Techdirt. Stories filed under "punishment"

Rather Than Fix The CFAA, House Judiciary Committee Planning To Make It Worse... Way Worse

Mike Masnick — Mon, 25 Mar 2013 05:43:55 PDT

So, you know all that talk about things like Aaron's Law and how Congress needs to fix the CFAA? Apparently, the House Judiciary Committee has decided to raise a giant middle finger to folks who are concerned about abuses of the CFAA. Over the weekend, they began circulating a "draft" of a "cyber-security" bill that is so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back against things like SOPA, CISPA and the CFAA. Rather than fix the CFAA, it expands it. Rather than rein in the worst parts of the bill, it makes them worse. And, from what we've heard, the goal is to try to push this through quickly, with a big effort underway for a "cyberweek" in the middle of April that will force through a bunch of related bills. You can see the draft of the bill here (or embedded below. Let's go through some of the pieces.

Adds computer crimes as a form of racketeering

The bill adds to the current definition of "racketeering activity" so that it would now link back to the CFAA, such that if you are found to violate the CFAA as part of an activity that involves a variety of other crimes, you can now also be charged with racketeering. More specifically, if you look at that long list of related statutes in the definition to 18 USC 1961 (1), it will also include: "‘section 1030 (relating to fraud and related activity in connection with computers)." Basically, this just gives the DOJ yet another tool to use against "computer criminals" when they want to bring the hammer down on someone they don't like. Not only could you be charged with computer fraud, but now racketeering as well. Because, you know, all you hackers are just like the Mob.

Expanding the ways in which you could be guilty of the CFAA -- including making you just as guilty if you plan to "violate" the CFAA than if you actually did so

Section 103 of the proposed bill makes a bunch of "changes" to the CFAA, almost all of which expand the CFAA, rather than limit it. For example, they make a small change to subsection (b) in 18 USC 1030 (the CFAA) such that it will now read:

Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.

All they did was add the "for the completed offense," to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something ("conspires to commit") that violates the CFAA shall now be punished the same as if they had "completed" the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become. Now if you talk with others about the possibility of violating a terms of service -- say, talking to your 12 year old child about helping them sign up for Facebook even though the site requires you to be 13 -- you may have already committed a felony that can get you years in jail. That seems fair, right?

Ratchets up many of the punishments

They change around a bunch of the "penalties" that you can get for various CFAA infractions, shaking up a variety of things and basically raising the maximum sentences available for certain infractions.

A very, very minor adjustment to limit "exceeding authorized access."

This one is a very, very tiny step in the right direction, but just barely. Under the old CFAA, "accessing a computer without authorization" and "exceeding authorized access" were lumped together as a a form of breaking the law. The new bill keeps the basic terms of accessing a computer without authorization the same and just ever so slightly trims back the "crime" of exceeding authorized access. Now, to violate the law by "exceeding" authorized access, you'd have to get access to "information from any protected computer" (or financial institution or US gov't agency) and the "value" of that info would need to be over $5,000 (who determines that?) and the access had to have been "committed for purposes of obtaining sensitive or non-public information of an entity or another individual (including such information in possession of a third party), including medical records, wills, diaries, private correspondence, financial records, photographs of a sensitive or private nature, trade secrets, or sensitive or non-public commercial business information" and was committed "in furtherance of any criminal act."

While it's good to see them ever so slightly roll back the issue of "exceeding authorized access," it still seems broad enough that all sorts of activities that shouldn't be seen as criminal would easily get lumped in here by aggressive prosecutors. Rather than "streamlining" the bill and getting rid of the ridiculous "exceeds authorized access" trigger -- as folks like Orin Kerr have suggested -- this tends to just muddle matters even more.

Update: On second look, it turns out that this initial analysis was wrong. This part is worse too! More details here, but basically all those "and" statements are actually "or" which actually push back on how the courts have interpreted the CFAA... and make it worse

And... at the same time, they do something else to make "exceeding unauthorized access" worse. Which brings us to:

Expanding the definition of "exceeding authorized access" in a very dangerous way

That's because the new bill says that you can exceed authorized access: "even if the accesser may be entitled to obtain or alter the same information in the computer for other purposes." Yes, read that again. Even if you are allowed to obtain info via your authorization on your computer, they're now saying that if you use that information in a way that runs afoul of the info above, you can be found to have exceeded authorized access.

Make it easier for the federal government to seize and forfeit anything

We've seen how federal seizure and forfeiture laws are frequently abused to seize goods, which the government claims are used in the commission of a crime (even if they never charge anyone for the crime). And we've seen, with cases like the Dajaz1 case, how the government will use such tools to take and censor websites on no actual basis. And now the CFAA will make it even easier for the government to do such things. It amends the existing sections to basically expand what can be forfeited, because it's not like the government hasn't abused that one before...

The rest of the bill deals with two other things: first a section on "cybersecurity" which includes punishment for those damaging "critical infrastructure" computers, another section that tells the courts to figure out how secure their computers are, and finally a part that creates a "National Cyber Investigative Joint Task Force," to be led by the FBI, because they're an unbiased party.

The final part of the bill relates to "breach notifications." A number of states already have various laws in place that require companies and websites that have data breaches to inform impacted users. This creates a federal law that supersedes those state laws. You can read the details, but basically companies will have to let people (and other companies) know of such breaches within a short period of time -- unless there are law enforcement or national security reasons to delay such notification. It also requires companies to tell the FBI or Secret Service of certain kinds of breaches. If companies don't do this, they can be fined between $500,000 and $1 million -- but only by the DOJ (i.e., individuals or companies can't go after organizations for screwing this up).

Those last two sections are really somewhat unrelated to the rest of the CFAA parts. But the CFAA parts are troubling. Rather than fixing the law, they're expanding it so that computer "crimes" can be hit with racketeering charges, and expanding the general language and punishments for part of the bill. This is not a good thing. The fact that this is being passed around by the House Judiciary Committee suggests that it's likely to be backed by HJC chair Bob Goodlatte, which is unfortunate. You would have hoped that Goodlatte and others on the HJC would recognize that now is the time to fix the CFAA, not to make it worse.

Permalink | Comments | Email This Story

DRM Strikes Again: Digital Comics Distributor JManga Closing Down... And Deleting Everyone's Purchases

Tim Cushing — Mon, 18 Mar 2013 09:50:16 PDT

DRM is rearing its malformed head again and biting the hands that feed it. Rather than simply making an otherwise useful product useless unless requirements x, y and z are met, this time DRM is issuing a clawback on ~~purchased~~ rented digital goods.

Nate Hoffelder at The Digital Reader has the details.

JManga broke some hearts this week when they announced that they were ceasing operations.

This digital manga distributor announced earlier this week that they would no longer sell manga as of 26 March and planned to shut down completely in May.

These things happen. Nothing unusual about a company going out of business, but the words "digital manga distributor" should give you pause (especially if you were a customer).

Any customers with store credit would get a refund in Amazon.com gift cards...

Well, that's certainly thoughtful of them. Wait, why's there an ellipsis on this sentence?

… and any purchased content will be lost when JManga turns off the lights in May (no downloads allowed).

Oh. Fun. Yes, JManga, distributor of digital manga, decided to hold off the pirates by screwing the customers and it's all spelled out in infuriating black and white at JManga's official, soon-to-be-former site.

c.) Manga Viewing Service Termination

Date: May 30th at 11:59pm (US Pacific Time) Details: As of May 30th 2013 at 11:59pm (US Pacific Time) users will no longer be able to view digital manga content on JManga.com. At this time all purchased and free digital manga content will be erased from all JManga Member’s accounts.

And, yes, no downloads are allowed, according to the FAQ.

It is not possible to download manga from My Page.

So, the pirates win again. JManga's DRM will allow the distributor to delete paid for manga from customers' accounts, but presumably all DRM-stripped pirate "accounts" will remain unaffected in perpetuity.

It began promisingly enough.

JManga launched with much fanfare in 2011. This company was backed by the 36 publishers of the Japanese Digital Comics Association, and it was created as a laudable response to the then rampant fan-based scanlation (piracy and English-language translation) of Japanese comics. By offering a legitimate option these publishers hoped to provide the content that was obviously desired by fans.

Unfortunately, things went downhill quickly thanks to pricing issues (mainly that they were too high) and a failure to capitalize on a rapidly growing smartphone market. Now, it's out of business and its insistence on protecting its products with DRM has resulted in the following scorecard -- pirates affected: 0; paying customers affected: ALL.

What we have here is a yet another example of the fact that DRM does nothing but punish the paying customer. It doesn’t actually stop piracy; in this case piracy was already rampant thanks to readily available scanners and a large and enthusiastic fan base.

All that was accomplished with JManga was that the legitimate customer was punished for being honest and paying for the content they received. The pirates, on the other hand, weren’t bothered at all.

I wish more publishers could learn from this mistake, because the hostility that has been shown toward JManga customers is appalling.

"Hostility" is the correct term. Protecting your offerings from those who aren't paying by making those who actually support you subject to anything from minor annoyances to HAVING ALL THEIR PURCHASES DELETED can't really be described as anything but. Adding a layer of perversity to the mix is the fact that JManga is still allowing customers to purchase its products until March 26th, despite the fact that these too will be deleted on May 30th.

When you combine digital goods with DRM, it's lose-lose for paying customers. It turns purchases into rentals and subjects purchasers to the whims of the company. Whether its a verification server being shut down or a company going out of business and taking all its content with it, it all spells bad news for those who exchanged money for goods not even worth the paper the license isn't printed on.

Permalink | Comments | Email This Story

Newspaper Editorial Insists Hackers Must Be Punished, While Misunderstanding Nearly Every Detail

Mike Masnick — Thu, 24 Jan 2013 10:40:01 PST

We just recently wrote about a trio of recent situations -- all involving young hackers probing for information, leading to either criminal charges or threats of criminal charges against them -- that show what happens when people in power don't understand how technology works. They were all cases where the individuals involved may have done things that some would think inconsiderate, but that hardly should rise to the level of "criminal" behavior -- especially with threats of many years in jail. Presenting the flipside to that argument: the editorialists at the Toronto Globe and Mail, who show why those who don't understand technology have no business writing about it. The editorial is headlined When did it become wrong to punish hackers?, which already suggests problem number one. Hacker is a generic term that does not automatically imply malicious attacks, yet the Globe and Mail immediately seems to assume otherwise. That might be news to the US government, which just announced its own National Day for Civic Hacking (despite filing charges against such civic hackers...).

A Montreal school is being widely criticized for expelling a student who hacked into its computer system and helped expose flaws in the system’s security. The student now has been offered jobs by computer security companies, including the one that ran the system he hacked into. In the Internet age, the hacker is celebrated as a hero and the school is pilloried for being an overbearing, defensive holdover from a bygone age. It’s an unfair presumption that needs to be corrected.

That's one version of the story. The hacker is celebrated as a hero because he did something useful: exposed a security flaw that could have been used by someone malicious for nefarious purposes. We generally want to celebrate those who spot danger and warn people away from it. And the school is being pilloried because it expelled this person. Without Ahmed Al-Khabaz's help, the data of students would be at risk. Doesn't it seem somewhat overbearing to blame the messenger? What exactly is "unfair" about the presumption? After pointing out that Al-Khabaz "discovered a serious flaw" the editorial still supports his expulsion, apparently entirely based on the fact that the company, Skytech, felt his probing was an attack:

... Mr. Al-Khabaz then went on and carried out what the company considered to be a “cyber-attack” on the school’s production servers. The company notified the school, and Mr. Al-Khabaz was hauled on the carpet. The company accepted the student’s explanation and noted that he “demonstrated great talent in computer science.” They dropped the matter and offered Mr. Al-Khabaz a job, but Dawson’s administrators felt the student had gone too far and expelled him on the grounds he had violated the college’s code of conduct.

What the company considered a "cyber-attack" could also be described as "checking to see if the flaw was fixed." And, clearly, they didn't think it was a huge problem if they offered him a job, and noted his "great talent." So why does the school still think he went too far?

Dawson’s officials are right: Rules exist for a reason, and students cannot expect to break them without consequence. Why have them, otherwise?

Ahhhhhh. Rules are rules. Rules exist for reasons, but sometimes those reasons are bad. And punishing people for breaking rules in ways that help people seems like sending the exact wrong message. Sometimes rules should be broken, because the rules are wrong.

The editorial then moves on to Aaron Swartz:

Swartz, who had a history of depression, was facing a slew of charges for allegedly downloading publicly funded academic journals from a large database that charged a fee for access. His family and supporters blame overzealous prosecutors for his death; the prosecutors insist – again, quite rightly – that “stealing is stealing.”

Uh, "stealing is stealing" is a tautology, so of course it's right. But what's "wrong" is arguing that what Swartz did was "stealing." He stole nothing. He downloaded papers from MIT's open network, which was set up with a site license from JSTOR allowing open downloading of those journal articles, all of which remained on the site for anyone else to download.

Go ahead, explain what was "stolen"?

In the age of the Internet, the massive downloading for free of music and movies and other copyrighted material has muddied the waters for many people.

It seems to have "muddied the waters" for the editorial writers of the Toronto Globe and Mail who don't seem to realize that neither case had anything to do with the "massive downloading for free of music and movies."

They seem to have forgotten that privacy rights and copyright laws are among the foundations of our economy. These are things that are not to be shoved aside by the absolutism of Internet activism.

Oh really? If privacy rights are the foundation of the economy, then, er, isn't it a good thing that Al-Khabaz alerted officials to a hole that exposed the private info of students. He did nothing to compromise anyone's privacy rights at all. Similarly, Aaron Swartz did not violate any copyright law, and he was not charged with copyright law violations.

So, seriously, how does a huge mainstream publication like the Globe and Mail get away with writing a piece of garbage this ridiculous? It claims things that simply aren't true, completely flips around reality, and then seems to wrap it up in some bizarre "rules are rules" argument, that makes no sense since the rules it says people violated... weren't even violated.

And the Globe and Mail thinks people should pay its meter to access this kind of crap?

Permalink | Comments | Email This Story

Two Copywrongs Don't Make A Right, But We Still Need A Way To Combat False Takedown Notices

Mike Masnick — Tue, 11 Sep 2012 09:18:28 PDT

We've noted plenty of examples of completely bogus takedowns due to copyright claims -- including some pretty serious ones. Over at TorrentFreak, they're asking if such bogus takedowns should be punished in some manner, and they suggest a three strikes system, in which after the third strike, parties are not allowed to file any more takedowns for a month. I'm not sure such a system would really be that productive, but it does seem that something should be done. I know that whenever we talk about bogus takedowns, people point to the "penalty of perjury" language found in DMCA takedown notices. But that's usually a misreading of what the perjury notices actually say. The "penalty of perjury" part only needs to apply to the claim that the party writing the letter is authorized to act on behalf of the rightsholder. That's it. It does not need to apply to the claim that the content is actually infringing, even though most people interpret the notice to read that way. Separately, when the takedowns happen via automated systems like YouTube's ContentID, or via government action, like ICE's domain seizures, the perjury claims have no bearing at all, since they happen outside of the DMCA entirely.

So what can or should be done in those situations? At one point, some Brazilian officials had suggested effectively putting the public domain and fair use on par with copyright -- and thus equalizing the punishments for violating either. There is some poetic justice in such a setup. Given the insanity of today's statutory damages rates (which can lead to up to $150,000 for infringement of a single item), would it be reasonable to then say if you take down something incorrectly, you are opening yourselves up to similar damages?

Defenders of copyright would argue that's way too harsh, though they'd do so without any hint of realization that those penalties are way too harsh for today's infringement as well. Besides, they wouldn't have to worry if they only issue proper takedowns.

Of course, the problem with that is that you're effectively creating a "two wrongs" situation, rather than fixing the bad situation. You could argue that if you set it up so that the two sides had to be in lockstep, then that might actually encourage copyright holders to be more willing to come to the table to reduce statutory damages to more reasonable levels, though this also explains why they'd fight as hard as they could against any such proposal.

In the end, I really don't know what the proper response is -- but it does seem clear that the ability to falsely censor content online, thanks to the DMCA and bogus notices and automated systems, is a real problem that needs to be fixed.

Permalink | Comments | Email This Story

Apple/Samsung Jurors Admit They Finished Quickly By Ignoring Prior Art & Other Key Factors

Mike Masnick — Mon, 27 Aug 2012 09:30:37 PDT

Late Friday afternoon, the jury in the Apple/Samsung patent dispute surprised just about everyone by telling the court it had reached a verdict. Given the number of complex issues it needed to go through, most experts expected it to take well into this week. According to observers in the courtroom, one of Apple's lawyers was so surprised and unprepared that he had to rush back to court without a suit, and showed up in a polo shirt. The quickness of the decision certainly resulted in some questions about just how thoroughly the jury reviewed the instructions and then considered each of the approximately 700 questions it needed to answer (initial jury form is embedded below). As we noted in an update to our post on Friday, about half an hour after the ruling was read out -- and long after most of the press stopped paying attention -- the judge announced at least two problems with the ruling, where the jury had awarded damages, despite not finding infringement.

As we said on Friday, that certainly raised significant questions about how carefully the jury actually reviewed the issues in question. While some said it could have just been a clerical error in answering all the questions, that appears not to be the case. Because after the judge instructed the jury to fix the mistakes, they didn't reassign those damages elsewhere, they just wiped them off the slate. Besides, even if you were to argue it was merely a mistake, that's no excuse. This "mistake" could have ended up costing millions of dollars. That's quite a "mistake."

Over at Groklaw, they're discussing this and other evidence of jury misconduct. The awarding of damages for things they found didn't infringe was already pretty bad, but some of the other details highlight how the jury clearly did not read the jury instructions (or bother to comprehend them).

A Reuters interview with the jury foreman demonstrates conclusively that the jury ignored the rules. Foreman Velvin Hogan told Reuters that they wanted to punish Samsung:

"We wanted to make sure the message we sent was not just a slap on the wrist," Hogan said. "We wanted to make sure it was sufficiently high to be painful, but not unreasonable."

That sounds nice, except... patent awards are only supposed to be about making the patent holder whole, not about punishing the infringer. And, in fact, the jury instructions clearly stated this:

The amount of those damages must be adequate to compensate the patent holder for the infringement. A damages award should put the patent holder in approximately the financial position it would have been in had the infringement not occurred, but in no event may the damages award be less than a reasonable royalty. You should keep in mind that the damages you award are meant to compensate the patent holder and not to punish an infringer.

And yet here's the jury foreman flat out admitting that they decided to use the award amounts to punish Samsung. Elsewhere, it becomes pretty clear that Hogan was hardly an impartial juror. He has his own patent, 7,352,953 on "recording and storing video information." That, by itself, does not automatically make one biased in favor of the system (I know plenty of people with patents who hate the patent system), but he admitted elsewhere that he ended up making decisions based on how he would feel if it was his patent at stake, rather than on what the law actually says -- and then said he needed to rule as if he were speaking out "for all" patent holders. In an an interview with Bloomberg, he made that bias clear:

“When I got in this case and I started looking at these patents I considered: ‘If this was my patent and I was accused, could I defend it?’” Hogan explained. On the night of Aug. 22, after closing arguments, “a light bulb went on in my head,” he said. “I thought, I need to do this for all of them.”

He then told Bloomberg that "he explained his thinking to his fellow jurors" and that seemed to drive the discussion. An interview with another juror, over at News.com, confirmed that Hogan's views focused the jury, with one juror admitting that they just started ignoring prior art, because that question was too time consuming. Seriously.

"It didn't dawn on us [that we agreed that Samsung had infringed] on the first day," Ilagan said. "We were debating heavily, especially about the patents on bounce-back and pinch-to-zoom. Apple said they owned patents, but we were debating about the prior art [about similar technology that Samsung said existed before the iPhone debuted]. [Velvin] Hogan was jury foreman. He had experience. He owned patents himself...so he took us through his experience. After that it was easier. After we debated that first patent -- what was prior art --because we had a hard time believing there was no prior art."

"In fact we skipped that one," Ilagan continued, "so we could go on faster. It was bogging us down."

Yeah. Read that sucker again. The jury instructions are again clear that the jury needs to consider the prior art, but according to this juror, Manuel Ilagan, after foreman Hogan talked about his own experience with patents, they decided that prior art was "bogging us down" and they might as well "skip" it.

In the long run, the jury verdict probably won't matter much, because this case would have been appealed no matter what. But these kinds of stories certainly give Samsung plenty of fodder to ask the judge to toss out the jury verdict already. It also raises questions, yet again, about why we allow juries on patent trials. This has been a big problem for a long time and the results here only serve to emphasize that fact.

Permalink | Comments | Email This Story

Yet Another Story Of A Guy Arrested For Filming Police

Mike Masnick — Thu, 29 Mar 2012 14:51:56 PDT

We've had a bunch of stories lately concerning people being arrested for filming or photographing the police while they're doing their job in public. This is pretty ridiculous, and thankfully courts have started to make it clear that this is a First Amendment violation. Of course, we also just had the story of the city of Boston having to pay $170,000 to one of the people it arrested for filming them. And yet, the message still hasn't reached the police, who seem to keep on arresting people for pointing a camera in their general direction.

JJ sent over a ridiculous story from Philadelphia where a Temple student was arrested for photographing the police, which he actually did as part of his photojournalism class, where he had a "night-photography" assignment. When he saw the police pull someone over near where he lived, he went over with his camera and started taking pictures. What happened next seems positively ridiculous:

As Van Kuyk tells it, he grabbed his camera and began taking photos of the occurrence. After being told to move away from the scene, Van Kuyk distanced himself but continued to take photos, he said. However, an officer soon after demanded Van Kuyk to stop taking photos, he said.

“He was pushing me, and I kept taking pictures and he didn’t like it, and he…got real aggressive and threw me to the ground,” Van Kuyk said.

When his girlfriend, Meghan Feighan, tried to pick up the camera, she was arrested and held for nearly 18 hours, he said. Van Kuyk was arrested and held for nearly 24 hours.

The National Press Photographers Association sent a letter to the police commissioner decrying this behavior, noting that just a few months ago, the commissioner, Charles Ramsey, had actually sent out a memo to police officers, reminding them that they can be "photographed, videotaped or audibly recorded" when in public.

Unfortunately, that hasn't stopped the prosecution of these two individuals from moving forward. The girlfriend agreed to "settle" her case, paying $200 and agreeing to 12 hours of community service, for daring to pick up her boyfriend's camera after he'd been shoved to the ground. However, Van Kuyk is still facing charges -- including one potential felony charge for "hindering apprehension." One hopes that the court here agrees with the appeals court in Boston. Either that, or the prosecutors in Philly learn about the $170,000 Boston just had to pay out...

Permalink | Comments | Email This Story

Shouldn't There Be Significant Punishment For Bogus Copyright Claims That Kill Companies?

Mike Masnick — Thu, 29 Dec 2011 14:47:00 PST

We wrote a detailed post about the latest Veoh ruling, in which Universal Music lost (again) in claiming that Veoh violated copyright law with its YouTube-like service. Of course, as we pointed out, the "victory" for Veoh is pretty meaningless because Veoh is dead. The cost of the lawsuit itself killed it. I've been thinking about this a lot lately, when you see stories like the federal government shutting down Dajaz1 for over a year, without having an actual case for infringement, and the similar case in Japan, in which the developer of a software program, Winny, had to battle in courts for more than five years, before the court declared that he was totally innocent.

The harm done to legitimate businesses by totally bogus copyright claims seems like it should be a big deal. If the government is really concerned about jobs, rather than passing something like SOPA, shouldn't it be ramping up the punishment for bogus copyright claims that cause so much real harm to businesses? Eric Goldman, in discussing the Veoh ruling makes a similar point and puts forth an interesting suggestion for SOPA, to force companies filing such claims to put up a bond to pay, if they turn out to be wrong:

A partial fix to SOPA/PROTECT-IP would make rightsowners bear the cost of their overclaiming. Make them put up a $1 billion bond for the privilege of sending cutoff notices; and pay liberally out of that bond if the rightsowners get the law or facts wrong. Write checks to the investors and employees whose economic expectations are disrupted when rightsowners get it wrong. Write checks to the payment service providers and ad networks who turn down money from legally legit businesses based solely on rightsowner accusations. Heck, write checks to the users of those legit services who are treated as inconsequential pawns in this chess match. Sure, a $1B bond obligation with liberal payouts would turn cutoff notices into a sport of kings that only the richest rightsowners could afford, but perhaps that’s the way it should be. A rightsowner's decision to send a cutoff notice should be a Big Deal, the equivalent of going to Defcon 5, and not like sending holiday cards to distant relatives you last saw at Ethan's bar mitzvah.

The supporters of the bill, of course, would reject such a suggestion out of hand, noting that it would be unfair and would make it harder for them to "enforce their rights." But that ignores the other side of the equation. If enforcing their rights involves completely destroying someone else's company, then, as Goldman notes, shouldn't it be difficult?

Of course, the chances of this happening are nil. During the SOPA markup, Rep. Jason Chaffetz actually put forth an amendment that didn't even go as far as Goldman's suggestion. It merely said that if you file a lawsuit under SOPA and it turns out that the site was legal, then the plaintiff should pay the legal fees of the defendant. This seems quite reasonable. And it was quickly shot down by SOPA supporters who complained that this was somehow unfair. I still can't figure out why only the copyright holders get to talk about "fairness," while the companies and websites completely destroyed by bogus claims apparently have no "fairness" on their behalf.

Permalink | Comments | Email This Story

Different Treatment For Tech Related Law-Breaking Depending On Whether Or Not You Have Power

Mike Masnick — Wed, 12 Oct 2011 16:01:44 PDT

Rick Falkvinge is noticing one of the bigger hypocrisies when it comes to the law and technology: these days, we hear all the time about the strongest defenders of copyright law being caught infringing. And yet, they never seem to get in much, if any, trouble for it. In fact, they often seem to think that as long as they apologize or ignore the controversy they'll be fine -- and that's how it often works out. But, heaven forbid you're a single parent facing accusations of sharing two dozen songs! The copyright holders get to go after you for many millions.

To Falkvinge, this is reminiscent of the "high court" and "low court" concepts from the Middle Ages, in which the nobility had the high court: where breaking the law had limited consequences, and you could get away with paying a fine and issuing an apology. Then there was the low court, where everyone else was dealt with, and might receive punishments such as "branding, have their hands cut off, or sometimes just thrown in jail if it was a petty offense; like killing another commoner, which was a lesser offense than stealing from merchants." The two classes and the double standard on punishment reminded him of today's digital world:

In reality, the high courts and low courts have been reintroduced in silence. When Sony BMG broke into millions of computers worldwide in 2005, rootkitting them to disable their ability to run instructions that would violate Sony’s own interpretation of its copyright monopoly, Sony was sentenced to send out marketing material for its own products and no individual executives were charged. When LulzSec members were arrested for breaking into systems in the singular, they get the low court treatment.

When a commoner is accused of violating the copyright monopoly, in some draconian countries like France, they can be sent into social exile without even getting a trial in the low court. In contrast, the noble Voddler (a video-on-demand service) violated the GPL egregiously by using free software to build its service — but without resharing the code, thus violating the copyright monopoly that GPL builds on, and for thoroughly commercial purposes. They were never prosecuted. In contrast, they are now speaking at hearings in parliaments on how successful they are.

What bugs me the most is that those who get away with doing these kinds of things never seem to realize how they're in a position of power and protected. They just brush off their own failure to abide by the law as if it's nothing -- and never realize what they're doing to the people they go after.

Permalink | Comments | Email This Story

Do The Statutory Damages Rates For Copyright Infringement Violate The Eighth Amendment?

Mike Masnick — Wed, 14 Sep 2011 06:43:40 PDT

While we often discuss the rather large conflict between the First Amendment and copyright law in the US, Stephan Kinsella is also wondering if the current statutory damages rates in copyright also violate the Eight Amendment and its prohibition on "excessive fines." I somewhat wonder if that issue will come up in the Jammie Thomas appeal, which will focus heavily on whether or not an award within the statutory damages rates was too high, but I believe the focus there will be more on the Fourteenth Amendment, and whether or not it was a violation of due process. In fact, it seems like most of the Constitutional discussions on statutory rates focuses on the Fourteenth Amendment, rather than the Eighth. I'm certainly not a Constitutional scholar (and would love for legal scholars to chime in here), but I believe this is because the courts historically treat these two amendments as related, and effectively argue that the 8th Amendment's ban on cruel and unusual punishment is applied via the 14th Amendment on due process when it involves state laws. So I'm not entirely clear why it's also being used on a federal copyright issue -- but I'm sure someone out there will help explain it to us in the comments shortly!

Permalink | Comments | Email This Story

Does The Punishment Fit The Crime? Is Manslaughter An Equivalent Crime To Copyright Infringement?

Mike Masnick — Wed, 31 Aug 2011 09:19:07 PDT

Via ZeroPaid, we learn of a fun article in the French publication Numerama, which tries to compare the length of time in jail one could get for file sharing in France to a few other crimes (Google translation from the original French). The results are telling, in terms of just how extreme current copyright laws really are. The article includes two lists. The first is of crimes that can get you about the same amount of time in jail. This list includes:

Manslaughter
Sending death threats
Doing biomedical experiments on a person without consent
Provoking someone to commit suicide.
Theft
Escaping prison
Forgery

Clearly, sharing a few songs in an unauthorized manner fits with that list. As for the list of crimes that will get you less punishment, there are some surprises:

Exposing yourself in public
Sexual harassment
Domestic violence
Identity fraud
Abandoning a family
Getting a minor drunk
Making sexual advances on someone less than 15 years old
Abuse and cruelty to animals
Destruction of property

Somehow, it's difficult to see how infringement belongs in that first list. But, that's what you get in this day and age.

Permalink | Comments | Email This Story

Swedish Appeals Court Increases File Sharing Fine By A Factor Of Six

Mike Masnick — Tue, 26 Jul 2011 01:15:00 PDT

Earlier this year, we wrote about a guy who was found guilty of file sharing 44 songs in Sweden, but after the court realized that the actual "harm" done by the guy was minimal, he was fined about 2,000 kronor, a total of about $300 -- or approximately $7 per song. If you think that there needs to be some punishment for file sharing, then this at least seems reasonably in line and proportional to the offense. Of course, Swedish prosecutors appealed and not only sought to increase the fines, but also asked for jailtime for the guy. Talk about disproportionate punishment! Thankfully, the court turned down the jail time request, but it did increase the fine more than six times to 13,000 kronor or about $2,000. This is, still, a lot less than similar cases in the US, but it still seems way out of line for any "harm" done.

Permalink | Comments | Email This Story

Why PROTECT IP Will Fail: Cultural Acceptance, Not Fear Of Punishment, Makes People Abide By Laws

Mike Masnick — Mon, 11 Jul 2011 10:02:17 PDT

Lawyer Ron Coleman has a post about the PROTECT IP Act, called "We're all infringers now," that's worth reading. While it covers similar ground to what we've said before, there's one line in there, towards the end, that is absolutely worth highlighting and repeating:

This new proposed law is a terrible way to try to solve [infringement]. Its passage would only drive the culture further yet from any respect for the rule of law as it applies to intellectual property. But if Big IP hasn’t figured out yet that it is cultural acceptance of legal norms, not fear of punishment, that makes a free society a law-abiding one -- if Big IP doesn’t understand what the de facto attitude of consumers regarding copyright has already become, and where it is already going -- then heck, maybe at this point the law professors and the rest of us should just let Congress already go ahead and give them enough rope.

This is the key point that many of us have been trying to drive home for years. It's the same key point that the SSRC report made in pointing out that "enforcement" and "education" are simply not strategies that work. And that wasn't based on theory. It was based on years and years of detailed research. And yet, to the industry and to the government there seems to be only one single tool in the box for dealing with the challenges of infringement: to scare people. But that only works if people are stupid. And we now have plenty of experience in recognizing that people don't culturally accept the claims of the industry on this issue, and no amount of threats and punishment are likely to change that.

Permalink | Comments | Email This Story

IFPI/BPI: Picking Off The Weak In The Herd

Timothy Geigner — Thu, 2 Jun 2011 04:22:53 PDT

My name is Tim and I'm an addict. Yes, friends, I have to stand up, get my first day of sobriety chip, and admit to you that I'm addicted. To Animal Planet. And National Geographic. Basically those nature shows that show me the beauty of the outside world through the sickly glowing television in my two story walkup on the north side of America's third biggest urban environment.

It's the whole predatory thing, see. I'm fascinated by the way we portray nature's biggest predators, be they sharks, or cheetahs, or falcons. Can't you just hear the calm voiceover now?

"The predator approaches from downwind so as not to alert his prey. He spots the heard, teeming masses of animals drinking from the same stream. Ah ha, he has picked out his victim. An old female, third generation from the looks of her, and perhaps not as spry as the others. Now he begins the chase. He zigs and zags, creating confusion amongst the herd. And then he has her in his jaws, tearing her limb from limb."

Wait. That's not Animal Planet. It's TorrentFreak alerting us that IFPI and BPI are going after an auxiliary nurse grandmother in Scotland whose documented obsessive compulsive disorder caused her to hoard (and apparently make available) thousands of music files (mostly kaoraoke files). In what is being called the first case of its type in the country, the music industry is going after the weak of the herd, apparently. The woman's lawyer noted:

"Alarmingly, this was not a commercial enterprise and Muir was not alleged to have made any money from these offences. She must be considered to have minimal culpability compared to others in the file-sharing chain. Yet again, the industry have chosen to pursue someone remarkable only by virtue of their vulnerability."

Now, before the normal pack of hyenas here begin circling the corpse and nipping at everyone's heels, it should be noted that she only made her files available because doing so was required for her to get access to the Direct Connect hub so she could hoard even more files which, again, was caused (as ruled by the courts, which ordered her to get cognitive therapy) by her obsessive compulsive disorder. And if you think this sounds familiar, it's because the RIAA has been going after grandmothers for years (perhaps they can patent the approach?).

Perhaps I'm just an old softy, but if you're really filing these suits based on principle, why do they have to go after certifiably ill grandmothers? I mean, I appreciate music labels trying to help me with my Animal Planet fix, but maybe mimicking predatory behavior isn't the best business strategy?

Permalink | Comments | Email This Story

No Punishment For Bogus DMCA Notices If Service Provider Doesn't Take Down The Content

Mike Masnick — Tue, 3 May 2011 22:19:19 PDT

One of the issues with the DMCA is that there's very little incentive to avoid sending bogus DMCA notices. There is 512(f), which says that if you misrepresent that content is infringing, you are liable for damages, but it's rarely used. And, now it's been limited further in a court ruling. Earlier this year, we wrote about a silly copyright fight concerning virtual horses and virtual bunnies in Second Life, with one company claiming another company copied its "breedable" virtual animals and that was infringement. It issued a takedown. After it was determined that the copyright claim was ridiculous (there was no direct copying), the company who was on the receiving end tried to claim that there was a 512(f) violation in the original takedown. However, the court dismissed that claim because Second Life never complied with the takedown, saying:

limiting suits for damages to those caused by an actual takedown is a less effective deterrent than allowing suits based merely on the filing of a false Takedown Notification. But the statute is unambiguous in entitling an alleged infringer to damages caused “as the result of the service provider . . . removing or disabling access to the material"

In other words, if the service provider doesn't follow through on the takedown, there's no punishment for filing a bogus DMCA notice. Too bad.

Separately, I hadn't realized just how ridiculous the DMCA notice was. It didn't just ask for a takedown of the virtual animals itself, but of the food for the animals, in order to make the virtual animals die. This snippet from the ruling struck me as amusing:

The Notification sought, among other things, the removal from Second Life of Amaretto's virtual "food" and "water." Had the takedown occurred, the virtual horses would have "died" from "starvation" and/or "thirst" within 72 hours.

Yup. Using copyright to "starve" to "death" virtual animals. I'm sure that's exactly what our Founding Fathers were thinking about when they wrote the Constitution.

Permalink | Comments | Email This Story

Court Disagrees On Whether Or Not Schools Can Punish Students Over Fake Social Network Pages

Mike Masnick — Mon, 8 Feb 2010 08:01:00 PST

We were just discussing whether or not a school can punish students for their social networking activity, and now we've got two legal rulings on the subject. Unfortunately, they seem to conflict with each other, despite coming from the same appeals circuit!

Both cases involved students creating fake MySpace profiles of the schools' principals. Both students were punished, but in one case the court said the school went too far ("Public schools are vital institutions, but their reach is not unlimited...") while the other said it was fine ("We decline to say that simply because the disruption to the learning environment originates from a computer located off campus, the school should be left powerless to discipline the student."). The difference appears to be that in the latter case, the school claimed that the fake profile resulted in disruption in the classroom because "students were talking about the profile rather than paying attention to class."

That seems like a pretty fine line, because now a school will have to do is suggest that students in the school were discussing an activity that took place outside of school to allow the school to punish the student for off-campus speech. From a First Amendment standpoint, that seems pretty difficult to accept -- and certainly seems to go against the principles set forth by the famous Tinker decision concerning free speech rights of students on campus.

Permalink | Comments | Email This Story

Tough To Punish Those Who File Bogus DMCA Takedowns

Mike Masnick — Mon, 4 Jan 2010 06:40:07 PST

We all know that it's quite common for the DMCA takedown process to be abused to suppress content that the takedown sender did not hold the right to, or which was clearly covered by fair use. Technically, the DMCA has section (f) which makes the notice issuer liable for misrepresentations, and could force them to pay legal fees. But it's difficult to think of many cases where this has been actually used successfully. Often, those caught abusing the DMCA just say "sorry, it was a mistake" and get away with it. Funny, of course, that the same doesn't work in the other direction for those caught infringing on copyrights under the DMCA. Say "sorry, it was a mistake" and you still might owe thousands of dollars.

Eric Goldman highlights a case where an ISP tried to use section (f) to go after a bunch of folks who issued questionable DMCA takedowns that were clearly designed to harass a couple of websites (and, at one point, were used to try to take down the entire ISP). The details are a bit convoluted, but basically, a group of people critical of what was being said on a website issued a series of DMCA takedowns to keep the site down every time it came back up following a counternotice. This seems like a perfect case where the takedown issuers should be hit with sanctions of some sort, but the case was dismissed on procedural grounds instead, which seem to be based on a misunderstanding of the DMCA itself.

But, more important is how this case demonstrates how the DMCA is abused not to prevent copyright infringement, but to try to silence speech that someone doesn't like. We've had plenty of discussions about the conflicts between the First Amendment and copyright law, but here is a case where Congress has made a law that is all too often used to stifle speech.

Permalink | Comments | Email This Story

WIPO Director General Against Draconian Anti-Piracy Punishment... But For The Wrong Reasons

Mike Masnick — Fri, 13 Nov 2009 12:43:24 PST

We were a bit surprised, recently, to hear at a WIPO (World Intellectual Property Organization) meeting that they actually appeared to be taking more of an evidence-based approach to copyright, rather than just assuming that "more is better." And now, the Director General of WIPO, Francis Gurry, gave an interview where he explained why he thought that high fines and jailtime weren't the answer to piracy. He's exactly right, which is a bit surprising. But as you read the details, it sounds like he might be right for the wrong reasons -- which isn't all that surprising.

It's not that he thinks that the better approach is for companies and content creators to adjust their business models -- but that he's afraid the draconian punishment schemes are basically a PR nightmare for WIPO's continuing fruitless effort to convince people that infringement is evil:

"I don't believe we are going to win this, (to) find the solution by putting teenagers in jail," Gurry said in an interview on a visit to India. "I think that is not going to win public sympathy."

"Part of the battle here is to sensitise the public to the fact that there is a real issue involved. It is not simply a victimless crime...."

Amusingly, the whole reason the RIAA kicked off its lawsuit strategy was based on similar thinking: that it was an "education" campaign that would convince people that there was "harm" done from file sharing. Of course, it didn't work. At all. And no education campaign is going to work, because it's just the basic nature of economics. If the technology has made the product infinite, it's not a moral issue or a legal issue: it's a business model issue. The answer is to change business models, not hope and pray that you can somehow convince people that it's "bad" to do something that obviously can be done quite easily.

So, yes, Gurry is correct that draconian punishment has created a massive PR backlash that has helped make things even worse, but an education campaign isn't going to make a difference. Only a business model change can fix a business model situation -- and we're already seeing that happen just fine in many parts of the world. It's not an education campaign that will help the content industry. It's smarter business models.

Permalink | Comments | Email This Story

How Do You Ban Someone From Posessing A 'Recording Device'?

Mike Masnick — Tue, 24 Feb 2009 10:12:56 PST

Michael Geist points out that a guy in Canada has been convicted under an anti-camcording law for recording a showing of the movie Dan in Real Life (I'm sure it was big on all the torrent sites). However, what struck me as interesting was the punishment handed out. The guy is on 24 months of probation, has to perform 120 hours of community service, is barred from entering a movie theater or associating with anyone involved in movie piracy. And... he is barred from owning any recording device.

That seems a bit broad. After all, most mobile phones these days are recording devices. Any computer is a recording device. An iPod can be a recording device. I can understand the thought process that went into such a ban, but it seems to overreach in its intended impact.

Permalink | Comments | Email This Story

Convicted Spammer Claims Anti-Spam Law Is Unconstitutional

Mike Masnick — Thu, 13 Sep 2007 02:44:48 PDT

A few years ago, the state of Virginia convicted a notorious spammer under its state anti-spam laws, and sentenced him to nine years in prison. The spammer, Jeremy Jaynes has been appealing the decision ever since, without much luck. Last year, an appeals court upheld the conviction and noted that a nine year sentence didn't seem excessive. However, it appears Jaynes is now trying a totally different route to fighting the conviction: claiming that Virginia's anti-spam law is unconstitutional. The idea is that it violates first amendment free speech rights by banning even spam that's non-commercial in nature. The state, however, is responding that the law doesn't ban any kind of speech at all -- but it does ban falsifying information in order to trespass on others' systems for the sake of advertising. There may actually be a fairly fine line that's worth distinguishing here between banning the specific kind of speech and whether or not the "speaker" is falsifying information in order to get across that speech. It seems unlikely that the courts will rule against the anti-spam law, but if it does it would be interesting to see if spammers in other states follow suit.

Permalink | Comments | Email This Story