Chris's Techdirt Profile


About Chris

Posted on Techdirt - 11 April 2012 @ 11:26am

No, Violating Your Employer's Computer Use Policy Is Not Criminal Hacking

You may remember a story from last year about David Nosal, a man who was essentially convicted of computer hacking because the Ninth Circuit Court of Appeals determined that he “exceeded authorized access” on his employer’s computer system when he broke the written rules regarding how data on that system could be used (in this case, by accessing said data before leaving the company for a competitor). Whether or not accessing the data was some other legally actionable offense, its prosecution under the Computer Fraud and Abuse Act (CFAA) set an alarming precedent for the rest of us.

As noted at the time, if breaking any arbitrary rule a company places on its IT system is “hacking”, then most office workers could be in big trouble. Did you check Facebook using a company computer? You could be charged with criminal hacking if the rules say you shouldn’t. To make matters worse, as Orin Kerr argued then, prosecutions like this aren’t necessarily limited to desktop computers, since the line for what constitutes a computer is so blurry these days. Did you use your company smartphone to call home and tell your wife that you’ll be late for dinner? That’s could be good for ten years in prison, if company policy prohibits making personal calls from it.

Of course, this isn’t the first time prosecutors have tried to abuse the CFAA. Recall, if you will, the infamous case of Lori Drew, who was prosecuted under the theory that violating a Terms of Service was also the same thing as hacking. Ridiculous, to be sure, but a jury convicted her anyway. That conviction was eventually overturned by the judge in the case, but others haven’t been so lucky, and given the last decision by the Ninth, things were looking pretty grim for common sense.

Happily, however, the Ninth decided to re-hear David’s case en banc (meaning with all the judges, rather than a small panel of them), and has now reversed the previous ruling. The analysis by the always-entertaining Judge Kozinski makes it perfectly clear where the line is drawn:

We construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals. […] This narrower interpretation is also a more sensible reading of the text and legislative history of a statute whose general purpose is to punish hacking—the circumvention of technological access barriers—not misappropriation of trade secrets—a subject Congress has dealt with elsewhere. Therefore, we hold that “exceeds authorized access” in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use.

Since decisions have gone the other way in other circuits, Kozinski goes even further, and says that other courts have “failed to apply the long-standing principle that we must construe ambiguous criminal statutes narrowly” and that they at the Ninth “respectfully decline to follow our sister circuits and urge them to reconsider instead.”

Hopefully, other courts will heed this message, but for now, this is a win for everyone on the west coast.

Posted on Techdirt - 10 October 2011 @ 08:28am

Meghan McCain Slapped Down; Will It Be A SLAPP Down?

Meghan McCain is angry. Apparently, Leon Wolf at Red State, who previously wrote a hilariously scathing review of her book, also wrote two obvious parody posts under the name “Totally Meghan McCain”, which didn’t sit well with Meghan. Of course, she then did what any rational person would do when confronted with someone making fun of them on the internet: she sent in the lawyers.

Specifically, she had her lawyers send a cease and desist (pdf) letter to RedState, claiming that “these fake front page posts place Meghan McCain before the public in a false light which is highly offensive to a reasonable person,” and that the RedState community “acted in reckless disregard as to their falsity and the false light in which Meghan McCain was being placed.” Unfortunately, RedState announced that although they believed they were legally in the clear, they would take down the posts anyway.

That, in turn, didn’t sit well with Leon, who reposted the parodies to and had his lawyer send his own response. The response letter is, in a word, epic:

[T]he subject matter of your letter is a fairly obvious parody to any person of even barely functional literacy. Thus ? and your client probably didn?t tell you this ? even she recognized that the posts were parodies (or ?parody?s,? as she put it). At approximately 8:25 p.m. EDT on September 17th, your client posted to her Twitter feed, ?I don?t care about parody?s(sic) or fake names ? but falsely putting my name on someone else?s writing is illegal.? She then subsequently deleted this Tweet, presumably when someone told her that ?parody?s? were constitutionally protected and it might look bad in a subsequent lawsuit if she were caught admitting in public that these posts were obvious parodies. Not to worry: My client has screenshots.

(I treat as obvious humor the assertions in your letter that the parodies in question were appropriations of your client?s likeness for advertising purposes, and that persons with no minimum contacts at all with California would in any way be susceptible to jurisdiction there. It is my sincere suggestion that your client do so as well.)

My client will not be bullied out of exercising his First Amendment right to make clear his belief that your client is a spoiled, brainless twit who is cheapening the political discourse in this country. Therefore, henceforth, the ?Totally Meghan McCain? series may be found at for your client?s reading pleasure.

Normally, after such a slap down, I would assume that Meghan’s lawyers would wisely decide not pursue the matter further, but these days, who can say? If it does go further, at least the rest of us can cross our fingers for more letters like the above.

Posted on Techdirt - 5 August 2011 @ 07:39pm

When Innovation Meets the Old Guard

You’ve probably heard of Khan Academy, the online lessons that have been praised so highly. Wired recently put up an article on how it’s a complete game changer, and how children have been able to advance at a blistering pace using their materials. So what does the public school system think of it?

So what happens when, using Khan Academy, you wind up with a kid in fifth grade who has mastered high school trigonometry and physics?but is still functioning like a regular 10-year-old when it comes to writing, history, and social studies? Khan?s programmer, Ben Kamens, has heard from teachers who?ve seen Khan Academy presentations and loved the idea but wondered whether they could modify it ?to stop students from becoming this advanced.?

I’ll just let that sink in for a moment.

It’s not an uncommon phenomenon. People get so caught up in “the way things are done” that they can’t possibly comprehend any other way of doing things. Therefore, when you show them a child learning faster than his or her peers, the focus is not on how fantastic it is, but on how we’ll be able to keep that child in the same class as other kids their age. Why is it necessary to group kids by age? Because it’s just what we do. When a child is bumped up a grade, why do we do it for all subjects at once, instead of each subject separately? Because it’s just what we do. The educational system was created to teach children; now it exists to perpetuate the current educational system.

It’s hard not to equate this same thinking with the current dreadful state of copyright. You can show how an artist is making more money than they ever had before by encouraging sharing rather than sending in the lawyers, and your average maximalist will say, “It’s great that they are making more money, but how do we keep control of the content?” In doing so, they put maintaining the status quo ahead of attaining the result that the system was designed to encourage. The copyright system was created to promote the progress of the arts; now it exists to perpetuate the copyright system.

Even our justice system is not immune to this kind of thinking. Laws against child pornography were created to prevent the victimization of children, now we use them to try to ruin the lives of children. We threaten vegetable growers, arrest DIY roofers, and send SWAT teams after orchid importers and raw milk sellers. Our system of law was created to promote justice; now it exists to make criminals.

Does teaching every child the exact same lesson at the same age serve our educational needs? Will arresting people who merely link to infringing videos give artists an incentive to create? Is the patent thicket around mobile phones to the benefit of consumers? Do we all sleep easier at night knowing that a 66-year-old man is locked away in federal prison because some of his orchid paperwork was missing?

If we ever want our institutions to serve us rather than serve themselves, it’s time to focus on what we had hoped to gain from them in the first place, and to question every assumption that underlies them.

Posted on Techdirt - 27 July 2011 @ 02:08pm

China Monitors WiFi, US Takes Notes?

In a move that perhaps surprises no one, China is now requiring all providers of free WiFi to install expensive monitoring software that tracks their users, or face heavy fines. According to the officials in the Dongcheng Public Security Bureau, the rules are in place to catch people who “conduct blackmail, traffic goods, gamble, propagate damaging information and spread computer viruses.” And I’m sure if they just happen to catch a political dissident here and there, well, that would just be a fortuitous turn of events.

I think even the least cynical among us can see what the real aim is here. What concerns me, however, is how the US will respond.

If history is any indication, US officials will denounce this as a restriction on free speech, while at the same time making sure to vigorously support such restrictions at home. They’ll probably decry the new Chinese efforts as privacy invasive while doing their best to make ISPs retain data on customers for law enforcement use. No doubt they will have strong words to say about internet censorship around the globe while they craft bills to take down websites with little or no due process. In fact, the very notion of open WiFi itself has been under siege for quite some time. Operating an open connection can already get your internet disconnected, or have your house raided by a swat team. With all that hypocrisy in mind, the next step for the US with regard to open WiFi seems pretty clear.

Lest you think I am engaging in hyperbole, perhaps an exercise is in order. All we need to do is to adjust the stated goals of the Chinese to match current US culture and politics:

1. “Blackmail” is not a hot button issue here, so they might want to claim the needed data retention policies are to stop child porn instead. That always sells well.
2. “Traffic Goods” sounds an awful lot like trading in counterfeit goods. And of course we know that selling fake medicine is just like copyright infringement.
3. “Gambling” is easy enough. We already seize poker sites. We even set up our own fake payment sites so we can steal money from gamblers too!
4. “Propagate damaging information?” What could be more damaging than <a href=”””>wikileaks, which we’re trying desperately to charge with something (anything!).
5. “Spread computer viruses” fits nicely into the current cybercrime fear-mongering.

Can anyone honestly say that they can’t see a US politician standing up tomorrow to announce that we need to start monitoring our own open WiFi connections to stop “child pornography, copyright infringement, online gambling, disclosure of national secrets, and cybercrime?” That’s practically the holy grail of political grandstanding, and what politician is going to speak out against that?

Posted on Techdirt - 11 July 2011 @ 07:58am

Secret Service Descends on Artist For Mildly Creepy Public Photography

So this is one of those interesting scenarios that really tests the boundary between what people find to be socially unacceptable behavior versus what is actually illegal under current law. Artist Kyle McDonald put a strange art project into practice when he installed what amounts to surveillance software on the public computers at an Apple store and used the images collected to create a presentation that he hoped would give us, by the facial expressions captured, insight into our relationship with the computers we use:

Image from Notcot

An interesting project that borders on creepy. But it is illegal? Apparently, the Secret Service is now involved:

On three days in June, McDonald’s program documented people staring at computers in Apple stores. Since the stores wiped their computers every night, he had to go back in and reinstall the program each day he took photos. He uploaded a collection of the photos to a Tumblr blog, and last Sunday he set up ‘an exhibition’ at the Apple stores. During the unauthorized event at the Apple stores on West 14th Street and in Soho, when people looked at an Apple store machine, they saw a picture of themselves. Then they saw photos of other people staring at computers. Amazingly, nobody made a fuss. […]

Over the course of the project, McDonald set up roughly 100 Apple store computers to call his servers every minute. That’s a lot of network traffic, and he learned that Apple monitors traffic in its stores when he received a photo from a Cupertino computer of what appeared to be an Apple technician. The technician had apparently traced the traffic to the site McDonald used to upload the program to Apple Store computers; and installed it himself.

McDonald figured that Apple had decided the program wasn’t a big deal. That was until four Secret Service men in suits woke him up on Thursday morning with a search warrant for computer fraud. They confiscated two computers, an iPod and two flash drives, and told McDonald that Apple would contact him separately.

Even more interesting than his project about how people perceive their relationship with their computer might be how people perceive the artist’s actions here. Many people seem to be up in arms, and feel quite strongly that his actions were criminal and should be punished. But what crimes did he actually commit? None of the immediately obvious arguments would appear to be viable when you consider the facts of the situation:

1. Unauthorized access to a computer (hacking): The computers he used were open to the public, so no hacking there. Some might say that his program installation exceeded his allowed access, but I don’t think customers are forced to sign any kind of agreement before using the computers, and even if they were, it is not currently the law (yet) that violating a Terms of Service agreement constitutes hacking.

2. Violation of Privacy: To argue a violation of privacy, in most places you would have first argue that the person videotaped had a reasonable expectation of privacy in the first place. Certainly, being in a public location, Kyle could have snapped pictures of those very same people with a handheld camera and, short of Apple themselves giving him the boot off the premises for annoying their customers, there would be no legal consequences to doing so. Additionally, it’s highly likely that Apple (or the mall itself) had their own cameras present for security purposes. All in all, this would appear to be a nonstarter as well.

3. Wiretapping Laws: Someone might be inclined to link this to cases we’ve seen recently where police officers charge the people videotaping them with violating state wiretapping laws. They would be forgetting, however, that wiretapping statutes are usually restricted to audio. Still pictures means no wiretapping.

Now, despite my admittedly snarky sub-heading, it’s also not clear that the Secret Service necessarily overreacted in this case. You have to realize that an investigating Apple employee found that a person had been (for several days no less!) installing a program on multiple Apple computers that called home repeatedly, presumably with information gleaned from those computers. Without knowing exactly what the program was or its intended purpose, it would be very reasonable to expect the worst. It’s not beyond the realm of possibility that some customers log into websites or otherwise do things on a public computer that a keylogger would love to pick up. Hopefully, though, when they discover the true nature of the program, they’ll realize it was all a misunderstanding and give the guy back his expensive electronics. Other legal experts seem to agree, but plenty of others are up in arms about this.

What do you think? Is what he did a crime, or merely creepy? Neither? Both? If it’s a crime, what crime? If not, should it be?

Posted on Techdirt - 1 July 2011 @ 06:16am

Developer Takes Game Down Due To Piracy, But With A Twist

Perhaps like some of you, I follow Notch, the creator of Minecraft, on Twitter, and he frequently plugs other games he thinks are worthwhile (or not; see his Duke Nukem “review”). So it was with great interest that I read a tweet of his showing solidarity with the developers of a game called ProjectZomboid and their recent struggle with piracy. Naturally, I had to look into this, both because Notch’s recommendations are usually very worthwhile, and because, as a Techdirt reader, I wanted to see what all the piracy fuss was about. Given Notch’s previous statements about his lack of concern over “piracy,” it certainly caught my attention. As it turns out, and as the title of this post implies, the developers of ProjectZomboid had recently taken down the paid version of their game due to piracy.

Now, if you’re a regular reader and fellow Kool-Aid drinker I know what you’re going to say. I had a facepalm moment myself, since we often see misguided creators try to combat piracy by removing the only legal avenue to purchase their work online, thus ensuring that the pirated version is the only version their fans can get their hands on. But when I read more about their decision making, I found that their reasons had nothing to do with the typical, fallacious “every pirated copy is a lost sale” mentality, and instead were centered on a technical flaw in their distribution system that actually cost them money from pirated copies. Their news item about the take down made it quite clear that while they would, of course, prefer that people paid, they don’t see piracy as some kind of demon that sucks away their revenues:

Pirates have made a version of the game that auto-downloads Project Zomboid from our server whenever the player clicks an ‘update’ button.

We’ve always turned a blind eye to pirate copies, even on occasion recommending people who had problems with the legit version try a pirate version until the issues are resolved. We realise the potential viral benefits of pirate copies, and while obviously we?d prefer people to purchase our issue is not with those.

However, these ‘auto updating’ versions of the game could screw us completely. We have a cloud based distribution model, where the files are copied all over the world and are served to players on request, which means we are charged money for people downloading the game. Whether piracy actually amounts to lost sales we’re not going to get into. The possibility that it raises awareness and promotes the game cannot be ignored, but the difference is offline versions on torrents, which we’ve been largely unconcerned about, do not cost us real money, only potential money, and even then we can’t really guess at what the net effect is.

Those are the words of a developer who has gotten past the standard knee-jerk reaction to piracy and are starting to think about how it can be a benefit, which is something I always like to see. And after they took down the paid version of the game, they wisely put up a free tech demo in its stead to tide the public over until they can get a new distribution model set up.

All in all, their attitude toward the whole situation and their quality demo certainly worked on me, an IP “abolitionist”. I ended up forking over my ~$8 quite eagerly, and if you enjoy a good zombie apocalypse, maybe you will too.

Posted on Techdirt - 30 April 2011 @ 12:00pm

Chris Rhodes Favorite Techdirt Stories Of The Week

This week’s favorites post comes from Chris Rhodes.

Gather ’round, ye Techdirt readers. Whether ye be Kool-Aid drinkers or anonymous trolls, freetards or industry shills, spam bots or Dark Helmet himself, gather ’round, and I shall impart to you the harrowing tale of the best of Techdirt. Looking back, if I were to assign a Word of the Week to this week’s stories, that word would have to be “irrelevance”, as it seems to be a key point of many of the choice posts, whether it was applied to IP maximalists, government organizations, or even your average blogger.

The Righthaven saga hit a little bit closer to home for me when Radley Balko, another blogger I read regularly, decided to preemptively take down a great post he had written after some of his friends pointed out that quoting and linking to the LVRJ was likely to get the Righthaven lawyers drooling into their briefcases. So it was with great delight that I read this Techdirt post: Another Judge Slams Righthaven For Chilling Effects That Do Nothing To Advance Copyright Act’s Purpose. Just as its title implies, it tells the tale of yet another judge who sees right through Righthaven’s transparent attempt to enrich themselves at the expense of the public, and delivers them the verbal pistol whipping that their evil shenanigans so rightly deserve. Will it stop them? Probably not. But how long is such a business model sustainable? As Radley says in his explanation, “The Las Vegas Review-Journal […] is apparently hellbent on making itself completely irrelevant in the information age. Far be it from me to get in their way.” Indeed.

Next up, I would be completely remiss in my duties if I didn’t mention the disparity between the attitude of people like Nina Paley (as evidenced by her fantastic Yes Means Yes post), and the attitude of people like James Gannon (as evidenced by his comments here). Nina Paley wants you to copy, share and spread her work to wider audiences whenever and wherever possible, and believes that asking permission is a complete waste of time for all parties involved. Gannon, on the other hand, believes that people should rush to ask his permission before even linking to or quoting from the content he’s already posted to the world at large (perhaps he writes for the LVRJ?). Which attitude is likely to keep an artist relevant in the long run? It’s a rhetorical question. Keep in mind, however, that if you don’t let anyone talk to or about you, you just might end up talking to yourself.

And the week just wouldn’t be complete without more examples of security theater at the TSA, where fondling Miss USA and enforcing a “rules is rules” approach to security without a hint of rational thought behind it is somehow equated to passenger safety, but where making sure the passengers you choose to screen actually get screened is not. I imagine it requires quite a strong stomach anymore for people to rush to the comment sections of stories like these and proclaim that the TSA still deserves the benefit of the doubt. As more evidence of invasive searches, haphazard enforcement, and ludicrous policies surface, the populace is beginning to see how irrelevant the TSA really is on the issue of safety. As Lewis Black once said, perhaps they could skip all the standard procedures and just point a magic stick at us instead, chanting “OogaboogaOogabooga”. It would probably be just as effective in the long run, and would no doubt be a whole lot cheaper for all parties involved.

Happily, on the other side of the coin, we have a story about a theater owner who understands how to stay relevant in an era of big screen TVs and Blu-Ray players, and that his job is selling an experience, and not necessarily content. Any piratebay goer can torrent a film online, but very few can reproduce a good theater experience. If owners started to take their job of improving the theater experience as seriously as they seem to whine about every new technology that appears on the market, perhaps they wouldn’t be in such a bind these days. Kudos to Tim and Caitlin at the Alamo Drafthouse Theater in Austin for recognizing this.

And with that, I’ll wrap this post up. Stay relevant, kids!

More posts from Chris >>