Mandatory internet filtering – I actually thought this issue was over with, but it appears I was wrong.

If you’re not already aware of the issue (which is probably unlikely), there’s a factsheet from GetUp

The latest news here is that the secret blacklist (which is secret – Freedom of Information laws have been modified to deny any kind of public oversight) has been leaked, and contains all kinds of nasty stuff, but also a fair amount of relatively benign stuff: “a slew of online poker sites, YouTube links, regular gay and straight porn sites, Wikipedia entries, euthanasia sites, websites of fringe religions such as satanic sites, fetish sites, Christian sites, the website of a tour operator and even a Queensland dentist.” The Age

The general concern is that this would be a secret, unaccountable system, a ‘loaded gun’ that could too-easily be subverted (Thailand’s internet content was originally intended just to filter out child pornography, but is now apparently used to silence sites that criticise the royal family). No western democracy has gone down this path before. Already it has been reported that there’s very little accountability to the blacklist administration process (“They have absolutely no review process whatsoever; the decision to ban content is final, and there is no judicial oversight. The decision is made by a single ACMA staffer, even someone part of a graduate process…” The Age)

That’s the worst of it – there’re other issues about the filter raising the cost of Internet access, and slowing down the Internet ‘up to 87%’.

GetUp has a petition in progress – I recommend that you sign it, if you feel so inclined:

If you’re as angry about this stuff as I am, I recommend writing a letter to Senator Conroy, as well (I wrote this one). His email address is minister@dbcde.gov.au.

Wikileaks, the website set up to hold documents submitted anonymously by whistleblowers, has apparently been brought to its knees by the huge number of requests from people looking at the leaked blacklist. Does anyone else find it hilarious that the very content the government has been trying to censor has now had a huge spotlight focused on it? Oh, man…

The summary on the Wikileaks page regarding the ACMA’s blacklist is worth a read, too. “…History shows that secret censorship systems, whatever their original intent, are invariably corrupted into anti-democratic behavior.”

With the advent of the ‘information age’, unauthorised reproduction of copyrighted works has become far easier. The tools to reproduce such material in any desired form are freely available, as are tools to distribute this material to others all over the world. Piracy is commonplace, with use of interned-based file sharing systems such as Kazaa and eDonkey becoming vastly widespread. 2003 revealed software piracy losses of $341 million AUD in Australia, and $6,496 million AUD in the United States (Australian Institute of Criminology).

In an environment where, feasibly, only one individual needs to purchase a copy of a work to enable the whole world to gain access, various industries – such as the music, film and software industries – are growing increasingly concerned.

An international treaty drafted by the World Intellectual Property Organisation (WIPO), defined a requirement that participating parties “provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty…” (WIPO Copyright Treaty, Article 11). In order to implement this requirement, the Digital Millennium Copyright Act (DMCA) was signed into U.S. law on October 28, 1998.

The controversial act, labeled by some as unconstitutional and a threat to public liberty and free speech, states that “No person shall circumvent a technological protection measure that effectively controls access to a (protected work)” (DMCA, Section 103). It constitutes a protection of software that restricts access to copyrighted material, and outlaws any effort to circumvent this software.

Since coming into effect, the DMCA has been frequently drawn upon for purposes outside of the original expected scope of the Act. In several instances, it has been used by companies to suppress the publication of research into security flaws in their products. Prominent security and cryptology researchers are now choosing to leave their fields out of fear of the DMCA, and security conferences are leaving the U.S. for safer countries.

The DMCA has been used by Sony to maintain a monopoly over production of Playstation console games, Adobe and the U.S. Government have attacked a Russian company for writing software that enables eBooks to be read on braille displays, and a student has been taken to court after submitting a post online explaining that holding down the Shift key disables copy protection on some audio CD’s.

Contrary to the expectations of Congress, the DMCA, as stated by the Electronic Frontier Foundation, “Chills free expression and scientific research”, “jeopardizes fair use”, and “impedes competition and innovation” (EFF, ‘Five Years under the DMCA’).

Dimitry Skylarov

Russian programmer Dimitry Sklyarov was arrested and jailed for breach of the DMCA in 2001, a criminal charge, launching a high-profile case that was the first instance of the U.S. government’s prosecution of a software development company for creating a system for circumvention of a technological protection.

Sklyarov and his employer, ElcomSoft, had created a system that was able to convert the encryption-protected Adobe e-Books into the standard Adobe PDF format. This converted file could then be used to read the book on a braille display, read the text aloud using a text-to-speech engine, print the book out for reading away from the computer, or simply to retain a non-encrypted copy of the book that doesn’t require a specific piece of software to read it.

It could also be used to make unencrypted copies for unauthorised redistribution, although Sklyarov and ElcomSoft were never accused of doing so, or accused of creating the software with this purpose in mind.

Following a notification from Adobe regarding the software, the U.S. government, the plaintiff, arrested Sklyarov in Los Vegas, on a visit to the U.S. to attend a technical conference, and jailed him for 22 days until release on bail of $50,000. Adobe eventually withdrew their complaint, and the U.S. Government ultimately dropped the charges against Skylaro and allowed him to return home to Russia, on the condition that he testify against his employer.

Groups supporting the U.S. Government in its prosecution (namely e-Book publishers) maintain that the activities of the Russian programmer and software development company are unethical and their prosecution under the DMCA is correct. In a press release, Patricia Schroeder, president and CEO of the American Association of Publishers, stated “It’s only common sense to expect that, if the public wants desirable books to be available online and through other digital media like the Adobe Reader, the authors and publishers who have the legal rights to commercially exploit such works in the global digital marketplace must have reasonable assurances that the market value of their works can be protected from the extraordinary risks of illegal reproduction and distribution that are made possible by the capabilities of digital media.” (Ebookweb) These responses are to be expected, yet they fail to take into account the price of these assurances. This legal protection hardly seems worthwhile if the cost is the loss of the right to ‘fair use’, or the right to free speech.

The software created by Sklyarov and ElcomSoft is entirely legal in their home country, Russia. Sklyarov’s case was complicated by the fact that he is not a U.S. citizen. The activities that made him a criminal in the U.S. were perfectly legal in Russia; He did not necessary even know these activities were illegal in the U.S. This raises questions about jurisdiction as well as questions about the breadth of the DMCA.

The sole purpose of the software was to reinstate the ‘fair-use’ rights that are removed by the protection systems. The fact that a programmer can be jailed for development of software that extends the usefulness of a product is highly surprising and disturbing. Many groups maintain that it is a flaw of the DMCA that allowed the prosecution of Sklyarov and ElcomSoft. The unprecedented broadening of the copyright laws that the DMCA represents is stifling the development of useful technologies by making criminals out of developers.

It is disturbing also that the charges brought against Sklyarov were criminal, not just civil. Such a serious charge hardly matches the ‘crime’. This case shows the DMCA is not only an over-broadening of the copyright laws, but an over-deepening too, permitting alleged infringements to be treated as criminal.

Beausoft

In August 2001, New Zealand software company Beausoft updated its web-cam viewer software to maintain functionality, after Silicon Valley webcam site operator SpotLife changed their system. Shortly afterwards, Beausoft’s owner Bob Prangnell received threats of legal action under the DMCA from SpotLife.

SpotLife, who have since been acquired by Logitech, stated that Prangnell had “broken their protection scheme” (NZ Herald). Prangnell was forced to comply and remove the new additions to his software.

This case again raises questions about jurisdiction: Whether or not a law such as the DMCA should be applicable internationally is a question that appears to have an obvious answer, and yet the DMCA continues to threaten non-U.S. citizens.

The main point of interest in Beausoft’s case is the enormous breadth of power given to SpotLife by the DMCA. That Beausoft’s activities can constitute circumvention of copyright protection measures is a clear indication that the Act is vague and overly broad. SpotLife threatened Prangnell in an attempt to protect their highly inadequate security measures, arguably a easier and cheaper response than redesigning their system security. It is disturbing that the DMCA is usable for these ends, as it immediately suppresses any research into system security. The result of this is that security measures never undergo lawful and open external scrutiny, resulting in poor, untested systems.

DeCSS

In 1996, the proprietary DVD copy protection scheme known as CSS – Content- scrambling system – was introduced. CSS is an encryption protection mechanism that makes uses of key-based encryption. Player manufacturers are licensed with a player key, which is used to decrypt the video stream on the disc, using a disc key. A department of the Motion Picture Association of America (MPAA), named the DVD Copy Control Association (DVD-CCA) licenses these player keys for a fee.

After the DVD-CCA refused to license a key to the open source community to enable development of open source players, 16 year old Norwegian programmer Jon Johanson reverse-engineered the CSS system, and posted the resulting source code, entitled ‘DeCSS’ on a message board. This system allows DVD owners to view their DVDs under Linux, and extend their usefulness.

Following the original posting of the DeCSS code, others distributed it elsewhere, or created hyperlinks to the code. Soon afterwards, around the beginning of 2000, the MPAA began legal action against website owners, magazines, and DeCSS T-Shirt retailers, under the DMCA. (It is an amusing side note that a legal submission by DVD- CCA President John Hoy contained the entirety of the DeCSS source code, open to the public.) CSS does not stop piracy, as DVD pirates are able to simply copy the encrypted DVD, which can be played in an authorised player, just like the original. It allows tight controls to be placed on how a DVD is used, in theory limiting the ease with which DVDs can be copied and distributed.

Following the initial legal action against those providing access to the DeCSS code, many others protested by posting the code up in a variety of novel ways. A 456-stanza haiku, with lines of five, seven and five syllables, was written (decss-haiku, along with several recorded songs.

These productions explored the extent of the DMCA, and existed to test the boundaries of ‘speech’: Does a poem, song or T-shirt expose the author to prosecution through the DMCA?

More central to the debate is that of ‘fair use’ rights. As in Sklyarov’s case, there was never any intention to pirate DVDs. DeCSS was developed to enable users of unsupported operating systems like Linux to watch legally purchased DVDs. This is entirely within the ‘fair rights’ boundaries laid down by copyright law, and yet falls foul of the DMCA because of the circumvention provisions.

OPG vs. Diebold

Diebold Election Systems are developers of U.S. electronic voting systems, responsible for approximately 80% of U.S. election votes counted. After a security leak in 2003, a large quantity of internal documentation was distributed online by various groups. This documentation included staff communications, and bug tracker lists, documenting some outstanding and as yet unfixed critical system security bugs. It revealed gross system insecurity, including the fact that the entire system is based on a Microsoft Access database with no sanity checking systems in place. With physical access to a computer running Diebold’s system, it is a simple matter to modify the total vote counts, while keeping the change entirely untraceable.

Diebold began attempts to stop the circulation of the documentation by launching legal action against Online Service Providers hosting websites containing the documents, citing breach of the ‘Online Copyright Infringement Liability Limitation Act’ provisions of the DMCA, that represent ‘safe harbour’ to online providers if they take down offending material.

Non-profit provider OPG, along with two students hosting the material, fought back, with the not inconsiderable legal support of the Electronic Frontier Foundation (EFF), amidst a host of support from many other groups. Recently, in October 2004, Diebold’s use of the DMCA was found to be unlawful, and charges were dropped. Although this case ended well, and good precedents have been set, it remains a concern that the potential to suppress this free speech lies within the DMCA. The Wikipedia article on Diebold Election Systems states that the ruling that Diebold’s prosecution was unlawful “was surprising to some scholars”, as Diebold “actually had valid copyrights to some of the memos”. There was a possibility that the ruling could’ve gone in Diebold’s favour, as the ‘fair use’ policy under which the memos would fall is a grey area. The victory was not at all assured, and subsequent cases may have different outcomes. Diebold attempted to use the DMCA to suppress information regarding their serious security flaws. This is clearly outside of the original intended scope of the DMCA, demonstrating that the Act is vague and overly broad. The insecurity of this critical system caused controversy enough, but the possibility of future information like this being suppressed with the DMCA is deeply worrying.

Comments

The purpose of copyright laws are to encourage and support creativity, to reward artists and developers by enabling them to profit from their efforts. The DMCA was formed in an attempt to maintain this concept, by keeping up with technological advances which make the task of protecting copyright much more difficult.

The DMCA represents a broadening of copyright laws, giving unprecedented control to copyright owners, providing legal support for copyright protection measures. Rights owners can now add systems to restrict access to legally purchased works, thereby entirely controlling usage, in theory. Any attempt to get around these mechanisms is a criminal offense. The DMCA consequently also protects the manufacturer of a defective product by making it illegal to demonstrate the product’s defects.

The Act has nevertheless received some support. It has been praised as an appropriate and necessary response to technological advances. In an article written by Raymond T. Nimmer, a law professor at the University of Houston, the DMCA is described as seeking to “restate the balance (of copyright law) and to restore the incentives promoting innovation and creative works” (R. Nimmer). Nimmer addresses one of the primary concerns of those opposed to the DMCA, the suppression of free speech, by stating that most DMCA-related cases do not involve speech, and those that do are constitutionally restricted to have a minimal impact on speech.

What these arguments fail to address is the nature and importance of speech itself. As stated by DMCA opposition group Anti-DMCA, “Mathematicians use symbols. The Deaf speak with their hands. Programmers speak in code.” (anti-dmca.org). In order to accurately pass on a concept, verbal communication (“speech”) does not necessarily suffice, and more precise communication methods are required. It has been argued that the suppression of code is suppression of speech.

The Act has received far more public opposition than support. Many groups have sprung up, claiming the DMCA is unconstitutional, suppresses free speech, and has a chilling effect on research and development.

One particular concern is that by rendering research into existing security measures illegal, security will be compromised by lack of testing. Instead of permitting open debate over a system’s security, the DMCA suppresses any discussion. This will ultimately have a negative impact on security, as system flaws are discovered by those who seek to exploit them, as opposed to those who are willing to share their discovery so a solution can be found. In this respect, the DMCA is highly counter-productive.

In the few years that the DMCA has been in effect, many cases have demonstrated that the Act is a sloppy, overly broad and vague piece of legislation. Vague laws have their highest negative impact on small groups, who lack the resources for a legal battle. As shown by Beausoft’s plight, even though it appeared clear that the threats were unjust and legally shaky, Beausoft’s owner Bob Prangnell lacked the resources to fight. Consequently, the DMCA places an extraordinary amount of power in the hands of larger companies, who may make use of it for unethical purposes.

The same applies to other anti-circumvention laws, like those incorporated in to Australia’s Digital Agenda Act of 2001, which states “it is illegal to make or deal commercially in devices or services that have only a limited commercial purpose other than the circumvention of technological copyright protection measures.” The Open Source community is particularly concerned over these laws. If Jon Johansen, author of DeCSS, were stopped by the DMCA, Linux would not have DVD playing capabilities, a huge hit to usability, when comparing functionality with that of Microsoft Windows, or Mac OS X.

Many users wish to explore other non-standard avenues of usage of purchased materials, and wish to tinker with hardware and software they own. They may want to take an eBook, convert it to plain text, and have it read aloud by a text-to-speech engine, or extract copy-protected CD tracks for listening without the necessity of carrying a CD. Anti-circumvention laws would make all of this illegal, regardless of fair use rights. The DMCA and other anti-circumvention laws are inappropriate and ‘overkill’ responses to a changing technological environment. The entire paradigm of selling physical items such as books or records, is no longer applicable to today’s ‘digital age’, where we can carry books on our mobile phones, or our entire music collection on a small digital player in our pocket.

Many groups have proposed other ways to ensure artists and developers are financially awarded for their creativity. Advertising-based systems have already been established, where artists are paid by the fees from site advertisers. Donation systems have been set up also, where fans can use online payment gateways to leave a donation. Opt-out donation systems have also been proposed, where listeners have the choice not to leave a donation.

There are current movements to reform the DMCA. U.S. Rep. Rick Boucher’s Digital Media Consumers’ Rights Act (DMCRA) seeks to repair the flaws in the DMCA, to reinstate fair rights and free speech. The DMCRA “reaffirms Fair Use”, thereby permitting circumvention of technological measures, provided this does not result in copyright infringement. It also “restores valid scientific research”, by allowing production of tools for “scientific research into technological protection measures”. With the good precedents that have been set in the cases that have arisen in the five years since the Digital Millennium Copyright Act came into effect, and the possibilities of future reform, the future is not entirely bleak. Courts thus far have made reasonable rulings, and will likely continue to do so.

Although the DMCA and similar laws are worrying, they are likely to be refined over time to form a compromise between the rights of artists, publishers and developers, and the rights of the public.

Michael Tyson, 2004

Resources

U.S. Copyright Office, WIPO Copyright Treaty

http://www.aic.gov.au/topics/cybercrime/stats/piracy.html

http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act

http://en.wikipedia.org/wiki/DeCSS

http://en.wikipedia.org/wiki/Diebold_Election_Systems

http://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act

http://en.wikipedia.org/wiki/Digital_Media_Consumers%27_Rights_Act

United States Digital Millennium Copyright Act of 1998

http://www.eff.org/IP/DMCA/?f=unintended_consequences.html

http://www.eff.org/legal/ISP_liability/OPG_v_Diebold/

http://www.house.gov/boucher/docs/dmcrahandout.htm

Nimmer, Raymond T., “First Amendment Speech and The Digital Millennium Copyright Act: A Proper Marriage” . COPYRIGHT AND FREE SPEECH – COMPARATIVE AND INTERNATIONAL ANALYSES, Jonathan Griffiths, Uma Suthersanen, eds., Oxford University Press, February 2005 http://ssrn.com/abstract=572886

Larry Lessig, “Jail time in the Digital Age”, July 2001, http://www.eff.org/IP/DMCA/US_v_Elcomsoft/20010730_lessig_oped.html

Electronic Book Web, Wade Rousch,“Publishers Split on Sklyarov Case”, 2001 http://12.108.175.91/ebookweb/stories/storyReader$89

http://anti-dmca.org

New Zealand Herald, Adam Gifford, “NZ software developer bows to US threat of legal action”, August 2001

http://www.nzherald.co.nz/storydisplay.cfm?storyID=211491

Scoop, Bev Harris, “Inside a U.S. Election Vote Counting Program”, July 2003 http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

Linux Australia, “DMCA and the Open-Source Community” http://old.linux.org.au/papers/no-dmca.html

DMCRA http://www.house.gov/boucher/docs/dmcrahandout.htm

• Start a private criminal investigation against you
• Force your ISP to release your personal information (although there’s no guarantee that an IP address associated with the activities in question directly relates to your activity)
• Freeze your bank account and seize your home (allowing them to search the premises)
• Threaten you with court action unless you pay a tens-of-thousand-USD fine
• Take you to court “where you’ll have to prove your innocence without a lawyer by your side since you can’t afford one, because they froze your bank account”
• Collect their enormous damages, and charge you for the legal fees

Read the full article, and the preceding introduction for more.

Jesper outlines some specific nasties about the IPRED EU directive, but essentially we’re at least looking at a breach of “several human rights, including the rights to privacy and due process”. We’ve had some pretty nasty laws thrust upon us in the name of Big Content recently, but this one is absolutely insane. How far are governments going to go with this? I’m reminded of the Mars series by Kim Stanley Robinson, set in the future, where countries and governments are more-or-less irrelevant, and the real powers are the big ‘multinationals’, immense international corporations who have sweeping powers, including their own militaries.

If this law actually remains in place, and is used, it will be very interesting to see what happens. As my partner Katherine commented, surely a citizen looking down the barrel of this baby can take the matter to the EU, citing human rights infringement – assuming Sweden has signed a human rights convention.

So, sites like Gizmodo that require an ‘invitation’ to get an account to post comments are quite annoying. Disallowing any rebuttal or discussion, except to those one deems worthy, seems very un-democratic!

Anyway, what put me on to this rant was this article on flexible LCD screens, which demands a comment, after their statement regarding being one step closer to the “Holy Grail of electronic displays: crumpling them up throwing them in the trash like basketballs”:

Who on earth wants to do that? How is the ability to throw away flexible screens, thereby creating more e-waste, a Holy Grail? Unless it’s just me, that seems to entirely defeat the purpose of reusable ‘E-paper’, apart from the obvious environmental issues of yet more non-biodegradable waste.

We live in such an irresponsible culture!

The privacy ramifications here are extremely worrying. Web searching is something we all do, and for some of us, often reveals all kinds of intimate details about our lives. That this search history is recorded at all is, if I may say so, an abomination; but that this was carelessly leaked by AOL is very worrying. And yes, even Google record search queries (they’re just a little more careful with it).

The appeal to government and ‘law enforcement’ groups is obvious, which makes this even more dangerous. While Google resisted the Justice Department’s subpoena, the other search engine’s capitulated.

Particularly worrisome is the international nature of many of these search engines, with data centres located outside regions that are protected by various privacy laws. Only recently, Yahoo cooperated with the Chinese government in revealing the identity of a Chinese journalist who had distributed a warning from the Chinese government about the reporting on sensitive local issues; the journalist is now serving a 10 year prison sentence.

Yahoo was forced by the local laws to cooperate with the Chinese government. While one may assume that this only affects local users, it’s quite common for data to be mirrored at several sites, ensuring adequate redundancy should a site be compromised and its data lost. Thus, it’s quite possible that Australian and American search history is stored in regions where the Government has complete control over access to this data.

The Chinese incident is sinister enough, but this is probably just the beginning.

Consequently, the EFF (Electronic Frontier Foundation) have published an article with a few notes on how to maximise your privacy when using search engines.

Some points are:

• Don’t put personally-identifying information in your searches
• Don’t log in to a search engine account
• Don’t accept cookies from your search engine

They are worth reading through; in particular, there’s some directions for Firefox users on how to configure an extension to increase your anonymity with Google searches.

Even if you don’t follow those suggestions, I recommend regularly clearing out your Google cookies. These cookies provide Google and other search engines with a link between your search queries – an identifier that ties them together. By clearing these cookies out regularly, you sever the link between past queries and future queries. In particular, do this before embarking on a particularly sensitive search.

To remove cookies in Firefox:

1. Bring up Firefox Preferences (on a Mac, click the ‘Firefox’ menu at the top left, then ‘Preferences’)
2. Click the ‘Privacy’ icon
3. Click the ‘Cookies’ tab
4. Click ‘View Cookies’, bottom left
5. Type ‘google’ in the search bar, and remove all related cookies by selecting them and clicking ‘Remove Cookies’

In Safari:

1. Bring up Safari Preferences (‘Safari’ menu, ‘Preferences’)
2. Click the ‘Security’ icon
3. Click ‘Show Cookies’
4. Scroll down to the Google cookies, select them, and press ‘Remove’

Instructions for Internet Explorer are here (If you are using Internet Explorer, it is recommended that you switch to Firefox, which offers increased security and stability. Honestly.).

Alternatively, just delete all cookies, which probably can’t hurt.