Deeplinks
Noteworthy news from around the internet.
Remixers, Unlockers, Jailbreakers, Oh My!
Legal Analysis by Fred von LohmannYesterday, EFF filed petitions (1, 2) with the Copyright Office seeking DMCA exemptions for three categories of activities that do not violate copyright laws, but that are still jeopardized by the DMCA's ban on bypassing technical protection measures used to control access to copyrighted works (i.e, DRM). The three exemptions are for:
- Noncommercial video creators (like YouTubers and vidders) who rip DVDs in order to use clips for fair use remixes;
- Cell phone owners who want to unlock their phones to use them on cellular networks of their choosing;
- Cell phone owners who want to "jailbreak" their phones in order to use applications of their choosing (e.g., iPhone owners who want apps from sources other than the iTunes App Store).
The exemption for remix video creators is necessary to protect fair use in a digital world where visual literacy (what Larry Lessig calls RW culture) is increasingly important. Today, if you rip a DVD, the MPAA takes the position that you've broken the law, even if you are making a video that comments on the latent racism in Disney films or the sexualized violence in 300. This is what free speech looks like in the 21st century, and a DMCA exemption is necessary if we want to avoid driving millions of amateur creators into the copyright underground.
The cell phone exemptions (unlocking and jailbreaking) are necessary to protect your "freedom to tinker" with products you own. Cellular carriers lock their phones not to protect their copyrights, but rather to discourage customers from switching carriers. This is not only anti-competitive, but puts millions of used cell phones into landfills each year. More recently, cell phone makers have started locking phones to a single source for applications -- which is why more than 350,000 iPhone owners have "jailbroken" their iPhones in order to get the apps they want, instead of just the ones Apple is willing to let them have.
Others are seeking exemptions for computer security researchers who want to investigate DRM on videogames (SecuROM, we're looking at you); documentarians, film professors, and media literacy educators who need to take clips from DVD; and consumers who have been left high and dry by vendors who retired their DRM authentication servers (e.g., Walmart, Yahoo, Microsoft). All of the proposals have been posted on the Copyright Office website. Comments supporting or opposing the proposed exemptions are due by Feb. 2, 2009. Hearings will follow in the Spring, and the Copyright Office will announce its final determinations in October 2009, as the last set of exemptions expire.
global minilinks for 2008-12-02
miniLinks by Danny O'Brien
- Citizen Safeguards Struck Out in EU Council
La Quadrature Du Net analyse the latest moves in Europe's telecoms package - still a mixed bag for protecting rights online.- Inside Italy's Net Filters
An overview of the "P-Box" - the bespoke Debian install intended to filter content at Italian ISPs.- Google's Gatekeepers
The New York Times investigates who decides when Google is told to block content.- Internet Users to Expect "Remote Searches" from EU Police?
The EU's five year cybercrime plan include proposals for government-permitted trojan software and "joint investigation teams" (rightsholders and police working together).- Nokia Wants Law to Allow Snooping on Finnish Employees
After lobbying by the phone giant, Finland considers allowing businesses to examine the email logs of workers suspected of leaking secrets.- Michael Geist - Why Copyright?
Canadian thinkers, artists and businesspeople speak out on copyright in this film by Michael Geist and Daniel Albahary.- Studying Chinese Blog Censorship
Rebecca Mackinnon takes a closer look at what goes on when private companies aid in domestic censorship.- Anger at Indonesian Tagging Plan
Country plans to plant RFIDs in "sexually aggressive" HIV positive citizens.- Obama and IP
Senior Phillippines IP Attorney hopes Obama will bring change to the international intellectual property policies of the United States.- Four Google Officials Face Italian Trial for Third-Party Video
Video upload prompts unknown charges against the employees of the company hosting it.
Change.gov Content Now Under Creative Commons License
Commentary by Richard EsguerraIn the last few days, President-elect Obama's transition team took a significant stride towards a more open government by licensing the content of Change.gov under a Creative Commons Attribution license. Using that license essentially means that the transition team is allowing others to freely share and remix what's posted there, provided that reposts are attributed to Change.gov. The move is a victory for the public and the many advocates for a more wired, participatory democracy.
It's also another reminder of the importance of Creative Commons, which affords creators an opportunity to opt for something less than Disney-style copyright restrictions. By embracing a CC license, the Obama team sets a valuable example for others in government, many of whom may have defaulted to "all rights reserved" without considering other options.
While Change.gov has experienced some growing pains, the transition team appears to be making a real effort to use the website as a legitimate location for its conversation with the American public. The preview post of the President-elect's planned weekly address (posted on Thanksgiving Day) includes links to multiple sources — an embedded YouTube video, a link to the same video posted to Yahoo! Video, and a high-resolution .mov file — with the Creative Commons license guaranteeing that the public can freely share, remix, comment, and report on the President-elect's statement.
The switch to Creative Commons licensing is encouraging and we hope that it is a herald of more pro-open government changes to come.
Censorship in the 21st Century: Targeting Intermediaries
Legal Analysis by Matt ZimmermanOn November 12, 2008, a group of artists and activists unveiled a brilliant spoof of the New York Times, widely distributed to readers in New York and Los Angeles. This "July 4, 2009" version of the Times — which the real New York Times described as a "Grade-A caper" — boldly announced the end of the Iraq War, the nationalization of major oil conglomerates, the elimination of tuition at public universities, and the indictment of soon-to-be-former president Bush on charges of high treason. The poignant send-up, also available in an online version at www.nytimes-se.com, is a perfect example of parody in the 21st century. It certainly got its fair share of attention.
Could the lawyers be far behind? Not surprisingly, the corporate targets of the parody were not pleased. Now, in what is becoming an all-too-familiar trend, one of those corporations has attempted to shut down the site by putting pressure on what is often the weakest link in the online speech chain: the domain name registrar. Stymied by the First Amendment and other legal impediments, those who don't appreciate critical commentary and other "objectionable" online content have found intermediaries — providers of indispensable technical services like domain name registration and web hosting — much easier to intimidate.
This time, the complaining (and overreaching) party was the South African diamond conglomerate De Beers, the target of a critical fake ad on the web version of the New York Times spoof announcing that diamond purchases "will enable us to donate a prosthetic for an African whose hand was lost in diamond conflicts." Miffed by the criticism, De Beers responded not by confronting the authors (whose parody is protected by the First Amendment) but instead by threatening their Swiss-based domain name registrar, Joker.com. De Beers has demanded that Joker.com disable the spoof website's domain name or face liability for trademark infringement.
This certainly isn't the first time that a sore target of criticism has threatened an internet intermediary in order to take down content it didn't like. The motivation is simple: all too often, the intermediary will prove to be unwilling to stand up for the rights of its customers. For example:
- In September, 2008, the state of Kentucky initiated an ex parte proceeding aimed at seizing 141 domain names pointing to overseas websites permitting online gambling, arguing that the domain names were illegal "gambling devices" under Kentucky law. Without giving the domain name owners an adequate opportunity to defend themselves, the trial court ordered the registrars with control over the targeted domain names to transfer them to the state, a decision the court affirmed in October. Upon receipt of the court's order, some of the registrars (such as GoDaddy) who were likely outside of the court's jurisdiction nonetheless locked the domain names and purportedly transferred control to the Kentucky court. (EFF filed an amicus brief arguing that the orders were unconstitutional; the matter is pending appeal.)
- In January, 2008, Swiss bank Julius Baer filed suit against (among others) Dynadot, the domain name registrar with which the domain name wikileaks.org was registered. The Wikileaks website to which the domain name pointed — a self-styled "uncensorable Wikipedia for untraceable mass document leaking and analysis" — hosted (and still hosts) documents which anonymous third-party posters argue document financial wrongdoing. Instead of challenging the operators of the Wikileaks site directly, Julius Baer targeted Dynadot which quickly agreed to lock and permanently disable its customer's domain name. (In response to briefs such as the one filed by EFF pointing out the illegality of the court's order approving of the ill-advised agreement, the district court ultimately dissolved the permanent injunction, leading Julius Baer to dismiss its case.)
- In December, 2006, on behalf of its affiliate radio station KSFO-AM, media giant ABC sent a cease and desist letter to 1 & 1 Internet, the then-host of the blog www.spockosbrain.com, a site that criticized what its author argued was offensive and violent rhetoric broadcast by KSFO. Despite the fact that it had no risk of liability, 1 & 1 Internet promptly shut down Spocko's site in response to receiving the threatening letter. (EFF subsequently represented Spocko, successfully moving him to Computer Tyme, a web hosting company that promised to stand up to future threats.)
Intermediaries frequently argue (incorrectly) that they have no choice but to shut down domain names or sites when they receive a legal complaint. But they do have a choice, at least in the United States. As EFF has explained to De Beers, U.S. law provides ample protection for intermediaries, in large part to ensure that online speech and commerce continues to thrive. For example, in 1996, Congress passed Section 230 of the Communications Decency Act which immunizes internet intermediaries from most kinds of liability associated with the content that their customers place on their own sites. Similarly, the Digital Millennium Copyright Act (passed in 1998) provides a safe harbor from copyright infringement liability for intermediaries who follow straightforward procedures in response to valid takedown notices. With these strong legal protections, intermediaries can and should refuse to respond to pressure from companies like De Beers.
Will the poignant work of the New York Times parodists stay up for the world to see? Will other critical online speakers be silenced by improper threats against their virtual soapboxes? The answer may ultimately depend more on the ability of targets to intimidate domain name registrars than on the legality of the underlying speech itself.
Apple Confuses Speech with a DMCA Violation
Legal Analysis by Fred von LohmannSlashdot reports that Apple has sent a "cease and desist" email to bluwiki, a public wiki site, demanding the removal of postings there by those who are trying to figure out how to write software that can sync media to the latest versions of the iPhone and iPod Touch.
Short answer: Apple doesn't have a DMCA leg to stand on.
At the heart of this is the iTunesDB file, the index that the iPod operating system uses to keep track of what playable media is on the device. Unless an application can write new data to this file, it won't be able to "sync" music or other content to an iPod. The iTunesDB file has never been encrypted and is relatively well understood. In iPods released after September 2007, however, Apple introduced a checksum hash to make it difficult for applications other than iTunes to write new data to the iTunesDB file, thereby hindering an iPod owner's ability to use alternative software (like gtkpod, Winamp, or Songbird) to manage the files on her iPod.
The original checksum hash was reverse engineered in less than 36 hours. Apple, however, has recently updated the hashing mechanism in the latest versions of the iPhone and iPod Touch. Those interested in using software other than iTunes to sync files to these new iPods will need to reverse engineer the hash again. Discussions about that process were posted to the public bluwiki site. Although it doesn't appear that the authors had yet figured out the new iTunesDB hashing mechanism, Apple's lawyers nevertheless sent a nastygram to the wiki administrator, who took down the pages in question.
Here are just a few of the fatal flaws in Apple's DMCA argument.
Where's the "technology, product, service, device or device"?
The DMCA provides that:
No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that ... is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner....
The information posted on the wiki appeared to be text, along with some illustrative code. Nothing that I saw on the pages I was able to review would appear to constitute a "technology, product, service, device, component, or part thereof." In fact, the authors had apparently not yet succeeded in their reverse engineering efforts and were simply discussing Apple's code obfuscation techniques. If Apple is suggesting that the DMCA reaches people merely talking about technical protection measures, then they've got a serious First Amendment problem.
Who owns the copyrighted work?
The iTunesDB file is not authored by Apple, nor does it appear that Apple has any copyright interest in it. Instead, the iTunesDB file on every iPod is the result of the individual choices each iPod owner makes in deciding what music and other media to put on her iPod. In other words, the iTunesDB file is to iTunes as this blog post is to Safari -- when I use Safari to produce a new work, I own the copyright in the resulting file, not Apple.
So if the iTunesDB file is the copyrighted work being protected here, then the iPod owner has every right to circumvent the protection measure, since they own the copyright to the iTunesDB file on their own iPod.
Where's the access control?
The contents of the iTunesDB file is not protected at all -- any application can read it. So, as a result, the obfuscation and hashing mechanisms used by Apple to prevent people from writing to the file cannot qualify as "access controls" protected by Section 1201(a) of the DMCA.
Apple might argue that the checksum hash prevents people from preparing derivative works, which means that it's a "technological measure that effectively protects the right of a copyright owner" (as noted above, however, it's the user, not Apple, who owns any copyright in the iTunesDB file). The DMCA, however, does not prohibit circumvention of technical measures that are not access controls, although it does restrict trafficking in tools that circumvent these measures. But, as mentioned above, there are no "tools" on the bluwiki pages.
What about the reverse engineering exemption?
Apple's lawyers also appear to have overlooked the DMCA's reverse engineering exception, 17 U.S.C. 1201(f), which permits individuals to circumvent technological measures and distribute circumvention tools "for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute [copyright] infringement."
Enabling iPods to interoperate with "independently created computer programs" (like gtkpod, Winamp, and Songbird) is precisely what the reverse engineering exception was intended to protect.
Where's the nexus to infringement?
Finally, Apple's DMCA theory fails because any "circumvention" that might be involved here has no connection to any potential copyright infringement. Two decisions by federal courts of appeal (1, 2) have held that without a nexus to potential infringement, there is no violation of the DMCA. And here, it's hard to see how reverse engineering the iTunesDB checksum hash can lead to any infringement of the iTunesDB file -- after all, the reverse engineers presumably aren't interested in making piratical copies of the iTunesDB file. Instead, they just want to sync their iPhones and iPods using software other than iTunes. No infringement there.
Of course, without more than the bare "cease and desist" emails sent by Apple's lawyers to bluwiki, we can't know for certain what other DMCA arguments they may have had in mind. But I certainly can't see any DMCA violation here based on Apple's nastygrams thus far.
A "Grey Hat" Guide for Security Researchers
Announcement by Jennifer GranickIn counseling computer security researchers, I have found the law to be a real obstacle to solving vulnerabilities. The muddy nature of the laws that regulate computers and code, coupled with a series of abusive lawsuits, gives researchers real reason to worry that they might be sued if they publish their research or go straight to the affected vendor. By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied. I discuss this problem, and offer some ideas about what researchers can do about it, in a new document called "A 'Grey Hat' Guide". Constructive feedback is welcome, as I can use it to improve the paper.
Apple Downgrades Macbook Video with DRM
Commentary by Fred von LohmannOnce again, thanks to DRM, a new product ends up less useful than the one it replaces. This time, it's the new family of Apple Macbook laptop computers that gets the downgrade.
When it launched the new Macbooks, Apple announced that they would sport a new digital video output connector, known as Mini DisplayPort. What Apple failed to mention, however, is that those connectors allow movies studios to force the computer to authenticate any external monitor before allowing playback of programs purchased or rented from the iTunes Store (Microsoft's Windows Vista does something similar). In other words, the HDTV monitor or projector that worked for you yesterday, won't work with your new computer tomorrow if Hollywood has embedded a flag in the iTunes content you paid for.
This is a remarkably short-sighted move for both Apple and Hollywood. This punishes existing iTunes customers: several have reported that iTunes purchases that played on external monitors on their old Macbooks no longer will play on their new Macbooks. In other words, thanks to the Macbook "upgrade," Apple just "downgraded" everyone's previous investment in iTunes content (if we've told you once, we've told you a dozen times -- when you buy DRMd content, the vendor can snatch your investment from you at any time).
And it's still not clear how bad this will be for purchasers of new Macbooks -- if Apple has deployed DPCP content protection on its DisplayPort implementation, there are virtually no display devices that support this new-fangled lockdown standard (it's not clear from news reports whether the Macbook DisplayPort will work with HDCP-compatible display devices over DVI or HDMI connectors).
As for the movie studios, this gives legitimate customers one more compelling reason to avoid "legit" sources of content in favor of downloading from The Pirate Bay or ripping DVDs using Handbrake. So this is just another example of the way in which the MPAA companies use DRM not to stop piracy (since this will, if anything, encourage people to opt for the Darknet), but rather to control those who make devices that play movies.
Google is Done Paying Silicon Valley's Legal Bills
Commentary by Fred von Lohmann[I wrote the following op-ed, which appeared in the Nov. 14 issue of The Recorder. Because that publication's website is not publicly available, I'm posting a copy here, with their permission.]
For most of the decade, Silicon Valley technology startups have assumed that Google would pay their legal bills. Not literally, mind you, but rather by taking on the big, high-profile cases about fair use, interoperability, and other digital intellectual property issues that would set precedents that all disruptive innovators could rely on.
Well, Google just put the Valley on notice that the free ride is over, which means more legal burdens for smaller technology companies that previously depended on Google clearing a path for them.
Late last month, Google announced a settlement in its lawsuit with book publishers and authors over its Google Book Search offering. At the heart of the dispute is the question of whether scanning copyrighted books in order to index them violates copyright law, as the publishers argued, or is permissible as a fair use, as Google argued. If approved by the court, the $125 million settlement would buy Google — and only Google — permission not just to scan books for indexing purposes, but also to expand Book Search to provide more access to the scanned books.
The Book Search case is just one of a series of high-stakes lawsuits that Google has taken up in the name of the disruptive innovation that fuels the Internet economy. Others include the billion-dollar suit brought by Viacom over copyrighted video clips appearing on YouTube, as well as cases brought by trademark owners attacking Google's right to sell trademarks as keyword triggers for those "sponsored links" that appear when you use Google's search engine. Google has also fought copyright owners to defend its search engine, news aggregation, image search and Web caching activities.
Google, assisted by its expensive, top-drawer legal team, has a track record of winning these precedent-setting Internet cases. And by winning, Google sets a precedent that other innovators can rely on, as well. In essence, Google's legal investments have paid dividends for the entire Internet innovation economy.
Until now. By settling rather than taking the case all the way (many copyright experts thought Google had a good chance of winning), Google has solved its own copyright problem — but not anyone else's. Without a legal precedent about the copyright status of book scanning, future innovators are left to defend their own copyright lawsuits. In essence, Google has left its former copyright adversaries to maul any competitors that want to follow its lead.
Google will doubtless be considering the same endgame for the Viacom lawsuit against YouTube. If Google can strike a settlement with a large slice of the aggrieved copyright owners, then it solves the copyright problem for itself, while leaving it as a barrier to entry for YouTube's competitors.
But when innovators like Google cut individual deals, it weakens the Silicon Valley innovation ecology for everyone, because it leaves the smaller companies to carry on the fight against well-endowed opponents. Those kinds of cases threaten to yield bad legal precedents that tilt the rules against disruptive innovation generally.
For better or worse, it looks like tomorrow's cutting-edge Internet law precedents are going to be left to smaller companies to set. That means smaller startups (and their venture capital backers) need to start planning strategically to pick up the slack left by Google's gradual retreat from the field of battle. To put it bluntly, they need to set aside real money for litigation and find ways to cooperatively invest in the legal precedents that all of them collectively need.
Reproduced with permission from the Nov. 14, 2008 edition of The Recorder, copyright 2008 ALM Properties. Further reproduction without permission prohibited without permission of ALM Properties.
Apply for the Summer Google Policy Fellowship and Work with EFF
Announcement by Richard EsguerraStudents interested in technology law and policy may be interested in applying to work with EFF next summer through the Google Policy Fellowship, a program that gives students the chance to spend the summer working alongside host organizations on topics of Internet and technology policy.
Much like how the Summer of Code project aims to develop and promote open source projects, Google is hoping that policy fellowships will advance debate on key policy issues affecting the public. Google is kindly offering fellows a $7000 stipend (for a minimum of 10 weeks in June to August 2009) for working with host organizations like EFF on various topics.
Google's application deadline is December 12, 2008. Take a look at a list of EFF's focus areas and find application details here. Students who are accepted will be notified by Friday, February 13th.
What Obama Can and Should Do to Stop Telecom Immunity
Deeplink by Kevin BankstonYesterday, the New York Times ran the story "Early Test for Obama on Domestic Spying Views", describing the national security-related issues facing the incoming Obama Administration. Chief among them is the issue of immunity for telecoms that illegally assisted in the National Security Agency's warrantless wiretapping program:
In perhaps the most critical test, civil liberties groups that are suing major phone companies that took part in the N.S.A. program are waiting to find out whether a federal judge will throw out the lawsuits based on immunity granted by Congress in June.
The Justice Department has already moved to take advantage of the immunity provision by certifying in court that the phone companies were complying with a presidential order. But the Electronic Frontier Foundation, a civil liberties group that has taken the lead in the lawsuit, maintains that Congress acted beyond its powers.
A hearing is set for Dec. 2. Cindy Cohn, legal director for the foundation, said that as the case moved forward the new administration could act to withdraw the immunity certification made by the Bush Justice Department.
“Nothing will be over by Jan. 20,” when Mr. Obama is inaugurated, Ms. Cohn said.
As President, it will be up to Obama whether or not the Administration wants to continue seeking dismissal of the lawsuits against AT&T and other telecoms based on the immunity provisions of the FISA Amendments Act (FAA). Specifically,
President Obama can end the immunity process. Consistent with his previous opposition to immunity — then-Senator Obama voted in favor of Senator Dodd's amendment to strip the immunity provisions out of the FAA altogether — Obama could instruct his new Attorney General to withdraw the government's motion to dismiss the lawsuits based on the immunity statute. Or,
President Obama can temporarily freeze the immunity process until he has learned all the details about the NSA program. Consistent with his support of Senator Bingaman's proposed FAA amendment to delay implementation of the immunity provisions, Obama could instruct his new Attorney General to ask the court for a temporary stay of the immunity proceedings. That would give the Administration time to review the classified details of the NSA program as well as the FAA-mandated reports about the program that are expected by this July from the Inspectors General of the Department of Justice, the NSA, and other agencies involved in the program. After having reviewed all the facts, the new administration can then re-evaluate whether it wants to continue to press for immunity in court, or drop its motion to dismiss and let the cases against the telecoms continue. Or,
President Obama can choose not to appeal if the immunity statute is found unconstitutional. If, after the hearing on December 2nd, Chief Judge Vaughn Walker of the federal Northern District of California agrees with EFF that the immunity statute is unconstitutional and denies the government's motion to dismiss, Obama could instruct his new Attorney General to not appeal that decision to the Ninth Circuit Court of Appeals.
All of these are things Obama could do — on his own and without any help from Congress — to stop the implementation of the immunity scheme that he repeatedly opposed during his presidential campaign.
These recommendations aren't EFF's alone: as part of the transition roadmap published yesterday by a broad coalition of groups including EFF, seventeen different civil liberties organizations signed onto national security surveillance recommendations that included the proposition that President Obama should "[d]irect the Attorney General to withdraw the government’s motion to dismiss pending privacy litigation brought against telecommunications carriers for assisting with unlawful warrantless surveillance, or seek a stay of those proceedings until such time as the Attorney General, based on review of the Inspectors’ General reports required by the FISA Amendments Act, determines that a grant of immunity is appropriate."