Friday, June 25, 2004

The NYT has picked up on some of the problems with the INDUCE act.
The INDUCE (Inducement Devolves into Unlawful Child Exploitation) act has had a change of name. It is now to be called the Inducing Infringement of Copyrights Act of 2004. Ernest Miller made his own notes on Senator Hatch's justifications for the bill. Extract (Ernest's comments are in brackets bold and italics):

"A secondary-liability rule that punishes only control also punishes consumers: It encourages designers to avoid “control” by shifting risks onto consumers. [Whereas laws that punish control AND intent punish consumers by eliminating types of software many consumers use quite legitimately. It also punishes consumers by taxing innovation and turning technology development over to Hollywood. Another, less drastic solution would be for the government to sponsor a consumer education program, like those "no smoking" ads. Heck, why should government do it? If Hollywood is so concerned with the consumers, let them pay for an education campaign.] For example, Napster incurred billion-dollar liability because it controlled computers housing a search index that located infringing files. Programs like Kazaa avoid Napster’s “control” by moving their search indices onto computers owned by unsuspecting consumers. [Unsuspecting consumers or willful infringers? Which is it, Senator? If the consumers are unsuspecting, shouldn't we be considering a law absolving them of liability as well?] ...

...But a fallacy lurks here: The “direct infringers” at issue are not the traditional targets for copyright enforcement. [Why is "direct infringers" in quotes? Are they direct infringers or not?] In fact, they are children [Will someone please think of the children?] and consumers: They are the hundreds of millions [Hundreds of millions. That is an awful lot of "direct infringers." Certainly a higher estimate of infringers than I have seen before.] of Americans – toddlers to seniors – who use and enjoy the creative works that copyrights have helped create. [Indeed. Perhaps Hatch should pass a law immunizing children and consumers from infringement lawsuits if he is so concerned.]...

...Worse yet, artists must sue their fans for the sin of misusing devices designed to be easy and tempting to misuse. [Yeah, that IM is just totally too tempting. Oh, wait, Hatch is talking about P2P, as he ... well, he actually never defines it.] That is unfair: When inducement is the disease, infringement can be seen as just a symptom. [You're not guilty of infringement - you're just sick. "Hi, I'm Ernest, and I'm an infringer." "Hi, Ernest!"] Yet artists must ignore inducers who profit by chanting, “Hey, kids, infringement is cool, and we will help you get away with it.” [Well, if they are chanting ... oh, wait, the only one chanting is in Palestine, outside of Hatch's reach. The FTC says the ones in the US give adequate warning of the risks.] Instead, artists can only sue kids [Will someone please think of the children?] who succumb to this temptation. They must leave Fagin to his work – and sue Oliver Twist. [The difference being, however, that Fagin has specific knowledge of the specific individuals he is sending out to commit specific crimes. Slightly different case, don't you think?]

Brilliant. I laughed out loud at: You're not guilty of infringement - you're just sick. "Hi, I'm Ernest, and I'm an infringer." "Hi, Ernest!".

With bipartisan support this thing actually has a serious chance of making it into law. The EFF have composed a hypothetical complaint against Apple based on the proposed Act (previously known as INDUCE).

"Apple's iPod music player seemed particularly vulnerable to attack. Any major record label could bring a strong lawsuit against Apple for "intentionally inducing" infringement under this new law with the iPod, both because it's plausible to argue that having an iPod enhances the lure of using P2P to download music (gotta fill all that space!) and because all the major record labels still believe that private sharing of songs from your CDs with friends is copyright infringement. We still disagree with the labels on these points, but the reality is that no court has yet convinced them that their legal theories are flawed. We also threw in Toshiba for making the iPod's hard drive and CNET for showing people how to move the iPod's music files.

Under the Supreme Court's ruling in Sony v. Universal (the Betamax VCR case), devices like the iPod and CD burners are legal as long as they have legal uses—what the Court called "substantial non-infringing uses." This has been the rule in the technology sector for the last 20 years. Billions of dollars and thousands of jobs have depended on it. Industries have blossomed under it. And any case brought against Apple or HP or Dell would be immediately dismissed because of it.

Now Senator Hatch and his allies want to tear down that rule and substitute a new one with the Induce Act. With it, the fact that a device or product has legal uses, even lots of them, is irrelevant. Filing a lawsuit under the Induce Act is like dropping a litigation bomb on any company that gives users products that have even the slightest potential to assist in copyright infringement. Technology companies will avoid being innovative, and investors will avoid supporting new technologies for fear of being sued out of existence based on the possible conduct of their customers. If this bill had been law in 1984, there would be no VCR. If this bill had been law in 1995, there would be no CD burners. If this bill had been law in 2000, there would be no iPod. If this bill becomes law in 2004, we may lose those devices and many more that we haven't even begun to imagine."

Thursday, June 24, 2004

It seems that the number of airlines and travel companies sharing passenger information with the Transportation Security Administration (TSA) for testing of the passenger screening program CAPPS II was more than was originally thought.

The EU parliament might like to throw that into the mix of their ECJ case against the Commission and Council of Ministers on the agreement to share EU passenger data with the US? No? Never mind. We saw how lively EU democracy is on software patents. Why should a little matter like handing over personal details of EU citizens to a foreign government (albeit a friendly one in this instance) give rise for concern? Well from my perspective the reason would be just to demonstrate a remote semblance of respectability of the institutions of the EU and their ability to answer basic questions related to the new constitution and its gaurantee of the charter of fundamental rights. Of course the agreement was concluded before the constitution (which, of course, may well fall apart depending on the results of national referenda). But even without the constitution the EU theoretically offers fundamental gaurantees on privacy which in the past have led to the brink of a trade war with the US, on the issue of how US companies would be required to handle data about European citizens flowing into the US.

In March 2000, after nearly two years of negotiations, the EU and the US reached a tentative agreement on the processing of personal data. The EU Data Protection Directive (Article 25) requires that personal data shall not be transferred to a country outside the EU unless that country "ensures an adequate level of protection." The Directive theoretically guarantees a high standard of personal data privacy for EU citizens. The US was considered by the EU to lack an adequate level of protection.

The negotiators were reportedly trying to work out a way for US companies to meet EU standards of privacy. The Europeans agreed to the Americans' proposed "safe harbour." US companies would sign up to this safe harbour by agreeing to follow certain restrictions on how they processed personal data. They would register with the US Department of Commerce and there would be "adequate enforcement" of the restrictions the companies agreed to. The US Commerce Secretary, William Daley, described the agreement as a "carefully constructed and well-implemented system of self-regulation" which could protect privacy rights.

Critics at the time accused the European negotiators of caving in, since self regulation by industry was what they were trying to avoid. Many EU nation states had not implemented the directive at the time of the negotiations, however. The US therefore had a legitimate complaint - how could they be expected to accept data flow restrictions required by EU law but not yet appropriately implemented there? The European Commission, at the time, was in the process of suing Germany, France, the Netherlands, Ireland and Luxembourg in the European court over their failure to implement the directive.

Critics of the agreement on transfer of passenger data have criticised Commissioner Bolkstein, not of caving in, but of deceit and underhand deals with the US in dark smoky rooms. On this occasion, I can understand the critics' point of view.

Wednesday, June 23, 2004

Spiked have a positive review of Dr Mike Fitzpatrick's new book, MMR and Autism: What parents need to know.
Clay Shirky on DNA, P2P, and Privacy. In the privacy debate about ubiquitous centralised databases,

"Databases have two key weaknesses...The first is that they deal badly with ambiguity, and generally have to issue a unique number, sometimes called a primary key, to every entity they store information on. The US Social Security number is a primary key that points to you,...second weakness: since each database maintains its own set of primary keys, creating interoperability between different databases is difficult and expensive, and generally requires significant advance coordination...

Privacy advocates have relied on these weaknesses in creating legal encumbrances to issuing and sharing primary keys. They believe, rightly, that widely shared primary keys pose a danger to privacy. (The recent case of Princeton using its high school applicants' Social Security numbers to log in to the Yale admittance database highlights these dangers.) The current worst-case scenario is a single universal database in which all records -- federal, state, and local, public and private -- would be unified with a single set of primary keys.

New technology brings new challenges however, and in the database world the new challenge is not a single unified database, but rather decentralized interoperability, interoperability brought about by a single universally used ID. The ID is DNA. The interoperability comes from the curious and unique advantages DNA has as a primary key. And the effect will put privacy advocates in a position analogous to that of the RIAA, forcing them to switch from fighting the creation of a single central database to fighting a decentralized and interoperable system of peer-to-peer information storage."
Microsoft are suing, for defamation, the Brazilian government official promoting open source software use in the public services, Sergio Amadeu. His alleged crime is that he was too nasty when criticising Microsoft because they had

" a ‘drug-dealer practice’ for offering the operational system Windows to some governments and cities for digital inclusion programs. ‘This is a trojan horse, a form of securing critical mass to continue constraining the country’.”
David Blunkett, UK Home Secretary, is the "Judicial equivalent of a football hooligan" according to Simon Jenkins in the Times.
The Washington Post had an article about RFID tags yesterday. It's the usual stuff about the potential of RFIDs to improve business and the worries of privacy advicates. But the thing that jumped out at me as an absolute classic misunderstanding was this:

'"If you know quickly who is in the area, you can customize their experience," said Paul McKeown, who heads IBM's global smart-card efforts. McKeown said he was inspired by an experience his mother had in her small town in England, where for years she was banking at the same branch and one day wasn't recognized and was challenged by a new teller.'

If ever there were folk "who didn't get it" about technology, it is people with this kind of attitude. The whole point about the small town where the banking staff knew and cared about the customers was that people were put in touch with and cared about people. No amount of technology facilitating a "customised experience" can bridge the unmeasurable qualitative difference between treating a person as a person and treating them as a customised number to be processed in accordance with the instructions on the employee's screen.

As Cory said in his DRM speech at Microsoft, "New media don't succeed because they're like the old media, only better: they succeed because they're worse than the old media at the stuff the old media is good at, and better at the stuff the old media are bad at." I'd like to offer an extension to this - new methods and technologies do not succeed because they are like people only better, they suceed because they are worse than people at the stuff people are good at (caring) and better at the stuff people are bad at (rapidly processing and moving around billions of bits). Try not to get confused about that. It's important.

The thing that makes my own organisation, the Open University, so unique and special was that we put people in touch with people. We recognised, 35 years ago, that the way for open and distance university education to work for students with no prior qualifications was to put good people (vast numbers in the OU) in touch with good people with unrecognised potential (our students) and that we could be all-inclusive. We've had well over a million graduates since then, many of whom would never have had the opportunity to take a university degree.

The thing that makes the Internet so special is that it puts people in touch with people. Sure it is a bottomless sink of information and a useful communications infrastructure for commerce but the key is that it is a many to many communcations medium putting people in touch with people.

I'll stop there lest I be accused of becoming too evangelistic...

Tuesday, June 22, 2004

It seems as if the Dutch parliament may consider revoking its support for the EU software patent directive because the Dutch minister responsible for agreeing to the directive in the Council of Ministers and for educating the parliament on the matter, Mr Brinkhorst, er ever so slightly misled them, or should I say "misinformed" them. He suggested in a letter to the Dutch parliament in advance of the vote in the Council of Ministers that there was "agreement" between the EU Parliament and the Commission on the issue, when the two were basically at loggerheads.

I won't suggest that Mr Brinkhorst lied as it would not be appropriate especially since there is a good bet that many of his contemporaries around the EU were equally "informative" with regard to educating their national parliaments on the matter.

The transcript of the discussions in the council of ministers makes interesting reading, if only for those seriously enmeshed in the ethics and politics of sw patents but the final part of this democratic discussion is a classic case of the Irish (IE)chairwoman pushing for the rubber stamping of the business at hand, regardless of the substance of the business.

"IE: And Denmark? Can I hear from Denmark please?
Denmark: I would really like to ask the commission why they couldn't accept the last sentence put forward by the Italians. It was in the original German proposal.
(19:13) IE: I think the Commissioner already answered that question, I'm sorry Denmark. So are you yes, no, abstain?
DK: I think we wouldn't, we're not hap...
IE: Can I assume you're a "yes"?
DK: We're not happy
IE: But are you 80% happy?
DK: But... I think we...
IE: We don't need you you to be totally happy. None of us are totally happy.
DK: I know that, I know that.
IE: If we were, we wouldn't be here
DK: I think we're not very happy, but I think we would, we would...
IE: Thank you very much
DK: ... we would like to see a solution today.
IE: Thank you very much, Denmark.
(19:45) IE: Spain, are you abstention or no?
ES: Sorry, no.
IE: Thank you Spain, Austria?
AT: Abstention.
(20:03) IE: Well, Ladies and Gentlemen, I'm happy to say that we have a qualified majority, so thank you all very very much indeed, and thank you to commissioner Bolkestein.
IE: France... The vote is over France, no more ... for France please
FR: I didn't want to cause confusion. I'm so happy that we've managed to reach this result thanks to your hard work and that of the Commission. I just wanted to say that I'd like to propose a declaration using the words I used in my first statement. A declaration appended to the Council minutes.
(21:04) IE: Yes, thank you France, it's fine."

Democracy in action. I particularly like the "We don't need you you to be totally happy. None of us are totally happy." I'm almost relieved that the Irish presidency of the EU is coming to an end.
Siva's Response to a Senate Staffer on the p2p question,

"I have too much to say about p2p. And my opinions are beyond the pro and con simplifications that get laid out in newspapers...

...Copyright is by design a leaky regulatory system. If the leaks are too big, copyright fails to generate incentives. If they are too small, copyright fails to allow for democratic creativity and sharing -- the essence of culture. So managing leaks is important. But freaking out about them is counterproductive. So far, the content industries have been better at freaking than managing. And we are all worse off because of that...

...The best way to approach this issue is through serious and sincere ethical deliberation. That means avoiding harsh moralizing, threats of criminal or civil action, and blunt technological moves that will only create more problems and ill-will. The goal should be flourishing democratic culture and creativity. It should not be the artificial support of poorly run media companies. Nor should it be the unfettered proliferation of machines and code for the sake of more machines and code. We must be modest and patient -- an unpopular stance in this age of extremes."

Beautifully put.
Rather an obscure case relating to the 4th and 5th amendments to the US constitution was decided by the Supreme Court yesterday.

It about someone having a row in a truck with his daughter, who was stopped by the police (who had been tipped off about the row) and refusing to give his name to the officer who requested it. He was prosecuted and fined $250. Technically what was under scrutiny was the man's right not to incriminate himself (5th) and his right to be free of unreasonable search and seizure (4th). Plus, presumably his right to remain silent. The court decided 5-4 against the man's assertion of his right to remain silent in the circumstances.

Michael Froomkin briefly looks at the technicalities. Apparently it's quite a narrowly tailored decision which need not necessarily have wider implications than the specific case (though Froomkin suggests it might be a slippery slope).

Under a 1968 Supreme Court decision police are allowed to hold someone briefly (called a "Terry stop" after the case) in order to obtain more information, which seems fair enough. The thing that interested me about this particular case, though, is not the specific technicalities but the question of latent ambiguity. Presumably the justices in 1968 had an idea in their heads about the kind of information that an officer could find out about an individual during a brief detention. It would be fairly limited e.g. any parking tickets, was the vehicle stolen, did he match a suspect's description, was someone of that name wanted etc. 36 years on, however, with vasts amounts of information on everybody collected in public and private and networked databases makes the kind of information it is possible to find out about an individual, in a short space of time, qualitatively of a completely different order.

Should not the modern day justices be exploring the boundaries of the information it should be possible to find out? The decision doesn't affect us directly this side of the Atlantic and it would seem on the surface that there are no technological questions at issue in the case but this is a pretty clear example, imho, of where technology has changed things to such a degree that the questions it raises are not solved by a narrow mechanical application of existing laws (whether or not that mechanical application itself would/could provide grounds for dispute).

EPIC have a webpage devoted to the case.

Monday, June 21, 2004

Some folks have added some links into Cory Doctorow's DRM talk to Microsoft researchers. Just a sample of what can be done to improve public domain work and facilitate open source learning and free flow of information.
Steven Wu at Lawmeme has been at a convention on the constitution and thinking of the use of software for gerrymandering, discussed by one panel.

"Almost every panelist at one point mentioned a piece of software that has become popular in state legislatures: Caliper's Maptitude for Redistricting, which the website advertises as:

'a special edition of Caliper Corporation's Maptitude GIS for Windows that includes everything you need to build and analyze redistricting plans. As you assign area features to a district, the district boundaries are redrawn and selected attributes are automatically summarized to reflect the district's characteristics.'

Basically, as one of the panelists put it today, Maptitude allows you to do just about anything you want with a redistricting plan, once you plug in the demographic data. You want districts that are as evenly balanced politically/racially/genderly as possible? How about a lot of majority-minority districts? How about districts that will protect incumbents, by filling them with people of the incumbents' political party? Whatever your preferences, Maptitude can generate the appropriate redistricting lines in half an hour or less."

...An unseen part of the evoting story that not too many people have been registering.