November 28, 2024

Posts Comments

My Morning Pick-Me-Up

January 19, 2005 by

First thing this morning, I’m sitting in my bathrobe, scanning my inbox, when I’m jolted awake by the headline on a TechDirt story:

California Senator Wants to Throw Ed Felten in Jail

I guess I’ll take the time to read that story!

Kevin Murray, a California legislator, has introduced a bill that would fine, or imprison for up to one year, any person who “sells, offers for sale, advertises, distributes, disseminates, provides, or otherwise makes available” software that allows users to connect to networks that can share files, unless that person takes “reasonable care” to ensure that the software is not used illegally. TechDirt argues that my TinyP2P program would violate the proposed law.

Actually, the bill would appear to apply to a wide range of general-purpose software:

“[P]eer-to-peer file sharing software” means software that once installed and launched, enables the user to connect his or her computer to a network of other computers on which the users of these computers have made available recording or audiovisual works for electronic dissemination to other users who are connected to the network. When a transaction is complete, the user has an identical copy of the file on his or her computer and may also then disseminate the file to other users connected to the network.

That definition clearly includes the web, and the Internet itself, so that any software that enabled a user to connect to the Internet would be covered. And note that it’s not just the author or seller of the software who is at risk, but also any advertiser or distributor. Would TechDirt be committing a crime by linking to my TinyP2P page? Would my ISP be committing a crime by hosting my site?

The bill provides a safe harbor if the person takes “reasonable care” to ensure that the software isn’t used illegally. What does this mean? Standard law dictionaries define “reasonable care” as the level of care that a “reasonable person” would take under the circumstances, which isn’t very helpful. (Larry Solum has a longer discussion, which is interesting but doesn’t help much in this case.) I would argue that trying to build content blocking software into a general-purpose network app is a fruitless exercise which a reasonable person would not attempt. Presumably Mr. Murray’s backers would argue otherwise. This kind of uncertain situation is ripe for intimidation and selective prosecution.

This bill is terrible public policy, especially for the state that leads the world in the creation of innovative network software.

Filed Under: Uncategorized Tagged With:

Enforceability and Steroids

January 18, 2005 by

Regular readers know that I am often skeptical about whether technology regulations can really be enforced. Often, a regulation that would make sense if it were (magically) enforceable, turns out to be a bad idea when coupled with a realistic enforcement strategy. A good illustrative example of this issue arises in Major League Baseball’s new anti-steroids program, as pointed out by David Pinto.

The program bars players from taking anabolic steroids, and imposes mandatory random testing, with serious public sanctions for players who test positive. A program like this helps the players, by eliminating the competitive pressure to take drugs that boost on-the-field performance but damage users’ health. Players are better off in a world where nobody takes steroids than in one where everybody does. But this is only true if drug tests can accurately tell who is taking steroids.

A common blood test for steroids measures T/E, the ratio of testosterone (T) to epitestosterone (E). T promotes the growth and regeneration of muscle, which is why steroids provide a competitive advantage. The body naturally makes E, and later converts it into T. Steroids are converted directly into T. So, all else being equal, a steroid user will have higher T/E ratio than a non-user. But of course all else isn’t equal. Some people naturally have higher T/E ratios than others.

The testing protocol will set some threshold level of T/E, above which the player will be said to have tested positive for steroids. What should the threshold be? An average value of T/E is about 1.0. About 1% of men naturally have T/E of 6.0 or above, so setting the threshold at that level would falsely accuse about 1% of major leaguers. (Or maybe more – if T makes you a better baseball player, then top players are likely to have unusually high natural levels of T.) That’s a pretty large number of false accusations, when you consider that these players will be punished, and publicly branded as steroid users. Even worse, nearly half of steroid users have T/E of less than 6.0, so setting the threshold there will give a violator a significant chance of evading detection. That may be enough incentive for a marginal player to risk taking steroids.

(Of course it’s possible to redo the test before accusing a player. But retesting only helps if the first test mismeasured the player’s true T/E level. If an innocent player’s T/E is naturally higher than 6.0, retesting will only seem to confirm the accusation.)

We can raise or lower the threshold for accusation, thereby trading off false positives (non-users punished) against false negatives (steroid users unpunished). But it may not be possible to have an acceptable false positive rate and an acceptable false negative rate at the same time. Worse yet, “strength consultants” may help players test themselves and develop their own customized drug regimens, to gain the advantages of steroids while evading detection by the official tests.

Taking these issues into account, it’s not at all clear that a steroid program helps the players. If many players can get away with using steroids, and some who don’t use are punished anyway, the program may actually be a lose-lose proposition for the players.

Are there better tests? Will a combination of multiple tests be more accurate? What tests will Baseball use? I don’t know. But I do know that these are the key questions to answer in evaluating Baseball’s steroids program. It’s not just a question of whether you oppose steroid use.

Filed Under: Uncategorized Tagged With:

CBS Tries DRM to Block Criticism of Rathergate Report

January 14, 2005 by

Last week the panel investigating CBS’s botched reporting about President Bush’s military service released its report. The report was offered on the net in PDF format by CBS and its law firm. CBS was rightly commended for its openness in facing up to its past misbehavior and publicizing the report. Many bloggers, in commenting on the report and events that led to it, included quotes from the report.

Yesterday, Ernest Miller noticed that he could no longer copy and paste material from the report PDF into other documents. Seth Finkelstein confirmed that the version of the report on the CBS and law firm websites had been modified. The contents were the same but an Adobe DRM (Digital Restrictions Management) technology had been enabled, to prevent copying and pasting from the report. Apparently CBS (or its lawyers) wanted to make it harder for people to quote from the report.

This is yet another use of DRM that has nothing to do with copyright infringement. Nobody who wanted to copy the report as a whole would do so by copying and pasting – the report is enormous and the whole thing is available for free online anyway. The only plausible use of copy-and-paste is to quote from the report in order to comment, which is almost certainly fair use.

(CBS might reasonably have wanted to prevent modifications to the report file itself. They could have done this, within Adobe’s DRM system, without taking away the ability to copy-and-paste material from the file. But they chose instead to ban both modification and copy-and-paste.)

This sort of thing should not be a public policy problem; but the DMCA makes it one. If the law were neutral about DRM, we could just let the technology take its course. Unfortunately, U.S. law favors the publishers of DRMed material over would-be users of that material. For example, circumventing the DRM on the CBS report, in order to engage in fair-use commentary, may well violate the DMCA. (The DMCA has no fair-use exception, and courts have ruled that a DMCA violation can occur even if there is no copyright infringement.)

Worse yet, the DMCA may ban the tools needed to defeat this DRM technology. Dmitry Sklyarov was famously jailed by the FBI for writing a software tool that defeated this very same DRM technology; and his employer, Elcomsoft, was tried on criminal charges for selling fewer than ten copies of that tool.

As it turns out, the DRM can apparently be defeated easily by using Adobe’s own products. A commenter on Seth’s site (David L.) notes that he was able to turn off the restrictions using Adobe Acrobat: “The properties showed it set to password security. I was goofin around and changed it to No Security adn it turned off the security settings. I then saved the pdf and reopened it and the security was gone…. Apparently forging documents is not all that CBS sucks at.”

UPDATED (12:35 PM) to clarify: changed “cut-and-paste” to “copy-and-paste”, and added the parenthesized paragraph.

Filed Under: Uncategorized Tagged With:

French Researcher Faces Criminal Charges for Criticizing Antivirus Product

January 13, 2005 by

Guillaume Tena, a researcher also known as Guillermito, is now being tried on criminal copyright charges, and facing jail time, in France. He wrote an article analyzing an antivirus product called Viguard, and pointing out its flaws. The article is in French, and standard online translators seem to choke on it. My French is poor at best so I have only a general idea of what it says. But it sure looks like the kind of criticism a skeptical security researcher would write.

This is a standard legal-attack-on-security-researcher story. Company makes grand claims for its product; security researcher writes paper puncturing claims; company launches rhetorical and legal attack on researcher; researcher’s ideas get even wider attention but researcher himself is in danger. Everybody in the security research field knows these stories, and they do deter useful research, while further undermining researchers’ trust in unsupported vendor claims.

At least one thing is unusual about Tena’s legal case. Rather than being charged with violating some newfangled DMCA-like law, he is apparently being charged with old-fashioned copyright infringement (or the French equivalent) because his criticism incorporated some material that is supposedly derivative of the copyrighted Viguard software. Unlike some previous attacks on researchers, this one may not have been enabled by the recent expansion of copyright law. Instead, it would seem to be enabled by a combination of two factors: (1) Traditional copyright law allows such a case to be brought, even though Tena had not caused the kind of harm that copyright law is supposed to prevent; and this allowed (2) a decision by the authorities to single him out for prosecution because somebody was angry about what he wrote.

It’s bad enough that Tegam, the company that created Viguard, is going after Tena. Why is the French government participating? Here’s a hint: Tegam’s statement plays on French nationalism:

TEGAM International has for many years been the only French company to design, develop, market and provide support for antivirus and security software in France. It has chosen a global approach to security, not relying on signature updates [a method used by the most popular U.S. antivirus products].

In the software sector, everybody knows that some people would like to exert their technological domination, and as a result crush any attempt to create an alternative. As the battle goes on to try to preserve and strengthen research in France, TEGAM International defends its difference and the results of its own research.

Filed Under: Uncategorized Tagged With:

Patent Holding Companies

January 12, 2005 by

Lately we’ve seen many complaints about the proliferation of patent holding companies, which buy patents, usually from small inventors, and then try to extract royalties, by negotiation or lawsuit, from companies that (allegedly) use the patented inventions. Often this is depicted as some kind of outrage. But from a policy standpoint I don’t see a problem.

Now perhaps you believe that the patent system is irretrievably broken and ought to be scrapped or severely reformed. Perhaps you think it should be harder to bring patent lawsuits. If that’s your position, then your policy effort should be spent on reforms that apply to all patent owners and all lawsuits, and not just on holding companies. Why focus specially on patent activity by holding companies, unless your goal is to disadvantage small inventors?

If, on the other hand, you buy into the goals of the patent system, and you think that the system, though imperfect, generally works, then it’s hard to see the problem with holding companies. It seems sensible that the financial return for an invention ought to be the same, whether the inventor works for a big company or freelances in his garage. If the invention really is novel, non-obvious, and useful, then the inventor is entitled to reasonable royalties from people who use the patented technology. Why should small inventors face barriers that large inventors don’t?

An inventor’s ability to negotiate royalties depends, ultimately, on the threat that he will bring a lawsuit if the company using the invention doesn’t agree to pay. Patent litigation is costly and time-consuming, especially if the defendant is using delay tactics. A freelance inventor can’t credibly threaten to bring a suit without financial backing from somebody else. Litigation is risky, too, and the inventor may be risk-averse. The company using an invention knows these things, so a freelance inventor’s lawsuit threat won’t have much credibility, even if the suit would have merit. And so the freelance inventor won’t be able to extract the royalties that a deeper-pocketed inventor could. It’s often argued that the patent system unfairly favors large companies, for precisely this reason.

Why not allow an outside firm to invest in small inventors’ patents, so as to provide the financial resources to support a potential suit and to absorb the risk? Coming from such a firm, a lawsuit threat would have suitable deterrent value. And so, most importantly, suchs will bid against each other for small inventors’ patents. Holding companies can level the playing field by helping small inventors extract the true value of their inventions.

Beyond this, holding companies may develop expertise in patent valuation or negotiating royalties. Holding companies that specialize in valuation and revenue-extraction allow small inventors to specialize in what they do best, which is inventing. This would mirror the structure in large companies, where one subgroup of people handles invention and another handles revenue-extraction. Why treat the small inventor differently from the large one?

Though there is no good policy argument for disadvantaging small inventors, we may see such changes anyway, due to rent-seeking by large companies. Those who support rational patent policy should focus on setting up the right patent rules (whatever they are), and applying those rules to whoever happens to own each patent.

Filed Under: Uncategorized Tagged With: