November 23, 2024

Posts Comments

Intentia vs. Reuters: A (Slightly) Contrarian View

October 31, 2002 by

The recent dispute between Intentia and Reuters has gotten lots of online attention, most of it scornful of Intentia’s position. I think Intentia is wrong, but it’s a closer call than most online commentators seem to think.

Here’s the factual background, as far as I can tell: Intentia, a Swedish company, prepared their earnings report, and put that report on its web site, at a “hidden” URL to which there were no links anywhere. A Reuters reporter guessed the URL, accessed the earnings report, and published a story about it, all before Intentia intended for the information to be released. Now Intentia is suing Reuters in Swedish court, charging that Reuters accessed Intentia’s computers illegally and without authorization.

As a non-Swede and non-lawyer, I won’t opine on what Swedish law says about this. Anyway, the more interesting question is what what the law should say about this case. Or to put it another way, how should we draw the line between proper and improper access to a computer system?

Most people seem to feel that what Reuters did was legitimate. That’s my gut feeling too. But it’s not as easy as you might expect to explain why.

One common argument is that because Intentia put the file in a place where it was easily accessed, Intentia should have known that people would access it there, so Reuters cannot be faulted for doing so. This has intuitive appeal, but I don’t think it’s right to argue entirely from technical capabilities. That is, the mere fact that Reuters knew how to access the file cannot be enough to show that the access was proper.

Consider a hypothetical in which Intentia puts the file on its site, protected by a password. Is it proper for Reuters to guess the password and access the file? I don’t think so. I’m not comfortable with a rule that would legalize arbitrary file access via password-guessing.

Now from a technical standpoint, there is little difference between using a secret URL and using a secret password. Both rely on the user typing a secret text string; both send that string across an unencrypted HTTP connection; and both provide the requested file only if the string has been entered correctly. Both provide the same level of security. So if password guessing is improper, then why isn’t URL guessing improper?

The answer, I think, is that using a password sends different signals about Intentia’s intentions than using a URL. If a system challenges you to enter a password, it’s clear that the system’s owner is not authorizing you to continue. But if you just type a URL into a browser and the system supplies you with a file, the owner’s intentions are not clear. If, in fact, the URL was something obvious like “3rd_quarter_earnings.pdf,” then a reasonable person might have concluded that Intentia meant it to be accessed by the public.

Ultimately, this depends on the law recognizing social norms about the Net: that accessible files are by default meant to be accessed; that people use a password if they want to restrict access; and that the lack of a password mechanism is taken to imply that public access is allowed.

Filed Under: Uncategorized Tagged With:

Fritz's Real Hit List

October 30, 2002 by

Seth Finkelstein suggests that I should reexamine my “Fritz’s Hit List” feature in light of the “leeway” concept. Seth says, in effect, that it is possible, or at least it might be possible, to redefine the scope of the Hollings CBDTPA so that it covers “what 99.9% of the population uses for business or entertainment,” while not covering the items on Fritz’s Hit List.

I started Fritz’s Hit List to illustrate the extreme overbreadth of the Hollings CBDTPA. This can’t be fixed by making minor adjustments to the bill, or by relying on leeway to cover a few exceptional cases. The bill’s scope is far, far too broad. That’s the real point of Fritz’s Hit List.

This raises the obvious question of whether the bill can be fixed. Is it possible to redefine “digital media device” so that it is broad enough to cover the things it “needs” to cover, yet narrow enough to leave out dolls, dictaphones, and dog toys?

That’s harder than it sounds. I don’t know how to write such a definition. I haven’t seen anybody else offer a good definition either. The CBDTPA’s authors gave us a definition that is pretty far off.

So here is my challenge to the advocates of the Hollings CBDTPA: When you respond to Fritz’s Hit List, don’t just say, “That isn’t what we meant.” Tell us – specifically – what you did mean.

Filed Under: Uncategorized Tagged With: ,

Microsoft Decision Upcoming?

October 29, 2002 by

We’re still waiting for Judge Kollar-Kotelly to rule on the two outstanding issues in the Microsoft antitrust case: whether to approve the settlement between Microsoft, the DOJ, and the settling states; and what remedy to give the non-settling states. She is expected to rule simultaneously on both issues, and the ruling could come at any time.

The court has a mailing list, to which it sends updates about the case. (Click here if you want to subscribe.) The updates are simple text messages, typically announcing that some minor motion has been filed. Today, though, the list received an unusual test message, apparently testing out the court’s ability to send a PDF attachment to the list. It’s almost as if the court is expecting to send out a large PDF document soon.

Filed Under: Uncategorized Tagged With:

Too Stupid to Look the Other Way

October 29, 2002 by

David Weinberger explains the value of “leeway,” or small decisions not to enforce the rules in cases where enforcement wouldn’t be reasonable.

Imagine that your mother were visiting your apartment, and she got sick, so you let her stay overnight because she wan’t well enough to travel home. If this happened, no reasonable landlord would enforce a no-overnight-guests rule against you. Weinberger says:

Leeway is the only way we manage to live together: We ignore what isn’t our business. We cut one another some slack. We forgive one another when we transgress.

By bending the rules we’re not violating fairness. The equal and blind application of rules is a bureaucracy’s idea of fairness. Judiciously granting leeway is what fairness is all about. Fairness comes in dealing with the exceptions.

And there will always be exceptions because rules are imposed on an unruly reality. The analog world is continuous. It has no edges and barely has corners. Rules at best work pretty well. That’s why in the analog world we have a variety of judges, arbiters, and referees to settle issues fairly when smudgy reality outstrips clear rules.

The problem, Weinberger says, is computers don’t give leeway. Would the computer toss your sick mother out on the street, or cancel your lease because you let her stay?

Of course, you can always change the rules to add exceptions, such as a sick-mother allowance. Doing this would cover some cases, but you would be left with a more complex set of rules that was still enforced inflexibly. You can change the rules, but you can’t teach a computer to give leeway.

Weinberger goes on:

Which brings us to “digital rights management” which implements in code a digital view of rights. Yes, vendors and users should have a wide variety of agreements possible, but the nature of those agreements is necessarily digital….

If we build software that enables us to “negotiate” usage rules with content providers, the rules can be as favorable as we’d like but their enforcement will necessarily be strict, literal and unforgiving. Binary, not human.

DRM raises very difficult leeway issues. Fair use is an officially sanctioned leeway mechanism, designed to prevent enforcement of certain rules when the particular circumstances would make enforcement unwise. Fair use is just the kind of subtle and context-dependent leeway mechanism that computers can’t handle.

Weinberger’s message can be summed up in a quote attributed to him by Jon Udell:

That’s the problem with DRM. Computers are too stupid to look the other way.

Filed Under: Uncategorized Tagged With: ,

Wishful Thinking

October 29, 2002 by

In recent debates about copyright and technology, pro-regulation people have started using an interesting rhetorical tactic. Rather than trying to rebut challenges to the workability of their proposed solutions, they talk instead about how intensely they want their proposals to be workable.

For example, my Fritz’s Hit List series points out a serious flaw in Sen. Hollings’ regulatory proposal. Here is the response from the Senator’s office (from the Oct. 21 New York Times):

Andy Davis, a spokesman for Mr. Hollings, said the technology-minded critics of the bill were “missing the thrust of the senator’s argument,” which is that there is need for more protection of copyright works if online content and broadband Internet access are to flourish.

I don’t doubt that Senator Hollings wants very badly for there to be a solution to this problem. But wishing for a solution is not the same thing as having one.

The same phenomenon is at work when pro-regulation people “debate” the regulation issue by repeating statistics about copyright infringement. By now, everybody knows that there is a serious problem with copyright compliance, and (almost) everybody wishes for a solution to that problem.

Again, saying that you want a solution doesn’t imply that a solution is possible. And it certainly doesn’t imply that the “solution” you are currently peddling is any good.

Filed Under: Uncategorized Tagged With: ,