Boing Boing 

Why you can go to jail for 5 years for unlocking your cellphone

Nick Gillespie of Reason says: "We have an interview with Derek Khanna, the guy who got bounced from the Republican Study Committee last fall for publishing (with full approval by his boss) a memo critical of current copyright law and one of the folks pushing a White House petition to allow users to legally unlock their cell phones."

"Who owns your phone at the end of the day?" asks Derek Khanna, a visiting fellow at Yale Law and former staff member at the Republican Study Committee.

Last fall, Khanna earned notoriety - and a pink slip - for a public memo urging GOP members of Congress to rethink their stance on copyright law.

More recently, in a column for The Atlantic, Khanna blasted a new ruling that criminalizes the unlocking of cellphones under the Digital Millenium Copyright Act (DMCA). Unlocking the phone simply means that a person could use a phone designed for one carrier on another carrier, assuming they had switched his plan. In addition to civil penalties, breaking this law could land you in prison for up to five years and force you to pay a fine of up to $500,000.

"In 1998 a poorly written statute, the DMCA, was passed and it prohibited a wide swath of commonly used technology in the name of defending copyright," Khanna explains. "If this is allowed to stand, then the answer is you don't own your phone."

A White House petition to change the law recently reached the 100,000 signature threshold, which means the Obama administration will have to give an opinion on the matter.

Khanna sat down with Reason's Nick Gillespie to discuss the unlocking your cellphone, the flaws in the DMCA, and why he was fired from the Republican Study Committee after writing a paper condemning current copyright law.

Should You Go to Jail for Unlocking Your Phone?

What the ban on unlocking phones means (worse than you think)

You will have heard that the US Copyright Office has lifted the temporary ruling under which you were allowed to unlock your phone. EFF explains in detail what this ruling means (it's not what you think -- and in some ways, it's worse):

First, the good news. The legal shield for jailbreaking and rooting your phone remains up - it'll protect us at least through 2015. The shield for unlocking your phone is down, but carriers probably aren't going to start suing customers en masse, RIAA-style. And the Copyright Office's decision, contrary to what some sensational headlines have said, doesn't necessarily make unlocking illegal.

Unlocking is in a legal grey area under the DMCA. The law was supposed to protect creative works, but it's often been misused by electronics makers to block competition and kill markets for used goods. The courts have pushed back, ruling that the DMCA doesn't protect digital locks that keep digital devices from talking to each other when creative work isn't involved. And no creative work is involved here: Wireless carriers aren't worried about "piracy" of the software on their phones, they're worried about people reselling subsidized phones at a profit. So if the matter ever reached a court, it might well decide that the DMCA does not forbid unlocking a phone.

Now, the bad news. While we don’t expect mass lawsuits anytime soon, the threat still looms. More likely, wireless carriers, or even federal prosecutors, will be emboldened to sue not individuals, but rather businesses that unlock and resell phones. If a court rules in favor of the carriers, penalties can be stiff - up to $2,500 per unlocked phone in a civil suit, and $500,000 or five years in prison in a criminal case where the unlocking is done for "commercial advantage." And this could happen even for phones that are no longer under contract. So we're really not free to do as we want with devices that we own.

All that said, if you were convicted, the maximum penalty under the law for unlocking your phone is now greater than the maximum penalty for turning it into an IED.

Is It Illegal To Unlock a Phone? The Situation is Better - and Worse - Than You Think

How Victoria's Secret censored a burgeoning anti-rape social media campaign

The Electronic Frontier Foundation's Alison Dame-Boyle has a good post on Victoria's Secret bad-tempered attempt to censor a campaign by the feminist group FORCE: Upsetting Rape Culture, which parodied the "Sure Thing" and "Unwrap Me" underwear that Victoria's Secret sells to high-school students with its PINK line, replacing the slogans with phrases like "Ask First" and "Respect."

Victoria's Secret used takedown notices to get FORCE's web-host to shut down its site, to get Twitter to yank the FORCE's @LoveConsent account, shutting down the dialogue about consent and rape just as it was gaining momentum. It's a sobering reminder of the power of copyright takedown rules to be used to censor political speech, and of the fragility of free speech in an era where the entertainment industry has lobbied successfully for laws that allow censorship without a court order.

Though nothing was down for long—the site was only down briefly as FORCE moved to a different hosting provider and the Twitter account was back up by Friday, December 7—even the brief downtime hurt the campaign. FORCE had purposefully launched PINK Loves CONSENT immediately prior to the fashion show to capitalize on the publicity surrounding the event, which attracted nearly 10 million viewers. During the show, tweets about body acceptance and the importance of normalizing a culture of enthusiastic consent made #loveconsent the number one hashtag associated with #victoriassecret. The Facebook page was similarly inundated. FORCE was able to use Victoria’s Secret’s popularity to raise awareness and generate discussion about rape culture on an unprecedented level. When its Twitter account and subsequently its websites were taken down, that discussion was interrupted at a vital time.

These takedowns highlight, once again, the weakest link problem that plagues Internet speech. Individuals and organizations rely on service providers to help them communicate with the world (YouTube, Facebook, Twitter, etc.). A copyright complaint to an intermediary generally triggers a virtually automatic takedown, because the intermediary has a strong interest in complying with the Digital Millenium Copyright Act (DMCA) and preserving its safe harbor from copyright liability. A trademark complaint directed to one of those providers can also mean a fast and easy takedown given that those service providers usually don’t have the resources and/or the inclination to investigate trademark infringement claims. Moreover, because there is no counter-notice procedure, the targets of an improper trademark takedown have no easy way to get their content back up.

I See London, I See France: Victoria's Secret Parody Campaign Fights Takedowns

Potentially useful regulatory distinctions

Some useful distinctions, I think:

* Regulating using a gun
* Regulating carrying a gun
* Regulating owning a gun
* Regulating parts of guns
* Regulating tools that can be used to make guns
* Regulating the information necessary to make guns
* Regulating the information necessary to make tools that can be used to make guns

Bonus distinction:

* Substantial noninfringing use
* Substantial non-horrific use

Google's daily Transparency Report data-dump includes all DMCA requests

Fred von Lohmann, Legal Director at Google, has published a blog-post explaining the company's new practice of publishing data and reports on the number of takedown requests they get. It's all about helping policy makers understand whether the censorship provisions in the Digital Millennium Copyright Act are doing their job:

Starting today, anyone interested in studying the data can download all the data shown for copyright removals in the Transparency Report. The data will be updated every day.

We are also providing information about how often we remove search results that link to allegedly infringing material. Specifically, we are disclosing how many URLs we removed for each request and specified website, the overall removal rate for each request and the specific URLs we did not act on. Between December 2011 and November 2012, we removed 97.5% of all URLs specified in copyright removal requests.

As policymakers evaluate how effective copyright laws are, they need to consider the collateral impact copyright regulation has on the flow of information online. When we launched the copyright removals feature, we received more than 250,000 requests per week. That number has increased tenfold in just six months to more than 2.5 million requests per week today. While we’re now receiving and processing more requests more quickly than ever (on average, within approximately six hours), we still do our best to catch errors or abuse so we don’t mistakenly disable access to non-infringing material.

More data about copyright removals in Transparency Report (via Copyfight)

Major studios send legal threats to Google demanding removal of links to their own Facebook pages and more

One things the movie studios say in copyright takedown discussions is that they're very careful when they send legal threats to Google demanding removal of links to pirated copies of their work. I mean, maybe some little guys out there play fast and loose, but the Big Five? They're grownups, man.

Then, this happened:

On behalf of Lionsgate a DMCA notice was sent to Google, asking the search engine to remove links to infringing copies of the movie “Cabin in the Woods”. The notice in question only lists two dozen URLs, but still manages to include perfectly legal copies of the film on Amazon, iTunes, Blockbuster and Xfinity.

20th Century Fox sent in a DMCA notice to protect the movie “Prometheus”. However, as collateral damage it also took down a link to a legal copy on Verizon on demand, the collection of the Prometheus Watch Company, and a Huffington Post article.

And what about a DMCA takedown request for the Wikipedia entry of “Family Guy” that is supposedly infringing?

Perhaps even more crazy is another request sent on behalf of 20th Century Fox for “How I Met Your Mother”. The DMCA notice lists a CBS URL as the official source of the copyrighted material, but the same URL later appears in the list of infringing links.

There's lots more. For example, BBC Films sent Google a notice demanding removal of links to its own Facebook page.

Movie Studios Ask Google To Censor Their Own Films, Facebook and Wikipedia [TorrentFreak]

Harry Fox Agency claims copyright on Strauss

Stephanie sez, "Somtow Sucharitkul, a notable director, was informed that posting footage of himself, conducting Strauss' Radetzky March was a violation of Harry Fox's supposed copyright on that piece. That 164-year-old piece: 'Perhaps HFA controls the rights to a modern arrangement of this piece, such as a school band version or something, but this is no modern adaptation. It's the original, and Johann Strauss Sr's copyright expired a century ago. Do let me know if I can be of assistance (for instance, I could perhaps get the Austrian Embassy to produce a copy of Strauss's death certificate?)'"

Somtow is also a notable sf writer, who's written under both SP Somtow and Somtow Sucharitkul. Met him once at a Worldcon. Nice guy. Good writer. Talented polymath. World-class snarker!

I sent them this email

Pearson's takedown notice over a quote from a 1974 textbook shuts down 1.45 million edublogs

EduBlogs, a service that hosts 1.45 million educational blogs, had all 1.45 million of them taken offline for 12 hours because their $70K/year hosting company, ServerBeach, pitched a wobbly after receiving a takedown notice from Pearson Publishing. Pearson was upset over a five-year-old blog post where a teacher had quoted 279 words out of an article written in 1974. They sent the takedown notice to their host. EduBlogs deleted the post, but it was still present in their database, so ServerBeach punished them by removing 1.45 million peoples' sites.

Now, like I said, the list only runs to 20 questions, sub 300 words, and I think is a pretty important and useful resource for teachers to share with their students.

But clearly Pearson isn’t making enough money already, and intends to, rather that let this 38-year old work be shared, discussed, used, even in a way that might save some people’s lives, on the internet.

Instead it wants a regular teacher to handover $120 for it.

Here’s another idea Pearson, maybe one that you could take from Edublogs, howabout you let this tiny useful list be freely available, and then you sell your study materials / textbooks and other material around that… maybe use Creative Commons Non Commercial Attribution license or similar to make sure you get some links and business.

Or at the very least contact us directly about it.

Rather than being assholes and stuffing up hundreds of thousands of teachers and students through getting your lawyers to lay into our less-than-satisfactory hosts :(

ServerBeach takes 1.45 million edublogs offline just 12 hours after sending through a Pearson DMCA notice for a 20 question list… (via Techdirt)

Microsoft claims ownership of the number 45, asks Google to censor the US government and Bing


A series of monumentally sloppy, automatically generated takedown notices sent by Microsoft to Google accused the US federal government, Wikipedia, the BBC, HuffPo, TechCrunch, and even Microsoft Bing of infringing on Microsoft's copyrights. Microsoft also accused Spotify (a music streaming site) of hosting material that infringed its copyrights. The takedown was aimed at early Windows 8 Beta leaks, and seemed to target its accusations based on the presence of the number 45 in the URLs. More from TorrentFreak's Ernesto:

Unfortunately this notice is not an isolated incident. In another DMCA notice Microsoft asked Google to remove a Spotify.com URL and on several occasions they even asked Google to censor their own search engine Bing.

The good news is that Google appears to have white-listed a few domains, as the BBC and Wikipedia articles mentioned in the DMCA notice above were not censored. However, less prominent sites are not so lucky and the AMC Theatres and RealClearPolitics pages are still unavailable through Google search today.

As we have mentioned before, the DMCA avalanche is becoming a bigger problem day after day.

Microsoft and other rightsholders are censoring large parts of the Internet, often completely unfounded, and there is absolutely no one to hold them responsible. Websites can’t possibly verify every DMCA claim and the problem will only increase as more takedown notices are sent week after week.

Microsoft DMCA Notice ‘Mistakenly’ Targets BBC, Techcrunch, Wikipedia and U.S. Govt

Report from America's jailbreaking hearings

Wired's David Kravets reports from the Copyright Office's triennial hearings on exceptions to the DMCA's rules against breaking DRM. Every three years, public interest groups supplicate themselves before the Copyright Office and beg for our right to jailbreak our devices and look inside our own property. Every three years, entertainment lawyers show up and demand that nothing of the sort come to pass, because their clients can only survive if it's illegal for you to decide what programs you get to run on the devices you buy. It's all rather revolting, legal sausage-making at its wurst.

Christian Genetski, general counsel of the Entertainment Software Association, told the Copyright Office, whose panelists included its top attorneys and Maria Pallante, the register of copyrights, that freeing Americans to bypass access controls on videogame consoles would decimate the gaming business.

“It will gut videogame consoles’ piracy protections,” he said. “We’re here today because our copyright interests are at stake.”

Allowing such jailbreaking, Hofmann countered, would allow the so-called homebrew community of game developers to play their games on the machines, while also allowing researchers to use the consoles like computers in the furtherance of science.

But the regulators were not clear whether the videogame hack was necessary. They suggested scientists could use computers for their research, and homebrew gamers can play those, too, on their computers.

Robert Kasunic, deputy general counsel of the Copyright Office, suggested that the benefits don’t outweigh the tradeoffs to piracy.

“How do you balance, for instance, the use of being able to put Pong on a homebrew system with the numbers we are aware of in terms of videogame piracy?” he asked, noting that millions of videogames are already being shared without authorization on The Pirate Bay.

So yeah, the Copyright Office generally believes that your rights to your actual, physical property are trumped by multinationals' metaphorical property rights in the things they sell you.

It’s Tinkerers v. Hollywood as Copyright Office Mulls New Jailbreaking Rules

Welcome to your 2012 election season, let the suppression of political debate begin.

Running for office? Embarrassed by YouTube videos that make fun of you or show you looking like an ass? YouTube will give you up to 14 days' worth of censorship for free -- all you need to do is pretend that the video infringes your copyright and invoke the DMCA. EFF wants to change that.

Warner wants you to go to a depot and pay to rip your DVDs to DRM-locked formats


Here's a scathing editorial from Public Knowledge's Michael Weinberg on the Warner Home Entertainment announcement of a new "service" that allows you to legally rip your DVDs by driving over to a special DVD-ripping depot and paying a fee to have them converted to DRM-locked formats that only play in approved devices. Warner calls this "safe and convenient."

You did read that last paragraph correctly. The head of Warner Home Entertainment Group thinks that an easy, safe way to convert movies you already own on DVD to other digital formats is to take your DVDs, find a store that will perform this service, drive to that store, find the clerk who knows how to perform the service, hope that the “DVD conversion machine” is not broken, stand there like a chump while the clerk “safely” converts your movie to a digital file that may only play on studio-approved devices, drive home, and hope everything worked out. Oh, and the good news is that you would only need to pay a reasonable (per-DVD?) price for this pleasure.

To be fair, this plan is easy, safe (safe?), and reasonably priced compared to the movie studio’s current offer to people who want to take movies they own on DVD and turn them into a digital file to watch on, say, their iPad. That offer is a lawsuit, because personal copying of a movie on DVD requires circumventing DRM, which is a violation of the Digital Millennium Copyright Act (DMCA). Furthermore, right now all of the major studios are arguing passionately (pdf) to stop the Copyright Office from granting a exemption that would make personal space shifting of movies on DVD legal.

Try to picture the real alternative to this hokum – people making their own copies of their movies at home. Luckily you won’t have to use your imagination too much because people making their own copies of media they own is exactly what people do with their CDs. They download a free program, make a copy of the CD at home, put the MP3 files on whatever device they want, and go on with their lives.

Warner Bros. Embarrasses Self, Everyone, With New “Disc-to-Digital” Program (via Hack the Planet)

Americans explain why jailbreaking should be legal

The Electronic Frontier Foundation has selected some of the best submissions from the Copyright Office's review of whether it should continue to be legal in the USA to "jailbreak" your devices in order to make them more suited to their needs. In this post, we hear from a deaf man who jailbreaks his phone so that he can use it as an assistive device at work; a military worker in Kuwait who jailbreaks his phone so he can quickly access the flashlight function to scare off dangerous wildlife near the base; and a nurse whose jailbroken device allows her to "track my performance, treatments used on patients, and the effects of those treatments, much faster with customizations that are not available on a device that is not jailbroken."

A note for Canadians: Bill C-11, Canada's proposed copyright law, has no similar exemption-setting process. That means that if MP James Moore succeeds in passing his legislation, it would be illegal to modify your property in the ways described here.

Kevin McLeod is a deaf man who uses his Android phone — a Samsung Epic 4G — to assist him with communication, record-keeping, and time management. Like many deaf people, he uses video relay service (VRS) software on his phone to “work on a level playing field with hearing peers and have productive and meaningful careers.” He had these comments for the Copyright Office:

I need a phone that can run VRS software through the day without having to recharge every other hour. The stock phone I received can't do that. I had to upgrade to a more powerful battery. Then I installed an alternative version of the Android operating system called CleanGB that removes most of the carrier-installed software. This freed up memory and battery resources I need to stay connected.

We need the ability to modify our devices because manufacturers and carriers can't possibly anticipate all the needs of their customers. We need flexibility to make the most of the terrific tools they build for us. I love the power and connectivity my phone gives me. I love that I can customize it to meet my unique needs.

Letters to the Copyright Office: Why I Jailbreak

(Image: Jailbreaking the iPhone - 06, a Creative Commons Attribution Share-Alike (2.0) image from yugen's photostream)

EFF's PlayStation 3 PSA: jailbreaking shouldn't be a crime

The Electronic Frontier Foundation is petitioning the US Copyright Office for a DMCA exemption legalizing "jailbreaking" -- modifying the devices you own so that they can run software of your choosing. The Copyright Office holds hearings every three years on DMCA exemptions and these need to be renewed at each hearing.

To highlight the need for a jailbreaking exemption, EFF has made this video showing how Sony shipped its PlayStation 3 with the promise that users could run GNU/Linux on it, a promise that was taken up by many purchasers, including the USAF, who used a room full of PS3s running Linux to make a clustered supercomputer. But Sony changed its mind and revoked the feature after the fact and began to actively pursue legal penalties against researchers who attempted to restore it.

However, in April 2010, Sony’s mandatory firmware update -- version 3.21 -- removed the ability to install "Other OS" -- meaning no more Linux on your PlayStation. To add legal muscle to its firmware, Sony sued several security researchers for publishing information about security holes that would allow users to run Linux on their machines again. Claiming that the research violated the DMCA, Sony asked the court to impound all "circumvention devices" -- which it defines to include not only the defendants' computers, but also all "instructions," i.e., their research and findings.

This means you can set your PlayStation on fire, but you can’t run Linux on hardware you own. To illustrate how ludicrous this is, we made a video illustrating what an owner can do with a PlayStation -- and what Sony contends they can’t.

PlayStation 3 "Other OS" Saga Shows: Jailbreaking Is Not a Crime

Warner Bros admits it sends takedown notices for files it hasn't seen and doesn't own

Warner Brothers has filed a brief in its lawsuit against file-locker service Hotfile in which it admits that it sent copyright takedown notices asserting it had good faith to believe that the files named infringed its copyrights, despite the fact that it had never downloaded the files to check, and that it sometimes named files that were not under Warners's copyright, including files that were perfectly legal. Among the files that Warner asked Hotfile to remove was a file called "h­ttp://hotfile.com/contacts.html and give them the details of where the link was posted and the link and they will deal to the @sshole who posted the fake" and others.

The studio also "admits that it did not (and did not need to) download every file it believed to be infringing prior to submitting the file's URL" to the Hotfile takedown tool. That's because "given the volume and pace of new infringements on Hotfile, Warner could not practically download and view the contents of each file prior to requesting that it be taken down."

This is interesting because the DMCA requires a copyright holder issuing a takedown notice to state that it has a "good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." It's hard to see how anyone at Warner Brothers could have formed any beliefs—good faith or otherwise—about files it admits that no human being at Warner had even looked at.

The recently-proposed Stop Online Piracy Act, which is backed by the major Hollywood studios, would give copyright holders new powers to cut off websites' access to payment processors and advertising networks. It even includes a new DMCA-style notice-and-takedown scheme. But given the cavalier way that Warner Brothers has used the powers it already has under the DMCA, policymakers may be reluctant to expand those powers even further.

Warner Bros: we issued takedowns for files we never saw, didn't own copyright to

Anti-malware hardware has the potential to make it illegal and impossible to choose to run Linux

It's been years since the idea of "trusted computing" was first mooted -- a hardware layer for PCs that can verify that your OS matches the version the vendor created. At the time, TC advocates proposed that this would be most useful for thwarting malicious software, like rootkits, that compromise user privacy and security.

But from the start, civil liberties people have worried that there was a danger that TC could be used to lock hardware to specific vendors' operating systems, and prevent you from, for example, tossing out Windows and installing GNU/Linux on your PC.

The latest iteration of Trusted Computing is called "UEFI," and boards are starting to ship with UEFI hardware that can prevent the machine from loading altered operating systems. This would be a great boon to users -- if the PC vendors supplied the keys necessary to unlock the UEFI module and load your own OS. That way, UEFI could verify the integrity of any OS you chose to run.

But PC vendors -- either out of laziness or some more sinister motive -- may choose not to release those keys, and as a result, PC hardware could enter the market that is technically capable of running GNU/Linux, but which will not allow you to run any OS other than Windows.

What's more, UEFI may fall into the category of "effective access control for a copyrighted work," which means that breaking it would be illegal under the DMCA -- in other words, it could be illegal to choose to run any OS other than the one that the hardware vendor supplied.

Secure boot is optional, but there is likely to be a fair amount of pressure applied by proprietary OS makers to enable it. One could imagine that those vendors might also provide a way to turn off secure boot (from a BIOS-like menu for example), but that is something that might be exploited by rootkits and other malware, so there may well be resistance to allowing that kind of option. Protecting users from rootkits and the like is certainly useful, but there is a competitive advantage as well. Hardware vendors can ensure that only the code they approve can run on the hardware, and proprietary OS vendors will be largely unaffected because their keys will be in the signature database. One would hope that the protection against malware is the primary motivation, but the ability to lock out free OSes is likely seen as a plus.

It is Linux and other free systems that could suffer most from secure boot implementations. While it would be possible for various distributions to get their keys added, that wouldn't help anyone who wanted to run a tweaked version of the "approved" bootloader or kernel. Distributors would not be able to release their private keys to allow folks to sign their own binaries either. Each key is just as valid as any other, so malware authors would just pick up those keys to sign their wares. Exposed keys would also find their way onto the forbidden list rather quickly one suspects.

UEFI and "secure boot" (via /.)

MP3tunes verdict: music lockers are legal

The Electronic Frontier Foundation's Julie Samuels posts analysis of yesterday's verdict in Capitol Records vs. MP3tunes, in which the big record labels were suing MP3tunes. The labels argued that MP3tunes wasn't eligible for the DMCA's "safe harbor" protection, and should have a duty to check all the files that users added to their lockers to make sure they didn't infringe copyright. The court disagreed.
But it appears that all of this worry and extra work may have been in vain. Just yesterday, a court found that an early music locker service, MP3tunes, which uses a de-duplicating process, “is precisely the type of system routinely protected by the DMCA safe harbor(s).” This outcome represents an understanding of copyright law more in line with how technology actually works, and avoids an absurd result where a music locker needs to waste server space by storing thousands of copies of identical files. This means more efficient music locker services, which is good news for music fans and for companies coming up with new and better ways to give those fans access to music they already own.

The opinion in the Capitol Records vs. MP3tunes case contained other good news (EFF filed an amicus brief in this case earlier this year). For example, the court made clear that the music locker service—whether it de-dupes or not—is like any online service provider (OSP) and, therefore, is entitled to the DMCA safe harbor protections as long as it complies with other DMCA requirements.

MP3tunes: A Victory for Music Lockers Is Good News for Music Fans

Copyright complaint kills Peanutweeter


Peanutweeter, the extremely funny and clever best-of-Twitter project that inserted odd tweets into oddly matching Peanuts panels, has been taken down from Tumblr following a DMCA copyright complaint from the Iconix Brand Group, who bought the Peanuts copyrights.
The site's creator, T. Jason Agnello, said he doesn't plan to fight the takedown.

"I believe I put a good-faith effort into specifying that this was a fair use parody," Agnello said Friday in an e-mail to Wired.com. "However, I don't have the legal might to argue it. Nor do I wish for the stress in doing so."

Update: a good piece of fair use analysis on @Peanutweeter: IN DEFENSE: Why @Peanutweeter Should Be Considered Fair Use (via @dhowell)

Good Grief! Peanutweeter Gets Taken Down Following DMCA Claim

UK Music Publishers file copyright complaint over public domain sheet music, GoDaddy nukes major music site

The UK Music Publishers' Association filed a seemingly groundless copyright claim against the International Music Score Library Portal, a repository of out-of-copyright sheet-music, over the score for Rachmaninoff's The Bells. The MPA sent the complaint to GoDaddy, the IMSLP's domain registrar, who took down the entire IMSLP site without further notice. Subsequently, the MPA sought to have its takedown notice removed from the Internet; this may have something to do with the fact that if baseless, its filing has opened it up to legal liability and the IMSLP people are furious and raising money for a punitive lawsuit against the publishers.
Needless to say, we've already responded to Go-Daddy's arbitrary action with a request to reconsider their response. We are also looking into the pursuit of legal action of our own against the Music Publishers Association of the UK for their malicious attempt to shut this site down. Sad to say, the Evil Empire Strikes Back - all too soon. Too bad that a gang of dying companies running on a failed business model can't find anything more productive to do with their time (like maybe promoting the works of living composers, instead of playing lawyer over ones dead since 1943).
IMSLP Under Attack (Thanks, Dan!)

Canada's New Democratic Party promises national broadband and net neutrality

Canada's left-leaning New Democratic Party have unveiled their Internet campaign promises for this election; they're a stark contrast to the Tories, who've vowed to re-engineer Canada's network to make it easier to spy on Canadians without a court order. Instead, the NDP promises to extend broadband (wired and wireless) across the nation, to force the CRTC (the national telcoms regulator) to be more responsive to consumer interests, and to enshrine net neutrality (a term coined by Canadian Tim Wu!) into law.
* We will apply the proceeds from the advanced wireless spectrum auction to ensure all Canadians, no matter where they live, will have quality high-speed broadband internet access;
* We will expect the major internet carriers to contribute financially to this goal;
* We will rescind the 2006 Conservative industry-oriented directive to the CRTC and direct the regulator to stand up for the public interest, not just the major telecommunications companies;
* We will enshrine "net neutrality" in law, end price gouging and "net throttling," with clear rules for Internet Service Providers (ISPs), enforced by the CRTC;
* We will prohibit all forms of usage-based billing (UBB) by Internet Service Providers (ISPs);
* We will introduce a bill on copyright reform to ensure that Canada complies with its international treaty obligations, while balancing consumers' and creators' rights.
NDP Unveils Its Digital Economy Strategy: Reshaping Internet Access in Canada

(Image: Rainbows, a Creative Commons Attribution (2.0) image from jaqian's photostream)

Zazzle: Tolkien estate told us to take down the badge. Wait, no they didn't!

Last week, I got an email from a lawyer representing the Tolkien estate informing me that his clients hadn't demanded that Zazzle remove Adam Rakunas's badge reading "While you were reading Tolkien, I was watching Evangelion."

So I wrote to Adam and asked him what Zazzle had told him about the affair. He was good enough to post all of his correspondence with Zazzle over the matter. On February 28, "Mike" from Zazzle wrote to Adam to say:

With regards to details of the infringement, all legal documents are confidential therefore I cannot release this undisclosed information. But we ask that you do acknowledge the fact that we were contacted by The J.R.R. Tolkien Estate, and at their request to prevent and remove any unauthorized and infringing third-party uses of their copyrights, trademarks and intellectual properties.
But when Adam pressed them for details (and after a lot of bad publicity), "Mike" wrote back:
This email is in regards to the deletion of your button entitled "While you were reading Tolkien,I was watching Eva". After corresponding with representatives from the Tolkien Estate, it's been brought to our attention that the design was removed inadvertently due to a miscommunication on our part.
I've written to several addresses at Zazzle seeking clarification, without an answer. But here's my guess: the Tolkien estate had previously contacted Zazzle and said, forcefully, "You keep carrying things that infringe our copyrights and trademarks. We expect you to take them down and prevent this from happening in the future." So Zazzle instituted a blanket policy of removing anything that even smelled of Tolkien. Then this dumb thing happened, and the lawyers called back and said, "Well, that button didn't infringe on our rights, so you shouldn't have taken it down." And Zazzle put it back up.

I've asked the Tolkien estate lawyer to confirm this repeatedly; he's said things like "I repeat that the Estate made no complaint concerning this badge, which was removed on Zazzle's own initiative. There is no further relevant information to add." When I asked again, "Did the estate ask Zazzle to engage in pro-active policing of its marks and copyrights?" he stopped responding to my emails. I guess you can infer what you want from that.

Anyone from Zazzle reading this: I'd love to get your side of the story.

The Zazzle Emails

UPDATE: Tolkien estate didn't take down badge, claims Zazzle found it "potentially infringing"

This morning I heard from Steven Maier, partner at the Oxford law firm of Manches LLP, on behalf of the Tolkien estate. He wrote to say that the estate was not involved in Zazzle's takedown of a badge reading "While you were reading Tolkien, I was watching Evangelion." According to Maier, "Zazzle has confirmed that it took down the link of its own accord, because its content management department came across the product and deemed it to be potentially infringing."

Which is odd, because Adam Rakunas's post on the subject implied that Zazzle had told him they'd written on behalf of Tolkien's heirs. I've written to both Rakunas and Zazzle for an update.

I'm sorry for misidentifying the Tolkien estate as responsible for this inanity. While they have used copyright threats to censor at least three novels tangentially involving Tokien's characters or personage (that I know of), this button wasn't their fault, it was Zazzle's.

Tolkien estate censors badge that contains the word "Tolkien" (Thanks, Steven!)

Embattled PS3 hacker raises big bank to fight Sony

George "geohot" Hotz is the Playstation 3 hacker whom Sony is suing for unlocking his own PS3 so that he can run his own software on it. Hotz calls himself "pro-DRM" but he also believes in the right to jailbreak your own equipment. As confused as this sounds, it's still absurd and unjust for a gargantuan multinational to use its vast legal resources to crush a lone hacker whose "crime" is to figure out how to do (legal) stuff with his own property.

Hotz has raised money for his legal defence, which will be crushingly expensive. I'd planned on putting up $100 -- but then I discovered that Hotz had closed donations, evidently because he'd raised enough for now.

Since the donations page has gone up, Hotz has met his first goal and will be adding more lawyers to his legal team. For those without money to donate, Hotz is still asking for support. "Let people know how Sony treats customers," he wrote. "Let people know Sony would rather sue than be proactive and try to fix the problem. Let people know about laws like the DMCA which stifle innovation, and don't do anything to fix the problems they were created to solve."

If Sony offered to settle, Hotz has terms in mind: he wants the OtherOS option back on the PlayStation 3, and he wants a public apology from Sony. He's also willing to trade "a legit path to homebrew for knowledge of how to stop new firmwares from being decrypted." With a fresh infusion of funding and the attention of the media, Sony may find a more formidable opponent in Hotz than it expected.

Donations pour in for PS3 hacker; Sony court battle continues

3D printing's first copyright complaint goes away, but things are just getting started

More news on the first-ever DMCA threat for violating a copyright in a 3D object — Ulrich Schwanitz has rescinded his complaint and will release his shape into the public domain today.

Read the rest

Miami Erotic Museum uses fraudulent DMCA notice to censor Flickr

Thomas Hawk sez, "I was disappointed to have hundreds of my photos pulled down last week off of Flickr due to a fraudulently filed DMCA takedown notice by the World Erotic Art Museum in Miami. The museum submitted a sworn statement claiming copyright over 100% of the items in their collection, including items out of copyright, clearly transformative abstracts, and even works by unknown artists. While a museum might object to our posting images of their collection, abusing the DMCA is not the answer."

Miami's World Erotic Art Museum Fraudulently Uses the DMCA to Take Down Items in Their Collection From the Web (Thanks, Thomas!)

Bunnie explains the technical intricacies and legalities of Xbox hacking


Andrew "bunnie" Huang, who literally wrote the book on hacking Xboxes, was to be a witness in last week's first-of-its-kind trial for Xbox modding. However, the government prosecutor bungled his case so badly that he was forced to withdraw the charge and walk away, leaving the defendant unscathed.

However, Bunnie had already prepared an exhaustive briefing explaining the use-control system in the Xbox 360 that Crippen, the defendant, was on trial for modifying. It was intended to explain to a lay jury the fundamentals of crytographic signatures and scrambling, and to point on the subtle and important ways in which Xbox modding is different from other reverse-engineering that courts have already ruled against, such as breaking the DRM on a DVD.

I've been following this kind of thing closely for years, but I'm not a technical expert -- not in the sense that Bunnie, a legendarily accomplished reverse engineer is, anyway. Bunnie's explanations always leave me with a more thorough understanding of the subject than I had when I started, and this is no exception. Highly recommended reading.

The common use of "encryption" or "scambling" is tantamount to an "access control" insofar as a work is scrambled, using the authority imbued via a key, so that any attempt to read the work after the scrambling reveals gibberish. Only through the authority granted by that key, either legitimately or illegitimately obtained, can one again access the original work.

However, in the case of the Xbox360, two technically different systems are required to secure the authenticity of the content, without hampering access to the content: digital signatures, and watermarks (to be complete, the game developer may still apply traditional encryption but this is not a requirement by Microsoft: remember, Microsoft is in the business of typically selling you someone else's copyrighted material printed on authentic pieces of plastic; in other words, they incur no loss if you can read the material on the disk; instead, they incur a loss if you can fake the disk or modify the disk contents to cheat or further exploit the system).

USA v. Crippen -- A Retrospective

Judge in Xbox hacker trial unloads both barrels on the prosecution

U.S. District Judge Philip Gutierrez opened the trial of alleged Xbox hacker Matthew Crippen with a bang yesterday, berating the prosecution for calling government witnesses who admitted to committing crimes but asking these crimes to be kept secret from the jury; for their theories relating to fair use, and for a "laundry list" of other complaints. The public dressing down went on so long that it actually drew a crowd, and it ended with prosecutor Allen Chiu saying, "I apologize to the court," whereupon the trial was suspended.
Among the judge's host of complaints against the government was his alarm that prosecutors would put on two witnesses who may have broken the law.

One is Entertainment Software Association investigator Tony Rosario, who secretly video-recorded defendant Matthew Crippen allegedly performing the Xbox mod in Crippen's Los Angeles suburban house. The defense argues that making the recording violates California privacy law. The other witness is Microsoft security employee Ken McGrail, who analyzed the two consoles Crippen allegedly altered. McGrail admitted that he himself had modded Xboxes in college.

Xbox-Modding Judge Berates Prosecution, Puts Trial on Hold (via /.)

(Image: FP GoW, a Creative Commons Attribution (2.0) image from novasonicmods's photostream)

Dmitry Sklyarov and co. crack Canon's "image verification" anti-photoshopping tool


Dmitry Sklyarov and his colleagues at Elcomsoft have cracked the "image verification" system in high-end Canon cameras; this system digitally signs the photos you take so any alternations, "touch ups" or other modifications can be detected. Sklyarov (who became a cause celebre when he broke the DRM on Adobe's ebooks and was thrown in jail by the FBI at Adobe's behest) and his team have a sense of humor -- they've produced correctly signed images of astronauts planting the Soviet flag on the moon and the Statue of Liberty holding a sickle, among others.
The problem is that the HMAC sits in the camera's RAM in a de-obfuscated form and can be extracted, according to Sklyarov. It is also possible to extract the HMAC from the camera's Flash ROM and manually de-obfuscate it. Canon also released a third version of ODD, which Sklyarov was also able to break and forge the ODD. Elcomsoft has written a program that can analyze a camera's processor and firmware.

The problem is a design flaw and can't be fixed, according to Elcomsoft. Sklyarov said he was able to extract the HMAC keys for the following models: EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D.

The problem, of course, is that for this system to work, the camera has to keep a secret from its owner -- and if one camera owner manages to extract the secret, all cameras fall. According to NetworkWorld, Sklyarov offers a silly remedy for this: "Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker" -- that is, use DRM to control which code can run on a Canon camera (there is a thriving world of hobbyists who have improved the Canon firmware).

This has multiple problems: the first one, of course, is that it has the same vulnerability as the flaw that Sklyarov just exploited; that is, his solution for making the camera better at hiding a secret from its owner is to hide another secret in the camera to control the bootloader. The scoreboard on device jailbreaking is basically Jailbreakers: Infinity, Firmware: 0. All that adding another secret to the camera will accomplish is to put people who crack it at risk of being punished under the DMCA, the same law that saw Sklyarov imprisoned. Presumably, he doesn't advocate this.

It's perfectly plausible to think that you might hide a key inside a device so well that most of its users will never be able to extract it (for example, it'd be pretty easy to hide a key inside my laptop or camera such that I couldn't get at it). But for this kind of adversarial computing to work, you need to be able to embed a key in a device so perfectly that no one, anywhere, can extract it (because once the key is extracted, I can just download it from the Internet, rather than steaming open my camera's sealed envelope and getting at its secrets). This is just silly, and no one should rely upon any system that is grounded in it.

Analyst finds flaws in Canon image verification system

EFF rescues ASL Ally's sign-language YouTube music videos

When popular YouTuber ASL Ally -- who posts videos that interpret song lyrics in American Sign Language for deaf and hard-of-hearing people -- had her YouTube channel yanked after complaints by Warner and Universal, the Electronic Frontier Foundation's Cindy Cohn came to the rescue. Cohn called up YouTube, and YouTube contacted the rightsholders, and everyone agreed that there was nothing wrong with Ally's wonderful work. However:

"The problem is that the various music groups hire zombies and trained monkeys who scour the Internet searching for any use of their licensed material regardless of the context or purpose," Cohn said by phone on Monday.

"Often, this leads to flagged entries and complaints on sites like YouTube that really should have been approached with greater discretion."

YouTube Reinstates Ally ASL's Account

Microsoft promises not to sue Kinect hackers

A Microsoft spokesman told Ira Flatow on NPR's Science Friday that despite earlier threats, they wouldn't sue people who made and shared their own Kinect drivers.