Online game theft earns real-world conviction
The amulet and mask were a 13-year-old boy's virtual possessions in an online fantasy game. In the real world, he was beaten and threaten with a knife to give them up.
The Dutch Supreme Court on Tuesday upheld the theft conviction of a youth who stole another boy's possessions in the popular online fantasy game RuneScape. Judges ordered the offender to perform 144 hours of community service.
Only a handful of such cases have been heard in the world, and they have reached varying conclusions about the legal status of "virtual goods" _ and whether stealing them is real-world theft.
The suspect's lawyer had argued the amulet and mask "were neither tangible nor material and, unlike for example electricity, had no economic value."
But the Netherlands' highest court said the virtual objects had an intrinsic value to the 13-year-old gamer because of "the time and energy he invested" in winning them while playing the game.
The court did not release the offender's name, only his year of birth _ 1992. It said he and another youth beat and kicked the boy and threatened him with a knife until he logged into RuneScape and dropped the objects in 2007.
One of the thieves, who was also playing the game, was then able to pick up the items, making them his virtual property. Both were convicted by a lower court in 2009, but only one of them had appealed to the Supreme Court.
20120131
Dutch Supreme Court: Forcing teen to drop virtual objects in online game was real-world theft
20120130
EFF Asks Judge to Prevent ‘Catch-22’ in Porn-Downloading Lawsuit
Defendants Told They Must Reveal Their Identities Before Fighting to Protect Anonymity
San Francisco - The Electronic Frontier Foundation (EFF) has asked a federal judge in Washington, D.C., to protect the identities of individuals sued in a mass copyright lawsuit involving pornographic materials.
In this case, adult film company Hard Drive Productions sued 1495 unnamed Internet users, claiming they illegally downloaded copyrighted pornographic material. Some of these defendants moved to quash subpoenas aimed at revealing their identity. Many filed those motions under seal, to protect their anonymity until the motions are decided.
Last month, a judge issued a "Catch-22" order, requiring these individuals to reveal their identities before their motions – which were made to protect their identities – could proceed. In a friend of the court brief filed Monday, EFF argues that this requirement could induce defendants to settle their lawsuits in order to avoid the embarrassment, humiliation, or expense, instead of getting to the merits of the case.
"These subpoenas need to be considered in the context in which this case was brought," said EFF Staff Attorney Mitch Stoltz. "The plaintiffs here hope to take advantage of the stigma associated with pornography – as well as the threat of an expensive court battle – to induce people to settle no matter what their defenses might be. If defendants can't fight the exposure of their identities without exposing their identities, then the plaintiffs have already won."
The case is one of a growing number of mass copyright lawsuits that do not appear to be filed with any intention of litigating them. Instead, once identities of suspected infringers are obtained from ISPs, the plaintiffs send settlement letters offering to make the lawsuit go away for a few thousand dollars. A ruling on whether a film company may obtain identities of anonymous Internet users may be the last chance for defendants to be heard by the court.
EFF's brief explains both the speech implications of the ruling and the importance of the court rules that protect defendants, given the numerous ways these mass lawsuits violate due process.
"All that the plaintiffs need here to pursue their settlement shake-down scheme is the identity of the anonymous defendants," said EFF Intellectual Property Director Corynne McSherry. "These defendants have a First Amendment right to argue for their anonymity without the court forcing them to moot that argument from the start. We're asking for these motions to quash to go forward without requiring them to be unsealed, and we're also asking the court to throw this case out given the basic due process flaws."
For the full amicus brief:
https://www.eff.org/document/amicus-brief-hard-drive-productions-v-does-1-1495
For more on copyright trolls:
https://www.eff.org/issues/copyright-trolls
Contacts:
Corynne McSherry
Intellectual Property Director
Electronic Frontier Foundation
corynne@eff.org
Mitch Stoltz
Staff Attorney
Electronic Frontier Foundation
mitch@eff.org
Is it legal to stop people from selling their used games?
By Kyle Orland
If a platform holder wants to make your used games as useful as this disc fragment, that's their legal right.
Recent stories about potential technical efforts to limit the future playability of used games, as well as commercial efforts to limit the content included with used copies, got us wondering: is it actually legal to hinder someone from reselling a game (or piece of a game) that they legally bought in the first place?
At first glance, such efforts would seem to fall afoul of the first-sale doctrine. First established in a 1908 Supreme Court case and codified into law in 1976, the doctrine basically gives the initial purchaser wide-ranging rights to the use of the product they've bought, including the right to sell it to a new owner.
So if a retail game comes with online-activated DRM or some other method for preventing a second owner from playing, doesn't that go against this longstanding legal principle? Probably not, according to Electronic Frontier Foundation Intellectual Property Director Corryne McSherry. While the first-sale doctrine says a company can't stop you from selling, giving away or even breaking your legally purchased software, "I don’t think it is binding on others to assist you in doing all of those things," she says.
"I think the first-sale doctrine... would say you have a right to sell your old game... and you have the right to purchase a used game... but the first-sale doctrine doesn’t require somebody to build a used book store, if you know what I mean," she continued. In other words, just because you can sell a used game doesn't mean the platform maker has to make it easy, or even possible, for the new owner to play it.
It's an odd distinction, and one that's dictated by the still legally murky world of the End User License Agreement. Most software these days, including games, comes with such a EULA, saying the initial purchaser is just a licensee and isn't allowed to resell that license to a new owner. This is how digital download services like Steam and Xbox Live Marketplace can legally prevent you from reselling digital copies of their titles.
How do the courts deal with the conflict between these EULAs and the consumer's legislatively granted first-sale rights? The case law regarding the subject is a bit unsettled, but the trend seems to be going in a decidedly consumer-unfriendly direction. "Assuming you actually agree to [the EULA], even if you didn't read it, courts tend to treat those contracts as binding," McSherry says. "There's a tension there — have you contractually waived your first sale right? — but unfortunately recent cases have not been really positive in that direction."
Of course, just because it's legal doesn't mean it's a good idea, for a variety of economic and consumer relations reasons. But if companies are going to be prevented from scaling back a used game's value, it will likely be because of public pressure, and not legal pressure.
"I think a company is free to design its games the way they want to design their games," McSherry says. "To me, it's less of a legal question and more of a question of business and public policy."
20120128
European Parliament Official In Charge Of ACTA Quits, And Denounces The 'Masquerade' Behind ACTA
This is interesting. Kader Arif, the "rapporteur" for ACTA, has quit that role in disgust over the process behind getting the EU to sign onto ACTA. A rapporteur is a person "appointed by a deliberative body to investigate an issue." However, it appears his investigation of ACTA didn't make him very pleased:
I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement: no inclusion of civil society organisations, a lack of transparency from the start of the negotiations, repeated postponing of the signature of the text without an explanation being ever given, exclusion of the EU Parliament's demands that were expressed on several occasions in our assembly.Pretty rare to find such direct honesty in political circles. That's quite a direct and clear condemnation of the entire process. In terms of process, it will be interesting to see if this has an impact. While the EU did sign on to ACTA today, it still needs to be ratified by the European Parliament (more on that in a little while). Having Arif quit makes a pretty big statement, and hopefully makes it easier for Parliament Members to speak out loudly against ACTA... Still, this is an uphill battle. The supporters of ACTA have been working to get ACTA approved for years. To them, this is basically a done deal.
As rapporteur of this text, I have faced never-before-seen manoeuvres from the right wing of this Parliament to impose a rushed calendar before public opinion could be alerted, thus depriving the Parliament of its right to expression and of the tools at its disposal to convey citizens' legitimate demands.”
Everyone knows the ACTA agreement is problematic, whether it is its impact on civil liberties, the way it makes Internet access providers liable, its consequences on generic drugs manufacturing, or how little protection it gives to our geographical indications.
This agreement might have major consequences on citizens' lives, and still, everything is being done to prevent the European Parliament from having its say in this matter. That is why today, as I release this report for which I was in charge, I want to send a strong signal and alert the public opinion about this unacceptable situation. I will not take part in this masquerade.
20120127
Man who downloaded recipes on how to make explosive devices jailed
A man who downloaded recipes on how to make explosive devices onto a pen drive has been jailed.
Asim Kauser, aged 25, of Bardon Close, Halliwell, Bolton, pleaded guilty to four offences under Section 58 of the Terrorism Act 2000 at an earlier hearing. The particulars are that Kauser was in possession of records of information of a kind likely to be useful to a person committing or preparing an act of terrorism.
He has today, 27 January 2012, been sentenced to two years and three months in prison at Manchester Crown Court, Crown Square. Kauser was arrested and charged following an operation by the North West Counter-Terrorism Unit.
Police first became involved when officers from Bolton were called to investigate a burglary that happened overnight between 1 and 2 June 2011 at Kauser's family home, in which the thieves stole a car.
Kauser's father gave police a USB stick which was thought to contain CCTV images of the burglary.
However, when it was examined it contained recipes on how to make explosive devices and poisons, anti-interrogation techniques and details on how to kill efficiently.
A further examination of the stick revealed a letter, addressed to an unknown recipient, in which the author - again anonymous but referring to himself as a 24-year-old man - seeks spiritual guidance and says he has prepared himself physically and financially for jihad.
Officers also recovered a list that contained prices in both pounds and rupees of a number of items, including an AK47 rifle, rounds of ammunition, a grenade launcher and other survival or combat material.
Forensic analysis of the pen drive revealed the material had been downloaded in the spring of 2010.
Explosive experts were consulted who confirmed the recipes on the stick were viable ways of making explosive devices.
Detective Chief Superintendent Tony Porter, head of the North West Counter-Terrorism Unit, said: "The materials we discovered on that pen drive were clear and viable instructions on how to make explosive devices.
"When you combine that with the letter and the 'shopping' list that was found in Kauser's bedroom which contained pricing details for guns, ammunition and other survival equipment it builds up a picture of his state of mind.
"This case has never been about proving an endgame and we may never know what his intentions were, but when you have significant evidence of how to make explosive devices and pricing lists for weapons, we had to act quickly.
"The North West Counter-Terrorism Unit has to act on any information or suggestion of terrorist activity - in situations like these there can be absolutely no delay.
"Throughout this investigation, we have worked with members of our community, who were understandably anxious to see this case resolved, to keep them informed and we would like to thank those people for their support.
"I also want to stress that this case is not about policing people's freedom to browse the Internet. The materials that were downloaded were not stumbled upon by chance - these had to be searched for and contained very dangerous information that could have led to an explosive device being built. That is why we had to take action.
"All forms of violent extremism present a threat to our communities and we all have a role to play in protecting them."
Why History Needs Software Piracy
How copy protection and app stores could deny future generations their cultural legacy.
By Benj Edwards
Amid the debate surrounding controversial anti-piracy legislation such as SOPA and PIPA, our public discourse on piracy tends to focus on the present or the near future. When jobs and revenues are potentially at stake, we become understandably concerned about who is (or isn’t) harmed by piracy today.
I’m here to offer a different perspective, at least when it comes to software piracy. While the unauthorized duplication of software no doubt causes some financial losses in the short term, the picture looks a bit different if you take a step back. When viewed in a historical context, the benefits of software piracy far outweigh its short-term costs. If you care about the history of technology, in fact, you should be thankful that people copy software without permission.
It may seem counterintuitive, but piracy has actually saved more software than it has destroyed. Already, pirates have spared tens of thousands of programs from extinction, proving themselves the unintentional stewards of our digital culture.
Software pirates promote data survival through ubiquity and media independence. Like an ant that works as part of a larger system it doesn’t understand, the selfish action of each digital pirate, when taken in aggregate, has created a vast web of redundant data that ensures many digital works will live on.
Piracy’s preserving effect, while little known, is actually nothing new. Through the centuries, the tablets, scrolls, and books that people copied most often and distributed most widely survived to the present. Libraries everywhere would be devoid of Homer, Beowulf, and even The Bible without unauthorized duplication.
The main difference between then and now is that software decays in a matter of years rather than a matter of centuries, turning preservation through duplication into an illegal act. And that’s a serious problem: thousands of pieces of culturally important digital works are vanishing into thin air as we speak.
The Case of the Disappearing Software
The crux of the disappearing software problem, at present, lies with the stubborn impermanence of magnetic media. Floppy disks, which were once used as the medium du jour for personal computers, have a decidedly finite lifespan: estimates for the data retention abilities of a floppy range anywhere from one year to 30 years under optimal conditions.
A floppy stores data in the form of magnetic charges on a specially treated plastic disc. Over time, the charges representing data weaken to the point that floppy drives can’t read them anymore. At that point, the contents of the disk are effectively lost.
This becomes particularly troubling when we consider that publishers began releasing software on floppy disk over 30 years ago. Most of those disks are now unreadable, and the software stored on them has become garbled beyond repair. If you’ve been meaning to back up those old floppies in your attic, I have bad news: it’s probably too late.
To make matters worse, software publishers spent countless man-hours in the 1980s preventing us from archiving their work. To discourage piracy, they devised schemes to forever lock their software onto a single, authorized diskette. One popular copy protection method involved placing an intentionally corrupt block of data on a disk to choke up error-checking copy routines. It worked so well that it also prevented honest attempts to back-up legally purchased software.
If these copy protection schemes had been foolproof, as intended, and copyright law had been obeyed, most of the programs published on those fading disks would now be gone forever. Many cultural touchstones of a generation would have become extinct due to greed over media control.
It’s not just floppy disks that are under threat. Thousands of games published on ROM cartridges and as enormous arcade cabinets are now hard to find and can only run on electronic hardware that will not last forever. Publishers have re-released a handful of the most prominent games among them on newer platforms, but the large majority of legacy video games don’t get this treatment. Pirates liberate the data from these ROM chips and allow them to be played, through software emulation, on newer consoles and PCs.
Pirating also makes foreign game libraries easily available for historians to study. Some games only appeared on writable cartridges in Japan via download methods like the Nintendo Power flash cart system and the BS-X Satellaview. Those would be entirely out of the reach of Western historians today without previous efforts to back them up illegally.
For a sample slice of what’s at stake when it comes to vanishing software, let’s take a look at the video game industry. The Web’s largest computer and video game database, MobyGames, holds records of about 60,000 games at present. Roughly 23,000 of those titles were originally released on computer systems that used floppy disks or cassette tapes as their primary storage or distribution medium.
23,000 games! If game publishers and copyright law had their way, almost all of those games would be wiped from the face of the earth by media decay over the next 10 years. Many would already be lost.
For the past decade, collectors and archivists have been compiling vast collections of out-of-print software for vintage machines (think Apple II, Commodore 64, and the like) and trading them through file sharing services and on “abandonware” websites. Through this process, they’ve created an underground software library that, despite its relative newness, feels like the lost archives of an ancient digital civilization.
About Abandonware
Abandonware is a pseudolegal concept that posits the righteousness of distributing software that is no longer commercially sold or supported — that which seems “abandoned” by its owners. Despite this, if the software is copyrighted and permission to distribute software has not been expressly given by the owner, distributing it is still illegal.
As a journalist and historian, I rely on these collections of pirated software to do my job. I’d rather it not be that way, but there is no legal alternative (more on that in a moment).
The compilation of this underground library–a necessary resource for future historians–is a brave act of civil disobedience that needs to continue if we are to protect our digital heritage. As we’ll see, the greatest threats to software history lie not behind us, but directly ahead of us.
Why Preserve Software?
Before we go any further, let’s take a step back and consider why we should preserve software in the first place. Software often seems inconsequential because of its ephemeral nature. It’s a dynamic expression of electrons on a computer screen, and that doesn’t mean much, instinctively, to brains that evolved to recognize value in physical objects.
But software is also a powerful tool whose mastery says something profound about our civilization. If we look back through a museum, we can get a good idea about a certain society’s potential by examining its tools. If a civilization could build threshing machines, for example, we know that they could harvest and process wheat much faster than people 100 years earlier. That, in turn, might explain a known population boom.
Likewise, we can measure mankind’s recent potential by looking at his software tools. Future historians may ponder how people achieved a surreal vocal effect in music or created the CGI animated films of today. They may wonder at what point a certain tool allowed fantastic, photorealistic image manipulations that now dominate advertising. Without knowledge of and experimental access to various versions of Auto-Tune, Pixar RenderMan, and Adobe Photoshop, they’ll have a difficult time finding accurate answers to those questions.
Software is also entertainment. It is culture. Like books, music, and films before it, the art form expressed in software entertainment programs–usually games–has both reflected and influenced the cultural behavior of multiple generations around the globe.
Is there an American alive between the ages of 15 and 35 that doesn’t know who Mario is? (I’m sure you can find someone who has not heard of Mario, but he was locked in a basement from 1980 to 1999.)
Thanks to the work of preservationists that flout the law, future historians will be able to more fully consider Mario’s cultural impact and answer deeper, ancillary questions like “Why did people wear T-shirts with pixelated mushroom people on them?” and “What games, exactly, did Mario appear in and why?”
It’s possible that Nintendo will be around 200 years from now, but it is unlikely to provide all the answers. The company will only convey the history that is in their best commercial interest to show you (i.e. Super Mario Bros. 3, over and over). Historians will show you everything without restraint — even Hotel Mario, Mario Roulette, and I Am A Teacher: Super Mario Sweater. None of those games will survive 200 years without piracy, because Nintendo would rather see those embarrassingly low-quality titles rot away in a tomb sealed by copyright law.
We Have Everything To Lose
It would be nice if the problem of disappearing software was limited to the past, but there’s a disturbing parallel at work in the current software marketplace. App stores and other digital distribution methods–which often inextricably link purchased software to a unique licensee, sometimes on a unique machine–threaten to deprive us of even more software in the very near future.
Thanks to widespread adoption of aggressive digital rights management (DRM) and a single-source model of distribution, most digitally distributed software will vanish from the historical record when those stores shut down. And believe me, they will shut down some day. If this doesn’t scare you, then you need an allegorical history lesson. Here it is:
Imagine if a publisher of 500,000 different printed book titles suddenly ceased operation and magically rendered all sold copies of its books unreadable. Poof. The information contained in them simply vanished. It would represent an cultural catastrophe on the order of the burning of the Great Library of Alexandria in 48 B.C. In that fire, a majority of the Western world’s cultural history up to that point turned to ash.
Now take a look at the iTunes App Store, a 500,000 app repository of digital culture. It’s controlled by a single company, and when it closes some day (or it stops supporting older apps, like Apple already did with the classic iPod), legal access to those apps will vanish. Purchased apps locked on iDevices will meet their doom when those gadgets stop working, as they are prone to do. Even before then, older apps will fade away as developers decline to pay the $100 a year required to keep their wares listed in the store.
From a historical perspective, we can only hope that hackers and pirates have been quietly making archives of as much as they can grab from download services like the iTunes App Store, the PlayStation Store, the Wii Shop Channel, Xbox Live Arcade, and other online app stores.
And what about cloud software? If all of our software tools become centralized and run over the Internet, it will be hard to pirate them, which also means they won’t get preserved. That’s bad for history.
When paleoanthropologists wonder if a 13,000 year-old Clovis point can take down a Bison, they tie one to a spear and let it fly. If spear points had been automatically cloud updated over the course of their development, however, we would only know of the most recent iteration in the design process. Clovis points wouldn’t exist today, and we’d be wondering how ancient Native Americans managed to hunt game with uranium-tipped bullets.
With that in mind, think about this: What did Gmail’s interface look like just one year ago? How did Google Maps work before it added Street View? Lacking experimental access to older versions of cloud-based software tools, future historians will have to depend on screenshots and personal testimony to work out exactly what the tools were capable of at any time, if they still exist.
But if future historians retain access to old versions of non-cloud software, they will be able use the tools, as they would with a Clovis point, to experimentally duplicate the activities of people in the past. For example, they could run the AtariWriter word processing program on an Atari 800 emulator to reproduce a document from the 1980s in a way that would explain its format.
A complete reliance on cloud gaming (think OnLive) is also a very bad idea. Looking to OnLive to preserve game software would be like expecting your local movie theater to preserve film history. It’ll only show what is commercially viable to show at the time, and they discard the rest. That is how cloud gaming will work as well.
The new Great Library is already burning, and we are only just beginning to smell the smoke.
When Corporations Own History, They Change It
The DRM found in digital app stores today poses a significant threat to our future understanding of history. Sure, the companies that create this software own the rights to these products now, but once a work becomes consumed and embedded into mass culture, it belongs to the ages. It assumes a role larger than that of a mere commercial product, and copies of the work should be protected and preserved as cultural treasures.
It’s hard to protect and preserve that which is liable to change or disappear at any time. If VHS tapes worked like app stores, George Lucas could force all of us to upgrade our purchased Star Wars films to the Special Edition versions (to maintain compatibility with LucasOS, of course), overwriting the old ones in the process. Heck, one day he could decide he doesn’t like the movies at all and replace them with copies of Willow. It would be within his legal rights, but it would also be cultural robbery.
It bugs me that iOS software today updates at a galloping pace that deletes previous versions unless you’ve taken pains to archive them. It is convenient and wonderful functionality in many ways, but the practice also rewrites history with every download. What if Photoshop had been updated that way throughout the 1990s? Would anyone have a copy of the first version that could work with layers? Such a historically important piece of software would be lost. Similarly, if we move to a completely controlled, single-source, automatic update scheme for all PC applications–it’s almost here with Windows 8, by the way–we will be destroying digital artifacts with a fervor heretofore unseen.
By accepting restrictive DRM into our lives, we are giving not only software publishers, but all media publishers the power to erase, control, or manipulate digital cultural history if they choose. That is why DRM feels fundamentally wrong from a humanistic standpoint: it conspires, in conjunction with time, to deprive humanity of its rightfully earned cultural artifacts.
To be sure, every creator of software should be rewarded appropriately with exclusive rights of reproduction for a certain period of time, as they are now, but only in a soft legal sense, not with a virtual lock and key that stymies the preservation of history.
Let’s not repeat what happened 2000 years ago in Alexandria. The only scrolls that survived the burning of the Great Library were those that had been copied and distributed, likely without the permission of their authors. (Unfortunately, library officials strictly limited library access to prevent this, so very few texts escaped destruction.) If we don’t open the doors to the legal preservation of all software, civilizations thousands of years from now will only possess copies of programs that pirates illegally duplicated and distributed while the works were still officially available.
The cultural impact of software easily equals that of any other creative work. It is time to legitimately preserve this digital art form in libraries alongside books and films. Setting up such a library, however, is a very difficult proposition.
The Plight of the Digital Librarian
If you wanted to study the history of our culture up to the present, you’d probably turn to a library. There you can find comprehensive collections of analog data to study for free. If you want to study software in the same way, you’re out of luck: operating a practical, comprehensive software library is currently illegal in the United States.
Don’t get me wrong: it is possible to create a legal software library, but its implementation would make it nearly useless. The best a library can hope to do, within its legal limits, is to stock physical copies of officially duplicated software media on physical shelves. That means that all the problems with decaying and obsolete media come along with it. There’d be plenty of bulk and very little guarantee that you’d be able to access what is sitting in the stacks.
A more practical approach for a software library would be to liberate the data from fixed media and store it in arrays of redundant hard disks. Librarians could upgrade the arrays over time to avoid obsolescence, and the software could be painlessly transferred over a network to be run on emulators (which would simulate the original software platforms) for historical study.
Unfortunately, the practical approach doesn’t work because it’s currently illegal under US copyright law to copy software — a necessary part of freeing it from its original media — and then share it with the public without the publisher’s permission. (The law provides for legal backup copies, but you can’t share them with other people.) Moreover, it’s illegal under the Digital Millennium Copyright Act (DMCA) to circumvent copy protection schemes to actually make those copies in the first place.
Right now, there exist libraries that store floppy disks on their shelves as if they were books. These organizations make the mistake of assuming that, like books, the data on computer disks will last indefinitely if carefully shielded from the elements. But there is nothing they can do to ultimately stop the loss of data. The data needs to be copied onto a new medium. At some point, the law needs to be broken — or changed.
Copyright’s Obsolete Legal Assumption
Current U.S. copyright laws have good intentions, but they ultimately jeopardize the survival of digital property because they do not take into account the rapid pace of digital media decay and obsolescence.
Our body of copyright law makes a 19th-century-style legal assumption that the works in question will stay fixed in a medium safely until the works become public domain, when they can then be copied freely. Think of paper books, for example, which can retain data for thousands of years under optimal conditions.
In the case of digital data, many programs will vanish from the face of the earth decades before the requisite protection period expires (the life of the author plus 70 years in the U.S.). Media decay and obsolescence will claim that software long before any libraries can make legal, useful backups.
A potential solution would be to limit copyright terms on software to a more reasonable period of time — say, 20 years maximum. Then archivists would have a far greater chance of properly retrieving and storing the old software before it deteriorated into oblivion.
It should also be permanently legal for librarians to circumvent copy protection schemes to archive software. Currently, limited exemptions to the DMCA provide temporary DRM-breaking provisions under very narrow circumstances, but that is not enough.
As an alternative, a new law could require publishers that seek copyright protection to deposit DRM-free versions of software to the U.S. Library of Congress for media-independent archival. The software could later be digitally “checked out” on a limited basis by patrons doing research. If necessary, these digital library materials could become available only after a period of time, say five years, to further protect commercial interests
Don’t Let Software Disappear
We live in a civilization dominated by commerce and those who benefit from it, so we instinctively want to protect those who fairly engage in business. There are those among us who, in pursuit of that goal, would like to assault piracy with heavy-handed legislation. But piracy, which is endemic to and inseparable from digital distribution, can never be fully controlled without depriving freedom. Legislation that attempts to do so will only drive the practice further underground while punishing those who don’t even engage in it by crippling the technology that allows software to exist in the first place.
The Four Forces of Software Decay
There are four main techno-cultural forces pushing software toward extinction.
Force 1: Physical Decay
No form of digital media holds data forever. Every computer data storage medium physically deteriorates over time, losing data in the process.
Force 2: Medium Obsolescence
As technical innovations continue, every storage format will become obsolete and rarely used at some point, making retrieving the data in the future difficult.
Force 3: Copy Deterrence
For economic reasons, software publishers have historically tried to deter users from copying the publisher’s software without permission. These methods prevent the legitimate archival of software.
Force 4: Economic Obsolescence
Every software product has a limited market lifespan, which is the result of rapid technological progress. This means that software will only be duplicated and distributed commercially for a short period of time.
At the moment, you can obtain just about any entertainment work or software program for free if you try hard enough. Despite that, millions of people still pay real money to obtain legal copies of software, films, and music, in the process making those industries bigger and more profitable than ever.
The fact that people still buy access to digital media in large numbers means that piracy is simply not the problem they think it is. In fact, piracy is itself the solution to another problem: the problem of over-protected intellectual property. It would be wonderful if those companies utilizing strict DRM and pushing for aggressive anti-piracy legislation saw the need to be a little less profiteering for the greater historical good, but since that is rarely the objective of the free market, don’t hold your breath.
It is up to us, as a generation, to preserve our cultural history. We must also push for reforms in copyright law that allow software to take its rightful place in historical archives without the need to rely upon the work of pirates.
If you love software, buy it, use it, and reward the people who make it. I do it all the time, and I support the industry’s right to make money from its products. But don’t be afraid to stand up for your cultural rights. If you see strict DRM and copy protection that threatens the preservation of history, fight it: copy the work, keep it safe, and eventually share it so it never disappears.
Some people may think ill of your archival efforts now, but they’re on the wrong side of history: no one living 500 years from now will judge your infringing deeds harshly when they can load up an ancient program and see it for themselves.
It’s time to end the failed war on drugs
By Richard Branson
Just as prohibition of alcohol failed in the United States in the 1920s, the war on drugs has failed globally. Over the past 50 years, more than $1 trillion has been spent fighting this battle, and all we have to show for it is increased drug use, overflowing jails, billions of pounds and dollars of taxpayers’ money wasted, and thriving crime syndicates. It is time for a new approach.
Too many of our leaders worldwide are ignoring policy reforms that could rapidly reduce violence and organised crime, cut down on theft, improve public health and reduce the use of illicit drugs. They are failing to act because the reforms that are needed centre on decriminalising drug use and treating it as a health problem. They are scared to take a stand that might seem “soft”.
But exploring ways to decriminalise drugs is anything but soft. It would free up crime-fighting resources to go after violent organised crime, and get more people the help they need to get off drugs. It’s time to get tough on misguided policies and end the war on drugs.
I was fortunate to be part of the Global Commission for Drug Policy, along with the former US Secretary of State George Shultz, former UN Secretary-General Kofi Annan, President Cardoso of Brazil and the likes of the former UN High Commissioner for Human Rights, Louise Arbor, and the former chairman of President Obama’s Economic Recovery Advisory Board, Paul Volcker. We studied international drug policy over the past 50 years, and found that it has totally failed to stop the growth and diversification of the drug trade. Between 1998 and 2008, opiate use increased by more than 34 per cent, even as prison populations swelled and profits for drug traffickers soared.
As these grim trends show, the two strategies at the core of drug control policy have been ineffective. First, prohibition and enforcement efforts have failed to dent the production and distribution of drugs in any part of the world. Second, the threat of arrest and punishment has had no significant deterrent effect on drug use.
Unless this issue is tackled now, countless individuals and families will continue to suffer, no matter how much money is spent. We need a debate on how policy can cut consumption and reduce harm, rather than inflammatory scaremongering. It is not about supporting drug use; it is about solving a crisis.
Drugs are dangerous and ruin lives. They need to be regulated. But we should work to reduce the crime, health and social problems associated with drug markets in whatever way is most effective. Broad criminalisation should end; new policy options should be explored and evaluated; drug users in need should get treatment; young people should be dissuaded from drug use via education; and violent criminals should be the target of law enforcement. We should stop ineffective initiatives like arresting and punishing citizens who have addiction problems.
The next step is simple: countries should be encouraged to experiment with new policies. We have models to follow. In Switzerland, the authorities employed a host of harm-reduction therapies, and successfully disrupted the criminal drug market. In Portugal, decriminalisation for users of all drugs 10 years ago led to a significant reduction in heroin use and decreased levels of property crime, HIV infection and violence. Replacing incarceration with therapy also helped create safer communities and saved the country money – since prison is far more expensive than treatment. Following examples such as these and embracing a regulated drugs market that is tightly controlled and complemented by treatment – not incarceration – for those with drug problems will cost taxpayers a lot less.
Even with these examples, we do not yet know what will work best. New policies should be evaluated according to the scientific evidence. But we can say now that these policies should focus on the rights of citizens and on protecting public health. Drug policy should be a comprehensive issue for families, schools, civil society and health care providers, not just law enforcement.
To evaluate such policies, we should stop measuring their success according to such indicators as numbers of arrests, prosecutions and drug seizures, which turn out to have little impact on levels of drug use or crime. We should instead measure the outcomes in the same way that a business would measure the results of a new ad campaign. That means studying things like the number of victims of drug-related violence and intimidation, levels of corruption connected to the drug market, the amount of crime connected to drug use, and the prevalence of dependence, drug-related mortality and HIV infection.
Many political leaders and public figures acknowledge privately that repressive strategies have only made the drug problem worse. It took 14 years for America’s leaders to repeal Prohibition. After 50 years of the failed drug war, it is time for today’s leaders to find the courage to speak out.
For all the successes I’ve had in business, I’ve also learnt to accept when things go wrong, work out why, and try to find a better way. The war on drugs is a failed enterprise. We need to have the courage to learn the lessons and move on.
What Does Twitter’s Country-by-Country Takedown System Mean for Freedom of Expression?
Yesterday, Twitter announced in a blog post that it was launching a system that would allow the company to take down content on a country-by-country basis, as opposed to taking it down across the Twitter system. The Internet immediately exploded with allegations of censorship, conspiracy theories about Twitter’s Saudi investors and automated content filtering, and calls for a January 28 protest. One thing is clear: there is widespread confusion over Twitter's new policy and what its implications are for freedom of expression all over the world.
Let’s get one thing out of the way: Twitter already takes down some tweets and has done so for years. All of the other commercial platforms that we're aware of remove content, at a minimum, in response to valid court orders. Twitter removes some tweets because they are deemed to be abuse or spam, while others are removed in compliance with court orders or DMCA notifications. Until now, when Twitter has taken down content, it has had to do so globally. So for example, if Twitter had received a court order to take down a tweet that is defamatory to Ataturk--which is illegal under Turkish law--the only way it could comply would be to take it down for everybody. Now Twitter has the capability to take down the tweet for people with IP addresses that indicate that they are in Turkey and leave it up everywhere else. Right now, we can expect Twitter to comply with court orders from countries where they have offices and employees, a list that includes the United Kingdom, Ireland, Japan, and soon Germany.
Twitter's increasing need to remove content comes as a byproduct of its growth into new countries, with different laws that they must follow or risk that their local employees will be arrested or held in contempt, or similar sanctions. By opening offices and moving employees into other countries, Twitter increases the risks to its commitment to freedom of expression. Like all companies (and all people) Twitter is bound by the laws of the countries in which it operates, which results both in more laws to comply with and also laws that inevitably contradict one another. Twitter could have reduced its need to be the instrument of government censorship by keeping its assets and personnel within the borders of the United States, where legal protections exist like CDA 230 and the DMCA safe harbors (which do require takedowns but also give a path, albeit a lousy one, for republication).
Twitter is trying to mitigate these problems by only taking down access to content for people coming from IP addresses the country seeking to censor that content. That's good. For now, the overall effect is less censorship rather than more censorship, since they used to take things down for all users. But people have voiced concerns that "if you build it, they will come,"--if you build a tool for state-by-state censorship, states will start to use it. We should remain vigilant against this outcome.
In the meantime, Twitter is taking two additional steps to ensure that users know that the censorship has happened. First, they are giving users notice when they seek that content. Second, they are sending the notices they receive to the Chilling Effects Project, which publishes the orders, creating an archive. Note: EFF is one of the partners in the Chilling Effects project. So far, of very big websites only Google and Wikipedia are this transparent about what they take down or block and why. When Facebook takes down a post, there is no public accountability at all. Through Chilling Effects, users can track exactly what kinds of content Twitter is being asked to censor or take down and how that happened.
So what should Twitter users do? Keep Twitter honest. First, pay attention to the notices that Twitter sends and to the archive being created on Chilling Effects. If Twitter starts honoring court orders from India to take down tweets that are offensive to the Hindu gods, or tweets that criticize the king in Thailand, we want to know immediately. Furthermore, transparency projects such as Chilling Effects allow activists to track censorship all over the world, which is the first step to putting pressure on countries to stand up for freedom of expression and put a stop to government censorship.
What else? Circumvent censorship. Twitter has not yet blocked a tweet using this new system, but when it does, that tweet will not simply disappear—there will be a message informing you that content has been blocked due to your geographical location. Fortunately, your geographical location is easy to change on the Internet. You can use a proxy or a Tor exit node located in another country. Read Write Web also suggests that you can circumvent per-country censorship by simply changing the country listed in your profile.
20120126
Australia - ISP data retention still an issue, Ludlam warns
Greens Senator Scott Ludlam has warned that a secretive proposal — known as ‘data retention’ — by the Attorney-General’s Department to force internet service providers to store a wealth of information pertaining to Australians’ emails and telephone calls is still an issue, with the public needing to remain vigilant on how the Government handles Internet surveillance.
The proposal — known popularly as ‘OzLog’ — first came to light in June 2010, when AGD confirmed it had been examining the European Directive on Data Retention (PDF) to consider whether it would be beneficial for Australia to adopt a similar regime. The directive requires telcos to record data such as the source, destination and timing of all emails and telephone calls – even including internet telephony.
In August the Attorney-General’s Department confirmed to iTNews that it was still considering the introduction of a data retention regime separately from the sort of watered down data ‘preservation’ rules being introduced in new cybercrime legislation. Delimiter has this week filed a Freedom of Information request with the Attorney-General’s Department in an effort to ascertain the precise current state of the data retention proposal.
Speaking at Electronic Frontiers Australia’s ‘War on the Internet’ event on Saturday in Melbourne (full video available online here), Ludlam, who is the Communications Spokesperson for the Greens, said much of the thinking around the data retention proposal had been integrated into new cybercrime legislation introduced in mid-2011.
Ludlam said the proposal had been narrowed down to a degree to which most people would find ‘reasonable’, in that law enforcement agencies could, for example, request ISPs to keep all available data on people suspected of committing major crimes such as terrorism — a technique he described as “hold that person’s everything, until we tell you not to any more”.
However, the Greens Senator warned, that cybercrime legislation could “mutate” into something completely different. “Maybe let’s trap all the data of these categories of people,” he said, appearing to refer to the political activist community, many members of whom had gathered at the Melbourne event. “Or these postcodes of people.”
“We know that that agenda is there,” Ludlam said, referring to the potential to “broaden out” the applications of the data retention system. “And it’s going to take sustained work to prevent that from happening. Once these systems and structures are in place, they are abused, almost by definition.”
Ludlam highlighted a Sydney Morning Herald article published several weeks ago which revealed that the Federal Resources and Energy Minister, Martin Ferguson, had secretly pushed for increased surveillance by police of environmental activists who had been protesting peacefully at coal-fired power stations and coal export facilities, with some of the work being carried out by a private contractor, the National Open Source Intelligence Centre (NOSIC).
The Greens Senator said his party would be filing freedom of information requests with the Government to find out why it thought it was appropriate, “at taxpayer’s expense, to surveil” activists who were legitimately drumming up interest in the environment. Ludlam said he presumed the Government was also tracking animal rights and anti-nuclear campaigners as well.
Hacker luminary Jacob Appelbaum, who also spoke at the event, said data retention weakened the whole of society as such systems would eventually be compromised by criminals both in Australia and internationally. With data retention, authorities could “retroactively police the population,” he acknowledged.
However, once a database like that existed, he said, that database would be stolen, leading to a point where criminals would find it very easy to commit crimes because they would be able to generate a precise pattern of people’s personal movements from the data — for example, “knowing where a car is regularly parked so you can steal it”.
Appelbaum encouraged Australian telecommunications engineers to find the points in their networks where law enforcement officials were able to connect to conduct surveillance such as wire tapping and disclose those points to the public. “Find those, and expose them. Tell journalists. Tell MPs like this guy over here,” he said, pointing at Ludlam. Ludlam highlighted the fact that it was only through the efforts of such public spirited individuals — which leaked the proposal to the media — that the data retention proposal had come to light in the first place.
Ludlam also warned of the potential for a reshuffle of cybercrime resources within the Federal Government to lead to dangerous outcomes in the area. In late December, a new cybersecurity unit was quietly formed within the Prime Minister’s Department, although the Government has not yet clarified what its responsibilities will be.
“We have a major restructure that just occurred in the commonwealth — a super-portfolio, drawn together in the Prime Minister’s office from fragments in Defence, Foreign Affairs, Communications, some presumably copyright stuff and commercial stuff that has all come together,” Ludlam said. “… really most of that sat in the former Attorney-General’s Office … [it was] picked up and moved to the PM’s office. And that’s important. We are getting a cyber-safety strategy at some point this year. That’s going to be very important to watchdog to watch how they’re thinking and what they’re doing, because all kinds of sneaky and nasty agendas are going to creep into that thing.”
Hawaii may keep track of all Web sites visited
by Declan McCullagh
Hawaii's legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit.
Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says "Internet destination history information" and "subscriber's information" such as name and address must be saved for two years.
H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week.
Last summer, U.S. Rep. Lamar Smith (R-Texas) managed to persuade a divided committee in the U.S. House of Representatives to approve his data retention proposal, which doesn't go nearly as far as Hawaii's. (Smith, currently Hollywood's favorite Republican, has become better known as the author of the controversial Stop Online Piracy Act, or SOPA.)
Democrat Jill Tokuda, the Hawaii Senate's majority whip, who introduced a companion bill, S.B. 2530, in the Senate, told CNET that her legislation was intended to address concerns raised by Rep. Kymberly Pine, the first Republican elected to her Oahu district since statehood and the House minority floor leader.
"I was asked to introduce the Senate companions on these Internet security related bills by Representative Kymberly Marcos Pine after her own personal experience in this area," Tokuda said. "I would defer to her on the origins of these bills as she has done the research and outreach, and been the main champion of this effort."
Pine, who did not immediately respond to queries, has been targeted by a disgruntled Web designer, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter. Her e-mail account was also reportedly hacked around the same time. The article said Pine would advocate for "tougher cyber laws at the Hawaii State Capitol" as a result.
"We must do everything we can to protect the people of Hawaii from these attacks and give prosecutors the tools to ensure justice is served for victims," Pine said at the time.
Whatever its sponsors' motivations, the bill isn't exactly being welcomed by Hawaiian Internet companies.
"This bill represents a radical violation of privacy and opens the door to rampant Fourth Amendment violations," says Daniel Leuck, chief executive of Honolulu-based software design boutique Ikayzo, who submitted testimony opposing the bill. He adds: "Even forcing telephone companies to record everyone's conversations, which is unthinkable, would be less of an intrusion."
Mizuno's proposal currently specifies no privacy protections, such as placing restrictions on what Internet providers can do with this information (like selling user profiles to advertisers) or requiring that police obtain a court order before perusing the virtual dossiers of Hawaiian citizens. Also absent are security requirements such as mandating the use of encryption.
Because the wording is so broad and applies to any company that "provides access to the Internet," Mizuno's legislation could sweep in far more than AT&T, Verizon, and Hawaii's local Internet providers. It could also impose sweeping new requirements on coffee shops, bookstores, and hotels frequented by the over 6 million tourists who visit the islands each year.
"H.B. 2288 raises all of the traditional concerns associated with data retention, and then some," Kate Dean, head of the U.S. Internet Service Provider Association in Washington, D.C., which counts Verizon and AT&T as members, told CNET. "And this may be the broadest mandate we've seen."
Even the Justice Department has only lobbied the U.S. Congress to record Internet Protocol addresses assigned to individuals--users' origin IP address, in other words. It hasn't publicly demanded that companies record the destination IP addresses as well.
In Washington, D.C., the fight over data retention requirements has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller.
Insane English copyright ruling creates ownership in the idea of a photo's composition
By Cory Doctorow
In a bizarre ruling, an English court has ruled that in favor of a commercial poster company that argued that a photo that showed a similar (but different) scene taken by a different person in a different place nevertheless infringed the copyright of a poster. What the judge ruled was that photographing a scene that is "substantially similar" to a scene someone else has already photographed infringes the first shooter's copyright.
It's impossible to understand how this will play out in real life. If a Reuters and an AP photographer are standing next to each other shooting the Prime Minister as he walks out of a summit with the US President, their photos will be nearly identical. Will the slightly faster shutter on the AP shooter's camera give him the exclusive right to publish a photo of the scene from the press-scrum?
The judge here ruled that the idea of the image was the copyright, not the image itself. Ideas have always been exempt from copyright, because courts and lawmakers have recognized the danger of awarding ownership over ideas. Indeed, the "idea/expression split" is pretty much the first thing you learn in any copyright class.
Amateur Photographer quotes "photographic copyright expert Charles Swan" who warns, "The Temple Island case is likely to herald more claims of this kind."
Yeah, no shit. This creates a situation where anyone who owns a large library of photos -- a stock photography outfit -- can go through its catalog and start suing anyone with deep pockets: "We own the copyright to 'two guys drinking beer with the bottoms of the mugs aimed skyward!'" It's an apocalyptically bad ruling, and an utter disaster in the making.
Swan warned: 'The Temple Island case is likely to herald more claims of this kind. The judgement should be studied by anyone imitating an existing photograph or commissioning a photograph based on a similar photograph.
'“Inspiration' and “reference” are fine in themselves, but there is a line between copying ideas and copying the original expression of ideas which is often a difficult one to draw.'
Though, in the past, the cost of such court actions has made them 'uneconomic to pursue' this is all about to change, added Swan. 'The UK government has accepted a recommendation in the Hargreaves Report that the Patents County Court… should operate a small claims procedure for intellectual property claims under £5,000.'
20120125
Europe proposes a "right to be forgotten"
By Peter Bright
European Union Justice Commissioner Viviane Reding has proposed a sweeping reform of the EU's data protection rules, claiming that the proposed rules will both cost less for governments and corporations to administer and simultaneously strengthen online privacy rights.
The 1995 Data Protection Directive already gives EU citizens certain rights over their data. Organizations can process data only with consent, and only to the extent that they need to fulfil some legitimate purpose. They are also obliged to keep data up-to-date, and retain personally identifiable data for no longer than is necessary to perform the task that necessitated collection of the data in the first place. They must ensure that data is kept secure, and whenever processing of personal data is about to occur, they must notify the relevant national data protection agency.
The new proposals go further than the 1995 directive, especially in regard to the control they give citizens over their personal information. Chief among the new proposals is a "right to be forgotten" that will allow people to demand that organizations that hold their data delete that data, as long as there is no legitimate grounds to hold it.
It's not 1995 anymore
The 1995 Directive was written in a largely pre-Internet era; back then, fewer than one percent of Europeans were Internet users. The proposed directive includes new requirements designed for the Internet age: EU citizens must be able to both access their data and transfer it between service providers, something that the commission argues will increase competition. Citizens will also have to give their explicit permission before companies can process their data; assumptions of permission won't be permitted, and systems will have to be private by default.
These changes are motivated in particular by the enormous quantities of personal information that social networking sites collect, and the practical difficulties that users of these services have in effectively removing that information. Reding says that the new rules "will help build trust in online services because people will be better informed about their rights and in more control of their information."
Where do the claimed savings come from? EU member states currently comply with the 1995 Directive, but each of the 27 states has interpreted and applied these rules differently. The European Commission argues that this incurs unnecessary administrative burdens on all those involved with handling data. The new mandate would create a single set of rules consistent across the entire EU, with projected savings for businesses of around €2.3 billion (US$2.98 billion) per year.
With rules streamlined throughout the trading bloc, companies would in turn only have to deal with the data protection authorities in their home country, rather than in every state in which they trade.
The new rules would also reduce the routine data protection notifications that businesses must currently send to national data protection authorities, allowing further savings of €130 million (US$169 million). However, organizations that handle data will have greater obligations in the event of data breaches: they will have to notify data protection authorities as soon as possible, preferably within 24 hours.
The rules will also apply to companies that process data abroad, if those companies serve the EU market and EU citizens.
Non-compliance will be punishable by the national data protection authorities, and they will be able to apply penalties of up to €1 million (US$1.3 million) or two percent of global annual turnover.
The proposal will undergo discussion in the European Parliament. Once the rules are adopted, they will take effect within two years.
A mixed response
Industry responses to the proposals have been varied. While the harmonization and reduction of routine notifications is welcomed, some have rubbished Reding's claim that the new directive will reduce costs. For example, the Business Software Alliance's European government affairs director, Thomas Boué said, "The Commission's proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information."
Supporters of the new proposals argue that the new directive will force companies to do things that they should already be doing. Christian Toon, head of information security at document management firm Iron Mountain, says, "Many businesses of all sizes are falling short of what is required to manage information responsibly. [...] Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation."
Indeed, many of the provisions of the new directive have similar counterparts in the existing directive, and others are features of national law of some, but not all, EU member states. For example, current law gives citizens the right to have inaccurate data about them corrected. In some countries, such as the UK, this extends to a right to have that inaccurate data deleted outright. In others, such as Belgium, Germany, and Sweden, it does not. The new rules would make that right to delete universal, and would make it apply even for accurate data that is no longer necessary.
This is the so-called "right to be forgotten". The proposal does not create a right to be thrown down the memory hole or rewrite the past; news reports and similar material would be a legitimate reason to retain personal information, and this would override a demand to have data deleted. But sites like Facebook—which has had difficulties with the concept of deletion—and Google would likely be required to purge any such personal data should someone demand that they do so.
A strict "opt-in" requirement for the use of personal data could make advertising-funded services that rely on that personal data to properly target advertisements difficult to operate. The requirement to report breaches in 24 hours might also be difficult to fulfil, since it can take much longer for a breach to even be detected.
The new rules would create an interesting predicament for a company like Google. The search giant has just announced its new privacy policy that enables it to collect and aggregate data from almost all Google services, with no provision to opt out or restrict the processing the company performs to private data. This is the opposite of the "private by default" policy that the proposed rules require, and the only way that Google users will attain that privacy is by not creating or using a Google account.
When asked about the impact of the new rules, a Google spokesperson told Ars: "We support simplifying privacy rules in Europe to both protect consumers online and stimulate economic growth. It is possible to have simple rules that do both. We look forward to debating the proposals over the coming months."
But still, this is not a fundamental shift in the demands placed on data-holding organizations. They must already be able to identify personal data, they must already store it securely, and they must already be able to provide it on-demand. Doing these things requires that systems are designed appropriately, and this can certainly incur costs—but they are costs that should already exist today.
20120124
Disappointing Ruling in Compelled Laptop Decryption Case
A federal district court in Colorado has handed down an unfortunate early ruling (pdf) in a case in which the government is attempting to force a criminal defendant to decrypt the contents of a laptop.
In United States v. Fricosu, the government seized several computers from the home of a woman charged with mortgage fraud, including a laptop containing encrypted information. Prosecutors asked the court (pdf) to force the woman to either type an encryption passphrase into the laptop to decrypt the information or turn over a decrypted version of the data, relying heavily on the fact that the government recorded a conversation between Fricosu and her ex-husband in which the government says she admitted that the laptop was hers and she knew the password. EFF filed an amicus brief (pdf) in July, arguing she had a Fifth Amendment privilege against self-incrimination that prevented the government from compelling her to disclose the data.
The Fifth Amendment protects a person from being forced to be a witness against herself in a criminal case, a right often called the privilege against self-incrimination. The privilege doesn't prevent the government from gathering evidence from a person, but rather protects a person from being forced to make communications that would reveal the contents of her mind. The Supreme Court has held that it also applies to actions that communicate something of value—for example, producing records that would confirm the existence or authenticity of certain information, or the fact that a particular person had control over that data.
Regardless, the government can overcome the privilege by offering immunity that matches the scope of the protected right, since any information revealed after that wouldn't be incriminating. The government can also bypass the privilege if it already knows about existence, location and possession of the evidence it seeks, such that forcing a person to turn over that information won't tell the government anything more than it already knows. The government claimed that it had defeated Fricosu's privilege in both of these ways.
In the order issued yesterday, the court dodged the question of whether requiring Fricosu to type a passphrase into the laptop would violate the Fifth Amendment. Instead, it ordered Fricosu to turn over a decrypted version of the information on the computer. While the court didn't hold that Fricosu has a valid Fifth Amendment privilege not to reveal that data, it seemed to implicitly recognize that possibiity. The court both points out that the government offered Fricosu immunity for the act of production and forbids the government from using the act of production against her. We think Fricosu not only has a valid privilege against self-incrimination, but that the immunity offered by the government isn't broad enough to invalidate it. Under Supreme Court precedent, the government can't use the act of production or any evidence it learns as a result of that act against Fricosu.
The court then found that the Fifth Amendment "is not implicated" by requiring Fricosu to turn over the decrypted contents of the laptop, since the government independently learned facts suggesting that Fricosu had possession and control over the computer. Furthermore, according to the court, "there is little question here but that the government knows of the existence and location of the computer's files. The fact that it does not know the specific content of any specific documents is not a barrier to production." We disagree with this conclusion, too. Neither the government nor the court can say what files the government expects to find on the laptop, so there is testimonial value in revealing the existence, authenticity and control over that specific data. If Fricosu decrypts the data, the government could learn a great deal it didn't know before.
In sum, we think the court got it wrong. Regardless, the result is a very specific to the facts of this case and is unlikely to have far-reaching consequences, even if it stands.
Professor Orin Kerr has more thoughts about this case here.
Supreme Court holds warrantless GPS tracking unconstitutional
By Timothy B. Lee
All nine justices of the Supreme Court ruled on Monday that police officers violated the Fourth Amendment rule against unreasonable search and seizure when they attached a GPS device to a suspect's car and tracked it for 28 days without a warrant. But the court was split down the middle on the reasoning. Four justices focused on the physical trespass that occurred when the police attached the device, four focused on the violation of the suspect's "reasonable expectation of privacy," and the final justice, Sonia Sotomayor, endorsed both theories.
The case involved a suspected drug dealer. The feds got a warrant to track his car with a GPS device and then "installed a GPS tracking device on the undercarriage of the Jeep while it was parked in a public parking lot." But agents installed it a day after the warrant had expired and in a location not authorized by the warrant—making the surveillance warrantless. (The feds also had to access the Jeep again a couple weeks later in order to change the GPS tracker's battery "when the vehicle was parked in a different public lot in Maryland.")
At trial, the GPS data was used to link the defendant to an alleged drug stash house that "contained $850,000 in cash, 97 kilograms of cocaine, and 1 kilogram of cocaine base." The defendant was sentenced to life in prison. The Supreme Court considered the question of whether the GPS tracking had been conducted legally.
Two theories
While the result was unanimous, the reasoning was not. A five-judge majority led by Justice Scalia, and including most of the court's conservatives, focused on the physical trespass involved in attaching the device to the car. "The Government physically occupied private property for the purpose of obtaining information," Scalia wrote. "We have no doubt that such a physical intrusion would have been considered a 'search' within the meaning of the Fourth Amendment when it was adopted."
The focus on physical trespass is significant because it suggests that GPS surveillance by other means—such as by obtaining data from the GPS device already included in many of our cell phones—would not violate the Fourth Amendment.
Three of the court's liberals signed a concurrence by Justice Alito, a conservative, that would have taken a stronger pro-privacy stance. Alito argued that extended warrantless tracking itself violates the Fourth Amendment regardless of whether the government committed a trespass to accomplish it.
Alito focused on the famous case of Katz v. United States that established the "reasonable expectation of privacy" test for violations of the Fourth Amendment. He argued that the trespass here was of little consequence to Fourth Amendment analysis, and that what really matters is that the defendant had a reasonable expectations that the details of his movements over a 28-day period would be private.
Scalia responded to this critique in his opinion. "Unlike the concurrence, which would make Katz the exclusive test, we do not make trespass the exclusive test," he said. "Situations involving merely the transmission of electronic signals without trespass would remain subject to Katz analysis."
Of course, because Scalia chose to rule on narrow trespass grounds, he doesn't actually explain how the "reasonable expectation of privacy" reasoning would apply to GPS tracking. That leaves this important body of law unsettled, which is worrying because it's becoming increasingly common for the police to obtain cell phone location data without a warrant.
Sotomayor attacks the third-party doctrine
Justice Scalia's opinion is the majority opinion only because Justice Sotomayor, an Obama appointee, signed onto it. But in addition to endorsing Scalia's position, she also filed a separate concurrence in which she endorsed both Scalia's concerns about physical trespass and Justice Alito's broader concerns about the dangers of warrantless GPS tracking.
"As Justice Alito incisively observes, the same technological advances that have made possible nontrespassory surveillance techniques will also affect the Katz test by shaping the evolution of societal privacy expectations," Sotomayor wrote. "Under that rubric, I agree with Justice Alito that, at the very least, 'longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.'"
Justice Sotomayor also raised an issue that neither Scalia or Alito addressed: the third party doctrine. That's the theory that we lose Fourth Amendment protection when we disclose information, such as bank records, cell phone locations, or the contents of our email inboxes, to a third party such as Bank of America, Verizon, or Google, respectively.
Sotomayor called the third-party doctrine "ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers."
Sotomayor's discussion of the third-party doctrine has no legal significance, since she was the only one to sign onto her concurrence. But it could prove to have greater significance in the long run. The existence of at least one justice who is skeptical of the doctrine will inspire privacy advocates to raise objections to the idea in future cases. And one of those cases is likely to reach the high court at some point in the future.
If Pajamas Are Outlawed, Only Outlaws Will Wear Pajamas
I guess that slogan does work better for guns, probably because that's something people might conceivably care about.
At least, until recently it honestly hadn't occurred to me that the wearing of pajamas, even in public, could cause any controversy. Maybe it should have, given the number of words I have directed at the nation's War on Sagging. See, e.g., "Georgia Town Enters Fight Against Sagging Pants," Lowering the Bar (Sept. 14, 2010) (noting that, at the time, at least a dozen state and local legislatures had taken up this critical issue). At least three Louisiana towns banned sagging, including Shreveport (a state ban failed in the Senate). As we can now see, failing to stand up for saggy pants has put our pajama bottoms at risk.
Michael Williams, a commissioner for Caddo Parish (which includes Shreveport), says he was horrified when he visited a local Walmart and espied a group of young miscreants "wearing pajama pants and house shoes." He was extra-horrified when he glanced at one of the young men and noticed that "at the part where there should have been underwear" - you know the part - one of his parts in particular was allegedly "showing through the fabric." Seems like existing law on indecent exposure should cover that, if it was really that bad, but Williams concluded further legislation was necessary.
"Pajamas are designed to be worn in the bedroom at night," said Williams, likely after extensive research on the history and design of pajamas. "If you can't [wear them to the] courthouse, why are you going to do it in a restaurant or in public?" (Um, because those aren't courthouses?) Williams also invoked the "slippery-slope" argument, of course. "Today it's pajamas," he said, "tomorrow it's underwear. Where does it stop?" Seems to me there's only one further step once you get to underwear. This guy is really not that imaginative.
Which raises the question of what such an ordinance might look like. It would have to define "pajamas," for one thing, which could be tricky. Williams has suggested the term could be defined as "a garment sold in the sleepwear section of department stores." But that puts our pajama rights in the hands of department-store managers, though it could also provide an easy way around the ban by just shelving pajamas differently. Maybe partly for this reason, the parish sheriff does not seem sold on the idea. "It's going to be very difficult to enforce the way it's described," he said. Doesn't mean they won't try; Shreveport has been enforcing its saggy-pants ban, reporting 31 "incidents" during 2010, one every 12 days or so, involving the "wearing of pants below the waist in public." Presumably no other crimes were committed in the city that year.
The Shreveport Times was able to locate two citizens who could be affected by the ban. Neither seemed too happy about it. "We all wear our pajamas out," said Tracy Carter. By "we," she meant herself and her three children, one of whom was wearing dinosaur pajamas at the time in flagrant violation of community standards. "They're covering everything," she said of her PJs. (Thankfully, they were.) Another pajama bandit was more outspoken. "I'm an American," said Khiry Tisdem, "and I can wear my [pajamas] anywhere I want." There is a First Amendment issue here, it's true, although some will ask what the Founders thought about this. "I'm a grown man," Tisdem continued, wearing pants with pictures of Stewie from Family Guy on them. "I can wear my clothes the way I want." We'll see about that.
Williams said he plans to "poll his fellow commissioners" on the topic in February, and presumably will then draft an ordinance to address the pajama crisis if a majority of them don't think this is stupid.
Judge: Fifth Amendment doesn't protect encrypted hard drives
By Timothy B. Lee
A federal judge has ruled that a Colorado woman can be compelled to decrypt her encrypted laptop so that the police can inspect it for incriminating evidence. The woman, Ramona Fricosu, is a defendant in a mortgage scam case. She had argued that the Fifth Amednment's privilege against self-incrimination protected her from having to disclose the password to her hard drive, which was encrypted using PGP Desktop.
In previous cases, judges have drawn a distinction between forcing a defendant to reveal her password and forcing her to decrypt encrypted data without disclosing the password. The courts have held that the former forces the defendant to reveal the contents of her mind, which raises Fifth Amendment issues. But Judge Robert Blackburn has now ruled that forcing a defendant to decrypt a laptop so that its contents can be inspected is little different from producing any other kind of document.
Fifth Amendment issues can also arise if acknowledging ownership of a laptop or the existence of relevant documents is itself incriminating. But the police had recorded a phone call between Fricosu and her husband in which she seemed to acknowledge ownership of the laptop and to reference incriminating material on it. Blackburn ruled that barring prosecutors from using the fact that she was able to decrypt the laptop as evidence against her in court would satisfy the Fifth Amendment concerns with compelled disclosure.
Fricosu's lawyer talked to CNET about the case and about his plans to appeal the ruling.
Dubois said that, in addition, his client may not be able to decrypt the laptop for any number of reasons. "If that's the case, then we'll report that fact to the court, and the law is fairly clear that people cannot be punished for failure to do things they are unable to do," he said.
Jurors: leave the information age—or go to jail
By Peter Bright
An English court has sentenced a juror to six months in prison for contempt of court after she performed research on the Internet and forced the abandonment of a criminal trial.
Psychology lecturer Theodora Dallas, 34, was a member of the jury in the trial of Barry Medlock, accused of causing grievous bodily harm. She looked up certain information related to the trial on the Internet, came across information concerning Medlock, and told her fellow jurors what she had found. One of them informed the judge, causing the judge to abandon the trial. Medlock was later retried and found guilty.
Dallas claims that she was searching for "grievous bodily harm"—a term of art in English law that encompasses wounding and serious injury—to learn what precisely it meant. She claims that she then added "Luton" to the search terms (the town in England where Dallas worked and the trial was being held), and came across a newspaper report that Medlock had been accused, and acquitted, of rape. Such information is not disclosed in trials lest it prejudice the jury.
Contempt of court proceedings were initiated by Attorney General Dominic Grieve. Three judges, including Lord Judge (sic; Igor Judge is an example of New Scientist's nominative determinism in action), the Lord Chief Justice, found her guilty. Lord Judge said that Dallas had deliberately disobeyed the trial judge's instructions not to search the Internet and that "the damage to the administration of justice is obvious."
This is not the only recent case of an English juror being imprisoned for misusing the Internet. In June 2011, Joanna Fraill was sentenced to eight months for contempt of court after contacting one defendant, Jamie Sewart, during a drug case, and researching another, Sewart's boyfriend Gary Knox. Sewart was acquitted early in the case, and then added Fraill as a friend on Facebook. Sewart asked Fraill about the deliberations over Knox's charges. Sewart received a two-month sentence; Knox is now attempting to have his six-year conviction overturned for jury misconduct.
Fraill felt guilty about what she had done and disclosed it to the court. The Lord Chief Justice acknowledged that Fraill had not attempted to pervert the course of justice, but nonetheless insisted on a custodial sentence to "ensure the continuing integrity of trial by jury."
Enforced ignorance
The position of the juror is a peculiar one. On the one hand, the juror is expected to draw on his experiences as a human when assessing the case presented to him. On the other, the juror is supposed to have essentially no outside knowledge, making his assessment only on the basis of the narrow set of facts presented during the trial. Simultaneously, he should be worldly and wise, but also ignorant and naive.
This has always created tensions, but they have never been more acute than today. Not only is information abundantly available—just type whatever you want to know about in a search engine of your choosing—it's expected and depended on. We don't like it when instant access gets taken away from us. The demand that jurors actively avoid informing themselves, while always unsettling for those of an inquisitive nature, has become completely out-of-step with modern life.
The blanket ban on Internet research also intuitively feels heavy-handed. Jurors in a court might well come across vocabulary and terminology that they're not familiar with; they might not know that a "caucasian male" means a white dude, or that "mens rea" refers to the guilty mind and intent to perform a criminal act. While jurors may, depending on jurisdiction and tradition, be permitted to direct demands for clarification to the judge, looking up such information on the Internet would seem harmless.
Clearly, not all Internet research is so innocuous. Learning that a defendant had previously been accused of rape, even if acquitted, may very well be prejudicial, and such findings are likely to taint the jury.
Between the two extremes of harmless dictionary-style research on the one hand and direct investigation into the defendant on the other is a world that is murky and uncertain. It would be difficult to argue that, for example, learning about the history of grievous bodily harm, and some of the notable relevant court decisions in English history, could lead to a juror making a decision that is unjust. But it might nonetheless lead them to make a decision that is different than the one they would otherwise have made.
Taking a hard line against Internet usage is the only way of avoiding "accidental" tainting. While Fraill admitted to deliberately searching for Gary Knox, Dallas did not claim to have directly sought information about Barry Medlock. Rather, she claims to have found the newspaper article after localizing her search on grievous bodily harm. Even searches that might be widely agreed to be harmless in and of themselves could reveal prejudicial information by accident.
The rules given to jurors are essentially unenforceable. Sequestration of juries is unusual. Most of the time, jurors are unsupervised when not in the courtroom, giving them ample freedom to read whatever they like on the Internet. Both Fraill and Dallas got caught only because they told other people what they had done; had they kept quiet, there would have been literally no way of knowing that they had broken the rules (especially as English jurors may not disclose their deliberations or thought processes to anyone, even after the trial has concluded).
In the world of paper research and legal libraries, fewer jurors were motivated to do the leg-work to learn about the case or its defendants (though the newspaper might pose a temptation when it provided reporting on high-profile cases). But in the modern world of search engines and Wikipedia, where similar research might be conducted routinely throughout the day—just look at how smartphone-toting twentysomethings deal with unfamiliar terms on a restaurant menu, for example—such research isn't just "not unusual," it's increasingly the norm. Against this backdrop, can courts continue to demand that jurors willingly place themselves in a bubble of ignorance, and are such demands even meaningful when they depend so heavily on self-incrimination to enforce?
Posts
