The New York Times' technology blog, BITS, discusses why DMCA takedown notices being sent to universities around the country are stupid. Under the Digital Millennium Copyright Act (DMCA), a party that feels its content is being infringed need only suggest that infringement may be going on and may then send a "takedown notice" to the infringing party's internet service provider. There are no evidentiary requirements and no standard of doubt (no "probable cause," no "reasonable doubt," not even "preponderance of the evidence"), so the owner of a copyrighted work can send a takedown notice — and the ISP can comply — even if the content isn't legally infringing. Under the DMCA, an accusation of infringement is enough to get ISPs — which largely don't know the law and are afraid of getting into legal wrangling — to turn off the Internet pipes to the infringer.

From the article:

Many universities pass those letters directly on to students without questioning the veracity of the allegations. The R.I.A.A. in particular follows up some of those notices by threatening legal action and forcing alleged file-sharers into a financial settlement.

But the study, released Thursday by Tadayoshi Kohno, an assistant professor, Michael Piatek a graduate student, and Arvind Krishnamurthy, a research assistant professor, all at the University of Washington, argues that perhaps those takedown notices should be viewed more skeptically.

The paper finds that there is a serious flaw in how these trade groups finger alleged file-sharers. It also suggests that some people might be getting improperly accused of sharing copyrighted content, and could even be purposely framed by other users.

The RIAA and MPAA, the trade organizations for the music and movie industries, respectively, have successfully lobbied to have Congress place line-items into federal university funding legislation requiring public universities to police their networks for copyright infringers and/or allow the RIAA and MPAA to have access to their networks to catch infringers. This is incredibly stupid because of (1) the privacy issues concerned (after all, FERPA strictly limits disclosure of student records to only the student, if the student is over 18) and (2) the fact that colleges are not in the business of policing for copyright violations. The article demonstrates how the RIAA and MPAA's own tools for finding violations can be easily misdirected, resulting in false positives.

Last year, the University of Nebraska agreed to comply with RIAA requests to hunt down file-sharers — for a price. The university estimated that it cost them $11 per accusation to find the culprit, and that if the RIAA wanted them to do a job that wasn't theirs to begin with, the university would charge the RIAA for it.

Posted by Mark at 3:54 PM | Permalink | Comments (0) | TrackBacks (0)

Laws make sense and are enforceable only if they don't prohibit activities we do every day. A law prohibiting taking showers wouldn't make much sense because people need to shower. In that case, people would take showers and risk being arrested, as the necessity for a shower is greater than the fear of arrest. In this article via Boing Boing, John Tehranian writes for the Utah Law Review on the disconnect between what we do everyday with intellectual property and what is being outlawed by rights-holders. Tehranian says that the demands of rights-holders are ridiculous, and if the law were enforced 100% of the time, we would all be liable for millions of dollars' worth of copyright infringement:

There is nothing particularly extraordinary about John’s activities. Yet if copyright holders were inclined to enforce their rights to the maximum extent allowed by law, he would be indisputably liable for a mind-boggling $4.544 billion in potential damages each year. And, surprisingly, he has not even committed a single act of infringement through P2P file sharing. Such an outcome flies in the face of our basic sense of justice. Indeed, one must either irrationally conclude that John is a criminal infringer—a veritable grand larcenist—or blithely surmise that copyright law must not mean what it appears to say.

Have you ever whistled a song in public? Copied an email or article without attribution? You've committed a crime. Bad laws turn otherwise law-abiding citizens into criminals for no good reason. Strengthening copyright laws isn't better for society and it certainly doesn't increase a content provider's likelihood of continuing to provide you with content in the future. It just nets them money from lawsuits. If the RIAA were really concerned about infringement, they wouldn't have a settlement hotline. Instead, they function like the Mexican police ("How much you got?"), settling for whatever people have instead of what they are "legally" entitled to.

Posted by Mark at 1:39 PM | Permalink | Comments (0) | TrackBacks (0)

On Monday, Microsoft released a statement (or a press release? Or something?) claiming that Linux -- the Unix-derived open-source operating system developed by Linus Torvalds and countless others around the world -- infringes on 235 patents held by Microsoft. The IT world, which consists largely of Linux devotees, scoffed at Microsoft's claims. Torvalds, in an interview with Information Week, said that Microsoft's assertions don't hold water. Why? Because Microsoft chose the Court of Public Opinion as the location for this battle, not a court of law. It's because, says Torvalds, "They'd have to name the patents then, and they're probably happier with the FUD than with any lawsuit." FUD stands for "fear, uncertainty, and doubt" and is a marketing technique designed to make a consumer doubt the competition's product. Here, Microsoft's claims of patent infringement are designed to scare away potential Linux users, who might have considered using Linux as a viable, production operating system but will now be so scared by the prospect of patent infringement lawsuits that they'll turn tail and run, ostensibly to Microsoft.

Patent infringement suits are about three things: (1) taking down the competition, (2) setting an example for other companies, and (3) maybe making some scratch in the process. SCO, the patent-holding company that currently owns the rights to Unix (which was actually invented by AT&T/Bell Labs in 1970), tried this tactic with Linux, insisting that Linux contained code drawn from Unix. SCO wanted royalties. This was how they financed themselves: selling "licenses" to software they owned and suing companies that refused to buy these licenses. SCO had been successful in getting smaller companies to settle out-of-court, but then it took on more that it could handle: IBM. IBM used Linux extensively and even developed its own proprietary Linux distributions. Rather than settle out-of-court, IBM was willing to go all the way with SCO. SCO was unable to actually prove that Linux contained Unix code and thus was forced to drop the suit.

Microsoft's tactic is different. Rather than make money from Linux, it would like to destroy Linux. In a May 2007 survey, Netcraft reported that 56% of web servers ran Apache, a web server program that runs on Linux. (It also runs on Windows, but a lot less well.) Apache's next-biggest competitor was Microsoft, whose IIS program commanded only 31.49% of the web server market. Why does Microsoft lose market share to Linux? A couple of reasons:

1. Price. Linux distributions -- even enterprise-level ones that cost money -- don't cost as much as Windows Server. Not factoring in crazy volume discounts, Windows Server 2003 R2 costs $1,000 in its "standard" version. Red Hat Linux, by contrast, costs $349. Several countries -- that's countries are moving to adopt Linux as the government standard because it's cheaper.
2. Customization. Linux is infinitely customizable because users have access to make crazy modifications if they want. Microsoft is completely closed off. No one is allowed access to the source code. Microsoft has said that Windows Vista Server's code will be a "black box" that no one will ever have access to. Ostensibly, this makes it less hackable. Except that it doesn't.
3. IT people don't need colors. Part of the reason Microsoft proliferates in the desktop environment is its ease of use. Linux is a little harder to use, but IT folks don't care; they can adapt to anything, and if it's cheaper, all the better.
4. Open standards. Linux uses open-source standards, whereas all of Microsoft's stuff is closed-source. This means that one day, Microsoft can decide to withhold your information from you until you cough up some more money, because only Microsoft has the keys to what it's locked you out of.

Posted by Mark at 9:37 AM | Permalink | Comments (0) | TrackBacks (0)

Demanding that YouTube remove 160,000 videos last month clearly wasn't enough. Viacom International, the parent company of MTV, Comedy Central, and Paramount, is suing Google -- YouTube's parent company -- to the tune of ... one billion dollars!

The suit, filed in the U.S. District Court for the Southern District of New York, alleges, "YouTube has harnessed technology to willfully infringe copyrights on a huge scale, depriving writers, composers and performers of the rewards they are owed."

The key word here is willfully. Did YouTube "willfully" -- and not merely negligently -- infringe upon Viacom's copyrights? If it had willfully done so, then why did it comply with Viacom's DMCA takedown requests?

The key case here will most likely be MGM v. Grokster, 04-480 (2005), where the U.S. Supreme Court held that "one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties." In other words, the failure to foresee that a device may be used for infringement in the future is neither contributory nor vicarious infringement. The creation of a device specifically for the purpose of infringing is an act of contributory or vicarious infringement. YouTube has "substantial non-infringing uses," including distributing licensed content as well as content in the public domain. Therefore, we can conclude, based on that fact, that YouTube was not created specifically for the purpose of infringing.

But what about when the manufacturer is aware that infringement is happening by way of his or her device? The Court addressed that, as well:

Accordingly, just as Sony did not find intentional inducement despite the knowledge of the VCR manufacturer that its device could be used to infringe, mere knowledge of infringing potential or of actual infringing uses would not be enough here to subject a distributor to liability. Nor would ordinary acts incident to product distribution, such as offering customers technical support or product updates, support liability in themselves. The inducement rule, instead, premises liability on purposeful, culpable expression and conduct, and thus does nothing to compromise legitimate commerce or discourage innovation having a lawful promise.

There is no evidence to indicate that YouTube ever actively encouraged users to pirate content.

Furthermore, the Court held in MGM that, in order to be found guilty of contributory or vicarious liability, a manufacturer must have "had specific knowledge of infringement at a time when they contributed to the infringement and failed to act upon that information." Again, Viacom demanded that 160,000 specific videos be removed from YouTube, and YouTube complied.

Viacom's argument is incredibly weak, and this looks like a ploy for (1) media attention, or (2) an attempt to get a settlement out of Google. Google, however, is smart enough and has enough money that it may just take this case to court in order to get a ruling which says that Viacom is crazy. People who accuse others of infringement love out-of-court settlements, because it means that they don't have to go to court, where most infringement-accusers end up losing and then set a precedent for allowing other infringement suits to be thrown out in the future.

Posted by Mark at 10:38 AM | Permalink | Comments (0) | TrackBacks (0)

In 1998, the U.S. Congress passed -- and President Clinton signed -- the Digital Millennium Copyright Act, one of the most horrific pieces of legislation to come out of the swamp along the Potomac.

The DMCA set up a bunch of ridiculous copyright restrictions, not the worst of which was making it a crime to break any copy-protection for any reason at all. This means that, if a content provider has disabled access to content above and beyond the restrictions of the law, you have to break the law -- that is, the DMCA -- in order to exercise your rights under the law. Federal judges have found the DMCA to be anticompetitive (in that it allows companies to lock down content and make themselves the sole vendor of services for a particular product, which is antitrust) and contrary to the public good (the DMCA errs on the side of protecting intellectual property over benefiting the public; in StorageTek v. CHE, a federal circuit court of appeals wrote, "[T]he DMCA must be read in the context of the Copyright Act, which balances the rights of the copyright owner against the public’s interest in having appropriate access to the work").

Ten years later, Congress -- which gets more money than you might think from content providers like The Walt Disney Co. -- decided to clean up the DMCA. In steps H.R. 1201, the FAIR USE Act, which simulatenously tries to fix the DMCA and continues the annoying trend of using cutesy acronyms as titles of bills.

Things it does:

• Puts into cold, hard legislation the language of 1984's Sony v. Universal, which held that any device that was capable of "substantial non-infringing uses," even if it could be used to also infringe upon copyright, was not an illegal device on its face.
• Makes it not a crime to break copy-protection in instances in which breaking the copy-protection is required to exercise the rights you had anyway, but lost because a private content-provider decided it didn't want you to have them, including breaking copy-protection on works that are in the public domain (and are thus not subject to copyright law).
• Places limits on statutory damages from infringement, so that groups like the RIAA can't demand outrages sums of money for copyright infringement.

Great! But as Ars Technica pointed out when the bill was released on Feb. 27, there's more work to be done. While I disagree with their statement that the FAIR USE Act does not make "any 'fair use' of digital goods legal, regardless of anti-circumvention laws" (which, clearly, it does; cf. §3(b), in which exemptions are made for fair use and archival purposes), I do agree that the bill doesn't go far enough in that it does not allow for "making personal use copies of encrypted materials."

Nevertheless, it's a step in the right direction.

Posted by Mark at 12:16 PM | Permalink | Comments (0) | TrackBacks (0)

Remember two years ago, when Marvel, creator of Spider-Man, X-Men, and a bunch of other comic book characters, sued NCSoft, maker of the MMPORPG City of Heroes? Marvel alleged that players of City of Heroes were creating superheroes that were infringingly close to characters copyrighted by Marvel. The case was thrown out when it was discovered that Marvel was creating Marvel-like characters and then complaining that the game allowed the creation of such characters. Since no actual damage could be demonstrated, the case was thrown out.

Now, Marvel wants, in the words of Cory Doctorow, to continue putting ideas "in a lock-box to which it will control the key." In 1981, Marvel and DC Comics jointly filed to trademark the word "super hero." If this isn't the most asinine thing I've read so far this year, then it's pretty close. No one has really discovered this fact until now, when Marvel's press releases for a "science of super heroes" exhibit at the California Science Museum in Los Angeles contained the ubiquitous "TM" after the word "super heroes."

A Los Angeles Times op-ed points out why this is a terrible idea:

In trademark law, the more unusual a term, the more it qualifies for protection. We would have no quarrel with Marvel and DC had they called their superheroes "actosapiens," then trademarked that. But purely generic terms aren't entitled to protection, at least in theory. The reason is simple: Trademarks restrict speech, and to put widely used terms under private control is an assault on our language.

Once a trademark is granted, it remains in effect until someone proves to the feds that the term has lost its association with a specific brand, as happened with "cellophane" and "linoleum." That's why Johnson & Johnson sells "Band-Aid brand adhesive bandages," not simply Band-Aids(TM).

Why is a word trademarked? So that people will associate a particular word with a particular company or product and buy more of that product. This gives the company incentive to create more of this product, which is theoretically good for everyone.

Marvel is doing no such thing. It is using its legal leverage to shut out competitors:

The government's action means that any company wishing to market a comic book, graphic novel or related item with any variation of "super hero" in the name or title must get permission from Marvel and DC. Dan Taylor, the Costa Mesa-based creator of the "Super Hero Happy Hour" comic, learned about this absurdity two years ago when he was contacted by lawyers for Marvel and DC, prompting him to rename his series to the more pedestrian "Hero Happy Hour."

Patents, trademarks, and copyrights are granted to give an artist an incentive to continue producing art or inventions by giving him a monopoly on producing that art or those inventions. But corporations see copyrights, patents, and trademarks as doing something else: instead of innovating or competing in the "free market" that these corporations love to talk about, they get the government to step in and shut down their competition for them.

Take Lexmark, for example. Lexmark charges way too much for toner cartridges. So, another company steps in and takes advantage of Lexmark's poor business model and offers to refill toner cartridges for cheaper than Lexmark would. In a free market economy, Lexmark would have to lower the price of its toner cartridges if it wanted to stay competitive. But in a United States where ridiculous laws like the DMCA exist, Lexmark can call up the government and order its competition to shut down. How? Because the other company is infringing on a copyright held by Lexmark regarding a piece of software in the toner cartridge. Instead of sucking it up and changing an old-and-busted business model, Lexmark uses the law to stifle competition and continues using an old-and-busted business model. It's easier and cheaper to stifle than to innovate.

So it goes with Marvel and DC Comics. If you want superheroes, you have to come to us. Anything else isn't the same. The theory is that a comic without a "super hero" is somehow a comic of lesser quality; since only Marvel and DC can legally use the word "super hero," then anything that is not Marvel or DC is somehow of lesser quality. This is a horrible misuse of trademarks and I hope that someone takes Marvel and DC to court to shut down this blatant disregard for art, the law, and the public domain.

Posted by Mark at 12:29 PM | Permalink | Comments (0) | TrackBacks (0)

Four years ago, Amazon.com patented "One-Click Shopping." At about the same time, a British company patented the "hyperlink." Companies routinely patent ridiculous inventions or processes so they can use those patents as leverage in the future. Junk technology patents are so common that Slashdot even has a category just for junk patent stories. The patent system is broken, as a recent study revealed that there are mistakes in 98% of U.S. patents that might affect that patent's enforceability; but beyond those mistakes, patents are issued for things at are either clearly prior art (one of the things that is un-patentable is an invention that has already been widely used before you tried to patent it; this is called "prior art")

Here are some things that have been patented in the last year:

• Microsoft: "Pausing television programming in response to selection of hypertext link"
• Amazon: A system for allowing users to post reviews of products they have purchased
• Nintendo: A system that causes a video game character to hallucinate and became temporarily "insane"
• Amazon: "Contextual presentation of information about related orders during browsing of an electronic catalog"
• Amazon: "Using customer viewing histories to generate recommendations"

And, today, Cingular was awarded a patent for the emoticon:

The method and system described in the patent allows a user of a mobile phone (or other device) to select a displayable icon, such as an emoticon, that indicates the mood or emotion of the user or conveys other information independent of text. In some embodiments, the selected displayable icon is inserted into a text message or screen, such as an instant message, chat screen, or user text field.

Realistically, Cingular is not going to sue everyone who uses a smiley face in an IM conversation without paying them first, although that is now their right. Patents are used as leverage, but they can also be used to stifle innovation and create collusion. A sample conversation between an executive at Cingular and an executive at Yahoo:

Cingular: Hey, what's going on?

Yahoo: Oh, nothing much. There's a lot of problems with our software, but I decided to take the morning off. I'm playing Yahtzee now. Man, it's so hard to get a Yahtzee! It's like, I get four of a kind and then I can't get a fifth one, and I already have four of a kind, so I have to take a 0 for the Yahtzee.

Cingular: That's great. Listen: you heard that we got the patent for emoticons, right?

Yahoo: What? They actually awarded you that patent? I thought it was ridiculous when Amazon got the patent for customer reviews, but I guess anything's possible. Are you guys still spending lots of money defeating patent reform?

Cingular: Hells, yes! Innovation is expensive, and it costs me valuable time that I could be spending at the golf course or watching Desperate Housewives on my video iPod.

Yahoo: Desperate Housewives?

Cingular: Okay, so it was a screener copy of King Kong that I got from BitTorrent.

Yahoo: Wait a second -- isn't that illegal?

[Laughter.]

Cingular: Oh, man, you crack me up. Seriously, though: we've got the patent on emoticons and we were wondering something.

Yahoo: Yeah?

Cingular: We don't want you offering VoIP or anything like that Google Talk. If people start making phone calls over the Internet, then they won't pay us exorbitant cell phone fees on an archaic rate structure with Draconian penalties for doing anything we don't like.

Yahoo: Okay, but what's in it for us?

Cingular: Well, when we start our litigation against instant messaging companies for using emoticons without paying us, maybe . . . well, all I'm saying is that maybe Yahoo will be accidentally left off the list.

Yahoo: Ohh, I see. So, if we kill voice over the Internet so that you can retain your outdated business model, you won't sue us for using a technology that was dubiously patented by you?

Cingular: I wish you could see me touching my nose with my finger.

Yahoo: Well, since there's no voice calls over the Internet, there won't be any video calls over the Internet, so it looks like I'll never see it!

[Laughter.]

Cingular: Hey, you want to come over to my mansion in Sunnyvale tonight? We're going to invite Nokia over, ply him with whiskey, and then convince him to disable all the cool technology in his new phone unless the customer pays us an outrageous subscription fee.

Yahoo: Dude, that sounds awesome! But I can't; Microsoft, Google, and me are getting together to talk about how we can get a market foothold in Iran. We figure we'll just censor everything but the "death to Israel" websites.

Cingular: Oh, man, dude. I don't know; that sounds like more fun than beating up on Nokia.

Yahoo: Well, there's tons of totalitarian regimes that need Internet access. I'll call you next time we talk with one. Hey, we're going to visit Saudi Arabia next week. Wanna come?

Cingular: Awesome! I'll be there. Okay, I have to go write up a patent for using a non-Roman font to insert the letters of my sorority into my instant messenger profile. I'll talk to you later.

Yahoo: Okay, dude. Later.

Posted by Mark at 11:16 AM | Permalink | Comments (2) | TrackBacks (0)

The Motion Picture Association of America (MPAA) is being accused of illegally copying a film submitted to it for a rating. You'll recall, of course, that MPAA is one of the bodies behind more Draconian copyright infringement laws. But when it comes down to it, MPAA feels that the laws shouldn't apply to it, only to smaller entities that can't match MPAA's litigation power.

In the end, intellectual property disputes are all about who can out-sue who. Small companies that want to make money with ridiculous patents sue other small companies, which give in and settle out of court. This creates a war chest for the other company, which it will then use to sue larger companies. Cf. SCO, the company that holds the copyright on Unix, an operating system originally developed by AT&T in 1970. SCO makes its money licensing software and suing companies that refuse to license its software. SCO made a big mistake when it tried to sue IBM, alleging that IBM used Linux -- which allegedly contained code taken from Unix -- in some of its software distributions. SCO eventually dropped the case, though, when IBM refused to settle and SCO was unable to prove that Unix code was used in the creation of Linux. IBM, unlike the other companies SCO dealt with, called SCO's bluff, and SCO was forced to concede that it didn't have any winning cards.

How'd you like that poker metaphor?

The MPAA admitted making unauthorized copies of This Film Is Not Yet Rated, an expose of how the MPAA rating system works. (Incidentally, the rating system is very convoluted. Ratings are not enforcable by law, although they are enforcable by theater chains' own policies. As movie theater companies consolidate, diversity decreases. I think in the Berkeley/Emeryville/Oakland area, all the major theaters are owned by either United Artists -- a member of the Regal Entertainment Group, which includes Regal Cinemas, Edwards Cinemas, and the movie-ticket website Fandango -- or AMC. Many theater chains have a policy of not showing unrated films, meaning that if a director wants his film to be distributed commercially, he'll have to cough up the thousands of dollars required to get a rating from MPAA. This conglomeration of large theater chains allows MPAA to extort money out of anyone who wants to get a film distributed. Don't want to pay? Fine. You don't get a rating. And if you don't get a rating, then no one will show your film. This isn't such a problem for films produced by major studios, but if you're a more indie filmmaker, then the cost of getting a rating can be as much as the cost of your entire production.)

Posted by Mark at 1:16 PM | Permalink | Comments (0) | TrackBacks (0)

Via Slashdot comes an article from Groklaw about DRM's effects on computer security. If you've been following DRM stories for years, it's a good read. If you're a DRM novice who can't quite remember what "DRM" stands for, it's a good read. Author Victor Yodaiken sums up what DRM is and what content-providers want it to do.

At its core, DRM -- which stands for "digital rights management" -- is about control. Content providers want to control how you view their content and make sure that you don't use that content in a way that they don't want you to. Sometimes, this control is designed to prevent copyright infringement. Sometimes, it's designed to make the Internet and computers behave like old markets so that content companies don't have to innovate and create new business models.

But my favorite sentence from the whole article is this one: "DRM is being introduced as if there was no role for computers except as personal entertainment devices and as if computer users were purely consumers of prepackaged 'content.'" Sony-BMG introduced DRM into its CDs in December without any care as to how the DRM would affect computer security. All that Sony-BMG cared about was locking down content and preventing users from using the content in a way that Sony didn't want them to. And if users' security is compromised, Sony-BMG throws up its hands and says, "Not my problem."

And, finally, from Cory Doctorow's Microsoft DRM talk, here's an explanation of why DRM just doesn't work. In this example, Alice and Bob want to exchange messages without Carol intercepting those messages:

Enter keys: a cipher that uses a key is still more secure. Even if the cipher is disclosed, even if the ciphertext is intercepted, without the key (or a break), the message is secret. Post-war, this is doubly important as we begin to realize what I think of as Schneier’s Law: “any person can invent a security system so clever that she or he can’t think of how to break it.” This means that the only experimental methodology for discovering if you’ve made mistakes in your cipher is to tell all the smart people you can about it and ask them to think of ways to break it. Without this critical step, you’ll eventually end up living in a fool’s paradise, where your attacker has broken your cipher ages ago and is quietly decrypting all her intercepts of your messages, snickering at you.

Best of all, there’s only one secret: the key. And with dual-key crypto it becomes a lot easier for Alice and Bob to keep their keys secret from Carol, even if they’ve never met. So long as Alice and Bob can keep their keys secret, they can assume that Carol won’t gain access to their cleartext messages, even though she has access to the cipher and the ciphertext. Conveniently enough, the keys are the shortest and simplest of the secrets, too: hence even easier to keep away from Carol. Hooray for Bob and Alice.

Now, let’s apply this to DRM.

In DRM, the attacker is also the recipient. It’s not Alice and Bob and Carol, it’s just Alice and Bob. Alice sells Bob a DVD. She sells Bob a DVD player. The DVD has a movie on it – say, Pirates of the Caribbean – and it’s enciphered with an algorithm called CSS – Content Scrambling System. The DVD player has a CSS un-scrambler.

Now, let’s take stock of what’s a secret here: the cipher is well-known. The ciphertext is most assuredly in enemy hands, arrr. So what? As long as the key is secret from the attacker, we’re golden.

But there’s the rub. Alice wants Bob to buy Pirates of the Caribbean from her. Bob will only buy Pirates of the Caribbean if he can descramble the CSS-encrypted VOB – video object – on his DVD player. Otherwise, the disc is only useful to Bob as a drinks-coaster. So Alice has to provide Bob – the attacker – with the key, the cipher and the ciphertext.

Hilarity ensues.

DRM systems are broken in minutes, sometimes days. Rarely, months. It’s not because the people who think them up are stupid. It’s not because the people who break them are smart. It’s not because there’s a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn’t a secret anymore.

And that is the problem with DRM: the recipient of the message is also the "attacker," the person who is clandestinely trying to intercept the message. Content providers want people who buy DVDs to be able to watch those DVDs, but not take the content off those DVDs. DRM schemes as we know them are inherently screwy because, as Doctorow says, "they provide their attackers with the ciphertext, the cipher, and the key." It's very schizophrenic and it doesn't work. Either content providers have to completely lock down their content and prevent anyone from viewing it, or they have to remove the DRM and let the information be open to anyone. To do otherwise is to pretend that there is real security and real freedom, when in fact there is neither.

Posted by Mark at 9:52 AM | Permalink | Comments (4) | TrackBacks (0)

With its broadcast flag defeated in (1) court, because a court ruled that the FCC does not have the authority to regulate digital devices, and in (2) Congress, because Congress refused to take up the RIAA and MPAA's fight to have the FCC regulate digital devices, everyone thought that the content cartels had learned their lessons.

Not so much.

The Electronic Frontier Foundation has copies of draft legislation that would make it illegal to manufacture any analog-to-digital device that does not allow DRM restrictions to be placed on it. EFF refers to this as the "analog hole," since analog devices cannot, by their nature, be restricted in their use in the same way that a TiVo or an HDTV can, since the latter are digital devices. VCRs, cassette players, and non-digital televisions dabble in analog formats; that is, formats that use the properties of electrical or magnetic impulses (frequency and amplitude, e.g.) to store and transmit data. In this way, people can transfer copies of old VHS tapes to their computers by using some device that turns the analog signal into a digital signal (a signal that uses only electrical impulses themselves and not any properties of those impulses to store and transmit data; the impulse is either on or off, 1 or 0, with none of this amplitude or frequency stuff). A digital signal can then be stored on a device that stores digital information, like, oh, say, a computer hard drive, a CD, or a DVD. Up until now, Hollywood had no way of regulating analog-to-digital transmissions. But, with this legislation, they would have complete control over analog-to-digital devices.

No device that did not respect some sort of DRM scheme would be allowed to be sold. And guess who would decide on the DRM scheme? Yes, kids, your friends at RIAA and MPAA would decide on the DRM scheme. And if you think it won't be the most restrictive scheme possible, a scheme that goes way beyond the bounds of copyright law, you'd be kidding yourself and also possibly living in another universe.

The RIAA and MPAA's whole business model now is to be as restrictive as humanly (or technologically) possible. This means locking down content so that you can only view it or listen to it in exactly the way the MPAA or RIAA want you to view it or listen to it. If they don't want you to fast-forward, you won't be able to fast-forward. If they don't want you to be able to save the content for viewing later, you won't be able to save it for later. If they don't want you to be able to copy the content to a CD or DVD for your own personal use, you won't be able to do that. You will do only what record or movie industry executives want you to do. Not only will you like it, but you'll keep coming back for more, because the companies that constitute the RIAA and MPAA essentially have monopolies on content.

[Via Boing Boing, of course.]

Posted by Mark at 4:39 PM | Permalink | Comments (1) | TrackBacks (0)

If you're one of the misguided fools who believes that digital rights management (DRM) is a good idea, then what would you think if DRM were spyware?

Mark Russinovich's Sysinternals blog reveals that a CD published by Sony installed spyware on Russinovich's computer. The spyware, like all spyware, goes to great lengths to hide the fact that it exists and a uses Windows process-sounding name so that, in the event it is discovered, the user (who probably isn't very computer literate) thinks it's a legitimate Windows process that shouldn't be deleted.

Russinovich first became suspicious when he found evidence of a rootkit on his system. A rootkit is designed to hide files and processes from Windows. After doing a lot of stuff that I could never begin to understand, he discovered that the rootkit came from a company called "First 4 Internet." After doing some research (that part I understood), he found out that the software is DRM software and that First 4 Internet's clients are, among others, Sony. The DRM software is designed to hook into the computer's CD-ROM drivers. Delete the DRM files and your CD-ROM drive disappears from the list of devices.

The problems with this are many-fold. First, copyright law does not allow a company to hack your computer in order to protect its copyright. Second, as Russinovich notes, "the software is poorly written and provides no means for uninstall." The software can actually have an adverse effect on your computer. You are being punished when you purchase copy-protected music. Music industry executives have concluded that you will probably copy the music from the CD, which is your right to do as the buyer of the CD. They have further decided that you will probably share this copyrighted music with others, and to forestall such a thing from happening, they have taken measures above and beyond the bounds of copyright law to prevent you from sharing that music online. They have placed software on your system without your knowledge, and indeed, have gone to great lengths to hide from you the fact that such software is on your computer. If this software were to screw up your system, you would have no recourse. The software is unsupported and uninstallable. And it appears to be poorly written. Who knows what else it might do? Who knows how a hacker might exploit this software for his own nefarious use?

Don't buy music from Sony/BMG. The only way to stop DRM is to refuse to buy music from publishers who put DRM on their CDs. The only way the music cartel (and, in the sense that economists use the word as it applies to an oligopolistic market, the RIAA qualifies as a cartel) will listen is if they're hit in the pocketbook. Refusing to buy DRM-crippled music shows them that consumers will not tolerate being forced to use their legally purchased products at the pleasure of music industry executives.

[Via Boing Boing.]

Posted by Mark at 10:08 PM | Permalink | Comments (0) | TrackBacks (0)

How many people who have been sued by the RIAA have been innocent? The RIAA's tactics for finding file-sharers are sketchy, especially given that they use IP addresses to identify people. IP addresses, like email addresses, can be falsified and are unreliable. And yet the RIAA files thousands of "John Doe" lawsuits in which they name a defendant by IP address, then tell an ISP to find out the person's name. This is all without a subpoena or a warrant, by the way, because ISPs are pushovers. And so the RIAA identifies the person and basically blackmails them:

RIAA: Either you pay us some amount of money or we'll financially destroy you by putting you through expensive litigation.
Grandmother: But I never shared files.
RIAA: We don't care whether you shared files or not; our software says you did, and we refuse to acknowledge that our software could be wrong. Due process could reveal this fact, but you don't have the money for a trial, right?
Grandmother: Right. Ouch, stop kicking me in my hip. That's my bad hip.
RIAA: I'm afraid I can't stop kicking you in the hip. The DMCA allows me to kick you in the hip, so I'm going to do it. Also, I punched your cat and made it into a stew.

One woman, tired of being the object of frivolous litigation and secure in the knowledge that she didn't do anything wrong, is filing a counterclaim against the RIAA. Tanya Andersen "is a 42-year-old single mother of an eight-year-old daughter living in Tualatin, Oregon. Ms. Andersen is disabled and has a limited income from Social Security," says the counterclaim. The counterclaim further alleges that the RIAA's activities violate Oregon's Unlawful Trade Practices Act (ORS 646.605 et seq.), the Oregon Racketeer Influenced and Corrupt Organizations (RICO) Act (ORS 165.715 et seq.), and the federal Computer Fraud and Abuse Act (18 U.S.C. 1030).

Finally, someone is challenging the sketchy tactics of the RIAA. And it's significant that her lawyer chose to use Oregon's RICO Act, in part, to justify the counterclaim: RICO Acts were enacted for prosecuting mobsters. And that's precisely what RIAA is: the mafia, but legalized. They use the same strong-arm extortion tactics, and if you don't like them, then we'll inflict (financial) damage upon you. Hopefully, Ms. Andersen's example will spur other people to take the RIAA to court rather than give in to the mafia-like tactics of the RIAA's Settlement Support Center.

[Via Slashdot.]

Posted by Mark at 11:18 PM | Permalink | Comments (0) | TrackBacks (0)

A federal appeals court ruled in May that the FCC lacked the authority to institute a broadcast flag, but it said that Congress could require broadcast flags. Congress, not one to turn down bribes from the motion picture and recording industries, is hard at work crafting legislation that turns your digital TV, TiVo, or PC tuner into a slave of the MPAA or RIAA.

Here's what Dan Glickman, head of the MPAA, has to say about the broadcast flag:

The broadcast flag does not inhibit copying, nor does it prevent redistribution of programming over a personal home network--it only restricts unauthorized redistribution of programming over the Internet and other digital networks.

Dan Glickman is lying to you! The broadcast flag is not a thing whose function will be determined by Congress. The broadcast flag is like a checklist of things that you can't do with a particular program, and this legislation would require that any device capable of receiving a digital TV signal must respect that checklist. So, if a content provider doesn't want you to be able to time-shift the content (something that is your right to do), you won't be able to tape a show and watch it later. If a content provider doesn't want you to be able to format-shift the content (something that is your right to do), you won't be able to copy a show to your hard drive or to a DVD. ABC, CBS, Fox, Paramount, Warner Brothers, Sony, or whoever provides the content are the people who will check off within the broadcast flag what you can and cannot do with it.

So, in short, the broadcast flag inhibits whatever a content provider wants it to inhibit. And this can definitely (and will definitely) include copying and redistributing the programming over any network, whether it's local area network or Internet.

Do not believe what Dan Glickman says! Earlier in the year, legislators, having unsuccessfully introduced a broadcast flag law into Congress as a separate bill, tried to sneak it into an omnibus spending bill. Thankfully, it was removed by -- what's this? -- legislators who had some sense.

As EFF spokesman and Boing Boing contributor Cory Doctorow observed in a recent talk to engineers at Hewlett-Packard,

Copyright is a limited monopoly over the public copying, performance, display and adaptation of original works. Copyright governs the ability of commercial entities and a few noncommercial entities to make copies, dis-play them, etc.

Copyright does not confer the right to control “remote viewing” -- the ability to store a show in one place and watch it in another. It does not confer the right to control time-shifting. It doesn’t confer the right to control regional playback, as with DVDs that can only be viewed on a US player or a European players. Copyright does not confer the right to control re-sale or lending of lawfully acquired works.

In short, a broadcast flag would be a violation of copyright law. The intent of "preventing piracy" is a red herring. The real intent is to allow media companies to have complete control over a copyrighted work, as though copyright itself were a law of nature. (Turns out that copyright, not the absence of copyright, is the abnormality. Read Larry Lessig's Free Culture for a Brief History of Copyright Law.)

Posted by Mark at 12:20 AM | Permalink | Comments (0) | TrackBacks (0)

A judge today dismissed the RIAA's suit against the mother of a 13-year-old girl accused of file sharing. This mother was one of three moms who refused to settle out of court with the RIAA's "conference center." The conference center is like the Mexican police:

RIAA: Okay, that's ten shared songs at $10,000 each. That will be $100,000.
Defendant: But I don't have $100,000.
RIAA: So how much do you have?
Defendant: I have $5,000.
RIAA: We'll take that, then. And we'll make it $2,500 if you'll become a spokesperson for the new Napster and tell the world what great people we are. And then we'll kill you.

In the past, the RIAA has filed suits against anyone and everyone, and it's been profitable, since the money they get from the settlements more than pays for the costs of going after file sharers. But the moms who refuse to settle may put an end to the practice: there's a chance that a court might rule in favor of the moms, and in that case, the RIAA's technique would cease being profitable, and thus they would stop.

Patricia Santangelo was the first person to refuse to settle out-of-court with the RIAA. She contended that she didn't know how the files got on her computer, as she is pretty computer illiterate, and said that the account name didn't belong to any of her kids. The ruling today, however, concerns Candy Chan, mother of Brittany Chan. The U.S. District Court for the Eastern District of Michigan threw out the RIAA's lawsuit against Candy Chan back in May. The court dismissed the suit "with prejudice," meaning that the RIAA could no longer pursue a case against Candy Chan, but it could pursue a case against others.

To give you an idea of the kind of people the RIAA are, their next move was to file a motion to bring action against Brittany Chan, the defendant's daughter. Today, the judge denied the RIAA's motion. It's a funny business practice, isn't it? How many other industries make money by suing their customers? And they wonder why music sales have gone down. No one wants to do business with these people!

And now, on to TiVo. TiVo is a subscription-based service that allows you to record things from cable with a hard drive instead of a VCR. You can record at a particular time, you can cut out commercials, you can fast-forward and rewind. Back on Sept. 13, Cory Doctorow of Boing Boing -- along with lots of TiVo users -- noticed something peculiar going on with TiVo: it wouldn't save certain shows or allow users to move the shows with TiVo2Go.

Then, on Sept. 16, TiVo said that DRM had been enabled for certain shows by accident. Whoops! Even though TiVo said that it was an accident, DRM was still enabled for certain programs. Sounds like some content providers made TiVo an offer it couldn't refuse.

On Sept. 24, reports surfaced that TiVo was charging users $150 if they tried to cancel their newly-crapified service. Apparently, what was merely an "accident" was a mandatory "update" to the TiVo software that detected broadcast flags. These flags introduced new restrictions to certain programs and users were unaware and unable to opt-out of these restrictions. So one TiVo owner decided to cancel his service. He signed up for TiVo back when it did X, and now it wasn't doing X anymore, so he didn't want it. TiVo then charged him $150 as an "early cancelation" fee. Apparently, the download of a software update also caused him to be entered into a new contract for which the "early cancelation fee" was $150. Read any EULA and you'll find that it gives the licensor the right to alter the software at any time, for any reason, without voiding the contract. Read those EULAs! They're designed to take rights from you and make you do whatever the licensor wants you to do. ABC doesn't want you to be able to save Lost? So you won't, no matter what you -- the person who's paying TiVo and who owns the machine -- want.

And now the content companies are trying the broadcast flag again, only this time they're being sneaky about it: "One especially sneaky way to get an amendment passed is to smuggle it into a reconciliations bill. Reconciliation is the mirror image of appropriations. Appropriations is about taxes; reconciliation is all about making cuts. Because Congress dearly loves to appear thrifty, reconciliations has special fast-track status. It can't be filibustered, it's almost impossible to amend once agreed upon, and it only needs a plain majority to pass."

Posted by Mark at 8:43 PM | Permalink | Comments (2) | TrackBacks (0)

BRUSSELS -- The European Court of Justice today ruled that users of Microsoft Windows cannot uninstall anything from their computers. This ruling comes on the heels of a Finnish ruling that users have no legal right to be able to play CDs in their computers.

The case before the ECJ involved Jarmo Järvenpää, an investment banker from Helsinki. Mr. Järvenpää called Microsoft customer support in an attempt to get MSN Messenger removed from his machine. MSN Messenger is an instant-messaging program that, according to statistics obtained by SEDHE, is used by no one.

"I tried and tried to get de Myessenger off of my compyooter, vid no luck. So I called up cyustomer supoort, and ven I said I vanted to remyoove de program, dey sent de police to my house," said Mr. Järvenpää, whose accent has been reproduced phonetically. The police arrested him, citing a little-known EU stipulation that mandates that users cannot do anything to their machines that software vendors do not want. "An end-user of a machine is granted a license by the operating system manufacturer to use said machine. The software manufacturer, not the end-user, is the legal owner of said computing machine, and as such, the end-user is not entitled to do anything to that machine that is prohibited by the software manufacturer," says EU regulation 656-5827-B.

Finnish intellectual property lawyer Tarja Hämeenniemi says that the regulation is bogus. Her accent has also been reproduced phonetically. "De ting is dat de major softvare cyoompanies lobbied to have dis regulation inserted. Dis vay, dey can exercise complete control over deyend-eeyuser. Dis is de fyooture of intellectual property rights," she said.

While the director of Microsoft Finland could not be reached, SEDHE managed to get in touch with the director of Microsoft Sweden, which is just as good. The director, Mr. Weds Cheshif, was less than forthcoming: "Ve heve a poolicy of not tooking about spercific ishyoos vile dey're in de leeteegation phase. All vee can say at deesa point eez dat ve are vorking hard tyoo maintain de control over our eenteelectual property, and eef dat reeqivires de prosecyootion of some people, den so be it. Bork, bork, bork!"

Publicity directors of other companies we contacted similarly framed the issue in terms of intellectual property rights. "Well, of course they are," said SEDHE Intellectual Property Editor H. Simon Gregory. "That's the easiest way for a company to get rights that it doesn't have: scream 'copyright infringement' and suddenly everyone's listening, especially other media companies, who lobby for ridiculously restrictive regulations that breach a person's rights to use the things he bought in the way he wants. Then, this person must go to court and spend time and money proving that he has the rights that he has, anyway. Suddenly, he's the bad guy!"

The ECJ ruling means that end-users must contact the manufacturers of their operating systems in order to get permission to do anything to their machines. In the case of users of Gentoo Linux, the end-user must telephone everyone who ever worked on Gentoo and ask their permission. If just one person says "no," the end-user cannot modify his machine. Even a cool case-mod like ultraviolet lights would be prohibited. A statement from France-based Vivendi Universal said that the issue was terrorism. "We cannot allow terrorists to take control over our property for their nefarious terrorist purposes. And if you don't believe that, then replace the word 'terrorist' with 'pornographer.' And if you don't believe that, call our PR department and we'll come up with a different excuse," the statement said.

Posted by Mark at 12:29 PM | Permalink | Comments (0) | TrackBacks (0)

Stanford University law professor Lawrence Lessig penned a piece for Foreign Policy in which he predicts that DRM (digital rights management) efforts will spell the end of the public domain:

So, for example, the United States has radically increased the reach of copyright regulation. And through the World Intellectual Property Organization, wealthy countries everywhere are pushing to impose even tighter restrictions on the rest of the world. These legal measures will soon be supplemented by extraordinary technologies that will secure to the owners of culture almost perfect control over how “their property” is used. Any balance between public and private will thus be lost. The private domain will swallow the public domain. And the cultivation of culture and creativity will then be dictated by those who claim to own it.

The theory behind "public domain" is that creative work belongs to no one. Its natural state is to belong to everyone. But the state, recognizing that it benefits everyone if an artist is able to make some money off of his art and thus produce more art, grants the artist a monopoly for so many years. This monopoly is what we call "copyright." Once the monopoly expires, the work enters the public domain, meaning no one has an exclusive license to redistribute the work.

Gradually, media companies have increased the length of the copyright term. The Sonny Bono Copyright Term Extension Act of 1998 now allows a work created today to be copyrighted for 120 years! No one knows the problems with copyright law better than Lessig, who, in addition to writing several books on the issue, has argued copyright law in front of the Supreme Court. In the case Eldred v. Ashcroft, 01-618 (2003), Lessig argued on behalf of his client, Eric Eldred, that extended copyright to 120 years does not comport with the Constitution's requirement that copyrights and patents be granted for "limited Times." The court didn't buy his argument and sided with the government. (Admittedly, Lessig's argument, that Congress didn't have the power to extend copyright to such a long time, was pretty weak. Clearly, the Constitution does give Congress the power to do whatever it wants with copyright. The Court acknowledged that "the CTEA does not violate the 'limited Times' restriction of the Copyright Clause because the CTEA's terms, though longer than the 1976 Act's terms, are still limited, not perpetual, and therefore fit within Congress' discretion." In his book, Free Culture, Lessig admits that he used an argument that didn't make the CTEA matter to the justices. It does pain me to say it, because I don't like the CTEA at all, but the Court made the best decision with regard to the law.)

Anyway, getting back to the public domain. In Foreign Policy, Lessig suggests that anti-piracy efforts will spell the end of the public domain. This is probably true. DRM is an anti-piracy measure, but DRM doesn't know what "fair use" or "public domain" are. Fair use is defined in 17 U.S.C. 107, which states that an author's exclusive right does not extend to "criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research." To be classified as fair use, a work must be used (1) in one of the ways above, and (2) in a substantially non-commercial way. In evaluating fair use, the intent of the use must be taken into account. Do I want to copy an episode of South Park and redistribute it on the Internet, or do I want to play it for my satire class to show them what "lampoon" is? (Cf. "The Passion of the Jew.") The latter use is fair use, since it is being used for teaching and does not affect the value of the work commercially (i.e. because students have already seen the work in my class, they won't refrain from watching it on TV or purchasing it on DVD); the former is not, as the former affects "the potential market for or value of the copyrighted work" (instead of buying the DVD or watching it on TV, I'll download it from the Internet). DVDs have encryption on them to prevent piracy, and thanks to the DMCA, cracking an anti-piracy protection is a crime. What does this mean? It means that I have to break the law in order to do something allowed by law. The DMCA set up a no-win scenario (or, for Larry, a Kobayashi Maru scenario): I can't exercise my fair use rights to the work because of encryption, but neither can I break the encryption in order to exercise my fair use rights, because that would be a crime.

What do the content providers think of "fair use"? They hate it. They absolutely loathe it because it allows people to use their stuff without paying for it. In an RIAA Powerpoint presentation delivered at an Aug. 12 NARM convention in San Diego, Mitch Bainwol, CEO of the RIAA, refers to fair use as "theology." Theology?! It's in the damn law! It's not a question of believing in fair use or not believing in fair use. It's written down! It's there! You can read it! It exists! You don't need faith to believe in fair use; you need some reading glasses!

Also, consider that works being distributed as eBooks have DRM built into them, even if they're in the public domain! In Free Culture, Lessig demonstrates this using the book Middlemarch, which is in the public domain:

When my e-book of Middlemarch says I have the permission to copy only ten text selections into the memory every ten days, what that really means is that the eBook Reader has enabled the publisher to control how I use the book on my computer, far beyond the control that the law would enable.

DRM on public domain works breaks the law because it continues to grant the author an exclusive license to the work. DRM on copyrighted work can break the law because it doesn't allow for the exercise of fair use. Once I buy my CD of Bette Midler's greatest hits, it's mine. I own it. It's a tangible thing and I own it. But if there's DRM on the CD, then I do not own it! The music publisher still owns it and is generous enough to allow me to play the CD. Assbag.

The only reason that content companies put DRM into their stuff is because they can. Do you think for a minute that they didn't put DRM in VHS tapes because they respected you as a customer? Not on your life, pal. It's because they didn't have the technology to do it back then. The goal of a content company is the same as any other company: profit. They want to force you to keep coming back to them for content, upgrades, service, parts, whatever. DRM tells you, the consumer, in no uncertain terms that you view content at the pleasure of the company that's provided it for you. If they don't want you to do something with the content, then you won't. And you'll like it. And you'll come back for more.

But maybe there's a bright side to this. Maybe companies' Draconian DRM tactics will backfire and consumers, used to doing whatever they want with whatever they bought, will opt not to buy CDs with ridiculous DRM built into them. Or they'll become amateur hackers and figure out ways around the DRM. As Larry Lessig concludes at the end of Free Culture:

My point is not the idiotic one: Just because people violate a law, we should therefore repeal it. Obviously, we could reduce murder statistics dramatically by legalizing murder on Wednesdays and Fridays. But that wouldn't make any sense, since murder is wrong every day of the week. A society is right to ban murder always and everywhere.

[...]

When at least forty-three million citizens download content from the Internet, and when they use tools to combine that content in ways unauthorized by copyright holders, the first question we should be asking is not how best to involve the FBI. The first question should be whether this particular prohibition is really necessary in order to achieve the proper ends that copyright law serves. Is there another way to assure that artists get paid without transforming forty-three million Americans into felons? Does it make sense if there are other ways to assure that artists get paid without transforming America into a nation of felons?

DRM is designed to make information behave like a tangible thing. Mariah Carey's new hit single must be exactly like a refrigerator. The problem is that it's not. And DRM allows content providers to force information to behave like a refrigerator. It gives corporations a government-sanctioned excuse to be lazy, to stop innovating, to force new markets to behave like old ones.

Lessig's concern in Foreign Policy is that the public domain will disappear as the distinction between "public" and "private" becomes blurred to the point where "private" swallows "public" and consumers are forced to pay for everything. Something will have value only if it has a price. I maintain that it doesn't have to be this way. Like a dystopic novel, this is a warning: you can stop this future from happening! When Foo Fighters publishes a CD full of DRM, don't buy it. When Velvet Revolver publishes a CD with DRM, don't buy it. Declare that the market is made of producers and consumers, and if the music industry wants to retain you as a consumer, it had better afford you some respect by letting you do what you want with the stuff you own. And if it won't, then you'll go somewhere where you're being respected and not having business practices shoved down your throat under penalty of law.

Posted by Mark at 6:59 PM | Permalink | Comments (4) | TrackBacks (0)

If there is one piece of legislation that's detrimental to liberty, it's the USA PATRIOT Act. If there are two pieces of legislation that are detrimental to liberty, they are the USA PATRIOT Act and the Digital Millennium Copyright Act (DMCA).

Signed into law in 1998, the original intent of the DMCA was to protect copyrighted works from piracy and hacking. Under the DMCA, it is a federal crime to circumvent electronic anti-infringement protection, like the kind you might find on the copy of Warcraft III you cracked. Makes sense, right?

But the DMCA has been abused by corporations seeking to maintain a monopoly on their products. "Anti-infringement" protection has become "anti-competition" protection as corporations lock down their products, forcing you to come to them whenever you have problems.

Thankfully, the courts are working. Whenever corporations file lawsuits to have the DMCA protect crazy things, judges see right through them. In the most recent case of the DMCA being used to stifle innovation and competition, we have a company called StorageTek, which makes automated tape cartridge libraries for backing up data. StorageTek required its clients to have StorageTek service all of its machines, due to the fact that the machines used proprietary software.

In steps Custom Hardware Engineering & Consulting (CHE), which figures out how to intercept the error messages sent by this proprietary software and diagnose problems with the machines. To do this, CHE has to crack password protection software designed to prevent unauthorized reconfigurations of this proprietary software.

As expected, StorageTek sued, alleging violations of the DMCA, since the software was copyrighted and there was an anti-circumvention scheme in place. CHE defended itself by saying that the existence of such an anti-circumvention scheme constitutes antitrust; in designing software that should only be altered by StorageTek, the company has locked anyone else out from repairing the machines. While it's clear even to Judge Magoo that this is an antitrust violation (an attempt to lock out competition in a given industry), the trial court in this case refused to grant an injunction to CHE, since it believed that CHE did not have a good chance of winning the case on the merits.

Huh? That's a stupid baby opinion. Thankfully, an unnamed Circuit Court of Appeals reversed the trial court's decision:

That result follows because the DMCA must be read in the context of the Copyright Act, which balances the rights of the copyright owner against the public’s interest in having appropriate access to the work.

Maintenance is not prohibited by the Copyright Act, and in examining whose interest is at stake, the court concluded that, in this issue of maintenance, the public's interest in accessing the work in order fix it trumps the copyright owner's rights. CHE's cracking of StorageTek's protection software does not violate the DMCA, since there is no danger that CHE will steal the proprietary software. The DMCA, therefore, cannot prohibit third-party maintenance of a protected "work." (I put "work" in quotes because I don't believe that software code can be copyrighted. Software code is a set of instructions, not a work of art, and as such, should be covered by patents, not copyrights. See my previous post about patents and copyrights.)

Slowly but surely, our activist, liberal, baby-killing federal courts are doing the right thing and curbing the excessive power that the DMCA gives to copyright-holders.

Posted by Mark at 3:15 PM | Permalink | Comments (8) | TrackBacks (0)

Via Boing Boing comes an article from the Sydney Morning Herald (registration required) that describes a way in which Microsoft is going to shove DRM down your throat, and you'll like it! Apparently, Windows Vista will intentionally make protected content fuzzier than it ought to be unless the monitor is equipped with High-bandwidth Digital Content Protection (HDCP):

Stephen Speicher, who writes a weekly column for the tech blog engadget, said: "If you're one of those rare people whose display is equipped with HDCP, you're fine. However, in the world of computers, such users are few and far between."

The technology is known as PVP-OPM, or Protected Video Path - Output Protection Management.

Speicher said while HDCP had become a de facto standard for display copy-protection in televisions, its penetration in the computer display market was very low.

"Whether you're plunking down money for one of the new ultra-fast LCD displays with 4ms response times or you're becoming the envy of the neighbourhood with Dell's UltraSharp 2405FPW widescreen display, you're buying a monitor that won't play nice with premium content in Longhorn (the code name for Windows Vista)," he said.

So, Microsoft is going to lock down content -- or at least make it a little more annoying to view -- unless you cough up for a new monitor that ensures that you won't steal protected content. Isn't this going a little overboard? Again, who is Microsoft kidding? Hardcore h4xx0rz that want to pirate content will pirate content, and if Microsoft throws a hurdle in their way, they'll find a way to jump over it. It certainly happened with the Genuine Advantage program, which was cracked in 24 hours.

The Library of the Future (brought to you by the MPAA)

Imagine the DRMed library of the future, every music, film, and software company's wet dream: You go into the library, but once you step into the library, a burly man follows you around and looks over your shoulder while you're reading, just to make sure that you're not taking notes about what's in the book, or if you are, that you're only taking one note every twenty-four minutes, and no more than seven notes per individual book. And no memorizing anything, or else the burly man will punch you in the head until you forget what you saw in that book, or that film, or heard in that audio recording. You may have paid $27.50 per month for a membership to the library, but you're certainly not going to do anything with those books that the publishers don't want you to do.

Oh, and to watch any films produced by Sony, you need to pay $8 extra for special glasses that allow you to view the film; without them, the picture looks garbled. And Sony's special glasses won't work for Warner Bros. films, so if you want to view those, you'll need to pay $8 more for Warner Bros. glasses.

Did I mention that you'll be naked? Because if you aren't, there's the possibility that you could steal some of the stuff from this library. And yes, there's a rectal check on the way out. But, hey, it's worth all of this to get your cultural content, right? Well, yes. Because this library is the only place that contains any cultural content anymore. It's the law. Written by Rick Santorum and co-sponsored by Orrin Hatch, the law was re-written so that the only place that any art or media could be put on display was this library, which is owned and operated by a consortium that includes the MPAA and the RIAA. No books, films, or audio recordings are allowed outside of this library. Why? Because we have to protect the artists. If you were allowed to wander around town with a book, then you could give it to someone else. And does Bill O'Reilly get any benefit from you re-selling that copy of The No Spin Zone? Heck, no. So why should he even work at all? It just makes good business sense: everything should be paid for. No public domain, no fair use. That only encourages infringement. And only terrorists, commies, and homogays enjoy infringement.

And sodomy. Delicious sodomy.

Posted by Mark at 6:14 AM | Permalink | Comments (0) | TrackBacks (0)

Boing Boing linked a few days ago to a website showing screenshots from a terrible bootleg copy of Star Wars Episode III. There was a line of blur toward the top of the screen, extending all the way across the picture, which was a studio timecode that had been blurred out.

Here's a DVD case for a bootleg copy of the film, which includes the credits from the film Armageddon on the back, as well as some hijacked art from starwars.com (you can download the art on the back of the pirated DVD, "Rise Lord Vader," as a desktop wallpaper, although whoever made this DVD box had other intentions for it).

So why would anyone pay for this crap? MPAA operates under the assumption that we're all rational consumers. A "rational consumer" is a consumer who takes only price into account when making a decision about buying something. In a perfectly competitive market, this makes sense. The definition of a "perfectly competitive market" is one where there are thousands of sellers all selling exactly the same thing for, it turns out, exactly the same price (a single firm in a perfectly competitive market could lower its price, but it wouldn't be able to make enough money to have an economic profit, since there are literally thousands of other firms selling the same thing at a higher price and making more money off the deal. Like most things in economics, a "perfectly competitive market" is something invented by the folks at the College Board and the textbook companies. The graphs look nice, but they bear little resemblance to reality.

In reality, consumers do make distinctions based on factors besides price because items for sale do differ in quality. If I were a rational consumer, I would pay $5 for the bootleg DVD instead of $24.95 for the real DVD. But as a consumer concerned with quality, I want the assurance that I'm watching a real copy of the film, as well as a copy without quality problems (like a timecode in the middle of the screen). Why people would buy these pirated DVDs I'll never know, probably because they don't know that they're of terrible quality.

I'll download a 700 MB AVI of a movie I want to watch, but if I want to watch the movie again and again, I'll just buy it. The same goes for MP3s: if all I can find is low-quality versions of songs I want, I'll just buy the album (especially if I can't find the whole album. Do you know how hard it is to find all of the tracks for Music for a Darkened Theatre, Vol. 2 on the file-sharing networks? No one has it!).

We consumers make quality distinctions and we won't buy crap unless we're duped into thinking it's not crap. That's why people buy junky cars all the time: it's not because they want a junky car; it's because they've been led to believe it's not a junky car.

Posted by Mark at 1:48 PM | Permalink | Comments (5) | TrackBacks (0)

Back in 2002, Lexmark, the maker of cheap, dopey printers, sued a company called Static Control Components. Lexmark's laser printer toner cartridges contained a chip that measures (approximately) the amount of toner left in a cartridge. Companies that buy toner cartridges from Lexmark can get them at a discount using Lexmark's "Prebate" program, whereby a business agrees to send a used cartridge back to Lexmark for re-filling. The program specifies that these businesses may only buy their cartridges from Lexmark, and software on the chip and in the printer itself ensures that customers don't violate this agreement.

In steps Static Control Components (SCC), which manufactures a chip that breaks the encryption on Lexmark's toner chip, allowing consumers to use third-party toner cartridges instead of Lexmark's. Lexmark sued under the Digital Millennium Copyright Act (DMCA), alleging that SCC's technology is being used to "circumvent a technological measure that effectively controls access to a work" that is copyrighted. In this case, Lexmark's control programs are copyrighted.

Lexmark provided three theories of liability:

First, Lexmark alleged that SCC violated the copyright statute, 17 U.S.C. § 106, by reproducing the Toner Loading Program on its SMARTEK chip. Second, it alleged that SCC violated the DMCA by selling a product that circumvents access controls on the Toner Loading Program. Third, it alleged that SCC violated the DMCA by selling a product that circumvents access controls on the Printer Engine Program.

The Sixth Circuit Court of Appeals, in Lexmark v. Static Control Components (03-5400), didn't buy this argument. The case was appealed to the Supreme Court, but the Court rejected it.

Which brings me to my point: why is software copyrightable? The United States Code makes an explicit distinction between copyrights and patents:

17 U.S.C. 102:

(a) Copyright protection subsists, in accordance with this title, in original works of authorship fixed in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. Works of authorship include the following categories:

(1) literary works;
(2) musical works, including any accompanying words;
(3) dramatic works, including any accompanying music;
(4) pantomimes and choreographic works;
(5) pictorial, graphic, and sculptural works;
(6) motion pictures and other audiovisual works;
(7) sound recordings; and
(8) architectural works.

(b) In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.

Take a look at that last paragraph. Copyrights are not supposed to be extended to inventions or devices which engage in some sort of utilitarian function. What is a computer program? Is it a literary work? No. Is it a musical work, a dramatic work, a pantomime, a sculpture, a motion picture, a sound recording, or an architectural work? I believe we can all agree that it is none of those. But, of course, these are just examples of things that are copyrightable; the list is not all-inclusive.

Is a computer program an "idea"? Well, certainly, but so is a sculpture. Is a computer program a "procedure"? Yes, at its most basic, a computer program is nothing more than a set of instructions. Here is a computer program:

10 PRINT "I AM GOING CRAZY"
20 GOTO 10
30 RUN

This is a set of instructions written in BASIC. In BASIC, the computer goes through lines of code sequentially until it's told to stop. The above program tells the computer to display the words I AM GOING CRAZY. The computer then moves on to the next instruction, which tells it to go back to line 10. It again displays I AM GOING CRAZY, then moves on to the next instruction, which tells it to go back to line 10. (Line 30, RUN, tells the computer to execute the program.) You get the idea. This will cause the computer to continue displaying the words "I am going crazy" until someone turns it off. The computer is helpless to do anything other than that which it is told. It is executing a series of instructions, and this is a "procedure." It is also a "process," "system," and "method of operation."

Why, then, is software protected by copyrights? Let's take a more sophisticated piece of software, like WarCraft III. It has some literary and artistic elements, and those can be copyrighted: the names, characters, music, and storyline can all be copyrighted. The code which powers the game, however, must be patented!

Why copyright protection, then? Because software manufacturers lobbied for it. And because copyright protection is stronger than patent protection. If you copyright something today, you hold an exclusive right to reproduce that work for the length of your life and 70 years afterward. If you copyright something anonymously, under a pseudonym, or for hire, then you hold a copyright for 120 years after its creation [15 U.S.C. 302]! Companies like Walt Disney have lobbied extensively to keep copyrighted materials out of the public domain (cf. the Sonny Bono Copyright Term Extension Act, which extended copyright protections by 20 more years), paying Congressmen lots of money to extend copyrights just as they are about to expire. A patent, on the other hand, is enforcable for only 20 years after the date the patent was issued [35 U.S.C. 154(a)(2)].

Or maybe I'm wrong and software should be copyrighted. Any ideas?

Posted by Mark at 3:56 PM | Permalink | Comments (0) | TrackBacks (0)

As if Congress weren't already in the MPAA's pockets, given the recent Family Craptacular Act of 2005 that President Bush signed into law yesterday, Congress is also in the pockets of ... the for-profit weather data industry?

That's right, folks. Sen. Rick Santorum (R-PA) has, ironically, done one of the gayest things a senator could ever do. This time, the pandering isn't even covert. It's the opposite of that. Some might say it's covert.

Last week, Santorum introduced S.786 into the Senate, "To clarify the duties and responsibilities of the National Oceanic and Atmospheric Administration and the National Weather Service, and for other purposes."

What are these duties? Apparently, they are to collect a whole lot of meteorological data. And then guess what Santorum doesn't want the National Weather Service to do? Give you these data for free! Currently, the NWS, a government agency, provides meteorological data for free. Under Santorum's revised "duties," the NWS would be prohibited from giving away meteorological data for free -- or in any other way "that might influence or affect the market value of any product, service, commodity, tradable, or business," since NWS competes with private-sector weather data companies.

I think this is probably the most asinine thing I've ever heard in my entire life. Pity the poor private-sector weather collection agencies. Sure, you can have your storm warnings -- for five dollars. Hey, we're just trying to make a living!

The old laws of economics once said that if you aren't making money doing something, it's time to do something else. The new laws of economics say that if you're not making money doing something, lobby Congress to enact legislation that will allow you to