Techdirt. Stories filed under "congress"

A Framework For Copyright Reform

Mike Masnick — Fri, 17 May 2013 08:32:43 PDT

I watched a large part of the House Subcommittee on Intellectual Property's first hearing on copyright reform, and came away somewhat disappointed. While the panelists presented a variety of interesting viewpoints and worked hard to highlight areas of agreement, many of the Congressional Representatives were clearly confused about the law, the Constitution and the nature of the debate itself. I came away with a few key concerns, but also with some ideas for a framework that any debate on copyright should necessarily take. First up, the concerns:

Too many Representatives flat out mis-stated what the Constitution says. They said that the copyright is "guaranteed by the Constitution" or that their Congressional mandate is to protect science and art. Neither is true. The Copyright Clause of the Constitution grants Congress the power to issue "exclusive rights" for the sake of promoting the progress of science and the useful arts. That is, it was never about "protecting" but about "promoting the progress." Those are very different things. For that matter, it had nothing to do with creative works, for the most part. If we go by the originalist mandate, "science" was the part that copyright was about, and it meant "learning." The framers of the Constitution were focused on promoting learning and education via copyright, not a specific entertainment business. That it does that now is fine, but don't claim that the Constitution says that Congress must "protect" the entertainment industry. Because it says no such thing. After all, that same section grants Congress the power to grant letters of marque to privateering ships to seize foreign ships. If copyright is guaranteed by the Constitution, then so would the right to demand your right to a letter of marque.
Too many representatives continued to set this up as a battle between "content creators" and "the tech industry." This is dangerously misleading. In fact, at one point, Rep. Deutch flat out said that any copyright reform must carefully benefit "creators and the tech industry, as if those were the only two stakeholders. The real stakeholders of copyright law, however, have always been the public, who were barely mentioned at all in the hearing. Or, when they were mentioned, it was often with the somewhat disparaging term "users."
Finally, the myth that "everyone just wants stuff for free" was brought up a few times, in an effort to defend the idea that greater enforcement is a necessity. Except, that's not true. As we've seen over and over again, consumers are actually spending more today on entertainment than ever before, according to the Bureau of Labor Statistics. And tons of studies have shown that the biggest infringers also tend to be the biggest spenders. You don't make good policy based on catchy myths, and this one is a myth. It should be stricken from the debate as false. And, I won't even bother with the one comment from Rep. Poe that "copyright won the cold war." Where do we get these people?

Given all that, if we wanted to look honestly at copyright reform, it needs to start from a few basic principles. Here are a few preliminary thoughts on a potential framework for discussing these things.

Pretty much everyone is both a content creator and a content consumer. Over and over again we heard about concerns of certain creators as if they were a separate class of people unrelated to the wider public. That's silly. Especially as we have copyright law today -- in which every piece of creative content is immediately covered by copyright at the moment the expression is set in fixed form -- we are all creators. Nearly every email you write is probably covered by copyright. Every creator is also a consumer of content, and that includes professional creators. Professional content creation often involves building off of the influences of other works. We should support that as well. Otherwise, we begin to treat copyright as a sort of welfare program for professional creators, which is never what it was intended to be.
Technology is just a tool. It is neither a competitor to, nor an enemy of, content creators. With so many Representatives setting up the debate as "content vs. technology," we start to go down a very dangerous and distorted path that has little to do with reality. As a tool, technology certainly can create challenges for existing and traditional business models, but also tremendous opportunity. Look at the success of platforms like Kickstarter today. Would anyone seriously argue that the "technology" company Kickstarter is "anti" creator? Similarly, we're seeing more and more artists succeed by embracing new technology platforms that enable them to do amazing things: Bandcamp, TopSpin, BandZoogle, ReverbNation, SongKick, Dropbox, SoundCloud, Netflix, YouTube, Facebook, Twitter, HumbleBundle -- and many, many, many more. The list literally goes on and on and on. These are the tools that so many content creators are embracing today to help them to be better able to create, to promote, to distribute, to connect and to monetize their works than ever before. To argue that this is tech vs. content, when the tech companies seem to be handing content creators the most useful tools they've ever had to be successful, seems ridiculous.
Every legislative choice has costs and benefits. Too often, it seems like those pushing a certain proposal like to only look at one side of that equation. If we're to have an effective debate over copyright reform, it should include an upfront look at the costs and the benefits, the conditions and the consequences of various decisions across the board on the public. The purpose of copyright law, explicitly, is to promote the progress. We should be weighing carefully whether or not each change really would promote progress of science and the useful arts.
Decisions need to be made based on empirical data. As we've discussed in the past, historically, copyright reform discussions have been almost entirely faith-based. This is why the claims of "everyone just wants stuff for free" are so concerning," since the data suggests that's not even close to true. Given the recent call for objective research that would be useful in the copyright debate, by the US National Research Council, I'm hopeful that we'll actually begin to see some useful data for this discussion. Hopefully those in Congress will actually pay attention to the data, rather than continue to insist that blatantly false claims must be true.
Finally, and most importantly, the focus needs to remain on promoting the progress of science and the useful arts. It's not about "protecting" any industry or any class. It's about what most helps to promote overall progress. Each proposal should be judged on that standard.

While it may be difficult, I think that if any discussion on copyright reform begins with those basic principles, it could end up being quite useful and informative.

Permalink | Comments | Email This Story

Congress Grandstanding Over Google Glass 'Privacy' Concerns; Next Up: Privacy Concerns Over Your Eyes

Mike Masnick — Fri, 17 May 2013 05:27:43 PDT

We should have know that once the press started picking up on the ridiculous moral panic over Google Glass that Congress would be quick to follow. In a move that smacks of traditional political grandstanding, a group of Congressional Representatives have sent a letter to Google raising a bunch of questions about the supposed "privacy concerns" of Google Glass. I'm wondering if next they'll summon a representative of the seeing public to discuss the privacy concerns of your own two eyes.

First, they jump to the go-to point that any anti-Google privacy activist goes to: the data collection from open WiFi. What no one ever seems willing to discuss is the fact that this is the nature of open WiFi. Anyone can see any of the unencrypted data traveling over that access point. Why that gets blamed on Google makes no sense. They also worry about privacy of non-users, which is definitely a point that others have raised. But, how is this privacy issue different than one of basic sight. Google Glass sees what a user sees. If they can see you doing something you don't want exposed, they can reveal that as well. How is that a privacy issue specific to Google Glass? There are a number of other odd questions, including whether or not Google considered the privacy implications of the NY Times' Google Glass app. Huh? First off, if there were privacy implications, shouldn't they be the NY Times' concern on that issue? And second, can anyone explain why possible privacy issue could be in play here? It's a news app on a tiny screen. So what?

When regular cameras first came on the scene, there were similar scare stories and people worried about the privacy impact of still photo cameras. We pretty quickly learned how to cope and adapt to that. Why do people think we can't learn and cope with Google Glass?

Permalink | Comments | Email This Story

Somewhere Everywhere, Big Brother Is Smiling: Congress Sells Your Privacy For A Cool $84 Million

Tim Cushing — Mon, 22 Apr 2013 07:31:00 PDT

In case you were wondering why so many Democrats switched sides during the most recent CISPA vote, the answer is exactly what you think it is: $$$. And lots of it. Last year's CISPA vote only managed to secure 40 Democrat supporters. This time around, the number leapt to 92.

[A] new coalition of special interests, which include America's two largest cellular service providers AT&T, Inc. and Verizon Wireless -- jointly owned by Verizon Communications Inc. and Vodafone Group Plc. -- as well as two of the nation's largest software firms Microsoft Corp. and Intel Corp., came together to create a similar data grab bill (Microsoft has since renounced its support). Security firms like Symantec Corp. also backed the bill.

Pushing the bill through was $84M USD in funding from special interest backers.

$84 million is change-of-heart money, although one imagines those contributing checked and double-checked their "sponsored" representatives to make sure they were all on the same page. As DailyTech points out, nearly $86 million went into the SOPA push and most of that turned out to be wasted money.

Last Monday, two hundred IBM executives visited the White House to make a last minute push for CISPA. Whatever they said or did must have been very persuasive. By the end of the day, 36 new sponsors had signed on to the bill, up from a very lonely two previous to IBM's visit. Unsurprisingly, financial motivation was involved, according to numbers gathered by Maplight.

New co-sponsors have received 38 times as much money ($7,626,081) from interests supporting CISPA than from interests opposing ($200,362).

Members of the House in total have received 16 times as much money ($67,665,694) from interests supporting CISPA than from interests opposing ($4,164,596).

Now, it's up to Senate to come up with some sort of cyber-security bill that has a chance to get passed and dodge a Presidential veto. Fortunately, there's no clear favorite at the moment (although Lieberman's bill seems to have the President's blessing) and with the limited number of voters, the Senate is much more prone to be gridlocked by partisan politics. Of course, a daylong visit by a few lobbyists could win over just enough hearts and minds to be dangerous. In the meantime, it would probably do these senators a world of good to hear from their constituents, if only to remind them that there are plenty of actual people out there who have to live with the consequences of bad legislation.

Permalink | Comments | Email This Story

CISPA Sponsor Claims Opposition Is '14 Year Olds In Their Basement'

Mike Masnick — Tue, 16 Apr 2013 13:47:53 PDT

The House Committee on Rules has been debating CISPA and what will be covered in the official floor debate and what amendments will be presented tomorrow or the next day (whenever it hits the floor). Much of it was routine stuff, but there were some typical bogus grandstanding about the giant threat of a cyberattack that's going to kill us all (be afraid!) if we don't do something (no worry about if that something will actually help). Representative Mike Rogers, the sponsor of CISPA and its main backer, decided that he was going to take the lowest road possible in talking about the concerns of privacy advocates by saying that the only opposition is "14-year-olds in their basement." That statement followed the claim that "Silicon Valley CEOs support CISPA."

Update: Sina Khanifer has uploaded a video of Rogers making these comments. This is insulting on a whole variety of levels. First of all, it suggests that privacy advocates are nothing more than children. That's ridiculous. The White House, who have raised privacy concerns about the bill, are 14-year-olds in their basement? Rogers honestly thinks insulting the President is the way to get CISPA passed? The ACLU are 14-year-olds in their basement? Really? The tens of thousands of people who have contacted Congress in the past few weeks about this are all 14-year-olds in their basement? Rogers owes the public he represents a massive apology.

Second, the comment about Silicon Valley CEOs is not true. Yes, there are some tech companies who are in favor of CISPA, mainly because of the liability protections they would get. But it is hardly an across the board belief. Many, many tech companies are all quite concerned about CISPA and what it will mean for the privacy of their users. Both Mozilla and Reddit have strongly spoken out against CISPA. Do they not count?

Third, the idea that because some Silicon Valley CEOs support CISPA, it means that there couldn't possibly be any concern. This is a outgrowth of the myth that SOPA was only stopped because tech companies spoke out. As such, politicians like Rogers think all they need to do is appease tech CEOs, and not the public, whom they're supposed to represent. That Rogers would so outwardly admit that as long as a small group of tech CEOs favor the bill (which is already a highly questionable statement), that he can ignore the public and insult them, is really stunning.

Of course, what this really shows is Rep. Mike Rogers' absolute disdain for privacy. He doesn't take the concerns of the public, of privacy advocates, and even of the White House seriously. Instead, he sees privacy as something that should be mocked and those who support it insulted. Why should such a person be in charge of wiping out privacy laws on the internet?

Permalink | Comments | Email This Story

Congress Quickly And Quietly Rolls Back Insider Trading Rules For Itself

Mike Masnick — Tue, 16 Apr 2013 11:11:00 PDT

In November of 2011, the TV show 60 Minutes did a big expose on insider trading within Congress. While everyone else is subject to basic insider trading rules, it turned out that members of Congress were exempt from the rules. And, as you would imagine, many in Congress have access to market-moving, non-public information. And they made use of it. To make lots and lots of money. Of course, after that report came out and got lots of attention, Congress had to act, and within months they had passed the STOCK Act with overwhelming support in Congress to make insider trading laws that apply to everyone else finally apply to Congress and Congressional staffers as well. As that link notes:

The lopsided votes showed lawmakers desperate to regain public trust in an election year, when the public approval rating of Congress has sunk below 15 percent.

Of course, here we are in 2013 and, lo and behold, it is no longer an election year. And apparently some of the details of the ban on insider trading were beginning to chafe Congressional staffers, who found it hard to pad their income with some friendly trades on insider knowledge.

So... with very little fanfare, Congress quietly rolled back a big part of the law late last week. Specifically the part that required staffers to post disclosures about their financial transactions, so that the public could make sure there was no insider trading going on. Congress tried to cover up this fairly significant change because they, themselves, claimed that it would pose a "national risk" to have this information public. A national risk to their bank accounts.

It was such a national risk that Congress did the whole thing quietly, with no debate. The bill was introduced in the Senate on Thursday and quickly voted on late that night when no one was paying attention. Friday afternoon (the best time to sneak through news), the House picked it up by unanimous consent. The House ignored its own promise to give Congress three days to read a bill before holding a vote, because this kind of thing is too important to let anyone read the bill before Congress had to pass it.

And, of course, yesterday, President Obama signed it into law. Because the best way to rebuild trust in Congress, apparently, is to roll back the fact that people there need to obey the same laws as everyone else. That won't lead the public to think that Congress is corrupt. No, not at all.

Permalink | Comments | Email This Story

IBM Sends 200 Execs To Capitol Hill To Demand The Right To Send Your Private Info To The NSA

Mike Masnick — Mon, 15 Apr 2013 11:59:22 PDT

We've talked about various tech companies supporting CISPA, which is really shameful and short-sighted. Yes, it protects them from liability if they trample all over your privacy and provide your private info to the government -- which is why they support it. But if they were truly customer focused companies, they would know that violating your privacy is no way to build a loyal customer base. And, apparently, the right to violate your privacy and hand that info to the government is so important to IBM that it has sent 200 executives to Capital Hill today to lobby in favor of passing CISPA. CISPA is expected to go to a floor vote in the House either this Wednesday or Thursday.

Nearly 200 senior IBM executives are flying into Washington to press for the passage of a controversial cybersecurity bill that will come up for a vote in the House this week.

The IBM executives will pound the pavement on Capitol Hill Monday and Tuesday, holding nearly 300 meetings with lawmakers and staff. Over the course of those two days, their mission is to convince lawmakers to back a bill that’s intended to make it easier for industry and government to share information about cyber threats with each other in real time.

What they still can't explain is what laws currently get in the way of this information sharing? We've been asking for years and no one has answered. Everyone agrees that information sharing around an attack can be useful in stopping it, but no one has explained why that information sharing (a) requires a new law or (b) can't be done without wiping out all basic privacy protections for personal info currently provided under existing law.

Even more ridiculous is that IBM flat out admits that they want to be able to send your info to the NSA. We've pointed out for a while that one of the major concerns with CISPA is that the NSA -- a military agency -- would get access to your info, despite the general prohibition on spying on Americans. Of course, the NSA has twisted that mandate ridiculously, such that it believes it can now spy on anything so long as they claim it may help them in finding a foreign threat. Technically, the law is about the "target" of the information, and the NSA (and potentially the secret ruling from the FISA Court) has interpreted this to mean that as long as the target of the investigation is as foreign threat, then the NSA can snoop through anything in pursuit of that target.

Of course, most folks have been trying to play down the fact that the NSA would get the info. But not IBM. Nope, they're thrilled to send your private info right to the NSA:

[IBM VP of government affairs Chris] Padilla, however, says companies need to be able to share threat data directly with the NSA “because that’s where the expertise is.”

“It really is a simple matter. The expertise in the U.S. government on cybersecurity largely rests in one place, and that's the National Security Agency,” he said. “They tend to know the most, the soonest about cyber threats and I think, frankly, there is a certain amount of feeling in the business community that you should be able to work directly and share information directly with the agency that has the most expertise.”

While the NSA does have some knowledge on cybersecurity, it's an exaggeration to suggest that they have "the expertise" on the subject. It also does nothing to explain why your private info should be included.

Permalink | Comments | Email This Story

Congress Planning To Debate CISPA Behind Closed Doors; No Public Scrutiny Allowed

Mike Masnick — Tue, 2 Apr 2013 14:01:53 PDT

We've been hearing for a while that when the planned markup occurs next week for CISPA, that the House Intelligence Committee is intending to hold a closed markup, basically hiding the discussion and the possible amendments from the public. There is no good reason for this. The Intelligence Committee will claim, of course, that it needs to do this so that confidential information can be discussed in debating the markup, but that's hogwash. There are numerous concerns with the bill that can and should be addressed publicly. If there are key concerns about classified info getting out, that's easy enough to avoid, since so much that CISPA touches on has nothing to do with classified info -- and whatever comes up can be dealt with appropriately.

The truth is that this is yet another way to try to hide from the public on this issue. Congress doesn't want an open discussion on the many problems with CISPA, so it does what it does best: try to hide things away and rush them through when (hopefully) not enough people are looking. It makes you wonder just what CISPA's supporters are so worried about. Congress is supposed to work for the public, not hide things away from the public. This isn't a situation where they're discussing classified info or plans -- but merely a bill focused on information sharing between the government and private companies. Any markup on CISPA needs to be public.

Permalink | Comments | Email This Story

Groups Call On Congress To Explore Fixing DMCA's Broken Anti-Circumvention Provisions

Mike Masnick — Thu, 28 Mar 2013 16:06:00 PDT

A bunch of companies (including us) and public interest groups all came together this week to ask Congress to hold hearings to look into fixing the DMCA's anti-circumvention provisions, and to recognize that any law that says you don't actually own what you've bought is a big problem. It focuses mainly on the problems with mobile phone unlocking, but asks Congress to go further than just a duct taped fix, and to actually explore why the cell phone unlocking problem came about and to fix the real root cause: an anti-circumvention provision that prevents people from making use of products they've actually bought.

In the longer term, we believe that the widespread concern about cell phone unlocking illustrates how these parts of the DMCA can interfere with consumer rights and competition policy. This interference is not limited to the realm of mobile communications devices. Congress must take action to ensure that laws and policies are keeping up with the pace of technological change. Not addressing these questions will stunt advances in access to digital media for people with disabilities and may prevent new innovations and competitive uses for emerging devices, as uncertainties around the law and the three-year cycle creates a chilling effect for individuals, businesses, innovators and investors who may be covered by the law.

To that end, we request that as the leadership of the two committees of jurisdiction, you convene hearings this year to investigate these possible reforms to the anticircumvention provisions of the DMCA in order to begin a thorough discussion of these problems.

Actually getting Congress to care about this may take some work, but it is a key issue if the US really wants to remain competitive with other countries. Furthermore, anyone who claims that we can't fix this part of the DMCA because of international obligations is really only demonstrating why IP issues shouldn't be a part of any trade agreement.

Permalink | Comments | Email This Story

Surprise: Register Of Copyrights Expected To Call For Reduction In Copyright Term

Mike Masnick — Fri, 15 Mar 2013 09:59:29 PDT

For a long time now, the idea of an overhaul of copyright law in the US has mostly been seen as a pipedream. However, it appears that the Register of Copyright, Maria Pallante, may actually be angling for a major bit of copyright reform. Coming up next Wednesday, she's going to be testifying before the House Judiciary Committee on her supposed "Call for Updates to U.S. Copyright Law." Apparently, on March 4th, she gave a talk at Columbia University which has remained amazingly under the radar until now, in which she proposed a long list of possible copyright reforms, which are likely to headline the hearings next week. It's fairly impressive, given how much attention copyright law has been getting lately, that she could present a surprising call for massive changes to the law, and not have a single person report on it immediately after the event ended. However, that is the case.

Having spoken to a few people who were either there or who spoke to people who were there, it appears that Pallante is proposing changes touching on nearly every part of copyright law, and as you might expect, it's a very mixed bag, though I'll withhold final judgment until we see the full details. However, the big one would be a change in copyright term length, to effectively "roll back" the Sonny Bono Copyright Term Extension Act with one caveat. That is, she's proposing switching us back to a life plus fifty year copyright, but with the ability to renew for that additional 20 years for the tiny percentage of works that makes sense for. While, in the grand scheme of things, life + 50 is still ridiculously too long for copyright, this would be the first major reduction in copyright terms in the history of the US. That's notable.

There are a number of other issues that she apparently is suggesting, including expanding collective licensing, "reforming" the DMCA exemptions process that has generated so much controversy lately over phone unlocking, a change to the DMCA's safe harbors, some sort of effort around dealing with the orphan works issue (something the Copyright Office has been trying for for a while), and a "review" of statutory damages. This could get very interesting -- though it's unclear if it will be interesting in a good way or bad way. Once you open up the law, you have to realize that things could go in either direction. At the very least, a lot of lobbyists on all sides of copyright are about to be very busy for quite some time.

As we get more details, we'll be writing more about this, I'm sure. And, of course, we'll do our best to cover the hearing on Wednesday.

Permalink | Comments | Email This Story

Why Shouldn't New Legislative Data Flow Directly Into Wikipedia

Mike Masnick — Thu, 14 Mar 2013 16:11:57 PDT

There's an interesting event going on today and tomorrow at the Cato Institute, with a very practical focus: looking at ways to automate the process of getting legislative data into Wikipedia. That is, when new bills are introduced, and as they make their way through Congress and to the President, is there any reason that data doesn't automatically populate to Wikipedia?

Our project to produce enhanced XML markup of federal legislation is well under way, and we hope to use this data to make more information available to the public about how bills affect existing law, federal agencies, and spending, for example.

What better way to spread knowledge about federal public policy than by supporting the growth of Wikipedia content?

There are a bunch of services out there that present such legislative data, but having a straight XML feed from Congress to Wikipedia seems like an all around good idea.

Permalink | Comments | Email This Story

How Much Does It Cost To Win Election To Congress?

Mike Masnick — Thu, 14 Mar 2013 10:06:00 PDT

A year ago, we wrote about a fantastic episode of the radio program This American Life, which was all about lobbying. One part of it revealed just how much time our elected officials in Congress spend fundraising, and the numbers were somewhat astounding. Both major political parties have set up phone banks across the street from the Capitol (because it's seen as demeaning to do the calls directly from your Congressional office) and members of the House and the Senate spend a ridiculous amount of time there. The report suggested multiple hours each day on average, just focused on raising money for their re-election campaign. It's really quite incredible.

The folks over at MapLight recently used Federal Elections Commission data on the 2012 elections to work out just how much it costs to win a seat in Congress:

House members, on average, each raised $1,689,580, an average of $2,315 every day during the 2012 cycle.
Senators, on average, each raised $10,476,451, an average of $14,351 every day during the 2012 cycle.

No wonder they're hitting the phones every day. Of course, since these are averages, and averages can be skewed, it might help to dig in a bit, and thankfully, MapLight has supplied all the data in a handy dandy spreadsheet. Digging a bit deeper, we see that the campaign that got the highest amount of money is (no surprise) Elizabeth Warren's Senate campaign, which raised $42,506,349. That's a real outlier, as the second highest amount was less than half of that (Sherrod Brown, who raised $20,945,196). The lowest amount for a Senate campaign? Angus King, the Independent from Maine who raised just $2,964,323 -- though he's beloved in Maine and most people thought he had the campaign locked up from the beginning (which is a good thing, since we need more non-partisans in Congress, and King seems to be quite good). There were a few other campaigns around $3 million as well. At the very least, the data suggests that $3 million is the basic entry fee. The median for Senate campaigns pops out at $9,341,391 -- not far off from the mean. That median campaign was Dean Hellers.

On the House side, there were a few clear outliers, topped by Michele Bachmann's $25,894,721 -- though I assume much of that was raised back when she was running for President -- so not particularly representative. The other outlier on the high end: Speaker of the House John Boehner's $22,024,288. No one else came even remotely close. Third place was House Majority Leader Eric Cantor who took in $7,640,467. Note that Bachmann and Boehner actually raised more than any victorious Senate campaign, other than Warren's. The lowest amount raised? That would be Eni Faleomavaega (who?) who raised just $110,570. Of course, he's a non-voting "delegate" to the House, representing American Samoa's at-large district. Similarly, another non-voting delegate, Gregorio Sablan (from the Northern Mariana Islands) raised just $111,145. The lowest amount raised by a winning voting House member would be the $212,068 raised by Jose Serrano. The median amount in the House (including the non-voting members...) is $1,350,902 (for Rep. Janice Schakowsky). That's just a bit lower than the mean, which is probably the impact of the two massive outliers on the high end.

Of course, this data only looks at the winners, not the losers, and you could make a case that that data is pretty relevant as well. Still, the data makes it clear that successfully running for office requires a lot of money, which is why our politicians spend so much time fundraising. If all that fundraising kept them away from making bad laws, perhaps it would be a good thing, but, of course, part of the problem is that implicit in at least some of the fundraising effort is that these politicians will scratch the back of the donors -- which is how we end up in a world where so many politicians seem to focus on crony capitalism and rewarding those who fund their campaign, over what may be best for their actual constituents.

Permalink | Comments | Email This Story

The Government Might Want To Legalize Phone Unlocking, But Unfortunately It Signed Away That Right

Mike Masnick — Tue, 12 Mar 2013 12:06:13 PDT

We've written plenty about the Librarian of Congress' decision to remove the DMCA anti-circumvention exemption that applied to mobile phone unlocking, along with the White House petition that got over 100,000 votes, and the White House's quick response to say that it agreed that phone unlocking should be legal. But for reasons that are not at all clear, it seemed to think it was something that could be fixed by telco law, even though it was copyright law that got us into the mess.

Lawyer Jonathan Band, who works for the Association of Research Libraries, has put out a really excellent short legal primer on the issue, which is a highly readable 8 pages, and covers all the necessary details and background, including a few things you probably have not read elsewhere (such as how some court cases had already narrowed the old "exemption" anyway). However, the most interesting part to me is where he talks about how the White House's position is likely in violation of existing international trade agreements and almost certainly against what the administration itself, via the USTR, is proposing in the Trans Pacific Partnership (TPP) discussions:

The White House position, however, may be inconsistent with the U.S. proposal in the Trans-Pacific Partnership Agreement (TPP) and existing obligations in the KoreaU.S. Free Trade Agreement (KORUS) and other free trade agreements to which the United States is a party. This demonstrates the danger of including in international agreements rigid provisions that do not accommodate technological development.

KORUS obligates the United States and Korea to adopt provisions concerning the technological protection measures based on section 1201 of the DMCA. Furthermore, KORUS mandates that the parties "confine exceptions and limitations" to the circumvention prohibition to a specific list of exceptions that matches the specific exceptions in the DMCA. Cell phone unlocking, of course, is not on that list. KORUS does allow for administrative procedures like the DMCA's rule-making to adopt temporary exemptions, but not permanent ones. The challenge before Congress is to devise a permanent exception for cell phone unlocking that does not breach the obligations under KORUS and other similar free trade agreements.

The draft text for TPP is secret, but the U.S. proposal for the IP chapter was leaked two years ago. The leaked proposal contained KORUS's closed list of exceptions. Because TPP is currently under negotiation, there still is time to make sure that the TPP does not prevent national governments, including the United States, from amending their laws to permit the unlocking of cell phones and other wireless devices.

This is why we find international agreements like ACTA, TPP and now TAFTA so worrisome. Even when they do not directly change the law, they often lock us into bad laws such that we cannot easily fix them. This is one small example, but an important one. Hopefully, the White House and the USTR will (1) release the current negotiating text for the IP chapter on the TPP so that knowledgeable people can go through and it make sure these little "easter eggs" are not present (2) make a clear and definitive statement that it will not agree to any international agreement that would do something as ridiculous as tie Congress's hands when it comes to allowing people to unlock their mobile phones.

Permalink | Comments | Email This Story

Latest Congressional Attempt To 'Fix' Mobile Phone Unlocking Just Punts The Issue Until Later

Mike Masnick — Tue, 12 Mar 2013 07:41:28 PDT

Ah, Congress. Even when they're doing something, they're good at not really accomplishing much. We've already written about some various proposals on Capitol Hill to respond to the White House's request for Congress to make phone unlocking legal, contrary to the Librarian of Congress' decision to remove it from DMCA exemptions. So far, as we noted, all of the bills really failed to tackle the real issue, and some were just poorly thought out entirely. At the end of that piece, we noted rumors that Rep. Goodlatte was introducing a bill. Late Monday, Senator Leahy (with Senators Grassley, Franken and Hatch) introduced his bill and it's believed to be the same one that Goodlatte is likely to push in the House. Since Leahy and Goodlatte lead the Judiciary Committees in the Senate and the House, it has to be assumed that this bill has the pole position in being the one likely to get traction.

If so, it's a disaster. It does nothing to fix the problem. Worse, it just kicks the can down the road in the hopes that people will forget about it. Here's what it does:

It tells the Librarian of Congress to "repeal" the existing failure to exempt phone unlocking and replace it with the exemption that was put in place back in the last rulemaking in 2010 (which was a weaker unlocking rule than the one before it). That "new" / "old" ruling will stick around until the next rulemaking in 2015 when the Librarian might decide to dump it again.
Within one year, the Librarian of Congress, with the help of the Register of Copyrights, is supposed to determine whether or not to extend the exemption further to things like tablets (as requested by the White House).
It explicitly states that nothing in the bill changes anything of importance.

In other words, "oh, gosh, someone noticed how totally screwed up the system is, and how the walls are crumbling, and let's just patch up this one little hole here with a bit of spackle." This is not a solution. This is a total punt by Congress. The other bills proposed so far have been bad, but this is worse.

Congress has a real chance to fix something here, but so far has chosen not to actually take a position of leadership and do anything. How typical.

Permalink | Comments | Email This Story

Congress Tries, Yet Again, To Fix Outdated Electronic Privacy Laws

Mike Masnick — Fri, 8 Mar 2013 15:06:02 PST

We've been writing about ECPA reform for ages. In case you haven't been following this, ECPA is an incredibly outdated law concerning the privacy of electronic communications. As it stands now, thanks to some oddities in the law, the government can often access your online data with little oversight (among the many oddities in the bill, it considers emails on a server for more than 180 days "abandoned" and accessible by the government without a warrant). While many politicians in Congress claim that they're in favor of ECPA reform, little ever seems to happen with it. Late last year it had looked like a deal might have been worked out whereby Congress would approve strong ECPA reform that would respect the privacy of our data, in exchange for also reforming privacy laws concerning video rental data (basically a favor to Netflix and Facebook).

Law enforcement, as always, flipped out about the ECPA reform bit, and at the very, very end of Congress, the video rental reform stuff passed while ECPA reform was left on the cutting room floor.

This week, however, ECPA reform has been brought back once again, this time in the House, by Rep. Zoe Lofgren, along with Reps. Ted Poe and Suzan DelBene. The proposed bill, called The Online Communications and Geolocation Protection Act, is embedded below. It's a strong bill, meaning law enforcement folks are likely to flip out again. Among the reforms, it would set up a clear and consistent standard for requiring a warrant for government access to electronics communication. That is, it will get rid of the hodge podge of ECPA rules that change based on how old the communications are, if it's been opened, if it's a draft, etc. Now, we just get one rule, across the board, and that rule is get a warrant. It also requires (with a few exceptions) that notice be given to the user/account holder, so that people actually know when the government goes looking through their data.

In an attempt to appease law enforcement, the bill leaves in many "exceptions," that will allow law enforcement to bypass these rules in certain cases. The bill would be stronger without these exceptions, but there's no way the bill passes without something like that in there.

As you may have realized from the name, the bill also has a section dealing with "geolocation" information. This is important because there are a bunch of ongoing fights concerning the privacy of your location data (obtained via mobile phones, GPS devices and such). As we've covered here repeatedly, the courts have been ruling every which way on the legality of law enforcement accessing this kind of data, and so the bill tries to clarify that, and puts in place prohibitions on the government intercepting location info without a warrant (with, of course, a few key exceptions -- including in an emergency, if the person gives consent or if the data is already public).

It's a good bill that deserves support. While it may not be perfect, it's a hell of a lot better than what we have now. This would be a huge step up in protecting our privacy from government intrusion, which means it's going to be an uphill battle against law enforcement interests to get it passed. That said, maybe this is finally the year when all those elected officials who claim ECPA reform is important get their act together and vote to approve real reform.

Permalink | Comments | Email This Story

Will Jurisdictional Fight Slow Down CISPA's Momentum?

Mike Masnick — Thu, 7 Mar 2013 23:06:00 PST

Thanks to a fair bit of propaganda making the rounds, it feels like CISPA -- the cybersecurity bill that seeks to obliterate privacy protections without explaining how that will increase our security -- is on a bit of a fast track towards approval. However a bit of a stumbling block may have popped up. Congressional Representatives Bennie Thompson and Yvette Clarke -- the ranking members on the Committee on Homeland Security and the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies -- have suddenly realized that all of this is happening without their support. That is, they finally realized that, while this is being handled by the Intelligence Committee, it directly impacts Homeland Security and Cyersecurity (obviously), and so they're suddenly asking why it's not going through their committees.

This is just a basic jurisdictional dispute between various fiefdoms within Congress. They pop up every now and again, and usually get resolved in due time. However, in the short term, it could certainly represent a speed bump that hopefully slows down the pace at which Congress seems to want to rush into approving CISPA.

Permalink | Comments | Email This Story

Over 400 Groups, Representing 15 Million People, Demand 'New Direction' From USTR In TPP Negotiations

Mike Masnick — Wed, 6 Mar 2013 21:13:27 PST

We were just talking about the insanity of the latest round of TPP negotiations happening under the continued cloak of secrecy. It appears that more and more people are beginning to question why this is allowed. A letter has been sent to Congress by over 400 groups representing over 15 million people demanding a "new direction" in the TPP negotiations. In particular, they say that the secrecy needs to go away and that the public needs to be able to comment on what is being negotiated in our name.

We find it troubling that, even as the Trans-Pacific Partnership (TPP) Free Trade Agreement enters its 16th major round of negotiations this March in Singapore, U.S. negotiators still refuse to inform the American public what they have been proposing in our names. Shielding not only proposals, but agreed-upon texts from public view until after negotiations have concluded and the pact is finalized is not consistent with democratic principles. In this regard, the TPP appears to be even less transparent than some past trade negotiations. For example, in 2001, the United States joined with 33 other countries in releasing draft text of the Free Trade Area of the Americans, and draft texts within the World Trade Organization are frequently made available.

In terms of specifics, the letter asks Congress to reject the "Fast Track" authority that the USTR has been requesting. Congress, technically, is supposed to be in charge of regulating commerce with foreign nations. The USTR is seeking fast track authority because, without it, these negotiations and the resulting agreement have no basis in law.

Instead, the letter argues that Congress needs to rein in the USTR, to require them to be more open and public, to actually consult with the public, and to make sure that Congress will review the final agreement to ensure it is in the public's interest, rather than in the interest of a few select "industry advisory committees" whom the USTR relies on. Frankly, the letter could have been a lot stronger, but I'm guessing it needed to be slightly watered down to get all those groups to sign. Still, this letter isn't just from "the usual" public interest groups who have been complaining about TPP all along, and suggests that if the USTR continues on this secretive path, there is likely to be strong opposition from the public. We've suggested in the past that the USTR's failure to recognize why ACTA failed in Europe may come back to haunt them with the TPP, and this letter is yet another warning sign. Unfortunately, given the USTR's past behavior, it's likely to be a warning sign that is, once again, ignored.

Permalink | Comments | Email This Story

Because Congress Isn't Already Maximalist Enough: New 'Creative Rights' Caucus Forms

Mike Masnick — Wed, 6 Mar 2013 16:25:00 PST

Congress already has an "Anti-Piracy caucus," a Recording Arts & Sciences caucus and a Songwriters Caucus, but apparently they needed another one. Reps. Howard Coble and Judy Chu have "formed" the "Creative Rights" caucus that appears to not actually be about supporting true creative rights. It is, instead, designed to focus on over-protecting the powers of a small group to hinder the creative rights of many, many people. That's because it's all about maximalism and protectionism, rather than encouraging wider creativity:

“American innovation hinges on creativity – it is what allows our kids to dream big and our artists to create works that inspire us all. The jobs that result are thanks entirely to our willingness to foster creative talent, and an environment where it can thrive and prosper.

“Serving that notion is exactly what this new caucus will do, and I’m thrilled to have Congressman Coble as my Co-Chair. He has a long record on supporting greater protections for American ingenuity and intellectual property. I look forward to continuing that work with him on these important issues,” said Rep. Chu.

Note the key line there: "greater protections... for intellectual property." This isn't about looking at what is actually driving creativity or protecting wider creative works. "Greater protections" for "intellectual property" means stricter copyright laws that block the creative rights of millions who try to do things like post their own videos online or create mashups and mixtapes. You see, that kind of creativity doesn't count. It means less fan art and fan fiction.

This isn't about protecting creators' rights. This is about ramping up copyright law, to try to prop up an increasingly obsolete business model, while limiting the rights of most creators.

Permalink | Comments | Email This Story

The Worst Article You Might Ever Read About 'Cybersecurity'

Mike Masnick — Wed, 27 Feb 2013 12:12:00 PST

There has been a lot of discussion lately about "cybersecurity" "cyberwar" "cyberattacks" and all sorts of related subjects which really really (really!) could do without the outdated and undeniably lame "cyber-" prefix. This is, in large part, due to the return of CISPA along with the White House's cybersecurity executive order. Of course, the unfortunate part is that we're still dealing in a massive amount of hype about the "threats" these initiatives are trying to face. They're always couched in vague and scary terms, like something out of a movie. There are rarely any specifics, and the few times there are, there is no indication how things like CISPA would actually help. The formula is straightforward: fear + handwaving = "we must have a law!"

However, I think we may now have come across what I believe may top the list of the worst articles ever written about cybersecurity. If it's not at the top, it's close. It is by lawyer Michael Volkov, and kicks off with a title that shows us that Volkov is fully on board with new laws and ramping up the FUD: The Storm Has Arrived: Cybersecurity, Risks And Response. As with many of these types of articles, I went searching for the evidence of these risks, but came away, instead, scratching my head, wondering if Volkov actually understands this subject at all, with his confused thinking culminating in an amazing paragraph so full of wrong that almost makes me wonder if the whole thing is a parody.

The piece starts off, though, by playing up those supposed "risks," discussing how companies face "economic devastation" due to the "theft of valuable trade secrets." Here's an exercise: name one such company that has been so devastated. We'll wait. Then he talks about how these hacks could lead to "disclosure of consumer and employee information." Of course, he seems to be mixing and matching the types of hacks he's talking about. The "trade secret" stuff is generally corporate espionage, whereas the leaking of data tends to just be more general malicious hacking. Very different issues that probably require very different responses. But they're lumped together here.

So we've got an ill-defined problem, but have no fear, because the answer is here: Congress!

At the core of the problem is Congress’ failure to act. For years now, Congress has tried to enact meaningful cybersecurity legislation.

Any analysis of whether or not the attempts at "meaningful cybersecurity legislation" would have any impact at all on the kinds of attacks discussed in the first paragraph? Why, no. Because that would be useful. But that's okay, because Congress needs to act!

The risks are too large and the consequences of failing to act can result in serious economic consequences.

Again, can someone point to any evidence of cybersecurity issues having "serious economic consequences" to date? Yes, it's possible they might in the future, but let's put these things in perspective.

And then we get to this. I warn you ahead of time: reading the following paragraph may cause certain knowledgeable brains to experience something akin to spasms.

Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet. The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide. For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

Let's break this down. Bit by awful bit.

Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet.

Where and how? So far, the only example of any government causing any sort of "havoc" appears to have been the US with Israel with their attacks on Iran via Stuxnet, Flame and possibly some other very targeted malware attacks. What "terrorist groups" or "foreign governments" have actually caused any actual "havoc on the Internet"? The answer is none. It's certainly not what comes next:

The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide.

Yeah. Okay. (1) The United States Sentencing Commission's website was temporarily hacked (and later taken down). It was not "destroyed" in any sense of the word. (2) Activists are neither the "terrorists" nor "foreign governments" we were promised in the preceding sentence. (3) Taking down the site briefly did not cause "havoc." (4) BART Swartz??!??!? (5) The hack was to protest the federal prosecution of Aaron Swartz, not to "protect" it. (6) While many of Swartz's friends and families do say that the prosecution likely led to his suicide, no one can say for sure. (7) Nothing about the hack by Anonymous had anything to do with "cybersecurity" nor would CISPA have protected the Commission's website (better programming might have). Basically, this sentence is just about as wrong as it could possibly be, and has nothing to do with what the article is about, other than drumming up fears about "cybersecurity."

For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

There's been plenty of talk about these Chinese hacks, which definitely do appear to be happening. But, what economic activity has been undermined? So far, the hacks may have been a nuisance, but it's unclear that they've done any real damage. It is also unclear how CISPA helps stop such hacks, other than making Congress feel like it's "done something."

Are there issues with online security that need to be taken seriously? Yes, absolutely. Do we need legislation to deal with those problems? That's debatable, and we're still waiting for some evidence not just of scary sounding threats, but that this kind of legislation will actually help. Unfortunately, this article keeps us waiting. But, it did make us laugh. Unintentionally (we think).

Permalink | Comments | Email This Story

CISPA Wouldn't Actually Solve The Reasons Congress Is Giving For Why We Need CISPA

Mike Masnick — Thu, 14 Feb 2013 10:58:30 PST

As expected, Representatives Mike Rogers and Dutch Ruppersberger have reintroduced CISPA, exactly as it was when it passed the House last year. Incredibly, we've been hearing that they've brushed off the massive privacy concerns by claiming that those were all "fixed" in the final version of the bill that got approved. This is highly disingenuous. While it is true that they made some modifications to the bill at the very end before it got approved, most privacy watchers were (and are) still very concerned. They did convince one organization to flip-flop, and they seem to think that's all they need.

But, here's the thing that no one has done yet: explain why this bill is needed. With President Obama's executive order in place, the government can more easily share threat info with companies, so really the only thing that CISPA piles on is more incentives for companies to cough up private information to the government with little in the way of oversight or restrictions on how that information can be used. And given how frequently the government likes to cry "cyberattack" when it's simply not true, it's only a matter of time before they start using claims of "cyberthreat!" to troll through private information.

And they still refuse to explain why this is needed. We hear lots of scare stories, but no explanation for how this bill helps. For example, Ruppersberger has written up an oped for the Baltimore Sun in which he lays out the reasons we need CISPA, but it's all scare stories, without a single explanation for how CISPA would help. And that's because it wouldn't.

March: Hackers allegedly steal the credit card numbers from 1.5 million Visa and MasterCard customers by breaking into the computer systems of the company's payment processor in New York. The thieves stockpiled the stolen credit card numbers for months before beginning to use them.

Payment processors already have some of the best security people in the world and have a large and widespread community of folks who do nothing but think about security issues for this industry. At what point would that lead the payment processor or Visa or Mastercard to need to hand information over to the government?

August: Cyber attackers disrupt production from Saudi Aramco, the world's largest exporter of crude oil, taking out 30,000 computers in the process, according to press reports.

Saudi Aramco is a Saudi Arabian company. Not sure why they would be sharing info with the US government or how CISPA would relate to them at all.

January: PNC Bank announces to its 5 million customers that its website is getting hit with high traffic consistent of a cyber attack meant to delay business with its online banking customers.

Again, why would PNC need to give information to the government? And, if they could alert their customers to the threat, they can also alert the government. None of that requires the ability to share customer info.

These are just three reported examples of cyber attacks in the past 12 months. Each could have had a devastating impact on the U.S. and global economies. That's more than a bad dream — that's a full-blown nightmare.

These are just three scare stories of cyber attacks in the past 12 months, none of which would have been impacted by CISPA. So why do we need it again?

Highly trained Chinese, Russian and Iranian hackers are probing, pilfering and plotting every second of every day. They're often after personal data: In November, reports suggested a hacker was able to access nearly 4 million tax returns in South Carolina with a single malicious email. And they're often after the trade secrets of our companies: The media has reported that Coca-Cola may have fallen victim to hackers from a Chinese beverage company.

Again, what does any of that have to do with CISPA?

Many believe that what is happening to American business may be the largest transfer of wealth in the history of the world. It's costing our companies billions of dollars, and it's costing our country thousands of jobs.

Many believe that's pure hogwash. It's not the largest transfer of wealth in the history of the world. It's not costing companies billions of dollars and it's certainly not costing our country thousands of jobs.

Preventing the U.S. government from sharing information about malicious computer code it detects is akin to preventing forecasters from warning citizens about a hurricane.

Except the government already could share a lot of information, and with the executive order can now share more. So why do we need CISPA?

Our legislation doesn't just protect companies. It will also protect every American citizen who, for example, uses electricity or banks online, or whose doctor compiles medical records electronically.

How? It's a serious question. You can talk about all of these hacks, and you can say "yay, cybersecurity bill!" but if you don't explain specifically how that bill does anything to actually stop those attacks or to protect Americans, you're full of it.

It's important to note that under my legislation, your private information will also be kept private from the government. Information-sharing between companies and the government will be entirely voluntary. Businesses do not have to share information with the government in order to receive information from the government. The bill does not authorize the government to monitor your computer or read your email, Tweets or Facebook posts. Nor does it authorize the government to shut down websites or require companies to turn over personal information.

The first sentence is simply not true. Your private information can be shared with the government, so to say that it absolutely will be kept private is simply wrong. The second and third sentences are misleading. Yes, the information sharing is "voluntary" but since there are broad immunity exemptions, if the government is coming to most companies and saying "share this info for cybersecurity reasons, and you can't get sued for doing so," how many companies are going to stand up to the government and say no? There may be a very small number, but for the most part, companies will hand over the info. The fourth and fifth sentences are simply meaningless, because they are unrelated to the legitimate privacy concerns raised.

Once again, we're left in the same boat as before. Lots of scare stories but no explanation of why CISPA is needed or how it actually helps. The whole thing is just way too broad, with vague justifications that simply don't make much sense when you look at the actual threats compared to what the bill would allow.

Permalink | Comments | Email This Story

Despite Protests, Congress To Bring Back CISPA Exactly As It Was Last Year, While Obama Signs Exec Order

Mike Masnick — Tue, 12 Feb 2013 10:44:00 PST

Last week, we told you that CISPA was coming back, and it's now been confirmed that it is coming back tomorrow and it will be identical to the extremely flawed bill that passed the House last year.

You can, of course, understand why the sponsors would bring back the identical bill. After all, it passed (fairly easily), even with tremendous protests. Many tech companies like the bill, because it puts no specific requirements on them, and also (more importantly) frees them from liability for sharing info on their users. But that's the really problematic part. It's disappointing that tech companies have not realized that standing up for their users' privacy rights is a smart business decision on its own. Tragically, they're taking the short term view on this one.

The privacy concerns about CISPA are incredibly serious. While the Senate took a very different approach with its Cybersecurity Act (which did not pass), at the very least, amendments to the Senate bill improved the privacy problems. One would hope that the backers of CISPA would recognize that this would be an opportunity to build a bigger tent, and follow through by matching the same privacy protections. Unfortunately they did not. While the Obama administration threatened to veto CISPA last year, in part due to the privacy concerns, I'm not sure anyone is confident that the administration is serious about that.

In fact, if the rumors are correct, President Obama will mention cybersecurity sometime in the State of the Union address tonight, and then will sign the executive order the administration has put together on Wednesday morning, to coincide with the reintroduction of CISPA in the afternoon. Basically, the use of the executive order is to put pressure on Congress to do something. There is still a hurdle from the Senate, since it supports a very different approach, but there's about to be a very, very big push on cybersecurity.

Either way, it's incredibly disappointing that CISPA's supporters didn't take the time to make some rather basic changes to protect privacy. Instead, they effectively use some broad language to more or less wipe out privacy protections on very broad terms, while doing nothing to keep any data shared from being further shared with other parts of the government. In other words, it's a ticket for widespread surveillance of Americans (as if we don't already have enough of that).

Fight For the Future has set up CISPAisBack.com to try to let folks in Congress know that bringing back the same extremely flawed bill is a mistake. That's one way to contact your Representatives, though just calling their office directly would also be a good idea.

Permalink | Comments | Email This Story

Congress Apparently Uninterested In 'Aaron's Law' To Reform CFAA

Mike Masnick — Tue, 12 Feb 2013 05:41:54 PST

Well, this is rather unfortunate, but perhaps not a surprise. Last week, Politico reported that despite progress on Zoe Lofgren's "Aaron's Law," designed to improve the CFAA, it's unlikely to get any traction in Congress. The CFAA, of course, is the widely abused law that was written decades ago in an attempt to outlaw malicious hacking. The bill was never particularly well-written, and over time as the technology has changed, the CFAA has become wide open to broad interpretations, such that people have faced criminal charges for daring to... disobey a site's terms of service (which they never even read). Aaaron Swartz was charged under the CFAA, hence the reform bill is being called "Aaron's Law." But, even with all the attention that Aaron got, Congress isn't interested yet.

The article doesn't suggest the idea is dead, just that it doesn't have nearly enough support. Part of the reason is that the White House and the DOJ haven't said a word about it -- but, really, is that all that surprising given the complaints they've been receiving about US Attorney Carmen Ortiz's use of the CFAA in the Swartz case? But, even within Congress, the key people who are needed to support the bill have basically said they have more important things to deal with right now. And while there are other important bills on the table, it's a big mistake to not update the CFAA before it is abused again.

Permalink | Comments | Email This Story

If You're An Entrepreneur Who's Sick Of DC Not Paying Attention To You, Here's Your Chance

Mike Masnick — Mon, 4 Feb 2013 16:02:00 PST

My friends over at Engine Advocacy (disclaimer: I'm on the steering committee and advise them on certain issues, but have nothing to do with this event) are planning their second Startup Day on the Hill -- where they bring a bunch of entrepreneurs to Washington DC, and actually get them talking to lawmakers. This is a big deal and a useful opportunity. As we all know, DC has a long history of ignoring startups, but the goal of Engine is to change that, and this is one of many cool and useful programs that they're doing. Among other things, there will be a Demo Day for policy makers, roundtable discussions with some of the top tech policy people in the White House, including CTO Todd Park and Senior Policy Advisor Doug Rand (both are very interesting guys). And, of course, a bunch of meetings with elected officials in Congress and their staffs. These kinds of things are great for getting folks in DC to realize that startups and innovation are real things. Too often, it seems that they only look to big legacy companies for tech policy, and that can distort the picture. One way to fix that is to get them introduced to more startups and entrepreneurs. So, please, please, check this out and see if you can go. It's happening February 26th and 27th with all the details on the site.

Permalink | Comments | Email This Story

House Of Representatives Bans Spotify Because P2P Tech Must Be Evil!!

Mike Masnick — Fri, 1 Feb 2013 19:39:00 PST

Hey look, here's a story on which we at Techdirt actually agree with the RIAA. Shocking, I know. It appears that, for reasons that are unclear to just about everyone, the IT folks in the House of Representatives have banned the use of the perfectly legal and authorized music service Spotify because it's P2P technology. According to a report at Politico:

"To help protect House data, our IT policy generally prohibits the use of peer-to-peer (P2P) technologies while operating within the secure network," a spokesman for the Office of the Chief Administrative Officer told POLITICO this week. "While Spotify is currently not authorized, the CAO has and will continue to work with outside vendors to enable the popular services that improve member communication capabilities."

Not surprisingly, this has led to complaints from Spotify, but also from the RIAA, which finds the whole thing preposterous:

RIAA CEO Cary Sherman wrote to the Hill Tuesday to explain why Spotify shouldn't violate the House's IT policy and to lend a hand in getting the decision reversed: "These services are safe and secure, and assuring access to them not only respects the contractual relationship users may have with these services, but also achieves an important public policy goal of promoting legal, safe digital providers," Sherman wrote.

That's nice and all... though it's entirely possible the reason that there's a ban on P2P technology in the House is... due to the RIAA's own efforts in years past. You may recall that, the RIAA, MPAA and other copyright maximalists have pushed for Congressional hearings on just how evil P2P technology is, and why there need to be more laws about it. Ali Sternburg, at the DiscCo Project has the details:

It may be symptomatic of Congress being susceptible to lobbyists' generally oversimplifying and misunderstanding complex technology. As EFF's Parker Higgins tweeted in response: "The years of indiscriminately vilifying p2p technology are now coming back to haunt the content industry." In particular, the policy may be a consequence of three hearings on filesharing in the House from 2007 to 2009, which received testimony criticizing filesharing: "Inadvertent File Sharing over Peer-to-Peer Networks" on July 24, 2007, before the House Committee on Oversight and Government Reform; "H.R. 2221, the Data Accountability and Protection Act and H.R. 1319, the Informed P2P User Act" on May 5, 2009, before the House Committee on Energy and Commerce, Subcommittee on Commerce, Trade, and Consumer Protection; and "Inadvertent File Sharing over Peer-to-Peer Networks: How It Endangers Citizens and Jeopardizes National Security" on July 29, 2009, before the House Committee on Oversight and Government Reform. This context suggests that maybe those hearings caused technophobic Congressmen to panic, leading to a regulation that is now mindlessly enforced as a part of House IT policy.

She admits this is not definitely why it's banned, but it does seem notable. Perhaps, next time, rather than vilifying broadly usable technology, the RIAA and others might recognize that it can actually be the solution to their challenges as well. Nah... that'll never happen.

Permalink | Comments | Email This Story

Congress So Dysfunctional, It Can't Even Fix The Errors It ADMITS It Made In Patent Reform

Mike Masnick — Thu, 3 Jan 2013 08:26:53 PST

Okay, this one is incredible. As you may recall, back in September of 2011, the "America Invents Act" became law. This was a "patent reform" proposal that had been debated and changed and debated some more for about seven years before finally getting approved in a greatly watered down fashion. We criticized the bill for doing almost nothing to deal with the real problems of the patent system, but there were some incredible, fundamental, blatant mistakes in the final bill. You'd think that with seven years of debate and tweaking that such mistakes would have been whittled away. The first clue to some serious problems was in an analysis by Mark Lemley soon after the bill was approved in which some drafting errors were apparent just in looking at the "effective dates" of various parts of the bill.

Over time, it became clear that Congress had left significant errors in. Recently some of the key people behind the bill admitted that there were errors in the bill, with Eli Lilly's General Counsel, Bob Armitage, stating: "There are a few minor errors in the bill and one major error in the bill." What's the "maajor error"? It's the part on "estoppel" in "post grant review." Basically, there's a provision in the bill which encourages people to seek "post grant review" of questionable patents in the first nine months after they've been approved. In talking about this, Congress was clear that it wanted to encourage more people to use this, and so it wanted to remove barriers. One of those was to make it clear that failing to raise issues during the post grant review shouldn't prevent those issues from being raised later. However, the actual language of the bill says that any issue that "could have been raised" can't be raised later.

As law professors Eric Goldman and Colleen Chien note, it's clear that Congress didn't mean to include this language. The committee report on the bill and direct quotes from both House and Senate sponsors of the bill (Lamar Smith and Patrick Leahy) admitted that this was a mistake:

By all accounts, in the AIA, Congress intended to remove the "could have been raised" language and provide a narrower estoppel for PGR proceedings. As the Congressional committee report explains, the PGR was designed to "remove current disincentives to current administrative processes." But something funny happened on the way to the Congressional floor, and the problematic "could have been raised" language was inadvertently inserted into the bill.

We're not the only ones to recognize the error. House Judiciary Chairman Lamar Smith referred to the AIA's PGR estoppel standard as "an inadvertent scrivener's error." Senate Judiciary Chairman Patrick Leahy, in advocating that the Senate adopt the technical corrections bill, said the PGR estoppel standard in AIA was "unintentional," and it was "regrettable" the technical corrections bill doesn't address the issue. Sen. Leahy expressed "hope we will soon address this issue so that the law accurately reflects Congress's intent." The PTO also thinks Congress made a mistake, saying "Clarity is needed to ensure that the [PGR] provision functions as Congress intended."

To fix some of the errors in the AIA, Congress rushed through a "technical corrections" bill, intended to fix some of the problems with the bill. During all the fiscal cliff mess, with some back and forth between the House and Senate, they approved this bill which will be signed any moment, if it hasn't been already.

Just one problem. For a bill about technical fixes, it didn't actually address this one *admitted* major error in the original bill. Yeah, they left that one out.

Let's recap, because this is quite incredible:

Congress spends seven years debating patent reform.
It finally approves patent reform in late 2011, and despite seven years of debate, had a ton of clear errors in the drafting of the bill.
The official sponsors of the bill flat out admit that there's a major error in a part of the bill that they did not intend to be in there.
A year plus later, Congress finally introduces a bill to "fix problems" in the original bill.
This "technical corrections" bill does not fix the one major problem that all admit was a flat out mistake in the original bill.

And people wonder why Congress' approval rating is so low.

Permalink | Comments | Email This Story

Apparently, Congress Isn't Actually Interested In Requiring A Warrant For Law Enforcement To Read Your Email

Mike Masnick — Fri, 28 Dec 2012 17:30:00 PST

Yes, we've already covered the rejection of key amendments in the FISA Amendments Act renewal, but that wasn't the only case of Congress ignoring the public's privacy concerns as they close out this session.

Back in September, we noted that Senator Patrick Leahy, who has been working on much needed reforms for ECPA (the Electronic Communications Privacy Act) -- such as requiring law enforcement get a warrant to read your email -- had attached his ECPA reform plan to an update of the Video Privacy Protection Act (VPPA). While I know some privacy folks were worried about this update to the VPPA, I don't have much of a problem with it. The original VPPA, written as a quick response to a video store revealing Robert Bork's (somewhat boring) video rental history during his Supreme Court nomination hearings, did seem a bit limiting -- especially for online video sites such as Netflix that wanted to add some useful social features. However, it was the ECPA reform part that was more important. Attaching ECPA reform to VPPA reform didn't make some privacy folks happy, but they seemed willing to go along with the VPPA changes if it really meant that we'd get warrant requirements for emails and other digital messages.

There were some attempts to water down that ECPA reform at the end of last month, but the Senate Judiciary Committee kept the warrant requirement in there and rejected various attempts to weaken the bill. As we noted, however, it still was a long way from becoming law, given the need to pass a full Senate vote and to have a companion House bill make the rounds. We assumed that there would be no movement until next year and the new Congress.

But... late last week, the House rubberstamped the VPPA update, and the Senate, almost immediately signed off on the House's version, which the President is expected to sign any moment now. In case you missed it, that means that the ECPA reforms -- which were supposed to be bundled with the VPPA to make the whole thing palatable -- got dropped entirely. And now we get the VPPA reforms and no ECPA reform at all. Neat trick. "Bundle" two things to get support... and then at the last minute drop one part and rush through the other.

Permalink | Comments | Email This Story