Fred von Lohmann, Intellectual Property, EFF
*Time: 8:30am - 12:00pm
*Location: Lafayette/San Tomas/Lawrence
*Track: Emerging Technology Tutorial
TrackBack
-----
News articles:
Notes from Cory Doctorow
Fred von Lohmann's tutorial from O'Reilly Emerging Technology 2003 conference,
"Legal Issues and Emerging Technology."
Cory Doctorow
Vendors are including "handshakes" in their devices now: there's only one reason
to do this, so that they can block competitors from interoperating using the
DMCA, which bans circumventing access-control.
AOL Instant Messenger is doing this to get rid of Jabber and other interop
technologies: it's not hard to fake the key that AIM clients use to authenticate
themselves, but faking it is illegal because the DMCA forbids access control
circumvention
Hank Berry and Hummer-Windbladt were sued yesterday for funding Napster. This
gives you a flavor of the risk that funding P2P systems can create. Bertellsmann
has also been sued for investing in Napster -- on the theory that investing in
Napster allowed it to continue for months.
AIMSter, AudioGalaxy, Kazaa, Morpheus, Grokster, Scour were all sued or are
being sued for building P2PNets.
Every creative work that is fixed in tangible form is copyrighted. Just writing
a note to a friend gives you a whole suite of rights that will last 100 years or
more -- life of the author plus 70 years. Copying without permission violates
that right: right to make copies, right to perform/display, right to make
derivative works. MP3.com, by making a database of music, made a bunch of copies
without permission, and hence vioalted copyright.
The important thing about all the P2P cases, from Napster to today -- including
ReplayTV -- the people who were sued never made copies of the music. They
produced tech that allowed end-users to make copies. Napster never made a copy.
Its users infringed, but so do VCR users, photocopier users, etc.
So the question is, when can you as a toolmaker be held legally responsible for
what users do with what you build?
There are two classes of secondary copyright liability: contributory
infringement and vicarious infringment.
To prove contributory infingement, you have to prove:
1. That there was direct infringement -- i.e., that end users infringed
2. That the toolmaker had knowledge of the direct infringement -- the courts
seem to think that this means, if you knew or if you should have known. If a
user comes to you and says, "I want to swap Harry Potter books," and you say,
"Sure thing, here's how to do it," then you know. But OTOH, if you distribute a
piece of software and three months later, you pick up a newspaper and read an
article that says, "Your tool is the hot new warez tool" -- is that enough
knowledge to satisfy the requirement? The entertainment companies say so.
3. That the toolmaker materially contributed to the infringement. That's not as
high a hurdle as you think: the entertainment companies say, "but for your
technology, the infringement wouldn't have happened.
Tech companies defend themselves by saying that their tools are capable of
substantial non-infringing users. We don't ban photocopies because some people
may use them for bad things. That's the chief bulwark against liability for two
decades. It's the Betamax defense. HP can ship CDR drives in their machines
because of this. Cisco can sell routers this way, too.
Betamax is under sustained attack in all the P2P cases. The entertainment
companies are trying to carve that back. Napster is capable of substantial
noninfringing uses -- so are Kazaa and Morpheus, and in fact are all used for
susbstantial noninfringing uses today. You can d/l Shakespeare's King Lear from
most P2P nets.
But the enterainment companies are winning. They argue that once you have
knowledge that infringment is taking place with your tech, you lose the Betamax
defense, that it only holds until they tell you that something bad is going on
with your tool. This is devastating.
The Napster court held that once you have specific knowledge of infringement,
the Betamax defense evaporates.
If that were the rule, the VCR would be illegal. That's the meat of the AIMSter
case and the Morpheus case.
The lawyers on the other side argue that P2P is different from the VCR. Once
Sony sells a VCR, it has no further connection with the device or its users --
lawyers call this the "service/device distinction". But OTOH, if you have an
ongoing relationship with a user and the ability to block a user from using the
service, the entertainment companies say that that's different.
The problem is that judges don't like to be perceived as coming out on the side
of "Internet Pirates."
But VCRs come with warranties and Xerox machines come with service contracts --
there is an ongoing relationship with the customer after the sales. But Xerox
could have a much tighter relationship with its customers, and the reason they
don't is that it would open them up to liability. A company that made high-speed
cassette duplicators got successfully sued for contirbutory infingement because
they never sold them, they only leased them to their customers.
Foreign countries haven't really addressed this question. 1976 -- the Betamax
hearings -- was the first time that a device maker had ever been sued under
these theories. When entertainment companies say that making a P2Pnet is
unlawful all over the world, it's not true: it hasn't been settled anywhere.
There's almost no settled law about contributory infringement.
The second theory of indirect copyright lability is Vicarious Liability
If contributory liability is a kind of aiding and abetting, then vicarious
liability is "you're responsible for the actions of people under your control."
You're responsible for the bad acts of the people who work for you: if a WalMart
checkout person punches a customer, WalMart will be on the hook, too.
More generally, you're vicariously liable if:
1. There's some direct infringement (naughty end-users)
2. You had the right and ability to control the infringer
3. Some direct financial benefit flowed to you from the end-user
Right and ability to control can be satisfied by the ability to disconnect the
user (Napster court). That's very chilling for people who sell software on a
subscription basis.
Direct financial benefit is also pretty loose: it need not be direct nor
financial. In Napster, no one was making money, but the court said, ah well, you
were trying to make money SOME DAY. They said, "It's enough if the infringing
use made the service more attractive." In a fleamarket case, the court ruled
that the availability of bootleg tapes at a flea-market made more parking fees
for the fleamarket.
Selling banners will put you in the stew.
The potential loophole is right and ability to control. Is a EULA enough? It
gives you a contractual relationship between you and every user -- this is
frigging insane. Laugh with me. But Morpheus has no EULA.
One critical piece of vicarious liability is that there is NO KNOWLEDGE
REQUIREMENT. You can be liabile even if you had no idea and no way of knowing
that infringement was going on -- so long as you have control and financial
benefit.
Audience member asks, if I d/l a bunch of DRM music from Pressplay and then
break the DRM and send it back, is Pressplay a contrib infringer?
Maybe, but it's more likely that they'd use the DMCA to go after the DRM
circumventer. MSFT doesn't think the labels will sue them for making Windows.
Auto-updating is the big battle to come: if you have the ability to auto-update
your users, you have the ability to force an update of a "kill-patch." Even an
optional update might be enough to be forced to shut down your users.
For a look at the future, consider TiVo: TiVo's primary investors are
entertainment companies, so we can't get a TiVo that will commercial-skip. The
future will have great tech, like TiVo, but it will be crippled -- like TiVo.
===
Trespass to chattels:
This is being applied to people who make some use-without-permission of others'
servers. eBay sued Bidders Edge because they spidered eBay and "did damage" by
reducing the availability of eBay's servers. You have to show damage for
Trespass to Chattels: It's not Trespass to Chattels if you pet someone's dog,
but it's trespass to kick the dog.
There's also the Computer Fraud and Abuse Act: you're not allowed to exceeed the
scope of your authority in connection with a machine on the Internet. eBay also
used this against Bidder's Edge.
It's murky what the scope of your authority is in respect of a webserver: but if
the server-owner sends you a letter telling you not to go to their site, it's
clear that visiting that site exceeds the scope of your authority.
(SORRY, I LOST THE THREAD HERE A BIT BECAUSE OF NETWORK PROBLEMS)
Page Last Updated: Apr 22 2:41pm by etech@example.com