Monday, September 05, 2005

Kazaa Down Under: The Futility of Filters

Well, it looks like the Australian Judge in the Kazaa case has ordered that future versions of Kazaa software must have filters that exclude copyrighted works (see Bloomberg article)...

Exactly how is that supposed to work?

Here's an example... Let's say I've tried to share a file on Kazaa called "metallica.ogg".

This file could be any number of things:

  1. It could be a copyrighted Metallica song,
  2. It could be filled with a bunch of random noise.
  3. Or it could be a recording of me saying "Metallica is an excellent source of strong vaccuum!!!"
With the current state of filtering technology, as I understand it, I would not be able to share this file on Kazaa under any circumstances because the filename contains the word "metallica". Unfortunately, copyright infringement would only have occurred in the first case.

In the second case, when the file just contains random noise, there's no human creativity involved in the creation of this file, so it would be un-copyrightable. There would be no legal reason to prohibit its publication or dissemination whatsoever.

The last case is more interesting... Metallica's position on peer-to-peer file sharing is well known, but how is Kazaa supposed to know what my position is?

There is no "shareable" bit in the file format that says "it's okay to share me."

There is no contact information in the file either, so Kazaa has no way to contact the copyright holder (me!) to ask whether it's legal to share the file or not...

Lastly, even if Kazaa could verify that the file is copyrighted, how can Kazaa (or Kazaa's software) determine what copyright license is associated with this file? Am I using the RIAA copyright license, "Thou shalt not copy, even for thine own use?" Have I licensed this file under a Creative Commons license that would allow copying? And if I did use a Creative Commons license, which one did I use?

Leaving the computers and the Internet out of the discussion just for a moment, it's my position that it would be impossible for any person to determine whether or not my file can be legally shared...

Now in a sane world I wouldn't have to explain this, but we left that world behind a long time ago... You can't program a computer to perform a task that humans don't understand how to do themselves...

The fundamental problem is
that there isn't sufficient information in my "metallica.ogg" file for any human, or computer, to be able to reliably determine whether or not "sharing" is allowed...

The only way I can see this ever working properly is if two things happen first:
  1. We start using file formats that can support Copyright information directly in the file itself (e.g. copyright registration #, license terms, copyright holder, etc.), and
  2. We build on-line repositories of copyright registrations so that software like Kazaa can verify whether or not it should share the file.
Until these things occur, filtering will be nothing more than court-mandated guesswork and will never, ever, function the way it is intended to...

Don't worry, I'm not holding my breath.

Wednesday, April 06, 2005

Misinterpretations of Lexmark, Chamberlain.

Interesting post on Madisonian Theory about the Lexmark / Chamberlain cases. Apparently some folks are trying to find ways to respond to the Lexmark and Chamberlain rulings that limit the scope of the DMCA.

From what I've seen so far they're trying to find some way to deploy "protection measures" (i.e. crypto) that would automatically result in copy infringement if the digital content was accessed in an unauthorized manner. As I see it, this is ultimately a futile exercise because these "experienced IP lawyer(s)" have missed a VERY important point:
THERE IS NO SUCH THING AS UNAUTHORIZED ACCESS, OR CIRCUMVENTION, IF A CONSUMER HAS OBTAINED THE DIGITAL CONTENT LEGITIMATELY!
This is the fundamental lesson of Lexmark and Chamberlain and no amount of technology will ever change this fundamental principle. It'll take an act of Congress to screw this up.

Wednesday, December 15, 2004

More on Aharonian...

Reuters and CNet have covered Greg Aharonian's lawsuit on the unconstitutionality of software copyright, but I know where we can get a copy of his complaint. More information on this lawsuit can be found here:


Now I understand why some of Aharonian's comments about "bad physics" in regards to software copyright case law seem so familiar to me... He's got a Master's Degree in Physics from Cornell and a B.S. in Physics and Computer science from Brandeis University. He's a Physicist (by training)!!! I can identify with that...

Aharonian mentioned something interesting, in correspondence, that he said wasn't covered in the Reuters article (my emphasis):
Finally, one part of my lawsuit not mentioned in the press is that nowhere in the copyright statutes (§ 17 U.S.C.) is software copyright actually authorized. Congress has never voted in a bill that was signed by the President to authorize exclusive rights in software. There is some vague legislative history, vague legislative intent, but no law. So whatever, the first step is to get Congress to pass such a law, which is required by treaty.

Indeed, as the great Nimmer on Copyright states, software copyright is "tacitly assumed" to be a law, which means it isn't.

Greg
I wasn't aware that there needed to be a bill passed to authorize software copyrights, but then again I am not a lawyer... I'm not expected to know these things.

One intellectual property lawyer I spoke with didn't think this would be a critical issue, however.
Dozens of courts have already ruled that software qualifies for copyright protection under the existing definitions in § 17 USC 102. There is no need to explicitly implement it under any treaty. As long as US copyright law protects software in practice, there is no need for Congress to pass an explicit law protecting it. Treaties can be abided by through practice and still comply.
As for myself, I'm not going to hold my breath waiting for software copyrights to be overturned on a legislative technicality, but I have a tremendous amount of sympathy for the other issues that Aharonian raises... If a simple misunderstanding of the meaning of "access" can result in rulings like Lexmark and Skylink, then just think of the mess we might have if terms like "idea" and "expression" are equally vague.

Tuesday, December 14, 2004

Should Software by Copyright-able?

The news today is that Greg Aharonian, a famous critic of software patents, has filed a court case trying to overturn the copyright-ability of computer software...

Apparently, he's been working on this for three years! Here's something he wrote back in 2001 that just warms my little physicist heart... Here's the first paragraph, with some added emphasis:
For over thirty years, software copyright has been a succession of court cases and law review articles based on bad law, bad logic, bad mathematics, and/or bad physics (Benson, CONTU, Whelan and Altai being all of these). I have decided to write a critical review arguing that software copyright (and dependents like TRIPS, GPL, Bernstein, Junger) should be abolished in light of 17 USC 102b and its equivalents - for one reason - it is bad law with no logical basis in the mathematics and physics of information processing.
I'm trying to get a copy of the filing he made in San Francisco so I can compare it to the Skylink and Lexmark rulings, but I haven't got it yet.

All I can say at this point is that I strongly support the idea of reformulating copyright and patent law around fundamental principles that are both self-consistent and physically reasonable. It's long overdue.

Wednesday, December 01, 2004

Son of CSS: HD-DVD v. Skylink...

Just as luck would have it, I was doing some research on the new HD-DVD format wars and Ed Felten comes up with a new article on it...

AACS: Son of CSS

AACS is the Advanced Access Content System. It is the next-generation technology that will purportedly solve the "piracy problem" for movies on HD-DVD. AACS basically serves the same function that CSS does for regular, low-def, DVD movies, but it's a lot more complicated. If you want to know all the technical mumbo-jumbo, you need to read the AACS Technical Overview...

I've read it, but I won't bore you with the technical details. There is, however, one very important diagram on page 21 (the next to the last page) that makes everything very very clear.

No Palladium, No HD-DVD

In that figure, you can see two little gray rectangle(ish) boxes labelled "Authenticator in AACS Optical Drive" and "Authenticator in Host". The "Authenticator in Host", on the right, is suppose to be part of your computer. Hmmm, my computer doesn't have one of those yet...

If you look at the diagram a little longer, you'll see that the authenticator in the HD-DVD drive is supposed to talk to the one in the host (your computer). Those two authenticators chat back and forth to make sure they're both "authentic", and once that's decided they continue their conversation over an encrypted link.

The only technology I've read about in the past few years that would allow devices to "authenticate" themselves to each other and allow them to have private, encrypted, conversations would be Palladium.

Palladium, if you remember, is the "new" technology that is supposed to "secure" your computer and make the Internet safe for eCommerce. It also has the effect of enabling all kinds of Big Brother and/or anti-competitive activities. There was a big uproar about this a while back, and that's why nobody calls it Palladium anymore. The new name for Palladium is now NGSCB, the Next Generation Secure Computing Base. Intel just calls it "safe computing"... After all, who's willing to vote against "safety" in this post 9/11 world... Now back to AACS...

AACS is designed so that there will be an unbroken chain of strong cryptography between the HD-DVD media and your video card. As long as that chain remains unbroken, there will be absolutely no possibility for consumers to exercise their traditional fair use rights.

The reason Palladium is necessary is because all that strong-crypto needs to be tamper-proof. Any step of the process that isn't protected by Palladium technology can be hacked, through software, to allow fair use. Without Palladium, there is simply no other way to meet the design goals of AACS.

Obsolete By Design

The other thing Hollywood has learned from DeCSS is that it's a mistake to use a single, permanent, cryptographic key. If I remember correctly, each region-encoded DVD used a different media key. Once that key is compromised, everything is vulnerable to "piracy". Under AACS they have the ability to "revoke" a compromised media key and create a new one.

Revocation is like changing the locks on your house, except that your player is the key and the HD-DVD movie is the house. Once the locks on the house have changed, there's no way to use your old key to get in and grab a beer.

The real kicker is that the AACS Licensing Authority can change those media keys at any time. They don't have to wait for a Jon Johansen to write DeCSS. They can do it any time they want, for any reason whatsoever. For example, they could decide to revoke a media key whenever sales go flat and blame it all on the "piracy" problem.

This is an excellent method for stimulating sales, because once they revoke that media key you won't be able to watch the latest releases on your old HD-DVD player. Now you'll have to go buy a new HD-DVD player. Just remember, don't go buying it on eBay... You'll have to buy a brand-new one because ALL the old players on eBay will have the same revoked keys that yours does.

And how many of you think you'll be able to watch your old HD-DVD movies (you know, the ones with the revoked media keys) on a new HD-DVD player? I'm betting you won't be able to... Why? Because it'd improve Hollywoods' bottom-line if you have to go out and buy new copies of all the movies in your library.

It's in the interests of both the consumer electronics manufacturers, and Hollywood, to revoke these media keys as often as the market will bear... This is the easiest way for both industries to maximize their profits.

Unless we change the law, I predict that fair use isn't going to exist for digital media after 2010. By then, nearly all of our current computers will be dead and the only ones we can replace them with will have Palladium inside. Without the force of law, I don't think we'll ever convince these industries to recognize fair use... Why? Because not recognizing consumers' fair use rights will makes them more money...

Don't Forget the Lawyers

Inevitably, someone will crack AACS. And just as inevitably there will be DMCA lawsuits. But any new DMCA lawsuits will have to take Skylink and Lexmark into account, so it might not end so horribly this time.

Sunday, November 07, 2004

Universal City Studios, Inc. v. Corley

Sometimes life gives you these little detours... I thought I was going to write about Lexmark Int'l v. Static Control Components, but I was wrong. I'm actually going to write about Universal City Studios, Inc. v. Corley, which was a DeCSS case.

Background:

Eric Corley publishes a magazine called 2600 (also see www.2600.com), and in November 1999 he wrote an article about DeCSS. The article included DeCSS source code and links to other web sites where you could download the software. The US District Court in New York found that Corley was guilty of violating the anti-trafficking provision of the DMCA § 1201(a)(2). And in May 2001, the US Court of Appeals for the Second Circuit upheld the District Court decision.

What I think has happened...

I think the recent Skylink and Lexmark decisions have resulted in a legal framework that invalidates the earlier DMCA cases Universal City Studios, Inc. v. Corley, and Universal City Studios, Inc. v. Reimerdes. Both cases are DeCSS cases and involve "unauthorized access", "circumvention", and "trafficking". I just don't see how those rulings can be preserved in light of these newer cases.

DMCA cases in the last few years seem to be getting much more sophisticated in their analysis of the language of the Act itself. This has happened primarily because the courts have not wished to rule the DMCA unconstitutional, so they have been continually narrowed the scope of the statute in order to have a rational legal framework to work with... Remember, the only restraint on Congress' exercise of their constitutional authority with regards to copyright is that their actions must be "rational" (see Eldred v. Ashcroft).

With the recent Skylink and Lexmark rulings, I think we are at the point where there is no possibility of having a rational legal framework for interpreting the DMCA that also happens to match the original intent of Congress.

This kind of thing happens all the time in physics. You come up with a nice elegant theory, and as you begin poking around in the corners you find little inconsistencies. So you extend the theory, and now everyone is happy again...

Except that every new inconsistency results in a new extension of the original theory until you reach a point where the extensions outweigh the theory. Now the tail is wagging the dog, and your nice little elegant theory is big, complicated, and unwieldy. It isn't pretty anymore... and it's time to toss it all in the trash bin and re-write it from first principles.

On the Horns of a Dilemma:

Unfortunately, according to the folks at EFF, there is currently no legal procedure for challenging the Corley ruling. And it would also be necessary to overcome the fact that the MPAA did successfully argue that CSS qualified as an access control under the DMCA.

But that doesn't mean they were right. It just means that the MPAA pitched CSS as a copy control mechanism and the Judge bought it...

My position is that CSS doesn't prevent copying and, conversely, DeCSS doesn't enable it. Neither of these facts has ever been explained to my satisfaction in court, and this is why I think CSS' status as an "access control" needs to be reviewed.

As best as I can tell, there is a two-horned dilemma here and the Corley decision gets skewered on either one...

Horn #1: CSS is an "access control"

If the courts want to continue treating CSS as an "access control" under the DMCA, then the Skylink decision says that there is no DMCA circumvention liability for owners of the original DVD media. Decryption is authorized for the owner of the media because it's necessary to watch the movie (Skylink rulez!).

The part of the Skylink decision that I am relying on is in The Chamberlain Group, Inc. v. Skylink Technologies, Inc., pg. 43, paragraph 2 (paraphrased):
The Copyright Act authorized [consumers] to use the copy of [the protected work] that they purchased. [Consumers, who have obtained the work legitimately,] are therefore immune from § 1201(a)(1) circumvention liability. In the absence of allegations of either copyright infringement or § 1201(a)(1) circumvention, [distributors of DeCSS] cannot be liable for § 1201(a)(2) trafficking.
If this legal standard had been applied in the Corley case, I believe the ruling would have gone the other way.

This doesn't completely eviscerate the DMCA, however. The only remaining scenario where there is circumvention liability for DeCSS is when someone uses DeCSS to view a movie that they have obtained illegitimately. Also, the idiot who "shared" the movie has infringed the copyright by re-distributing it.

Horn #2: CSS is NOT an "access control"


On the other hand, the recent Lexmark ruling, Lexmark Int'l v. Static Control Components, makes a very strong argument that CSS should not be classified as an "access control" because there is no security measure in place to prevent literal (or raw) copying.

It turns out that "access" isn't defined in the DMCA itself, or anywhere else for that matter, and prior cases have been depending on the Webster definition of "access", which is "to make use of". The Lexmark ruling recognizes that "access" might mean "to make use of", or it could also mean "to obtain a copy of"... Since CSS only controls the ability to "make use of" the work, and does not actually prevent anyone from "obtain[ing] a copy of" it, then § 1201(a)(2) does not naturally apply to DeCSS

The relevant portion of the ruling, Lexmark Int'l v. Static Control Components, is on pg. 16 in paragraph 3.
Because the statute refers to "control[ling] access to a work protected under this title," it does not naturally apply when the "work protected under this title" is otherwise accessible. Just as one would not say that a lock on the back door of a house "controls access" to a house whose front door does not contain a lock and just as one would not say that a lock on any door of a house "controls access" to the house after its purchaser receives the key to the lock, it does not make sense to say that this provision of the DMCA applies to otherwise-readily-accessible copyrighted works. Add to this the fact that the DMCA not only requires the technological measure to "control[] access" but also requires the measure to control that access "effectively," 17 U.S.C. § 1201(a)(2), and it seems clear that this provision does not naturally extend to a technological measure that restricts one form of access but leaves another route wide open.
Paragraph 2, on the same page is also a doozie. This is the exact quote from the ruling:
We disagree. It is not Lexmark's authentication sequence that "controls access" to the Printer Engine Program. See 17 U.S.C. § 1201(a)(2). It is the purchase of a Lexmark printer that allows "access" to the program. Anyone who buys a Lexmark printer may read the literal code of the Printer Engine Program directly from the printer memory, with or without the benefit of the authentication sequence, and the data from the program may be translated into readable source code after which copies may be freely distributed. Maggs Hr g Test., JA 928. No security device, in other words, protects access to the Printer Engine Program Code and no security device accordingly must be circumvented to obtain access to that program code.
This is how I would paraphrase the above paragraph for the Corley DeCSS case:
We disagree. It is not DVD CCA's "css data", or even the purchase of a licensed DVD player that authorizes access to the protected work. It is the legitimate purchase of the DVD product itself that authorizes "access" to the protected work. Anyone who buys a DVD reader/player may read the literal content of the DVD directly from the media itself, with or without the benefit of the "css data", and copies of that literal content (encrypted binary data) may be freely distributed. No security device, in other words, protects access to the literal content of the DVD and no security device accordingly must be circumvented to obtain access to it.
Summary:

In it's simplest terms, if CSS qualifies as a protection measure under § 1201(a)(1), then Skylink protects consumers (and Linux users) from circumvention liability under § 1201(a)(1) because consumers who obtained the work legitimately are authorized to "access" the work.

Lexmark, I think, makes a strong case that CSS does not qualify as a "technical measure that effectively controls access" to the work, and in that instance both the Corley and Reimerdes cases fall to the floor in little tiny pieces.

No matter which horn of the dilemma you take, the end result is that the movie studios cannot depend on the DMCA to prevent consumers from making use of DVD movies in ways that they don't like.

This is where things get interesting, because as I alluded to earlier, the only rational legal interpretation of the DMCA that is left to us in this post-Skylink/Lexmark era no longer resembles Congress' original intent (or what the movie studios paid them to do).

We've got to start over.

Thursday, October 28, 2004

Lexmark: The Meaning of "access" revisited...

Apparently, the recent ruling in the Lexmark case involves "access" issues. Ed Felten has a nice write-up over at www.freedom-to-tinker.com.

To my knowledge, the term "access" isn't defined in the US Copyright Code... This is a problem.

The only reasonable definition I can come up with is that "access" (within the context of Copyright) must mean the rendering of a protected work into a form that can be directly perceived by the consumer. This definition would still allow technology like CSS to be considered a "protection measure" under the DMCA, and yet prevent DMCA abuses a la Lexmark.

It could also affect the copyright landscape with respect to computer software (executable code, not human-readable source code). Oh well, you can't win them all...

Bring Back Copyright Registrations...

Background:

The Copyright Barons have spent years and untold millions of dollars trying to prevent consumers from copying digital content. Since copying is a fundamental physical requirement for modern consumer electronics, what this really means is that they're spending all that money trying to convince (or bully!) manufacturers into creating modern electronic devices that don't function as modern electronic devices. It's kind of perverse, like trying to turn a silk purse into a sows' ear instead of the other way around.

My favorite example of this is CSS, the DVD Copy Control Associations' Content Scrambling System. The DVD CCA describes CSS as a copy-protection measure that purportedly prevents unauthorized copying. Unfortunately, this is not an accurate description of what CSS does. CSS was not designed to prevent copying. CSS was developed for the explicit purpose of preventing manufacturers from creating devices that have "unapproved features" (e.g. I don't like that feature. Remove it or I revoke your CSS license). The real problem facing the Copyright Barons today, which CSS doesn't address, is re-distribution.

What does this have to do with Copyright Registrations?

I think the reason why the copyright Barons have been focusing on copy prevention is because they don't know how to prevent re-distribution (a.k.a. sharing). Since there's no practical way for them to prevent you from giving a video (or cassette) tape to your friends, the only way they can stop it from happening is to make the act of copying as difficult as possible.

Now that everything's going digital there is no way to prevent copying. Even Orin Hatch knows this. And since half of the wired households in the US have broadband, we now have millions of potential publishers. The Copyright Barons are afraid of this, and justly so...

Right now, the Copyright Barons are fighting a losing battle between computers and lawyers. They are losing because computers are faster than lawyers, and computer technology evolves faster than the law... It's like giving your teenager a Ferrari and giving the cops a Yugo. The results are predictable, and not very pretty. There is better way, and it's called...

Automatic Digital Copyright Registration and Detection.

Before 1976, every publisher was required to register copyrights with the Copyright Office. The Copyright Act of 1976 changed this requirement so that everything had automatic copyright protection. No paperwork, no bureaucracy, all nice and streamlined.

This looked like a good idea at the time, but this was 1976 and the personal computer didn't exist. The PC revolution changed a lot of things: Joe Sixpack has a supercomputer on his desk, and for less than $50/month Joe gets to use this giant digital copying machine called the Internet.

Maybe eliminating copyright registrations wasn't the best idea after all... Without some form of registration, there is no process for determining what's been copyrighted and who owns that copyright. And, more importantly, there is absolutely no way to exploit the power of computers to make things more efficient.

All (or at least some of) the efforts spent trying to prevent "copying" (e.g. encryption, watermarking, etc... ) should have been spent on finding ways to automate copyright registrations. Copying isn't the problem anyway, it's re-distribution.

We should be using all of this encryption and watermarking technology to create unique digital signatures for every published digital work and have those signatures registered with the Copyright Office over the Internet.

Those registered signatures need to be available over the Internet so that any consumer electronics device can automatically determine whether or not they're about to publish (or download) something they're not supposed to...

This takes the human element (almost) completely out of the loop. This not only speeds up the process, but it also reduces the associated costs (legal fees). I see this as a win-win scenario for both sides of the Copyright equation (consumers and distributors). This is also the only scenario I can see where the lawyers don't win.

In order for this to work as quickly as possible, the methods for creating these signatures should be available to all software developers, just like any other recognized technical standard... and there should be no economic or legal barriers that would prevent this technology from being deployed world-wide.

Let's be honest, the next great innovation in digital publishing is going to be created by a college student... not a Fortune 100 corporation. And college students can't afford expensive licensing fees. If you want to make this technology available to cutting-edge developers, you need to make it available at a price they can afford.

Free sounds good to me...