EFF Breaking News
Tech News World
Chris Rush Cohen
E.D. Tex. Weblog
Hacking the Law
Online Liability Blog
Promote The Progress
Tech Law Advisor
Tech & Marketing
Cocktail Party Physics
Freedom to Tinker
Lawyers Don't Get It
Tech Liberation Front
Numbers Guy, The
Dump & Chase
On Frozen Blog
Off Wing Opinion
View From The Cheap Seats
Regret the Error
TiVo/Gizmo Lovers Blog
Friday, 6 June 2008
The War on Photography
Bruce Schneier is a security expert, civil libertarian, and all-around interesting guy. I like his blog ("Schneier on Security"); he has a fresh, conversational writing style and isn't condescending to non-experts. His writings on "security theater" have brought him a lot of media attention since September 11. Lately, he's been writing a lot on what he calls The War on Photography.
This week brings two especially good posts. On Tuesday, he discussed a network news crew that was accosted by the security team at Union Station in Washington DC. The security guard instructed the crew to stop filming — interrupting an interview with an Amtrak spokesman who was explaining that the station has no policy against photography. Left hand, meet right hand. (Video here.)
On Thursday, he wrote a more general essay about the illogical ban on photography in public places. The whole post is worth reading. Here's a taste (links in the original):
Since 9/11, there has been an increasing war on photography. Photographers have been harrassed, questioned, detained, arrested or worse, and declared to be unwelcome. nbsp;We've been repeatedly told to watch out for photographers, especially suspicious ones. Clearly any terrorist is going to first photograph his target, so vigilance is required.
Saturday, 8 September 2007
The Chaser on Americans
This clip from The Chaser's War On Everything makes me want to laugh and cry at the same time. This is the group whose stunt exposed gaping holes and the automatonic mindset of APEC's security force in Australia. (Via Bruce Schneier)
Tuesday, 20 March 2007
PTO: P2P threatens national security
The U.S. Patent & Trademark Office apparently thought it wasn't in the headlines enough this month. On March 5, it issued a press release announcing a November 2006 report (1.22mb) which claims that P2P networks threaten national security. The logic is, at best, bad and, at worst, intentionally deceptive.
Information Week reports:
The report, which the patent office recently forwarded to the U.S. Department of Justice, states that peer-to-peer networks could manipulate sites so children violate copyright laws more frequently than adults. That could make children the target in most copyright lawsuits and, in turn, make those protecting their material appear antagonistic, according to the report.Conclusion: Software is to blame when record companies act without social responsibility. The article continues:
File-sharing software also could be to blame for government workers who expose sensitive data and jeopardize national security after downloading free music on the job, the report states.The basis for this last statement is apparently a bullet point on page 22 of the report, which quotes an unnamed and undocumented source within the Department of Homeland Security as stating: "There are documented incidents of P2P file sharing where Department of Defense (DoD) sensitive documents have been found on non-US computers with no protection against hostile intelligence services." No documentation (or even a footnote) is provided in this report, however. The PTO report does not even state who within DHS made this claim or in what context.
Email me if you're interested in the betting pool on whether this "fact" was made up by DHS or by the PTO.
Friday, 16 March 2007
Government Document Generator
Wednesday, 14 March 2007
MadTV spoofs Apple's iEverything. Funny!
Saturday, 24 February 2007
Bombs, Bombs Everywhere?
In New Mexico, a bomb squad blows up two CD players, duct-taped to the bottoms of church pews, that played pornographic messages during Mass. This is a pretty funny high school prank and I hope the kids that did it get suitably punished. But they're not terrorists. And I have a hard time believing that the police actually thought CD players were bombs.
Wednesday, 29 November 2006
Photo ID required to eat pancakes
QUINCY, Mass. — John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. "'You want my license? I'm going for pancakes, I'm not buying the Hope diamond,' and they refused to seat us," Russo said, recounting his experience this week at the Quincy IHOP.
Sunday, 12 November 2006
Depublishing the war continues
Here is a somewhat clever exercise in depublishing by President George W. Bush — more sophisticated than the last one I commented on, two years ago.
The White House published a subtly-doctored video of his May 1, 2003 speech on the deck of the USS Abraham Lincoln. His contemporaneous press release touted the end of combat operations. When it became clear that the combat was continuing, the White House altered its release to refer only to major combat operations (whatever that means). The video that now accompanies the release has been subtly altered to crop out the "Mission Accomplished" banner that was the President's backdrop. Paul -V- at Brainshrub.com has the explanation on video: link.
Sunday, 25 December 2005
Matthew Nisbet asks an important question over at his new blog, Framing Science. The post in question is "MISGUIDED BALANCE: The Question of the Day." His question and the articles he links to are highly recommended reading.
If Judge John E. Jones III, a conservative, a lifelong Republican activist, an assistant Scout Master, appointed by George W. Bush, close friends with Rick Santorum, and with aspirations to be Governor of Pennsylvania, can weigh the evidence for and against intelligent design and conclude that it is perhaps the most one-sided policy debate in history, a "slam dunk," why couldn't many political reporters do the same in their coverage leading up to the trial?
Sunday, 14 November 2004
Sorry Everybody (or not?)
There was much talk of the polarization of America this year; I thought this might subside after the election, but I was obviously wrong. At least now we are getting something funny out of this mess. The rise of apology and anti-apology web sites has been quite entertaining. I especially recommend the panda photo.
Thursday, 4 November 2004
This evening a chilling juxtaposition was brought to my attention. The national red/blue map from this week's Presidential election looks strikingly like this 1860 map of state & territory alignments prior to the Civil War. If ever we needed our President not to make a mockery of reaching out and inclusion, it is now.
Election 2004 Results
Source: USA Today
Free States and Slave States, before the Civil War
Source: Annenberg/CPB Learner.org
Saturday, 30 October 2004
Grand Canyon: A Questionless Inquiry
Last year, the National Park Service began distributing a book by Tom Vail, a veteran tour guide at Grand Canyon National Park and head of Canyon Ministries. The book, Grand Canyon: A Different View (available online at the Institute for Creation Research) argues that the eponymous gorge was formed quickly Diluvially, in the Noachian flood and not gradually, by millennia of erosion.
After a (relatively anemic) public outcry, President Bush promised that his administration would "review" the sale of the book at national park gift shops. According to Public Employees for Environmental Responsibility (PEER), the review was discarded the moment the public had turned its attention elsewhere. The book is still on sale at the park, where the administration has also reinstalled bronze plaques bearing bible verses at scenic overlooks (from which they had previously been removed, on the advice of Interior Department lawyers). PEER's press release has more details. PEER also claims to have compiled numerous other examples of what it has dubbed Bush's "faith-based parks" agenda.
Saturday, 9 October 2004
Political Science II
Anyone who reads DTM :<| knows what I think about President Bush's manipulation of science for political and religious ends (see, e.g., 1, 2, 3) and John Marburger's sale of his professional soul. (To be fair, there have been occassional, but unfortunately small, bright spots.) In this week's e-Skeptic, the editors of Skeptic Magazine have put together a summary of major events in this saga. See: "The Politicization Of Science in the Bush Administration: Science-As-Public Relations" and "'Political' Science."
Saturday, 28 August 2004
Die Wende in New York?
Jonah Langenbeck, the blogger behind Spastic Robot, posted an noteworthy article an hour ago: "A Wende for Our Times; NYC, the GOP and hundreds of thousands of techno-protestors."
The Bruce Sterling short story "Deep Eddy" is about the events surrounding a massive cataclysmic event called a Wende in Düsseldorf in the year 2035. Sterling's Wende is a massive confluence of various protests, electronic disturbances and random anarchic actions that combine to create an event so chaotic that it crashes every system in the urban infrastructure that it occurs within. It starts with small plans by numerous and varied groups of activists, artists, and other assorted troublemakers who then multiply into a heterogeneous body of critical mass. Sterling describes the Wende as, "rumor, boosted by electronic and digital media, in a feedback-loop with crowd dynamics and modern mass transportation. A non-linear networking phenomena". [ ]
(Links added) Via BoingBoing
Thursday, 26 August 2004
The International Olympic Committee claims that President Bush has violated its trademark rules by using Olympic trademarks in his campaign messages. I have not seen the accused TV ad, but a still image at the Minneapolis Star Tribune site clearly shows a caption visible during at least some of the commercial: "Approved by President Bush and paid for by Bush Cheney '04, Inc." Says the Tribune: "The TV ad doesn't feature the five Olympic rings -- one of the world's most recognizable images -- but an announcer tells viewers that at "this Olympics, there will be two more free nations," referring to the U.S.- led invasions of Afghanistan and Iraq."
The mainstream American press also reports that the Iraqi soccer team is furious at being made pawns. The LA Times (free reg.) headline: "Iraq Olympians Say Bush Is Not on Their Team." The team made its feelings public a few days ago in a Sports Illustrated interview. Since then, the world press has picked up this story, too. The reader comments at Al Jezeera are as interesting as the journalists' coverage.
This post would hardly be complete without an unauthorized link to the official Athens 2004 Olympics site. Oh...and a deep link to its asinine hyperlink policy, which I am trying to violate in as many ways as possible. I have not followed the press or blog coverage of this issue very closely, but I will make a brief comment anyway. Rule #1 in the policy is, "Use the term ATHENS 2004 only, and no other term as the text referent" (emphasis original). This rule seems specifically designed to avoid the type of Googlehacking that branded President Bush a "miserable failure."
Saturday, 14 August 2004
Empiricism and Public Policy
I have long been a critic of public policy of any ideological persuasion that ignores (or worse, misrepresents) empirical data. My friends will vouch that I have changed my views a handful of times sometimes quite radically when presented with solid evidence that I was wrong. Unfortunately, criticism on these grounds directed at anyone currently in power is too easily portrayed as partisan screeding. Just look at the Bush apologists' response to the ever-growing cadre of critics. I admit, however, looking back at some of my own comments in recent months (e.g., 1, 2, 3, 4, 5, 6) that I have focused perhaps too much on President Bush, because he is a convenient target. (Never mind that he has painted that target on himself a dozen times over.)
I have been a Robert Cringely fan for nearly as long. Two days ago he published a column ("Fred Nold's Legacy") that really struck a cord. The best part is, he based it on an episode from 22 ago that continues to haunt us today, in ways we scarcely understand.
Cringely tells the story of the Department of Justice's commissioning of a study on the U.S. Sentencing Guidelines by two Hoover Institution economists, Michael Block and Fred Nold. When the DoJ realized their report would criticize the Guidelines instead of rubberstamping them, it pulled the plug and implemented revisions that went against the weight of the evidence.
It is one thing to make what turns out to have been a mistake and another thing altogether to make what you have reason to believe will be a mistake. Why would the DoJ, having good reason to believe that the new sentencing guidelines would create the very prison explosion we've seen in the last 20 years, go ahead with the new guidelines? My view is that they went ahead because they were more interested in punishment than deterrence. They went ahead because they didn't perceive those in prison as being constituents. They went ahead because it enabled the building of larger organizations with more power. They went ahead because the idea of a society with less crime is itself a threat to the prestige of those in law enforcement.
Tuesday, 10 August 2004
CBO releases report: "Copyright Issues in Digital Media"
I have not had time to read the whole thing yet. Having only skimmed the summary and the first few sections, it seems that it could provide a good starting point for debates over new legislation. It is not as heavily laden with economic or legal terms as other analyses have been.
Oh, yeah...and I like the frame it created for the debate. From the summary:
Thursday, 29 July 2004
VoIP regulation debate brewing
The debate over VoIP regulation has been brewing for several years, and it can be a confusing cacophony for anyone tuning in late. The New York Times was kind enough to run a feature article by Stephen Labaton and Matt Richtel on the subject this week ("Battle Brews Over Rules for Phones on Internet"). The article does a nice job of summarizing the points raised by Uncle Fed, the States, the relatively young "pure VoIP" companies, and the established telecommunications behemoths.
Wednesday, 28 July 2004
Arlo uppercuts Jib Jab
The latest Flash cartoon floating around is a hilarious parody of the U.S. Presidential campaign. The animated creation of Jib Jab stars President Bush and John Kerry, dancing to the tune of Arlo Guthrie's classic "This Land Is Your Land" and calling each other names like "right-wing nutjob" and "liberal sissy."
Despite the dangers (see: Idiot's guide to combatting satire), the company that owns the rights to Arlo's song has sicced its lawyers on Jib Jab. (See this CNN report.) President Bush learned first-hand in the last election that nearly any attempt to suppress Internet-based satire will fail spectacularly. Even if you have forgotten the incident, you probably remember Bush's (in)famous quote: "There ought to be limits to freedom."
CORRECTION (28 Aug.): Two days after posting this, I realized that Woody Guthrie not his son, Arlo wrote "This Land Is Your Land." I meant to post a correction but, unfortunately, managed to leave it in "save as draft" limbo. Yesterday, a concerned neighbor of Arlo's emailed me to set me straight on the facts. She also said that Arlo was unhappy with the record company's actions and that he thought his father would be, too. Then she pointed me to this link. I appreciate it when people constructively (and politely!) point out my mistakes.
Will Florida be the next Florida?
The New York Times reports on one Florida county's inability to keep proper election records after installing expensive new evoting machines. The money quote: "This shows that unless we do something now or it may very well be too late Florida is headed toward being the next Florida."
The records disappeared after two computer system crashes last year, county elections officials said, leaving no audit trail for the 2002 gubernatorial primary. A citizens group uncovered the loss this month after requesting all audit data from that election.
Saturday, 10 July 2004
How often does a soundbite elegantly summarize a complex problem? Rarely. But Dr. Kurt Gottfried, an emeritus professor of physics at Cornell University, did just that in a recent interview (as reported in the New York Times).
Speaking of President Bush's manhandling of the scientific method, Dr. Gottfried said, "You can destroy that in a matter of years and then it can take another generation or two to get back to where you were in the first place."
Monday, 14 June 2004
Supreme Court dismisses Newdow's action on standing grounds
Time for me to live up to a promise made last October: "If the Supreme Court decides [Newdow v. Elk Grove Unified School District] on Article III (standing) grounds, I will be the first person to leap to its defense." I now leap to its defense.
Monday, 17 May 2004
Hasta la vista, bobble
The governor's goon squad (his film company, actually) filed suit today against Ohio Discount Merchandise, the company that created the collectible Arnold Schwarzenegger bobbing head doll. I have little time to write about this tonight, but I will predict right now that this will be this decade's landmark publicity/free speech case. I just hope Judge Kozinski has a chance to stretch before he goes to the mat.
As a bodybuilder and movie star (i.e., a member of the private sector), Arnold had a strong claim that his persona and likeness were worth millions and protectible. As a governor, however, the First Amendment demands that he relinquish most of the control he used to enjoy. The doll at issue is obviously a parody, and it is part of a series that depicts public figures from Tom Daschle to Abraham Lincoln to Al Capone to Jesus. This lies somewhere between a Three Stooges T-shirt and Vanna White, circa 2012.
Sunday, 16 May 2004
Stem Cell Halfspeak
The Bush administration has started an interesting tango on the issue of therapeutic stem cell research. Since announcing his initial policy decision on 9 August 2001, Bush has clung to the false premise that already-existing stem cell lines are sufficiently numerous to support appropriate levels of scientific research. Until now.
Yesterday, Reuters reported that Dr. Elias Zerhouni, Director of the National Institutes of Health (NIH) penned a letter to members of Congress, responding to a letter signed by 206 Congressmen last month. (Links: letter, news coverage) According to Reuters, Zerhouni wrote that "the president's position is still predicated on his belief that taxpayer funds should not 'sanction or encourage further destruction of human embryos that have at least the potential for life.'" However, Zerhouni admitted that "it is fair to say that from a purely scientific perspective more cell lines may well speed some areas of human embryonic stem cell research."
The New York Times reports today that proponents of loosening the Bush policy are saying that this does not portend a policy shift but that it does indicate Bush's willingness to begin discussing the issue again. I am not so sure of Zerhouni's message. If they are right, this development may be the ticket for John Marburger to save his soul (to borrow from Bush's moralistic rhetoric).
I think this letter represents a shift in the articulation of Bush's position, but I do not see where it says anything about openness to change. It is refreshing, however, to see Bush move away from scientific doublespeak — even if it is to equally incomprehensible halfspeak.
Wednesday, 5 May 2004
Would-be Marburger critic
I am just getting back into blogging after taking a few weeks off. I set aside two hours this evening to write a long post on John Marburger's testament to dogma, only to find that someone had already made my argument for me. I speak, of course, of Marburger's now-infamous "rebuttal" to the increasingly-frequent charge that President Bush has beaten science to a bloody pulp. Specifically, he purported to respond to a report released by the Union of Concerned Scientists.
Chris Mooney did such a good job stealing my thunder in his April "Doubt and About" column over at CSICOP that I cannot do the same to him. And since I now have a free hour and fifty minutes, I think I'll go watch TV.
Monday, 15 March 2004
FBI proposes expansive broadband "wiretap" rules
Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).
Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.
I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.
Friday, 12 March 2004
Blundering through security
It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)
Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.
Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):
Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.
Thursday, 11 March 2004
Satan, meet Lucifer. Lucifer, Satan.
"Yes, Microsoft did introduce BayStar to SCO." So admits a representative of BayStar. The tech world was abuzz for a week after a leaked memo linked the two Linux enemies. After SCO denied the then-rumor, BayStar now apparently admits the link.
Wednesday, 25 February 2004
IP practitioners and the public interest
This past month my first as an IP attorney has uncovered many wonderful things for me. The most wonderful has been the attitude of several attorneys that it has been my pleasure to work with. Although none of them have ever (to my knowledge) been an activist or "copyfighter," they seem genuinely concerned for the public interest in the area of IP law.
Like all good patent litigators, they avidly watch the Federal Circuit for interesting decisions. However, these folks occassionally cheer when the court limits the scope of patent law in ways that limit the rights of patent holders and expand the public domain. They cheer notwithstanding that such decisions may ultimately mean less money in their own pockets. When I described the size of statutory damges authorized by the Copyright Act, one partner refused to believe me until I showed him a copy of § 504. Even then, his reaction was, "Hmmm...what did Disney pay to get that?"
There are many good reasons why I chose to join this firm.
Tuesday, 13 January 2004
Lessig on ePolitics
Lawrence Lessig blogged this morning on MoveOn's announcement of the winners of its "Bush in 30 Seconds" contest. He took the opportunity to comment on the "big picture" of participation in politics via electronic media. It was nice to see that he basically agrees with the thesis I put out there in my college thesis paper, "The Futures of ePolitics: Assessing Predictions of Political Discourse on the Internet."
Sunday, 28 December 2003
The New York Times points out, rather amusingly, that most members of Congress were engaged in sending a massive wave of unsolicited email to their constituents this weekend — barely ten days after unanimously approving the CAN-SPAM Act. Article: "We Hate Spam, Congress Says (Except Ours)."
"They are regulating commercial spam, and at the same time they are using the franking privilege to send unsolicited bulk communications which aren't commercial," David Sorkin, a professor at the John Marshall Law School in Chicago, said. "When we are talking about constituents who haven't opted in, it's spam."
Wednesday, 24 December 2003
Even before [Norway's prosecution of DVD-Jon] was filed, however, entertainment industry lobbyists had been pressing lawmakers in that country and elsewhere to enact tougher copyright laws, modeled on controversial U.S. legislation that makes it easier for authorities to win prison terms for people who crack encryption schemes or distribute cracking tools. If enacted, proposed legislation in Europe, Canada, Australia and Central and South America would soon hand entertainment companies similar weapons against people caught tinkering with anticopying software.Via Furdlog.
Tuesday, 23 December 2003
Napster Runs for President in '04
Frank Rich wrote a fascinating and entertaining editorial for the New York Times a few days ago ("Napster Runs for President in '04"). Between his attempts to be vogue by dissing the mainstream candidates and media for not "getting" the Howard Dean campaign's various uses of the Internet, Rich makes a few novel points. Among them, that we should view Dean more like FDR and JFK than George McGovern and Barry Goldwater. His conclusion:
Should Dr. Dean actually end up running against President Bush next year, an utterly asymmetrical battle will be joined. The Bush-Cheney machine is a centralized hierarchy reflecting its pre-digital C.E.O. ethos (and the political training of Karl Rove); it is accustomed to broadcasting to voters from on high rather than drawing most of its grass-roots power from what bubbles up from insurgents below.Thanks to Mary Hodder of Napsterization for the heads up.
Saturday, 20 December 2003
DC Circuit stumps RIAA
By now the world has heard of the D.C. Circuit decision in RIAA v. Verizon. Previously, the D.C. District Court ruled that Verizon must comply with RIAA's subpoenas, issued under § 512 of the Digital Millennium Copyright Act (DMCA). Those subpoenas are designed to force ISPs to disclose the identities of users whom RIAA suspects of illegally making copyrighted music available for others to download. RIAA can trace users by itself as far as their IP addresses (the sets of numbers that uniquely identifies every computer on the Internet), but it needs the cooperation of ISPs to connect an IP address with an individual's name and address. Once it has that information, it can send a cease & desist letter or file a lawsuit.
Yesterday's Circuit decision reverses the District Court's interpretation of the statute. The appeals court gave the statute an extremely close reading in rendering its decision. The relevant section has a complex sentence structure and many cross references, so it is no wonder that the parties (and two different courts) disagreed as to its meaning. Derek Slater makes a few interesting points, including: "I find it fascinating when opinions contrast in this way — when they see the same issue clearly, unambiguously, but oppositely. [District] Judge Bates, just like [Circuit Judge] Ginsburg, claims to stick to the statute's text and go no further, yet their opinions are night and day."
The decision is a victory for privacy, but not a victory for privacy as such. The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. […] The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.
The Circuit panel adopted most of Verizon's statutory argument — that § 512(h) authorizes subpoenas only in cases where the plaintiff alleges that the infringing material is stored on media controlled by the ISP. However, when the ISP is a mere conduit for data stored on media controlled by a third party (the ISP's subscriber, in this case), § 512(h) does not permit subpoenas outside of the context of a lawsuit.
This line of reasoning rests on the cross references between § 512(h) and § 512(c). Subsection (h) permits a copyright owner to apply to the Clerk of the court for a subpoena so long as the application contains "a copy of a notification [of claimed copyright infringement, as] described in [§ 512](c)(3)(A)." The relevant language in § 512(c)(3)(A) is: "To be effective under this subsection, a notification of claimed infringement must be a written communication … that includes substantially the following" six elements. The third enumerated element is "(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material." (Emphasis added)
The court agreed with Verizon that this language requires the subpoena application to assert that the ISP has the ability to remove or disable access to the allegedly infringing material. However, most current P2P applications use a decentralized architecture. This means that all shared data is stored on users' computers, not on any central server — except for temporary copies incidental to transmission, which the DMCA permits. Therefore, the ISP has no legal right to remove or disable access to the material shared on the P2P network:
No matter what information the copyright owner may provide [in its subpoena application], the ISP can neither "remove" nor "disable access to" the infringing material because that material is not stored on the ISP's servers. Verizon can not remove or disable one user's access to infringing material resident on another user's computer because Verizon does not control the content on its subscribers' computers.
This holding does have some privacy implications, but they are small compared to Verizon's alternative argument. Having decided this case on statutory grounds, the court ducked the larger First Amendment questions.
So what implications does it have? Dozens of people predict that RIAA will lobby Congress to close what it surely sees as a loophole in the DMCA. Ernest quipped, "[T]he RIAA has nearly hosed itself." The trade group has been trying to consolidate all its DMCA subpoena litigation in Washington, D.C. for administrative convenience. Now, however, it cannot be happy with its "success" in transferring the SBC case to the D.C. District from the Northern District of California in San Francisco — because the Verizon decision is now binding precedent in the nation's capital. This will not stop RIAA from getting users' information, however. It will only make the process slower and more expensive. Instead of paying its lawyers simply to draft subpoena applications, it now has to pay them to draft and file complaints and motions in addition to subpoena applications. These costs will be passed on to consumers in the form of higher average settlements.
John Palfrey sees a broader trend: "Add this development to the Grokster opinion, and the trend of the law in favor of digital rights holders is at least in a holding pattern." The trend may be even broader than Palfrey recognizes — this was a banner week for civil liberties everywhere. (It could, however, be just a blip on the post-9/11 radar screen.) The Dutch supreme court ruled that the makers of Kazaa are not liable under Dutch law for copyright infringement committed by the software's users. A day earlier, the Second Circuit ruled that the U.S. government may not classify Jose Padilla as an enemy combatant — which should assure that his constitutional rights are no longer suspended. Just a few hours later, the Ninth Circuit wrote "that the [Bush] administration's policy of imprisoning about 660 non-citizens on a naval base in Guantanamo Bay, Cuba, without access to U.S. legal protections 'raises the gravest concerns under both American and international law'" (source).
If nothing else, we live in interesting times.
Park on NMD
Missile Defense: Deployment is Still Scheduled for Late 2004
Wednesday, 17 December 2003
CAN-SPAM coauthors respond to criticism
The two coauthors of the CAN-SPAM Act, U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns (R-Mont.), published an essay yesterday in response to criticism of their bill. They state in no uncertain terms what I have been saying all along — that CAN-SPAM is not a silver bullet but that it is a good first step. The money line: "Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work." (Thanks to GrepLaw for the heads up.)
Also, I did not mention yesterday that President Bush signed the Act.
Tough day for John Ashcroft
For most people, getting caught for two unrelated crimes on the same day would be disconcerting. Yet that is what happened to U.S. Attorney General John Ashcroft yesterday. First, the Washington Post reports that Federal Election Commission (FEC) has fined Ashcroft's PACs for accepting illegal campaign contributions during his failed 2000 Senate race. Second, the Post reports that U.S. District Judge Gerald Rosen publicly rebuked Ashcroft for twice violating gag orders in the first criminal trials related to the 9/11 attacks — but stopped short of holding him in criminal contempt.
Sunday, 14 December 2003
Nightmare on Portability Street
Mary over at bIPlog relates the horrifying tale of her experience trying to port her cell phone number from AT&T Wireless to Cingular ("My Nightmare With AT&T Wireless"). A summary could never do it justice, so suffice it to say that AT&T made numerous gross factual errors and flagrantly broke the law in repeated attempts to prevent her from leaving. Still, this episode highlights less about AT&T than it does about the harm that consumers can suffer at the hands of hucksters even when the hucksters know what they are doing is illegal because the consumer has pointed it out. I suppose Mary could sue AT&T to force the release of its high-tech hostage, but who has the time and money for litigation over a phone number?
My law school roommate and I had a similar experience when we tried to buy DSL service in Boston. Despite being Verizon dialtone customers, we tried to hire a company called eConnects (a reseller of Verizon DSL connectivity) for Internet service. At the time, Verizon was required to permit access to its "last mile" network for others to offer competitively-priced residential DSL service. For months, eConnects tried to get us online, but Verizon dragged its feet when it came time to change certain physical settings on our line which it claimed could only be done inside our apartment. Verizon repeatedly failed to show up for appointments or showed up on the wrong day or at the wrong time, and it refused to schedule any appointment within two weeks of any call we made to their customer service department. Finally, we caved in and bought DSL service from Verizon at a higher monthly price than eConnects had offered us. Magically, Verizon had an appointment slot available four days later, and we were online ten minutes after that.
Saturday, 13 December 2003
I would like to comment briefly on one post in ATAC's weblog, "Face Recognition and False Positives." This post raises the point of "a classic security mistake: ignoring the false positive problem." I addressed this issue in "Static Measurements & Moving Targets," my law-school thesis paper on biometrics and privacy in the context of consumer banking. In that paper, I looked at the problem from a perspective opposite Ed's. He describes facial recognition in an identification application, where its goals are substantially different from what its goals would be in an authentication application.
The designer of an application that flags passers-by as registered sex offenders has an incentive to overinclude suspects for security reasons — that is, to err on the side of false positives. The designer of an ATM authentication application, on the other hand, has the opposite incentive — to err on the side of false negatives, to prevent fraud. The point is that false positives are not solely a privacy issue: they also represent a security risk, depending on the context.
That said, I do agree with Ed's basic point, as I wrote back in October ("Terrified of Terror Profiling?"). I supported the point there with links to articles by computer security expert Bruce Schneier and mathematician John Allen Paulos.
Cringely, part 2
Robert Cringely has released part 2 of his column on e-voting. His analysis of e-voting problems from an IT project management perspective is refreshing; it is a perspective that has been sorely lacking in the debate thus far. Links: part 1 and part 2.
Thursday, 11 December 2003
Nevada demands e-vote paper trail; Gamblers reject Diebold's voting machines
Nevada Secretary of State Dean Heller announced yesterday that his state was the first in the country to demand that e-voting machines produce voter-verifiable paper receipts. The state's Gaming Control Board gave Diebold's products a harsh denunciation, writing that they "represented a legitimate threat to the integrity of the election process." After rejecting Diebold equipment, Heller settled on a system from Sequoia Voting Systems. "A paper trail is an intrinsic component of voter confidence," Heller said. Printers make e-voting systems cost more, he acknowledged, but "money takes a back seat to accuracy, security and voter confidence."
Wednesday, 10 December 2003
Update: More on the Election Technology Council
Earlier today I mentioned the new trade group formed by the major electronic voting machine manufacturers when I had read only one media article about it. There is much more "out there" now. C|Net News has better coverage than the Washington Post article I linked to before. Additionally, the new Election Technology Council (under the umbrella of the Information Technology Association of America) has released a press kit with much more information.
eWeek Editorial Board denounces DMCA abuse
The Editorial Board of eWeek Magazine published an editorial this week ("Copyright and Fair Use"), denouncing the rampant abuse of the Digital Millennium Copyright Act (DMCA). Civil libertarians have not been surprised by DMCA abuse, but eWeek's board apparently was. However, they make up for it with definitive language: "Repeated abuse of a statute is a sign that the law itself is defective." Their prime examples? The Skylink/Chamberlain and SCC/Lexmark cases.
E-voting companies collude to counter bad press
The recent wave of criticism — and especially its press coverage — has prompted several major e-voting machine manufacturers to work together to counter the negative publicity. The Washington Post has the story: "Voting-Machine Makers To Fight Security Criticism."
Something about this (although I am sure exactly what) compels me to mention PR Watch.
Tuesday, 9 December 2003
Robert Cringely on the e-vote paper trail
Robert Cringely, the venerable PBS columnist, wrote an interesting column on the lack of a paper trail in e-voting machines ("No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable").
Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self- service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines — every one — creates a paper trail and can be audited. ould Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.Thanks go to LawGeek for the heads up.
CNet summarizes e-voting developments
Congress approves CAN-SPAM
Monday, 8 December 2003
Lessig highlights Bush's depublishing — but misses the real story
Here is a new entry for the annals of "depublishing" — the practice of removing or altering electronic articles after publication. (For background, see Greg Ritter's now-classic blog post on Dave Winer's depublishing in Scripting News, "The Ethics of De-Publishing.") This time, depublishing has lived up to its Orwellian promise, as political activists and the media have swallowed the altered version of history.
On May 1, 2003, the Whitehouse's Office of the Press Secretary released this press release, announcing "President Bush Announces Combat Operations in Iraq Have Ended." But then, with airbrush magic, now the same press release has been changed to this, which reports "President Bush Announces Major Combat Operations in Iraq Have Ended." No update on the page, no indication of when the change occurred, indeed, no indication that any change occurred at all. Instead, there is robots.txt file disallowing all sorts of activities that might verify the government. (Why does any government agency believe it has the power to post a robots.txt file?)The rub, of course, is in the word major. The original press release implies that combat operations are, well, ended. The silently doctored version makes the President seem better acquainted with the situation and prescient. The motives behind this are as old as politics itself, so the only thing that would seem to be new is the technology. However, something deeper is going on here.
The mainstream press, and even some Bush bashers, have swallowed the altered version of history. A Google News search for "major combat operations" & Iraq yields over 1,100 hits. Keep in mind that Google News indexes only mainstream sources, that its index only lasts a week or two, and that a comprehensive Lexis-Nexis search would probably yield tens or hundreds of thousands of hits. Here is a sampling of the first few Google hits. Note how each one treats the depublished ("afterpublished," really) word major as an historical fact:
Mexico threatens 3 with treason charges for data sale
The government of Mexico is threatening to charge three of its citizens with treason. They are executives of a company called Soluciones Mercadologicas en Bases de Datos, which sold a database private information on 65 million Mexican voters to ChoicePoint, an Atlanta-based database company. ChoicePoint bought the data at the behest of the U.S. government shortly after 11 Sept. 2001 to help bolster Uncle Sam's investigation of terrorism.
The database contained such private information as the number of cars owned in households and unlisted phone numbers. If nothing else, this episode highlights the incumbent dangers when a government any government collects massive amounts of data on its citizens without a compelling and clearly articulated purpose. What, for example, does voter registration have to do with the number of cars one owns?
The Macon Telegraph has the story: "Mexican company officials may face treason charges."
Sunday, 7 December 2003
Ohio moves to block e-voting
The State of Ohio moved to block deployment of e-voting machines last week. The move follows the release of a report [pdf] commissioned by the Secretary of State that revealed serious security flaws. Wired News reports ("Ohio Halts E-Voting Machines") that "some of Ohio's 88 counties still will be using punch-card systems for the 2004 election." Unfortunately, there seems to be no viable alternative.
Borland on P2P
John Borland of C|Net wrote an interesting column last Thursday, asking whether RIAA's lawsuits against P2P users were having the desired deterrant effect ("RIAA lawsuits yield mixed results"). "At the core of the RIAA's strategy has been the attempt to persuade as many people as possible to stop trading copyrighted files online. This appears to be working in at least some groups, but the evidence is mixed at best." That same day, he also wrote a good summary of the compulsory licensing discussion in Canada: "Should ISP subscribers pay for P2P?"
Thursday, 4 December 2003
Johns Hopkins still bars publication of Diebold memos
Derek Slater reports the tribulations of Asheesh Laroia, a student at Johns Hopkins University. Despite never having received a cease & desist letter, JHU cut off access to the memoranda. Even after Laroia informed JHU that Diebold had retreated (1, 2), the university persisted, writing that it "cannot allow its resources to be used in violation of copyright law, whether or not the holder of the copyright (in this case Diebold) plans to prosecute."
All I can say is I am glad I am not a student there.
Mechanics of the CAN-SPAM registry
There have been many questions about how a do-not-spam registry should be implemented. This proposal suggests a regime for funding for the registry and the highest level logical operation of its database. My plan would allow consumers to choose (through market forces) an opt-in system while still adhering to the overall opt-out structure of the CAN-SPAM Act. For that reason, I believe it solves some of the nagging First Amendment problems that come with a government-madated opt-in system.
If you have not already seen my summary of the CAN-SPAM Act, I suggest you check it out before reading this.
The registry should not necessarily be funded by taxes, because that would require people without email accounts to share the burden a system that carries no direct benefit for them. ISPs stand to benefit the most (in financial terms, at least), because a successful registry will reduce their bandwidth and other costs substantially. I would hesitate to levy mandatory fees on ISPs because they would look too much like the fees imposed on bell companies to fund rural telephone lines and the 911 system. I would prefer to leave ISPs as unregulated as possible while still having them share in the cost of the registry. I would not be averse to paying a few dollars to get myself into the registry, but ISPs should not have a free ride while consumers fund the entire thing.
My proposal is to make ISPs intermediaries between the FTC, which would manage the registry, and consumers, who will have ultimate control over the status of their addresses.
First, charge ISPs a monthly fee for having their domains listed in the registry. This fee would be assessed according to the number of email addresses at each domain, and those addresses would be automatically opted out of receiving spam. If a user wants to change that status, he would ask his ISP, which would relay the request to the FTC. An ISP would be charged a small transaction fee for each username it changes from its default status, as an incentive to "guess" what most customers will prefer. Individuals whose ISPs do not list their domains in the registry would have the option of opting out individually, paying the same transaction fee directly to the FTC. This option would be available to anyone in the U.S. with an email address, even those who maintain email addresses at their own personal domains and do not use an email address provided by an ISP.
To keep the size of the database's output manageable, it would need to spit out three separate lists. The first list would contain all the domains listed in the registry. The second list would contain all the individual email addresses that have requested opt-out status. Any email address covered by these two lists would be off-limits to spam. The final list would contain the addresses of ISP customers who have decided to switch away from their ISPs' default opt-out status. Addresses on list #3 are fair game for spam.
My plan would require some taxpayer funding for startup costs, although these could be recouped over the first few years by charging slightly higher fees during that time. After that, the monthly fees for listing domains and the per-user transaction fees would cover operational costs. ISPs will inevitably pass some of those costs on to consumers. However, there is harsh competition among ISPs, so the market would quickly allocate those costs efficiently. I believe this is more equitable than a program funded wholly by taxes. The recently-implemented do-not-call registry is funded by taxes because telephone penetration is nearly 100% in this country. However, many fewer people have email accounts than telephones, so full funding by tax dollars seems unfair to me.
The system is national in scope, so it will be large enough that the fees per domain and and per user can be small. Only a few indigent people and organizations could legitimately complain about the cost, and these might be exempted from paying fees. To start, the exemptions might be granted to educational institutions, 501(c)(3) organizations, and individuals below the poverty line. I have little experience in this area of social policy, so I would leave it to others to work out those details.
This structure would allow the market to demonstrate once and for all whether the public really favors an opt-in or an opt-out system. Many people have speculated on this question, but the truth is that nobody knows for sure. We may see a surge of subscriber defections away from ISPs that choose to be listed, or we may see a surge of individuals listing their own addresses. The point is that consumers, not the government and not spammers, would finally have direct control over the marketing they receive.
Wednesday, 3 December 2003
Clarifying my position on opt-out
Some feisty discussion has broken out in the comments section of my blog post where I summarized and explained some features of the CAN-SPAM Act. I have been accused of favoring an opt-out system over opt-in. This is probably my fault for overstating my position as a reaction to most people's knee-jerk favoring of opt-in.
I do not favor opt-out in all its manifestations — I just think that most people decide to favor opt-in without considering the issues thoroughly. There are serious free-speech problems with the government mandating a regime that forbids a certain type of speech to be distributed in a certain channel. Those problems are reduced (although not entirely eliminated) by an opt-out regime that provides consumers with an en mass opt-out mechanism like a do-not-spam registry. The problems are further reduced the more fine-tuned the en mass mechanism becomes. The present FTC/FCC do-not-call registry is a blunt instrument, requiring consumers to choose all or nothing.
Someone may yet convince me that opt-in is the way to go; but, until that happens, I choose to err on the side of free expression.
Australian spam law
Oz is about to get its own national spam law, and I am curious to know how it differs from the American CAN-SPAM bill, which I have written a lot about in recent days. If anyone can find the text of the Australian bill online, please let me know.
Monday, 1 December 2003
Crimson confirms Diebold will not sue students
Zachary Seward reports in the Harvard Crimson that a Diebold spokesman confirmed that the company will not sue students who posted internal company memoranda on the Internet ("Diebold Won't Sue Students"). Thanks go to John Palfrey for the heads up. The article has one interesting point that bears mentioning here:
In one memorandum from April 23, 1999, [a Diebold] employee acknowledges a flaw in one of the company's electronic ballots. "I don't expect you will see a fix in time for the election," the employee writes, "since it is tomorrow." Diebold will not comment on the memoranda but has said that any imperfections in their systems have subsequently been fixed.Note that this claim can be interpreted to apply only that those particular ballot problems tailor-made plausible deniability. It does not claim to have fixed the security flaws found in two independent reviews earlier this year. In one review, researchers at Johns Hopkins and Rice universities found weaknesses that could easily allow someone to cast multiple votes for one candidate. (Report (pdf), press release) The other report, conducted for the State of Maryland, concluded that flaws exist but that they were unlikely to cause practical problems in real elections but only if external safeguards are in place. (Report (pdf))
Also recall that Diebold is the only manufacturer of ATMs in the world whose machines have become infected with a worm.
Sunday, 30 November 2003
Freaky food or biotech bounty?
The debate over this technology has become a leading issue in international relations, subject of a huge trade battle. Wall Street is watching anxiously as it presses companies to recoup their massive biotech investments by selling more seeds. Environmental advocates are marching in the streets to oppose the crops. Even the Vatican is weighing the issue, recently opening a debate about which is the moral course.
Friday, 28 November 2003
P2P & anonymity
Four years ago I wrote my senior thesis at Yale, The Futures of e-Politics, in which I complimented several Congressmen and Senators for having done well to educate themselves on digital communications technologies in a relatively short time. Today I may recant that compliment.
I just got around to reading C|Net's coverage of a letter sent last week from several Senators to the executives of several P2P companies. The lawmakers asked the companies to regulate themselves — i.e., to censor their networks for pornography and copyrighted material. C|Net reports (Senators ask P2P companies to police themselves) a quote from Senator Lindsey Graham (R-N.C.) that I did not see reported elsewhere. In a "statement" accompanying the letter, he said (emphasis added):
Purveyors of peer-to-peer technology have a legal and moral obligation to conform to copyright laws, and end the pornographic trade over these networks. These programs expose our children to sexually explicit materials and provide an anonymous venue for child pornographers to hide behind the veil of technology.If we have learned anything from RIAA this year, it is that P2P activity is not anonymous. If you are going to make national policy, or at least pretend to, it is not unreasonable to ask that you pay attention.
Tuesday, 25 November 2003
Spam canned throughout the land?
The House of Representatives approved the CAN-SPAM Act on Friday, by a vote of 392-5. The acronym stands for the not-so-clever moniker, "Controlling the Assault of Non-Solicited Pornography and Marketing Act." The Senate is expected to approve the measure this week, and President Bush has agreed "in principle" to sign the bill.
This bill would have been a reasonable first step to take against spam five years ago, and Congress should be ashamed of itself for dawdling so long. We should be debating the second or third revision of the Act by now. What is done is done, however, so let us explore what the CAN-SPAM act says.
Update, 29 Nov 2003. I have been asked to revise and augment this essay for publication in the Journal of Internet Law. Toward that end, I would appreciate any constructive comments from any reader.
The full text of the bill is available at C|Net. The news agency also gives a bullet-point summary amidst its coverage, and the Institute for Spam & Internet Public Policy (ISIPP) gives a ten-point summary. Finally, C|Net gives this brief summary of the entire bill:
If the measure becomes law, certain forms of spam will be officially legalized. The final bill says spammers may send as many "commercial electronic mail messages" as they like as long as the messages are obviously advertisements with a valid U.S. postal address or P.O. box and an unsubscribe link at the bottom. Junk e-mail essentially would be treated like junk postal mail, with nonfraudulent e-mail legalized until the recipient chooses to unsubscribe.
First, a few preliminary comments before I get into specific provisions. Spam has been a scourge on the 'net since the early 1990s, when non-academics and non-scientists first logged on in large numbers. The volume of commercial email was low at first but has grown exponentially for years. The result has been frustration for users who drown in the flood of messages, higher costs for service providers who must process all the unwanted email, embarrassment for legitimate businesses whose servers are hijacked by spammers trying to disguise their identities, and the corruption of children whose parents try to shield them from pornography and other sex-based products. The Act does not go as far as many people think it should (which is why Congress's long inaction is so lamentable); but it is, as I said above, a reasonable first step. The House seems to have made a genuine effort not to be heavy-handed with the rights of advertisers. Still, the Act has some sharp teeth for consumers and, if it is properly enforced, has the potential to significantly reduce the burdens caused by spam.
Now, some comments on specific provisions. This is not intended to be a comprehensive analysis of the bill but rather a few thoughts on the provisions I think are important or interesting.
Update (6pm):Several readers have asked me to insert anchors in my subject headings so they can link to specific pieces of this article. Here they are:
The "false header information" provision is perhaps the easiest part of the bill for non-technologists to grasp, because you can examine the underlying problem even if you do not understand the technology. Spammers often disguise the origin of their advertising to make it more difficult for individuals and ISPs to use automated methods to filter and delete spam. These disguises also induce recipients to open the spam mail and begin reading by pretending to be legitimate messages (e.g., with a deceptive or misleading subject line). Imagine paper junk mail, delivered by the post office, that comes in an envelope whose return address seems to be from your bank or your doctor. When you open the envelope, you find a flier for hard core pornography.
When spam is disguised as legitimate mail, more people will open the message and read the first few lines before realizing its true nature. This gives the advertiser a better chance of selling his product, be it pornography, generic viagra, or home mortgage services. As more spam is dealt with by human beings (rather than filtered by computers), more advertisements get read, and more products will be sold even if most people hit the delete key immediately. In paper based "direct mail" ad campaigns, a response rate of one buyer per 100 mailings is generally enough to break even. The cost of sending email is much lower than the cost of sending paper mail, so a response rate of one buyer per 100,000 mailings is likely to earn a profit. The cost of sending email only seems lower to the sender, however, because most of the costs are shifted to the receiver and the receiver's ISP.
Here is how the technology works, in a nutshell. An email's "header" is the addressing and routing information such as the to, from, and date fields that you see at the top of each message. Most email software hides the bulk of the header from you, unless you take an extra step to have it displayed. This "hidden" information documents where the email originated and the route it took across the Internet to your inbox. Each computer on the Internet has a unique "IP address" consisting of four numbers separated by dots (periods). Each line of the "hidden header" contains the IP address of each computer that touched the email en route and states the action that computer performed. Usually, these intermediary computers simply receive the message and hand it off to another computer that is "closer" to the recipient; after five or six hops, the email arrives at your inbox, and the process stops. Each intermediary computer adds a line to the top of the header, so the very top line always documents your mail server's delivery to you. Each successive line below that will document where each computer got the message from, going all the way back to the original sender. For example, and email I received this morning has these two lines in its header:
The first line is from my mail forwarding service (which sent the message to my ISP after it added this stamp, and my ISP later delivered the message to me). The name of this computer is andros.alumniconnections.com, which resolves to the IP address 188.8.131.52. Before that, the message was handled by a computer named voyager.bna.com (184.108.40.206). This makes sense because the email in question was an Internet law newsletter from BNA, a publisher of print and electronic news, analysis, and reference products. Also note that each header line has a date & time stamp.
Some automated spam filters take advantage of this stamping process by searching the email header for computers that are known to be used for sending spam. The bottom line of the header should be the original sender, and the identities of the biggest spammers are well known, so it should be an easy matter to delete all messages coming from them. Spammers know this, however, so they go to great lengths to forge these headers and route their mail through other people's servers to disguise its true origin. CAN-SPAM's "false header information" provision would make this illegal. The practice is already arguably illegal under a patchwork of existing laws, which could be interpreted to cover this situation. However, there is no substitute for a clear, specific statute directly on point that removes all doubt.
The "resource misappropriation" provision is perhaps the most difficult for non-technologists to understand. Congress borrowed this idea from a line of judicial opinions based on a tort called trespass to chattel. A "chattel" is simply the legal term for an item of personal property a toaster or a chair, for example. I cannot make toast or sit down when someone else is using my chattels without my permission. That property belongs to me, so the common law allows me to sue the person using it. If I prove my case, I would get money for the damages I suffered from the delay in satisfying my hunger or relaxing my legs, and the court would order the trespasser to stop. The crux of this policy is that a computer is a chattel just like a toaster or a chair. Intuitively, we all understand that if someone else is using my laptop, he is blocking me from using it at the same time.
In the spam context, we must look at the technology on a slightly deeper level than this simplistic first approach allows. The Internet relies on powerful computers called servers, which answer queries from many people at the same time. When I read Yahoo!'s home page, the odds are very high that many other people are reading it at the same time. Yahoo!'s web server can dish out thousands of pages at the same time. However, when the number of readers grows too high, even the most powerful server has trouble keeping up, and users experience delays or worse, the server "crashes."
A similar phenomenon occurs with mail servers the computers that process email after it is sent and before it is received. Suppose the average email user sends and receives an average of 20 legitimate messages per day and receives an average of 80 spam messages per day. His Internet Service Provider's (ISP) mail server will spend 80% of its time processing spam and only 20% processing the "real" mail which is what the user (the ISP's paying customer) wants it to process. Instead of buying the server it wanted to buy, the ISP had to buy one with five times the processing power to accommodate the unwanted extra load. This does not increase the cost of the server linearly (by five times), but it does increase the cost of the server by a measurable amount. Similarly, the ISP has to pay for five times the bandwidth (transmission capacity) that its customers want to use. Even if the ISP filters out spam as a service to its customers, it must still pay for all this extra capacity to receive each piece of mail, look at the contents of each message, and flag each message for deletion or delivery.
The first case to examine spam from this perspective was CompuServe v. Cyber Promotions, 962 F. Supp. 1015 (S.D. Ohio 1997). CompuServe, an ISP, sued Cyber Promotions (CP) over spam that CP was sending to CompuServe's customers. (CP is no longer in that line of business.) That court built on the analysis written by a California Court of Appeals from a year before in Thrifty-Tel, Inc. v. Bezeneck, 56 Cal. App. 4th 1559, 1567 (1996). The California court had held that "Electronic signals generated and sent by computer have been held to be sufficiently physically tangible to support a trespass cause of action." CompuServe, 962 F. Supp. at 1021. In other words, the electric impulses that computers use to communicate constitute a physical invasion of property when they are sent into a privately-owned system without permission. In Thrifty-Tel, a telephone company had sued the parents of children who engaged in "phreaking" attempting to crack the company's authorization codes in order to make long distance calls without paying for them. The most famous decision in this line of cases is eBay v. Bidder's Edge, 100 F. Supp. 2d 1058 (2000), which extended the same reasoning to web servers.
Two pieces of the bill the "working unsubscribe" and "anti-resubscribe" provisions belong under the same conceptual umbrella, which I call the "meaningful unsubscribe mechanism."
The "working unsubscribe" provision would require each piece of spam to include instructions for the recipient to "opt out" of future advertising. This opt-out mechanism must function for 30 days after the spam is sent, to ensure that recipients have a reasonable opportunity to use it. Otherwise, the spammer could shut it down immediately after clicking send before most people have received the junk mail.
Some spammers get around states' opt-out laws by removing people from lists when they make opt-out requests, then immediately adding the same person to a new list. This new list has a much higher economic value to the spammer because the addresses on it are "verified" the spammer knows that each one belongs to and is being actively used by a live person. This formalistic interpretation of many state laws' opt-out requirements is not possible under CAN-SPAM's "anti-resubscribe" provision, which bars the spammer from adding opted-out addresses to other lists.
The "working unsubscribe" provision is the most controversial and troubling provision in the Act. A great controversy surrounds the question of whether spam should be an opt-in or an opt-out enterprise. An opt-in system would forbid unsolicited commercial email by requiring spammers to document that the owner of each email address on a mailing list has requested to be placed on that list. An opt-out system would permit unsolicited commercial email but requires spammers to remove an address from their lists when the person who owns it asks to be removed. The CAN-SPAM bill passed by the House came down on the side of opt-out.
The foundation of American law is the U.S. Constitution, and the First Amendment to the Constitution provides that "Congress shall make no law abridging the freedom of speech, or of the press." Despite this plain language, the Supreme Court has held that not all speech is equal under the First Amendment. While indecent speech (e.g., ordinary pornography) is protected from most government interference, obscene speech and child pornography enjoy no First-Amendment protection whatsoever. (See, for example, Ashcroft v. Free Speech Coalition, 535 U.S. 234, 122 S. Ct. 1389 (2002) for child pornography and Miller v. California, 413 U.S. 15, 24-25 (1973); Smith v. U.S., 431 U.S. 291, 301-02, 309 (1977); and Pope v. Illinois, 481 U.S. 497, 500-01 (1987) for obscenity.) Commercial speech gets an intermediate level of protection. Central Hudson Gas & Electric Corp. v. Public Service Commission of N.Y., 477 U.S. 557, 564-65 (1980).
Since the First Amendment was ratified, it has been axiomatic that "prior restraints" on speech are one of the greatest evils threatening the health of our polity. A prior restraint is a government prohibition on a particular message before the speaker has a chance to communicate it. The freedom of speech and the fundamental liberty of self-expression demand that everyone be given an opportunity to voice his thoughts. Some speech is always socially harmful such as threats of violence or statements made in the formation of a criminal conspiracy. However, it is simply not possible to articulate in advance a definition of all forms that such harmful speech will take without our definition also encompassing many forms of legitimate speech. Therefore, we only punish speech after it has been uttered, when we can analyze the facts of each case. True, this allows some harms to occur that we might otherwise prevent, but a system of prior restraints would create far more and far greater harms by having a "chilling effect" on socially-necessary speech.
Therefore, everyone must have a reasonable opportunity to stand in a public square, tap passers-by on the shoulder, and say, "Would you like to hear what I have to say?" However, the freedom of speech guarantees a right to speak not a right to force others to listen. Each listener has the right to say, "No, I find your views offensive, and I do not want to listen to you." Spam may be the 21st century, commercial-speech embodiment of this tap on the shoulder. The mandated opt-out system is the listener's opportunity to decline.
Many people believe that commercial speech should get less protection than it does today. Consumer protection demands it, they argue. How else can we prevent hucksters from selling snake oil through lies and deceit? These arguments do have merit, and I do not mean to dismiss them here; they are just beyond the scope of this blog. However, it would be irresponsible not to note at this point that, in recent years, the Supreme Court has been backing away from the Central Hudson doctrine because it is proving impractical to differentiate commercial speech from other types of speech. In ten years, what is "commercial speech" today may get full constitutional protection.
Spammers employ many strategies to collect email addresses for their spam lists. One common strategy is called "harvesting." Spammers write software that trolls the Internet for character strings that appear to be email addresses. The software scans the text of web pages, chat rooms, message boards, and usenet, recording all the email addresses it finds. The CAN-SPAM Act will make this practice illegal. The very next paragraph of the Act prohibits another common strategy, "randomly generating electronic mail addresses by computer." The combination of these two prohibitions will make it much harder for spammers to get a hold of functional email addresses.
The Act allows states to enforce the act by suing spammers on behalf of their citizens and ISPs to sue on their own behalf or on behalf of their subscribers. This is a common-sense compromise between the factions advocating a private right of action (which would permit individuals to sue spammers for themselves) and those advocating federal enforcement (which would permit only the U.S. Attorney General to enforce the Act).
Both extreme positions carry dangers and benefits. With a private right of action, the courts might be clogged with individual or class action suits, and it would take too long to reach large judgments against spammers for the law to be effective. On the other hand, leaving enforcement in the Attorney General's hands exposes the law to the dangers of under-enforcement and political cherry-picking. First, spam may seem minor compared to violent crimes, which rightfully get prosecutors' prime attention. Spam prosecutions might fall by the wayside. Second, the economic and technological damage caused by any two pieces of spam are identical, but does anyone honestly believe that John Ashcroft would approve the prosecution of inkjet toner vendors if there are any pornography vendors still standing? With finite resources, any Attorney General (like any manager) must set priorities for his office, and I would never fault Ashcroft for setting clear guidelines. However, I frequently disagree with the content of his guidelines; and, in this context, his preferences would probably lead to systematic selective enforcement, which would be untenable under the First Amendment which prohibits the government from treating different speech differently, based on its content or viewpoint. With all fifty states and hundreds of ISPs bringing spam suits, the danger of selective enforcement declines.
CAN-SPAM expressly "preempts" state laws dealing with spam. The Supremacy Clause of the U.S. Constitution (article 6, § 2) establishes that the Constitution, laws, and treaties of the United States "shall be the supreme law of the land" and that they preempt state laws where they are in conflict (and in certain other situations). California, in particular, has passed several statutes prohibiting spam. California's most recent statute, which will not take effect until January, is far more protective of consumers than CAN-SPAM. All of these laws would be rendered unenforceable by the federal Act.
The House considered drafts of the bill that would have required the Federal Trade Commission (FTC) to maintain a "Do Not Spam" registry, similar to the "Do Not Call" registry that it recently established in conjunction with the Federal Communications Commission (FCC). Spammers would have been required to compare the email addresses in this registry to their own mailing lists and remove any addresses that match. In effect, it would have been illegal to send unsolicited commercial email to any address in the registry. However, the House rejected this provision (which would have required the FTC to create the registry) in favor of one that merely requires the FTC to study the issue and permits the it to create a registry if it sees fit.
Anyone taking odds on what the FTC will do? Before you answer, consider that the bill fails to allocate a single dollar to fund the registry.
By making certain kinds of email illegal, the Act, by implication, renders all other kinds of email legal. However, some spam that Congress intended to make illegal will always slip through cracks in the law's definitions. (This is a fundamental shortcoming of human language, not necessarily a fault of Congress.) Therefore, the bill expressly permits ISPs to devise and implement their own, private email-handling policies.
Without this provision, ISPs would be vulnerable to lawsuits from spammers if they decide to block this slippery spam on their own. By blocking mail that is technically legal, the ISPs would arguably be liable for such torts as interference with business relations (for blocking legal business communications) and defamation (for falsely labelling messages as "spam"). Much like § 230 of the Telecom Act of 1996 (47 U.S.C. § 230), CAN-SPAM's "private mail policy" provision is designed to protect ISPs from an onslaught of litigation that would render them unable to conduct business. If ISPs cease operating out of fear of litigation, consumers would be unable to access the Internet at all.
Thursday, 20 November 2003
Flashin' Bush Bashin'
I usually try to avoid political bashing, but occasionally a satire is funny enough that I bend my own rules. The Leader of the Free World!? is the funniest and most novel satire since the 2000 election (requires Flash player).
Wednesday, 19 November 2003
Kucinich slaps Diebold
Congressman and presidential candidate Dennis Kucinich (D-OH) has come out decisively in favor of civil liberties. On his Voting Rights issue web page, he posts excerpts from and links to the memoranda that Diebold has tried so hard to erase from the public hivemind. Thanks to Donna at Copyfight for the heads up.
The Congressman writes:
Stopping False Copyright Claims
Earlier today, Doug Simpson of Unintended Consequences pointed out (Article: Congressman Posts Diebold Document Excerpts) that the Speech or Debate Clause of the U.S. Constitution (Art. I, § 6, cl. 1) may put Rep. Kucinich beyond Diebold's long reach if the company should choose to serve him with a DMCA notice-and-takedown letter. This clause immunizes members of Congress from "arrest" during any speech or debate in the course of their Congressional duties or while traveling thereto or therefrom. It further provides that members "shall not be questioned in any other place" "for any speech or debate in either House" of Congress.
Doug also brings up the similarity between this hypothetical case and Brown & Williamson Tobacco Company v. Williams, 62 F.3d 408 (D.C. Cir 1995), where a paralegal working for the law firm representing B&W (a tobacco company) leaked juicy documents to the press and to Congress. In this decision, the D.C. Circuit Court affirmed the District Court's quashing of the subpoena served on Rep. Waxman by B&W. Doug asks, "Can we expect Diebold to send Congressman Kucinich a cease and desist letter, with a takedown notice to the ISP hosting [his web site at] House.gov? I'd like to be a fly on the wall when those arrive."
Tuesday, 18 November 2003
Court hears Diebold arguments
Declan McCullagh reports on C|Net that the U.S. District Court in San Jose, California heard arguments in the case brought by students and the Electronic Frontier Foundation (EFF) against Diebold Election Systems. (Article: Students fight e-vote firm's DMCA claims)
As discussed here (1, 2) and elsewhere, Diebold manufactures electronic ("touch screen") voting machines. Students at Swarthmore launched what has since become a widespread electronic civil disobedience movement. Internal Diebold documents indicating mismanagement and a lack of security were publicly distributed, and protesters sought to bring them to the fore of public debate while Diebold sought to repress them, by sending threatening letters under the notice-and-takedown provision of the Digital Millenium Copyright Act (DMCA). There are also other political concerns, which Declan summarizes concisely:
Diebold gave at least $195,000 to the Republican party during a two-year period starting in 2000, and its chief executive, Walden W. O'Dell, once pledged to deliver Ohio's electoral votes for President George W. Bush. Earlier this month, California started an investigation into whether Diebold had improperly installed software into Alameda County's machines that had not been certified.
Up to this point, Diebold has been maintaining a stern face on the copyright front while hedging its bets behind the scenes by claiming that it could not tell whether any or all of the documents at issue had been altered. In court filings in the present case, however, it wrote, "Wholesale publication of unpublished, stolen materials, with no transformation or creativity and nothing other than a request that others download them in their entirety, is infringement, not fair use." This sounds to me like an admission that the documents are authentic. There goes Diebold's plausible deniability when it defends its products in the court of public opinion.
Monday, 17 November 2003
File sharing zeitgeist
The Contra Costa Times ran an interesting, yet unsurprising, AP story on Saturday (Music industry mines data from downloads). In a nutshell: "Despite their legal blitzkrieg to stop online song-swapping, many music labels are benefiting from — and paying for — intelligence on the latest trends in Internet trading." That is right, P2P networks are the best tool yet-invented for gathering realtime data on music consumer tastes. By tracking the number of downloads for particular artists and particular songs and the rough geographical distribution of those downloads, the industry can better target its marketing and products.
I would accuse RIAA of batting both ways (like I did H&R Block this morning), but this phenomenon raises an issue more important than copyright law. For the first time in the history of human social interaction, we have the technology to gather realtime information on the thoughts of a cross-section of a nation. P2P file sharing is a specific example, and the Google Zeitgeist is a more general one.
Friday, 14 November 2003
Roy gets rocked
An ethics panel in Alabama ruled yesterday that Roy Moore, the controversial Justice of that state's Supreme Court who placed a monument bearing the protestant ten commandments on the courthouse steps, had violated his profession's canons of ethics. Moore openly defied a federal district court order to remove the monument, known among his supporters as "Roy's Rock." (View image.) The ethics panel emphasized that Moore lacked contrition for his flouting of the rule of law. "Indeed," wrote the New York Times, "just minutes later, Mr. Moore strode out of the courthouse into a crush of his supporters and announced, 'I have absolutely no regrets.'" (Article: Alabama Panel Ousts Judge Over Ten Commandments Monument) Throughout this episode, Moore has characterized the dispute over the monumen as one between the faithful and faithless, Christians and atheists, and Alabamans and "the feds." His comments yesterday underscore the depth of his misunderstanding of the U.S. Constitution.
Thursday, 6 November 2003
Update: Sony Music and BMG intend to merge
After reporting yesterday on the burgeoning business of partnerships among media companies (Media Giants Getting Together), the Washington Post reports today that "Sony Music Entertainment Inc. and BMG Entertainment have signed a nonbinding letter of intent to merge, creating a goliath that would control a quarter of the world's music business." (New Duet in Music World) See yesterday's blog on media partnerships.
Wednesday, 5 November 2003
Partnerships mask media consolidation
The Washington Post has an interesting article about the rise of partnerships in the news media industry. (Media Giants Getting Together) In a field where scoops were once jealously guarded, they are now shared with abandon.
More and more media organizations — newspapers, magazines, television networks, Web sites — are forming globe-spanning, interlocking and often-cyclic partnerships with each other; some paid, others not. In an effort to hold budgets in line while expanding out of their traditional niches, newspapers give stories to each other, print reporters appear on television news shows and Web sites link to newspapers, television networks and magazines.In recent years, civil libertarians have lamented media consolidation with increasing frequency and volume. The more outlets that are controlled by Big Media, they argue, the fewer voices will be heard in the marketplace of ideas. If, for example,
The partnership model is supposed to mitigate this dystopia. No single company could possibly expand fast enough to grow all the businesses mentioned above internally. Therefore, they must either acquire other companies or form partnerships with other companies to extend their reach as far as possible. Mergers and takeovers result in unified control from the top down. Partnerships are more fluid, usually comprising only a small number of specified joint projects and lasting only for limited times. Projects and their durations are specified in advance in contracts between the partners. Partnerships are likely to focus on efforts most likely to deliver a cost-savings benefit or extend the partners' "reach" as far as possible in a short time. As reported in the Washington Post:
"One of the major justifications proffered for broadcast mergers and newspaper/broadcast combos is 'efficiencies' and 'synergies,'" said Andrew Schwartzman, president of the Media Access Project, which has opposed many media mergers. "As these deals demonstrate, it is possible to achieve both without actually purchasing or controlling both properties." [Hyperlink mine] At the same time, however, Schwartzman warned that such partnerships "can be abused as a means of reducing service, especially at the local level."
What does this mean for the average consumer of news, entertainment, and other information? One can no longer determine the ultimate source of information from the medium in which it is received or from the "brand name" at the top of the page or at the beginning of the broadcast. An article in the Washington Post may come from the Dow Jones company (via the Post's partnership with the Wall Street Journal). A Discovery Channel documentary may come from the New York Times (via their collaboration on the Discovery Times cable channel).
Would you trust an NBC news report on the latest consumer electronics? Before you answer, consider that NBC is owned by General Electric and has a 50% stake in MSNBC, along with Microsoft. Consider whether NBC has a financial incentive to make people more inclined to buy products made by GE or Microsoft. Now answer the question.
Tuesday, 4 November 2003
Diebold's reaction to California's prudence
California election officials at the state's State Department added fuel to the fiery blogosphere two days ago, when they announced they would halt the certification process for new voting machines manufactured by Diebold Election Systems. The announcement came in the wake of multiple, independent, public revelations that the software running the machines is horribly insecure and Diebold's infamous attempts to squelch public discussion of the issue. (Sources: 1, 2, 3) Amazingly, the blog furor has apparently overlooked one interesting bit. A recent Wired News article mentions the reaction of Diebold officials who attended the meeting where the State Department announced its decision. (Article: Calif. Halts E-Vote Certification) Quoth the article: "Diebold officials, who were attending the meeting, seemed surprised by the announcement and expressed displeasure to several panelists afterward that it had been introduced in a public forum. They were unavailable [after the meeting] for comment."
Is anyone surprised that Diebold's chief concern was the public nature of the announcement and not the problems underlying it?
NYT summarizes Diebold brouhaha
Yesterday the New York Times (NYT) published an excellent overview of the situation that Diebold Election Systems has created for itself. (Article: File Sharing Pits Copyright Against Free Speech) (See my previous blog entries on Diebold: 1, 2, 3, 4.) The crux of the summary:
Diebold Election Systems, which makes voting machines, is waging legal war against grass-roots advocates, including dozens of college students, who are posting on the Internet copies of the company’s internal communications about its electronic voting machines.
Sunday, 2 November 2003
Scientific freedom in the age of bioterrorism
The Washington Post reports a sterling example of how scientific freedom should be preserved in this age of bioterrism. (Article: Engineered Virus Related to Smallpox Evades Vaccine) President Bush has categorized large swaths of research as either classified or "sensitive but unclassified" with the intent of controlling the direction of research and restricting the dissemination of knowledge gained therefrom. For all the reasons already argued in the two-year-old debate on these restrictions, this purported secrecy is doomed to fail and will retard responses to bioterror attacks. The research reported in this article, however, was conducted and disseminated scientifically, without any attempt at secrecy — yet also without compromising national security.
No, I do not suggest that an altered smallpox virus is without national security implications. The lead researcher, virologist Mark Buller of Saint Louis University, explains why he has "absolutely no biosafety issues" with his work:
Although he acknowledged that someone could, in theory, apply similar techniques to smallpox, he said he had no qualms about presenting his data at the Geneva meeting because his team had found two different ways of countering the enhanced virulence with drugs and vaccines, and is close to perfecting a third way.
This is precisely the sort of security disclosure (simultaneous exposure of problems and solutions) that has served the IT industry for decades.
Reagan apologist-revisionists seek script approval
The Washington Post reports that the Republican National Committee (RNC) and several of its most powerful members have asked CBS for the right to approve the contents of its forthcoming miniseries, "The Reagans," which tells the story of the former President and First Lady. (Article: GOP Wants Review of Reagan Miniseries) The RNC's letter requested CBS to submit the script to "historians to review the program for historical accuracy" so as to "avoid any confusion as to what constitutes treating the President, Mrs. Reagan and the Reagan administrations in an honest sort of way." The RNC apparently heard that the miniseries would portray the Reagans in an unflattering light — but conveniently forgot that its "historical accuracy" is due in large part to the former President's own authorized biography and the First Lady's own memoirs. Not to be overbearing, however, the RNC offered CBS a reasonable alternative to script approval. CBS may, at its option, "inform…viewers via a crawl every 10 minutes that the program is a fictional portrayal of the Reagans and the Reagan Presidency, and they should not consider it to be historically accurate."
I might suggest that the RNC could respond with essays or its own documentary if it finds specific inaccuracies in CBS's work. I won't, however, since this is the same party whose current President believes that the First Amendment should not allow people to discuss him frankly.
Monsanto sues farmers for saving soybeans
Taking a page from the RIAA playbook, agriculture giant Monsanto Corp. has taken to suing farmers to enforce its patent on Roundup Ready® (RR) Soybeans. Monsanto developed the patented soybean seeds (bearing a trademarked name, no less) to resist its best-selling herbicide, Roundup®. The new plants allow farmers to apply more herbicide to control weeds without killing their crops. However, Monsanto does not simply sell the seeds. It licenses them, and the license terms prohibit saving seeds from one season for planting in the next. Never mind that saving seeds has been standard operating procedure in farming for the entire history of human agriculture.
I have no beef with Monsanto licensing its patented technology rather than selling outright the products based on it. However, it has done an inexcusably negligent job of informing farmers of the contents of the form contracts by which it sells RR soybeans. The New York Times (NYT) reports (Saving Seeds Subjects Farmers to Suits Over Patent) that farmers sign the contracts without reading them believing they are the same standard seed-sale agreements they have signed in previous years. Although some farmers are aware of the $6.50 "technology fee" per sack of seeds, Monsanto appears to have made no effort to call attention to the anti-saving provision. Obviously, many farmers saved some seeds and replanted them in the next season, violating both the contract and Monsanto's patent. The NYT article says that many farmers are fighting the lawsuits, taking them all the way to judgment, and that the first is now up on appeal. It is only a matter of time before we get appellate-level decisions on the enforceability of these contracts under contract-of-adhesion and antitrust law.
Saturday, 1 November 2003
Park mixes it up at Senate CS&T
Bob Park, the University of Maryland physicist and publicist for the American Physical Society, got snarky this week in his testimony [pdf] before the U.S. Senate Committee on Commerce, Science, and Transportation. Expressing his concern that protein crystal research is still on the International Space Station (ISS) agenda despite a bounty of research suggesting that the crystals grow identically in microgravity and at 1g (on Earth) not to mention the Australian crystal fraud [see item 3] Park was interrupted by Senator Bill Nelson (D-FL) for a question. "And they still haven't grown one crystal that hasn't been grown on Earth?" the Senator asked. "Not one," the physicist replied.
How much of my money are they going to spend chasing leprechauns?
Thursday, 30 October 2003
Idiot's guide to combating satire & criticism
If there were a rule #1 in public relations for responding to satire, it would be: "If someone satirizes you, don't give him free advertising." Fortunately, most American corporations and political entities have yet to learn this lesson. This gives the rest of us endless entertainment as they add to the "who's who" list of good satire that comes from their PR blunders.
My first exposure to this maxim came in the 2000 U.S. Presidential campaign, when then-governor Bush excoriated the plucky web site GWBush.com in front of a large crowd and television cameras. His staff had registered all the Internet domains it could think of that contained variations of the candidate's name, but this one slipped through the cracks and was registered by a gadfly. The site satirized Bush and all the silly things he said.
Instead of ignoring this relatively unknown crank, Bush stood atop his soapbox and uttered the phrase that will live longer than his children's children: "There ought to be limits on this kind of freedom." The site enjoyed an instant (and long-lived) boost in popularity, growing from 1,000 visitors per day to over 1 million visitors per day for the rest of the campaign, with somewhat lower levels thereafter. The t-shirts it introduced the next day (with the "There ought to be limits on…freedom" speech bubble) were its hottest item for the rest of the campaign.
A group near and dear to Bush's heart, the Republican Party of Texas (RPT) is not outdone by its leader. Last March, the RPT threatened to sue the operators of a web site, EnronownstheGOP.com. The parody site mimics the RPT's site and "contains a banner which reads 'Republican Party of Texas…brought to you by Enron.' The letter 'e' in the word 'Republican' is in the form of the crooked 'e' symbol for Enron. The Web site contains 'humorous takes on the GOP's ties to Enron'" and parodic representations of its elephant logo. (Source) The site promptly displayed RPT's "cease and desist" letters, and the story was picked up by the national media. That same week, my Trademarks professor, David Byer, brought it to the attention of our law school class. "I had three or four associates ask if we could represent this site pro bono," he said. "That is not the reaction you want people to have when they read about your lawsuit."
The most recent bonehead example comes from Fox. (I am not trying to paint this as a right-wing problem (honest!) the best recent examples just happen to come from "right field.") On Tuesday Matt Groening, creator of "The Simpsons," reported during an interview on NPR that Fox News nearly sued the network's entertainment division over a Simpsons episode that parodied "the Fox News rolling news ticker" by highlighting what is widely-perceived as "the channel's anti-Democrat stance, with headlines like 'Do Democrats Cause Cancer?'" (Source) If Fox News had the self-control to ignore its sister channel's show, only those who saw the show would have seen it, and only a few Simpsons devotees would remember it an hour later. Now, however, over a dozen news outlets have picked up the story.
Wednesday, 29 October 2003
Update: Press coverage of DMCA exemptions
The Wired article has this succinct summary of the exemptions granted yesterday: "People may bypass a digital lock to access lists of websites blocked by commercial filtering companies, circumvent obsolete dongles to access computer programs, access computer programs and video games in obsolete formats, and access e-books where the text-to-speech function has been disabled."
Tuesday, 28 October 2003
Columbia astronaughts might have inspected wing in spacewalk
The Columbia Accident Investigation Board (CAIB) officially released volumes II-IV of its Final Report. Today's releases contain one tidbit that compels me to acknowledge that a public statement I made last February was partially wrong. With the benefit of eight months' hindsight, CAIB has concluded that the Columbia astronaughts might have undertaken a highly risky two-man spacewalk to inspect the damage to the spacecraft's left wing — "if one of them had used the other as a ladder," in the words of one New York Times article (Reports Detail a Hypothetical Shuttle Rescue).
In a post to CTY-L on 11 February 2003, I stated (wrongly, it turns out) that the Columbia astronaughts could not have inspected or repaired the damage. While CAIB concluded that the astronaughts might have inspected the damage, the report does not suggest they could have repaired it in space, or that they should have attempted to do so. Indeed, the shuttle did not have the appropriate materials or tools on board to carry out such a repair. See, e.g., this Washington Post article: "Astronauts on Columbia and engineers in Mission Control were not aware of the extent of damage to the shuttle wing. But officials said that, in any case, there was no equipment on the shuttle to patch the wing even if the problem were recognized." (Article: Paint Brush May Aid in Repair of Shuttle)
Copyright Office issues DMCA exemptions
The U.S. Copyright Office today issued its report creating a new set of exemptions under the DMCA for the next three years. (Links: short version and long version) The Register granted two major exemptions and denied many others. Ernest Miller has a collection of blog links. Derek Slater has a good, short summary.
Elvis' income tops among dead celebrities
Interesting development that brings the law of publicity to the fore: Last week Forbes magazine reported the top-earning dead celebrities. (Article: Top-Earning Dead Celebrities) Elvis Presley ($40 million) has held the top spot since Forbes introduced this ranking three years ago. This year, he is followed by the likes of "Peanuts" cartoonist Charles Schulz ($32 million), J.R.R. Tolkien ($22 million), and former Beatles John Lennon ($19 million) and George Harrison ($16 million). Tolkien's rank is temporary, I suspect, and will fall once the Lord of the Rings films finish their theater and video runs.
Monday, 27 October 2003
AP picks up the Diebold story
The Associated Press has picked up the story of Diebold's cease & desist demands under the DMCA. (Article: Diebold threatens publishers of leaked electronic-voting documents.) This should lead more mainstream news outlets to carry the story, beyond the paltry few that have carried it thus far (1, 2, 3). This could be the third major story with national political implications broken in the blogosphere after the mainstream press ignored it.
Sunday, 26 October 2003
Update: Indirect linking & the DMCA
Today, LawMeme asked essentially the same question I asked on Friday. I cannot link directly to the LawMeme article, in order to preserve the experiment I proposed on Friday (due to trackbacking effects). You can find it easily, however. The title is "How Direct is Too Direct When It Comes to Hyperlinks?," the author is James Grimmelmann, the publication date is 26 Oct 2003, and the category is copyright.
WMD: Where's My Dope?
All but the True Believers now agree that Iraq has had no cognizable weapons of mass destruction (WMD) program for some time. Indeed, it seems likely that Saddam Hussein abandoned his nuclear ordnance program in 1991, immediately following the Gulf War — just like he said he did. Barton Gellman reports in today's Washington Post:
According to records made available to The Washington Post and interviews with arms investigators from the United States, Britain and Australia, it did not require a comprehensive survey to find the central assertions of the Bush administration's prewar nuclear case to be insubstantial or untrue. Although Hussein did not relinquish his nuclear ambitions or technical records, investigators said, it is now clear he had no active program to build a weapon, produce its key materials or obtain the technology he needed for either.
Is anyone surprised that White House "officials interviewed for this report defended the integrity of the government's prewar intelligence and public statements" but that "[n]one agreed to be interviewed on the record?"
Saturday, 25 October 2003
Pope John Paul II's beatification of Mother Teresa last week brought the expected outpouring from international journalists and political leaders, who competed to produce the glurgiest fawning over this "icon of the Good Samaritan." It is fair to ask why.
Since the 1930s, Teresa's missionary order has preached in the bowels of society, and the world has heaped upon her the accolades she proved so adept at attracting. After her death, the world and particularly the Vatican has had less interest than ever in examining her deeds. John Paul II, who counted Teresa among his confidants, has canonized several times more saints than any other Pope in history. It is no accident that this occurred under the first Pope to reign in the era of global instant news. So why stop now? Teresa's beatification was as much a media event as a religious rite.
As is well known in the skeptical community (but largely ignored elsewhere), the alleged miracle performed by Teresa is likely a fraud. As Bob Park succintly explains:
This tiny woman had devoted her life to caring for "the poorest of the poor," built a charity network that spans 120 countries, and was awarded the 1979 Nobel Peace Prize, but no miracle, no sainthood. It was easy in the middle ages; you could whip up a miracle or two before breakfast, but this is the age of science. So the Vatican sent a crack team of investigators to India, where a woman said a beam of light from a picture of Mother Teresa had cured her of cancer. The team pronounced it a genuine miracle. But her doctor says no one asked him. He insists it was a cyst, not cancer, and he cured it with medicine. Who's right? I asked an old classmate, Dom Credulo, who knows a lot about miracles. "Do you think this is a miracle?" I asked. "Of course it's a miracle," Dom snapped, "how many times have you seen a picture emit light and cure cancer?" He had me there.
Accounts published on behalf of the cured woman's husband confirm the doctor's objection, especially the fact that she was treated with modern medicine. He details the regimen of medication she followed, side effects she experienced, and the timeline of her recovery. All are in perfect accord with the generally-prescribed course of treatment in conventional (western) medicine in the region.
Why must we debunk Teresa's supposed miracles? First, because skepticism is a virtue. Second, because Teresa's accolades, and even her Nobel prize, were almost certainly acquired through fraud. Aroup Chatterjee, who grew up in Calcutta, has spent the last decade conducting an exhaustive investigation of Teresa's life, ministry, and reputation. The result of this research is his book Mother Teresa The Final Verdict, published this year. I could not do justice to Chatterjee's 400+ pages in this space, so I will let a recent book review by Krishna Dutta speak for me. This article is reprinted from the Time Higher Education Supplement. The book itself is available online at Meteor Books.
Friday, 24 October 2003
Antipiracy indoctrination gets off to rocky start
The Motion Picture Association of America (MPAA), the chief Hollywood lobbyist, has launched an indoctrination campaign in public schools. Although MPAA calls it "education," the program fits all the elements of the definition of indoctrination in Webster's Dictionary. MPAA paid $100,000 to deliver its message to 900,000 children over the next two years, taking advantage of public schools' budget crises. Although the program's title is "A Guide to Digital Citizenship," its curriculum is more accurately reflected by its slogan, "If you haven't paid for it, you've stolen it."
As a statement of law, this slogan is absolutely wrong. There are many situations in which one can lawfully acquire property without paying for it, and a good number of those apply to file sharing, the main target of MPAA's effort. As reported by AP, the MPAA curriculum is a simplistic and one-sided presentation on a complex area of law, delivered to children, many of whom are likely to lack the knowledge and sophistication to engage the instructors in productive discussion. In one example reported by AP, one knowledgable student was cut off by the teacher when he disagreed with the scripted lesson.
Note to MPAA: Discussion is good, but proselytization is not.
Thursday, 23 October 2003
Mark Fingerman posted a comment asking some good questions about my entry on the propriety of using copyright to quell criticism ("Diebold detractors defy DMCA desist demands"). I will try to answer them all here.
First, whether Bill Gates "should be allowed to profit from" software that he designs. Of course! The law should forbid people to profit from their labor only in rare circumstances — like murders for hire. Should Ford be allowed to sell cars at a profit? And Dole to sell pineapples? Surely, no one would argue that these companies are not permitted to build and grow physical products with their own factories and land, then place those items in the stream of commerce. The difference is that cars and pineapples are physical goods, which are rivalrous, meaning that only one person can consume them at any time (and, in the case of pineapples, only one person can eat a pineapple before it becomes useless to everyone else). Software is a nontangible good, which can be copied and used by two or more people at the same time — so if you copy my Office 2002 CD, my enjoyment of the software is not diminished. That is where copyright law comes in: the law erects an artificial barrier to some activities to imbue nontangible goods with some of the same qualities that allow producers to profit from tangible goods. (Note that "artificial" sometimes carries a negative connotation, but that is not what I intend here. I mean that a legal barrier does not exist in a "natural" world without laws.)
Second, on "intermediate" products of a copyrightable nature. Surely, Tom Clancy holds a copyright in chapter 1 before he finishes writing chapter 12. Copyright law protects the expression in any creative work beginning at the instant it is "fixed in a tangible medium of expression." Courts have interpreted the term "tangible medium of expression" broadly, as anything that can hold information in a stable form for a measurable period of time — e.g., paper, rock, clay, glass, wood, magnetic disks and RAM. Section 101 of the Copyright Act defines the moment of fixation:
A work is "fixed" in a tangible medium of expression when its embodiment in a copy or phonorecord, by or under the authority of the author, is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration.
The Copyright Act does not distinguish between "finished" and "unfinished" works, and the copyrights in intermediate stages of production can be analyzed separately from the copyright in a finished work. Normally we need not bother, because the copyright in the finished product is much more valuable and is the focus of disputes that arise.
Next, Mark takes exception to my claim that "The public enjoys the right to make 'fair use' of copyrighted works — especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression." He asks, "So the public has the right to break into your home, steal your private correspondence, and publish it 'especially for purposes such as criticism, satire, parody, scholarly analysis...?' Can I rob a bank for the purpose of holding them up to 'scholarly analysis?'"
The answer, of course, is no, because the actions you describe are crimes and torts. Diebold has clear legal remedies against the person who broke into its computer network. It can sue him for, among other claims, trespass, theft of trade secrets, and interference with business relations. It can also press criminal charges under the Computer Fraud & Abuse Act. Take note that Diebold has done none of these legitimate things. Instead, the company has taken aim at people who have, unquestionably, never committed a crime or tort against it. The harm that Diebold fears is not further loss of trade secrets (these "secrets" are already public knowledge so, by definition, they are no longer trade secrets). Rather, it is trying to use copyright law to stymie discussion its products after the public has learned of their flaws.
The Lanham Act, the foundation of American trademark law, explicitly allows us to reproduce trademarked words, phrases, and symbols for the purpose of discussing the products they represent. This limits the general rule that reproducing a trademark without permission is infringement, and it is necessary to avoid rendering the trademark regime unconstitutional under the First Amendment. If we can write Diebold's name but cannot discuss its products, then the limitation is meaningless. Forcing the public to discuss the voting machines' shortcomings without sufficient supporting facts is tantamount to the same thing. Yes, the person who "stole" Diebold's documents should be held responsible, if Diebold chooses to press the issue. The general public, however, should not be held responsible for one person's wrongdoing.
Finally, the questions "Is Diebolds product better than hanging chads? And did Diebold provide what the state requested?" I take it, you are referring to the Georgia election I discussed in a previous article. For all the reasons stated in that article: no, Diebold's products (in their current form and with current election laws) are not better than hanging chads. And no, it did not provide what the state requested. The state certified the machines prior to the election, according to its laws. Sometime thereafter, Diebold made changes to its software and did not disclose that changes had been made — let alone the content of those changes — to anyone. There has been no allegation that these particular changes compromised the election, but one can easily imagine a scenario where such changes would cause problems. If the government is not informed of the changes and has no opportunity to examine them, what is to stop Diebold or another manufacturer from changing every tenth Republican vote to a Democratic one?
I sympathize with Diebold's problems. Nobody likes criticism. It invested a lot of time and money in developing its touch-screen voting machines, and it wants to prevent that work from being wasted. But we live in a democracy that values the integrity of its elections and a capitalist economy that values the operation of market forces in an environment of as-nearly-perfect-as-possible information. Diebold could subvert the first and has subverted the second.
Wednesday, 22 October 2003
Diebold detractors defy DMCA desist demands
As I explained in a previous article (E-lection security in Georgia), the voting machine products and related services sold by Diebold Election Systems raise serious election-integrity concerns. After a hacker broke into Diebold's computer network and downloaded ("stole," in Diebold's words) several internal memoranda, he distributed those documents widely, including some copies to journalists and activists. The compromising documents confirm that the company has known of its voting machines' shortcomings for some time. Embarassed, Diebold played the great American trump card, the lawsuit.
Diebold has sent an unknown number of "cease and desist" letters to people who posted the documents on their web sites. The letters threaten that the company will sue under the Digital Millennium Copyright Act (DMCA) if the recipient does not promptly remove the offending memos from his web site. Diebold (correctly) insists that it owns a copyright in those documents and that they are being publicly displayed without permission. It then invokes the provision of the law which requires Internet Service Providers (ISPs) to remove material that infringes a copyright promptly upon being notified of its presence on its servers. Any webmaster who does not take down the memos, Diebold threatens, will soon stare down the barrel of a copyright infringement lawsuit.
How is this wrong? Let me count the ways.
Copyright law, including the DMCA, is intended to give authors and artists a chance to earn rewards for their creative work. It grants them the exclusive rights to copy, distribute, perform, and publicly display their literature and art. In the U.S., the rationale behind copyright goes like this: if an author has the legal right to prevent others from doing these things, he will hold a limited monopoly on his own work and will be able to derive income from it. In Europe (and especially in France), the rationale is different: authors and artists are naturally and morally attached to their work, and this attachment endows them with the right to control the distribution and use of their work. Diebold, on the other hand, has never had the intention of profiting from the writings at issue. In fact, these writings harm Diebold's profit interests because they expose flaws in its revenue-generating products. The company's desire to suppress public discussion of these documents is understandable, but its method of suppressing them bends copyright law past the breaking point.
Copyright law has always granted only a limited monopoly to authors. The public enjoys the right to make "fair use" of copyrighted works especially for purposes such as criticism, satire, parody, scholarly analysis, and other uses that are necessary to preserve unfettered public debate and preserve the liberty of free expression. These limitations on the copyright monopoly are deeply affected with First Amendment interests, and they are the Copyright Act's last line of defense against constitutional challenges. See, e.g., Eldred v. Ashcroft, 123 S.Ct. 769, 154 L.Ed.2d 683 (2003).
It is axiomatic in First Amendment jurisprudence that "political speech," broadly defined, is at the core of what the Amendment protects. Few, if any, topics are more fundamentally political than the process by which citizens in a democracy elect their government's officials. As states and counties update their voting machinery in the wake of the 2000 Presidential election debacle and the California recall lawsuit, most of them are adopting (or at least considering) "touch screen" machines like Diebold's. In perhaps ten to 15 years, all American elections will be conducted on such machines. Diebold, by choosing to manufacture and sell voting machines, has thrust itself into the the election process and made itself a focal point of public debate. Unfortunately, the company has asserted its copyrights for the sole purpose of stifling the public discussion that is so vital if our communities are going to adopt the best election machinery and conduct the fairest possible elections.
Civil libertarian organizations like the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) are fighting to protect the public's right to access, read and discuss documents that directly affect the right to vote. Without public discussion, our communities might buy inferior equipment, and future elections would be tained with, at best, inefficiency and, at worst, fraud and corruption. Two brave groups of students at Swarthmore College are engaged in an "electronic civil disobedience" campaign to thwart Diebold's machinations. The groups, Why War? and the Swarthmore Coalition for the Digital Commons (whose web site Diebold has, at least temporarily, succeeded in shutting down), have organized a network of students and others who are willing to host the Diebold documents for at least a short time. Why War? maintains a web page with links to the "current" location of the documents, and the location changes as soon as Diebold sends another cease and desist letter. Efforts like this give life to John Gilmore's prescient statement, "The Net treats censorship as damage and routes around it."
We should support efforts like Why War?'s not only because they bolster the long-term integrity of the American electoral system (their narrowest goal) but because they also enable the free exchange of ideas (their broadest goal). The First Amendment embodies some of the most fundamental rights and liberties that our society recognizes. Pinching them through copyright law can only hurt our society.
Terrified of Terror Profiling?
Bruce Schneier, the renowned expert in computer security (as well as founder and Chief Technical Officer of Counterpane Internet Security, Inc.) wrote a column this week for Newsday: "Terror Profiles By Computers Are Ineffective." As the title suggests, Schneier argues that all the approaches yet taken to "profiling" terrorists suffer from the same fundamental design flaw. "There's a common belief — generally mistaken — that if we only had enough data we could pick terrorists out of crowds," Schneier writes. He goes on to show that the types of information that we have endeavored to gather — indeed, the types of information that we can gather — bear no statistically significant relationship with terrorist acts, or even propensity toward terrorism.
Schneier's argument is bolstered by the simple, elegant, and compelling mathematical analysis done by Temple University mathematician John Allen Paulos, in the January 2003 installment of his column "Who's Counting?." The article, "Future World: Privacy, Terrorists, and Science Fiction," assumes that a project such as the recently de-funded Terrorist Information Awareness program (née "Total Information Awareness"), has succeeded beyond the wildest dreams of its founders by 2054, the year when the film Minority Report is set. This hypothetical program has a predictive success rate of 99%. Examining this number and assuming that the U.S. has 300 million citizens, Paulos proves that it would imprison just under 1,000 terrorists and just under 3 million innocent people.
Outsourced medical transcription causes privacy snafu
It is common practice for doctors to dictate notes that are later transcribed by clerical staff. This makes healthcare delivery more efficient because it frees doctors to spend more time with patients and less time with paperwork. With the advent of portable tape recorders and, more recently, personal digital recorders, healthcare organizations have found it even more efficient to "outsource" this transcription — to hire someone on a contract basis to record the oral notes in written form. Over time, a network of contractors and subcontractors developed to serve what became a $20 billion dollar medical transcription industry. Naturally, not all of these subcontractors are in the United States.
The Chronicle reports that Lubna Baloch, a medical transcription subcontractor in Pakistan, sent an email to the UCSF Medical Center which complained about her low wages and threatened to post patients' records on the Internet if she was not paid hundreds of dollars. To back up her threat, Ms. Baloch attached two patients' records to the email. "Your patient records are out in the open to be exposed," she wrote, "so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet."
The records have apparently not been posted to the Internet — yet. A subcontractor between her and the Medical Center paid her $500 on the condition that she withdraw her threat. Shortly thereafter, she sent another email to the medical center, writing, "I verify that I do not have any intent to distribute/release any patient health information out and I have destroyed the said information. I am retracting any statements made by me earlier." A spokesman for the Medical Center points out, however, that "We do not have any evidence that the person has destroyed the files."
The United States has a law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under this law, the Department of Health & Human Services has issued detailed regulations that govern how medical information must be kept confidential. Those rules are difficult or impossible to enforce abroad, however. While Ms. Baloch is at least three subcontracts removed from the UCSF Medical Center, it is not clear whether the hospitals or doctors could be held responsible in the event of a breach of its patients' privacy. The Medical Center claims that it was aware of only two levels of subcontracting and had no idea that its medical files were being sent offshore. The current regulations permit subcontracting of work like transcription, so long as the contracts have provisions requiring confidentiality. Details are still sketchy as to the content of the contract involved in this case. Time will tell if the law has been violated.
Even if the Medical Center did not break the law, this story should send shivers down the spines of all Americans who have ever been treated by a doctor. Economic globalization and digital communications technology have made outsourcing and "offshoring" routine, and no one knows how much of this work is being done outside the United States. Most of the work is going to countries where wages are low — otherwise, there would be no cost savings, and the medical staff would transcribe the notes in-house. Developing countries do not have privacy laws as comprehensive and sophisticated as those in the U.S. and Europe.
Ms. Baloch has come up with the idea for this extortion and it has become public, so it is only a matter of time before someone else tries it. The next person may demand much more than $500, and the next hospital may not be willing to pay. (Note that in this case a subcontractor paid the bribe, not the hospital.) Who loses in this situation? The patients. The most intimate details of our lives will be exposed to everyone with a computer and a telephone line.
How should we respond? Amend HIPAA? Possibly. Perhaps we need more stringent requirements for contracting and subcontracting. Maybe we should bar outsourcing to offshore companies, or at least restrict the countries where outsourcing is permitted to those having strong privacy laws. Maybe we need to do something else. But these problems will not go away — they will only become more pervasive.
Tuesday, 21 October 2003
CDT report on broadcast flag
Today, the Center for Democracy and Policy (CDT), Public Knowledge and Consumers Union (publisher of Consumer Reports) issued a 31-page report entitled "Implications of The Broadcast Flag: A Public Interest Primer" [pdf]. The report has an excellent description of the background of the broadcast flag and explains how the issues affect the television and film industries, the government, and the public interest with remarkable clarity. This is a must-read for anyone interested in the most active area of debate in copyright law for the next three years.
The report's three most important findings (in my opinion) are:
Wednesday, 15 October 2003
Iraq "war:" What's the point?
Stars and Stripes, the newspaper for American servicemen, has completed the most extensive survey yet conducted of American troops stationed in Iraq. Not surprisingly, the Bush administration's glurgy picture of troops' morale is not entirely accurate. In fact, it could be fairly described as wholly lacking basis in fact. About one-half of respondents described their morale as low. Approximately one-third characterized their mission as having "little value" or "no value at all," and about the same number reported that they believed their mission(s) in Iraq were "not clearly defined" or "not at all defined." Furthermore, over 40% reported that they have no training for their present duties. Pain perdue, anyone?
True, the survey had serious methodoligical flaws. David Mazzarella, the newspaper's editorial director in Washington said, "We conducted a 'convenience survey,' meaning we gave it to those who happened to be available at the time rather than to a randomly selected cross section, so the results cannot necessarily be projected as representing the whole population." However, the results support what many already suspected. David Segal, a military sociologist at the University of Maryland at College Park, told the Washington Post that the new data bolster the conclusions he has drawn from other research. "I am getting a sense that there is a high and increasing level of demoralization and a growing sense of being in something they don't understand and aren't sure the American people understand," he said.
How will President Bush respond? His people will eviscerate the survey's methodology, as well they should. Big Media has already picked up this story, but the articles fail to mention the methodoligical flaws until 15-20 paragraphs in — long after the average reader has stopped reading. The White House will not, however, address the (admittedly limited) substance of the survey's findings. After France, German, and Russia abandoned demands for a greater U.N. role in the reconstruction of Iraq, President Bush's ego may be just large enough that he believes that painting a rosy picture enough times can make it smell like roses.
Standing questions in Newdow may prevent a ruling on the merits
Yesterday the U.S. Supreme Court granted certiorari to the Elk Grove Unified School District in its dispute with Michael Newdow. In lay terms, it agreed to hear the case. Newdow indirectly sparked a firestorm of national protest last summer, when the U.S. Court of Appeals for the 9th Circuit ruled that a 1954 act of Congress that inserted the phrase "under god" into the Pledge of Allegiance violated the first amendment to the constitution. While some of the debate has been intelligent and productive (1, 2), some of it has been invective and immature. As the parties and government-intervenors prepare to argue before the Supreme Court, suggestions have been raised that the Court should "dismiss" the case on "procedural grounds."
While the laymen journalists have gotten the terminology wrong, they may have the substance right.
Article III of the U.S. Constitution begins, "The judicial power of the United States, shall be vested in one supreme court, and in such inferior courts as the Congress may, from time to time, ordain and establish." Section 2 of Article III establishes the subject-matter jurisdiction of the federal courts — that is, the types of cases that the courts are empowered to hear. That section reads, in part:
The judicial power shall extend to all cases, in law and equity, arising under this constitution, the laws of the United States, and treaties made, or which shall be made under their authority; to all cases affecting ambassadors, other public ministers and consuls; to all cases of admiralty and maritime jurisdiction; to controversies to which the United States shall be a party; to controversies between two or more states, between a state and Citizens of another state, between Citizens of different states, between Citizens of the same state, claiming lands under grants of different states, and between a state, or the Citizens thereof, and foreign states, Citizens or subjects.
Together, these provisions give rise to the five-or-so (depending on how you count) sub-doctrines of justiciability: actual case or controversy, standing, ripeness, mootness, and political questions. These doctrines are complex in their detail, but their basic outlines are easy to understand. The long quote above from § 2 has been interpreted to require an "actual case or controversy" between two or more parties before a federal court can exercise the judicial power of the United States. The dispute must be a real one, not merely hypothetical, and the courts cannot issue "advisory opinions." The sub-doctrine of standing arises from this requirement.
To have standing to assert a claim, a plaintiff must show that he has incurred some injury, that the injury has been caused by the defendant, and that the court has the power to redress the injury if it rules in the plaintiff's favor. In this context, "injury" is defined broadly as prejudice to any right or interest that the plaintiff is legally entitled to assert. This covers everything from physical/bodily injuries to loss of money or property and harm to the plaintiff's reputation.
After the 9th Circuit ruled last summer, the school district and the federal government moved to disqualify Newdow as a plaintiff, arguing that he lacked standing to sue in this case. Their arguments revolved around Newdow's relationship with his daughter and her mother, Sandra Banning, whom Newdow never married. When Newdow filed the suit, Banning had sole legal custody of her daughter — meaning that Newdow arguably did not have a legal right to give input into her upbringing. Newdow has since obtained a revised custody order in a California state court that clarifies his rights with respect to his daughter. Under that order, Newdow has a clear, legally-cognizable interest in his daughter's upbringing. The standing doctrine, however, recognizes the plaintiff's status only at the time he filed the federal lawsuit. The Supreme Court has asked the parties to brief and argue the issues of whether Newdow had such an interest when he filed the present lawsuit three years ago and, if not, what should be done with this case.
The Court's critics argue that it may use the standing issue as an excuse to shirk its duty to rule on the merits of the case. They are probably right, since the Court has clearly gained a sense of its political status in the wake of Bush v. Gore (the 2000 Presidential election case), Lawrence v. Texas (the Texas sodomy case), and Gratz v. Bollinger and Grutter v. Bollinger (the University of Michigan affirmative action cases). The facts of the Newdow case permit only one outcome — legally — but the Court will probably reach the opposite result for nonlegal reasons. The present Supreme Court is more conservative than any in recent history, and it would be highly entertaining to see it try to squirm its way out of its own precedents to find the Pledge constitutional in its current form — especially after Justice Scalia recused himself from this case.
However, as an honest man, I could not profess respect for the First Amendment without showing an equal respect for the rest of the Constitution. Although the First Amendment codifies the most basic liberties of our society, it coexists with other provisions of the Constitution as equals. Those other provisions, while not as morally compelling as the First Amendment, are equally demanding of our respect. Serious questions exist as to Newdow's standing in this case. Those questions will require a detailed examination of family law in California, which is the final arbitor of Newdow's legal rights with respect to his daughter. If the Supreme Court decides this case on Article III (standing) grounds, I will be the first person to leap to its defense. If it reaches the merits of the First Amendment dispute by shortchanging its analysis of the federal courts' jurisdiction, I will be the first to pen an editorial against it. I do hold out hope, however, that the Court can resolve the Article III question in Newdow's favor and reach the First Amendment question legitimately.
The worst harm that can come out of this situation will be for the Court to rule that Newdow lacks standing and dismiss the suit for that reason, then for supporters of the pledge in its current form to hail that decision as a ruling on the pledge. So let us try to avoid such misdirection, shall we?
Tuesday, 14 October 2003
E-lection security in Georgia
The issue of election integrity has gained widespread public attention since the 2000 Presidential election debacle. Demagogues have taken up electronic voting systems as the silver bullet to cure all the ills of paper-based elections. While it is true that electronic systems do eliminate some problems, they introduce just as many which are not solvable with current technology and election laws.
It has been apparent for some time that electronic voting systems lack sufficient safeguards to guarantee their security and integrity. David Dill, a computer science profesor at Stanford, has been pointing out these flaws for over a year now. For example, the companies that produce "touch screen" voting machines guard their equipment (both hardware and software) as trade secrets. Very little information about the equipment (beyond marketing literature, of course) is available to the public or to local election authorities before they enter contracts with these companies to provide products and services. The methods of keeping ballots physically secure and safe from hacker-tamperers are proprietary information in this burgeoning industry. In other words, the public is not permitted to know how their elections are being kept secure. Furthermore, there is ample opportunity for deliberate tampering with election results from the inside.
No balloting machine currently on the market creates a hard copy of a ballot as it is cast. This would require installing a printer in each machine, which would increase the machine's cost, or connecting each machine to a central printer, which would destroy the secrecy of the ballot. Either way, the local jurisdiction must absorb the additional costs of printing (paper, ink, and maintenance on the printers). So why is a paper trail necessary when the point of these machines is to decrease costs while improving accuracy? Because the balloting machines' software is proprietary, nobody outside the company that manufactures it knows what it is doing. A first-year programming student could write a program that displays input from a keyboard on a screen while recording different information on a disk. A voter might press the button for Gray Davis and see his name on the screen, but Arnold Schwarzenegger's name could be recorded. If the voter cannot see a paper record to verify his vote, there is no way to ensure that the proper votes are being recorded. These paper ballots would be verified by each voter in the polling booth, then secured in a locked box in much the same way that paper ballots are stored now. Without paper records, it is impossible to link individual voters to individual ballots after the election, if tampering is suspected. Paper ballots remain intact long after the election, making investigations and hand recounts possible.
It is a long-shot that anyone would ever fix an election in the U.S., you say? Maybe. But this is a live issue right now. Diebold Election Systems had its software certified by Georgia's election commission in advance of that state's 2002 gubernatorial election. Diebold then altered the software before the election without telling anyone! Diebold seems to have made the changes in response to reports that its machines were insecure and unreliable. Perhaps, but the move was awfully suspicious, considering that the election resulted in an upset and was decided by a very slim margin. Only a few votes would have to be altered to change the outcome and, without a paper trail, those few votes would be impossible identify. Wired News reports this story here.
Monday, 13 October 2003
John Halderman cracked an encryption and DRM system called MediaMax CD3, a product of SunComm Technologies. Why? He is a PhD candiate in Princeton University's Department of Computer Science, writing his thesis in computer security. In classic academic style, Halderman published the resulting paper on the web. In classic cranky-three-year-old style, SunnComm threatened to sue Halderman on several grounds, including a claim under the Digital Millenium Copyright Act (DMCA). SunComm's CEO's quote in the first news cycle since this story broke was precious: "No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property." SunComm backed down from its lawsuit threat within 48 hours after an enormous public outcry fueled by the blogosphere.
This episode is important for two reasons. First, it shows the excesses of the DMCA and underscores how ridiculously overbroad its language is (in addition to being bad policy). SunComm must have interpreted Halderman's paper as either a "device" intended to "circumvent a technological measure that effectively controls access to a [copyrighted] work" under DMCA § 1201(a) or as trafficking in such devices. No person who speaks ordinary English would ever confuse a research paper with a device. Besides, Halderman defeated the system merely by holding down his shift key, so how "effective" could it be? Effectiveness of the DRM system is, after all, an essential element of the DMCA claim. SunComm may have deserved the $10 million decline in its stock-price value the day after the blogosphere picked up this story.
Second, it shows the power of the blogosphere. The first Internet publisher to become a legitimate force in American politics was Matt Drudge when he broke the Monica Lewinsky story in 1997 after the traditional press (namely, Newsweek) declined to print the story. The Internet's role in politics was considered routine barely five years later, when bloggers brought down Trent Lott again, after the traditional news media dismissed an important story. The SunComm episode clearly shows that Internet publishers' influence has outgrown the first level of the political sphere, where rumor and innuendo are weapons in their own right. This time, bloggers slapped around a software company working for several major record labels in two industries driven by bottom-line considerations. Blogging tools make Internet publishing easier than ever, and the number of bloggers is growing daily. Their voices are heard by one another and now by the major media and corporate America. If we can continue to avoid demagoguery, this may be a good thing.