Sanctions against KinderStart

I just learned that Google has won a dismissal and sanctions in the lawsuit brought by KinderStart. The dismissal order was without leave to amend, meaning that KinderStart's claims are dead. The court also ordered that KinderStart and its attorneys will be sanctioned.

KinderStart asserted a panoply of claims, including violation of the First Amendment, the Sherman antitrust act, unfair competition and unfair business practices under California law, and defamation. KinderStart's complaint specifically alleges that Google manipulates search results to censor political and religious speech and to boost the search results of companies that pay Google or comply with demands that Google makes. It also alleges that Google reduced KinderStart's position in search results and assigned it a PageRank of zero.

The sanctions come under Rule 11 of the Federal Rules of Civil Procedure. Rule 11 authorizes the court to "impose an appropriate sanction upon the attorneys, law firms, or parties that" file any paper without an appropriate factual or legal basis. "A sanction imposed for violation of this rule shall be limited to what is sufficient to deter repetition of such conduct or comparable conduct by others similarly situated."

In this case, the court found that several allegations made by KinderStart and its attorney, Gregory Yu, are "factually baseless and [that] Yu failed to perform an adequate investigation before filing them." The court will fix the amount of the sanction after it receives supplemental papers from Google "identifying the fees associated with its motion for sanctions and with other motion practice related to the sanctionable allegations. The Court will determine the amount of monetary sanctions after receiving Google's submission and Yu's response."

PTO: P2P threatens national security

The U.S. Patent & Trademark Office apparently thought it wasn't in the headlines enough this month. On March 5, it issued a press release announcing a November 2006 report (1.22mb) which claims that P2P networks threaten national security. The logic is, at best, bad and, at worst, intentionally deceptive.

Information Week reports:

The report, which the patent office recently forwarded to the U.S. Department of Justice, states that peer-to-peer networks could manipulate sites so children violate copyright laws more frequently than adults. That could make children the target in most copyright lawsuits and, in turn, make those protecting their material appear antagonistic, according to the report.

Conclusion: Software is to blame when record companies act without social responsibility. The article continues:

File-sharing software also could be to blame for government workers who expose sensitive data and jeopardize national security after downloading free music on the job, the report states.

"There are documented incidents of P2P file sharing where Department of Defense sensitive documents have been found on non-U.S. computers with no protection against hostile intelligence," the Patent and Trademark Office explained in a statement.

The basis for this last statement is apparently a bullet point on page 22 of the report, which quotes an unnamed and undocumented source within the Department of Homeland Security as stating: "There are documented incidents of P2P file sharing where Department of Defense (DoD) sensitive documents have been found on non-US computers with no protection against hostile intelligence services." No documentation (or even a footnote) is provided in this report, however. The PTO report does not even state who within DHS made this claim or in what context.

Email me if you're interested in the betting pool on whether this "fact" was made up by DHS or by the PTO.

Via Bruce Schneier.

iRack

MadTV spoofs Apple's iEverything. Funny!

Posner's GPS society

I finally got around to reading U.S. v. Garcia, Case No. 06-2741 (7th Cir. February 2, 2007). I figured the hysterical blog posts were overstating Judge Posner's opinion for the Seventh Circuit. But I may have been wrong.

In Garcia, the defendant was charged with crimes relating to making methamphetamine. The police had received tips that the defendant was making meth, and they gathered evidence by tracking his car. Instead of assigning an officer to follow the car, they placed a GPS device under the rear bumper.

The police placed a GPS (global positioning system) "memory tracking unit" underneath the rear bumper of the Ford. Such a device, pocket-sized, battery-operated, commercially available for a couple of hundred dollars (see, e.g., Vehicle-Tracking, Incorporated, "GPS Vehicle Tracking with the Tracking Key,"www.vehicle-tracking.com/products/Tracking_Key.html, visited Jan. 21, 2007), receives and stores satellite signals that indicate the device's location. So when the police later retrieved the device (presumably when the car was parked on a public street, as the defendant does not argue that the retrieval involved a trespass), they were able to learn the car's travel history since the installation of the device. One thing they learned was that the car had been traveling to a large tract of land. The officers obtained the consent of the tract's owner to search it and they did so and discovered equipment and materials used in the manufacture of meth. While the police were on the property, the defendant arrived in a car that the police searched, finding additional evidence. [Slip Op. at page 2]

The court held that this did not constitute either a "seizure" or a "search" under the Fourth Amendment. The police therefore were not required to have a warrant or probable cause — or even a reasonable suspicion that Mr. Garcia had committed a crime.

Under this rule, the police are free to attach GPS tracking devices to any car at any time, and they can probably do it for any purpose. So long as they avoid direct harassment or a similar misstep, they can track protesters who exercise their First Amendment rights. They can track citizens with information embarassing public officials. They can track ethnic Arabs. And it's (apparently) legal.

I think I agree with the court on the seizure question. The police installed the device without the defendant's knowledge, so he was not deprived of the free use of the car. The device didn't take up any space in the passenger or storage compartments, so it didn't diminish his enjoyment of the car. I suppose the slight additional weight may reduce the car's gas mileage, so it might have imposed a slightly increased cost of operating the car. But that cost is probably negligible, impossible to measure, and overwhelmed by the weight of other cargo. So I would have a hard time calling this a "seizure" of the car.

I think I disagree on the search question, however. Judge Posner wrote (slip op. at pages 4–6):

The Supreme Court has held that the mere tracking of a vehicle on public streets by means of a similar though less sophisticated device (a beeper) is not a search. United States v. Knotts, 460 U.S. 276, 284-85, 103 S. Ct. 1081, 75 L. Ed. 2d 55 (1983). But the Court left open the question whether installing the device in the vehicle converted the subsequent tracking into a search. Id. at 279 n. 2. […]

If a listening device is attached to a person's phone, or to the phone line outside the premises on which the phone is located, and phone conversations are recorded, there is a search (and it is irrelevant that there is a trespass in the first case but not the second), and a warrant is required. But if police follow a car around, or observe its route by means of cameras mounted on lampposts or of satellite imaging as in Google Earth, there is no search. Well, but the tracking in this case was by satellite. Instead of transmitting images, the satellite transmitted geophysical coordinates. The only difference is that in the imaging case nothing touches the vehicle, while in the case at hand the tracking device does. But it is a distinction without any practical difference. […]

This cannot be the end of the analysis, however, because the Supreme Court has insisted, ever since Katz v. United States, 389 U.S. 347, 88 S. Ct. 507, 19 L. Ed. 2d 576 (1967), that the meaning of a Fourth Amendment search must change to keep pace with the march of science. So the use of a thermal imager to reveal details of the interior of a home that could not otherwise be discovered without a physical entry was held in Kyllo v. United States, 533 U.S. 27, 34, 121 S. Ct. 2038, 150 L. Ed. 2d 94 (2001), to be a search within the meaning of the Fourth Amendment. But Kyllo does not help our defendant, because his case unlike Kyllo is not one in which technology provides a substitute for a form of search unequivocally governed by the Fourth Amendment. The substitute here is for an activity, namely following a car on a public street, that is unequivocally not a search within the meaning of the amendment.

Fourth Amendment jurisprudence grew up in an era when practical constraints (like manpower and cost) limited surveillance to situations where crime was reasonably probable. Our society's balance between liberty and government power depended on these practical constraints. When a constraint is removed, the balance is upset. This is one of the most fascinating themes of science fiction literature. Imagine some activity that is limited today by practical constraints. Then imagine a technology that removes the constraint and examine the implications of our current laws and values when the activity is unrestrained. Unfortunately, Judge Posner is writing law and not science fiction.

Judge Posner recognizes that a tipping point will come when some new technology allows police to gather information quickly and cheaply on a massive scale where it would otherwise require expensive efforts. At that time, Judge Posner writes, we will have to reexamine the Fourth and Fifth Amendments to see if sui generis violations occur. He even acknowledges that "programs of mass surveillance of vehicular movements" may require the courts "to decide whether the Fourth Amendment should be interpreted to treat such surveillance as a search." (Slip op. at page 8)

Unfortunately, Garcia precludes this possibility and requires its own reversal whenever Judge Posner feels that day has come. If one instance of an act is not a search under the Fourth Amendment, as Judge Posner insists, then two instances of the same act is also not a search. How many does it take? I can't think of a good reason to pick any number. Either the act has Fourth Amendment implications or it doesn't.

The court expressly ignored the possibility that a trespass occurred because Mr. Garcia didn't raise it. (The court assumed the GPS device was retrieved while the car was parked on a public street.) Initially, I thought this might be the answer to my troubling Fourth Amendment concerns, but it isn't. Even if the police retrieve the device while the car is parked in a public place, the fact of tracking on a private road might provide some basis for finding that a search occurred. I don't think this makes me feel better, however, for two reasons. First, most people simply don't drive on many private roads. Second, I don't think Fourth Amendment rights should be that serendipitous — my rights could be different on Tuesday and Wednesday, depending on my schedule.

I don't have a good answer to these issues yet. The only thing I can say for sure is that Judge Posner's reasoning makes me uncomfortable because it is absolute.

Fruit Clock

This clock harnesses the electrical potential of fresh fruits and vegetables for power. This is one of the most expensive ways I can think of to power a clock. But, then again, you can't eat a used battery. Via Improbable Research.

I've been trolled

In the last 24 hours I received several emails relating to my last blog post, "Piracy Phishing." A couple have informed me (one politely, one hilariously) that I have been trolled. The "email" I received from "Jack Meihoff" of LiquidGeneration is a well-executed spoof. Run to your nearest Flash-enabled browser and check out this explanation of the gag.

Piracy Phishing

"Phishing" is a growing problem. In a cross between spam and scam, an email designed to look like a legitimate query from eBay, your bank, or someone else you trust purports to alert you to some problem and asks you to visit a web site, type in your name and password, and verify some information. The press has spent a lot of ink on this recently.

I just got caught a phish with an interesting twist. The email I received purports to be from the Motion Picture Association of America (MPAA). It accuses me of pirating movies and demands an unspecified payment. Then it provides a link which, I am told, will tell me the exact amount I owe to settle the claims of MPAA. The email is quoted below.

Unfortunately, the MPAA has never heard of the sender, Jack Meihoff, and it also states that it does not handle piracy cases in this manner. Also, the MAC address identified in the email is ficticious, and the domain in the link it points to (saynotopiracy.org) is registered to an entity called LiquidGeneration, Inc., incorporated in Illinois. The only individual person associated with its whois entry is one Bruce Freud. He can apparently be reached at:

Bruce Freud
LiquidGeneration, Inc.
200 E. Ohio, Suite 200
Chicago IL 60611
(312) 573-0123
bruce@liquidgeneration.com

I can find no mention of Jack Meihoff, Bruce Freud, or LiquidGeneration on MPAA's web site, and Google returns no hits for searches on mpaa.org for those keywords. Very likely, LiquidGeneration wants me to click on the link (which contains a long strong of random-looking characters to verify my email address in its spam database. The email originated from db1.liquidgeneration.com (65.61.160.116). Maybe it even has a payment mechanism and would ask me to type in a credit card number. If anyone out there actually cares, you are welcome to investigate the matter further. For my part, I will shortly send an email to the Federal Trade Commission and the California Attorney General with a link to this post.

The email follows:

From: Jack Meihoff
To: [my email address]
Subject: Motion Picture Association of America
Date: Sat, 5 Mar 2005 13:45:36 -0600

Illegal Movie Downloads
Motion Picture Association of America
Encino, California
3/5/2005 1:45:36 PM
Dan Fingerman
MAC ADDRESS: 00-11-2F-41-BD-21
Case No.: IS035HY36NURS0E8

Mr. Fingerman,It has been brought to our attention by John Smythe that you have been involved in the unauthorized downloading and transferring of licensed movies.

Federal laws mandate that you immediately cease and desist all illegal activities pertaining to movie theft. Further, you are required by law to pay all incurred penalties in conjunction with Amendment 34-C, officially passed on January 30, 2005.

In accordance with state jurisdictions, your failure to pay these penalties in full within 30 days of receipt of this notice will result in a warrant for your arrest. We are also required by law to inform you that a second offense will result in a minimum jail sentence of 90 days.

Penalties incurred in your particular case may be reviewed on our government Web site. All cases are deemed confidential. Penalties are assessed by each individual download, charged at a nonnegotiable rate of $1,200 per infraction. Click your specific case number (Case No.: IS035HY36NURS0E8 [link]) to view the total amount due or to dispute your case.

Sincerely,
Jack Meihoff Piracy AgentMotion Picture Association of America

ChoicePoint & Privacy

I used to consider myself reasonably well informed about the issues surrounding privacy and information technology. I admit to feeling a little smug when I read Bob Sullivan's article on MSNBC yesterday, about breaches of consumer privacy admitted by ChoicePoint ("Database giant gives access to fake firms"). Mostly, I felt smug about one consumer whom Sullivan quoted as saying she had never heard of ChoicePoint — the data mining company that tries to collect and organize information about every consumer, business, and transaction that occurs in the United States.

However, my smugness vanished when I clicked through to a linked article, by Robert O'Harrow, Jr., of the Washington Post, that describes ChoicePoint in some detail ("ChoicePoint finds wealth in information"). I had no idea the company had reached such an enormous size and was still growing so fast. It was pretty humbling.

Blogging For Jobs

This New York Times article caught my eye because it captured my experience when I was interviewing for jobs last year: "Need a New Job? Check Out a Blog." (Via beSpacific)

I started writing DTM :<| last October, when I was looking for my first job after law school. (I had meant to mention my first blogiversary on Sunday, but I ran out of time.) Last November I had some correspondence with an editor of the Journal of Internet Law, who had read one of my posts on the CAN-SPAM Act, and he asked me to write a paper [pdf] for his journal. As soon as I finished writing the paper, I started using it as my writing sample when I went to interviews. It was a lovely gimmick — asking the lawyers across the table not to circulate my essay because it would soon be published. This would always get them to ask for the story behind the paper, so I got a chance to talk about my blog. About half of them took a look at it after I left.

When I started working for my firm, a few people mentioned that they had skimmed through my blog. A few months later, we hired a new associate. On his first day, he mentioned that he had seen my web site and read some posts in my blog. Thus, in a very short span of time, I was on both sides of the table. Although I was not directly involved in the hiring process for this new associate, he had gone to the trouble to check me out. Not a bad idea, I suppose — we work together a lot now.

When I have time to write a lot for DTM :<| (not so much in the last few months, regrettably), it reflects pretty well the things I think about on a daily basis. That sort of information is hard to convey in a cover letter, resume, and job interview.

MGM v. Grokster affirmed

Right now I have nothing to add to what is being said on the 9th Circuit's affirmation [pdf] of MGM v. Grokster — except to recommend Ernest's comments, then Derek's Leftovers and Frank's link collection.

...And then let's raise our voices with a collective WOOHOO!!!

Gillmor interview in Wired

Wired published Xeni Jardin's interesting interview with veteran journalist Dan Gillmor. The occassion? The publication of Gillmor's new book, We the Media.

Among the highlights:

I'm worried, because the forces of centralization are winning almost all of the legal and political fights so far. Note the state attorneys general letter to the P2P folks — full of misinformation and bizarre interpretations of reality, but part of the copyright cartel's war on all forms of media it can't control.

The problem, as Lawrence Lessig and others have noted, is that absolute control is contrary to what users/customers must have — for example, to retain both some level of freedom and the ability to create new works that quote from older works. I hope this comes out right in the end, but I'm not counting on it at the moment.

Technology will be impossible to fully control, but bad laws can make it dangerous to use.

CBO releases report: "Copyright Issues in Digital Media"

The Congressional Budget Office (CBO) released a report today which analyzes digital copyright issues from an economic perspective: "Copyright Issues in Digital Media." (Via C|Net)

I have not had time to read the whole thing yet. Having only skimmed the summary and the first few sections, it seems that it could provide a good starting point for debates over new legislation. It is not as heavily laden with economic or legal terms as other analyses have been.

Oh, yeah...and I like the frame it created for the debate. From the summary:

• Property rights and other elements of a regulatory regime for creative works should be regarded as instruments for allocating creative resources. Hence, existing copyright law should not be viewed as an absolute, inviolable set of rights to which either creators or consumers are entitled.
  
• Revisions to copyright law should be made without regard to the vested interests of particular business and consumer groups. Instead, they should be assessed with regard to their consequences for efficiency in markets for creative works and other products.
  
• Property rights are not free. For a system of property rights to be accepted and upheld, the costs of establishing and enforcing that regime must not exceed the eventual benefits from it.

C|Net asks: Are blogs worth the hype?

C|Net asks, "Are blogs worth the hype?" The news service features a debate on the niche bloggers are claiming to fill. It also serves up links to lots of recent articles on blogging.

FCC subjects VoIP to CALEA

The FCC acted this week on Uncle Fed's request that it subject VoIP providers to CALEA, the Communications Assistance for Law Enforcement Act. Last month, the FBI asked the Commission to exercise its authority to extend the group of technologies to which the act applies to include VoIP — in other words, to expand the reach of cheap and easy "wiretapping" for Uncle Fed and other law enforcement agencies. (Well, not literally "wiretapping," as I explained in detail a few months ago: "Wiretapping & VoIP.")

Yesterday, the FCC adopted a Notice of Proposed Rulemaking and Declaratory Ruling [pdf] in which it concluded that broadband providers whose facilities can be used for VoIP should be subject to the surveillance rules that govern traditional phone service providers:

[T]he Commission tentatively concludes that CALEA applies to facilities-based providers of any type of broadband Internet access service — including wireline, cable modem, satellite, wireless, and powerline — and to managed or mediated Voice over Internet Protocol ("VoIP") services. These tentative conclusions are based on a Commission proposal that these services fall under CALEA as "a replacement for a substantial portion of the local telephone exchange service."

Now, it wants public comment on implementation:

The Commission seeks comment on telecommunications carriers' obligations under section 103 of CALEA and compliance solutions as they relate to broadband Internet access and VoIP. In particular, the Commission seeks comment on the feasibility of carriers relying on a trusted third party to manage their CALEA obligations and whether standards for packet-mode technologies are deficient and thus preclude carriers from relying on them as safe harbors for complying with CALEA.

The kicker? Broadband providers are expected to bear the full cost of this law government program:

With regard to costs, the Commission tentatively concludes that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities; seeks comment on cost recovery issues for wireline, wireless and other carriers; and refers to the Federal-State Separations Joint Board cost recovery issues for carriers subject to Title II of the Communications Act.

The New York Times has coverage: "F.C.C. Supports Surveillance Rules on Internet Calls". See also Declan's column from last week, for background info: "FBI targets Net phoning."

Quotable in the news

Rob Pegoraro, the Washington Post's "Fast Forward" columnist, has a great quote in last Sunday's column, "TiVo vs. the Broadcast Flag Wavers." Discussing the broadcast flag's unintended blurring of the copyright sphere into the patent sphere, he lamented that TiVo had to ask Uncle Fed for permission to build a feature into the next version of its flagship product. Rob writes:

Huh? Permission? Doesn't the government's involvement in consumer electronics stop with making sure that a gadget doesn't jam your neighbor's reception or electrocute you? Since when do the feds get to vote on product designs? [...] The answer is, since last November, when the FCC voted to require manufacturers to support the "broadcast flag" system by July 1 of next year..., which brings us to TiVo's vaguely Soviet predicament.

Analyzing popularity of online resources

TRN reports an interesting new method for analyzing popularity of online resources ("Online popularity tracked"). In a nutshell, a group of researchers from Cornell University and the Internet Archive have developed a method for determining the "batting average" of a given resource.

The item description batting average is different from just tracking the output of a hit counter, which measures the raw number of item visits or downloads, said Jon Kleinberg, an associate professor of computer science at Cornell University. "The batting average addresses the more subtle notion of users' reactions to the item description as it appears in the fraction of users who go on to download the item."

[...]
The researchers found that on the Web, popularity often changes abruptly rather than gradually. "For example, an item would be getting downloaded at a rate of roughly 38 percent, and then at exactly 8: 35 a.m. on February 20, it would drop to about 24 percent and stay there for the next several days," said Kleinberg.

Arlo uppercuts Jib Jab

The latest Flash cartoon floating around is a hilarious parody of the U.S. Presidential campaign. The animated creation of Jib Jab stars President Bush and John Kerry, dancing to the tune of Arlo Guthrie's classic "This Land Is Your Land" and calling each other names like "right-wing nutjob" and "liberal sissy."

Despite the dangers (see: Idiot's guide to combatting satire), the company that owns the rights to Arlo's song has sicced its lawyers on Jib Jab. (See this CNN report.) President Bush learned first-hand in the last election that nearly any attempt to suppress Internet-based satire will fail spectacularly. Even if you have forgotten the incident, you probably remember Bush's (in)famous quote: "There ought to be limits to freedom."

---

CORRECTION (28 Aug.): Two days after posting this, I realized that Woody Guthrie — not his son, Arlo — wrote "This Land Is Your Land." I meant to post a correction but, unfortunately, managed to leave it in "save as draft" limbo. Yesterday, a concerned neighbor of Arlo's emailed me to set me straight on the facts. She also said that Arlo was unhappy with the record company's actions and that he thought his father would be, too. Then she pointed me to this link. I appreciate it when people constructively (and politely!) point out my mistakes.

Will Florida be the next Florida?

The New York Times reports on one Florida county's inability to keep proper election records after installing expensive new evoting machines. The money quote: "This shows that unless we do something now — or it may very well be too late — Florida is headed toward being the next Florida."

The records disappeared after two computer system crashes last year, county elections officials said, leaving no audit trail for the 2002 gubernatorial primary. A citizens group uncovered the loss this month after requesting all audit data from that election.

CAN-SPAM Library

New: Gigalaw has launched the CAN-SPAM Library (www.canspamlibrary.com) — a collection of law, articles, studies, commentary, discussion, and links on the CAN-SPAM Act. Well worth reading (and linking). Via GrepLaw.

Tossing Amazon's cookies

I just heard about Amazon's new patent (No. 6,714,926) claiming a method for using browser cookies. (Via LawGeek) A quick reading of the claims puts me close to Jason's position, thinking that there must be a ton of prior art that would invalidate it. But that is not the most amazing fact. I have not studied the prosecution history, but Jason says that the inventor cited only one reference to the patent examiner — that is, he told the examiner that he knew of only one publication before his priority date in February 1999 that described the use of cookies.

For those not familiar with PTO Rule 56, it requires patent applicants to disclose all sorts of juicy information to the examiner — but only if they have actual knowledge of that information. I find it difficult to believe that a programmer working for Amazon would not have actual knowledge of more than one paper written about browser cookies. Anyone accused of infringing this patent would have a tailor-made inequitable conduct defense.

FBI proposes expansive broadband "wiretap" rules

Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).

Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.

I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.

Blundering through security

It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)

Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane — that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.

Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):

Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.

Satan, meet Lucifer. Lucifer, Satan.

"Yes, Microsoft did introduce BayStar to SCO." So admits a representative of BayStar. The tech world was abuzz for a week after a leaked memo linked the two Linux enemies. After SCO denied the then-rumor, BayStar now apparently admits the link.

Proxomitron

I got a two emails after my last post, both asking how to make Proxomitron do what I described. If two people cared enough to write, then a few more must be suffering in silence — so here is the answer.

I am not going to rewrite the Proxomitron help files, which are already excellent. I will, however, give you some entries in my URL Alias List that will help you get started with looking up legal citations. Basically, the entries have to be in this format:

dotstring\1/ & $JUMP(url)

…where "dotstring" is the character string you want to trigger the alias and "url" is the url you want to visit. In this example, \1 will take whatever "extra" text you type and plug it into the URL at the appropriate place.

Here are some of my entries to get you started:

• 37cfr\1/ & $JUMP(http://edocket.access.gpo.gov/cfr_2003/julqtr/37cfr\1.htm)
  
• calciv\1/ & $JUMP(http://www.leginfo.ca.gov/cgi-bin/calawquery?codesection=civ&codebody=\1)
  
• calev\1/ & $JUMP(http://www.leginfo.ca.gov/cgi-bin/calawquery?codesection=evid&codebody=\1)
  
• frcp\1/ & $JUMP(http://www.law.cornell.edu/rules/frcp/Rule\1.htm)
  
• patnum\1/ & $JUMP(http://patft.uspto.gov/netacgi/nph-Parser?&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=\1.WKU.&OS=PN/\1&RS=PN/\1)

In the first example, typing .37cfr1.56 into your browser's address bar would bring up 37 C.F.R. § 1.56, which is PTO Rule 56, requiring inventors to disclose information to the Examiner during patent prosecution. If you replace "1.56" with another section number, you would get that other section number. For example, typing 37cfr1.660 will get you 37 C.F.R. § 1.660, which requires patentees to give notice to the PTO in some cases where patents are challenged.

My recent favorite (one that would benefit any young IP litigator) is the patnum entry. Use this with any patent number (with or without commas, it makes no difference), and you will go instantly to the U.S. patent bearing that number. My new favorite patent is No. 5,920,923, invented by Penn Jillette, of Penn & Teller fame.

For posterity, the other entries listed above will give you (in order): sections of the California Civil Code, sections of the California Evidence Code, and Rules of the Federal Rules of Civil Procedure.

Happy Birthday, Macintosh

The Apple Macintosh turns 20 years old today. To honor that milestone, the San Francisco Chronicle ran this interesting, front-page retrospective: "The Machine that Changed the World: The First Human-Friendly Computer, the Mac, Turns 20."

Apple does its part, too, preserving for posterity its famous "1984" Super Bowl advertisement.

McBiometrics

The Winnipeg Sun reports that McDonald's has confirmed that it is using biometrics in a payroll application in about half its restaurants in that city. Instead of punching time cards when they start and finish their shifts, employees run their hands past fingerprint and palm scanners. The devices are plugged directly into the company's computerized payroll system, which records the employee's working hours. The efficiency gains are obvious: "At McDonald's, the scanners are connected to the payroll department and save on paperwork, [McDonald's spokesman Ron] Christianson said. They also free managers from record keeping and get them out working with staff and the public, he added." Unfortunately, the restauranteur has failed to think through the privacy implications of this pilot program.

McDonald's does pay lip service to privacy: "Christianson said McDonald's will only use the prints for the stated purpose and has educated workers about its privacy policies and hired a privacy manager. There have been no complaints from Winnipeg workers about the time clock alternative." However, McDonald's does not appear to have subscribed to the best practices written by the BioPrivacy Initiative or any other published set of best practices. (Despite its name, the BioPrivacy Initiative is a biometrics industry trade group, not a privacy advocate.)

For example, McDonald's does not appear to have clearly and bindingly defined the scope of its biometric program. It is using biometrics solely for payroll purposes right now, but nothing would stop it from expanding the program to encompass other purposes tomorrow. A company spokesman's apology is little consolation for a long-gone former employee who falls victim to identity theft down the line. There is no indication that McDonald's is storing its employees' biometric templates separately from their other personally-identifying information, such as names and addresses. Christianson does not say anything about independent auditing of the company's biometric applications. Most importantly, there does not appear to be any ability for employees to control the use of their biometric data, nor does there seem to be any meaningful alternative for those who would prefer to opt out of the program.

In McDonald's defense, my sole source of knowledge of its biometrics program is the press, and this may simply be a case of newspapers oversimplifying the situation and failing to report all the facts. I have been surprised like that before. Unfortunately, this does not "smell" like such a case.

ISPs & others form "neighborhood watch" for spam

C|Net reports that a group of ISPs and telecommunication companies have banded together to create a "neighborhood watch" program for fighting spam. This is the sort of industry self-help that the CAN-SPAM Act encourages with its liability shield for private mail-handling policies. This partnership seems to go beyond similar efforts that existed in the past. Is this one attributable to CAN-SPAM? Probably not, but the law certainly did not hurt.

Lessig on ePolitics

Lawrence Lessig blogged this morning on MoveOn's announcement of the winners of its "Bush in 30 Seconds" contest. He took the opportunity to comment on the "big picture" of participation in politics via electronic media. It was nice to see that he basically agrees with the thesis I put out there in my college thesis paper, "The Futures of ePolitics: Assessing Predictions of Political Discourse on the Internet."

Wiretapping & VoIP

Last week, Uncle Fed (specifically, the Department of Justice, the FBI, and the Drug Enforcement Administration (DEA)) asked the FCC to force providers of voice-over-Internet protocol (VoIP) services to provide easy "wiretapping" capability to federal and local authorities. See Declan's report on C|Net: "Feds seek wiretap access via VoIP." A few comments are in order before the press mangles this situation and manages to obscure the facts. (Not to impugn Declan; I thought his article was good.)

Lawyers are in the language business, so we should examine the word wiretap to shed some light on exactly what Uncle Fed is asking for. Webster's Dictionary defines wiretap as an intransitive verb meaning "to tap a telephone or telegraph wire in order to get information." This definition is too circular to be useful at first, but this circularity becomes important later. Dictionary.com's nominal definition is a better starting point: "A concealed listening or recording device connected to a communications circuit." This was an accurate physical description when the term arose, during electric telegraphy's youth.

In those days, telegraphic circuits were hard-wired — that is, each pair of telegraph stations was connected by a single wire with one operator at each end. (Busy pairs of stations were connected by multiple wires, each one having operators at both ends.) Each transmission wire was plugged into a magnet-driven apparatus at each end that translated incoming electric signals into audible sounds and generated outgoing electric signals when the operator pressed a button. For an excellent beginner's text on early telegraphic technology and the economic and cultural developments it spawned, see Tom Standage, The Victorian Internet (1998).

In this environment, police had two options for surreptitious surveillance: (1) force the operator to disclose a message's contents after he received it, or (2) intercept the signal between the stations. Option 1 was inefficient because it was slow (the police had to wait for someone else to translate the message from Morse code and deliver it to them), and operators could not always be trusted to keep surveillance secret. Therefore, laws were passed that made option two mandatory. Telegraph companies were required to cooperate with the installation of a device (the "tap") onto their transmission wires that allowed the police to siphon off a tiny amount of the electric signal between two stations and send that signal to a police-operated station.

Later, switching technology made telegraphy more flexible. A switching device made temporary connections between transmission wires coming into the telegraph station. This allowed one operator (or more, at busy stations) connected to the switch to monitor several incoming wires simultaneously. Wiretap devices evolved in lock-step with switches and were quickly moved inside the switches so that fewer taps could monitor more transmissions without being physically reinstalled over and over. Whether this new configuration continued to qualify as "tapping" a "wire" is debatable. Early switching devices made temporary physical connections between telegraph wires by means of a third wire. Early switch tapping devices siphoned the electric signal off this switching wire, so there is a plausible argument that the term was still an accurate physical descriptor. Today we would understand the tapping devices as monitoring the operation of the switch device, not an individual wire within the switch. While wiretapping remained a reasonably good logical description of the tapping device's function, its accuracy as a physical descriptor was highly questionable.

The point to take from this is that wiretap first became an ambiguous term more than a century ago. Now reconsider Webster's circular definition, "to tap a telephone or telegraph wire in order to get information." Webster probably intended to denote the tapping of a circuit, not a wire, but we can forgive lexicographers for not being electrical engineers. However, Webster's definition unambiguously means eavesdropping on a single transmission or group of transmissions between two specified end points. In my experience, this is how law enforcers, laymen, and journalists all use the term. To convey the idea of collecting more than this information, they use such words as surveillance, eavesdropping, or data sniffing.

If the introduction of circuit switching made wiretap an ambiguous term, then the introduction of packet switching renders it positively useless. Packet switching is the transmission technology underlying the Internet Protocol, which is used for all Internet (and most local area network (LAN)) transmissions. Packet switching involves breaking data down into tiny pieces ("packets") and sending each packet across the network individually. This system eliminates the need for circuit switching, which dedicates a circuit to each transmission for the duration of that transmission. Few transmissions use the circuit continuously, so circuit switching inevitably involves inefficient "down time" for active circuits. Consider, for example, how frequently people pause while talking on the telephone. No information is transmitted during these pauses, but their circuit is monopolized nonetheless. Other callers cannot use this circuit until the first call ends — which forces the phone company to install a sufficient number of circuits to carry the maximum foreseeable number of transmissions simultaneously. This extra infrastructure is expensive to install and maintain.

Packet switching allows a small number of circuits to accommodate many transmissions because each one uses the circuit only while information is being actively sent. During each pause, the circuit is used for other transmissions. Additionally, different packets from the same transmission often take different routes across the network. Intermediate nodes will send packets along different routes to bypass busy sections of the network to avoid delays, among other reasons. Since packets must reach the destination individually, it must contain complete addressing information so that intermediate nodes can route it appropriately.

The same features that make packet switching more efficient than circuit switching also make it cheaper. (Sarcastic aside: This is as close to a "law" as the "science" of economics can offer us.) They also make it much more difficult to monitor communications. By definition, packets of information do not all travel through a packet-switched network by the same route. Therefore, there is no central box inside which to install a tapping device, as there is in circuit-switched networks.

The good news for law enforcers is that there does exist a place where all packets of a transmission must pass through before they are dispersed. That place is wherever the sender connects to the Internet backbone. "Backbone" is the name for high-speed networks that carry most Internet data until that data gets very close to its destination, at which time it is moved to a smaller (and usually private) network. All packets must travel from the sender's computer to the backbone through some identifiable means of transmission, be it in a cable or via wireless transmission in a form such as Wi-Fi.

The bad news for law enforcers is that each computer (or network) that connects to the Internet is connected via its own "pipe." They must install "tapping" devices on the connection used by each individual computer whose users' communications they intend to monitor. This requires that they get much closer to the target of the surveillance than they did with circuit-switched networks. In the old days, they could install tapping devices inside the switch at the telephone company's office. Conceivably they might do something similar at the target's Internet service provider (ISP). The FBI's (since-renamed) Carnivore project was an example of this. Unfortunately, this arrangement monitored traffic from all the ISP's customers, not just the intended surveillance target. In order to separate the target's transmissions from everyone else's, Carnivore has to read all packets that pass through. The only real solution to this problem is to install a device very close to the target — for example, in the cable that physically connects him to his ISP or at the antenna via which he transmits information to his ISP. This poses two main problems. First, the target may notice an unfamiliar device outside his house or office and become aware of the surveillance. Second, it is expensive because the police need to build many more devices and pay officers for the time it takes to install them at disparate locations.

By now, the linguistic difficulty of referring to any surveillance of data transmitted via the Internet as "wiretapping" should be obvious. At this point, I would like to shift direction slightly and briefly address a few related problems.

First, it is far from clear that the FCC has the authority to regulate VoIP as if it were a telecommunication service. It was widely reported last October that a federal judge in Minnesota ruled that VoIP companies provide "information" services, not "telecommunication" services, which means that states cannot regulate them under the Telecommunications Act of 1996. On the other hand, the 9th Circuit ruled earlier that month that the FCC erred in classifying cable broadband as an "information" service rather than a "telecommunication" service.

Second, according to Declan, Uncle Fed wants the FCC to require VoIP providers "to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations." This is technically possible only for a few such services. In my understanding, Vonage sells black boxes that take input from a telephone and transmit data through the user's broadband ISP connection to Vonage's network, where Vonage routes it to another Vonage device or to a circuit-switched telephone network. Therefore, Vonage may be able to install devices that "tap" a specified user's conversations. Other services, however, operate in a fundamentally different way. Skype, for example, does not have any communications network at all. Its client software transmits voice data using the same decentralized P2P architecture found in Kazaa, the popular file-sharing client. (Skype was, after all, designed by the makers of Kazaa.) Therefore, Skype has no capability to install tapping devices, even if it wanted to cooperate with a hypothetical FCC order.

Third, as discussed above, to surveil transmissions on a packet-switched network, the police must read all data packets that pass through. If they ignore any individual packet, they may miss a piece of the message they intend to intercept. This makes it an unavoidable certainty that any "packet sniffer" will collect data that is not legally subject to surveillance — it would exceed the scope of all but the most expansive warrants. (Never mind that any warrant so expansive is probably unconstitutional because it would fail to state with particularity the information intended to be collected). Depending on the environment where the sniffer is installed, it may also collect data transmitted by third parties, who are not the intended targets of surveillance and who have a reasonable expectation of privacy in their communications. This is a Fourth Amendment problem of enormous magnitude — one that is well beyond the scope of this weblog.

Fourth, Uncle Fed's own statistics for 2002 show that about 80% of all wiretaps — both federal and state — were for criminal investigations in the course of enforcing drug laws. Only the remaining 20% were used for all other types of investigations. One is left to wonder whether the alarmist language in Uncle Fed's letter to the FCC was disingenuous: "criminals, terrorists, and spies (could) use VoIP services to avoid lawfully authorized surveillance." Uncle Fed tries to make it sound as if wiretaps are already an effective tool against such people when his own statistics show that wiretaps are rarely used against them. It would be another matter entirely if Uncle Fed intended to use VoIP monitoring technology to enforce drug laws. Even then, none of the dope dealers I knew of in college even knew what "broadband" meant — so it was unlikely that any of them had the equipment necessary to use VoIP. Even if drug importers are more sophisticated, the police can still monitor their communications through conventional warrants and responsible police work.

In conclusion, the only thing I can really say is that Uncle Fed's request is problematic, at best — and I am just a guy with an interest in Internet law, not an expert in history, technology, or constitutional law. If Uncle Fed was trying to start a national debate on the merits of Internet surveillance, it is about time we had one. If he thought he could slip this in under the radar, shame on him.

Academic credit for blogging?

Professor Stephen Bainbridge of UCLA Law asks a serious question. A few days ago, he mentioned that a paper in the Yale Law Journal cited his weblog, then he made a flippant quip: "Now the Dean will have to give me credit for the time I spend blogging. Hah!" That flippant quip drew a deluge of responses. (Via Lawrence Solum)

Why not give academic kudos — in some form — to professors who blog? They add to the general environment of intellectual curiosity that universities strive to create, and blogged ideas often grow into "real" academic papers. See my own example: An editor from the Journal of Internet Law saw my blog post on the CAN-SPAM Act and asked me to submit a paper that will be published in the February 2004 issue.

Diebold/DMCA summary & analysis

Mary Bridges of the Berkman Center has published "Diebold v. the Bloggers." The essay is a nice summary and analysis of the DMCA's darkest days to date. (Via A Copyfighter's Musings)

EFF calling for Pioneer nominations

It is a new year, so it must be time for the Electronic Frontier Foundation (EFF) to seek nominations for its 2004 Pioneer Awards. Nominations are due by 1 February.

Norweigan authorities drop DeCSS case

Mary of bIPlog reports that the Norweigan prosecutors on the DVD Jon case have decided not to appeal his second acquittal. This is wonderful news.

Third-party fix for IE URL spoof vulnerability

While Microsoft has yet to fix the URL spoof vulerability in its Internet Explorer browser, at least one amateur software enthusiast community has come up with a robust solution. Users of Proxomitron have found a way to use the local proxy server and web filtering client to work around IE's shortcoming. The proxomitron filters posted in this forum alter links and buttons that lead to web pages that exploit this vulnerability. Additional filters posted there will trigger an alert message box when the active web page contains links that exploit the vulnerability.

These solutions were created by users, free of charge and with no expectation for payment — for fun and for the benefit of Internet users generally. The first request for a fix was posted on 12 December, and four filters were available that same day. Over the next five days, the filters were refined and made more robust, until they handled all situations yet conceived by their developers. Note for emphasis: amateurs created a comprehensive solution in five days. All this happened while Microsoft, one of the most profitable software companies in the world, has been unable or unwilling to fix the problem for nearly a month. Anyone care to explain to me again how high-quality software cannot exist without a profit motive?

Cyberbullying and school (in)action

The Christian Science Monitor has a feature article by Amanda Paulson on "cyberbullying." The article outlines the problem, analyzes it as merely a new platform for old-fashioned bullying, and discusses the perils of censoring speach for short-term disciplinary goals. I think that analysis is on the right track, but I would like to add a few points.

The article ignores the grandaddy of all cyberbullying cases and the publicity that surrounded it — the case of Jake Baker and the University of Michigan. Mr. Baker's First Amendment defense ultimately led to his exoneration of charges of making threats. (See the EFF case archive for comprehensive information.) The CS Monitor article does, however, discuss the more recent case of "Ghyslain, the Canadian teenager who gained notoriety this year as 'the Star Wars kid.'" This young man videotaped himself goofing around with a broomstick, as if it were a fighting staff.

Some peers got hold of the video, uploaded it to the Internet, and started passing it around. Doctored videos, splicing him into "The Matrix," "The Terminator," or the musical "Chicago," with added special effects and sounds, soon followed. He's now the most downloaded male of the year. According to news reports, he was forced to drop out of school and seek psychiatric help.

"It's one of the saddest examples," says [Glenn Stutzky, an instructor at the Michigan State University School of Social Work]. "He did one goofy little thing, and now it will always be a part of that young man's life."

The article also mentions that (public) schools may lack the authority to shut down off-campus channels of speech used for bullying. The author seems to divide this into two distinct points, one practical and one legal, but it could stand some clarification. First, schools lack the practical ability to censor such centralized speech channels as web-based bulletin boards and instant messaging networks — because the school is not the central entity. These are generally physically controlled by private companies. When it comes to open and decentralized channels (like email, IRC, or usenet), the school has no chance. Second, the legal barriers. Any action that schools take or fail to take can open them up to the modern American passtime, lawsuits. Any course of action necessarily requires the school to make judgments that pit one student's civil rights against another's — specifically, the right of the bully to speak vs. the right of the victim to have a public education free from harassment. Schools are understandably reluctant to break any new ground in this context. If I were a school board lawyer, I might recommend the most conservative course of action I could think of.

However, schools are not always so loathe to target Internet speech that is generated off-campus. Some get trigger happy when a student's web site criticizes teachers or administrators. Just the other day, I blogged on a recent case involving the Oceanport School District in New Jersey. I could probably turn up ten more examples in as many minutes on Google.

Finally, I want to highlight a case described in the article that displays the best the First Amendment has to offer. "J. Guidetti, principal of Calabasas High School, did get involved, after comments on schoolscandals.com caused many of his students to be depressed, angry, or simply unable to focus on school." All of Guidetti's initial efforts failed — as long as he used a law-enforcement approach. Then, he decided to counter speech with speech:

Eventually, a local radio station got involved and put enough pressure on the people running the site — a father-son duo — that they took it down in the spring. Already, there's a schoolscandals2 — relatively harmless, so far. Guidetti checks it regularly for offensive content, one of the ever-growing tasks of a 21st-century principal.

To be clear, I do not advocate publicly shaming people for their speech. However, opinions that wilt in sunlight are exactly the sort that the Framers of the constitution believed could be controlled by encouraging counter-speech. Guidetti engaged in honest public debate, convinced more people than his opponents, and won the day. By taking his case to the airwaves, Guidetti created speech where he had previously tried to destroy it, and liberty had a rare chance to serve a utilitarian purpose.

Congressional spam

The New York Times points out, rather amusingly, that most members of Congress were engaged in sending a massive wave of unsolicited email to their constituents this weekend — barely ten days after unanimously approving the CAN-SPAM Act. Article: "We Hate Spam, Congress Says (Except Ours)."

"They are regulating commercial spam, and at the same time they are using the franking privilege to send unsolicited bulk communications which aren't commercial," David Sorkin, a professor at the John Marshall Law School in Chicago, said. "When we are talking about constituents who haven't opted in, it's spam."

Scam exploits IE URL spoof vulnerability

It was only a matter of time before someone exploited the Internet Explorer URL spoof vulnerability. (As Xeni Jardin points out, Microsoft has yet to issue a fix.) This particular scam involves an email that purports to be from PayPal and includes a link that appears to take the unwary reader to PayPal's web site, where he is asked to "verify" his account information. The users is really taken to http://www.epack.ch/p/verify.htm, which looks like a legitimate PayPal page and which the scammer thoughtfully induced IE to make it look like it is hosted at PayPal.

2003 tech year in review

C|Net has released five year-in-review features, covering open source, utility computing, VoIP, Wi-Fi, and patents. Each one has a summary introduction and links to C|Net articles from the past year. This is a great way to get up to speed for anyone who fell behind in the news.

Year 2003 in cyberlaw

Doug Isenberg, founder of GigaLaw, summarizes the year 2003 in cyberlaw: "Internet law in 2003 was full of surprises, with Congress passing an antispam bill, the courts blessing pop-up advertising, the music industry losing lawsuits and the Supreme Court finally upholding an Internet law." (Via Inter Alia)

Napster Runs for President in '04

Frank Rich wrote a fascinating and entertaining editorial for the New York Times a few days ago ("Napster Runs for President in '04"). Between his attempts to be vogue by dissing the mainstream candidates and media for not "getting" the Howard Dean campaign's various uses of the Internet, Rich makes a few novel points. Among them, that we should view Dean more like FDR and JFK than George McGovern and Barry Goldwater. His conclusion:

Should Dr. Dean actually end up running against President Bush next year, an utterly asymmetrical battle will be joined. The Bush-Cheney machine is a centralized hierarchy reflecting its pre-digital C.E.O. ethos (and the political training of Karl Rove); it is accustomed to broadcasting to voters from on high rather than drawing most of its grass-roots power from what bubbles up from insurgents below.

For all sorts of real-world reasons, stretching from Baghdad to Wall Street, Mr. Bush could squish Dr. Dean like a bug next November. But just as anything can happen in politics, anything can happen on the Internet. The music industry thought tough talk, hard-knuckle litigation and lobbying Congress could stop the forces unleashed by Shawn Fanning, the teenager behind Napster. Today the record business is in meltdown, and more Americans use file-sharing software than voted for Mr. Bush in the last presidential election. The luckiest thing that could happen to the Dean campaign is that its opponents remain oblivious to recent digital history and keep focusing on analog analogies to McGovern and Goldwater instead.

Thanks to Mary Hodder of Napsterization for the heads up.

DC Circuit stumps RIAA

By now the world has heard of the D.C. Circuit decision in RIAA v. Verizon. Previously, the D.C. District Court ruled that Verizon must comply with RIAA's subpoenas, issued under § 512 of the Digital Millennium Copyright Act (DMCA). Those subpoenas are designed to force ISPs to disclose the identities of users whom RIAA suspects of illegally making copyrighted music available for others to download. RIAA can trace users by itself as far as their IP addresses (the sets of numbers that uniquely identifies every computer on the Internet), but it needs the cooperation of ISPs to connect an IP address with an individual's name and address. Once it has that information, it can send a cease & desist letter or file a lawsuit.

Yesterday's Circuit decision reverses the District Court's interpretation of the statute. The appeals court gave the statute an extremely close reading in rendering its decision. The relevant section has a complex sentence structure and many cross references, so it is no wonder that the parties (and two different courts) disagreed as to its meaning. Derek Slater makes a few interesting points, including: "I find it fascinating when opinions contrast in this way — when they see the same issue clearly, unambiguously, but oppositely. [District] Judge Bates, just like [Circuit Judge] Ginsburg, claims to stick to the statute's text and go no further, yet their opinions are night and day."

I think Donna's headline over at Copyfight goes too far: "Verizon Wins Victory for Privacy." I am in Ernest's camp on this one:

The decision is a victory for privacy, but not a victory for privacy as such. The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. […] The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.

The Circuit panel adopted most of Verizon's statutory argument — that § 512(h) authorizes subpoenas only in cases where the plaintiff alleges that the infringing material is stored on media controlled by the ISP. However, when the ISP is a mere conduit for data stored on media controlled by a third party (the ISP's subscriber, in this case), § 512(h) does not permit subpoenas outside of the context of a lawsuit.

This line of reasoning rests on the cross references between § 512(h) and § 512(c). Subsection (h) permits a copyright owner to apply to the Clerk of the court for a subpoena so long as the application contains "a copy of a notification [of claimed copyright infringement, as] described in [§ 512](c)(3)(A)." The relevant language in § 512(c)(3)(A) is: "To be effective under this subsection, a notification of claimed infringement must be a written communication … that includes substantially the following" six elements. The third enumerated element is "(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material." (Emphasis added)

The court agreed with Verizon that this language requires the subpoena application to assert that the ISP has the ability to remove or disable access to the allegedly infringing material. However, most current P2P applications use a decentralized architecture. This means that all shared data is stored on users' computers, not on any central server — except for temporary copies incidental to transmission, which the DMCA permits. Therefore, the ISP has no legal right to remove or disable access to the material shared on the P2P network:

No matter what information the copyright owner may provide [in its subpoena application], the ISP can neither "remove" nor "disable access to" the infringing material because that material is not stored on the ISP's servers. Verizon can not remove or disable one user's access to infringing material resident on another user's computer because Verizon does not control the content on its subscribers' computers.

This holding does have some privacy implications, but they are small compared to Verizon's alternative argument. Having decided this case on statutory grounds, the court ducked the larger First Amendment questions.

So what implications does it have? Dozens of people predict that RIAA will lobby Congress to close what it surely sees as a loophole in the DMCA. Ernest quipped, "[T]he RIAA has nearly hosed itself." The trade group has been trying to consolidate all its DMCA subpoena litigation in Washington, D.C. for administrative convenience. Now, however, it cannot be happy with its "success" in transferring the SBC case to the D.C. District from the Northern District of California in San Francisco — because the Verizon decision is now binding precedent in the nation's capital. This will not stop RIAA from getting users' information, however. It will only make the process slower and more expensive. Instead of paying its lawyers simply to draft subpoena applications, it now has to pay them to draft and file complaints and motions in addition to subpoena applications. These costs will be passed on to consumers in the form of higher average settlements.

John Palfrey sees a broader trend: "Add this development to the Grokster opinion, and the trend of the law in favor of digital rights holders is at least in a holding pattern." The trend may be even broader than Palfrey recognizes — this was a banner week for civil liberties everywhere. (It could, however, be just a blip on the post-9/11 radar screen.) The Dutch supreme court ruled that the makers of Kazaa are not liable under Dutch law for copyright infringement committed by the software's users. A day earlier, the Second Circuit ruled that the U.S. government may not classify Jose Padilla as an enemy combatant — which should assure that his constitutional rights are no longer suspended. Just a few hours later, the Ninth Circuit wrote "that the [Bush] administration's policy of imprisoning about 660 non-citizens on a naval base in Guantanamo Bay, Cuba, without access to U.S. legal protections 'raises the gravest concerns under both American and international law'" (source).

If nothing else, we live in interesting times.

Happy flight day!

Happy flight day! I hope everyone enjoyed the festivities surrounding the centennial of Orville Wright's historic flight. Unfortunately, the weather in Kill Devil Hills did not cooperate with the long-planned reenactment.

CAN-SPAM coauthors respond to criticism

The two coauthors of the CAN-SPAM Act, U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns</