EFF Breaking News
Tech News World
Chris Rush Cohen
E.D. Tex. Weblog
Hacking the Law
Online Liability Blog
Promote The Progress
Tech Law Advisor
Tech & Marketing
Cocktail Party Physics
Freedom to Tinker
Lawyers Don't Get It
Tech Liberation Front
Numbers Guy, The
Dump & Chase
On Frozen Blog
Off Wing Opinion
View From The Cheap Seats
Regret the Error
TiVo/Gizmo Lovers Blog
Tuesday, 6 January 2004
Diebold/DMCA summary & analysis
Monday, 5 January 2004
Norweigan authorities drop DeCSS case
Wednesday, 24 December 2003
Even before [Norway's prosecution of DVD-Jon] was filed, however, entertainment industry lobbyists had been pressing lawmakers in that country and elsewhere to enact tougher copyright laws, modeled on controversial U.S. legislation that makes it easier for authorities to win prison terms for people who crack encryption schemes or distribute cracking tools. If enacted, proposed legislation in Europe, Canada, Australia and Central and South America would soon hand entertainment companies similar weapons against people caught tinkering with anticopying software.Via Furdlog.
Sunday, 21 December 2003
GrokLaw on RIAA v. Verizon
Pamela Jones over at GrokLaw has a long analysis of RIAA v. Verizon. Amid her explanation of the decision, she waxes philosophic on the law generally. Also, her blog seems to be the place to be this weekend — that article had over 90 comments last time I checked.
Saturday, 20 December 2003
Declan's FAQ on RIAA v. Verizon
DC Circuit stumps RIAA
By now the world has heard of the D.C. Circuit decision in RIAA v. Verizon. Previously, the D.C. District Court ruled that Verizon must comply with RIAA's subpoenas, issued under § 512 of the Digital Millennium Copyright Act (DMCA). Those subpoenas are designed to force ISPs to disclose the identities of users whom RIAA suspects of illegally making copyrighted music available for others to download. RIAA can trace users by itself as far as their IP addresses (the sets of numbers that uniquely identifies every computer on the Internet), but it needs the cooperation of ISPs to connect an IP address with an individual's name and address. Once it has that information, it can send a cease & desist letter or file a lawsuit.
Yesterday's Circuit decision reverses the District Court's interpretation of the statute. The appeals court gave the statute an extremely close reading in rendering its decision. The relevant section has a complex sentence structure and many cross references, so it is no wonder that the parties (and two different courts) disagreed as to its meaning. Derek Slater makes a few interesting points, including: "I find it fascinating when opinions contrast in this way — when they see the same issue clearly, unambiguously, but oppositely. [District] Judge Bates, just like [Circuit Judge] Ginsburg, claims to stick to the statute's text and go no further, yet their opinions are night and day."
The decision is a victory for privacy, but not a victory for privacy as such. The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. […] The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.
The Circuit panel adopted most of Verizon's statutory argument — that § 512(h) authorizes subpoenas only in cases where the plaintiff alleges that the infringing material is stored on media controlled by the ISP. However, when the ISP is a mere conduit for data stored on media controlled by a third party (the ISP's subscriber, in this case), § 512(h) does not permit subpoenas outside of the context of a lawsuit.
This line of reasoning rests on the cross references between § 512(h) and § 512(c). Subsection (h) permits a copyright owner to apply to the Clerk of the court for a subpoena so long as the application contains "a copy of a notification [of claimed copyright infringement, as] described in [§ 512](c)(3)(A)." The relevant language in § 512(c)(3)(A) is: "To be effective under this subsection, a notification of claimed infringement must be a written communication … that includes substantially the following" six elements. The third enumerated element is "(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material." (Emphasis added)
The court agreed with Verizon that this language requires the subpoena application to assert that the ISP has the ability to remove or disable access to the allegedly infringing material. However, most current P2P applications use a decentralized architecture. This means that all shared data is stored on users' computers, not on any central server — except for temporary copies incidental to transmission, which the DMCA permits. Therefore, the ISP has no legal right to remove or disable access to the material shared on the P2P network:
No matter what information the copyright owner may provide [in its subpoena application], the ISP can neither "remove" nor "disable access to" the infringing material because that material is not stored on the ISP's servers. Verizon can not remove or disable one user's access to infringing material resident on another user's computer because Verizon does not control the content on its subscribers' computers.
This holding does have some privacy implications, but they are small compared to Verizon's alternative argument. Having decided this case on statutory grounds, the court ducked the larger First Amendment questions.
So what implications does it have? Dozens of people predict that RIAA will lobby Congress to close what it surely sees as a loophole in the DMCA. Ernest quipped, "[T]he RIAA has nearly hosed itself." The trade group has been trying to consolidate all its DMCA subpoena litigation in Washington, D.C. for administrative convenience. Now, however, it cannot be happy with its "success" in transferring the SBC case to the D.C. District from the Northern District of California in San Francisco — because the Verizon decision is now binding precedent in the nation's capital. This will not stop RIAA from getting users' information, however. It will only make the process slower and more expensive. Instead of paying its lawyers simply to draft subpoena applications, it now has to pay them to draft and file complaints and motions in addition to subpoena applications. These costs will be passed on to consumers in the form of higher average settlements.
John Palfrey sees a broader trend: "Add this development to the Grokster opinion, and the trend of the law in favor of digital rights holders is at least in a holding pattern." The trend may be even broader than Palfrey recognizes — this was a banner week for civil liberties everywhere. (It could, however, be just a blip on the post-9/11 radar screen.) The Dutch supreme court ruled that the makers of Kazaa are not liable under Dutch law for copyright infringement committed by the software's users. A day earlier, the Second Circuit ruled that the U.S. government may not classify Jose Padilla as an enemy combatant — which should assure that his constitutional rights are no longer suspended. Just a few hours later, the Ninth Circuit wrote "that the [Bush] administration's policy of imprisoning about 660 non-citizens on a naval base in Guantanamo Bay, Cuba, without access to U.S. legal protections 'raises the gravest concerns under both American and international law'" (source).
If nothing else, we live in interesting times.
Tuesday, 16 December 2003
CRIA Follows Big Brother's Lead
The millions of Canadians who share music files on the Internet should be prepared for the possibility of facing a lawsuit early in the new year, the head of the Canadian Recording Industry Association said yesterday. … [Brian] Robertson would not specify how many lawsuits would be filed, but he did say the legal action would be similar to the lawsuits filed in the United States. For some time, CRIA has been using software that tracks and identifies users involved in trading free music files. "Users should be aware that using file-sharing services is a very public process," Mr. Robertson said.Since Canada has no analog to the Digital Millennium Copyright Act (DMCA), it will be interesting to see whether CRIA's tracking software is anywhere near as effective as RIAA's subpoenas. Neither one, it cannot be pointed out often enough, has any judicial oversight. And both are ripe for abuse.
Wednesday, 10 December 2003
eWeek Editorial Board denounces DMCA abuse
The Editorial Board of eWeek Magazine published an editorial this week ("Copyright and Fair Use"), denouncing the rampant abuse of the Digital Millennium Copyright Act (DMCA). Civil libertarians have not been surprised by DMCA abuse, but eWeek's board apparently was. However, they make up for it with definitive language: "Repeated abuse of a statute is a sign that the law itself is defective." Their prime examples? The Skylink/Chamberlain and SCC/Lexmark cases.
Sunday, 7 December 2003
Borland on P2P
John Borland of C|Net wrote an interesting column last Thursday, asking whether RIAA's lawsuits against P2P users were having the desired deterrant effect ("RIAA lawsuits yield mixed results"). "At the core of the RIAA's strategy has been the attempt to persuade as many people as possible to stop trading copyrighted files online. This appears to be working in at least some groups, but the evidence is mixed at best." That same day, he also wrote a good summary of the compulsory licensing discussion in Canada: "Should ISP subscribers pay for P2P?"
Thursday, 4 December 2003
Johns Hopkins still bars publication of Diebold memos
Derek Slater reports the tribulations of Asheesh Laroia, a student at Johns Hopkins University. Despite never having received a cease & desist letter, JHU cut off access to the memoranda. Even after Laroia informed JHU that Diebold had retreated (1, 2), the university persisted, writing that it "cannot allow its resources to be used in violation of copyright law, whether or not the holder of the copyright (in this case Diebold) plans to prosecute."
All I can say is I am glad I am not a student there.
Monday, 1 December 2003
Crimson confirms Diebold will not sue students
Zachary Seward reports in the Harvard Crimson that a Diebold spokesman confirmed that the company will not sue students who posted internal company memoranda on the Internet ("Diebold Won't Sue Students"). Thanks go to John Palfrey for the heads up. The article has one interesting point that bears mentioning here:
In one memorandum from April 23, 1999, [a Diebold] employee acknowledges a flaw in one of the company's electronic ballots. "I don't expect you will see a fix in time for the election," the employee writes, "since it is tomorrow." Diebold will not comment on the memoranda but has said that any imperfections in their systems have subsequently been fixed.Note that this claim can be interpreted to apply only that those particular ballot problems — tailor-made plausible deniability. It does not claim to have fixed the security flaws found in two independent reviews earlier this year. In one review, researchers at Johns Hopkins and Rice universities found weaknesses that could easily allow someone to cast multiple votes for one candidate. (Report (pdf), press release) The other report, conducted for the State of Maryland, concluded that flaws exist but that they were unlikely to cause practical problems in real elections — but only if external safeguards are in place. (Report (pdf))
Also recall that Diebold is the only manufacturer of ATMs in the world whose machines have become infected with a worm.
FatWallet fights back — again
Last year it was Wal-Mart; this year it is Best Buy. Every holiday season, someone gets worked up over FatWallet, a company that aggregates information about retail sales on its web site. Working at its best, FatWallet publishes the information before the sale starts — the point being to help consumers plan their shopping. Retailers, however, jealously guard their sale information for fear that it could give their competitors an advantage — especially in the Thanksgiving-to-Christmas season, which accounts for the bulk of retail profits for the year. Every year, in this season of giving, major retailers serve FatWallet with legal demands to take down the information under the Digital Millennium Copyright Act (DMCA).
So far FatWallet has successfully fought back with § 512(f) of the DMCA, which prohibits abuse of the rest of the Act. Last year, FatWallet only sent letters to the bullying retailers, explaining that they were abusing the DMCA. Last week, FatWallet sued Best Buy under § 512(f), seeking money damages to cover the costs FatWallet incurred while responding to Best Buy's specious demand. See FatWallet's press release here and its complaint here (pdf).
Update: It was inexcusable neglect when I first posted this entry that I forgot to link to EFF's classic article, "Unsafe Harbors: Abusive DMCA Subpoenas and Takedown Demands."
Friday, 28 November 2003
P2P & anonymity
Four years ago I wrote my senior thesis at Yale, The Futures of e-Politics, in which I complimented several Congressmen and Senators for having done well to educate themselves on digital communications technologies in a relatively short time. Today I may recant that compliment.
I just got around to reading C|Net's coverage of a letter sent last week from several Senators to the executives of several P2P companies. The lawmakers asked the companies to regulate themselves — i.e., to censor their networks for pornography and copyrighted material. C|Net reports (Senators ask P2P companies to police themselves) a quote from Senator Lindsey Graham (R-N.C.) that I did not see reported elsewhere. In a "statement" accompanying the letter, he said (emphasis added):
Purveyors of peer-to-peer technology have a legal and moral obligation to conform to copyright laws, and end the pornographic trade over these networks. These programs expose our children to sexually explicit materials and provide an anonymous venue for child pornographers to hide behind the veil of technology.If we have learned anything from RIAA this year, it is that P2P activity is not anonymous. If you are going to make national policy, or at least pretend to, it is not unreasonable to ask that you pay attention.
Thursday, 27 November 2003
Worm infects Diebold ATMs
Diebold, the very same company being raked over hot coals for its authoritarian response to criticism, now has the ignoble honor of being the first ATM manufacturer to have its machines infected with a worm. (New Scientist: "Cash machines infected with worm")
The controversy over Diebold's electronic voting machines is no longer theoretical (if it ever was). This is a real-world, already-happened, no-excuses problem affecting a Diebold product very similar to its voting machines. How could this happen? Simple — Diebold's ATMs run Windows XP.
Diebold backs down
Diebold filed court papers on Monday, stating that it would not file copyright infringement suits against people who hosted and linked to the infamous cache of damaging documents. Kudos go to the Stanford Cyberlaw Clinic, which represented two Swarthmore students in their lawsuit against the voting machine manufacturer. Too bad Rule 11 does not apply to DMCA notice-and-takedown letters. You have my best wishes if you sue Diebold under anti-SLAPP laws and for intentional infliction of emotional distress.
Wednesday, 19 November 2003
Kucinich slaps Diebold
Congressman and presidential candidate Dennis Kucinich (D-OH) has come out decisively in favor of civil liberties. On his Voting Rights issue web page, he posts excerpts from and links to the memoranda that Diebold has tried so hard to erase from the public hivemind. Thanks to Donna at Copyfight for the heads up.
The Congressman writes:
Stopping False Copyright Claims
Earlier today, Doug Simpson of Unintended Consequences pointed out (Article: Congressman Posts Diebold Document Excerpts) that the Speech or Debate Clause of the U.S. Constitution (Art. I, § 6, cl. 1) may put Rep. Kucinich beyond Diebold's long reach if the company should choose to serve him with a DMCA notice-and-takedown letter. This clause immunizes members of Congress from "arrest" during any speech or debate in the course of their Congressional duties or while traveling thereto or therefrom. It further provides that members "shall not be questioned in any other place" "for any speech or debate in either House" of Congress.
Doug also brings up the similarity between this hypothetical case and Brown & Williamson Tobacco Company v. Williams, 62 F.3d 408 (D.C. Cir 1995), where a paralegal working for the law firm representing B&W (a tobacco company) leaked juicy documents to the press and to Congress. In this decision, the D.C. Circuit Court affirmed the District Court's quashing of the subpoena served on Rep. Waxman by B&W. Doug asks, "Can we expect Diebold to send Congressman Kucinich a cease and desist letter, with a takedown notice to the ISP hosting [his web site at] House.gov? I'd like to be a fly on the wall when those arrive."
Tuesday, 18 November 2003
Court hears Diebold arguments
Declan McCullagh reports on C|Net that the U.S. District Court in San Jose, California heard arguments in the case brought by students and the Electronic Frontier Foundation (EFF) against Diebold Election Systems. (Article: Students fight e-vote firm's DMCA claims)
As discussed here (1, 2) and elsewhere, Diebold manufactures electronic ("touch screen") voting machines. Students at Swarthmore launched what has since become a widespread electronic civil disobedience movement. Internal Diebold documents indicating mismanagement and a lack of security were publicly distributed, and protesters sought to bring them to the fore of public debate while Diebold sought to repress them, by sending threatening letters under the notice-and-takedown provision of the Digital Millenium Copyright Act (DMCA). There are also other political concerns, which Declan summarizes concisely:
Diebold gave at least $195,000 to the Republican party during a two-year period starting in 2000, and its chief executive, Walden W. O'Dell, once pledged to deliver Ohio's electoral votes for President George W. Bush. Earlier this month, California started an investigation into whether Diebold had improperly installed software into Alameda County's machines that had not been certified.
Up to this point, Diebold has been maintaining a stern face on the copyright front while hedging its bets behind the scenes by claiming that it could not tell whether any or all of the documents at issue had been altered. In court filings in the present case, however, it wrote, "Wholesale publication of unpublished, stolen materials, with no transformation or creativity and nothing other than a request that others download them in their entirety, is infringement, not fair use." This sounds to me like an admission that the documents are authentic. There goes Diebold's plausible deniability when it defends its products in the court of public opinion.
Thursday, 13 November 2003
Diebold & Democracy
The venerable Mary Hodder over at bIPlog gives us a terse summary of the goings on in California, with respect to Diebold Election Systems. (Article: Diebold Latest: The Effects of Student Spread Memos on CA Secretary of State) More importantly, I cannot overstate my support for her synopsis of the implications this affair holds for the future of American democracy.
Mary hit the nail on the head when she wrote:
[S]tudents at Swarthmore, followed by students at many other institutions…in spreading the Diebold memos around, have accomplished the goal of causing those with review power over Diebold systems to take another look at Diebold's work. … Even if the review doesn't cause the state to discontinue using Diebold systems or require severe changes (and I'm sure the pressure is enormous TO certify), the fact is the memos raise disturbing issues and the review is very necessary. If companies providing services of this sort feel that they can quash documents out on the Internet by using the DMCA, if Diebold succeeds on this point, we and our democracy will be the poorer for it.
The Diebold affair neatly illustrates two points. First, it shows the unconscionable overbreadth of the Digital Millenium Copyright Act (DMCA) — in this case, the "notice and takedown" provision. Second, it underscores the growing relevance of the blogosphere to national politics. The activists hosting the internal Diebold memoranda that triggered this affair deserve the lion's share of the credit for bringing this issue to light. Bloggers deserve the credit for keeping it there. While bloggers were giving the issue its due, the mainstream press was comparatively slow to report the acts of civil disobedience at Swarthmore and elsewhere. Bloggers can force the media to pay attention to important issues. We can force public officials to take notice. We can make a difference.
Tuesday, 4 November 2003
NYT summarizes Diebold brouhaha
Yesterday the New York Times (NYT) published an excellent overview of the situation that Diebold Election Systems has created for itself. (Article: File Sharing Pits Copyright Against Free Speech) (See my previous blog entries on Diebold: 1, 2, 3, 4.) The crux of the summary:
Diebold Election Systems, which makes voting machines, is waging legal war against grass-roots advocates, including dozens of college students, who are posting on the Internet copies of the company’s internal communications about its electronic voting machines.
Thursday, 30 October 2003
Laser printers, razor blades, and the DMCA
The much-blogged-on exemptions from the Digital Millennium Copyright Act (DMCA), issued by the Copyright Office earlier this week, contain an interesting passage beginning at page 172. (The report is 198 pages long.) Lexmark, the #2 printer manufacturer, brought a widely publicized lawsuit against Static Control Corporation (SCC) alleging, inter alia, violations of the DMCA. When SCC filed for an exemption under the copyright rulemaking procedures, the Register was backed into the unusual corner of commenting on pending litigation.
Razor & Blades Business Model
Laser printers use an "ink" called toner, which comes in cartridges that are inserted into the printer. A new printer is sold with a full cartridge, and a moderate level of printing will use up one cartridge's worth of toner in about six months. Once this occurs, the user has two options: buy a new or refurbished (refilled) cartridge. Printer manufacturers sell new cartridges with full warranties against defective parts and workmanship. Refurbished cartridges are refilled by either the manufacturer or a third party in an aftermarket, and they generally do not carry warranties. Refurbished cartridges have two major selling points — one theoretical and one practical. First, refurbishing is a form of recycling and is more environmentally-friendly. Second, refurbished cartridges are cheaper than new ones.
The laser printer industry has long used the razor-and-blades business model famously pioneered by King C. Gillette. Shaving razors are a classic consumable good because ordinary wear and tear render them useless after a short time. A week or so of shaving will render the blade too dull to shave effectively, so the consumer discards the old blade and buys a new one. Once upon a time, razor blades were manufactured with their handles attached, as a single piece. Since each purchase entailed buying the entire unit, purchasing a Brand X blade one week did not bind a customer to buying the same brand the next week. While there may have been differences in quality among the various blades, most consumers could not objectively detect those differences, so there was no brand loyalty, and price was the chief (and perhaps only) discriminator. Gillette's innovation changed all that.
Gillette realized that he could manufacture the handles separately from the blades and that blades alone would be cheaper to make than the blade-handle combination. At the same time, he could make his handles and blades in a special shape so that neither unit would "fit" another brand. Once a consumer bought a Gillette handle, he would be locked into buying Gillette blades because nobody would want to buy relatively cheap blades that would not fit into an already-owned and relatively expensive handle. Consumers benefitted because they paid less money for blades in the long run — because they were consuming less material, since they discarded only the blades. Gillette benfitted with a steady stream of blade sales, proportional to the number of handles previously sold. (In IT jargon, the number of handles was Gillette's "installed user base.") To induce consumers to buy into this system, Gillette sold his handles as cheaply as possible, often just breaking even or taking a loss. He could afford to do this because the markup on blades was quite high, yielding a high per-blade profit, so he would make up for any loss on the handle after just a few blades.
The laser printer industry uses the same basic business model. Lexmark and competitors like Hewlett-Packard (HP) sell printers at- or below-cost, in an attempt to make them seem as inexpensive as possible in the first instance. Each manufacturer's printers work only with its own toner cartridges, as each company seeks to guarantee that its customers have to buy its toner for the life of the printer. Toner sales drive these companies' profits. (See, e.g., third quarter profit reports released by Lexmark and HP earlier this month.)
With this razor-and-blades model foremost in mind, Lexmark designed its T-series printers so that certain features that would work only with new toner cartridges or those refurbished by Lexmark but would fail with cartridges refurbished by third parties. Third-party refurbishers, Lexmark believes, hijack its aftermarket revenue stream from toner sales that "subsidize" the cheap initial price of printers. For example, T-series printers display a message when the level of toner in the current cartridge falls below a certain level, to warn the user that he should buy a new cartridge. A microchip in the cartridge feeds this information to the printer, and this chip cannot read the toner level after the cartridge has been refilled. Lexmark can correct this when it recycles its own cartridges, putting a new chip in the old cartridge that can read the toner level. However, when another company puts new chips in old cartridges (or manufactures its own cartridges and microchips in the same shape, that will fit in Lexmark printers), Lexmark cries foul. This is exactly what SCC did and how Lexmark responded. Lexmark sued SCC, alleging patent infringement and copyright infringement under the DMCA.
The reader should understand one additional point, too. Lexmark introduced an additional step into the razor-and-blades model, selling two types of toner cartridges. The first type embodies the classic model described above. The second type, called "prebate" cartridges, are sold at a $50 discount — but only under a contract that obligates the purchaser to return the empty cartridge to Lexmark once the toner is gone. In addition to this contractual protection, Lexmark builds into prebate cartridges an additional, technological measure of protection. As the Register explains, prebate cartridges contain microchips that engage
in an authentication sequence, or 'secret handshake,' with the Printer Engine Program on the Lexmark T-series printers. This authentication sequence runs each time a toner cartridge is inserted into a Lexmark T-series printer, each time the printer is turned on, or whenever the printer is opened and closed. This authentication sequence must be successfully performed in order for the Toner Loading Program to exchange information with Printer Engine Program and to allow the printer to function. If, on the other hand, the authentication sequence does not successfully occur, the printer will not recognize the toner cartridge as authorized and access to the Printer Engine Program will be disabled. [pages 174–75]
SCC designed its own printer cartridges and microchips that mimicked the functionality of Lexmark's products. Of course, SCC did this without Lexmark's permission; Lexmark never would grant permission for a product would deprive it of its most important revenue stream. So Lexmark sued SCC for patent and copyright infringement, seeking damages (money, measured as the sales of toner that Lexmark lost due to SCC's actions) and an injunction (a court order for SCC to stop).
The Register's Report
Patent law is supposed to protect inventions, devices and other functional technology, whereas copyright law is supposed to protect creative works like writings and music. This is why Lexmark's decision to invoke copyright law to protect its printers is so discordant. In my opinion, Lexmark alleged just enough creative/expressive content in its chips to avoid Rule 11 sanctions, but the District Court obviously disagreed with me — and granted it a preliminary injunction. It is generally understood in the industry and in (at least) some courts that computer software is expressive for copyright and first-amendment purposes — notwithstanding that it has functional (non-expressive) characteristics. It is also generally-accepted that someone may copy another's computer program for the sole purpose of reverse engineering it, so long as the reverse-engineered code is original and no copyrighted code is used in the final product. This is what Lexmark alleged that SCC did when it claimed copyright infringement. The District Court agreed with Lexmark that this constitutes "circumvent[ion of] a technological measure that effectively controls access to a work protected under" copyright law — which the very first section of the DMCA renders illegal.
The Register of Copyrights, in her report, pointed to § 1201(f) of the statute, which Congress "intended 'to avoid hindering competition and innovation in the computer and software industry.' Congress did not intend the DMCA to change the effect of pre- DMCA case law that allowed legitimate software developers to continue engaging in certain activities for the purpose of achieving interoperability between computer programs." (page 178, quoting House Manager's Report at 14 and citing the landmark case, Sega Enterprises Ltd. v. Accolade, Ind., 977 F.2d 1510 (9th Cir. 1992)) This concern for interoperatbility covers "not only … individual use, but [extends to] enabling competitive choices in the marketplace." (Id.) This "statutory exemption," the Register wrote, "goes far beyond the limits of this rulemaking" proceeding. (Id. at 180)
While the report denies a specific exemption to SCC, it recognizes that the exemption in § 1201(f) is broad and that SCC's activity falls within it. This interpretation of the statutory language — on the public record, by an entity with great persuasive authority in the courts — is a boon for competition. Furthermore, it reflects the instinctive dichotomy between patent and copyright law, leaving patents to protect technology and keeping copyrights focused on expression. The Register's opinion does not bind the Sixth Circuit, where the Lexmark suit is now pending, but courts of appeal do take notice when a specialized regulatory agency publishes such a strongly-worded opinion on the public record — so while SCC nominally "lost" (the Register refused to grant it an exemption), it may have "won" in a broader sense that it did not anticipate.
Tuesday, 28 October 2003
Copyright Office issues DMCA exemptions
The U.S. Copyright Office today issued its report creating a new set of exemptions under the DMCA for the next three years. (Links: short version and long version) The Register granted two major exemptions and denied many others. Ernest Miller has a collection of blog links. Derek Slater has a good, short summary.
Sunday, 26 October 2003
Update: Indirect linking & the DMCA
Today, LawMeme asked essentially the same question I asked on Friday. I cannot link directly to the LawMeme article, in order to preserve the experiment I proposed on Friday (due to trackbacking effects). You can find it easily, however. The title is "How Direct is Too Direct When It Comes to Hyperlinks?," the author is James Grimmelmann, the publication date is 26 Oct 2003, and the category is copyright.
Friday, 24 October 2003
Indirect linking & the DMCA
Ed Felton asks an important question over at Freedom to Tinker. As first blogged by Ernest Miller, Swarthmore has begun suspending the Internet accounts of students who link to the Why War? web site, which maintains direct links to the infamous Diebold memos. (See my previous blog entries on Diebold: 1, 2, 3.) While Seth Finkelstein points out the potential dangers of linking under Rameirdes (the DeCSS case), Ed notes that Swarthmore has escalated the danger by punishing students who link indirectly to the Diebold memos. The college is shutting down web sites that link to a site that links to the memos. What, Ed asks, is the limit? His article links to Ernest's article, which links to Why War?, which links to the memos. How many intermediate links would Swarthmore require before its students may exercise their free speech rights?
Ed offers the opportunity to test the waters by linking to his page, which is two steps removed from the memos. I deliberatetly avoided linking this article to any page "closer" to the memos than Ed's blog, to increase the chain by one. Anyone at Swarthmore feeling lucky?
Thursday, 23 October 2003
Mark Fingerman posted a comment asking some good questions about my entry on the propriety of using copyright to quell criticism ("Diebold detractors defy DMCA desist demands"). I will try to answer them all here.
First, whether Bill Gates "should be allowed to profit from" software that he designs. Of course! The law should forbid people to profit from their labor only in rare circumstances — like murders for hire. Should Ford be allowed to sell cars at a profit? And Dole to sell pineapples? Surely, no one would argue that these companies are not permitted to build and grow physical products with their own factories and land, then place those items in the stream of commerce. The difference is that cars and pineapples are physical goods, which are rivalrous, meaning that only one person can consume them at any time (and, in the case of pineapples, only one person can eat a pineapple before it becomes useless to everyone else). Software is a nontangible good, which can be copied and used by two or more people at the same time — so if you copy my Office 2002 CD, my enjoyment of the software is not diminished. That is where copyright law comes in: the law erects an artificial barrier to some activities to imbue nontangible goods with some of the same qualities that allow producers to profit from tangible goods. (Note that "artificial" sometimes carries a negative connotation, but that is not what I intend here. I mean that a legal barrier does not exist in a "natural" world without laws.)
Second, on "intermediate" products of a copyrightable nature. Surely, Tom Clancy holds a copyright in chapter 1 before he finishes writing chapter 12. Copyright law protects the expression in any creative work beginning at the instant it is "fixed in a tangible medium of expression." Courts have interpreted the term "tangible medium of expression" broadly, as anything that can hold information in a stable form for a measurable period of time — e.g., paper, rock, clay, glass, wood, magnetic disks and RAM. Section 101 of the Copyright Act defines the moment of fixation:
A work is "fixed" in a tangible medium of expression when its embodiment in a copy or phonorecord, by or under the authority of the author, is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration.
The Copyright Act does not distinguish between "finished" and "unfinished" works, and the copyrights in intermediate stages of production can be analyzed separately from the copyright in a finished work. Normally we need not bother, because the copyright in the finished product is much more valuable and is the focus of disputes that arise.
Next, Mark takes exception to my claim that "The public enjoys the right to make 'fair use' of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression." He asks, "So the public has the right to break into your home, steal your private correspondence, and publish it 'especially for purposes such as criticism, satire, parody, scholarly analysis...?' Can I rob a bank for the purpose of holding them up to 'scholarly analysis?'"
The answer, of course, is no, because the actions you describe are crimes and torts. Diebold has clear legal remedies against the person who broke into its computer network. It can sue him for, among other claims, trespass, theft of trade secrets, and interference with business relations. It can also press criminal charges under the Computer Fraud & Abuse Act. Take note that Diebold has done none of these legitimate things. Instead, the company has taken aim at people who have, unquestionably, never committed a crime or tort against it. The harm that Diebold fears is not further loss of trade secrets (these "secrets" are already public knowledge so, by definition, they are no longer trade secrets). Rather, it is trying to use copyright law to stymie discussion its products after the public has learned of their flaws.
The Lanham Act, the foundation of American trademark law, explicitly allows us to reproduce trademarked words, phrases, and symbols for the purpose of discussing the products they represent. This limits the general rule that reproducing a trademark without permission is infringement, and it is necessary to avoid rendering the trademark regime unconstitutional under the First Amendment. If we can write Diebold's name but cannot discuss its products, then the limitation is meaningless. Forcing the public to discuss the voting machines' shortcomings without sufficient supporting facts is tantamount to the same thing. Yes, the person who "stole" Diebold's documents should be held responsible, if Diebold chooses to press the issue. The general public, however, should not be held responsible for one person's wrongdoing.
Finally, the questions "Is Diebolds product better than hanging chads? And did Diebold provide what the state requested?" I take it, you are referring to the Georgia election I discussed in a previous article. For all the reasons stated in that article: no, Diebold's products (in their current form and with current election laws) are not better than hanging chads. And no, it did not provide what the state requested. The state certified the machines prior to the election, according to its laws. Sometime thereafter, Diebold made changes to its software and did not disclose that changes had been made — let alone the content of those changes — to anyone. There has been no allegation that these particular changes compromised the election, but one can easily imagine a scenario where such changes would cause problems. If the government is not informed of the changes and has no opportunity to examine them, what is to stop Diebold or another manufacturer from changing every tenth Republican vote to a Democratic one?
I sympathize with Diebold's problems. Nobody likes criticism. It invested a lot of time and money in developing its touch-screen voting machines, and it wants to prevent that work from being wasted. But we live in a democracy that values the integrity of its elections and a capitalist economy that values the operation of market forces in an environment of as-nearly-perfect-as-possible information. Diebold could subvert the first and has subverted the second.
Wednesday, 22 October 2003
Diebold detractors defy DMCA desist demands
As I explained in a previous article (E-lection security in Georgia), the voting machine products and related services sold by Diebold Election Systems raise serious election-integrity concerns. After a hacker broke into Diebold's computer network and downloaded ("stole," in Diebold's words) several internal memoranda, he distributed those documents widely, including some copies to journalists and activists. The compromising documents confirm that the company has known of its voting machines' shortcomings for some time. Embarassed, Diebold played the great American trump card, the lawsuit.
Diebold has sent an unknown number of "cease and desist" letters to people who posted the documents on their web sites. The letters threaten that the company will sue under the Digital Millennium Copyright Act (DMCA) if the recipient does not promptly remove the offending memos from his web site. Diebold (correctly) insists that it owns a copyright in those documents and that they are being publicly displayed without permission. It then invokes the provision of the law which requires Internet Service Providers (ISPs) to remove material that infringes a copyright promptly upon being notified of its presence on its servers. Any webmaster who does not take down the memos, Diebold threatens, will soon stare down the barrel of a copyright infringement lawsuit.
How is this wrong? Let me count the ways.
Copyright law, including the DMCA, is intended to give authors and artists a chance to earn rewards for their creative work. It grants them the exclusive rights to copy, distribute, perform, and publicly display their literature and art. In the U.S., the rationale behind copyright goes like this: if an author has the legal right to prevent others from doing these things, he will hold a limited monopoly on his own work and will be able to derive income from it. In Europe (and especially in France), the rationale is different: authors and artists are naturally and morally attached to their work, and this attachment endows them with the right to control the distribution and use of their work. Diebold, on the other hand, has never had the intention of profiting from the writings at issue. In fact, these writings harm Diebold's profit interests because they expose flaws in its revenue-generating products. The company's desire to suppress public discussion of these documents is understandable, but its method of suppressing them bends copyright law past the breaking point.
Copyright law has always granted only a limited monopoly to authors. The public enjoys the right to make "fair use" of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression. These limitations on the copyright monopoly are deeply affected with First Amendment interests, and they are the Copyright Act's last line of defense against constitutional challenges. See, e.g., Eldred v. Ashcroft, 123 S.Ct. 769, 154 L.Ed.2d 683 (2003).
It is axiomatic in First Amendment jurisprudence that "political speech," broadly defined, is at the core of what the Amendment protects. Few, if any, topics are more fundamentally political than the process by which citizens in a democracy elect their government's officials. As states and counties update their voting machinery in the wake of the 2000 Presidential election debacle and the California recall lawsuit, most of them are adopting (or at least considering) "touch screen" machines like Diebold's. In perhaps ten to 15 years, all American elections will be conducted on such machines. Diebold, by choosing to manufacture and sell voting machines, has thrust itself into the the election process and made itself a focal point of public debate. Unfortunately, the company has asserted its copyrights for the sole purpose of stifling the public discussion that is so vital if our communities are going to adopt the best election machinery and conduct the fairest possible elections.
Civil libertarian organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) are fighting to protect the public's right to access, read and discuss documents that directly affect the right to vote. Without public discussion, our communities might buy inferior equipment, and future elections would be tained with, at best, inefficiency and, at worst, fraud and corruption. Two brave groups of students at Swarthmore College are engaged in an "electronic civil disobedience" campaign to thwart Diebold's machinations. The groups, Why War? and the Swarthmore Coalition for the Digital Commons (whose web site Diebold has, at least temporarily, succeeded in shutting down), have organized a network of students and others who are willing to host the Diebold documents for at least a short time. Why War? maintains a web page with links to the "current" location of the documents, and the location changes as soon as Diebold sends another cease and desist letter. Efforts like this give life to John Gilmore's prescient statement, "The Net treats censorship as damage and routes around it."
We should support efforts like Why War?'s not only because they bolster the long-term integrity of the American electoral system (their narrowest goal) but because they also enable the free exchange of ideas (their broadest goal). The First Amendment embodies some of the most fundamental rights and liberties that our society recognizes. Pinching them through copyright law can only hurt our society.
Monday, 13 October 2003
John Halderman cracked an encryption and DRM system called MediaMax CD3, a product of SunComm Technologies. Why? He is a PhD candiate in Princeton University's Department of Computer Science, writing his thesis in computer security. In classic academic style, Halderman published the resulting paper on the web. In classic cranky-three-year-old style, SunnComm threatened to sue Halderman on several grounds, including a claim under the Digital Millenium Copyright Act (DMCA). SunComm's CEO's quote in the first news cycle since this story broke was precious: "No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property." SunComm backed down from its lawsuit threat within 48 hours — after an enormous public outcry fueled by the blogosphere.
This episode is important for two reasons. First, it shows the excesses of the DMCA and underscores how ridiculously overbroad its language is (in addition to being bad policy). SunComm must have interpreted Halderman's paper as either a "device" intended to "circumvent a technological measure that effectively controls access to a [copyrighted] work" under DMCA § 1201(a) or as trafficking in such devices. No person who speaks ordinary English would ever confuse a research paper with a device. Besides, Halderman defeated the system merely by holding down his shift key, so how "effective" could it be? Effectiveness of the DRM system is, after all, an essential element of the DMCA claim. SunComm may have deserved the $10 million decline in its stock-price value the day after the blogosphere picked up this story.
Second, it shows the power of the blogosphere. The first Internet publisher to become a legitimate force in American politics was Matt Drudge when he broke the Monica Lewinsky story in 1997 — after the traditional press (namely, Newsweek) declined to print the story. The Internet's role in politics was considered routine barely five years later, when bloggers brought down Trent Lott — again, after the traditional news media dismissed an important story. The SunComm episode clearly shows that Internet publishers' influence has outgrown the first level of the political sphere, where rumor and innuendo are weapons in their own right. This time, bloggers slapped around a software company working for several major record labels — in two industries driven by bottom-line considerations. Blogging tools make Internet publishing easier than ever, and the number of bloggers is growing daily. Their voices are heard by one another — and now by the major media and corporate America. If we can continue to avoid demagoguery, this may be a good thing.