it is impossible to link individual voters to individual ballots after the election, if tampering is suspected. Paper ballots remain intact long after the election, making investigations and hand recounts possible.
It is a long-shot that anyone would ever fix an election in the U.S., you say? Maybe. But this is a live issue right now. Diebold Election Systems had its software certified by Georgia's election commission in advance of that state's 2002 gubernatorial election. Diebold then altered the software before the election without telling anyone! Diebold seems to have made the changes in response to reports that its machines were insecure and unreliable. Perhaps, but the move was awfully suspicious, considering that the election resulted in an upset and was decided by a very slim margin. Only a few votes would have to be altered to change the outcome and, without a paper trail, those few votes would be impossible identify. Wired News reports this story here.
Monday, 13 October 2003
John Halderman cracked an encryption and DRM system called MediaMax CD3, a product of SunComm Technologies. Why? He is a PhD candiate in Princeton University's Department of Computer Science, writing his thesis in computer security. In classic academic style, Halderman published the resulting paper on the web. In classic cranky-three-year-old style, SunnComm threatened to sue Halderman on several grounds, including a claim under the Digital Millenium Copyright Act (DMCA). SunComm's CEO's quote in the first news cycle since this story broke was precious: "No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property." SunComm backed down from its lawsuit threat within 48 hours after an enormous public outcry fueled by the blogosphere.
This episode is important for two reasons. First, it shows the excesses of the DMCA and underscores how ridiculously overbroad its language is (in addition to being bad policy). SunComm must have interpreted Halderman's paper as either a "device" intended to "circumvent a technological measure that effectively controls access to a [copyrighted] work" under DMCA ง 1201(a) or as trafficking in such devices. No person who speaks ordinary English would ever confuse a research paper with a device. Besides, Halderman defeated the system merely by holding down his shift key, so how "effective" could it be? Effectiveness of the DRM system is, after all, an essential element of the DMCA claim. SunComm may have deserved the $10 million decline in its stock-price value the day after the blogosphere picked up this story.
Second, it shows the power of the blogosphere. The first Internet publisher to become a legitimate force in American politics was Matt Drudge when he broke the Monica Lewinsky story in 1997 after the traditional press (namely, Newsweek) declined to print the story. The Internet's role in politics was considered routine barely five years later, when bloggers brought down Trent Lott again, after the traditional news media dismissed an important story. The SunComm episode clearly shows that Internet publishers' influence has outgrown the first level of the political sphere, where rumor and innuendo are weapons in their own right. This time, bloggers slapped around a software company working for several major record labels in two industries driven by bottom-line considerations. Blogging tools make Internet publishing easier than ever, and the number of bloggers is growing daily. Their voices are heard by one another and now by the major media and corporate America. If we can continue to avoid demagoguery, this may be a good thing.