November 24, 2024

Pavlovich Decision

The California Supreme Court has ruled that Matt Pavlovich can’t be sued in California state court for posting DVD decryption software (though he can probably be sued elsewhere). Apparently, the key issue was whether Pavlovich’s knowledge that his action would affect California companies was by itself enough to give California courts jurisdiction. The Court ruled that it was not.

Denise Howell at Bag and Baggage has a quickie analysis of the opinion.

The Slashdot Effect

I read Slashdot every day. It’s one of the best sources for tech news, and it contains many nuggets of useful information and informed commentary. If anything interesting happens in the tech world, Slashdot will discuss it.

Sadly, the treasures of Slashdot are often buried in a vast wasteland of speculation, misinformation, and irrelevant blathering. For example, the commentary on yesterday’s California Supreme Court ruling on the Pavlovich case includes this gem, contributed by an “Anonymous Coward:”

Livid was fully functioning as was DeCSS BEFORE nov 30th 1999.

DMCA does not cover software or hardware created BEFORE the begginning of 2000.

This is a fact.

DMCA will NEVER have any bearing on the original frozen sources of Nov 1999 Livid …

DMCA start date was a few months too late.

Despite its emphatic tone, this posting is just wrong: the relevant portions of the DMCA went into effect in October 1998. There is nothing in the DMCA exempting programs created before 2000 or 1998 or any other date.

In theory, Slashdot’s collective moderation process is supposed to weed out ill-informed postings by downgrading their scores; but in practice that doesn’t happen as often as one would like. The posting I quoted above has the maximum possible moderation score (5). Worse yet, the moderators have given it the label “Informative”. Readers who trust this posting will be ill-informed at best, and at worst may break the law.

(There is a response comment on Slashdot, written by “Guppy06,” pointing out the inaccuracy. This response has moderation score 3, and label “Interesting.” But an “Anonymous Coward,” perhaps the original poster, disputes Guppy06’s conclusion.)

By this point, I have probably provoked enough flamage to destroy several medium-sized cities. So let me say it again: I like Slashdot. I’m glad I can read Slashdot, and I thank its many well-informed participants for making it worth reading, despite its often depressing signal-to-noise ratio.

Slate: Just Say No to Politics

Slate, a smart online magazine that normally urges citizen involvement in politics, published today a commentary by Paul Boutin, urging citizens who happen to be geeks not to participate in the political process.

Boutin argues (as others have before) that geeks should stick to writing code – that freedom is a Simple Matter of Programming. This was true back when the law ignored technology. Now the danger is different. A ban on broad classes of technology, or on entire areas of development, cannot be programmed around.

Boutin’s argument is especially mystifying when it is applied – as it is by Boutin – to DARPA’s now-famous Total Information Awareness program. According to press accounts, this program would accumulate information about Americans’ commercial transactions, for wide-ranging analysis by law enforcement agencies If you don’t like this program, you can’t stop it by writing code.

It’s easy to make fun of clueless geeks’ pathetic attempts to exert political muscle, like the campaign for Rep. Coble’s libertarian-blogger opponent. It’s clear that we geeks can’t go toe-to-toe with their adversaries. But that isn’t to say that we should just resign themselves to whatever Washington dishes out. The right argument, presented in the right way, can still make a difference.

Boutin is right about one thing: political muscle isn’t the answer. Let’s face it, muscle has never been our strong suit. What we need is to do what we do best: to use our brains.

[Footnote for non-geeks: The phrase “Simple Matter of Programming” is an ironic geek in-joke that geeks like to use to refer to notoriously unsolvable problems. By analogy, the eradication of poverty is a “simple matter of economics,” or achieving world peace is a “simple matter of international relations.”]

DarkNet

Lots of buzz lately about the DarkNet paper written by four Microsoft Research people.

The paper makes a three-part argument. First, there is really no way to stop file sharing, as long as people want to share files. Second, in the presence of widespread file sharing, a copy-prevention technology must be perfect, for the presence in a file sharing environment of even a single uncontained copy of a work enables anyone who wants to infringe its copyright to do so. (This is what I call the “break once, infringe anywhere” model.) Finally, there is little if any hope that a copy-prevention (or “DRM”) technology can be strong enough to prevent the creation of single uncontained copies of works. So the conclusion is that the current DRM approach will not work.

This paper has gotten attention in the policy community because it is well written and makes a compelling argument. But its argument is far from new. Indeed, the paper’s claims have been the consensus of independent security experts for a few years already. You can see this, for instance, in Bruce Schneier’s writing on DRM.

So why has the DarkNet paper gotten this much attention? My guess is that there are two reasons. First, the paper was written by guys from Microsoft Research, and Microsoft has previously taken a pro-DRM position. The paper includes a standard disclaimer saying that it is the opinion of the authors and not of Microsoft. But still it reflects a change. In past years, conference presentations from industrial researchers, both at Microsoft and elsewhere, have shied away from anti-DRM statements, so as to keep their employers happy (although vigorous anti-DRM language could often be heard at dinner afterwards). So non-techies will put more weight on the paper because of its authors’ affiliation.

The second reason for the buzz around this paper is that the “DarkNet” terminology has a certain persuasive power, evoking a subterranean world of illicit activity, a sort of criminal underground of the Net. Although compelling, the “DarkNet” concept is misleading, if it is understood as implying that one can draw a neat line between the “legitimate Net” and the illegal “DarkNet”.

In practice, the same technologies are used to conceal both legal and illegal activity. You can use a safe to lock up either criminal plans or business data. You can use encryption to conceal either copyright infringement or love letters. You can use “sneakernet” (which is a DarkNet technology, according to the paper) to share software illegally with your neighbor, or to give baby pictures to grandparents. Attempts to regulate or ban the DarkNet often affect legitimate networking. Examples of this include both the Hollings CBDTPA, which would have regulate many innocuous devices (as documented in Fritz’s Hit List), and the Berman-Coble “P2P Hacking” bill, which would affect ordinary websites.

On balance, the DarkNet paper will be valuable not because it breaks new ground technically but because of its persuasive power. If it can move the policy debate forward, and onto sounder technical ground, that will be a major achievement.

Crackdown at the Naval Academy

According to The Capital, which appears to be a local newspaper in Annapolis, officials at the Naval Academy have seized the computers of nearly 100 midshipmen (i.e., students at the Academy) because of suspected file sharing activity.

Some people paint this as an “RIAA goes after the Navy” story. But based on the newspaper article, it looks like a “Naval Academy goes after its students” story. It appears that the RIAA sent the Naval Academy the same letter that it sent to many universities, and the Academy then decided on its own to take this action.

Will this put pressure on other universities to do the same thing? Perhaps not, because of the special status of the Naval Academy. Students are members or quasi-members of the Navy and hence have less privacy and autonomy than most students do; and the computers in question arguably belong to the Navy anyway. In any case, it will be interesting to see how the Navy proceeds.