Tom's Hardware carries a report of an interview with Bill Gates in a German Newspaper in which Gates apparently said that DVDs would be obsolete in ten years (Bill Gates: DVD player dead within ten years):
Gates did not elaborate if the DVD-player will just die or if it will be replaced. In his view, it is "ridiculous" that today we have to carry around music and movies which are stored on "silver storage discs", since they easily could scratched or misplaced.Well, gee, I guess I'll just have to buy all the movies I already bought all over again. Won't Hollywood be happy.
I'm a young guy. Some of the DVDs I own are already five years old. I expect that I should be able to watch those DVDs at least another fifty years from now. The only way that is truly feasible is if I'm permitted to rip the DVDs to another medium and put the DVDs into a nitrogen-filled storage container for preservation. So, don't tell me that making backups of DVDs isn't really necessary or not a permitted fair use, or simply not permitted under the DMCA.
See also, NY Times on DVD DRM.
This may be the last post in my series exploring how the Inducing Infringment of Copyrights Act (IICA, née INDUCE Act) will interact with various elements of copyright law and related statutes. From now on I'll be concentrating on specific examples of how the INDUCE Act can be abused: Hatch's Hit List.
I've already discussed how the INDUCE Act will substantially broaden the materials that ISPs must take down in response to a request by copyright holders (The INDUCE Act (IICA) and the Notice and Takedown Provisions of the DMCA). Today, I'm going to look at the other half of those provisions and see whether or not ISPs will still be protected by the safe harbor provisions of the Digital Millennium Copyright Act ("DMCA"), codified at 17 USC 512. Read on...
Basically, and here once again, I'll cut-n-paste from Chilling Effects's website on section 512 (DMCA Safe Harbor Provisions:
Section 512 of the Digital Millennium Copyright Act (DMCA) protects online service providers (OSPs) from liability for information posted or transmitted by subscribers if they quickly remove or disable access to material identified in a copyright holder's complaint.Anyway, section 512 protects ISPs from some liability for the infringements of their customers so long as they follow certain rules. The extent of this protection is not quite known. Though most commentators believe the protection extends to secondary liability ("A service provider shall not be liable for monetary relief") the district court in A&M Records v. Napster [PDF] didn't agree. The appeals court in the Napster decision didn't reach that issue.In order to qualify for safe harbor protection, an OSP must:
- have no knowledge of, or financial benefit from, the infringing activity
- provide proper notification of its policies to its subscribers
- set up an agent to deal with copyright complaints
Either way, since the INDUCE Act doesn't specifically overrule section 512, a straight-forward reading would indicate that as long as you already have protection under section 512, you are still protected under the INDUCE Act. The INDUCE Act expands copyright liability, but the safe harbor doesn't change. That seems to me the best reading of how the two laws interact.
However, the real world might be slightly messier. Undoubtedly, if the INDUCE Act is passed, someone will claim that it overrules section 512. One court has already been persuaded that section 512 doesn't apply to secondary liability. Other courts may conclude that the INDUCE Act is further evidence that Congress didn't want to protect ISPs from secondary liability under Section 512.
I think there is enough uncertainty, that were I advising an ISP, I would tell them to make sure this law doesn't pass.
James Grimmelmann has an interesting piece on LawMeme concerning a strange side issue involving unauthorized access to one party's copyrighted works through Archive.org by a third party (From the Strange File: Archive.org Hacking in Civil Lawsuit?). There are many issues involved in the case, so read the whole thing, but one issue stuck out for me:
HAS is raising a striking issue here: third party standing to sue over violation of various computer security statutes. Take for example the DMCA claim. It presumably runs something like this. Access to our copyrighted works (the web pages) is effectively controlled by the technological measures in place at Archive.org. You circumvented those measures. We were injured as a result (I can see copyright infringement, plus possibly some of the other claims from the underlying lawsuit). Therefore, under sections 1201(a) and 1203(a) of the DMCA, you're liable to us. Ka-pow. [links in original]To my eyes, however, this is not a striking claim with regard to the DMCA because I see it as the basis for the most famous DMCA case of all, the MPAA anti-DeCSS cases: EFF Archives: MPAA DVD Cases.
One issue I always thought wasn't properly raised in the MPAA cases was who really had the right to bring the lawsuit. The movie studios brought the lawsuit because it was their copyrighted works that were being "protected" by CSS copy protection. However, the movie studios have no rights in the CSS system. It is fully controlled by the DVDCCA. Even if the movie studios changed their mind and thought it would be okay to distribute DeCSS, they had no authority to do so. Only the DVDCCA can determine what is authorized with regard to CSS.
The MPAA's argument (if they had been forced to make one) would have had to go something like this: access to the MPAA's copyrighted works (the movies) is effectively controlled by the technological measures owned and controlled by the DVDCCA. DeCSS circumvented those measures, but it is the MPAA that is injured as a result. Thus, the MPAA gets to sue.
I argued at the time that this was incorrect, that the DVDCCA should be the only plaintiff in the suit or, at a minimum, the DVDCCA was a necessary party. Obviously, my arguments never got anywhere.
This issue may seem new because all the other DMCA cases I am aware of have been brought by the companies that actually control the DRM technology used, such as Real v. Streambox, Chamberlain v. Skylink, and Lexmark, to name but a few.
I still think it is important point, however, and it will be interesting to see what a court makes of it. The consequences can be tremendous. As a DRM creator who licenses use of the DRM system, does the DMCA mean that you lose all control over what you permit with regard to your DRM system to those you've licensed it to?
EFF attorney and Copyfighter Jason Schultz has been on a roll recently identifying cases in which the anti-circumvention provisions of the Digital Millennium Copyright Act ("DMCA"), codified at 17 USC 1201, have been used not to protect copyright but (as critics claimed they would) to stifle competition. The basic issue here is that companies can prevent competitors from interoperating with their devices by implementing simple DRM handshakes. The classic example so far is Lexmark's use of the DMCA to prevent rivals from selling replacement toner cartridges (Lexmark invokes DMCA in toner suit). For more examples, see EFF's Unintended Consequences: Five Years under the DMCA. In the last week Schultz has pointed out four similar cases. Read on...
1 & 2) Unauthorized Accessory Detection. Apparently, both NEC and Sony are planning to incorporate software that will detect unauthorized third-party accessories, such as batteries, in their upcoming generation of consumer electronics devices (Camera & Cell Phone Batteries = Next DMCA Frontier?). The ostensible purpose is to prevent damage from inferior replacements, but the more likely reason is to capture the lucrative accessory market. The DMCA comes into play because any company trying to make compatible accessories will likely violate the DMCA.
This may be the most disturbing story of all because it indicates that this DMCA strategy is no longer a fringe (though generally effective) legal strategy, but is becoming more mainstream. With Sony and NEC adopting this tactic, other companies will be less hesitant to engage in these anti-competitive moves.
3) Unauthorized Third Party Software Maintenance. One would have thought that service monopolies went away a long time ago, but courts keep trying to bring them back (this time with a lot of help from Congress' poor legislative drafting). In this case, a third party service vendor fixes software and hardware (backup tape drives) that a customer has legitimately purchased. In order to perform maintenance, the service vendor must circumvent an access control. Bingo! DMCA violation. And, as Schultz notes, a district court in Boston agrees at least as far as to grant a preliminary injunction (DMCA hammer comes down on tech service vendor). One of the main problems with the DMCA is that it provides for very few exceptions to its broad language. Under the DMCA circumvention is illegal, period, whether it is for piracy or the fairest of fair uses (with some extremely limited exceptions that have yet to be tested). Read the decision: Storagetek v. Custom Hardware Engineering & Consulting [PDF]. It is a particularly lovely example of how to use the DMCA to achieve what copyright law would normally not permit.
The case also provides an excellent example of how to misinterpret 17 USC 117, which is supposed to permit computer maintenance without violating copyright, as Joe Gratz notes (DMCA As Tying Tool).
4) Garage Door Openers Redux. Chamberlain v. Skylink is the infamous garage door opener (GDO) case, in which a GDO manufacturer added some code to its openers ostensibly to prevent wardriving against its doors but was using it to prevent the sale of third-party garage door opener remotes (for those who need additional remotes or had lost the original). The district court ruled that it wasn't a violation of the DMCA. I believe that the ruling comported more with commonsense than the nonsensical law (Judge Asserts Pseudo Distinction to Preserve DMCA). I haven't changed my mind.
In any case, Schultz notes that the appeal doesn't seem to be going very well for Chamberlain (Fed. Circuit Panel Grills Chamberlain over Garage Door DMCA Claim). Unfortunately, until the court rules, I can't take much pleasure in Chamberlain's grilling. If the court upholds the pseudo-distinction created by the district judge, I don't think we are that much better off. Better, I think, to have the full ridiculousness of the DMCA on display than have judges carving exceptions that are, for the most part, unimportant.
Continuing my series on how various aspects of the copyright law may interact with the INDUCE Act (née IICA), this post will address the "notice and takedown" provisions of the Digital Millennium Copyright Act ("DMCA"), codified at 17 USC 512. Now the notice and takedown provisions of the DMCA have already had more than their fair share of controversy, including some rather clear cases of abuse. See, EFF's Unsafe Harbors: Abusive DMCA Subpoenas and Takedown Demands and Chilling Effects's DMCA Safe Harbor Provisions. Guess what. If the INDUCE Act passes, things may get a whole lot worse. Read on...
Basically, well, since I'm lazy, I'll just cut and paste from the Chilling Effects website:
In the online world, the potentially infringing activities of individuals are stored and transmitted through the networks of third parties. Web site hosting services, Internet service providers, and search engines that link to materials on the Web are just some of the service providers that transmit materials created by others. Section 512 of the Digital Millennium Copyright Act (DMCA) protects online service providers (OSPs) from liability for information posted or transmitted by subscribers if they quickly remove or disable access to material identified in a copyright holder's complaint.But what does section 512 actually say about what materials can be requested to be removed? Obviously, directly infringing material can be removed. However, section 512 also provides for the removal of material that is "the subject of infringing activity." What does that mean? If the INDUCE Act passes, I think it could mean that software that has been found to "induce" infringement is the proper object of a section 512 notice and takedown request because it is "the subject of infringing activity." It may not be the subject of infringement, but of "infringing activity," whatever that means. In other words, a copyright holder could request that websites like Download.com stop hosting copies of P2P filesharing software.In order to qualify for safe harbor protection, an OSP must:
- have no knowledge of, or financial benefit from, the infringing activity
- provide proper notification of its policies to its subscribers
- set up an agent to deal with copyright complaints
While the safe harbor provisions provide a way for individuals to object to the removal of their materials once taken down, they do not require service providers to notify those individuals before their allegedly infringing materials are removed. If the material on your site does not infringe the intellectual property rights of a copyright owner and it has been improperly removed from the Web, you can file a counter-notice with the service provider, who must transmit it to the person who made the complaint. If the copyright owner does not notify the service provider within 14 business days that it has filed a claim against you in court, your materials can be restored to the Internet.
Of course, one of the wonderful (sarcasm) things about section 512 is that the copyright holder requesting removal of files doesn't have to prove that the files are infringing (or the subject of infringing activity) in order to get them taken down. The copyright holder merely has to claim "a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." Well, if you are saying that a particular type of software "induces" infringement, then that would seem to be covered by "use of the material in the manner complained of is not authorized by the copyright owner,... or the law."
Another problem with section 512 is that ISPs basically have no incentive to fight these notice and takedown requests. If they don't take down the file, the ISP may be liable for secondary copyright infringement. By taking down the materials, ISPs are sure to avoid liability. Generally, for the ISPs, that is the end of the story as far as they are concerned.
The same incentives would apply with the INDUCE Act. If an ISP received a section 512 notice and takedown request targeted at an "inducing" file that was claimed to be "the subject of infringing activity" why would the ISP want to fight the letter? If the ISP doesn't take down the file, they may be facing an INDUCE Act lawsuit themselves. If the ISP takes down the file, they avoid potential liability.
Now, perhaps my analysis here is incorrect. I haven't checked the legislative record to figure out what they might have meant by "the subject of infringing activity," which only appears in the Copyright Act in section 512. However, I do think this is a serious question we should be concerned about. Will copyright holders be able to easily force removal of files they don't like through this already abused statute?
Continuing my series on how various aspects of the copyright law may interact with the INDUCE Act (née IICA), today let us discuss the anti-circumvention provisions of the Digital Millennium Copyright Act ("DMCA"), codified at 17 USC 1201. For those of you who have been travelling with the Mars Rover for the past few years, the relevant portions of the DMCA make it illegal to distribute devices that circumvent access controls and copy controls, basically, DRM cracks. The DMCA is a bad law, but I'm not going to go into details here.
Now the thing with many anti-circumvention devices is that they are "capable of substantial noninfringing uses" and thus avoid secondary copyright liability under the Sony (Betamax) doctrine. Backups, fair use, playback on alternative devices; all are common examples of noninfringing uses that circumvention devices enable. DMCA plaintiffs could fight this in court, but it would be tough and probably not worth it. So, while a company may get busted for violating § 1201, which is bad enough, they will generally have a pretty good defense against claims of secondary copyright liability.
But how hard would it be to prove secondary liability under the INDUCE Act? Once you've shown that a company has violated the DMCA, it isn't much farther to push a jury to find that they "induced" copyright infringement as well, thus bringing all the secondary liability down like a ton of bricks without all the hassle associated with proving contributory or vicarious liability. Indeed, merely advertising a circumvention device or providing instructions on how to use it will probably be enough to trigger inducement liability.
Now, think about how the DMCA has been abused to do things like control markets in ink cartridges. Now, imagine that plaintiffs get to slap a secondary copyright liability suit on top of that. Bonus!
The INDUCE Act will make the unbalanced anti-circumvention provisions of the DMCA even more unbalanced.
Yesterday, I noted that a new consumer electronics coalition was launching, part of the good news regarding the anti-DMCA bill moving slowly through Congress (Anti-DMCA Personal Technology Freedom Coalition to Launch). Today, The Register publishes a story on two conspicuous absences from the nascent coalition, Microsoft and Apple (Microsoft, Apple snub consumer freedom coalition). Could it be that my analysis of why MSFT and Apple would support DRM and the DMCA is correct? Read and decide for yourself: Metaphors Gone Wild: On Pies, Ships, Regressive Taxes, DRM and Microsoft.
My post on the Personal Technology Freedom Coalition also pointed out that anti-DMCA Congressional leader Rick Boucher (D-VA) sounded pretty optimistic. Well, the leadership of the House Judiciary Committee has struck back (Judiciary Committee Leaders Issue Statement on H.R. 107, the Digital Media Consumers’ Rights Act):
WASHINGTON, D.C. - House Judiciary Committee Chairman F. James Sensenbrenner, Jr. (R-Wis.), Ranking Member John Conyers, Jr. (D-Mich.), and Judiciary Courts, the Internet, and Intellectual Property Subcommittee Chairman Lamar S. Smith (R-Tex.) issued the following statement regarding H.R. 107, the Digital Media Consumers’ Rights Act.“We strongly oppose the substance of H.R. 107. This legislation would eviscerate a key provision of the Digital Millenium Copyright Act (DMCA), which is successfully protecting copyrighted works and providing consumers access to more digital content than ever before. In fact, a DVD player is now as common a household item as the VCR was 15 years ago precisely because of the DMCA. H.R. 107 would undo a law that is working and destroy the careful balance in copyright law between consumers’ rights and intellectual property rights.
“Furthermore, our strong objections to the substance of H.R. 107 are matched by our objections to what appears to be a bold jurisdictional power grab. The Judiciary Committee has - and has long had - exclusive jurisdiction over copyright law. Rest assured, we will wholeheartedly oppose this move in a bipartisan fashion, as we would expect Energy and Commerce Committee leaders to do if we attempted to write energy legislation.”
via Furdlog and beSpecific
Cory Doctorow is not the first person to say it, nor will he be the last, but he certainly said it well in his popular talk on DRM he gave at Microsoft (Microsoft Research DRM talk):
DRM systems are broken in minutes, sometimes days. Rarely, months. It's not because the people who think them up are stupid. It's not because the people who break them are smart. It's not because there's a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn't a secret anymore.
Of course, everything that Doctorow says about DRM's effectiveness is correct. There will never be DRM for consumer media that can't be broken. It simply cannot prevent determined attackers from breaking it; at best, it merely slows them down for a relatively trivial period of time.
The fact that DRM will always fail isn't why DRM is important. From a technical point of view, DRM is a joke. Really, the long term usefulness of any particular DRM scheme isn't in the technology, but in the law that defends the technology. Once broken, all of DRM's usefulness is provided by statute, by the anti-circumvention provisions of the DMCA.
For example, CSS, the DVD encryption scheme, was broken years ago. Anyone with half a clue can now get ahold of DeCSS and decrypt DVDs. Yet, Hollywood studios still encrypt DVDs, not because of the remaining efficacy (none) of the encryption scheme, but because the encryption scheme is the pass that gets them in the legal door of the draconian DMCA. No manufacturer of DVD players refrains from making a DRM-free DVD player because they are stymied by CSS, but because the draconian penalties for violating the DMCA are more than adequate deterrence.
Why, then, are companies spending so much money on researching and developing "robust" DRM systems? Even if you spend millions on development, in the unlikely best case scenario, your encryption scheme will last for a few weeks or months. After the DRM scheme is broken, all the research and development dollars spent on making strong DRM no longer provide any return. The only return is coming from the fact that you have DRM at all, because the DMCA doesn't care whether the DRM is weak or strong. The DMCA only cares if it is "effective," which most people take to mean, well, pretty much that it is an encryption scheme, period
For example, I don't see any reason why a slightly more sophisticated version of a Vigenere Cypher wouldn't trigger DMCA protection for a media that used it. The company using the slightly modified Vigenere Cypher would have all the legal protections with few of the costs. No one could sell a device that used the same cypher without permission without running afoul of the law. So, why not?
I think it is because it would demonstrate quite clearly what the DMCA is really about. Obviously weak encryption would make it clear to everyone that the DMCA isn't about stopping pirates, but controlling the market and raising barriers to entry. In contrast, if you use a "robust" DRM scheme, it looks like you are really concerned about piracy, that the DMCA is really protecting something very valuable.
DRM is hiding a secret, but it is doing so much as a Potemkin Village hides a secret.
Last week, on Copyfight, I noted Some Good News - Support for Anti-DMCA Increasing. Now, C|Net News has a couple of articles expanding on the good news (Tech heavies support challenge to copyright law and The Hill's property rights showdow). The first article reports on a new coalition of PC OEMs, chip manufacturers, and consumer electronics manufacturers, who will coordinate lobbying efforts to rollback the DMCA's anti-circumvention provisions. The group will be known as the Personal Technology Freedom Coalition - a pretty good name, I think. The second article is an interview with an optimistic Rep. Rick Boucher (D-VA), sponsor of the anti-DMCA bill. See also, Slashdot (Boucher's Anti-DMCA Bill Gets High Profile Allies).
This won't be an easy win, but it is significant forward progress.
UPDATE 0935 PT
Freedom to Tinker: Tech Giants Support DMCA Reform
James Nguyen, a partner at Foley & Lardner's Los Angeles office, has an article on the anti-circumvention provisions of the DMCA in this month's LA County Bar Assoc.'s Los Angeles Lawyer: Code Breaking. The article is a pretty good, if brief, summary of the anti-circumvention provisions of the law to this point. However, there is one paragraph that is fairly misleading in its description of sections 1201(a) (access controls) and 1201(b) (copy controls):
For example, in applying Section 1201 to circumstances involving a circumvention device that breaks DVD encryption codes and permits copying of DVDs, a company that manufactures and sells the device would violate the trafficking provisions of Section 1201(b) (and possibly also Section 1201(a)(2), depending on what the device does). However, if a consumer uses that device to copy a DVD, that conduct is lawful if: 1) the consumer lawfully gained access to the DVD (such as by purchasing it at a retail store), and 2) the consumer pleads and proves a traditional infringement defense (such as a defense of fair use based on making one copy for personal use).
This means that even if one has lawfully acquired a DVD, such as by purchase at your local Wal-Mart, circumventing CSS in order to view the DVD on an unauthorized player puts one in violation of 1201(a)(1). Unfortunately, there is no defense of fair use to 1201(a)(1). Although all you did was view your lawfully acquired DVD, you are still subject to civil liability.
Nguyen's description of how the anti-circumvention provisions of the DMCA operate with regard to DVDs sounds almost reasonable, but is misleading. Remember, playing a DVD on an unauthorized player is illegal. A point I wish had been made more forcefully at the DMCRA hearings.
via Bag and Baggage
Well, technically, the treaty is called the WIPO Treaty for the Protection of Broadcasting Organizations, cuz heaven knows they're all faced with extinction. The draft treaty will be discussed June 7-9 by WIPO's Standing Committee on Copyright and Related Rights (SCCR), which will then "decide whether to recommend to the WIPO General Assembly in 2004 that a Diplomatic Conference be convened." A diplomatic conference can adopt a treaty. The treaty will not go into effect, however, until a certain number of countries have acceded to it. The draft of the treaty is available here: Consolidated Text for a Treaty on the Protection of Broadcasting Organizations [PDF].
This treaty is really a nasty bit of work. It will give broadcasters, not copyright holders but broadcasters, a number of exclusive rights in their broadcasts, such as fixation, reproduction and distribution, whether or not the broadcast is of a public domain work. Moreover, the treaty would require signatories to prevent circumvention of those rights.
Oh yeah, the treaty would also apply to "cablecasters" and the United States (all alone on this one, apparently) wants the treaty extended to cover "webcasters." What exactly constitutes a webcaster isn't entirely clear, perhaps only streaming, perhaps HTTP. While the US is not a signatory to the previous treaty on broadcast, our efforts on negotiating this one indicate we are likely to sign on.
Read on for a look at this monstrosity...
Background
EFF's Consensus at Lawyerpoint, an anti-broadcast flag blog, reported on the origins of this treaty back in August 2002 (Europeans push WIPO Broadcast Treaty to create "fixation rights"). Last October James Love, director of the Consumer Project on Technology, wrote (with comments and suggestions from EFF's Cory Doctorow) an excellent analysis of an earlier draft of the treaty ([DMCA-Activists] On the Proposed WIPO XCasting Treaty). CPTech maintains a website tracking the treaty (The proposed WIPO Treaty for the Protection of the Rights of Broadcasting, Cablecasting and Webcasting Organizations).
Sui Generis Copyright-like Protection for Broadcasts
The treaty would give (among others) the following rights to broadcasters, cablecasters and, if the US has its way, webcasters: fixation, reproduction and distribution. Of course, there is no limit on what is covered by the treaty, as long as it is "broadcast" and consists of "sounds or of images or of images and sounds" (although why they couldn't just say "images and/or sounds" is beyond me). In other words, broadcast of public domain works like Dawn of the Dead would be covered along with works for which the broadcaster owns the copyright. Heck, you could start a radio station that exclusively broadcast Creative Commons-licensed freely distributable works and keep anyone from recording your broadcast.
Why bother with copyright? Simply "broadcast," or in the US's version, "webcast" all your material. Instead of connecting to an FTP server to get video or music you would connect to an ongoing "webcast" of the media, so that way, the broadcaster can keep control of the media even if it isn't copyrightable.
Article 8
Right of Fixation
Broadcasting organizations shall enjoy the exclusive right of authorizing the fixation of their broadcasts.
No more VCR, DVD-R or TiVo for you. So much for time shifting. Goodbye Sony v. Universal, it was nice knowing you.
This is the mandated broadcast flag. If the broadcaster doesn't want you recording it, you don't have a right to.
Article 9
Right of Reproduction
Alternative N
Broadcasting organizations shall enjoy the exclusive right of authorizing the direct or indirect reproduction, in any manner or form, of fixations of their broadcasts.
Alternative O
(1) Broadcasting organizations shall have the right to prohibit the reproduction of fixations of their broadcasts.
(2) Broadcasting organizations shall enjoy the exclusive right of authorizing the reproduction of their broadcasts from fixations made pursuant to Article 14 when such reproduction would not be permitted by that Article or otherwise made without their authorization.
More broadcast flag goodness. Even if you are allowed to record it, the broadcaster can control how you can reproduce it. That way, if you want to shift the latest Sopranos from the TiVo in the living room to your laptop to watch on the plane, the broadcaster can stop you.
The US and, for some reason, Egypt support alternative "O", which protects broadcasters from reproductions of unauthorized fixations.
Article 10
Right of Distribution
Alternative P
(1) Broadcasting organizations shall enjoy the exclusive right of authorizing the making available to the public of the original and copies of fixations of their broadcasts, through sale or other transfer of ownership.
(2) Nothing in this Treaty shall affect the freedom of Contracting Parties to determine the conditions, if any, under which the exhaustion of the right in paragraph (1) applies after the first sale or other transfer of ownership of the original or a copy of the fixation of the broadcast with the authorization of the broadcasting organization.
Alternative Q
Broadcasting organizations shall have the right to prohibit the distribution to the public and importation of reproductions of unauthorized fixations of their broadcasts.
In other words, no filesharing of broadcasts. Don't you dare make the fixation you made of ABC's broadcast of the President's State of the Union address (SotU) available on KaZaA.
Article 11
Right of Transmission following Fixation
Broadcasting organizations shall have the exclusive right of authorizing the transmission of their broadcasts following fixation of such broadcasts.
Don't webcast what you've saved previously. Not only can't you put your fixation of the SotU on KaZaA, you won't be able to webcast it either.
Now, governments can make the same exceptions to these broadcasting rights as they "provide for, in their national legislation, in connection with the protection of copyright in literary and artistic works." But they don't have to. Nor is it clear to me, under recent copyright decisions, that the Constitution requires the US to do so.
Term of Protection and Formalities
Article 15
Term of Protection
The term of protection to be granted to broadcasting organizations under this Treaty shall last, at least, until the end of a period of 50 years computed from the end of the year in which thebroadcasting took place.
Great. Copyright isn't long enough we have to provide protection for the broadcasts for fifty years in addition? So, forty years from now, when your grandchildren want to use a clip from television today to illustrate a report on the popular culture of their grandparent's era, they'll have to clear permissions with the television station that broadcast the clip (assuming we still have television stations then).
The previous treaty had a length of twenty years and, as we all know, broadcasters in countries that signed the treaty have suffered greatly from this length.
Article 18
Formalities
The enjoyment and exercise of the rights provided for in this Treaty shall not be subject to any formality.
No pesky registration requirements or anything. That way it is very difficult for people to know who owns the rights to what decades from now.
DMCA for Broadcast Flag
Article 16
Obligations concerning Technological Measures
(1) Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by broadcasting organizations in connection with the exercise of their rights under this Treaty and that restrict acts, in respect of their broadcasts, that are not authorized or are prohibited by the broadcasting organizations concerned or permitted by law.
Alternative V
(2) In particular, effective legal remedies shall be provided against those who:
(i) decrypt an encrypted program-carrying signal;
of the broadcasting organization that emitted it;(ii) receive and distribute or communicate to the public an encrypted program-carrying signal that has been decrypted without the express authorization
(iii) participate in the manufacture, importation, sale or any other act that makes available a device or system capable of decrypting or helping to decrypt an encrypted program-carrying signal.
Alternative W
(2) [No such provision]
This is the equivalent of the passage in the WIPO Performances and Phonograms Treaty (WPPT) that the US used as one of the justifications for the passage of the DMCA. So, not only does this treaty require a broadcast flag, it will be illegal to circumvent it.
Article 17
Obligations concerning Rights Management Information
(1) Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will induce, enable, facilitate or conceal an infringement of any right covered by this Treaty:
(i) to remove or alter any electronic rights management information without authority;
(ii) to distribute or import for distribution fixations of broadcasts, to retransmit or communicate to the public broadcasts, or to transmit or make available to the public fixed broadcasts, without authority, knowing that electronic rights management information has been without authority removed from or altered in the broadcast or the signal prior to broadcast.
(2) As used in this Article, “rights management information” means information which identifies the broadcasting organization, the broadcast, the owner of any right in the broadcast, or information about the terms and conditions of use of the broadcast, and any numbers or codes that represent such information, when any of these items of information is attached to or associated with 1) the broadcast or the signal prior to broadcast, 2) the retransmission, 3) transmission following fixation of the broadcast, 4) the making available of a fixed broadcast, or 5) a copy of a fixed broadcast being distributed to the public.
And don't try to make your copy of the broadcast of the State of the Union look like a legal, unbroadcast version.
Article 21
Provisions on Enforcement of Rights
(1) Contracting Parties undertake to adopt, in accordance with their legal systems, the measures necessary to ensure the application of this Treaty.
(2) Contracting Parties shall ensure that enforcement procedures are available under their law so as to permit effective action against any act of infringement of rights or violation of any prohibition covered by this Treaty, including expeditious remedies to prevent infringements and remedies which constitute a deterrent to further infringements.
Many people argued that the WPPT didn't require the US to pass the DMCA, as Congress concluded, because the US already adequately protected the rights of copyright owners. As the US doesn't protect any "broadcast" rights (other than some "theft of service" stuff), this provision would pretty much require a US Broadcast Flag DMCA law to be passed.
Conclusion
This is bad, bad, bad. What more can I really say?
Donna Wentworth has made her blog, Copyfight, a must-read since its beginning. That is why I am honored to join her and some most excellent colleagues in continuing Copyfight as a group blog. I will be posting along with Elizabeth Rader, Jason Schultz, Aaron Swartz, and Wendy Seltzer. Read the greeting message: Copyfight--the Expanded Edition. The blog description:
Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development and technological innovation that creates--and will recreate--the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.
I'll continue to post here, of course, especially my longer pieces.
APEX Digital, makers of famously inexpensive DVD players, is launching its first networked DVD player (APEX AD-8000N Connected DVD Player). The new device will not only play DVDs, but will be able to play files stored on a local computer, such as those movies you downloaded (legitimately, of course). APEX devices have also been famously hackable (Apex/Hiteker DVD Hacking Pages). How hard will it be and how long will it take for hackers to figure out a way to backup your DVDs on computer through the new APEX AD-8000N?
via engadget
Filtering software bete noir and DMCA expert Seth Finkelstein has two good posts on his Infothought blog regarding the DMCA, PDFs and reports about blogging. In the first (Making Fair Use of the Report on "Big Media" Meets The "Bloggers"), Seth links to Dowbrigade News, which had noted the irony of a report about bloggers available on the internet not being easily copyable (The Devil Is in the Details):
It [the report] is available as a free download .pdf from the Shorenstein. The weird thing is the extent to which the authors have gone to make sure this milestone article in the academic history of the Blogosphere is unbloggable. Excerpts or selections of the text cannot be saved, or copied and pasted. The document cannot be converted to another format or saved as anything else. The words "Not to be Copied" in 92-point faded-shit brown watermark letters are splayed diagonally across each and every page.
Seth, being smart, knows how to decrypt the relatively trivial encryption scheme used for the PDF. Of course, he also realizes that doing so would definitely violate the DMCA. Seth, being clever, knows that there are often other ways around DRM and provides a couple of means of circumventing the copy protection that, arguably, won't get Seth into trouble for violating the DMCA.
In a follow-up post, he goes into a little more detail how the DMCA operates with regard to circumvention (PDF, DMCA, and "Do Not Remove This Tag Under Penalty Of Law"). Once you have printed an encrypted PDF document to a file, which the Shorenstein paper permitted, the only "protection" for the document is the following code:
% Removing the following eight lines is illegal, subject to the Digital Copyright Act of 1998. mark currentfile eexec 54dc5232e897cbaaa7584b7da7c23a6c59e7451851159cdbf40334cc2600 30036a856fabb196b3ddab71514d79106c969797b119ae4379c5ac9b7318 33471fc81a8e4b87bac59f7003cddaebea2a741c4e80818b4b136660994b 18a85d6b60e3c6b57cc0815fe834bc82704ac2caf0b6e228ce1b2218c8c7 67e87aef6db14cd38dda844c855b4e9c46d510cab8fdaa521d67cbb83ee1 af966cc79653b9aca2a5f91f908bbd3f06ecc0c940097ec77e210e6184dc 2f5777aacfc6907d43f1edb490a2a89c9af5b90ff126c0c3c5da9ae99f59 d47040be1c0336205bf3c6169b1b01cd78f922ec384cd0fcab955c0c20de 000000000000000000000000000000000000000000000000000000000000 cleartomark
As Seth notes, under the DMCA, it is plausible reading of the statutes that removing those lines from the code is a violation of federal law.
The report, which discusses the blogosphere's role in the Trent Lott affair is available here: "Big Media" Meets the "Bloggers" [Fair Use Inhibited PDF]. Perhaps someone from the Berkman Center should discuss some of the issues involved with using fair-use inhibited file formats with the Shorenstein Center.
Three days ago, I posted about a recent decision concerning databases and the DMCA (DMCA Decision on Databases). While others were claiming this as a victory against the abomination that is the DMCA, I remained uncertain, not yet having a chance to read the decision. Now, with many thanks to a reader, I have had a chance to read the decision: Inquiry Management Systems v. Berkshire Information Systems.
The case is about one information company (Berkshire) accessing and copying substantive amounts of a database of another information company (Inquiry Management Systems). The claims involved include the Computer Fraud and Abuse Act, copyright infringement, tortious interference and, my favorite, the DMCA. The decision is one of summary judgement, with the copyright and DMCA claims dropped from the case. This may seem like a DMCA victory, but I'm still not sure since the logic is a mess.
UPDATE
The Register has a piece on some other troublesome elements of the decision I didn't cover (Is password-lending a cybercrime?)
Not a DMCA "Database" Decision
The DMCA is a near absolute bar against circumventing "access" controls in order to get to copyrighted information. Under the Feist decision, many collections of facts (e.g., databases) aren't protected by copyright - an element of the great idea/expression dichotomy (copyright protects expressions, not ideas). The great worry about the DMCA with regard to databases is that the unscrupulous will use the DMCA to obtain paracopyright protection for databases that aren't protected by copyright.
The way one would do this is simple: take something copyrightable and place it behind a DMCA-sanctioned access control, for example, a paragraph of original prose protected by a simple encryption scheme. Then, take your non-copyrightable database and place it behind the same DMCA-sanctioned access control. When someone tries to circumvent the access control to get to the database, you can claim they were circumventing an access control that protects a copyrighted work, which is true. This puts the one trying to access the database in violation of the DMCA, subject to all the strong penalties associated with it. Congratulations! You have now found a loophole around the Feist decision.
This is what a DMCA database decision means to me. When a court decides whether the DMCA can be used to protect a telephone book worth of non-copyrightable data with a paragraph of prose, then I'll be interested.
That is not the case here. The judge doesn't go into detail but basically allows that the information in the database is copyrighted (though not registered for purposes of this infringement suit), and thus the threshold question of whether or not the access control truly controls access to copyrighted material, as opposed to a collection of facts, is not addressed directly.
However, that does not mean that this decision is not without interest to DMCA aficionados.
When Is a Password Legitimate? A Confusing Definition of Circumvention
What is circumvention? It all depends on how you look at it...
Having already decided that the database was copyrighted, the judge in this decision quickly acknowledges that the password protected access to the database qualifies as an access control device under the DMCA, which I would agree with. The only question left is whether or not unauthorized use of a password constitutes circumvention. The judges answers in the negative.
But why?
Apparently, because Berkshire didn't avoid or bypass IMS's password protection and got through the password protection the way it was intended, by using a valid password:
[O]ther actions proscribed by the DMCA, connote broader application of the anti-circumvention prohibition, such as the terms "avoid" and "bypass". These actions are far more open-ended and mundane, and do not necessarily involve some kind of tech-based execution. Notwithstanding this, defendant argues that it has not even committed any act of avoidance or bypass, as it is accused of confronting IMS's password-controlled access in the way precisely intended: "All [I.M.S.] accuses Berkshire of doing is using IMS's own customer's valid password and user [identification] to view IMS's e-Basket system exactly as the customer itself might have done." Rep. Mem. at 10.
We agree that plaintiff's allegations do not evince circumvention as that term is used in the DMCA. Circumvention requires either descrambling, decrypting, avoiding, bypassing, removing, deactivating or impairing a technological measure qua technological measure. In the instant matter, defendant is not said to have avoided or bypassed the deployed technological measure in the measure's gatekeeping capacity. The Amended Complaint never accuses defendant of accessing the e-Basket system without first entering a plaintiff-generated password.
Hmmmm .... this may seem rather straight forward, but not so fast. Let's take that last sentence first: "The Amended Complaint never accuses defendant of accessing the e-Basket system without first entering a plaintiff-generated password." Ok, what does this mean? Personally, I'm not sure. First, this is what we know of the origin of the password:
To gain access to e-Basket, I.M.S. alleges that Berkshire obtained a user identification and password issued to a third party, thereby knowingly inducing that third party to breach an agreement it had with I.M.S.
So, if you convince someone to give you a password in breach of an agreement (or more like, license) you are free and clear of a DMCA access violation. Ok, this sounds reasonable to me, but what is the principle behind it? Unfortunately, the case isn't clear. The holding of the decision is that "unauthorized use of an otherwise legitimate, owner-issued password" is not circumvention. But what does "otherwise legitimate" or "owner-issued" mean? They're not in the text of the DMCA.
What is "otherwise legitimate," exactly? If IMS verbally rescinded the password's authorization, but could not physically stop it from working, would that mean the password was no longer legitimate? That would seem to be a strange thing to base DMCA liability upon. What would it take to count as rescinding what once was legitimate?
What other means of obtaining a password are legitimate? Is this a blanket exemption to the DMCA for social engineering? What if Berkshire got the password by looking over the shoulder of the third party when they entered it on their computer? What if they obtained it under false pretenses (This is IMS customer service, giggle, can you verify your password for me -or- IMS customer services, this is "third party," can your remind me what my password is)?
Is this a blanket exemption to the DMCA for obtaining a password through a third party? What if Berkshire had found the password on a website or newsgroup? What if a disgruntled former employee of the third party sent the password to Berkshire? What if Berkshire had found the password on a warez site? Would that impose DMCA liability? If so, why? What would be the distinction?
The generation issue is sort of interesting. Would it be a violation of the DMCA if Berkshire had merely guessed the password? For example, many people use the same passwords for a variety of sites and uses. What if a third party used both Berkshire and IMS services and Berkshire tried the password the third party used on Berkshire's site on IMS's? Such a scheme is likely to work, eventually. But would it be a violation of the DMCA? After all Berkshire is still "confronting IMS's password-controlled access in the way precisely intended." Of course, I suspect that a judge will begin to see this sort of action as more of a bypass, but where is the line and how does one derive the line from the DMCA?
Going even further, what if Berkshire merely hazarded a guess at a commonly used password? What if Berkshire used a password generator to create a password that, coincidentally, IMS had already issued? What if they had used a password generator that created a valid password, but one that IMS had never issued? In this case the means to access was a password, but what if it were a serial number? Would that make a difference and, if so, how do you articulate that difference within the language of the DMCA? Is this a technological issue? Social engineering is okay, but digital engineering is bad? The case doesn't answer these questions at all.
Finally, running with this chain of examples, what should be the outcome if Berkshire found the password on a website or newsgroup, but the password had been (unbeknownst to Berkshire) generated by a password generator? What if Berkshire had thought the password of the unnamed third party was legitimately issued, but it wasn't? Is Berkshire liable under the DMCA? I don't think you can know from the DMCA or this decision.
Circumvention Depends on How You Look At It
Don't even start DeCSS aficionados arguing about the meaning of authorization and the DMCA. You see, under the DMCA, according to Reimerdes, buying a DVD doesn't give you authorization to access the DVD. Authorization to access the movie on the DVD comes from buying an authorized DVD player in conjunction with the DVD (we think; it really isn't clear when or where authorization accrues). This is confusing enough (what have you actually purchased when you buy a DVD?). This decision does little to clarify matters:
More precisely and accurately, what defendant avoided and bypassed was permission to engage and move through the technological measure from the measure's author. Unlike the CFAA, a cause of action under the DMCA does not accrue upon unauthorized and injurious access alone; rather, the DMCA "targets the circumvention of digital walls guarding copyrighted material." Universal Studios, 273 F.3d 429, 443 (emphasis in original).
Yeah, that is the neat thing about the DMCA. It not only targets unauthorized and injurious access, it targets non-injurious access as well.
Although whether an activity qualified as circumvention was not the question posed to the court, Universal Studios is instructive as a matter of reference. There, the offending circumvention was a DVD decryption program, DeCSS, which enabled the viewing of movies without using a DVD player. See Universal Studios, 273 F.3d at 452. The security device that prevented access to DVD movies without a DVD player, CSS, was described "in its basic function ... [as] a lock on a homeowner's door, a combination of a safe, or a security device attached to a store's products." Id., at 452-53. Likewise, "in its basic function, [DeCSS, the decryption program] is like a skeleton key that can open a locked door, a combination that can open a safe, or a device that can neutralize the security device attached to a store's products. DeCSS enables anyone to gain access to a DVD movie without using a DVD player." Universal Studios, 273 F.3d at 453.
I've never like this analogy, cuz usually, what keeps me from accessing a movie on DVD is not having the physical DVD. I've downloaded DeCSS, but that didn't get me any DVDs of movies. And, you know, as often as I try to use DeCSS without a DVD player, it just never works. Heck, I've even sung the DeCSS Song for my DVDs and nothing happened. What the judge must have meant, is that DeCSS enabled the viewing of movies on DVD (however you acquire the DVD) without using CSS authorized software. This sort of changes the analogy though. The physical DVD player isn't the key, the actual crypto key is the key.
The thing about CSS authorized software is that it has a key, an authorized password if you will. Once you have a legitimate key, then you can write DVD playing software that will decrypt a DVD movie. Now, you do have the encryption thing going on, but I don't see how using an unauthorized key that is otherwise legitimate is different from using an unauthorized password that is otherwise legitimate. The DMCA doesn't seem to see a difference:
It is of course the case, as defendant propounds, that the DMCA addresses activity such as decryption, descrambling, deactivation and impairment, and that these are all forms of circumvention under the subsection commonly involving technologically-sophisticated maneuvers. One might associate these activities with the breaking and entering (or hacking) into computer systems. [I guess making unauthorized use of a DVD you have legitimately purchased is the equivalent of breaking and entering]
On the other hand, other actions proscribed by the DMCA, connote broader application of the anti-circumvention prohibition, such as the terms "avoid" and "bypass". These actions are far more open-ended and mundane, and do not necessarily involve some kind of tech-based execution.
So the distinction between using an unauthorized crypto key that is otherwise legitimate and an unauthorized password that is otherwise legitimate is clear, because? Surprisingly, the last paragraph of the DMCA portion of the decision is able to even further muddy the logic of the distinction:
Defendant is alleged to have accessed plaintiff's protected website without plaintiff's authorization. Defendant did not surmount or puncture or evade any technological measure to do so; instead, it used a password intentionally issued by plaintiff to another entity. As an analogy to Universal Studios, the password defendant used to enter plaintiff's webservice was the DVD player, not the DeCSS decryption code, or some alternate avenue of access not sponsored by the copyright owner (like a skeleton key, or neutralizing device). Plaintiff, however, did not authorize defendant to utilize the DVD player. Plaintiff authorized someone else to use the DVD player, and defendant borrowed it without plaintiff's permission. Whatever the impropriety of defendant's conduct, the DMCA and the anti-circumvention provision at issue do not target this sort of activity.
Ooookaay. If I use DeCSS to view a DVD using the XING key, which was otherwise legitimate, why is that "surmounting" or "puncturing" a technological measure (terms not in the DMCA by the way)? In a sense, haven't I simply borrowed the player from XING? Unauthorized, sure, but why is does liability attach for borrowing XINGs key, but not for borrowing the unnamed third party's password? Now, I might do things with XING's player that the MPAA doesn't like, but that is the same as using the unnamed third party's password for things IMS didn't like. The MPAA authorized XING to use the key. DeCSS borrowed the key without the MPAA's permission. Isn't it the same thing?
You know, many of these problems with interpreting the DMCA could be solved if judges adopted my theory of the distinction between 1201(a) and 1201(b). Under my theory, IMS's password protection falls under 1201(a) and CSS falls under 1201(b). 1201(a) makes using and trafficking in a anti-access control device illicit, 1201(b) makes only trafficking in an anti-copying device illicit, using it is fine. Since what the court is considering here is possible use of a device, it wouldn't be necessary to strain for a distinction between CSS keys and a password, since under my theory, use of CSS keys is not a problem for the DMCA. Unfortunately, Reimerdes really blew that one, and every other judge is following that lemming to confusing and arbitrary distinctions.
The DVD-CCA brought a trade secrets case against Andrew Bunner for publishing alleged trade secrets regarding DVD encryption, that is, the DVD decryption code known as DeCSS. The district court entered a preliminary injunction against Bunner posting the code on January 20, 2000 (Order Granting Prelim. Injunction for plaintiffs against defendants, in DVD CCA v. McLaughlin, Bunner et al.).
Bunner appealed, citing his free speech rights under the Constitution and California Constitution. He lost his constitutional challenge in the California Supreme Court, but the case was sent back to the California appeals court to determine whether the injunction had been properly issued under state trade secrets law. The appeals court has determined that the injunction was not properly issued.
Read the published (technical legal term meaning you can officially cite the case) decision: DVD-CCA v. Bunner [PDF]
This is a solid, black letter law decision. One highlight however:
One of the analytical difficulties with this case is that it does not fit neatly into classic business or commercial law concepts. The typical defendant in a trade secret case is a competitor who has misappropriated the plaintiff’s business secret for profit in a business venture. In that scenario, the defendant has as much interest as the plaintiff has in keeping the secret away from good faith competitors and out of the public domain. But here, according to DVD CCA it has no good faith competitors. And the alleged misappropriators not only wanted the information for themselves, they also wanted the whole world to have it.
Heh.
Below, the conclusion:
We conclude that evidence in the limited record before us does not justify the issuance of an injunction under the UTSA. DVD CCA presented no evidence as to when Bunner first posted DeCSS and no evidence to support the inference that the CSS technology was still a secret when he did so. Further, there is a great deal of evidence to show that by the time DVD CCA sought the preliminary injunction prohibiting disclosure of the DeCSS program, DeCSS had been so widely distributed that the CSS technology may have lost its trade secret status. There is no evidence at all to the contrary. Thus, DVD CCA has not shown a likelihood of success on the merits; nor has it demonstrated that it would suffer further harm if the preliminary injunction did not issue. The preliminary injunction, therefore, burdens more speech than necessary to protect DVD CCA’s property interest and was an unlawful prior restraint upon Bunner’s right to free speech. It follows that issuance of the injunction was an abuse of the trial court’s discretion. [citations omitted]
Congratulations to Bunner and EFF!
Read the case archives: DVD-CCA v. Bunner and DVD-CCA v. Pavlovich
Jason Schultz pulls some more good quotes from the decision (EFF wins DVD-CCA v. Bunner Appeal).
UPDATED
The Intersection of Trade Secret and the DMCA
One very interesting aspect of the decision is that there is no mention of the DMCA and how it relates to the trade secrets law. One of the justifications for trade secret law is that there is no other law that will protect these valuable ideas, such as copyright or patent. After all, you can't have a trade secret and patent on the same concept. In return for making an idea public, you get a patent. If you keep the idea secret, you can keep it secret for as long as you want, but if it becomes public, you cannot protect the idea. Here is the key paragraph from the decision on this:
The [district] court determined that while the harm to defendants in being compelled to remove trade secret information from their Web sites was “truly minimal,” the current and prospective harm to DVD CCA was irreparable in that DVD CCA would lose the right to protect CSS as a trade secret and to control unauthorized copying of DVD content.
Well, no. Under Reimerdes, loss of trade secret status would have no bearing on the DVD CCA's ability to control unauthorized copying of DVD content. There would be no harm to loss of the trade secret. Thus, no need to invoke trade secret law.
Yesterday, C|Net News reported on a court ruling that apparently held the anti-circumvention provisions of the DMCA don't apply to databases (Court doesn't extend database protection). I would have written on this sooner, but I was hoping to find a copy of the decision and haven't come across one yet. The key 'graph from the article is:
Because Berkshire may have somehow obtained a legitimate password to the Web site, the judge said, IMS' argument that the bulk downloading "circumvented" a security system was a stretch. "Whatever the impropriety of defendant's conduct, the DMCA and the anti-circumvention provision at issue do not target this sort of activity," Buchwald wrote. Section 1201 of the DMCA says "no person shall circumvent a technological measure" that protects copyrighted material.
While this sounds good, I'm not so sure. There is not enough information to determine upon what basis the judge ruled. In particular, I would like to know how the judge distinguished or followed such decisions as Reimerdes, Elcomsoft, Chamberlain and Lexmark (no 321 because the decision was issued only days before, and 321 doesn't add anything new to the mix). For example, we could have a decision much like the one in Chamberlain, which created a pseudo-distinction because the judge didn't like the outcome logic would have dictated (Judge Asserts Pseudo Distinction to Preserve DMCA).
Derek Slater is on a roll when he points out a recent decision involving 17 USC 512 liability (part of the DMCA's ISP safe harbor provision) (Ellison Appeal and the 512 Standards). See also, Not Quite a Blog's post on this (Ellison v. AOL: Many organizations could be held contributorily liable).
This is an important decision in the developing law of ISP liability, which is growing more complex. The case involves bad boy science-fiction author Harlan Ellison suing AOL for the unauthorized posting of Ellison's work in newsgroups. The particular issue on point is whether or not AOL met the burdens required for eligibility for the safe harbor. The decision was that there is a question of fact as to whether AOL complied with the safe harbor provisions. AOL's main problem was that they changed their notification email address, did not notify the Copyright Office for months and did not forward emails to the old address. It is this cavalier attitude toward notification that also created a question of fact with regard to contributory infringement. This summary may sound fairly straightfoward, but the interweaving complexities of 17 USC 512 make it much more complex. Read the decision: Ellison v. Robertson [PDF].
Derek brings up an issue that the court did not directly address, what the definition of "repeat infringer" is. One interpretation would be that one is only a repeat infringer when a court has found copyright infringement twice. While that would be a plausible interpretation of the statute, it doesn't make much sense as a policy. With a strict definition of "repeat infringer," the law would require copyright holders to sue infringers in order to have any sway over their conduct. I'm not sure we really want a policy where suing is the only option.
However, if we don't have a strict definition of "repeat infringer," the DMCA as currently structured gives too much power to the copyright holders. For example, a notice-and-takedown letter might very well be sent against a legitimate work of fair use. The author of the fair use work might take down the work simply because they cannot afford to fight a court battle, not because the work was illegitimate. Without a strict definition of "repeat infringer", such an action would probably be considered infringement - leading to "repeat infringement" down the road.
Having a quick notice-and-takedown provision for copyright infringement makes a lot of sense - but only in cases of blatant infringement. Thus, I would allow the use of notice-and-takedown but with a reverse liability clause. Use of notice-and-takedown provisions that were ultimately found not to be infringement would create liability for the copyright holder making the claim. This would mean that blatant copyright infringements would be subject to notice-and-takedown claims, and rightfully so. On the other hand, copyright holders would be less likely to abuse such notices for fear of liability. If they still wanted to pursue copyright infringement arguments without liability, they still could using the traditional tools of a lawsuit and request for preliminary injunction.
I think this would have solved the whole Diebold mess, see Derek again (Arguments Heard in Diebold Case).
Reuters has an important story in the DeCSS saga (Supreme Court Unscrambles DVD Decision). Apparently, two weeks ago the Supreme Court of the United States reversed an emergency stay on the Pavlovich DVD case. Pavlovich, a resident of Texas, had successfully contested jurisdiction (as determined by the California Supreme Court) in a trade secrets case brought in California. The DVDCCA had claimed posting DeCSS violated their trade secrets. According to Reuters, "In the latest ruling, U.S. Supreme Court Justice Sandra Day O'Connor lifted the injunction, saying there was no need to keep DeCSS a secret." This is a major blow to the trade secrets case, though not to the DMCA case (see, EFF's MPAA DVD Cases Archive).
I wonder though, if the emergency stay was lifted Jan. 3, why haven't I heard about it before?
Read about the history of the case on EFF: DVDCCA Case Archive: Pavlovich.
Thanks to Derek Slater for pointing out an incredible decision in the Italian courts (Mod-Chippers Win in Italian DMCA Case). I'm not terribly familiar with Italian law, so I have no idea how important this decision is, but it is wonderfully drafted, though lacking the copious footnotes of a US decision. The decision, which was first noted by IP Justice, essentially defends mod-chipping of consoles vs arguments based on the European version of the DMCA as well as on copyright grounds (Italian Court Rejects First EU Copyright Directive Seizure). Read the decision (English translation by Electronic Frontiers Italy) here: Tribunal of rehearing of Bolzano. The original Italian here: Tribunale di Bolzano.
The arguments are very straight forward, mostly hinging on the rights of the consumer to make whatever private uses of the device they want. Although it is acknowledged that mod chips can be used for playing infringing versions of games, that is dismissed out of hand in light of the numerous legitimate uses enabled, such as avoiding region coding, allowing third party game developers, making backup copies and using the PlayStation as a computer.
Indeed, the court seemed most enamored of the use of consoles as full-fleged computers. For example, there is this quote (something similar will eventually arise in US courts as well):
Ironically, [it is Sony who first] had supported strongly the thesis that a playstation is a true computer and not just a game console, when asked by the EU to pay for custom duties imposed over the consoles (while computers aren’t subjected to this tax).
Ooops. Avoid those taxes, create an opening for the argument that the PlayStation is a computer (the use of which should be unrestricted). Later, the decision notes that:
But if the device [Xbox], with a few hacks, may run Linux, why in the world shouldn’t a user be free of use it in all the ways he likes?
Good stuff. Unlikely to be persuasive to a US judge, but great news for the Europeans.
As reported by Donna Wentworth on Copyfight, Verizon has emerged victorious in its effort to thwart the RIAA's subpoenas under the DMCA (Verizon Wins Victory for Privacy). The US Court of Appeals for the District of Columbia Circuit has reversed a lower court's ruling and held that the RIAA may not send subpoenas to ISPs for information on alleged infringers using P2P. Read the DC Circuit decision: RIAA v Verizon [PDF].
The decision is a victory for privacy, but not a victory for privacy as such.
The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. A DMCA notice-and-takedown letter can only be sent to the ISP if the ISP can remove access to the material (and not if the only way to remove access is to terminate a user's account). Thus, a copyright owner cannot send a DMCA notice-and-takedown to an ISP for what a user shares via P2P (the ISP can do nothing but terminate the user's account, which is not a remedy under a DMCA notice-and-takedown letter). Consequently, if no notice-and-takedown may be sent, no subpoena may be issued.
The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.
What does all this mean?
First, the RIAA has nearly hosed itself. They were trying to issue all the subpoenas through the DC Circuit and not through the other circuits. They did this for administrative reasons and in order to preserve what they thought would be a victory for their interpretation of the DMCA in the DC Circuit. Of course, MIT and others fought this interpretation, forcing the RIAA to issue subpoenas through other circuits. There is also an ongoing legal battle between the SBC and the RIAA in San Francisco, one of the questions of which is why the case is not being heard in DC as the RIAA desires desired. Ooops. Of course, the RIAA (being the weasels they are) can shift on a dime and forum shop their subpoenas in other circuits, looking for a circuit split. However, the DC Circuit decision is bound to be rather influential and many other courts will find it persuasive.
Second, this will greatly increase the pressure on Congress to address the P2P issue directly. With losses in the Kazaa case and now the Verizon case, the RIAA has few recourses in existing law to fight massive copyright infringement. The pressure that will be exerted on Congress to act will be quite large, and the outcome will be indeterminate.
Of course, the RIAA (and its members) do retain the ability to sue infringers under John Doe lawsuits and then have subpoenas issued to ISPs. This would be a tremendous administrative burden on the courts and thus increase pressure on Congress to act. Additionally, the settlements that the RIAA would have to get from P2P file sharers would likely have to be higher to recoup at least some of the additional costs of filing hundreds, if not thousands, of lawsuits.
A quibble with the decision, however, is the following sentence:
The issue is whether § 512(h) applies to an ISP acting only as a conduit for data transferred between two internet users, such as persons sending and receiving e-mail or, as in this case, sharing P2P files.
I believe that the analogy between email and P2P is misleading. E-mail is often one-to-one, but can also be one-to-many. A webpage is technically one-to-one (every webpage served is a single transaction between server and browser), but operates as a one-to-many distribution. P2P is technically one-to-one, but operates as one-to-many. Yes, the ISP in this case is simply a conduit and should be treated as such, but we should not misleadingly analogize one-to-one transfers with one-to-many, unless one consistently refers to webpages as data transferred between two internet users as well.
EFF has a statement (Court Rules Verizon Can Refuse to ID Customers to Music Industry).
Susan Crawford offers an interesting take on her blog regarding the FCC's lack of authority to mandate the broadcast flag (New tack on the broadcast flag). Her take is certain to be popular in Hollywood as it analogizes the copyright industries to the tobacco industry:
[I]f FDA cannot regulate cigarettes, FCC cannot regulate consumer electronics devices.
The case Crawford is referring to is FDA v. Brown & Williamson Tobacco Corp., in which the FDA claimed the ability to regulate cigarettes, but was shut down because, among other reasons, "It is highly unlikely that Congress would leave the determination as to whether the sale of tobacco products would be regulated, or even banned, to the FDA’s discretion in so cryptic a fashion." Similarly, it seems rather odd that Congress intended the FCC to regulate the consumer electronic and computer industries without a clear mandate.
Indeed, for the first time, I must praise the anti-circumvention aspects of the DMCA. Section 1201(c)(3) of the DMCA states that:
[n]othing in this section shall require that the design of, or the design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure, so long as such part of component, or the product in which such part or component is integrated, does not otherwise fall within the prohibitions of subsection (a)(2) or (b)(1).
This is the anti-mandate provision of the DMCA, which was part of the compromise that resulted in the passage of the bill. How odd that the consumer electronics industries would have signed on to this compromise if what it really meant was that the FCC could mandate anyway. In addition, section 1201(k) explicitly regulates certain copy protection measures for analog broadcasts. Had Congress intended for the FCC to mandate digital copy protection for broadcast, you think the DMCA might have mentioned it.
This is just a brief analysis. Hopefully, the consumer electronics and computer industry lawyers are putting together something much more devastating to the FCC's case.
Derek Slater fights the good fight and wins a round (Update: Diebold, Harvard, and Me). Slater was one of the citizens engaged in e-civil disobedience against e-voting machine manufacturer Diebold's mendacity. He posted a mirror of the infamous Diebold memos, excerpts of which can be found on Rep. Kucinich's website here: Voting Rights. For his trouble, Slater received a notice-and-takedown letter from Diebold, via Harvard. Consequently, Harvard (following their own policy) entered a black mark in Slater's record for being a copyright infringer. One more notice-and-takedown letter addressed to him and Slater would lose access to Harvard's network for a year. Slater protested this policy, arguing that he shouldn't get a black mark due to civil disobedience (and the fact that his posting of the memos had a strong, although not invulnerable, fair use defense). Harvard has, in Slater's case, agreed. However, this was an ad hoc decision. Now, Harvard should revise its policy so that there is a procedure for challenging the black mark, in addition to the statutory procedure for challenging the notice-and-takedown letters themselves.
Donna Wentworth points out (Kucinich Posts Excerpts from Diebold Memos) that Representative (and Presidential Candidate) Dennis Kucinich (D-OH) has now posted excerpts of the infamous Diebold memos on his website on a page devoted to voting rights (Voting Rights). It should be noted that Diebold is now claiming that the juiciest excerpts from the leaked memos are copyright violations as well (Letter from Cindy Cohn to Judge Fogel [PDF]). While Diebold might have a colorable claim that posting all the memos is a copyright violation, there is no reasonable claim that publishing the excerpts is not fair use. It will be interesting to see how Diebold responds to Kucinich's postings.
Kucinich also condemns Diebold's use of the DMCA to silence those who have posted these memos:
Diebold has been using coercive legal claims to intimidate internet service providers and even universities to shut down websites with links to its memos and remove the memo content. Under copyright laws, however, universities are exempt, and posting links to the memos is not considered a violation of the law. By abusing the Digital Millennium Copyright Act, Diebold has intimidated numerous internet service providers to comply with its requests. The damage is two-fold: 1) limiting the public’s information about the security of its voting machines, and 2) expanding corporate control over our most free medium of expression, the Internet.
UPDATE 1745 PT
Doug Simpson brings up some good points on his Unintended Consequences blog (Congressman Posts Diebold Document Excerpts). He discusses the "Speech and Debate" clause of the US Constitution (U.S. Const. art. I, § 6, cl. 1):
The Senators and Representatives ... shall in all Cases, except Treason, Felony and Breach of the Peace, beprivileged from Arrest ... and for any Speech or Debate in either House, they shall not be questioned in any other Place.
And notes the analogies of the present case with Brown & Williamson Tobacco Company v. Williams 62 F.3d 408 (D.C. Cir 1995), a case involving tobacco industry documents leaked to Congress. The case is a very good introduction to the issues involved in the "Speech and Debate" clause. I second Doug's comment that, "I'd like to be a fly on the wall when those [a notice-and-takedown letter] arrive[s at house.gov's ISP]."
The Washington Post has published a lengthy article about some of the problems the DMCA is causing (Caught by the Act). Any sympathetic press coverage of these issues is welcome. However, this article is as confusing as it is informative. The main problem is that the article conflates three separate elements of the DMCA into, seemingly, one confusing mess: the notice-and-takedown provisions, the anti-circumvention provisions and the super-subpoena power. At one point there is a paragraph on the Diebold case (which deals with the notice-and-takedown provisions) bookended by paragraphs dealing with alleged section 1201 violations. Even those elements that the article distinguishes are often confused. For example:
The music industry uses the DMCA to sue Internet song-swappers it maintains are violating copyright law.
Actually, no the industry isn't. The industry is using section 512(h) of the DMCA to subpoena information about alleged infringers. Whether the RIAA subsequently sues or not is mostly irrelevant. Indeed, many of the targets of 512(h) requests are now settling prior to the launch of a lawsuit.
However, there is one especially nice quote in the article:
"I won't predict the date," [Rep. Rick] Boucher [(D-Va.)] said, "but eventually, we will change the DMCA."
The Harvard Crimson does a pretty good write up on Derek Slater's recent notice-and-takedown message from Diebold for posting the e-voting memos (Student Accused of Violating Copyrights). Here's hoping that Harvard removes the accusation from Derek's permanent record. Seriously, Harvard needs to revisit its DMCA policy. Two strikes and you lose access to the network for a year might be reasonable for flagrant infringers, but in disputed cases, especially those involving political speech (such as Derek's), the policy is clearly draconian.
Derek Slater hosted one of the mirrors of the Diebold memos on a Harvard server (Diebold, Harvard, and Me). Soon thereafter, Harvard received a notice-and-takedown from Diebold targeting Slater's mirror. Derek has taken the mirror down, and will not be contesting Diebold's actions (he is busy with other projects). However, Harvard has a policy of terminating network access for a year for people who have have received two notice-and-takedown letters (Even Harvard's Dean Misreads the DMCA Safe Harbor). The letter from Diebold would count as Derek's first strike. This two-strikes (without further investigation) and you're cut-off policy is bad in and of itself. However, as applied to Derek it is certainly unjust. Harvard should revise its "repeat offender" DMCA policy and not count Derek's actions as those of a repeat offender.
Good luck, Derek!
UPDATE 1205 PT
Derek writes to inform that he has not actually taken the materials down and has not yet decided on a plan of action.
Copyfight had the first news and a collection of interesting links for EFF's and Stanford's Cyberlaw Clinic's support for a lawsuit against Diebold (EFF, CIS Seek Court Order Against Diebold). The documents filed in the case can be found here (EFF Archive: Online Policy Group v. Diebold, Inc.).
While I applaud the efforts to shut down Diebold's attempt to silence the publicizing of evidence justifying the complaints of Diebold's critics, I'm not sure how viable some of the legal arguments being made are. Some are certainly stronger than others, but it will not be an easy case to win. For example, while I certainly think that publishing the memos is fair use, I don't think the case for fair use is so clear that Diebold "knew" that the copyright claims were false. On the other hand, Diebold certainly should have known that linking to documents hosted on another site is not covered by the DMCA notice-and-takedown claims. The misuse of copyright argument is clever, and I hope it succeeds, but it will be tough going as the doctrine isn't quite clear and most cases deal with issues relating to anti-trust, not political expression.
At the very least, however, the lawsuit should force Diebold to actually litigate the issues rather than merely rely on the notice-and-takedown provisions. Moreover, the arguments in the case will certainly be precedent-setting and very interesting.
bIPlog which had a great set of links on the Diebold/Swarthmore scandal yesterday (Cease and Desist Me, Babe) and was Slashdotted this morning (Diebold Chases Links To Leaked Memos), points to an interesting /. comment (/. Comments):
Yea, that's right, go on kazaa and type in Diebold and you'll find the mail....on over a hundred different hosts with quick speedy downloads to par!Same's true for all the p2p apps, even the waste network I'm on! Sorry Diebold, I'm not gonna stop hosting your memo's until your entire goddamn corperation is taken down and the lie is revealed.
When will companies learn that often times the best way to solve a problem is to ignore it? Diebold's heavy-handed efforts to stamp out the distribution of the memos is only increasing their distribution and public awareness.
This is interesting. 321 Studios, publishers of DVD X Copy, a DVD-backup software utility program, is not happy with the Copyright Office rulemaking and intends to challenge it according to the St. Louis Business Journal (321 vows to appeal ruling banning DVD copying).
Other news stories on the DMCA rulemaking:
The Globe and Mail Technology section:
(Copyright officials rule against Lexmark)
PC World
(DMCA Challenges Dealt a Blow)
The Inquirer
(US Library of Congress attacked for failing to protect consumers)
UPDATE 1010 PT
Slashdot (again)
(Copyright Office Rules Against Lexmark)
Ars Technica
(How to slip past the DMCA, maybe sorta; ROM emulation gets a boost? )
For even more links, see:
(Ancillary Works on DVD DMCA Exemption Denied)
Jenny Levine, aka The Shifted Librarian, has a great line in her short post on this blog and the DMCA exemptions (Chipping Away at Fair Use). If I had a "quote of the week", this would definitely be it:
If public libraries didn't already exist, would we be able to start them in this day and age? My guess is no.
WIRED is continuing coverage of the Swarthmore/Diebold scandal and gets some quotes from Swarthmore's Dean Gross (E-Vote Protest Gains Momentum). However, the issue of taking down links to sites that link to the memos is not directly addressed:
However, Gross said that the cease-and-desist letter specified taking down links to the memos, and school lawyers felt they had to comply.
In another update, the Why War? website now shows nineteen active mirrors for the memos and three mirrors shutdown due notice-and-takedown letters from Diebold (Targeting Diebold with Electronic Civil Disobedience). Students from a total of twenty schools are participating.
bIPlog has a good round up of stories and cheekily requests a cease-and-desist letter (Cease and Desist Me, Babe).
Why War? reports that two of the universities (Amherst and MIT) which have students engaging in electronic civil disobedience by hosting the infamous Diebold memos have received notice-and-takedown letters from Diebold. On the other hand, students at three more universities have joined the protest (Targeting Diebold with Electronic Civil Disobedience). The student at MIT who was the indirect target of the letter has his homepage here (C. Scott Ananian).
Prof. Timothy Burke of Swarthmore's History Department has a thoughtful post on the Swarthmore/Diebold scandal (Caveat Emptor). While appalled by Diebold's actions and proud of the students who have revealed the mendacity of Diebold, he finds fault with some of the students' tactics and defends Swarthmore's response. Much of his argument is well-taken and provides good guidance for civil protests on college campuses (such as, don't ask /. readers to email the Dean en masse).
However, I do take exception to the claim that I and others "[repeat] what they’re finding at the Why War? website as if it’s the absolute gospel truth, and [exhibit] zero curiosity about the totality of the story." I do not believe that accurately characterizes my following of the story. For example, in this post (Swarthmore Crackdown on Protesting Students Reaches New Low), I am clearly skeptical of the claims of the Why War? website:
Now, Swarthmore is allegedly terminating the internet connection of any student who links to the Why War? website .... If the allegations are true, this is a tremendous violation of freedom of expression and academic freedom. [emphasis added]
I'll also note that as a followup, I spoke with a member of Swarthmore's IT department again yesterday. The linking policy is, as of last night and according to this individual, unchanged. Students may have a text-based link to the Why War? site, but not an active HTML link to the site.
I wrote and testified on behalf of an exemption for "ancillary audiovisual works distributed on DVDs encrypted by CSS." Today, that exemption was denied, see http://www.copyright.gov/1201/.
I will be writing an indepth analysis of the denial in the near future. However, I just wanted to note on this blog the following sentence from the recommendations that best summarizes the decision:
Encouraging circumvention of CSS even for laudable goals threatens to undermine [the] confidence [that CSS will protect DVDs against massive infringement].
For more coverage, see:
Seth Finkelstein
(DMCA censorware exemption win!) [CONGRATS SETH!]
Freedom to Tinker
(DMCA Exemptions Granted, Problems Remain)
A Copyfighter's Musings
(Copyright Office Grants Narrow Exemptions)
bIPlog
(Copyright Office Releases DMCA Exemption Hearing Ruling)
Furdlog
(DMCA Exemptions on Anti-Circumvention)
EFF
(Librarian of Congress Fails Public Interest in Copyright Regulation)
IP Justice
(US Copyright Office DMCA Ruling Issued: Consumers Still Unable to Make Lawful Use of Digital Media)
UPDATE 1730 PT
The Censorware Project
(Censorware Exemption to DMCA Anti-circumvention Provisions In Effect For Another Three Years)
UPDATE 1910 PT
C|Net News
(Feds grant DMCA exceptions)
Slashdot
(Librarian of Congress Posts DMCA Exemptions)
UPDATE 0250 PT 29 OCT 2003
WIRED
(New Ways to Skirt DMCA … Legally!)
There is a nice little satire of the Swarthmore/Diebold link scandal being hosted on a Georgetown server (The Diebold Memos are NOT here).
SiliconValley.com is running an AP wirestory on the Swarthmore/Diebold scandal (Diebold threatens publishers of leaked electronic-voting documents). Perhaps this story is finally going to break in the mainstream press and get the attention it deserves.
Of particular interest in this story are the following paragraphs:
Company spokesman Mike Jacobsen said the fact that the company sent the cease-and-desist letters does not mean the documents are authentic -- or give credence to advocates who claim lax Diebold security could allow hackers to rig machines."We're cautioning anyone from drawing wrong or incomplete conclusions about any of those documents or files purporting to be authentic," Jacobsen said.
Hmmmm ... Well, according to the DMCA, a proper notice-and-takedown letter must include (among other things) the following:
If the documents aren't authentic, then how can Diebold meet these burdens?
Unfortunately, this isn't as clear cut an issue as it should be, since one doesn't have to be too specific about which documents need to be taken down. Diebold can essentially claim that most of the documents (the non-incriminating ones) are copyrighted and that they don't have to show which specific documents need to be taken down, particularly if the archive file contains many documents. However, if various individuals post only a handful of the most incriminating documents ... then Diebold would be forced to claim that the documents were authentic, if they want those specific documents removed.
The Chronicle of Higher Education has an article on the electronic civil disobedience ongoing at Swarthmore and (now) eleven other colleges. Unfortunately, I can't link to the article on the Chronicle's site because a subscription is required. Fortunately, you can read the whole thing on Why War?'s site (Swarthmore Shuts Down Web Sites of Students Publicizing Company's Voting-Machine Memos).
Why War? reports that three more schools have joined the electronic civil disobedience campaign, bringing the current total to eleven schools (Targeting Diebold with Electronic Civil Disobedience).
Why War? reports that students from eight universities are now participating in the electronic civil disobedience campaign against e-voting machine manufacturer Diebold (Targeting Diebold with Electronic Civil Disobedience).
The mirrors are (when this was posted) here: USC, MIT and here, Purdue, University of Texas–Pan American, Amherst, Hampshire, RIT, Univ. of Evansville
Previous stories:
Swarthmore Actively Opposes E-Civil Disobedience Campaign
(Electronic) Civil Disobedience at Swarthmore
Swarthmore Crackdown on Protesting Students Reaches New Low
Reimerdes and Linking Re: Swarthmore
Finkelstein to Swarthmore - Don't Give in to Chilling Effects
Seth Finkelstein has published an email he has sent to Swarthmore's Dean Gross, asking him to resist the fear of liability and take a stronger stand in defense of freedom of expression (My letter to Swarthmore supporting fight against Diebold):
Yet I would say that Swarthmore, as an educational institution, is in fact extremely well-positioned to fight against Diebold. Though I'm not a lawyer, I'd claim that courts are generally extremely well-disposed to colleges in a situation such as this. The public interest and educational purpose aspect weigh very heavily, formally in a fair use copyright defense, and also informally in terms of making for a sympathetic presentation.
Seth Finkelstein pulls out the quotes on the legality of linking from the Universal v. Reimerdes (DeCSS) case in light of the recent decision by Swarthmore to stop all student webpage links to Why War? (Diebold memos and linking prohibitions at Swarthmore). This points out once again the large amount of foolishness in the Reimerdes decision. Nevertheless, Reimerdes was concerned with whether or not linking to a page that links to an anti-access control circumvention device was trafficking or not, and did not squarely address the issue of whether linking to a page that links to infringing content was actionable.
It would be quite a stretch to hold that linking to a page that links to infringing content is actionable, especially in case such as Diebold's memos where there are strong fair use and public policy arguments defending the posting of the allegedly infringing content itself. In any case, there is no justification whatsoever for Swarthmore to take down student websites that link to Why War? If courts could find ISPs liable for hosting third-party websites that link to a page that links to infringing content, what ISP wouldn't be liable? Swarthmore has gone far beyond simply being risk adverse.
According to the Why War? website, Swarthmore's crackdown on students engaging in Electronic Civil Disobedience has reached a new low (Targeting Diebold with Electronic Civil Disobedience). Now, Swarthmore is allegedly terminating the internet connection of any student who links to the Why War? website, which links to sites hosting the Diebold internal company memos. They are not only terminating the accounts of students who host the files, or the accounts of students who link to the files, but terminating the accounts of students who link to a political protest site that links to the files.
If the allegations are true, this is a tremendous violation of freedom of expression and academic freedom. Swarthmore should be deeply, deeply ashamed.
Previous stories:
Swarthmore Actively Opposes E-Civil Disobedience Campaign
(Electronic) Civil Disobedience at Swarthmore
UPDATE 1745 PT
EFF responds to one of Diebold's notice-and-takedown letters (Re: Diebold’s Copyright Infringement Claim). via Copyfight
UPDATE 2 1840 PT
It Gets Weirder
I have spoken with the student whose website was shutdown. According to the student, his website was redirecting to the Why War? website before it was taken offline. After it was taken offline, he was informed by a member of the Swarthmore IT department that it was the new policy of Swarthmore that students were no longer permitted to link to the Why War? website using HTML anchor tags. However, they could point to the Why War? with plain text, as so: http://www.why-war.com/
See the current page of the student here.
UPDATE 3 1900 PT
I have spoken with a member of Swartmore's IT department and can confirm that two student pages have been shutdown for linking to a page on Why War?'s website that linked to the Diebold files. Swarthmore is currently re-evaluating its linking policy, but until they are satisfied that they cannot be held liable, students are asked to only post plain text that points to the Why War? website.
As noted yesterday ((Electronic) Civil Disobedience at Swarthmore), students at Swarthmore have begun an electronic civil disobedience action to keep on hosting internal memos about the security failings and knowledge of same from the electronic voting machine manufacturerer Diebold. Diebold has been waging a DMCA-based notice-and-takedown campaign to keep those damning memos off the internet. Students at Swarthmore have attempted to defeat this campaign by playing an organized game of whack-a-mole, as volunteers take over hosting once a current host receives a notice-and-takedown letter.
Yesterday afternoon, the students met with Swarthmore's Dean. Rather than provide support for, or at least take no action against, the students, Swarthmore has decided to cooperate with Diebold. According to the (Campaign Update: Day Two), it seems that Swarthmore is pre-emptively disabling the network accounts of any student hosting the files. Although the post is somewhat unclear it seems that Swarthmore intends to shut down all network access for a student hosting the files, even if that particular student has not yet been challenged by Diebold. This seems to be a very risk adverse position for the university to take and counter to its academic mission. Certainly, the university is under no obligation to shut down all network access to the protesters, but merely remove the offending files. Multiple violations by the same individual could be a different concern, but this is not what is being alleged. Furthermore, it is not clear to me that Swarthmore has a legal obligation to actively take down websites prior to notification by the alleged copyright holder. I can't say for sure without some more review, but I believe the DMCA safe harbor provisions would provide plenty of protection if the university merely waited for the inevitable notice-and-takedown letters to arrive before taking action.
In any case, in response, the two student groups behind the protest, Why War? and Swarthmore Coalition for the Digital Commons (which no longer appears to be functioning), have decided to take two different paths. Why War? will continue hosting the files, while the SCDC has taken down the files but will face Diebold in court.
This looks to be a very interesting action on both sides.
WIRED reports on the clever and brave Swarthmore Students who have vowed to keep electronic voting machine maker Diebold's internal memos concerning security flaws in their systems online despite a rash of cease and desist orders (Students Fight E-Vote Firm). The memos, which detail some shady goings on at Diebold concerning their selling of insecure systems to various states, were leaked (or illicitly taken from a Diebold server by a hacker) and provided to e-voting activists and journalists. Subsequently, Diebold has been prolifically sending out notice-and-takedown letters under the DMCA claiming copyright violation in publishing the memos.
Most respondents, unable to contest a copyright suit, have taken down the memos, although one ISP has refused to comply with a notice-and-takedown letter regarding a page that didn't host, but linked to the memos (ISP Rejects Diebold Copyright Claims Against News Website). Now, however, students from Why War?, a nonprofit student organization at Swarthmore, and the Swarthmore Coalition for the Digital Commons (which is modeled on and inspired by the EFF), have developed and are implementing a clever (if not entirely legal) way to get around the DMCA's notice-and-takedown provisions, which they call an "electronic civil disobedience campaign".
Essentially, the students are playing an organized game of whack-a-mole. Each time one of the students receives a notice-and-takedown letter, they move the memos to another student's machine. The memos can always be found through links on the Why War? and SCDS websites.
The only real way for Diebold to stop this is to start suing students. Though Diebold might be successful in a lawsuit (though that isn't guaranteed, there are some decent fair use defenses here), they would certainly lose in the court of public opinion.
Slashdot readers comment on the Swarthmore students' press release (Swarthmore Students Keep Diebold Memos Online).
The students will apparently be meeting with Dean Robert Gross this afternoon, according to this comment on how to help the students (How to Help Us - 3 Steps).
Go Swarthmore Students!
The New York Times (reg. req.) has an interesting article on the growing "gray market" in college textbooks (Students Find $100 Textbooks Cost $50, Purchased Overseas). Apparently the exact same textbooks used by colleges in the United States are being offered for sale overseas at substantial discounts, often around 50%. Consequently, arbitrage booksellers are taking advantage of the price discrepancy, such as BookCentral.com (motto: "Brand New Textbooks, Used Prices"). The legality of this was affirmed by the Supreme Court in 1998 in Quality King Distributors, Inc. v. L'Anza Research Int'l, Inc.. The arbitrage is quite substantial:
At one prestigious university, a sophomore imported 30 biology books from England this fall and sold them outside his classroom for less than the campus-bookstore price, netting a $1,200 profit. Next semester, if all goes well, he plans to expand the operation.
We've already seen a great deal of this sort of arbitrage in the drug market, where US residents are buying drugs from Canada, for example, at prices much lower than are available in the United States. The drug importation arbitrage is based on patent law instead of copyright, but the principle is the same.
The policy arguments on behalf of the drug companies and textbooks publishers are similar, except, at least in the case of drugs, there is a quasi-plausible argument that Canadian drugs aren't quite as safe. What can you say about reimported textbooks? Essentially, the argument is that intellectual property goods cost a great deal to produce and price discrimination is necessary in order to allow the holder of the intellectual property rights to gain sufficient return.
This argument carries some weight, but what are we to do about it? Why should struggling US college students (or drug-requiring patients) be the ones to subsidize the production of such goods for students (or patients) in other countries?
Interestingly, it has been the entertainment industry that has been the most successful at foiling the gray market, through "region control" systems that are protected by the DMCA.
Uber-Cyberprof Michael Geist of the University of Ottawa and author of the most excellent BNA Internet Law News (its free to subscribe, so do it), has written a great commentary for the Toronto Star on the increasing use of free trade agreements to ratchet up the protections of intellectual property law (Why we must stand on guard over copyright). In a serendipitous coincidence, just today IP Justice issued a report detailing such practices in the proposed FTAA (IP Justice on IP in the Free Trade Area of the Americas Treaty). Prof. Geist's article is a succinct overview of the issues and the IP Justice white paper points out the unfortunate particulars of an egegious case.
IP Justice has published a white paper on the intellectual property aspects of the Free Trade Area of the Americas (FTAA) process, which is an attempt to create a single free trade agreement for the Western Hemisphere. Read the press release (FTAA Treaty Chapter on IP 'Threatens Freedom and Free Trade'). Read the white paper (IP Justice White Paper).
The proposed language of the agreement has a number of serious flaws, including (but certainly not limited to) enhanced criminal penalties, a super-DMCA provision, reduced scope for fair use, and database protection elements.
The proposed treaty is supposed to be complete by January 2005 and go into effect December 2005. Now is not too early to let your representatives and others know what a bad idea the intellectual property elements of the treaty are.
This coming Saturday (10/18 at 10 pm ET) the TechTV show Unscrewed will feature Screen Savers resident hacker/associate producer Kevin Rose demonstrating how to mod an Xbox (Mod Your Xbox, Interview With the Vampire, Search Sperts). You can read more about the Xbox segment here (Mod Your Xbox). The mod being shown on the show is a chip mod, which means that you have to physically modify your Xbox with a microchip (there are alternative ways to modify certain Xboxes through the use of software only). Of course, trafficking in such chips or using them is likely to be a violation of the DMCA and possibly copyright infringement as well. In any case, it certainly voids the warranty.
via Boing Boing
