Boing Boing » copyright

Annoying lawsuit for Annoying Orange

Rob Beschizza — Thu, 23 May 2013 02:23:44 +0000

An advertising agency is suing the creators of Cartoon Network's The Annoying Orange, accusing them of ripping off a character, The Talking Orange, that they created for a 2005 public information ad. [Mercury News]

Lawsuit: Warner Brothers a cat meme copycat

Rob Beschizza — Fri, 03 May 2013 13:12:20 +0000

Media companies have dirty hands when it comes to copyright infringement? Timothy B. Lee at Ars:

Warner Brothers is facing a federal lawsuit for using two feline-themed Internet memes in a video game without their creators' permission. The authors of "Keyboard Cat" and "Nyan Cat" have sued the media giant arguing that the game Scribblenauts, published by WB Games, infringes their copyrights and trademarks. The game's developer, 5th Cell, is also named in the lawsuit.

Cellphone unlocking is the first step toward post-SOPA copyright reform

Derek Khanna — Fri, 22 Feb 2013 19:30:32 +0000

Yale Law Fellow with the Information Society Project, columnist and policy expert Derek Khanna authored the controversial House Republican Study Committee memo “Three Myths about Copyright Law.” The memo on copyright reform was praised throughout the tech community as being "brilliant" and a "breath of fresh air." He has spoken at the Consumer Electronics Show as a technology expert and will be speaking at Freedom to Connect and the Conservative Political Action Conference. Derek was referred to as a “rising star” in the party by David Brooks in the New York Times. Mr. Khanna continues to be a major thought leader on technology issues and disruptive innovation

With SOPA, the industry had the money, the lobbyists, and the organization. But we, the digital generation, are the trump card—and we won. Now it’s up to us to make sure that the historic protest was not merely a historical aberration.

When I wrote the copyright report for the House Republican Study Committee, I had no idea the outpouring of support I would receive from the digital generation that I belong to. I wrote it solely to start a conversation amongst our Congressional Members, but instead I have seen it engage thousands of average people. The report was published on November 16, 2012. Two weeks later, on December 7, 2012, I was informed that I would not be retained as a staffer.

Despite the personal consequences, I am not giving up. I'm just getting started, and I'm not scared by a temporary setback. I'm emboldened by it. And I don't think I'm the only one, or that I'm one of a few.

The conversation that the copyright report started is inspirational, in the face of a political establishment (on both sides of the aisle) which often refuses to acknowledge that we are paying attention. It is up to us, the public, to be engaged. If we are not satisfied with our policy-makers and the policies that they enact, we can change the policies by challenging them.

We have the ideas, we have the tools, and we have the organization.

President Obama and the Tea Party show that an energized and engaged citizenry can elect candidates in grassroots movements. And we have seen them stop legislation in its tracks. SOPA’s opposition proved that a united digital movement can stop legislation that is expected to pass despite overwhelming odds, special interest’ cronies, and powerful politicians.

Working on Capitol Hill during SOPA was humbling.

For weeks many of the technology-savvy staffers saw the storm clouds of opposition against SOPA building, but we had no idea how massive or sudden the storm surge would be. Many of us were strongly against what we saw as internet censorship from the beginning, working behind the scenes to try and get our bosses on the right side of the issue. Many of us were brushed aside.

But, on January 18, the effect of the movement was deafening. Voters crashed congressional circuit boards and websites, tweeting and facebooking at Representatives and Senators in record numbers. Most of us had never seen anything like this before, and for many it was an abrupt, sobering reminder of what democracy really is. Members’ sudden, vocal opposition of legislation that they were co-sponsoring was a watershed moment; though I would argue that it was also proof of concept for something even bigger.

SOPA awoke the sleeping giant.

A digital generation is ready to change politics and policies, and they will succeed. They will do this by rallying behind new ideas, coalescing around legislation, and by leading campaigns for passage. The show of force during SOPA was impressive. But getting legislation on the table for consideration requires another level of activism. It's a challenge that we will soon rise to.

Politics is not exclusive to the intellectual, elected, or rich. Politics starts at kitchen tables, water coolers, gyms, bars, and churches. But how does it manifest itself as real change? Put simply: Idea + Movement + Effort = Legislation

I am confident that we can do this, even the special interests expect us to give up. To them, politics is about vested interests, donations and who has the biggest hired guns. Their cronies are counting on us being overwhelmed. They are banking on us fearing failure, on our failing to try in the first place.

I invite you to join us and continue this fight for future battles.

How do we start?

This fight is going to take a generation. It's going to take a movement. But let me suggest, for what it’s worth, a few pointers.

• We cannot continue to stay on the defensive, watching and waiting for the next SOPA. If we slumber, they will sneak provisions into law that do effectively the same or similar things as SOPA. The best defense is a solid offense.

• We should recognize that the next SOPA may not be like the old one. The content industry will likely be smart enough to try to accomplish the same ends through other legal avenues.

• We must analyze existing law. Our current laws are already, in some ways, nearly as bad as SOPA would have been.

• We must recognize that progress will require support from Republicans and Democrats alike, and therefore we need to be strategic in our battle choices.

• While we may have different perspectives and different priorities, we need to focus on areas of common interest where we form a collective whole.

• We should focus upon asymmetrical warfare. We shouldn’t be focused upon the big, fix-everything bill. We are the insurgents—and in the words of the famous Apple commercial, we need to think different.

We need a series of small, and highly strategic, affirmative victories. Such victories are hard to find, but they form the logical progression for a movement. Doing so will fulfill critical goals, each of which are strategic for overall success.

1. This will create an operating and ongoing coalition of post-SOPA actors.
2. It will change the dialogue and framing of the issues.
3. It will highlight the David v. Goliath nature of the fight, and thereby gain mainstream media attention.

Where do we start?

I believe that the first battle is on cellphone unlocking. Making the personal use of this technology illegal was a clear misstep and a major opportunity.

On January 26, 2013, it became illegal to unlock new phones. Unlocking is a technique to alter the settings on your phone to let you use it with compatible cellular networks operated by other carriers. Doing so now could place you in legal liability: up to 5 years in jail and a $500,000 fine. This is a violation of our property rights. It makes you wonder: if you can’t alter the settings on your phone, do you even own it?

This is just one clear example of intellectual property laws run amok: the underlying law was created to protect copyright, but it’s being applied in a situation that no legislator expected when they voted for the bill in 1998. It’s a clear example of crony capitalism, where a few companies asked for the law to be changed to their pecuniary benefit—despite the invasion of our property rights, its impact upon consumers, and its impact upon the overall market. The decision created even higher thresholds to entry for new market participants, which hinders competition and leads to less innovation.

When the Librarian of Congress (who had previously provided exceptions allowing this activity) issued a ruling on this issue on October 28, 2012, Congress refused to act. When that ruling went into effect, months later on January 26, 2013, Congress refused to act. On January 27, 2013, I published an article in the Atlantic, The Most ridiculous law of 2013 (So Far): It is Now a Crime to Unlock Your Smartphone, which brought more attention to this issue and was read by more than a million people. Despite this attention, Congress refused to act. At the time, I called their failure to address this issue a 'dereliction of duty.'

The SOPA generation sparked a White House petition to allow cellphone unlocking and Sina Khanifar and I advocated heavily on this issue over the past three weeks (Sina created the petition). During that time, Public Knowledge’s question on this issue was submitted for President Obama in the Google Plus Hangout. It was one of the most popular questions submitted. Rep. Defazo, Vint Cerf, and the National College Republicans all tweeted in favor of the petition. And yesterday, on February 21, 2013, at around 7:37 AM EST, the 100,000 signature threshold was crossed on the petition, thereby meeting the threshold required for the White House to provide a formal response. (We are currently over 110,000 signatures).

I propose that the post-SOPA protest coalition take this issue on forcefully, and encourage Congress to pass a bill that codifies permanent exemptions to the DMCA.

Dear Congress,
Please remove these items from your DMCA contraband list (both for developing the technology, selling and using the technology):
• Technology for unlocking and jail-breaking (currently allowed for iPhone, not allowed for iPad).
• Adaptability technology for the blind to have e-books aloud (currently subject to triennial review by the Librarian of Congress – it’s legal to use the technology but illegal to develop or sell).
• Technology to back-up our own DVD’s and Blu-Ray discs for personal use (current law makes this illegal and injunctions have even been used to shut down websites discussing this technology).
Signed,
The people

That we should have to petition our own government to remove these items from a “technological blacklist” is a clear example of how bad the problem has gotten—and why we can’t be satisfied with merely waiting for the next SOPA. If we win this battle, it will lay the groundwork for rethinking other parts of how our legal system affect technology, and how it allows crony capitalism to stifle innovation.

If you agree with me that this is the first of many strategic and winnable battles, the window to sign continues until Saturday. This is a milestone that will help start this process.

A Call to Arms

It’s up to us: was the historic protest against SOPA merely a historical aberration, or was it the beginning of a new historical norm? They had all the chips in SOPA: they had the money, they had the lobbyists, and they had the organization. But we are the trump card—the digital generation—and we won.

We're putting those special interests on notice. We are here, and we aren’t backing down. There are millions of Americans who believe that we deserve better from our politicians. For those willing to commence the next key battle on copyright reform, this is our call to arms.

You can follow Derek on Twitter at @Dkhanna11

Photo:REUTERS/Morteza Nikoubazl

Crazy copyright bot threatens those who tweet tiny poem

Rob Beschizza — Thu, 14 Feb 2013 19:09:54 +0000

This has to be some kind of brilliant hoax: a Twitter 'attribution troll' is showering threats on anyone who tweets a popular one-line poem.

On Press Inc., supposedly a division of Knopf Publishing (according to its Twitter profiles), was running a search of its own and issuing tweet after threatening tweet to anyone who dared publish a short (really short -- under 140 characters) poem by reclusive poet, Shaun Shane, without attribution. The entire poem reads as follows: "If only our tongues were made of glass, how much more careful we would be when we speak."

The threats--which have apparently escalated to imaginary police investigations over Amazon reviews, too--are baseless, writes TechDirt's Tim Cushing. Even if a tweet-length poem meets the expressive requirements for copyright protection, experts say it's unlikely to generate a credible lawsuit.

I tried it and it worked like a charm:

No new public domain works for US until 2019

Rob Beschizza — Fri, 11 Jan 2013 00:28:03 +0000

At The Economist, Glenn Fleishman laments the freezing of the public domain in America under relentless entertainment-industry lobbying, even as Europeans enjoy an annual movement of cultural history to it: "While much of the rest of the world may take cheer from mass migration of material to the public domain each year, America has not seen one since the 1970s, nor will it until 2019."

Tracking Oscar screener piracy, the 2013 edition

Xeni Jardin — Thu, 10 Jan 2013 20:01:21 +0000

Since 2003, Waxy.org's Andy Baio has been documenting evidence of pirated/leaked Oscars screeners— in other words, copies of nominated films sent to Academy Awards voters which then make their way on to filesharing networks. The 2013 edition of his spreadsheet is out. He'll post analysis tomorrow. "Most shocking find so far," he tweets, "The Les Misérables screener hasn't leaked online yet. Everyone knows pirates love musicals!"

Dale Chihuly at VMFA, and photography and accessibility of art

Xeni Jardin — Thu, 25 Oct 2012 20:06:59 +0000

My mom used to work at the Virginia Museum of Fine Arts in Richmond, VA. I am in town today visiting, so we took a quick trip to the museum to check out the beautiful new building (completed in 2010), and a current show of the über-famous, über-promoted Dale Chihuly, whom I used to mock as the Thomas Kinkade of glass. You know what? That was unfair. His work is so beautiful when you're surrounded by it up close, and while I'd seen individual works before, I hadn't seen it like this. I get it now.

This show includes work from the eighties through the twenty-teens, and a site-specific "Mille Fiori" installation called Laguna Torcello that is the largest platform installation every assembled by the artist.

I am testing out a new iPhone 5, and shot some pictures to share with everyone on Boing Boing. I'm digging how it handles low-light and high-color-saturation environments, and this is certainly one of them.

Apart from how beautiful the exhibition is, and how beautifully lit and presented everything is, I wanted to share a little conversation we had with one of the guards.

The museum's policy is generally to prohibit all photography, and to create physical boundaries between the public and 3-dimensional works in shows like this.

A guard told us today that Chihuly explicitly demands in his contract that all photography (except flash use) must be allowed, and arranged things so that this work—remember, it's glass, folks!—would be presented naked, not behind guard rails or velvet ropes or barriers of any kind.

It's so accessible that I felt a little nervous, and wondered how inevitable it was that some clumsy visitor would drop a purse or bang into something, shattering hundreds of thousands if not millions of dollars worth of art.

Apart from the guards, however, the only real barrier was an electric sensor in a few places that made an annoying sound when people got too close to one of the works.

Anyway, this attitude of openness and accessibility seemed rare for an artist in that kind of space. It made me respect and appreciate Chihuly in a new way. Yes, of course, people snapshotting and sharing his work serves to promote it further. But not every artist, and not every institution, recognizes this.

The show's great. Check it out if you're in the area before February, 2013. Don't miss the "reeds" in the water garden outside of the café.

Chihuly at the Virginia Museum of Fine Arts. Oct 20, 2012—Feb 10, 2013.

The coming civil war over general purpose computing

Cory Doctorow — Thu, 23 Aug 2012 15:38:53 +0000

The Coming Civil War over General Purpose Computing

By Cory Doctorow

Even if we win the right to own and control our computers, a dilemma remains: what rights do owners owe users?

This talk was delivered at Google in August, and for The Long Now Foundation in July 2012. A transcript of the notes follows.

I gave a talk in late 2011 at 28C3 in Berlin called "The Coming War on General Purpose Computing"

In a nutshell, its hypothesis was this:

• Computers and the Internet are everywhere and the world is increasingly made of them.

• We used to have separate categories of device: washing machines, VCRs, phones, cars, but now we just have computers in different cases. For example, modern cars are computers we put our bodies in and Boeing 747s are flying Solaris boxes, whereas hearing aids and pacemakers are computers we put in our body.

• This means that all of our sociopolitical problems in the future will have a computer inside them, too—and a would-be regulator saying stuff like this:

"Make it so that self-driving cars can't be programmed to drag race"

"Make it so that bioscale 3D printers can't make harmful organisms or restricted compounds"

Which is to say: "Make me a general-purpose computer that runs all programs except for one program that freaks me out."

But there's a problem. We don't know how to make a computer that can run all the programs we can compile except for whichever one pisses off a regulator, or disrupts a business model, or abets a criminal.

The closest approximation we have for such a device is a computer with spyware on it— a computer that, if you do the wrong thing, can intercede and say, "I can't let you do that, Dave."

Such a a computer runs programs designed to be hidden from the owner of the device, and which the owner can't override or kill. In other words: DRM. Digital Rights Managment.

These computers are a bad idea for two significant reasons. First, they won't solve problems. Breaking DRM isn't hard for bad guys. The copyright wars' lesson is that DRM is always broken with near-immediacy.

DRM only works if the "I can't let you do that, Dave" program stays a secret. Once the most sophisticated attackers in the world liberate that secret, it will be available to everyone else, too.

Second, DRM has inherently weak security, which thereby makes overall security weaker.

Certainty about what software is on your computer is fundamental to good computer security, and you can't know if your computer's software is secure unless you know what software it is running.

Designing "I can't let you do that, Dave" into computers creates an enormous security vulnerability: anyone who hijacks that facility can do things to your computer that you can't find out about.

Moreover, once a government thinks it has "solved" a problem with DRM—with all its inherent weaknesses—that creates a perverse incentive to make it illegal to tell people things that might undermine the DRM.

You know, things like how the DRM works. Or "here's a flaw in the DRM which lets an attacker secretly watch through your webcam or listen through your mic."

I've had a lot of feedback from various distinguished computer scientists, technologists, civil libertarians and security researchers after 28C3. Within those fields, there is a widespread consensus that, all other things being equal, computers are more secure and society is better served when owners of computers can control what software runs on them.

Let's examine for a moment what that would mean.

Most computers today are fitted with Trusted Platform Module. This is a secure co-processor mounted on the motherboard. The specification of TPMs are published, and an industry body certifies compliance with those specifications. To the extent that the spec is good (and the industry body is diligent), it's possible to be reasonably certain that you've got a real, functional, TPM in your computer that faithfully implements the spec.

How is the TPM secure? It contains secrets: cryptographic keys. But it's also secure in that it's designed to be tamper-evident. If you try to extract the keys from a TPM, or remove the TPM from a computer and replace it with a gimmicked one, it will be very obvious to the computer's owner.

One threat to TPM is that a crook (or a government, police force or other adversary) might try to compromise your computer — tamper-evidence is what lets you know when your TPM has been fiddled with.

Another TPM threat-model is that a piece of malicious software will infect your computer

Now, once your computer is compromised this way, you could be in great trouble. All of the sensors attached to the computer—mic, camera, accelerometer, fingerprint reader, GPS—might be switched on without your knowledge. Off goes the data to the bad guys.

All the data on your computer (sensitive files, stored passwords and web history)? Off it goes to the bad guys—or erased.

All the keystrokes into your computer—your passwords!—might be logged. All the peripherals attached to your computer—printers, scanners, SCADA controllers, MRI machines, 3D printers— might be covertly operated or subtly altered.

Imagine if those "other peripherals" included cars or avionics. Or your optic nerve, your cochlea, the stumps of your legs.

When your computer boots up, the TPM can ask the bootloader for a signed hash of itself and verify that the signature on the hash comes from a trusted party. Once you trust the bootloader to faithfully perform its duties, you can ask it to check the signatures on the operating system, which, once verified, can check the signatures on the programs that run on it.

Ths ensures that you know which programs are running on your computer—and that any programs running in secret have managed the trick by leveraging a defect in the bootloader, operating system or other components, and not because a new defect has been inserted into your system to create a facility for hiding things from you.

This always reminds me of Descartes: he starts off by saying that he can't tell what's true and what's not true, because he's not sure if he really exists.

He finds a way of proving that he exists, and that he can trust his senses and his faculty for reason.

Having found a tiny nub of stable certainty on which to stand, he builds a scaffold of logic that he affixes to it, until he builds up an entire edifice.

Likewise, a TPM is a nub of stable certainty: if it's there, it can reliably inform you about the code on your computer.

Now, you may find it weird to hear someone like me talking warmly about TPMs. After all, these are the technologies that make it possible to lock down phones, tablets, consoles and even some PCs so that they can't run software of the owner's choosing.

Jailbreaking" usually means finding some way to defeat a TPM or TPM-like technology. So why on earth would I want a TPM in my computer?

As with everything important, the devil is in the details.

Imagine for a moment two different ways of implementing a TPM:

1. Lockdown

Your TPM comes with a set of signing keys it trusts, and unless your bootloader is signed by a TPM-trusted party, you can't run it. Moreover, since the bootloader determines which OS launches, you don't get to control the software in your machine.

2. Certainty

You tell your TPM which signing keys you trust—say, Ubuntu, EFF, ACLU and Wikileaks—and it tells you whether the bootloaders it can find on your disk have been signed by any of those parties. It can faithfully report the signature on any other bootloaders it finds, and it lets you make up your own damn mind about whether you want to trust any or all of the above.

Approximately speaking, these two scenarios correspond to the way that iOS and Android work: iOS only lets you run Apple-approved code; Android lets you tick a box to run any code you want. Critically, however, Android lacks the facility to do some crypto work on the software before boot-time and tell you whether the code you think you're about to run is actually what you're about to run.

It's freedom, but not certainty.

In a world where the computers we're discussing can see and hear you, where we insert our bodies into them, where they are surgically implanted into us, and where they fly our planes and drive our cars, certainty is a big deal.

This is why I like the idea of a TPM, assuming it is implemented in the "certainty" mode and not the "lockdown" mode.

If that's not clear, think of it this way: a "war on general-purpose computing" is what happens when the control freaks in government and industry demand the ability to remotely control your computers

The defenders against that attack are also control freaks—like me—but they happen to believe that device-owners should have control over their computers

Both sides want control, but differ on which side should have control.

Control requires knowledge. If you want to be sure that songs can only moved onto an iPod, but not off of an iPod, the iPod needs to know that the instructions being given to it by the PC (to which it is tethered) are emanating from an Apple-approved iTunes. It needs to know they're not from something that impersonates iTunes in order to get the iPod to give it access to those files.

If you want to be sure that my PVR won't record the watch-once video-on-demand movie that I've just paid for, you need to be able to ensure that the tuner receiving the video will only talk to approved devices whose manufacturers have promised to honor "do-not-record" flags in the programmes.

If I want to be sure that you aren't watching me through my webcam, I need to know what the drivers are and whether they honor the convention that the little green activity light is always switched on when my camera is running.

If I want to be sure that you aren't capturing my passwords through my keyboard, I need to know that the OS isn't lying when it says there aren't any keyloggers on my system.

Whether you want to be free—or want to enslave—you need control. And for that, you need this knowledge.

That's the coming war on general purpose computing. But now I want to investigate what happens if we win it.

We could face a interesting prospect. This I call the coming civil war over general purpose computing.

Let's stipulate that a victory for the "freedom side" in the war on general purpose computing would result in computers that let their owners know what was running on them. Computers would faithfully report the hash and associated signatures for any bootloaders they found, control what was running on computers, and allow their owners to specify who was allowed to sign their bootloaders, operating systems, and so on.

There are two arguments that we can make for this:

1. Human rights

If your world is made of computers, then designing computers to override their owners' decisions has significant human rights implications. Today we worry that the Iranian government might demand import controls on computers, so that only those capable of undetectable surveillance are operable within its borders. Tomorrow we might worry about whether the British government would demand that NHS-funded cochlear implants be designed to block reception of "extremist" language, to log and report it, or both.

2. Property rights

The doctrine of first sale is an important piece of consumer law. It says that once you buy something, it belongs to you, and you should have the freedom to do anything you want with it, even if that hurts the vendor's income. Opponents of DRM like the slogan, "You bought it, you own it."

Property rights are an incredibly powerful argument. This goes double in America, where strong property rights enforcement is seen as the foundation of all social remedies.

This goes triple for Silicon Valley, where you can't swing a cat without hitting a libertarian who believes that the major — or only — legitimate function of a state is to enforce property rights and contracts around them.

Which is to say that if you want to win a nerd fight, property rights are a powerful weapon to have in your arsenal. And not just nerd fights!

That's why copyfighters are so touchy about the term "Intellectual Property". This synthetic, ideologically-loaded term was popularized in the 1970s as a replacement for "regulatory monopolies" or "creators' monopolies" — because it's a lot easier to get Congress to help you police your property than it is to get them to help enforce your monopoly.

Here is where the civil war part comes in.

Human rights and property rights both demand that computers not be designed for remote control by governments, corporations, or other outside institutions. Both ensure that owners be allowed to specify what software they're going to run. To freely choose the nub of certainty from which they will suspend the scaffold of their computer's security.

Remember that security is relative: you are secured from attacks on your ability to freely use your music if you can control your computing environment. This, however, erodes the music industry's own security to charge you some kind of rent, on a use-by-use basis, for your purchased music.

If you get to choose the nub from which the scaffold will dangle, you get control and the power to secure yourself against attackers. If the the government, the RIAA or Monsanto chooses the nub, they get control and the power to secure themselves against you.

In this dilemma, we know what side we fall on. We agree that at the very least, owners should be allowed to know and control their computers.

But what about users?

Users of computers don't always have the same interests as the owners of computers— and, increasingly, we will be users of computers that we don't own.

Where you come down on conflicts between owners and users is going to be one of the most meaningful ideological questions in technology's history. There's no easy answer that I know about for guiding these decisions.

Let's start with a total pro-owner position: "property maximalism".

• If it's my computer, I should have the absolute right to dictate the terms of use to anyone who wants to use it. If you don't like it, find someone else's computer to use.

How would that work in practice? Through some combination of an initialization routine, tamper evidence, law, and physical control. For example, when you turn on your computer for the first time, you initialize a good secret password, possibly signed by your private key.

Without that key, no-one is allowed to change the list of trusted parties from which your computer's TPM will accept bootloaders. We could make it illegal to subvert this system for the purpose of booting an operating system that the device's owner has not approved. Such as law would make spyware really illegal, even moreso than now, and would also ban the secret installation of DRM.

We could design the TPM so that if you remove it, or tamper with it, it's really obvious — give it a fragile housing, for example, which is hard to replace after the time of manufacture, so it's really obvious to a computer's owner that someone has modified the device, possibly putting it in an unknown and untrustworthy state. We could even put a lock on the case.

I can see a lot of benefits to this, but there downsides, too.

Consider self-driving cars. There's a lot of these around already, of course, designed by Google and others. It's easy to understand, how, on the one hand, self-driving cars are an incredibly great development. We are terrible drivers, and cars kill the shit out of us. It's the number 1 cause of death in America for people aged 5-34.

I've been hit by a car. I've cracked up a car. I'm willing to stipulate that humans have no business driving at all.

It's also easy to understand how we might be nervous about people being able to homebrew their own car firmware. On one hand, we'd want the source to cars to be open because we'd want to subject it to wide scrutiny. On the other hand, it will be plausible to say, "Cars are safer if they use a locked bootloader that only trusts government-certified firmware".

And now we're back to whether you get to decide what your computer is doing.

But there are two problems with this solution:

First, it won't work. As the copyright wars have shown up, firmware locks aren't very effective against dedicated attackers. People who want to spread mayhem with custom firmware will be able to just that.

What's more, it's not a good security approach: if vehicular security models depend on all the other vehicles being well-behaved and the unexpected never arising, we are dead meat.

Self-driving cars must be conservative in their approach to their own conduct, and liberal in their expectations of others' conduct.

This is the same advice you get in your first day of driver's ed, and it remains good advice even if the car is driving itself.

Second, it invites some pretty sticky parallels. Remember the "information superhighway"?

Say we try to secure our physical roads by demanding that the state (or a state-like entity) gets to certify the firmware of the devices that cruise its lanes. How would we articulate a policy addressing the devices on our (equally vital) metaphorical roads—with comparable firmware locks for PCs, phones, tablets, and other devices?

After all, the general-purpose network means that MRIs, space-ships, and air-traffic control systems share the "information superhighway" with game consoles, Arduino-linked fart machines, and dodgy voyeur cams sold by spammers from the Pearl River Delta.

And consider avionics and power-station automation.

This is a much trickier one. If the FAA mandates a certain firmware for 747s, it's probably going to want those 747s designed so that it and it alone controls the signing keys for their bootloaders. Likewise, the Nuclear Regulatory Commission will want the final say on the firmware for the reactor piles.

This may be a problem for the same reason that a ban on modifying car firmware is: it establishes the idea that a good way to solve problems is to let "the authorities" control your software.

But it may be that airplanes and nukes are already so regulated that an additional layer of regulation wouldn't leak out into other areas of daily life — nukes and planes are subject to an extraordinary amount of no-notice inspection and reporting requirements that are unique to their industries.

Second, there's a bigger problem with "owner controls": what about people who use computers, but don't own them?

This is not a group of people that the IT industry has a lot of sympathy for, on the whole.

An enormous amount of energy has been devoted to stopping non-owning users from inadvertently breaking the computers they are using, downloading menu-bars, typing random crap they find on the Internet into the terminal, inserting malware-infected USB sticks, installing plugins or untrustworthy certificates, or punching holes in the network perimeter.

Energy is also spent stopping users from doing deliberately bad things, too. They install keyloggers and spyware to ensnare future users, misappropriate secrets, snoop on network traffic, break their machines and disable the firewalls.

There's a symmetry here. DRM and its cousins are deployed by people who believe you can't and shouldn't be trusted to set policy on the computer you own. Likewise, IT systems are deployed by computer owners who believe that computer users can't be trusted to set policy on the computers they use.

As a former sysadmin and CIO, I'm not going to pretend that users aren't a challenge. But there are good reasons to treat users as having rights to set policy on computers they don't own.

Let's start with the business case.

When we demand freedom for owners, we do so for lots of reasons, but an important one is that computer programmers can't anticipate all the contingencies that their code might run up against — that when the computer says yes, you might need to still say no.

This is the idea that owners possess local situational awareness that can't be perfectly captured by a series of nested if/then statements.

It's also where communist and libertarianis principles converge:

• Friedrich Hayek thought that expertise was a diffuse thing, and that you were more likely to find the situational awareness necessary for good decisionmaking very close to the decision itself — devolution gives better results that centralization.

• Karl Marx believed in the legitimacy of workers' claims over their working environment, saying that the contribution of labor was just as important as the contibution of capital, and demanded that workers be treated as the rightful "owners" of their workplace, with the power to set policy.

For totally opposite reasons, they both believed that the people at the coalface should be given as much power as possible.

The death of mainframes was attended by an awful lot of concern over users and what they might do to the enterprise. In those days, users were even more constrained than they are today. They could only see the screens the mainframe let them see, and only undertake the operations the mainframe let them undertake.

When the PC and Visicalc and Lotus 1-2-3 appeared, employees risked termination by bringing those machines into the office— or by taking home office data to use with those machines.

Workers developed computing needs that couldn't be met within the constraints set by the firm and its IT department, and didn't think that the legitimacy of their needs would be recognized.

The standard responses would involve some combination of the following:

• Our regulatory compliance prohibits the thing that will help you do your job better.

• If you do your job that way, we won't know if your results are correct.

• You only think you want to do that.

• It is impossible to make a computer do what you want it to do.

• Corporate policy prohibits this.

These may be true. But often they aren't, and even when they are, they're the kind of "truths" that we give bright young geeks millions of dollars in venture capital to falsify—even as middle-aged admin assistants get written up by HR for trying to do the same thing.

The personal computer arrived in the enterprise by the back door, over the objections of IT, without the knowledge of management, at the risk of censure and termination. Then it made the companies that fought it billions. Trillions.

Giving workers powerful, flexible tools was good for firms because people are generally smart and want to do their jobs well. They know stuff their bosses don't know.

So, as an owner, you don't want the devices you buy to be locked, because you might want to do something the designer didn't anticipate.

And employees don't want the devices they use all day locked, because they might want to do something useful that the IT dept didn't anticipate.

This is the soul of Hayekism — we're smarter at the edge than we are in the middle.

The business world pays a lot of lip service to Hayek's 1940s ideas about free markets. But when it comes to freedom within the companies they run, they're stuck a good 50 years earlier, mired in the ideology of Frederick Winslow Taylor and his "scientific management". In this way of seeing things, workers are just an unreliable type of machine whose movements and actions should be scripted by an all-knowing management consultant, who would work with the equally-wise company bosses to determine the one true way to do your job. It's about as "scientific" as trepanation or Myers-Briggs personality tests; it's the ideology that let Toyota cream Detroit's big three.

So, letting enterprise users do the stuff they think will allow them to make more money for their companies will sometimes make their companies more money.

That's the business case for user rights. It's a good one, but really I just wanted to get it out of the way so that I could get down to the real meat: Human rights.

This may seem a little weird on its face, but bear with me.

Earlier this year, I saw a talk by Hugh Herr, Director of the Biomechatronics group at The MIT Media Lab. Herr's talks are electrifying. He starts out with a bunch of slides of cool prostheses: Legs and feet, hands and arms, and even a device that uses focused magnetism to suppress activity in the brains of people with severe, untreatable depression, to amazing effect.

Then he shows this slide of him climbing a mountain. He's buff, he's clinging to the rock like a gecko. And he doesn't have any legs: just these cool mountain climbing prostheses. Herr looks at the audience from where he's standing, and he says, "Oh yeah, didn't I mention it? I don't have any legs, I lost them to frostbite."

He rolls up his trouser legs to show off these amazing robotic gams, and proceeds to run up and down the stage like a mountain goat.

The first question anyone asked was, "How much did they cost?"

He named a sum that would buy you a nice brownstone in central Manhattan or a terraced Victorian in zone one in London.

The second question asked was, "Well, who will be able to afford these?

To which Herr answered "Everyone. If you have to choose between a 40-year mortgage on a house and a 40-year mortgage on legs, you're going to choose legs"

So it's easy to consider the possibility that there are going to be people — potentially a lot of people — who are "users" of computers that they don't own, and where those computers are part of their bodies.

Mmost of the tech world understands why you, as the owner of your cochlear implants, should be legally allowed to choose the firmware for them. After all, when you own a device that is surgically implanted in your skull, it makes a lot of sense that you have the freedom to change software vendors.

Maybe the company that made your implant has the very best signal processing algorithm right now, but if a competitor patents a superior algorithm next year, should you be doomed to inferior hearing for the rest of your life?

And what if the company that made your ears went bankrupt? What if sloppy or sneaky code let bad guys do bad things to your hearing?

These problems can only be overcome by the unambiguous right to change the software, even if the company that made your implants is still a going concern.

That will help owners. But what about users?

Consider some of the following scenarios:

• You are a minor child and your deeply religious parents pay for your cochlear implants, and ask for the software that makes it impossible for you to hear blasphemy.

• You are broke, and a commercial company wants to sell you ad-supported implants that listen in on your conversations and insert "discussions about the brands you love".

• Your government is willing to install cochlear implants, but they will archive everything you hear and review it without your knowledge or consent.

Far-fetched? The Canadian border agency was just forced to abandon a plan to fill the nation's airports with hidden high-sensitivity mics that were intended to record everyone's conversations.

Will the Iranian government, or Chinese government, take advantage of this if they get the chance?

Speaking of Iran and China, there are plenty of human rights activists who believe that boot-locking is the start of a human rights disaster. It's no secret that high-tech companies have been happy to build "lawful intercept" back-doors into their equipment to allow for warrantless, secret access to communications. As these backdoors are now standard, the capability is still there even if your country doesn't want it.

In Greece, there is no legal requirement for lawful intercept on telcoms equipment.

During the 2004/5 Olympic bidding process, an unknown person or agency switched on the dormant capability, harvested an unknown quantity of private communications from the highest level, and switched it off again

Surveillance in the middle of the network is nowhere near as interesting as surveillance at the edge. As the ghosts of Messrs Hayek and Marx will tell you, there's a lot of interesting stuff happening at the coal-face that never makes it back to the central office.

Even "democratic" governments know this. That's why the Bavarian government was illegally installing the "bundestrojan" — literally, state-trojan — on peoples' computers, gaining access to their files and keystrokes and much else besides. So it's a safe bet that the totalitarian governments will happily take advantage of boot-locking and move the surveillance right into the box.

You may not import a computer into Iran unless you limit its trust-model so that it only boots up operating systems with lawful intercept backdoors built into it.

Now, with an owner-controls model, the first person to use a machine gets to initialize the list of trusted keys and then lock it with a secret or other authorization token. What this means is that the state customs authority must initialize each machine before it passes into the country.

Maybe you'll be able to do something to override the trust model. But by design, such a system will be heavily tamper-evident, meaning that a secret policeman or informant can tell at a glance whether you've locked the state out of your computer. And it's not just repressive states, of course, who will be interested in this.

Remember that there are four major customers for the existing censorware/spyware/lockware industry: repressive governments, large corporations, schools, and paranoid parents.

The technical needs of helicopter mums, school systems and enterprises are convergent with those of the governments of Syria and China. They may not share ideological ends, but they have awfully similar technical means to those ends.

We are very forgiving of these institutions as they pursue their ends; you can do almost anything if you're protecting shareholders or children.

For example, remember the widespread indignation, from all sides, when it was revealed that some companies were requiring prospective employees to hand over their Facebook login credentials as a condition of employment?

These employers argued that they needed to review your lists of friends, and what you said to them in private, before determining whether you were suitable for employment.

Facebook checks are the workplace urine test of the 21st century. They're a means of ensuring that your private life doesn't have any unsavoury secrets lurking in it, secrets that might compromise your work.

The nation didn't buy this. From senate hearings to newspaper editorials, the country rose up against the practice.

But no one seems to mind that many employers routinely insert their own intermediate keys into their employees' devices — phones, tablets and computers. This allows them to spy on your Internet traffic, even when it is "secure", with a lock showing in the browser.

It gives your employer access to any sensitive site you access on the job, from your union's message board to your bank to Gmail to your HMO or doctor's private patient repository. And, of course, to everything on your Facebook page.

There's wide consensus that this is OK, because the laptop, phone and tablet your employer issues to you are not your property. They are company property.

And yet, the reason employers give us these mobile devices is because there is no longer any meaningful distinction between work and home.

Corporate sociologists who study the way that we use our devices find time and again that employees are not capable of maintaining strict divisions between "work" and "personal" accounts and devices.

America is the land of the 55-hour work-week, a country where few professionals take any meaningful vacation time, and when they do get away for a day or two, take their work-issued devices with them.

Even in traditional workplaces, we recognized human rights. We don't put cameras in the toilets to curtail employee theft. If your spouse came by the office on your lunch break and the two of you went into the parking lot so that she or he could tell you that the doctor says the cancer is terminal, you'd be aghast and furious to discover that your employer had been spying on you with a hidden mic.

But if you used your company laptop to access Facebook on your lunchbreak, wherein your spouse conveys to you that the cancer is terminal, you're supposed to be OK with the fact that your employer has been running a man-in-the-middle attack on your machine and now knows the most intimate details of your life.

There are plenty of instances in which rich and powerful people — not just workers and children and prisoners — will be users instead of owners.

Every car-rental agency would love to be able to lo-jack the cars they rent to you; remember, an automobile is just a computer you put your body into. They'd love to log all the places you drive to for "marketing" purposes and analytics.

There's money to be made in finagling the firmware on the rental-car's GPS to ensure that your routes always take you past certain billboards or fast-food restaurants.

But in general, the poorer and younger you are, the more likely you are to be a tenant farmer in some feudal lord's computational lands. The poorer and younger you are, the more likely it'll be that your legs will cease to walk if you get behind on payments.

What this means is that any thug who buys your debts from a payday lender could literally — and legally — threaten to take your legs (or eyes, or ears, or arms, or insulin, or pacemaker) away if you failed to come up with the next installment.

Earlier, I discussed how an owner override would work. It would involve some combination of physical access-control and tamper-evidence, designed to give owners of computers the power to know and control what bootloader and OS was running on their machine.

How would a user-override work? An effective user-override would have to leave the underlying computer intact, so that when the owner took it back, she could be sure that it was in the state she believed it to be in. In other words, we need to protect users from owners and owners from users.

Here's one model for that:

Imagine that there is a bootloader that can reliably and accurately report on the kernels and OSes it finds on the drive. This is the prerequisite for state/corporate-controlled systems, owner-controlled systems, and user-controlled systems.

Now, give the bootloader the power to suspend any running OS to disk, encrypting all its threads and parking them, and the power to select another OS from the network or an external drive.

Say I walk into an Internet cafe, and there's an OS running that I can verify. It has a lawful interception back-door for the police, storing all my keystrokes, files and screens in an encrypted blob which the state can decrypt.

I'm an attorney, doctor, corporate executive, or merely a human who doesn't like the idea of his private stuff being available to anyone who is friends with a dirty cop.

So, at this point, I give the three-finger salute with the F-keys. This drops the computer into a minimal bootloader shell, one that invites me to give the net-address of an alternative OS, or to insert my own thumb-drive and boot into an operating system there instead.

The cafe owner's OS is parked and I can't see inside it. But the bootloader can assure me that it is dormant and not spying on me as my OS fires up. When it's done, all my working files are trashed, and the minimal bootloader confirms it.

This keeps the computer's owner from spying on me, and keeps me from leaving malware on the computer to attack its owner.

There will be technological means of subverting this, but there is a world of difference between starting from a design spec that aims to protect users from owners (and vice-versa) than one that says that users must always be vulnerable to owners' dictates.

Fundamentally, this is the difference between freedom and openness — between free software and open source.

Now, human rights and property rights often come into conflict with one another. For example, landlords aren't allowed to enter your home without adequate notice. In many places, hotels can't throw you out if you overstay your reservation, provided that you pay the rack-rate for the rooms — that's why you often see these posted on the back of the room-door

Reposession of leased goods — cars, for example — are limited by procedures that require notice and the opportunity to rebut claims of delinquent payments.

When these laws are "streamlined" to make them easier for property holders, we often see human rights abuses. Consider robo-signing eviction mills, which used fraudulent declarations to evict homeowners who were up to date on their mortgages—and even some who didn't have mortgages.

The potential for abuse in a world made of computers is much greater: your car drives itself to the repo yard. Your high-rise apartment building switches off its elevators and climate systems, stranding thousands of people until a disputed license payment is settled.

Sounds fanciful? This has already happened with multi-level parking garages.

Back in 2006, a 314-car Robotic Parking model RPS1000 garage in Hoboken, New Jersey, took all the cars in its guts hostage, locking down the software until the garage's owners paid a licensing bill that they disputed.

They had to pay it, even as they maintained that they didn't owe anything. What the hell else were they going to do?

And what will

you

do when your dispute with a vendor means that you go blind, or deaf, or lose the ability to walk, or become suicidally depressed?

The negotiating leverage that accrues to owners over users is total and terrifying.

Users will be strongly incentivized to settle quickly, rather than face the dreadful penalties that could be visited on them in the event of dispute. And when the owner of the device is the state or a state-sized corporate actor, the potential for human rights abuses skyrockets.

This is not to say that owner override is an unmitigated evil. Think of smart meters that can override your thermostat at peak loads.

Such meters allow us to switch off coal and other dirty power sources that can be varied up at peak times.

But they work best if users — homeowners who have allowed the power-company to install a smart-meter — can't override the meters. What happens when griefers, crooks, or governments trying to quell popular rebellion use this to turn heat off during a hundred year storm? Or to crank heat to maximum during a heat-wave?

The HVAC in your house can hold the power of life and death over you — do we really want it designed to allow remote parties to do stuff with it even if you disagree?

The question is simple. Once we create a design norm of devices that users can't override, how far will that creep?

Especially risky would be the use of owner override to offer payday loan-style services to vulnerable people: Can't afford artificial eyes for your kids? We'll subsidize them if you let us redirect their focus to sponsored toys and sugar-snacks at the store.

Foreclosing on owner override, however, has its own downside. It probably means that there will be poor people who will not be offered some technology at all.

If I can lo-jack your legs, I can lease them to you with the confidence of my power to repo them if you default on payments. If I can't, I may not lease you legs unless you've got a lot of money to begin with.

But if your legs can decide to walk to the repo-depot without your consent, you will be totally screwed the day that muggers, rapists, griefers or the secret police figure out how to hijack that facility.

It gets even more complicated, too, because you are the "user" of many systems in the most transitory ways: subway turnstiles, elevators, the blood-pressure cuff at the doctor's office, public buses or airplanes. It's going to be hard to figure out how to create "user overrides" that aren't nonsensical. We can start, though, by saying a "user" is someone who is the

sole

user of a device for a certain amount of time.

This isn't a problem I know how to solve. Unlike the War on General Purpose Computers, the Civil War over them presents a series of conundra without (to me) any obvious solutions.

These problems are a way off, and they only arise if we win the war over general purpose computing first

But come victory day, when we start planning the constitutional congress for a world where regulating computers is acknowledged as the wrong way to solve problems, let's not paper over the division between property rights and human rights.

This is the sort of division that, while it festers, puts the most vulnerable people in our society in harm's way. Agreeing to disagree on this one isn't good enough. We need to start thinking now about the principles we'll apply when the day comes.

If we don't start now, it'll be too late.

Video: Google. Photos: Cory Doctorow. Layout: Rob Beschizza

Electronics Arts files lawsuit against Zynga

Rob Beschizza — Sat, 04 Aug 2012 02:19:40 +0000

There are plenty of boots out there trying to squish this bug, but Electronic Arts' are the biggest yet. What was that Aliens vs. Predator tagline again? [NYT]

Charles Carreon drops lawsuit against The Oatmeal

Rob Beschizza — Wed, 04 Jul 2012 02:27:50 +0000

The EFF reports that Charles Carreon has withdrawn his mad lawsuit against Matthew Inman, creator of The Oatmeal.

Attorney Charles Carreon dropped his bizarre lawsuit against The Oatmeal creator Matthew Inman today, ending his strange legal campaign against Inman's humorous and creative public criticism of a frivolous cease and desist letter that Carreon wrote on behalf of his client Funny Junk.

To recap briefly: website FunnyJunk hosted many unauthorized copies of Inman's work. Inman mocked it. FunnyJunk threatened to sue him for mocking it. Inman mocked it again and established a wildly successful charity drive to lampoon FunnyJunk and fight cancer. Carreon soiled his legal drawers and dragged Inman, the charities, anonymous critics, and the entire Internet's attention into a demented knot of litigation. Now this. What will the new dawn bring?

Update: Charles Carreon: "Mission accomplished"

EU: software licenses may be sold by consumers

Rob Beschizza — Wed, 04 Jul 2012 02:14:58 +0000

The European Union's Court of Justice ruled today that software licenses may be resold.

By its judgment delivered today, the Court explains that the principle of exhaustion of the distribution right applies not only where the copyright holder markets copies of his software on a material medium (CD-ROM or DVD) but also where he distributes them by means of downloads from his website. Where the copyright holder makes available to his customer a copy – tangible or intangible – and at the same time concludes, in return form payment of a fee, a licence agreement granting the customer the right to use that copy for an unlimited period, that rightholder sells the copy to the customer and thus exhausts his exclusive distribution right.

The case concerned Oracle, which sued UsedSoft, a German company which bought and resold "used" software licenses which provided access to software downloads.

Political cartoonist angry

Rob Beschizza — Tue, 03 Jul 2012 04:08:39 +0000

Cartoonist Donna Barstow often broaches political themes.

Paging Charles Carreon! Someone on the internet wants money from mocking critics, but may need a hand with the legal not-so-niceties.

Slate cartoonist Donna Barstow railed on Monday at online forum Something Awful, whose denizens often repost her work and subject it to withering ridicule. Though one of many artists to find their work attacked online, Barstow is fighting back, demanding payment and accusing the site of copyright infringement.

"Something Awful is the most vile, hateful, racist, stealing, illegal site ever," Barstow wrote on Twitter in a message directed at John Hendren, one of the site's writers. "Shame on you."

When twitterers suggested that embedding and criticizing her panels constitutes fair use--a common defense against claims of copyright infringement--Barstow said that their treatment of her work was nothing of the sort.

"You steal my cartoons (read definition of Fair Use - NOT on SA) and ignore my takedown & DMCA notices. That's evil," she wrote.

To bolster her case, Barstow evoked the Federal Trade Commission, the U.S. Copyright Office and the Digital Millenium Copyright Act, and cited today's story in the LA Times describing how Twitter gets 80 percent of requests for user information from U.S.-based police forces.

"Are you talking about people posting them on the forums and making fun of them?" responded Something Awful's David Thorpe. "I think you might be confused about the internet"

"I think you're confused about money," came Barstow's retort. "Can I send an invoice your way?"

Something Awful hosts lengthy threads discussing strip cartoons, most of them embedded from image-hosting service Imgur. One thread discussing Barstow's work is here.

Monday's exchange only triggered a torrent of further criticism--much of it impolite--directed at her work. Singled out was a strip about "wishy washy" men of uncertain sexuality, jibes at Muslims' and Mexicans' expense, and an insensitive remark about Japan's 2011 tsunami and nuclear disaster.

Barstow's cartoons have appeared in The New Yorker, L.A. Times and Sunday Parade as well as Slate. She is also the author of What Do Women Really Want? Chocolate!, a collection of cartoons about confectionary. In the late 2000s, she branched out into political cartoons, drawing the attention of Something Awful's diverse army of artists, writers, fans, flatterers and trolls. She also maintains a blog, Why I did it.

It's not the first time Barstow has threatened critics who reproduce her single-panel cartoons. In 2009, she emailed the ISP of Alas, a Blog in an effort to have two posts accusing her of racism (1, 2) taken down. Renee Martin of Womanist Musing, who criticized the "Mexico" strip reproduced above and described Barstow as a "racist pearl clutcher", removed it at her request the same year. Pandagon, Volcanista, The Faithful Penguin, Kick and Radgeek all accused Barstow of racism over the same strip—and all were sent takedown demands.

The fight is a bizarre inversion of another ongoing cartoonist-vs-aggregator dust-up. In 2011, comic artist Matthew Inman (of The Oatmeal fame) expressed frustration at website FunnyJunk's prolific rehosting of his strips. In that case, however, FunnyJunk ultimately demanded money from him, for what it described as defamation. Inman, for his part, fought not with legal threats, but cleverly-aimed snark and a spectacularly successful charity campaign.

FunnyJunk's lawyer, Charles Carreon, subsequently launched his own lawsuit against Inman.

Miami Heat owner sues blogger over photo

Rob Beschizza — Tue, 26 Jun 2012 13:07:35 +0000

Miami Heat stakeholder Ranaan Katz is suing a blogger over an "unflattering" photo published online, reports Tim Elfrink in The Miami New Times. In the lawsuit, Katz claims copyright violation; coincidentally, the blogger—who has not removed the photo at his site—is a noted critic of Katz. Katz's lawyer, Todd Levine, even threatened the New Times in a Streisand-tastic effort to prevent it running a story about his lawsuit. [New Times via GigaOm]

Tetris: mere ruleset or copyrighted expression?

Rob Beschizza — Mon, 25 Jun 2012 14:10:16 +0000

What makes Tetris Tetris? The mobile app explosion threw gasoline on the game's already-numbing history of copyright battles. At Ars Technica, Kyle Orland takes a look at the Tetris Company's endless efforts to kill them. These efforts hinge on a seemingly straightforward question: is Tetris simple enough to be defined by a set of rules (to which copyright cannot apply) or does it qualify as protected expression?

Google lawyer on Oracle victory: "People are treating patents like lottery tickets"

Rob Beschizza — Mon, 04 Jun 2012 12:03:59 +0000

Google defeated Oracle's claims regarding Java in the Android operating system. But at what cost? Google's general council writes: "The case illustrates the cost when the patent system doesn't work well. It costs millions of dollars to invalidate bad patents. That's money we'd rather spend on great new products for people to use." [Ars Technica]

TOM THE DANCING BUG: "Revenge of the God," In Which The Avengers Must Face Their Creator!!

Ruben Bolling — Wed, 09 May 2012 16:20:29 +0000

Support Tom the Dancing Bug and receive BENEFITS and PRIVILEGES by joining the INNER HIVE right now!

"I used to spend 20 dollars a year on TOM THE DANCING BUG collections… Happy to support him and pass the word." -Neil Gaiman, Inner Hive member since last week

Kitteh©

Rob Beschizza — Tue, 01 May 2012 13:28:52 +0000

Alexis Madrigal and BuzzFeed's Jonah Peretti discuss the copyright issues surrounding cute animal pictures: "Users of [other] sites surface photos that in some cases have been shared around the Internet for a decade. In those cases, even if BuzzFeed editors try to track down the creator, which Peretti assures me they do, they probably won't find whoever uploaded the photo of every obese cat." [The Atlantic]

Zazzle removes mug for hypothetical copyright infringement

Rob Beschizza — Thu, 12 Apr 2012 16:04:44 +0000

Instapaper creator Marco Arment used Zazzle to sell a mug. The mug was emblazoned with a fictional Amazon/Appstore-style review lampooning foolish, entitled users. Zazzle removed it because the "design contains an image or text that may be subject to copyright", and cancelled more than 100 outstanding orders. [Marco] Update: Reinstated!

Studios: embedding YouTubes makes you guilty of infringement

Rob Beschizza — Wed, 11 Apr 2012 13:09:33 +0000

Timothy B. Lee at Ars: "the MPAA ... urged the Seventh Circuit not to draw a legal distinction between hosting content and embedding it. In the MPAA's view, both actions should carry the risk of liability for direct copyright infringement."

Infringe-a-licious Tokyo tee: best Star Wars shirt ever?

Xeni Jardin — Fri, 06 Apr 2012 02:03:16 +0000

Writer and comics creator Brian Michael Bendis (Twitter) is in Tokyo, and tweeted a series of infringment-spotting snapshots today. The Stormtrooper/Star Wars shirt he found and photographed, above, makes me weep with desire.

Boing Boing's Beschizza talks Megaupload, ACTA, and torrent justice on RT TV

Xeni Jardin — Fri, 24 Feb 2012 00:05:34 +0000

[Video Link]

Boing Boing's managing editor Rob, not Bob, but Rob, Beschizza speaks on the Russian television news network RT about Megaupload, ACTA, the global copyfight wars, and the high-flying hijinks of Kim Dotcom.

TOM THE DANCING BUG: God-Man, in "Copyright or CopyWRONG!"

Ruben Bolling — Wed, 01 Feb 2012 16:50:11 +0000

WE INVITE you to visit the TOM THE DANCING BUG WEBSITE, and ENCOURAGE you to follow RUBEN BOLLING on the TWITTER.

Kim Dotcom, allegedly

Rob Beschizza — Thu, 26 Jan 2012 20:14:19 +0000

This splendid work, by Aurich Lawson, is a perfect aperitif for Sean Gallagher's wonderful article about the ridiculous but astoundingly successful con artist, Quake cheat and entrepreneur Kim Dotcom.

The President's challenge: What more does government want — or deserve — from the tech world?

Nat Torkington — Tue, 24 Jan 2012 06:16:19 +0000

There's an old joke. Heavy rains start and a neighbour pulls up in his truck. "Hey Bob, I'm leaving for high ground. Want a lift?" Bob says, "No, I'm putting my faith in God." Well, waters rise and pretty soon the bottom floor of his house is under water. Bob looks out the second story window as a boat comes by and offers him a lift. "No, I'm putting my faith in God." The rain intensifies and floodwaters rise and Bob's forced onto the roof. A helicopter comes, lowers a line, and Bob yells "No, I'm putting my faith in God."

Well, Bob drowns. He goes to Heaven and finally gets to meet God. "God, what was that about? I prayed and put my faith in you, and I drowned!"

God says, "I sent you a truck, a boat, and a helicopter! What the hell more did you want from me?"

As SOPA looked shakier, the President handed a challenge to the technical community:

"Washington needs to hear your best ideas about how to clamp down on rogue Web sites and other criminals who make money off the creative efforts of American artists and rights holders," reads Saturday's statement. "We should all be committed to working with all interested constituencies to develop new legal tools to protect global intellectual property rights without jeopardizing the openness of the Internet. Our hope is that you will bring enthusiasm and know-how to this important challenge."

All I can think is: we gave you the Internet. We gave you the Web. We gave you MP3 and MP4. We gave you e-commerce, micropayments, PayPal, Netflix, iTunes, Amazon, the iPad, the iPhone, the laptop, 3G, wifi--hell, you can even get online while you're on an AIRPLANE. What the hell more do you want from us?

Take the truck, the boat, the helicopter, that we've sent you. Don't wait for the time machine, because we're never going to invent something that returns you to 1965 when copying was hard and you could treat the customer's convenience with contempt.

Republished with permission from O'Reilly Radar

New Righthaven offers hosting service "with a spine"

Rob Beschizza — Mon, 23 Jan 2012 21:40:58 +0000

After snatching a notorious copyright troll's name at auction, a Swiss company is turning Righthaven.com into a web hosting service. The intended customers? Publishers worried about the kind of abusive legal threats spewed out by the domain's previous owner.

"The Swiss courts don't play games and registrars here cannot be scared," said Stefan Thalberg of Ort Cloud, an ISP based in Zürich. "Frivolous plaintiffs will find little comfort here."

With hosting in Switzerland and planned in Iceland, the new Righthaven promises "infrajuridsictional infrastructure" — in other words, uptime that would require international co-operation to bring down.

The announcement comes days after a fight over anti-piracy bills in Congress, described by opponents as a threat to free speech, culminated in websites shutting down in protest.

Through a partnership with U.S.-based first amendment lawyers Marc Randazza and Kenneth White, the new Righthaven says it will be able to vigorously defend itself in American courtrooms--and protect its clients from those who abuse laws such as the DMCA to stifle criticism.

Randazza was a frequent critic of the old Righthaven, fighting it in court and hastening its demise.

"Because most hosting providers deal with thin margins, and because legislation in the United States and elsewhere has made it cheaper to ignominiously freeze, cancel or boot clients rather than stand up for the legitimate fair-use of otherwise protected content, it is difficult if not impossible to find hosting providers willing to protect their clients from frivolous or overly aggressive take-down tactics," the new Righthaven says at its website.

On its official blog, it also sets out to name and shame competitors it sees as "jellyfish". An official account, @righthavened is live at Twitter.

OrtCloud is a Swiss internet service provider that focuses on financial and scientific companies. Its homepage advertises the "privacy-friendly, regulatory-havens of Iceland and the Swiss cantons of Zürich and Zug" beneath a photograph of the Swiss National Bank.

A recent report published by the Swiss government ruled against controls on file-sharing, and went as far as to desribe other countries' copyright enforcement regimes as repressive.

The new Righthaven insists, however, that it isn't in it to help people break the law: "There'll be no piracy, no torrent hosting." Thalberg said.

Given the established client list, it may be no surprise that Thalberg also said that it would not be in a position to act as a whistleblowing service, a la Wikileaks: "We focus on hosting expression that has traditionally been subjected to frivolous legal threats based on its content."

They will, however, accept adult content providers, which will be evaluated on a case-by-case basis "with an eye to being as inclusive as possible."

The original Righthaven, based in Las Vegas, tried to make a business out of licensing the "right to sue" from copyright holders, then demanding settlements from websites who had published even small excerpts of content. The business failed after courts took a dim view of the business model's legality and the specifics of some lawsuits.

One of Righthaven's most notorious strategies was to demand that victims hand over their own domain names in order to avoid lawsuits.

"The poetic justice, the karma ... it's wonderful," Thalberg said, adding that they intended to dedicate "significant resources" to abuse management and legal support.

After Righthaven's collapse, assets such as the domain name were auctioned off to raise money to pay creditors. Thalberg snapped it up for just $3,300, expecting a much higher price tag.

At first, only the updated "whois" info and a mysterious splash page offered clues as to the new owner's intent. The site partially uncloaked for last week's internet black-out, publishing a a satirical letter to Hollywood lobbyist Chris Dodd, assailing the former U.S. Senator with remarks amusingly-obscured by censorship bars.

The new site went live Monday with a FAQ that often reads like a manifesto:

"The daunting threat of meritless civil litigation creates the sort of chilling effect that would probably be flagrantly unconstitutional if attempted directly by the United States Government," the site states. "From a distance it almost looks as if a number of big-media lobbyists have root-kitted the United States constitution."

British admin for download links database may be first extradited to US for copyright charges

Xeni Jardin — Sat, 14 Jan 2012 06:54:35 +0000

No British citizen has ever been extradited to the United States for a copyright offense. But Richard O'Dwyer, the 23-year-old college student who ran TV Shack, may become the first.

As I understand it, the charges aren't that his (very popular) site actually hosted the copyrighted content, but that it served as a directory of links to other servers online where those downloads could be found.

Torrentfreak has more on the legal battle. The lawyer for accused hacker Gary McKinnon, whom the US would also like to extradite for prosecution, is representing O'Dwyer. They lost their first round in the extradition case today, and have 14 days to appeal.

Here is a copy of Friday's ruling (PDF).

In this BBC video of a press briefing outside of court today, a reporter asks O'Dwyer if he believes he's done anything wrong by linking people to sites where there is infringing content. "I think you should ask Google the same question," he replies. "[They're doing what I'm doing] on a much grander scale."

I admire his taste in t-shirts to wear to one's day in court.

If you visit any of the domains previously used to host TV Shack, you'll see the US Government notice above, which gives way after a click to this cheesy PSA.

Update: Boing Boing reader Keith Irwin has a great comment in the thread below, with an astute point I neglected to make in the original post:

[T]his sets a terrible precedent. If a UK citizen can be extradited to the US because of the content of their web pages hosted in the UK, why wouldn't US citizens be able to be extradited to Thailand on charges of disrespecting the king or to China for undermining the government by being critical of it? To even press this case at all shows either a fundamental undervaluing of the freedom of speech of everyone, including US citizens, or, more likely, a belief in the most fundamental of American hypocrisies: the idea that the rules that the US applies to the rest of the world shouldn't be applied to the US.

New Yorker on new Pirate Bay religion, the Missionary Church of Kopimism

Xeni Jardin — Thu, 12 Jan 2012 20:18:35 +0000

Cory blogged earlier about the Missionary Church of Kopimism, Sweden’s newest registered religion. Now there's a feature about it in the New Yorker, by Rollo Romig:

The Missionary Church of Kopimism picks up where Piratbyrån left off: it has taken the values of Swedish Pirate movement and codified them into a religion. They call their central sacrament “kopyacting,” wherein believers copy information in communion with each other, most always online, and especially via file-sharing. Ibi Botani’s kopimi mark—a stylized “k” inside a pyramid—is their religious symbol, as are CTRL+C and CTRL+V. Where Christian clergy might sign a letter “yours in Christ,” Kopimists write, “Copy and seed.” They have no god.
“We see the world as built on copies,” Gerson told me. “We often talk about originality; we don’t believe there’s any such thing. It’s certainly that way with life—most parts of the world, from DNA to manufacturing, are built by copying.” The highest form of worship, he said, is the remix: “You use other people’s works to make something better.”

THE FIRST CHURCH OF PIRATE BAY (New Yorker)

Righthaven domain sells for $3300

Rob Beschizza — Fri, 06 Jan 2012 22:41:10 +0000

After a few days on the block, copyright troll Righthaven's domain name sold for $3,300 this afternoon. The funds go to creditors of the bankrupt firm, which tried -- and failed -- to build a business shaking down websites that excerpted content from its clients' publications.

We almost bought it just so we could redirect it at humorously-chosen sites, but it got a bit too racy for us around the $2k mark. The whois currently remains the law firm that seized it; if you won it, get in touch!

Previously: Righthaven in its death throes, domain going up for auction

Universal: artists didn't give consent to appear in Megaupload video

Rob Beschizza — Tue, 13 Dec 2011 15:10:05 +0000

UMG claims that several artists appearing in Megaupload's music video did not give their consent. The video, in which famous singers praise the file storage site, was removed from YouTube after Universal issued DMCA takedown notices to the service. In response, Megaupload sued the company, claiming that it fraudulently abused the DMCA to delete content that it does not own. [GigaOm] (Previously.)

Bratz copyright lawsuit tossed

Rob Beschizza — Tue, 13 Dec 2011 06:00:04 +0000

You can't copyright an idea, even if the idea is grotesquely disproportionate images of young women.

A court recently dismissed a lawsuit filed by Brooklyn photographer Bernard Belair against the company behind the Bratz dolls, despite its admission that the toy's design was directly inspired by his work.

"Although the Bratz dolls may indeed bring to mind the image that Belair created, Belair cannot monopolize the abstract concept of an absurdly large-headed, long limbed, attractive, fashionable woman," Judge Shira A. Scheindlin wrote. "He has a copyright over the expressions of that idea as they are specifically articulated ... but he may not prevent others from expressing the same idea in their different ways."

Belair registered his design, depicting the physically-distorted women, in the late 1990s. It appeared in an ad for Steve Madden shoes placed in the August, 1999 edition of Seventeen magazine. Carter Bryant, creator of the Bratz characters, included the advertisement in an inspiration pack given to sculptor Margaret Leahy. According the the court opinion, Leahy "hung the image on her wall by her workspace and used it to help her create the initial Bratz sculpt."

The court agreed that there were substantial similarities between the ad and the prototype Bratz, but it also counted various differences, and noted that by the time the designs were finalized, they no longer contained elements specific to the original.

"In the context of toys, and particularly toys that replicate human or quasi-human forms, differences in physical features, clothing, and accoutrements matter," Scheindlin wrote. "... It is undisputed that MGA was aware of the Steve Madden look and sought to capitalize on it. But that is not enough to justify a finding of infringement. Stirring one’s memory of a copyrighted character is not the same as appearing to be substantially similar to that character, and only the latter is infringement.”

The lawsuit, filed in 2009, isn't MGA Entertainment's first rodeo. It was sued in 2004 by Bryant's former employer, Mattel, which initially won control over the toy line only to lose a retrial in spectacular fashion, being ordered to pay MGA $300m in damages and costs. Mattel has filed a notice to appeal.

Press release [PR Newswire]
Bratz Copied, But Didn't Infringe [Property, intangible]
Belair v. MGA entertainment [Lexology]