Boing Boing reports on two stories that underscore a victory for everyone.

This first is that the University of Nebraska sent a bill to the RIAA requesting that it, the RIAA, pay for the cost of finding out which students are file-sharing. The RIAA has, for the last several years, been sending notices to universities demanding that they help identify file-sharers. According to the article, the University of Wisconsin told the RIAA to get lost and said they would only turn over such records if compelled to do so by a subpoena. (This is the correct course of action, by the way. So far, the RIAA hasn't had a good track record in its quest to destroy people for downloading music, so it's in the institution's best interests to take the case to court, rather than continue to be the narc for the RIAA.)

The article brings up a good point: a university is in the business of educating students, not ratting them out. Most modern networks use DHCP, anyway, which dynamically assigns IP addresses for a specified amount of time, so determining someone's identity by IP address is useless unless you know exactly who had that IP address at the specified time. (Not to mention that there are other flaws with this system. For example, a file-sharer could have unknowingly connected to someone else's open wireless router and shared music that way. Even if the owner of the wireless router didn't do anything wrong, the Internet sees only one IP address and therefore it is assumed that the owner is the one doing the sharing.)

Anyway, if the RIAA wants a university to engage in hunting down students, that's fine -- as long as the RIAA compensates the university for the time spent "getting" students and not maintaining a network for the purpose of education. The university has nothing to fear from the RIAA, as the university isn't guilty of vicarious infringement, since it has no way of knowing who is sharing when. Miami University had firewalls and packet-inspecting devices in place not because they were concerned about infringement, but because they were concerned about (1) the huge amount of bandwidth used by Internet-connected filesharing; and (2) the security risks associated with using applications like Kazaa, Limewire, Morpheus, etc. (which spread viruses like wildfire at Miami).

Next story: a federal judge invalidated the Child Online Protection Act, another "save the children" piece of legislation that is designed to block children from viewing porn but ends up instead depriving consenting adults of access to (1) legal pornography that is their right to view; and (2) legal erotic material that has "substantial literary, artistic, political, or social value."

According to the article from CNN:

The law would have criminalized Web sites that allow children to access material deemed "harmful to minors" by "contemporary community standards." The sites would have been expected to require a credit card number or other proof of age. Penalties included a $50,000 fine and up to six months in prison.

Sexual health sites, the online magazine Salon.com and other Web sites backed by the American Civil Liberties Union challenged the law. They argued that the Child Online Protection Act was unconstitutionally vague and would have had a chilling effect on speech.

The U.S. Supreme Court upheld a temporary injunction in 2004 on grounds the law was likely to be struck down and was perhaps outdated.

While "contemporary community standards" is a phrase that is part of modern First Amendment jurisprudence, "harmful to minors" is not, and indeed is a very subjective and vague phrase. The major test for determining whether or not an action unduly impinges upon freedom of speech is to ask whether or not there exists a less invasive alternative -- either via statute or not -- that does the same thing. Turns out there's a thing called parents that is less invasive and does the same thing. For an administration that's all about less government, a law that revokes adults' rights in the name of protecting children seems a little contradictory.

Posted by Mark at 2:01 PM | Permalink | Comments (0) | TrackBacks (0)

Demanding that YouTube remove 160,000 videos last month clearly wasn't enough. Viacom International, the parent company of MTV, Comedy Central, and Paramount, is suing Google -- YouTube's parent company -- to the tune of ... one billion dollars!

The suit, filed in the U.S. District Court for the Southern District of New York, alleges, "YouTube has harnessed technology to willfully infringe copyrights on a huge scale, depriving writers, composers and performers of the rewards they are owed."

The key word here is willfully. Did YouTube "willfully" -- and not merely negligently -- infringe upon Viacom's copyrights? If it had willfully done so, then why did it comply with Viacom's DMCA takedown requests?

The key case here will most likely be MGM v. Grokster, 04-480 (2005), where the U.S. Supreme Court held that "one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties." In other words, the failure to foresee that a device may be used for infringement in the future is neither contributory nor vicarious infringement. The creation of a device specifically for the purpose of infringing is an act of contributory or vicarious infringement. YouTube has "substantial non-infringing uses," including distributing licensed content as well as content in the public domain. Therefore, we can conclude, based on that fact, that YouTube was not created specifically for the purpose of infringing.

But what about when the manufacturer is aware that infringement is happening by way of his or her device? The Court addressed that, as well:

Accordingly, just as Sony did not find intentional inducement despite the knowledge of the VCR manufacturer that its device could be used to infringe, mere knowledge of infringing potential or of actual infringing uses would not be enough here to subject a distributor to liability. Nor would ordinary acts incident to product distribution, such as offering customers technical support or product updates, support liability in themselves. The inducement rule, instead, premises liability on purposeful, culpable expression and conduct, and thus does nothing to compromise legitimate commerce or discourage innovation having a lawful promise.

There is no evidence to indicate that YouTube ever actively encouraged users to pirate content.

Furthermore, the Court held in MGM that, in order to be found guilty of contributory or vicarious liability, a manufacturer must have "had specific knowledge of infringement at a time when they contributed to the infringement and failed to act upon that information." Again, Viacom demanded that 160,000 specific videos be removed from YouTube, and YouTube complied.

Viacom's argument is incredibly weak, and this looks like a ploy for (1) media attention, or (2) an attempt to get a settlement out of Google. Google, however, is smart enough and has enough money that it may just take this case to court in order to get a ruling which says that Viacom is crazy. People who accuse others of infringement love out-of-court settlements, because it means that they don't have to go to court, where most infringement-accusers end up losing and then set a precedent for allowing other infringement suits to be thrown out in the future.

Posted by Mark at 10:38 AM | Permalink | Comments (0) | TrackBacks (0)

The Bush administration's response to critics of the USA PATRIOT Act was always something on the order of, "Don't worry; we're going after only the terrorists. We'll respect your rights. Everything's fine!"

Actually, appearing at a campaign event in Buffalo, NY in April 2004, the president said, "When we're talking about chasing down terrorists, we're talking about getting a court order before we do so. It's important for our fellow citizens to understand, when you think Patriot Act, constitutional guarantees are in place when it comes to doing what is necessary to protect our homeland, because we value the Constitution."

One of the USA PATRIOT Act's requirements is that the FBI report to Congress annually on the ways in which it has used its expanded powers; specifically, the FBI must report on the number of times it has issued "national security letters," which are search warrants with built-in gag orders. If you receive a national security letter, (1) the FBI demands access to confidential information that you have about someone else; and (2) you're not permitted to discuss what information the FBI wanted, or even disclose the fact that the FBI was there and gave you a national security letter.

As of yet, however, the FBI has not fully reported to Congress on its use of national security letters, which automatically -- and without judicial oversight -- grant the FBI access to information that would normally require a search warrant, as long as the FBI believes the information to be relevant "to an ongoing investigation" in The War on Terr'.

That's all changed. The FBI reported to Congress yesterday, and it doesn't look pretty.

Actually, it wasn't even the FBI, under its USA PATRIOT Act requirements, that did the reporting. It was the Justice Department's Inspector General! (How long until he gets canned for "performance-related" reasons, consisting of competently doing a job that happens to rankle the people upstairs?)

The Inspector General found that "FBI agents sometimes demanded the data without proper authorization," and "the FBI improperly obtained telephone records in non-emergency circumstances." The Inspector General's 126-page audit also found that national security letters were sometimes signed by people who were not authorized to sign national security letters. Interestingly, the use of national security increased by a factor of six and-a-half from 2000 to 2005. In 2000, the FBI issued 8,500 letters; in 2005, it issued -- wait for it -- 56,000 national security letters! Were there really that many more suspected terrorists hanging out in the United States?

Sen. Arlen Specter (R-PA), former chairman of the Senate Judiciary Committee and -- gasp! a Republican who defends civil liberties! -- was upset by these findings. "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized," he said.

Attorney General Alberto Gonzales and FBI Director Robert Mueller both issued prosaic statements commending the Inspector General for doing his job. At least someone will protest if he suddenly "loses the confidence" of the Attorney General and gets mysteriously fired for doing a job that is politically inconvenient for the Bush administration.

Posted by Mark at 9:20 AM | Permalink | Comments (0) | TrackBacks (0)

In 1998, the U.S. Congress passed -- and President Clinton signed -- the Digital Millennium Copyright Act, one of the most horrific pieces of legislation to come out of the swamp along the Potomac.

The DMCA set up a bunch of ridiculous copyright restrictions, not the worst of which was making it a crime to break any copy-protection for any reason at all. This means that, if a content provider has disabled access to content above and beyond the restrictions of the law, you have to break the law -- that is, the DMCA -- in order to exercise your rights under the law. Federal judges have found the DMCA to be anticompetitive (in that it allows companies to lock down content and make themselves the sole vendor of services for a particular product, which is antitrust) and contrary to the public good (the DMCA errs on the side of protecting intellectual property over benefiting the public; in StorageTek v. CHE, a federal circuit court of appeals wrote, "[T]he DMCA must be read in the context of the Copyright Act, which balances the rights of the copyright owner against the public’s interest in having appropriate access to the work").

Ten years later, Congress -- which gets more money than you might think from content providers like The Walt Disney Co. -- decided to clean up the DMCA. In steps H.R. 1201, the FAIR USE Act, which simulatenously tries to fix the DMCA and continues the annoying trend of using cutesy acronyms as titles of bills.

Things it does:

• Puts into cold, hard legislation the language of 1984's Sony v. Universal, which held that any device that was capable of "substantial non-infringing uses," even if it could be used to also infringe upon copyright, was not an illegal device on its face.
• Makes it not a crime to break copy-protection in instances in which breaking the copy-protection is required to exercise the rights you had anyway, but lost because a private content-provider decided it didn't want you to have them, including breaking copy-protection on works that are in the public domain (and are thus not subject to copyright law).
• Places limits on statutory damages from infringement, so that groups like the RIAA can't demand outrages sums of money for copyright infringement.

Great! But as Ars Technica pointed out when the bill was released on Feb. 27, there's more work to be done. While I disagree with their statement that the FAIR USE Act does not make "any 'fair use' of digital goods legal, regardless of anti-circumvention laws" (which, clearly, it does; cf. §3(b), in which exemptions are made for fair use and archival purposes), I do agree that the bill doesn't go far enough in that it does not allow for "making personal use copies of encrypted materials."

Nevertheless, it's a step in the right direction.

Posted by Mark at 12:16 PM | Permalink | Comments (0) | TrackBacks (0)

SAN FRANCISCO -- Two days ago, a 75-foot section of Telegraph Hill (near North Beach) slid down the hill, requiring the demolition of six buildings nearby that were no longer structurally sound. That section of Telegraph Hill must have eroded.

Not unlike our civil liberties.

I've read no fewer than three stories online today that have made my blood turn cold.

From Boing Boing, the story of the Department of Homeland Security's attempts to mandate government-issued identification in order to board planes or enter federal courthouses. This is part of the REAL ID Act, a piece of legislation that was sneakily inserted into an omnibus spending bill last year. The Act creates federal requirements for state-issued identification -- including conglomerating the data into a national database -- effectively creating a national ID card.

Also from Boing Boing, apparently when you take pictures of the police, and they don't like it, they're allowed to slam you to the ground and threaten to use a Taser.

From CNet, the Bush administration is waving its flag of less government intrusion by engaging in ... more government intrusion! Under the traditional guise of "save the children," the administration wants to require websites that allow uploads of photos or videos to keep detailed records of who uploads the photos or videos, in case the police need to investigate illegal content. The administration also wants to allow the Attorney General to dictate national data retention policies and wants packet-switching devices designed with built-in backdoors for easier eavesdropping.

Posted by Mark at 5:01 PM | Permalink | Comments (0) | TrackBacks (0)