DMCA Doesn't Lock Garage Doors, Fed. Circuit Affirms

Posted by Wendy Seltzer

The Federal Circuit today affirmed [PDF] that the DMCA does not "divest the public of the property rights that the Copyright Act has long granted to the public." The court ruled that that Skylink's universal garage door opener does not violate the DMCA Section 1201(a)(2). (See EFF's Chamberlain v. Skylink archive.)

Chamberlain had claimed that Skylink's sale of interoperable garage door remotes violated the DMCA ban on trafficking in circumvention devices. The court rightly rejected that argument, saying that DMCA prohibitions must be tied to copyright rights to fit the balance copyright embodies.

Chamberlain's proposed construction would allow copyright owners to prohibit exclusively fair uses even in the absence of any feared foul use. It would therefore allow any copyright owner, through a combination of contractual terms and technological measures, to repeal the fair use doctrine with respect to an individual copyrighted work-or even selected copies of that copyrighted work. Again, this implication contradicts § 1201(c)(1) directly. Copyright law itself authorizes the public to make certain uses of copyrighted materials. Consumers who purchase a product containing a copy of embedded software have the inherent legal right to use that copy of the software. What the law authorizes, Chamberlain cannot revoke.

With its reading of fair use, "authorization," and the dangers of copyright misuse by those who would block interoperability, the Fed. Circuit adds some important nuance to the DMCA. "[T]he DMCA emphatically did not 'fundamentally alter' the legal landscape governing the reasonable expectations of consumers or competitors."

[Permalink]

The New York Times Groks Grokster

Posted by Wendy Seltzer

The New York Times runs an editorial on the MGM v. Grokster decision that gets to the heart of why EFF took the case on behalf of Grokster co-defendant StreamCast Networks:

It is impossible to strike down software like Grokster for its use in illegal file-sharing without also destroying its capacity for legal and socially beneficial activities.... Freedom of information is at the root of American democracy, and yet every day we see that freedom being compromised, controlled and limited. The Grokster decision is a ruling in favor of keeping our bets open about which technologies will turn out to serve our freedoms best.

[Permalink]

Speaking of CAPPS III...

Posted by Donna Wentworth

Bruce Schneier has a new op-ed questioning the rationale behind checking all air travelers against the government's "no-fly" list, the central feature of the new CAPPS II, "Secure Flight":

Imagine a list of suspected terrorists so dangerous that we can't ever let them fly, yet so innocent that we can't arrest them -- even under the draconian provisions of the Patriot Act.

This is the federal government's "no-fly" list. First circulated in the weeks after 9/11 as a counterterrorism tool, its details are shrouded in secrecy.

But, because the list is filled with inaccuracies and ambiguities, thousands of innocent, law-abiding Americans have been subjected to lengthy interrogations and invasive searches every time they fly, and sometimes forbidden to board airplanes.

It also has been a complete failure, and has not been responsible for a single terrorist arrest anywhere.

[Permalink]

CAPPS II Returns from Summer Vacation

Posted by Kevin Bankston

The LA Times has an article [reg. req.] carrying news that the Transportation Security Administration (TSA) has officially confirmed what we've long known: the controversial CAPPS II passenger profiling system didn't die. It simply spent its summer vacation at the clinic and spa, getting a not-so-extreme makeover.

The upshot:

* TSA has ditched the non-spinnable name: CAPPS II is now called "Secure Flight." It also ditched the PR disaster of assigning all passengers a color-coded score (the functionality hasn't changed, though -- the program still ranks you according to your perceived threat-level).

* TSA says it won't (for now) dig through commercial databases to confirm your identity before a flight, but it will send your entire "Passenger Name Record" (name, address, itinerary, credit card information, etc.) to the government to check the information against its Senator or Terrorist? [reg. req.] watchlists. TSA also admits that it will "examine the possibility" of eventually using commercial databases by testing them with passenger information from completed flights.

* TSA claims that the new program will not use air travel as a national roadblock to screen for criminals like CAPPS II would have. It also says it will try to match people to watchlists rather than do "predictive" data-mining and analysis to guess who might be a terrorist -- but we imagine TSA will "examine the possibility" of doing that, too, by testing saved data.

TSA has a press release on the new system, stating that "TSA will collect passenger data and begin testing Secure Flight within the next 30-60 days," and that "TSA will likely move forward with implementation of the system nationally after testing is completed and the agency publishes a final Notice of Proposed Rulemaking (NPRM)."

Translation? Within a month, you too could serve as a guinea pig for government surveillance. And provided you don't raise too much of a fuss about that, every American who travels by air will join you.

[Permalink]

For Election Integrity, Give Voters "Paper or Plastic"

Posted by Donna Wentworth

The California Voter Foundation has published the Ten Things Elections Officials Can Do to Secure the Vote This November, and its number one recommendation is that voters be given the option to vote on paper wherever non-auditable voting technologies are used, providing everyone with the choice of "paper or plastic." We couldn't agree more.

Thanks to the efforts of secure voting advocates and our Secretary of State, California residents already have this choice, and EFF urges Californians to choose to vote on paper this November. EFF is working with a number of groups to get this policy adopted all across the nation.

For those living in locations using non-auditable electronic voting technologies (called DREs, for "direct recording electronic" devices), your best option is to vote by absentee ballot. In some locations you don't have to be "absent" to vote by absentee ballot. You simply have to ask for it. Other areas have more specific requirements, so if you don't know for sure, check the website of your state elections office.

For more information or to get involved, check out EFF's e-voting page and the California Voter Foundation's progress report on the fight to ensure secure voting nationwide.

[Permalink]

No Logs Are Good Logs

Posted by Annalee Newitz

Deep in the darkest heart of your servers, there live files known as logs. They contain all manner of intensely revealing information about people who use your systems. Web server logs might show which URLs somebody has visited, for how long, and what they wrote on an anonymous message board. Email server logs can even contain information about who is sending email to whom.

The truly scary thing is that many Online Service Providers (OSPs) don't realize they're collecting all this personal data in their logs. Or, if they do know, they have no policy in place to protect the privacy of the people whose online activities they've routinely been logging.

This data is of great interest to third parties, including attorneys pursuing cases, industry groups like the RIAA, and state and federal law enforcement. Under the USA PATRIOT Act, the government has greatly expanded powers to request this kind of information, and OSPs must respond to requests for private user data and logs. Yet complying with these demands threatens the OSP's goal of providing users with reliable, secure network services.

To help OSPs respond to these increasing legal pressures, EFF has written a white paper outlining best data-logging practices for OSPs. This is required reading for anyone who works at an OSP, or uses one -- in other words, just about everyone.

[Permalink]

This Song Belongs to You and Me

Posted by Fred von Lohmann

EFF has just announced that the JibJab suit has been settled. The resolution was a complete victory for JibJab, which will be entitled to continue distributing the "This Land" animation without further interference from Ludlow.

Two things made this outcome possible. First, JibJab's fantastic animation is a clear case of fair use, for the reasons described in detail in our earlier letter to Ludlow's attorney.

But also important was our other discovery: "This Land Is Your Land" has been in the public domain since 1973.

Fact #1: Guthrie wrote the song in 1940. At that time, the term of copyright was 28 years, renewable once for an additional 28 years. Under the relevant law, the copyright term for a song begins when the song is published as sheet music (just performing it is not enough to trigger the clock).

Fact #2: A search of Copyright Office records shows that the copyright wasn't registered until 1956, and Ludlow filed for a renewal in 1984.

Fact #3: Thanks to tips provided by musicologists who heard about this story, we discovered that Guthrie published and sold the sheet music for "This Land Is Your Land" in a pamphlet in 1945. An original copy of this mimeograph was located for us by generous volunteers who visited the Library of Congress in Washington, DC. For those who are not able to visit the Woody Guthrie Manuscript Collection at the American Folklife Archives, we've posted a copy of the document.

This means that the copyright in the song expired in 1973, 28 years after Guthrie published the sheet music. Ludlow's attempted renewal in 1984 was 11 years tardy, which means the classic Guthrie song is in the public domain. (I'll note that Ludlow apparently disputes this, although I've not heard any credible explanation from them.)

Thanks to everyone who expressed support for JibJab and to the many people who helped us to do the research that needed to be done regarding the history of the song.

So Guthrie's original joins the Star-Spangled Banner, Amazing Grace, and Beethoven's Symphonies in the public domain. Come to think of it, now that "This Land Is Your Land" is in the public domain, can we make it our national anthem? That would be the most fitting ending of all.

[Permalink]

Judge Posner: Misuse Remedies for Copyright's Chill

Posted by Wendy Seltzer

Judge Posner, over at the Lessig blog, describes

a very worrisome problem concerning fair use. It has to do with a dichotomy long noted by legal thinkers between the law on the books and the law in action. They often diverge. And fair use is an example of this divergence. As I said in an earlier posting, fair use often benefits rather than harms the copyright holder. However, it doesn't always; moreover, even if a copyright holder is not going to lose, and is even going to gain, sales from a degree of unlicensed copying, if he thinks he can extract a license fee, he'll want to claim that the copying is not fair use; and finally, because the doctrine has vague contours, copyright owners are inclined to interpret it very narrowly, lest it expand by increments.

The result is a systematic overclaiming of copyright, resulting in a misunderstanding of copyright's breadth.

We at EFF and Chilling Effects have seen these copyright overreachings frequently too. Sometimes, though, we find a little guy who doesn't want to cave in the face of threats, doesn't want to remove the web posting or excise the portion claimed to "infringe," but wants to fight for his fair use and First Amendment rights.

In the case of OPG v. Diebold, when Diebold claimed that copyright in internal emails entitled it to demand that ISPs remove criticism of Diebold e-voting machines, we took OPG's case and sued Diebold for copyright misuse and DMCA misuse. The way misuse works, if you assert more copyright than the law gives you, you're barred from enforcing any copyright in the work until you stop overreaching. Like the owner of the golden-egg-laying goose, if you ask for too much, you get nothing at all.

Judge Posner recommends the doctrine of copyright misuse too -- and as a judge, he doesn't just blog about solutions, but suggested this one in his WIREdata opinion. Let's hope that more courts, and more lawyers for the little guys, can use this doctrine to keep copyright overreaching in check.

[Permalink]

Army Okays Computer Spying

Posted by Donna Wentworth

JetBlue ignited a huge privacy scandal when the news broke that the airline secretly provided more than 5 million passenger records to Torch Concepts, a military contractor. Yet the Army Inspector General Agency concluded [PDF] that JetBlue did not violate the Privacy Act. The reason: Torch never looked up individuals by name, but instead used a computer to dig through and analyze their private information.

The Privacy Act specifically bars the government from creating secret databases that track people by name and social security number. But the Army contends that Torch didn't create this kind of system. Torch employees didn't search for individuals; a Torch computer crunched data. "The evidence indicated that Torch neither created nor maintained a system of records as defined by the Privacy Act of 1974," reads the report. "There was no evidence that Torch retrieved individual records from the databases...by name or by any other identifying particular at any time in the course of the study."

So according to the Army Inspector General report, Big Brother is a-okay -- as long as the government outsources the dirty work to a computer.

For more information, see this Wired article and the Army Inspector General's redcacted report [PDF], obtained by Wired under the Freedom of Information Act.

[Permalink]

The Call Is Cheap. The Wiretap Is Extra.

Posted by Donna Wentworth

The New York Times today looks (reg. req.) at the many costs that will be imposed on consumers and businesses by the FCC's plan to apply the Communications Assistance to Law Enforcement Act (CALEA) to the Internet and require Voice-over-IP (VoIP) providers to build wiretap-readiness into their systems. The controversial wiretapping plan will further erode online privacy, increase the cost of both Internet access and Internet-based phone services, and hinder technological innovation (see previous Deep Links coverage).

Our own Lee Tien warns that the potential for misuse is "pretty broad." "The problem is that if you are using a sniffer box to perform the interception, you may handle all the traffic going through," explains Tien. "In the end, a packet sniffer gets you everything."

If it sounds extreme, that's because it is. Fortunately, the FCC is taking comments from the public on the plan. EFF is preparing an action alert that we'll be posting in the next few weeks. In the meantime, check out the EFF FAQ, which provides exhaustive detail on what the plan entails and why it's a profound threat to privacy and innovation.

[Permalink]