Computer underground Digest Wed Nov 19, 1997 Volume 9 : Issue 85 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.85 (Wed, Nov 19, 1997) File 1--BLOCKING SOFTWARE BY PUB LIBRARIES IS UNCONSTITUTIONAL File 2--Re: Cu Digest, #9.83, Wed 12 Nov 97 File 3--Reply to Bell's forthcoming post File 4--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 16 Nov 1997 13:22:32 -0600 From: Jonathan D. Wallace Subject: File 1--BLOCKING SOFTWARE BY PUB LIBRARIES IS UNCONSTITUTIONAL PURCHASE OF BLOCKING SOFTWARE BY PUBLIC LIBRARIES IS UNCONSTITUTIONAL A Briefing Paper by Jonathan D. Wallace, Esq. jw@bway.net (revised November 9, 1997) The following is intended for use by free speech advocates to oppose the installation of blocking software such as Cyberpatrol, Surfwatch, NetNanny or Cybersitter in public libraries. Permitted uses include basing your own correspondence or documents upon the research presented here, excerpting this document, or presenting it in its entirety to the people you are trying to influence. Please redistribute freely. Jonathan D. Wallace, Esq., is a New York City-based attorney, author and free speech advocate. He is the co-author, with Mark Mangan, of Sex, Laws and Cyberspace (Henry Holt 1996), and with Michael Green of two forthcoming law review articles, "Curing Metaphor Deficiency: The Internet, The Printing Press and Freedom of Speech" (Seattle University Law Review) and "Anonymity, Democracy and Cyberspace" (Hofstra Journal of Law and Legislation). Public libraries in Austin, Boston and elsewhere have decided to install blocking software on computers connected to the Internet. Other libraries around the United States are considering purchasing such software. The purpose of this paper is to summarize, for readers who are not themselves attorneys, the legal precedents that establish that the installation of blocking software by public libraries is unconstitutional under the First Amendment. Blocking software is defined as software products published by commercial software publishers which do any of the following: block access to Internet sites listed in an internal database of the product; block access to Internet sites listed in a database maintained external to the product itself; block access to Internet sites which carry certain ratings assigned to those sites by a third party, or which are unrated under such a system; scan the contents of Internet sites which a user seeks to view and block access based on the occurrence of certain words or phrases on those sites. Blocking software products currently on the market include Safesurf, Surfwatch, NetNanny, CyberPatrol and Cybersitter. It has been widely reported recently that these products go far beyond blocking "pornography". In fact, most block sites containing speech which is clearly First Amendment protected, such as the National Organization for Women site (http://www.now.org), blocked by Cybersitter, and the Electronic Frontier Foundation archive (http://www.eff.org), blocked by CyberPatrol. More information on political and lifestyle sites blocked by these products is available on the Peacefire Web pages , and in The Ethical Spectacle, maintained by the author of this paper. (. (Please note that both of these sites were themselves blocked by Cybersitter for their criticism of the product.) Most advocates of the use of blocking software by libraries have forgotten that the public library is a branch of government, and therefore subject to First Amendment rules which prohibit content-based censorship of speech. These rules apply to the acquisition or the removal of Internet content by a library. Secondly, government rules classifying speech by the acceptability of content (in libraries or elsewhere) are inherently suspect, may not be vague or overbroad, and must conform to existing legal parameters laid out by the Supreme Court. Third, a library may not delegate to a private organization, such as the publisher of blocking software, the discretion to determine what library users may see. Fourth, forcing patrons to ask a librarian to turn off blocking software has a chilling effect under the First Amendment. These points are each discussed at greater length, with citations to significant cases, below. I. The Pico Case Bans The Use of Blocking Software in Libraries In the leading case of Island Trees Board of Education v. Pico, 457 U.S. 853 (1982), the local board ordered removal from the school library of books including Bernard Malamud's The Fixer and Richard Wright's Black Boy. The Supreme Court held: Our Constitution does not permit the official suppression of ideas.... In brief, we hold that local school boards may not remove books from school library shelves simply because they dislike the ideas contained in those books and seek by their removal to "prescribe what shall be orthodox in politics, nationalism, religion, or other matters of opinion.".... Such purposes stand inescapably condemned by our precedents. Although Pico dealt expressly with the removal of books, it governs the use of blocking software for two reasons. First, blocking a Web site is analogous to removing a book. Second, Pico strongly implies that even the acquisition of books must be carried out according to certain standards imposed by the First Amendment. Therefore, whether you compare blocking Internet sites to removing books from the library or simply failing to acquire them, Pico suggests that the blocking of First Amendment-protected Internet content is illegal. i. The installation of blocking software by libraries constitutes an unconstitutional removal of materials from the library. The blocking of a web site is analogous to the removal of a book from a shelf. A library installing computers with full Internet access has, in effect, acquired the entire contents of the Internet. Blocking software which screens out sites based on their inclusion in a database of impermissible sites, or blocks them based on the occurrence of banned words or phrases, is effectively removing these resources from the library. Just as the board of education did in Pico, someone has gone through a thought process which resulted in the removal of materials based on their disfavored content. A court scrutinizing the constitutionality of blocking software in public libraries will certainly look closely at the process a software publisher follows in deciding to add a site to the blocked list. A site may be scanned for keywords by a software "spider" and then reviewed by a human being, or a human being may look at the site as a matter of first instance after hearing about it from another source or finding it in a search engine. In either case, the person reviewing the page is likely to be a low-compensated or part-time worker who spends only a few moments looking at a particular page before adding it to the blocked list. This accounts for the blocking by every available product of numerous pages pertaining to freedom of speech, AIDs, safe sex and other matters, as the presence of a keyword like "sex", "condoms", "gay" or "pornography" on a Web page is usually sufficient to cause it to be added to the blocked list. The thought process followed by the worker deciding to add a site to the blocked list bears no resemblance to that of a trained professional, the librarian, deciding to acquire a book for the library. It is, however, identical to the thought process of a harried censor rapidly scanning a printed work for suspect words or phrases, without taking the time to understand the work or place the suspect terms in context. Therefore, the installation of blocking software in a public library directly violates Pico's ban on the content-based removal of works from the library. ii. Pico also implies that the First Amendment governs the acquisition of content by the library. The pro-blocking forces rely on the Court's statement in Pico that: As noted earlier, nothing in our decision today affects in any way the discretion of a local school board to choose books to add to the libraries of their schools. Because we are concerned in this case with the suppression of ideas, our holding today affects only the discretion to remove books. Advocates of blocking argue that a library has no legal obligation to buy any particular book or to allow the viewing of any particular Web site. However, this reliance on Pico is misplaced. In limiting its decision to the facts before it, the Court was clearly not holding that a librarian could legally follow any imaginable agenda in the selection of books for acquisition. For example, it would not be constitutional for a public librarian to refuse to purchase anything by Malamud or Wright, based on the concerns of the Pico schoolboard. Similarly, a public librarian could not decide only to purchase books approved by the Christian Coalition. Pico's subtext is that only the librarian, and not anyone else, should decide what the library is to offer, and that the librarian is expected to do so pursuant to the standards of his or her profession. When a library installs blocking software, it chooses to exclude First Amendment-protected, socially valuable sites based on the obscure criteria or political agenda of the blocking software publisher. This point is further discussed in the next two sections. II. The Criteria Used By Blocking Product Publishers Are Vague and Overbroad and May Not Legally Be Adopted by Public Libraries While certain speech, such as obscenity, is considered outside the protection of the First Amendment and can be barred at will, the Constitution provides significant barriers to rules pertaining to protected speech. When a library installs blocking software, it is enforcing a set of rules determining which protected speech its users can access . These rules are inherently suspect under First Amendment principles and are likely to be held unconstitutional. In general, government rules regulating protected speech must be narrowly tailored to serve a compelling government interest. Rules that are overbroad or vague, and which attack too much speech, will almost inevitably fail. There is a certain irony in the failure of many commentators to draw the appropriate parallel between last June's ACLU v. Reno, 929 F. Supp. 824 (E.D. Pa. 1996) , aff'd __ U.S. ____ (1997), decision holding the Communications Decency Act (CDA) unconstitutional, and today's library controversy. The CDA banned speech on the Internet "depicting or describing" sexual "acts or organs", even if that speech otherwise had significant social value. A panel of three federal judges held the CDA to be overbroad, in that it would ban much valuable speech online. The examples given by the court included newsworthy reporting of female genital circumcision in Africa, and the dissemination of safe sex information. Advocates of the use of blocking software by libraries have failed to explain why, if the government could not directly ban the National Organization for Women pages via the CDA, it can do so indirectly through the use of blocking software. While the court referenced blocking software as a less restrictive alternative to government censorship, it did not mean use of blocking software by the government. It meant that a concerned parent could install a blocking product on a home computer (a clearly constitutional use, as there is no government action involved) obviating the need for laws banning content on the Internet. The court did not consider the use of blocking software by libraries. It did, however, decline to endorse the government's suggestion that an "-L18" rating scheme be mandated for all speech on the Net. A public library's installation of blocking software in effect circumvents the ACLU v. Reno ruling, by creating a customized Communications Decency Act applicable to the library's users. It is a constant of First Amendment cases that speech rules, in order to be constitutionally acceptable, must be clear enough to communicate to citizens which speech is legal and which is not. There is no consistent set of standards followed by blocking products, and almost all of the publishers refuse to disclose their database of blocked sites. Several have published the rules they follow in determining which sites to block; here is one example: "CYBERsitter Site Blocking Policies The CYBERsitter filter may block web sites and/or news groups that contain information that meets any of the following criteria not deemed suitable for pre-teen aged children by a general consensus of reports and comments received from our registered user - Adult and Mature subject matter of a sexual nature. - Pornography or adult oriented graphics. - Drugs or alcohol. - Illegal activities. - Gross depictions or mayhem. - Violence or anarchy. - Hate groups. - Racist groups. - Anti-semitic groups. - Advocating of intolerance. - Computer hacking. - Advocating violation of copyright laws. - Any site that publishes information interfering with the legal rights and obligations of a parent or our customers. - Any site maintaining links to other sites containing any of the above content. - Any domain hosting more than one site containing any of the above content. The above criteria is subject to change without notice." These criteria, if adopted by government to determine which speech to ban, would be struck down as unconstitutional just as quickly as a civil liberties organization could race into court and get a decision. These criteria as written ban speech about the listed items, in most cases even if the speech opposes the subject matter. For example, the ban on information about "drugs or alcohol" is so broadly written as to include sites maintained by anti-drug organizations or by Alcoholics Anonymous. Note that almost all of the criteria pertain to speech that, though disfavored by most people, is clearly constitutionally protected, and may legitimately be the subject of a child's research project: hate speech, speech about intolerance, and speech about illegal activities are three examples. None of the criteria make any exception for materials with social value. Thus the criteria would not permit a teenager to research a report about the Holocaust, which might fall under the ban on "gross depictions or mayhem", antisemitism or hate speech. If this seems unlikely, it isn't; CyberPatrol at one point blocked Nizkor, an important Holocaust archive, because it contained "hate speech." In fact, the criteria made available by every publisher of blocking software are equivalently vague. As the Supreme Court said in a leading case involving a Dallas movie rating scheme, " the restrictions imposed cannot be so vague as to set 'the censor....adrift upon a boundless sea...' In short, as Justice Frankfurter said, 'Legislation must not be so vague, the language so loose, as to leave to those who have to apply it too wide a discretion.'" Interstate Circuit v. Dallas, 390 U.S. 676 (1968). In summary, the criteria followed by every existing blocking product are far too vague and broad to meet the exacting standards of ACLU v. Reno and decades of Supreme Court precedents, even if the library had adopted these criteria itself. As we will see in the next section, the delegation by the library of its decision-making to private parties--the publishers of blocking software--is also unconstitutional. III. A Library Cannot Relegate to Private Parties The Authority to Determine What Its Users Can See Although the installation of blocking software by a library may be a politically expedient solution, it involves an illegal delegation of the library's authority to third parties. Since the library itself, as we established in the section above, could not validly enforce vague rules, it does not avoid the exacting requirements of the First Amendment by abdicating responsibility to the blocking software publisher. For example, federal courts have established that government cannot enact laws granting legal enforcement to the private ratings of the Motion Picture Association of America (MPAA). In MPAA v. Spector, 315 F.Supp. 824 (ED Pa. 1970), the court dealt with a Pennsylvania law making it a crime to permit a child to see a movie rated "R" or "X" under the MPAA scheme. The court held the law unconstitutional: The evidence clearly established that the Code and Rating Administration of the Association has itself no defined standards or criteria against which to measure its ratings. ...[I]t is manifest from a reading of Act No. 100 that, however well-intended, it is so patently vague and lacking in any ascertainable standards and so infringes upon the plaintiffs' rights to freedom of expression, as protected by the First and Fourteenth Amendments to the Federal Constitution, as to render it unconstitutional....[T]the attempted recourse to Association ratings is of no avail. Other federal courts have agreed that " it is well-established that the Motion Picture ratings may not be used as a standard for a determination of constitutional status", Swope v. Lubbers, 560 F.Supp. 1328 (W.D. Mich. 1983). As one judge tartly observed in Engdahl v. Kenosha, 317 F.Supp. 1133 (E.D. Wis. 1970): This determination as to what is proper for minors in Kenosha is made by a private agency, the Motion Picture Association of America. It was conceded at the hearing upon the present motion that if the Motion Picture Association utilized any standards whatsoever in reaching its judgments as to what is an 'adult' movie, the defendants are not aware of what these standards are. Similarly, most public libraries buying blocking software will do so with only a vague awareness, at best, of the standards (if any) followed by the software publisher. Under these clear legal precedents, a library cannot block its users from accessing Internet sites based upon a vague or undisclosed set of standards implemented by the publisher of the blocking software. IV. Requiring a Patron To Ask The Librarian To Turn Off Blocking Software Causes an Unconstitutional Chilling Effect Some blocking software allows the user to turn off particular categories of blocking, or to permit access selectively to blocked sites. Pro-blocking advocates argue that even when a product blocks a site erroneously, no harm is done, as the library user can request that the librarian grant access to it. This argument ignores significant Supreme Court precedents which hold that forcing someone who wishes to read controversial speech to request access to it chills the dissemination of such speech and is therefore is a violation of the First Amendment. In the case of Lamont v. Postmaster General 381 U.S. 301, 85 S.Ct. 1493 (1965), the Supreme Court invalidated section 305(a) of the Postal Service and Federal Employees Salary Act of 1962, 76 Stat. 840, which required postal patrons receiving "communist political propaganda" to specifically authorize the delivery of each such piece of mail. The Court found the Act to be unconstitutional "because it require[d] an official act (viz., returning the reply card) as a limitation on the unfettered exercise of the addressee's First Amendment rights." Id., at 304, 85 S.Ct. at 1495. The Court recognized the chilling effect such legislation would have on the exercise of freedom of expression by postal patrons, who may become dissuaded from accessing socially disfavored media: This requirement is almost certain to have a deterrent effect, especially as respects those who have sensitive positions. Their livelihood may be dependent on a security clearance. Public officials like schoolteachers who have no tenure might think they would invite disaster if they read what the Federal Government says contains the seeds of treason. Apart from them, any addressee is likely to feel some inhibition in sending for literature which federal officials have condemned as 'communist political propaganda.' The regime of this Act is at war with the 'uninhibited, robust, and wide-open' debate and discussion that are contemplated by the First Amendment. Justices Brennan and Goldberg, in a concurring opinion, said that "[T]he right to receive publications is....a fundamental right. The dissemination of ideas can accomplish nothing if otherwise willing addressees are not free to receive and consider them." More recently, the Court was asked to decide a similar issue related to cable programming, in Denver Area Educational Telecommunications Consortium v. FCC, 116 S.Ct. 2374 (1996). In question was the constitutionality of section 10(b) of the Cable Television Consumer Protection and Competition Act of 1992, 106 Stat. 1486, 47 U.S.C. '' 532(h), 532(j), which required cable providers to segregate and block indecent programming, sending it only to subscribers who requested it in writing. The Court found that the section was overly restrictive, "'sacrificing' important First Amendment interests for too 'speculative a gain.'" The Court found that the "written notice" requirement would discourage viewers concerned with their reputations from accessing such channels for fear that their names might be disclosed to others. Requiring librarians to drop what they are doing and unblock a site for a user is also an imposition on them. In Denver, the Court noted that the segregate and block requirement imposed "added costs and burdens....upon a cable system operator", encouraging the latter to ban the speech entirely to avoid the burden of unblocking it. Conclusion The installation of blocking software by a public library is clearly unconstititutional under relevant First Amendment case law. Please contact Jonathan Wallace at jw@bway.net with any comments or questions. For more information and for updated copies of this document, check the Censorware page. ------------------------------ From: bruce@UGCS.CALTECH.EDU(Bruce J. Bell) Subject: File 2--Re: Cu Digest, #9.83, Wed 12 Nov 97 Date: 16 Nov 1997 16:47:48 GMT Here is my response to Wade Riddick's article in CuD #8.83: >Date--Mon, 10 Nov 1997 15:01:24 -0600 (CST) >From--Wade Riddick >Subject--File 3--Response to Bell in #9.82 [...] > First, I must address a general misinterpretation of the goal I >have in mind. According to Mr. Bell, my plan for world domination is to >"design all computers to refuse to duplicate data with a copyright >notice." I don't know whose fault this misinterpretation is. Aside from world domination, what's the difference between Riddick's program and the above description? Read "digital copyright protocol" for "copyright notice" if you like, and the effect is the same: to require all computers to refuse to copy the protected data. Now, various schemes of this sort are already in place for various consumer electronics media (e.g., videotape, cable, satellite TV, DAT tape, and DVD players). However, these are all non-programmable embedded systems. The point of my original response is that the same model that works in embedded systems will not work for computers, for reasons that are not trivial, but universal and intractable. Riddick's program for copyright enforcement ("RPCE", for short) is based on the premise, "It is only a matter of balancing the interests involved". What weights to use in such a balance should certainly be considered carefully, but if you ignore everything outside these interests, you are setting yourself up for failure. You cannot simply legislate a thing to be so; you must consider your ability to enforce it, and the consequences of attempting to do so. The same goes double for trying to use the market, or the tort system, to accomplish a similar goal. If your ideal is too far from reality, the attempt won't work. [...] > He compares my proposal to the ill-fated Clipper Chip and then >goes on to ask, "why would anybody buy crippled computers when un-crippled >ones are available?" I have to ask if Mr. Bell has looked at the DVD >drives being sold and if he's aware of what the media industry is trying >to do to digital video. These devices already employ encryption. They are >essentially crippled computers and people are already buying them. > Furthermore, his analogy to the Clipper chip is flawed in that >Clipper applied to two way phone conversations. Encryption has long been >used as a distribution strategy for salable goods. Also, plenty of >'Clipper'-like open accounting procedures are provided for in many digital >currency schemes. They have to be or the financial institutions involved >would have criminal charges filed against them (something I'm sure we'd >all support, depending on the particular bank...). The analogy to the Clipper chip is only flawed inasmuch as RPCE requires that enforcement be universal, as opposed to the Clipper proposal, which at least gave lip-service to "letting the market decide". I agree that the DVD situation is deplorable, but I draw different conclusions from it than Mr. Riddick does. In fact, it's a perfect example of the problems of trying to force computers into a framework they do not fit. It will be completely ineffective against real pirates, it makes DVD more expensive, and (most importantly) it will be highly inconvenient for everyone concerned. It also requires draconian control, aspiring to make un-crippled DVD players unavailable (and preferably illegal). There may well be a place for prior restraint in digital currency systems. The difference is, again, that the digital currency is an embedded system; the computer doesn't have to deal with the cash in internal format. It doesn't have to do anything more than "push the buttons" on the embedded system (much like the idea behind the DVD's CSS ("Content Scrambling System")) I view RPCE as an attempt to move the "Content Scrambling System" model from an embedded system (the DVD drive and video decoder) to the computer, rather than as some improvement on it. > Moving on... > >>Although I'm sure this kind of proposal is a wet-dream to people in the >>recording industry, the movie industry, and the FBI, I doubt it will >>receive any kind of welcome from the computer industry, or from ISP's, or >>from the lowly consumer. > > I cannot pretend to know the sexual predilections of these groups >and I can only refer Mr. Bell to my concluding analysis of the conflicting >interests involved in settling this issue which he appears not to have >read. I omit the FBI for reasons I make clear in the letter (and if it's >Mr. Bell's assertion that the government shouldn't have the right to issue >search warrants to assist the victims of crime, he ought to stop being coy >and just say so). I also point out that this proposal will be anything >but an orgiastic financial fantasy to the distribution arms of the >entertainment industry. If he disputes these conclusions of mine, he >ought to attack my premises and reasoning instead of just saying I said >something else. I read Mr Riddick's entire letter; I was not convinced by it. I did not note any concrete financial analyses, just speculations. In his response, he suggests that the alternative to his program is all entertainment being controlled by "entertainment cartels", but fails to tell us why he thinks so. If you can compel a copyright enforcement protocol by the threat of civil liability, what is to keep the FBI from compelling a key escrow system by threat of criminal and civil liability combined? The precedent RPCE would set worries me as much as the direct consequences, which would be bad enough in themselves. Merely saying that "it would be possible" to preserve privacy does not mean it is likely. RPCE relies far too heavily on "trusted third-parties" without saying where we will get them. > As to the second half of the quotation, ISPs are *already* being >beaten in the head with the "liability stick," as Mr. Bell puts it. I >fail to see how by profiting from this beating they are any worse off. The fact that ISP's are being sued does not mean that it is a necessary part of the system. I suspect the fact that this is a new and unsettled field without clear laws and precedents is more responsible for this state of affairs. The appropriate solution is to clearly state that ISP's are not liable for the actions of their customers, rather than somehow using the "beating-principle" as a basis for your entire economic system! The notion that ISP's must find some way to profit from their own abuse hardly seems fair. [...] > About watermarks Mr. Bell states, > >>Consider that deliberate 'pirates' could take the simple expedient of >>finding multiple copies of the original work. Any elements in the >>plaintext that are identical between all instances could not be used to >>identify the original purchaser; while elements that differ are those >>that may contain purchaser information, and can be scrambled, deleted, or >>even ignored... > > More technically adept readers should stop me if I'm wrong here, >but watermarks are by their nature indelible. You can't strip them from a >picture without ruining the value of the picture. If you only distribute a single watermarked version of the data, you may be able to show, later, that you were the one who originated that version. There may be other things you can do with digital watermarks, as well. But, you cannot specify arbitrarily strong properties, and still expect that such a protocol is still possible. The above analysis simply indicates that there is no digital watermark that can be used in the manner described in RPCE. [...] >>I submit that no software developer would accept the requirements and >>limitations necessary for this proposal, even if they could sell it in a >>market where software without these limitations is available. Perhaps >>they, too, must be made liable for all users of their product..." > > I see no reason to advocate something that's already in the law. >Anyone who builds and releases tools with the explicit purpose of stealing >another's intellectual property is already liable. Indeed, I would hope >software developers welcome proposals to reduce the rather large piracy >rate robbing them of billions of dollars a year. This is an unresponsive reply. The problem is, building software tools that *cannot* be used to copy intellectual property is impractical. Computers are useful because they can copy, manipulate, transmit, and display data. To constrain all your tools so that they can't save, copy, or transmit data will make them largely useless. No software developer can make a useless product compete with a useful one. This is, again, straightforwardly following Richard Stallman's speculations that someday soon, development tools will be illegal. Only licensed software professionals will be allowed to use debuugers, since unethical hackers would otherwise use them to pirate software. And after all, programming is too hard for most people anyway, so it won't be much of a problem... [...] > This brings me to my final point about Mr. Bell's criticisms. >It's pretty clear that, given the enormous pressures involved, something's >going to change the status quo on copyright law. Mr. Bell fails to >propose a more attractive alternative, explain why it's better or why it >might be less expensive. In fact, he fails to take any account at all of >the profits lost to piracy, the potential liability costs faced by ISPs if >the law is changed/reinterpreted or the transaction costs that would be >raised should our goods be delivered through a cartelized publishing >industry. Well, certainly there are industries with lots of money complaining loudly about the advent of digital technology. The mere fact that they are complaining (or even that they have money) doesn't mean that they should get their way, though. There are lots of industries where the economic games involved are peculiar, and the way business gets done is far from ideal. Even without digital copying, the entertainment industry is one of them. Software piracy of various sorts isn't a new problem, and the software industry functions without a complete solution. ------------------------------ Date: Sun, 16 Nov 1997 15:03:22 -0600 (CST) From: Wade Riddick Subject: File 3--Reply to Bell's forthcoming post Please allow me to respond to Bruce J. Bell's forthcoming post in CuD. -- OK, for all five of you still following the debate I'll make a final stab at clearing up some of the smoke in this thread. It's clear to me now that Mr. Bell himself is responsible for misinterpreting the model, to what end I do not know. He apparently does not view the comment on "world domination" with much humor, skeptical or otherwise. Rather he embraces it literally and quite eagerly. So Mr. Bond, before I kill you, let me better explain my nefarious scheme... According to Bell, under my proposal "the effect is the same: to require all computers to refuse to copy the protected data." This is an attempt to maliciously redefine my terms. Nothing, I repeat, nothing would prevent a user from copying the protected, encrypted data. Nothing. You could send it anywhere. You could rent it. You could sell it. You could make multiple backups or possibly even incorporate parts of it in your own products. It is your 'copy' to do with as you please. But like virtual memory, one and only one copy 'exists' in the system at any given time. This is *the* crucial thing you need to understand about this system. Copyrights are a complex intellectual construct. Only the 'author' of a copyrighted good owns the natural right to make more copies. However, in the print world at least, the purchaser of a copy has many rights over that good similar to those of ordinary items. (Note that these rights have been progressively eroded in electronic mediums.) For instance, I can buy a copy of _Dr. No_, get tired of it, go down to the flea market and sell it for whatever price the market will bear. I cannot, however, set about printing up and selling new copies of _Dr. No_. That authority rests with the author (and thanks to contracts, increasingly with a big publisher). The special encrypted RAM cache in this model merely acts as a filter and a barrier ensuring that the user does not 'publish' on his own copies by gaining access to the information in decrypted form. But what's really protected here are the keys. That's the special trick. And this restriction is just like any other you face with the books on your self at home. You 'own' the copy but you do not 'own' the material itself. Since it's simply cached and filtered, there's no 'embeddedness' problem that he alludes to. (I think this kills his development tools objection too, but if you disagree you can write to me. The barriers to entry in the computer programming industry are interesting in themselves). Telerights adds no new restrictions on copyright ownership and, indeed, stands to make many things possible again that currently are not (namely the renting of software). Readers are, of course, free to believe Mr. Bell's characterization if they wish but consider the consequences of not understanding the stakes and the legal terrain. While an allowance for temporary browsing has been made in the law, it's still quite possible that permanent downloads of files and other materials will not be permitted. Of course this isn't technically feasible, but that didn't stop Hollywood from getting the flawed DVD spec pushed down everyone's throat. The practical market result would most likely be just what Hollywood wants and is accustomed to: free content supported through channel subscriptions or funded by advertising. As a small author, I'd rather not have to be forced into those kinds of alliances to sell my products. What novelist wants to write something controversial and then go hunting for an advertiser? (This screening of _Seven_ is brought to you by McDonald's...) As to the means of doing this... >You cannot simply legislate a thing to be so; you must consider your >ability to enforce it, and the consequences of attempting to do so. >The same goes double for trying to use the market, or the tort system, >to accomplish a similar goal. I do not propose additional legislation. I leave it up to Congress. In fact if you read the letter closely, you'll notice I call for a moratorium on further alterations to the copyright code until the market can sort these issues out. As to the issue of "trying to use the market," I must confess it's a desperate, last resort on my part. I've tried appealing to the Central Directorate of the People's Proletariat, but they seemed to have already discovered that there's no money in Communism. (A nasty flaw, that.) As to torts, I do wish Mr. Bell would stop confusing me with all these feral lawyers we have running around in Texas. I am not the person who's raised the liability issue here. It is already in play. And it is far from settled. I merely propose that if it's an problem, make it a profitable one for all parties involved. Use it as an incentive. (Rats, there I go getting caught with my pants down, using the market again.) For those of you who may have missed it, ISPs and others are getting themselves kicked around by all the other industries' lobbyists on the Hill. Computer makers haven't fair much better in the DVD debate. This is not just my opinion. It is the opinion of Bell lobbyists, journalists and even Congressmen. Liability *is* a problem that isn't going to be easily fixed. "Common carrier" status has criteria that are quite difficult to meet and it's anything but a foregone conclusion that ISPs will get it, even in a modified form. Anyone who thinks that is naive, as is anyone who thinks solving the ISP liability problem will solve it for their users as well. It most certainly will not. This might shove it onto the small user with disasterous consequences that Mr. Bell has failed to consider. There are persistent, deep and stubborn problems related to intellectual property and they have everything to do with liability. They always will. Whatever solution that is adopted will revolve around it. Period. It is absurd to debate it further since liability has always been the basis of the copyright system. Back to the issue of watermarks. >If you only distribute a single watermarked version of the data, you may >be able to show, later, that you were the one who originated that >version. There may be other things you can do with digital watermarks, as >well. But, you cannot specify arbitrarily strong properties, and still >expect that such a protocol is still possible. >The above analysis simply indicates that there is no digital watermark >that can be used in the manner described in RPCE. Well, I don't know who this 'you' is and what 'protocol' he is referring to but I'll attempt to address it one more time. 1) Every copy sold has a unique watermark. 2) It cannot be stripped from the data, even when the data is decrypted. 3) Therefore would-be pirates are stuck with it. Indeed, watermarks have no "arbitrarily strong properties" (though I confess I'm taking a guess at what he means here). Watermarks are passive. That is why they cannot be relied on for primary enforcement of strong digital copyrights. Monitoring requires an intrusive auditing process and relies on few market incentives (relative to a telerights model). An example of this enforcement mechanism is BMI's Musicbot which scans web sites for pirated tracks (though I think it's some kind of hash that's used instead of a watermark). Currently, BMI is just notifying violators that they're in trouble. In the future it's possible that they could use such results to initiate law suits and, under a new law proposed in the House, press local DA's to file criminal charges with the evidence. Now this may just be me but personally the thought of somebody's software scanning through *my* copyrighted information to see if I'm pirating theirs is a little daunting. And if this is to be our primary mechanism, it also makes it difficult for a little guy like me to enforce my rights over my own material. What chance do I have of writing a 'bot and getting it to run on everybody's server? Who decides whose 'bots run? (The guys with the most money, maybe?) So ironically (and though he'd deny it), it seems Mr. Bell and I agree on something. I simply happen to think that an automated system of accounting with certain built in legal guarantees is preferable to the current course we're drifting down. Finally, as to my characterization of the forces involved, Mr. Bell states >Well, certainly there are industries with lots of money complaining >loudly about the advent of digital technology. The mere fact that they >are complaining (or even that they have money) doesn't mean that they >should get their way, though. No, it doesn't. Congress decides who gets their way, but it's rather presumptuous to declare that the best argument will win without any support. Although this is a democracy, on a particularly complex and arcane issue like this - even though it affects many individuals - money has an impact. (On the other hand, it would be arrogant to presume that campaigns should be costless too; someone's got to pay). The computer industry is just waking up to this and establishing a lobbying presence and making campaign donations. And you know what? Lobbying *can* be a good thing, despite all the bad press it receives. Lobbying can supply information to our public representatives which helps them craft better laws. It also brings some industries into conflict with others and forces them to understand one another's position. A large part of the CDA problem might have been avoided if the net industry, instead of mobilizing a last minute brow-beat your Congressman campaign, had gone behind the scenes from the start, accepted some of the concerns involved and tried to work something out. Politics is about compromise. Which brings me to my final point. We shouldn't expect everybody to be universally delighted at the prospect of being forced to live with a dilemma we were never able to fix for ourselves. Saying that >Software piracy of various sorts isn't a new problem, and the software >industry functions without a complete solution and that therefore the entertainment industry should just have to live with the problem like everyone else on a similar scale is ludicrous. It stirs up the same kind of opposition (and money) that Mr. Bell has just dismissed as so ineffective. This is exactly the type of thinking that has landed us at this impasse. The net community has got to be more sensitive to other concerns, like those of the entertainment industry, and be willing to compromise. 'We' do not own their intellectual products and though we profess to know this, they read such statements in an entirely different light. And while it is not fair for some in Hollywood to liken lawyers opposed to revising the copyright code to Communists, we for our part have got to stop giving fuel to their fire. ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 4--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.85 ************************************