Earlier this fall, the Court adjudicating Capitol Records, Inc. v. Thomas, vacated a $222,000 jury verdict because the Court found it had erred by instructing the jury that U.S. law provides a "making-available right." I have discussed the profound and numerous flaws in that ruling here. I discussed the downright disturbing flaws in Section K of that ruling, (which contains the Court's associated advisory opinion on copyright reform), here.

After the ruling, the Thomas Plaintiffs did just what they should have: They filed a motion to certify the Court's making-available-right ruling for an interlocutory appeal. Thomas is an ideal case for an interlocutory appeal: the recent self-reversal in Thomas would require the parties to re-try the entire case because the Court used internally inconsistent reasoning to adopt a minority position on a pure question of law that admittedly causes the United States to violate nine international agreements. Stronger grounds for an interlocutory appeal are scarcely conceivable.

Unfortunately, on December 23, 2008, the Court in Thomas denied the motion to certify an interlocutory appeal--for an absurd reason. According to the Court, there can be no substantial disagreement that it was bound to deny that a making-available right exists by the "binding precedent" established in the second of three alternative holdings in the contract-interpretation case National Car Rental.

Continue reading Update on Capitol Records v. Thomas: Motion to Certify an Appeal Denied; Petition for an Extraordinary Writ May Follow . . .

posted by Thomas Sydnor @ 4:24 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security , Universities

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

This fall, as the likely outcome of the 2008 elections became increasingly clear, I was feeling more than usually grateful that debates about intellectual-property rights tend to be largely non-partisan. Granted, these debates are often quite heated, but that heat tends to be generated by constituent interests or strong personal views, not partisan politics.

So I found it funny when a Wired magazine blog tried to put a partisan spin on one of my recent papers. This paper criticized the vacatur of the jury verdict in Capitol Records, Inc. v. Thomas. Wired tried to spin this paper as "Republican think-tank attacks Democratic judge." I can see why this spin might have fooled a harried editor, but it is laughable.

Continue reading Wired Accuses a "Conservative" of Attacking a "Democratic" Judge By Defending the Rationality of, um, the Judge and President Clinton? . . .

posted by Thomas Sydnor @ 12:15 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Media: Video, Music...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

CNET and others report about a charming new steal-don't-buy browser extension that reminds Amazon.com shoppers that much of Amazon's legal content can be downloaded illegally "4 Free" from The Pirate Bay. If correct, such reports expose the truly self-destructive venality of Internet piracy. They also expose the vacuity of an argument favored by defenders of piracy--the claim that content creators (and law-abiding distributors) can or should "compete against free." Usually, persons spouting this claim cite the case of "bottled water" as a real-life example. For two reasons, this example refutes their vapid claim.

Continue reading Internet Piracy: No, Virginia, There Really Is No "Competing" Against Yourself for "Free" . . .

posted by Thomas Sydnor @ 12:30 PM | Access: Commons, Fair Use, Orphan Works, Public Domain , Economics, Game Theory & Public Choice , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (8)

Having dealt with Mr. Masnick's self-immolating attack on my analysis of Thomas, I must now even more emphatically reject Mr. Masnick's absurd claim that he "proved" that my paper on Free Culture mischaracterized the views that Professor Lawrence Lessig expressed in Code, a deplorable book advocating government control of the Internet and lawsuits against programmers. Frankly, mischaracterizing Lessig is pointless: quoting him suffices. Nevertheless, Mr. Masnick claimed, "The worst was when a variety of others pointed out Sydnor's out of context comments [sic] and put them back into context--and Sydnor still stood by the paper, refusing to admit he took a single comment out of content."

Nonsense: I stand by my paper because Mr. Masnick and "others" failed to quibble successfully even about details wholly tangential to its main argument. As Mr. Masnick's post indicates, his quibbles claimed that I had unfairly portrayed Lessig as a "communist sympathizer." But my paper said:

To be clear, I do not think that Lessig, Fisher, or other Free-Culture-Movement academics and interest groups are literally 'communists' or 'socialists....' But they do still display the flaws that made communists and socialists dangerous to themselves and others: Inherent distrust of and contempt for the utility of bilateral private exchange conjoined with boundless, unshakeable faith in the potential wisdom, foresight, and benevolence of vast and coercive governmental power.

Continue reading TechDirt's Backfiring Defense of the Thomas Decision--and the "Effective Freedom" of Totalitarian Terror (Part II). . . .

posted by Thomas Sydnor @ 11:10 AM | Academia , Economics, Game Theory & Public Choice , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Liberty and IP

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

Tom Sydnor released a short paper this week urging Congress to pass the Enforcement of Intellectual Property Rights Act. Tom lays to rest some of the concerns voiced about the bill, including the cost to the federal government:

In the case of ERIPA, the usually sound impulse to avoid further federal spending is misplaced. Dynamic analysis of ERIPA's costs and benefits shows that ERIPA is better than "revenue neutral"--it is "revenue enhancing."

The Coalition Against Counterfeiting and Piracy made this point by commissioning the Tyson Report, a conservative economic analysis of the probable costs and benefits of IPR-enforcement reform.[2] The Tyson Report concluded that because counterfeiting and piracy annually drain about $225 billion from the U.S. economy, IPR-enforcement reforms that only slightly decreased counterfeiting and piracy over three years would increase U.S. output, earnings, and employment enough to increase federal tax revenues by $4.9 to $5.7 per dollar spent on reform, and generate another $1.25 billion in state and local tax revenues. For the American taxpayer, dollars spent on IPR-enforcement reform are investments that offer potential three-year returns of 490% to 570%, even when discounted to present value.

The entire paper can be found here.

posted by Amy Smorodin @ 10:51 AM | Enforcement & Remedies , Legislation and Legislators

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

Today, the Financial Times reported a significant development in the fight against online copyright piracy. The U.K. is reportedly ready to announce an agreement between copyright owners and ISPs under which UK ISPs will agree to work to achieve "a 'significant reduction'" in illegal file-sharing. As a first step, the proposal would have ISPs send warning letters to 1,000 prolific illegal downloader per week during the three-month trial period. If that fails to significantly reduce illegal file-sharing, other alternatives would be considered, including a variation of the graduated-response/three-strikes proposal that would eventually disconnect Internet access services of persons who ignore repeated warnings or--of course--another European media levy, this time on internet-access services.

Personally, I hope that the U.K. opts for the graduated-response option. I realize that the usual "public-interest" groups say that disconnecting infringing users after repeated warnings is unfair, but, seriously, as compared to what? Forcing copyright owners to incur thousands of dollars filing John Doe lawsuits that must then be recovered from the families of teenagers and students unless copyright enforcement is to become a money-loosing proposition? Putting college students in jail? Those are the options available to deter illegal file-sharing under existing U.S. law. Are these options honestly less punitive or more enlightened than a graduated-response program? And by the way, libraries also provide access to knowledge, but if you don't follow their rules, they will throw you out and revoke your borrowing privileges. Is that unfair?

Granted, these "public interest" groups may really think that suing teenagers and imprisoning college students are good ways to enforce copyrights on the Internet. For example, in MGM Studios, Inc. v. Grokster, Ltd., the Internet Archive, Project Gutenberg, and many associations of university and law-school librarians argued that for-profit corporations that encourage or dupe teenagers or students into downloading infringing files should not be held liable for the intended consequences of the business models that gave those corporations "no product costs to acquire music" and "the ability to get all the music." Why? Because these guardians of the public interest argued that the teenagers and college students that these corporations induced could just be sued into ruin by copyright owners or imprisoned by the United States Department of Justice. So remember, university students, if your file sharing causes you to receive a prelitigation letter or subpoena from a copyright owner--or a visit from the FBI--do be sure to say "thanks" to the Internet Archive, Project Gutenberg, and your campus librarians: They all told the Supreme Court that bankrupting or imprisoning you should be the preferred means of enforcing copyrights on the Internet....

But for those inclined to think seriously about how copyrights should be enforced on the Internet, this new U.K. proposal ought to be viewed as a wake-up call, though it need not be a roadmap for what we should do here. It should, however, remind us that we have a serious problem, and that we need to think seriously about how that problem ought to be resolved.

History suggests that if we do think seriously about all of the interests involved--consumers, copyright owners, artists, and ISPs--then we probably can identify means short of compulsory licensing or levies that can reconcile those interests and significantly reduce piracy. Consider, for example, the balance that the Digital Millennium Copyright Act (the "DMCA") struck as to sites hosting user-generated content ("UGC").

UGC sites have enormous potential to encourage creative expression, but it would be difficult to imagine how they could operate were they governed by the strict-liability that copyright law has traditionally imposed upon distributors of expressive works. But simply exempting UGC site operators from liability for infringing third-party uses of their sites would only encourage piracy and shift copyright enforcement onto individual Internet users.

As result, the DMCA created a so-called "safe harbor" that exempts UGC site-operators from liability for monetary damages if they take several measures to redress or deter infringing third-party uses of their sites. The most important is the so-called "notice-and-takedown" requirement. It prescribes an iterative process of dispute identification and resolution. First, a copyright owner must notify a site operator of allegedly infringing content. The site operator must then take down the content and notify the subscriber who posted it. The subscriber must then decide whether to send a counter-notice to the site operator. If the subscriber sends a counter-notice, then the operator must restore access to the disputed content unless or until the copyright owner files a lawsuit and secures a court order requiring it to be taken down.

This takedown process can benefit all three parties--copyright owner, site operator, and even the allegedly infringing user. The copyright owner gains a means to halt infringing conduct that is faster and cheaper than a lawsuit. The site operator gains unprecedented protections against most infringement liability. The allegedly infringing user receives a warning about any potential conflict, and gets to chose whether to avoid or confront it. This takedown process has resolved countless potential disputes and prevented many lawsuits.

But make no mistake: The DMCA notice-and-takedown regime is not ideal--not for copyright owners, UGC-site operators, or UGC-site users. Copyright owners find themselves playing takedown-notice whack-a-mole in which the same infringing content is repeatedly taken down and re-posted. UGC site operators incur enforcement and response costs, and operators receiving too many notices may fail to qualify for the safe harbor. For users, the notice-and-takedown process may alert them to potential conflicts and let them decide whether to avoid them, but it may not always show them how to correct problems so the content can be safely re-posted.

Fortunately, Congress expected that even the imperfect incentives to cooperate imposed by the takedown process would encourage interested parties to devise innovative solutions superior to any contemplated back in 1998. See 17 U.S.C. § 512(i)(1)(B). Congress appears to have been right. Many copyright owners and UGC-site operators have entered into licensing agreements. Both YouTube and the parties to the Copyright Principles for UGC Sites are preparing to deploy advanced filtering technologies. The parties to the Principles are also devising more interactive dispute-resolution procedures. Consequently, not even important, backward-looking disputes like the Viacom-Google litigation should obscure the progress being made by copyright owners, UGC-site operators, and UGC-site users.

To be sure, the DMCA did not anticipate the rise of file-sharing piracy that cannot be reasonably redressed at the application level. Nor could the balance that the DMCA struck as to UGC sites just be "cut and pasted" into the context of access providers. Nevertheless, the case of UGC sites show that when the law has encouraged cooperative approaches--even imperfect ones--cooperation has occurred, improvements have been made, and enforcement lawsuits against consumers have been almost entirely avoided.

Finally, some will argue that the U.K. proposal is unfair to internet-access providers. That argument has weaknesses and strengths. To be sure, many claim that piracy has helped access-providers by driving demand for broadband access. For example, in Free Culture, Professor Lawrence Lessig argues, "The appeal of file-sharing music was the crack cocaine of the Internet's growth. It drove demand for access to the Internet more powerfully than any other single application. It was the Internet's killer app.... It no doubt was the application that drove demand for bandwidth."

But while piracy may have been indirectly benefited some access providers, it has also imposed significant costs and inefficiencies. For example, from the perspective of efficient network management, most ISPs should cache popular downloads. But doing so is extremely risky. The DMCA's caching safe-harbor, (§512(b)), like its other provisions, envisioned a web-based Internet: Consequently, it does not seem to "harbor" the caching systems needed by file-sharing networks. Nevertheless, vague reports alleging the use of caching have surfaced ever since the 2004 study, Is P2P Dying or Just Hiding?

But in any case, a simple fact remains: Broadband Internet-access providers were not the ones who worked hard to ensure that file-sharing piracy would become a problem that could not be redressed at the application level. If those who did try to make that problem difficult to remediate now expect others to clean up their mess, then that is unjust.

Nothing makes this point more effectively than the written testimony provided recently to a congressional committee by Mr. Mark Gorton, "the founder and Chairman of LimeWire, LLC, the makers of the LimeWire file sharing program":

The regulatory framework that surrounds the Internet has not kept pace with technical advancements, and currently, no effective enforcement mechanisms exist to address illegal behavior on P2P networks.

Internet Service Providers, ISP's, are a unique point of control for every computer on the Internet. Universities frequently function as their own ISP's, and a handful of universities have implemented notice based warning systems that result in the disconnection of users engaged in illegal behavior who ignore multiple warnings. These universities have sharply reduced child pornography and copyright infringement on their campus networks.

Similar policies could be mandated for all ISP's in the United States. However, these policies are unpopular with the telecom and cable companies who would prefer not have an enforcement relationship with their paying customers. The telecom industry has objected vigorously to previous attempts to involve ISP's in the enforcement process and it continues to oppose policies that would allow for the establishment of moderate, yet effective enforcement mechanisms to combat illegal behavior on the Internet.

The only institution in the United States with the power to mandate the creation of an effective enforcement mechanism to police the Internet is the United States Congress.

I believe that careful thought would reveal viable solutions to the challenges of file-sharing piracy more creative and less prescriptive than those proposed by LimeWire. And if distributors of piracy-and-pornography-prone file-sharing programs now admit that they have knowingly created problems that can only be resolved by imposing significant costs on many third parties, including copyright owners, internet users, and internet-access providers, I would respectfully suggest that federal law-enforcement agencies should take such admissions into account. And send a message....

posted by Thomas Sydnor @ 10:22 PM | DMCA , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Markets: Business, Investment & Innovation

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

Over the past week, I have been asked repeatedly about the Voluntary Best Practices for P2P File-Sharing Software Developers to Implement to Protect Users Against Inadvertently Sharing Personal or Sensitive Data(the "VBPs") just released by the Distributed Computing Industry Association ("DCIA"). As most probably know, these VBPs appear to have been hastily released after LimeWire's latest fiasco, which involved inadvertent sharing of the financial data of Supreme Court Justice Stephen Breyer.

I am still reviewing these new VBPs and comparing their provisions against the behavior of then-current versions of the file-sharing programs distributed by entities that purport to have developed these VBPs. Nevertheless, I can now summarize some key conclusions: I have serious concerns about the scope, substance, and credibility of these new VBPs.

CONCERNS ABOUT THE SCOPE OF THE VBPs:

The VBPs Unfairly Stigmatize All "P2P File-Sharing Software Developers": The VBPs seem to proceed from a absurd premise: They seem to presume that roses and skunks are equally likely to smell bad. The VBPs purport to apply to all "P2P File-Sharing Software Developers." I am aware of no data showing that risks of potentially harmful inadvertent sharing, (much less inadvertent sharing of "personal" or "sensitive" files), arise consistently from all "P2P File-Sharing Software."

To the contrary, the available data indicate that the worst of these risks seem to arise only from a narrow subset of programs whose similarities appear to arise more from the business models of their developers than from any actual reliance upon peer-to-peer networking or file transfers. For example, both the Gnutella-based LimeWire program and the BitTorrent-based program Joost are "P2P File-Sharing Software." But Joost and LimeWire do not even arguably pose similar risks to their users. Nevertheless, the VBPs treat both programs as if either could be equally likely to cause harm.

That is just plain wrong. It makes no sense to state or imply that all "P2P File-Sharing Software" should be painted with the same bad-actor brush.

CONCERNS ABOUT THE SUBSTANCE OF THE VBPs:

Compliance with the VBPs Is Unlikely To Significantly Reduce Potentially Dangerous Inadvertent Sharing: Regrettably, I expect that the VBPs--even if scrupulously followed--may have little or no effect on the prevalence of inadvertent sharing of personal data. The VBPs seem to presume that inadvertent sharing of "sensitive" data is still a problem that program distributors can cause or remediate at will. I suspect that this presumption is now dreadfully wrong.

For example, when episodes occurring in 2005 and 2006 returned my attention to the problem of inadvertent sharing of personal data, I embarked on a then-fruitless snipe hunt. When trying to determine why users of file-sharing programs might be inadvertently sharing personal files in 2005 and 2006, I first thought that the programs themselves were unlikely to be causing inadvertent sharing: After all, problems with program design had been rather extensively investigated--and purportedly resolved--back in 2002 and 2003. I thus assumed that inadvertent sharing must be recurring for some other reason.

I thus investigated the possibility that malware might be causing inadvertent sharing of personal files. The same factors that make piracy-prone file-sharing networks well suited for the distribution of infringing files also make them well-suited for the distribution of files infected with malicious code. Consequently, I assumed that inadvertent sharing might be recurring because file-sharing networks were distributing malware that was reconfiguring the file-sharing programs themselves. At the time, nothing came of those efforts: Searches of the usual data repositories did not reveal malicious programs that reconfigured popular file-sharing programs. Only after this "malware hypothesis" led nowhere did I look again at the programs themselves--only to find some dumbfoundingly familiar problems.

The VBPs returned my attention to malware as a potential cause of inadvertent sharing after I discussed them with the data-security company Tiversa, Inc. Tiversa's perspectives on file-sharing tend to be uniquely valuable. Tiversa's technology lets it look comprehensively at all activities occurring on multiple networks, and the monitoring and remediation services that it provide to its clients ensure that Tiversa often has unique, first-hand knowledge about the causes of inadvertent sharing.

After reviewing the VBPs, Tiversa's President, Mr. Robert Boback, reported that he was not optimistic about their potential to reduce inadvertent sharing. In particular, he cited the problem of malware--he reported that Tiversa has now encountered multiple forms of malware that reconfigure the sharing-related settings of popular file-sharing programs.

If so, then the VBPs are too little, too late. By perpetuating the problem of inadvertent sharing until identity thieves had years to realize how advantageous it could be to them, distributors of file-sharing programs have ensured that inadvertent sharing is no longer a problem that they can cause or remediate by changing the default settings of their programs.

The VBPs Seem Hopelessly Vague: The VBPs also seem very waffly and fuzzy--they are so vague and flexible that it will often be very hard to say whether any given program complies with any particular provision. Worse yet, they are often so vague that they seem to fail to engage the available data on the causes of inadvertent sharing. Indeed, preliminary analysis suggests that the VBPs could permit use of search-wizards, partial-uninstall features, and certain coerced-sharing features, including LimeWire's confusing "individually-shared-files" feature. I don't see how anyone can be expected to believe that these VBPs will really deter inadvertent sharing unless they clearly address all the problems that have been repeatedly called to the attention of distributors.

For example, the VBPs center around the notion that developers can deter inadvertent sharing by requiring users to take "Affirmative Steps" before they share "User-Originated Files." That sounds good--until one recalls that the more dangerous version of the KaZaA program condemned in the 2002 study Usability and Privacy: A Study of KaZaA Peer-to-Peer File Sharing also required its users to take "Affirmative Steps" before they would share "User-Originated Files." Indeed, partial-uninstall features excepted, so did the "features" condemned in the USPTO report, Filesharing Programs and "Technological Features to Induce Users to Share."

The VBPs Proceed from the Sometimes-False Premise That It Is "Safe" for Users of File-Sharing Programs to "Share" Downloaded Files by Default: The VBPs also look like a cynical half-effort to redress inadvertent sharing. To me, the difference between conscientious program distributors and cynical distributors is simple: The former are concerned about the safety of users of their program; they want to ensure that users do not inadvertently share any files that would tend to be dangerous to share. The latter are concerned only about themselves; they only want to ensure that users of their program do not inadvertently share the sorts of files that would be likely to attract adverse attention to program distributors from the media, Congress, or Supreme Court Justices.

Sadly, the VBPs seem to reflect the latter approach to inadvertent sharing: They divide all files stored on users' computers into two classes: files downloaded from the file-sharing network and all others, (the VBPs call this latter class "User-Originated Files"). The VBPs then proceed from the following premise: Sharing of downloaded files is presumptively "non-sensitive," safe and permissible by default, while sharing of User-Originated Files is not. In other words, the VBPs presume that users sharing downloaded files are not sharing "sensitive" files.

As applied to programs like LimeWire, that premise is demonstrably and deliberately false. As LimeWire CEO Mark Gorton testified, other than downloading of music, the only other "major use" of his program is downloading movies. Sharing files containing downloaded music or movies can cost from $750 to $150,000 per file. As a result, for persons of moderate means, the financial consequences of sharing those files are probably as bad or worse than the financial consequences of identity theft.

Worse yet, this very real threat of enforcement lawsuits is a risk imposed upon users deliberately by distributors of certain file-sharing programs: For example, in MGM v. Grokster, LimeWire went out of its way to blame copyright owners for failing to sue infringing users of its program. Subsequently, LimeWire then altered its program in ways that can make it more difficult for users to stop sharing downloaded files--thus ensuring that the risks of sharing downloaded files would tend to fall disproportionately upon those users who happen to be very young or otherwise particularly unsophisticated.

An article published recently by the Torrentfreak website illustrates the real-world consequences of these choices. The article reports on an interview with "Hannah," the pseudonym of a 9-year-old girl who uses LimeWire. The interview begins, "Everyone knows that a significant number of file-sharers are teenagers and young adults.... But what about the true kids--the under 10's?"

In the interview, "Hannah" says that she uses LimeWire, "Because you can put anything in and it will come up and you don't actually pay for it" and because "you can get good albums off there. Duh!!" When asked whether downloading music for free might be illegal, she replied, "Why would they put it [music] on the Internet ... if it was against the law?" She was then asked what would happen if one of her favorite artists, Sean Kingstone, sued her family or sought a settlement because she had shared his albums using LimeWire. She replied, "I'd say 'tooooo strict' and anyway he can't make me do anything. He's not the boss of me, he's the boss of Sean Kingstone." When asked what would happen if her family did not settle, she said, "Nothing. I'm too young to be charged by the government so he can't charge me."

"Hannah" has her facts dangerously wrong, but I can still sympathize with Hannah (and her family): She's just a little girl who has made the usually rational assumption that most adults don't distribute dangerous toys to children. Unfortunately, some adults who distribute certain file-sharing programs persist in distributing potentially dangerous toys to children--even after painting enforcement targets on their little foreheads. As a result, programs like LimeWire now jeopardize the privacy, reputations, and finances of the families of many thousands of "Hannahs."

Nor do the distributors of such programs simply lack any means to prevent their misuse or otherwise avoid the need for enforcement against consumers who share infringing files--deliberately or otherwise. They do have the means, but they have chosen not to deploy them.

Distributors of other file-sharing programs have now made this clear: Joost only distributes files authorized for distribution; Veoh uses forms of filtering; Pando uses something akin to a notice-and-takedown process. That doesn't mean that any of these programs are perfect, but it does mean that people using them are unlikely to face the financial and other consequences of an infringement lawsuit.

In short, a useful set of VBPs would have to address a very deliberately constructed reality: Inadvertently sharing files downloaded from some networks can be as presumptively dangerous and as "sensitive" as inadvertently sharing personal files. VBPs that refuse to confront this deliberately constructed reality are not worth the pixels they are printed upon.

Unless the VBPs Redress Inadvertent Sharing of Downloaded Files, Pedophiles Will Use Inadvertent Sharing to Avoid Conviction for Knowingly Distributing Child Pornography: Because the VBPs do not really address inadvertent sharing of downloaded files, they also fail to defuse a ticking time-bomb: Piracy-adapted file-sharing networks have attracted not only 9-year-old girls who share music, but also pedophiles who share child pornography. As a result, a slew of prosecutions are now underway--I counted scores of pending cases during my last sweep of LEXIS, and a public defender in New York told me that her office is now inundated with P2P child-porn cases. Unfortunately, the defendants in these cases have realized that inadvertent sharing can help them avoid conviction on the "knowing distribution" count that can result in serious jail time. Soon enough, inadvertent sharing--even of downloaded files--is going to deliver get-out-of-jail-free cards to pedophiles.

The VBPs would have to reflect a serious effort to prevent inadvertent sharing of downloaded files before they could stop this from happening. Indeed, even their half-efforts are already too late. For example, in United States v. Park, 2008 U.S. Dist. LEXIS 19688, *2 (D. Neb. March 13, 2008), the defendant used LimeWire to share, inter alia, a three-hour video that "depicted 'a female minor bound with a rope and being choked with a belt by what appeared to be an adult male.'" Nevertheless, the defendant secured a reduced sentence by claiming that he "lacked an understanding of the software and thus ... the knowledge to distribute the illegal wares that he possessed." Id. at 4.

To be clear: Distributors of piracy-adapted file-sharing programs rightly resent any claim that might imply that they intend to aid pedophiles. But that is not my point: Frankly, I cannot imagine why any distributor of even the most piracy-prone file-sharing program would intend to facilitate the distribution of child pornography, or, for that matter, malware-infected files, or classified government data.

Nevertheless, some brute facts remain: Actions often have consequences that--while not intended--are wholly predictable. The same attributes that make certain file-sharing programs attractive to persons who want to distribute infringing files predictably make those programs attractive to persons who want to engage in other illegal activities. It was thus utterly foreseeable--and foreseen--that malefactors other than infringers would flock to the accommodating venues thus provided.

For example, in 2003, the distributors of the KaZaA program admitted this when discussing the prevalence of malware-infected files on the FastTrack network: "As you would expect, when files often come from anonymous and uncertified sources, the risk of that file containing a virus greatly increases." They may not have intended to attract malware distributors, but they fully expected that the design of their network would do so nonetheless. Those choices created a network used largely for illegal purposes in which it becomes very important to be able to say whether any given user intended to "share" any given file because so many are unlawful to share. Reasonable VBPs would acknowledge that in such venues, the "sharing" of downloaded files is generally unsafe--it can result in the "sharing" of files that are "sensitive," within any reasonable meaning of that term.

CONCERNS ABOUT THE CREDIBILITY OF THE VBPs:

The VBPs Are "Déjà Vu All Over Again" for Concerned Officials or Citizens: Sadly, these new VBPs proceed from a false premise: They presume that distributors of piracy-adapted file-sharing programs can be reasonably expected to adhere to a completely optional set of inadvertent-sharing-related "best practices" that would require them to redesign their programs in order to prevent users from inadvertently sharing files. All-too-recent experience has eviscerated that premise.

For example, after the second-to-last round of congressional hearings on inadvertent sharing, (back in 2003), the trade association P2P United purported to redress inadvertent sharing by promulgating a mandatory Code of Conduct designed by distributors of file-sharing programs including the distributors of LimeWire. But the distributors who devised that "mandatory" Code tended to ignored it in practice while signing pious hymns to its virtues to congressional committees and federal agencies. Now, another trade association has released another set of now-completely-optional LimeWire-designed VBPs. With all due respect--and none is--these new VBPs accomplish precisely one result: They force everyone concerned about inadvertent sharing to stare straight down both barrels of an old saying:

Fool me once; shame on you. Fool me twice...."

Seriously: If distributors of piracy-adapted file-sharing programs treated their own mandatory Code of Conduct--and the well-being of users of their programs--like an irrelevant joke back in 2004, how can anyone believe that, in 2008, they will treat new optional VBPs with anything other than similar contempt?

And least the above seem unduly harsh, I can report that I have begun to compare the requirements of the VBPs to the behavior of the version of LimeWire that was available when the VBPs were released. This version of LimeWire does not appear to comply with the VBPs. Once again, the VBPs thus seem to be just a cheery promise that things may improve in the future.

I agree that voluntary self-regulation will be an indispensable tool that can let us redress many of the security and privacy challenges that will inevitably arise from fast-changing internet technologies without saddling those technologies with prescriptive, market-distorting regulations that quickly prove to be partially underbroad, partially overbroad, and quickly dated. But for that reason, there will be times when the only reasonable response to miserably failed efforts at voluntary self-regulation will be law enforcement--not the repetition of airy promises of even less-obligatory self-regulation.

For all these reasons--scope, substance, and credibility--I can take no comfort in DCIA's new Voluntary Best Practices for P2P File-Sharing Software Developers to Implement to Protect Users Against Inadvertently Sharing Personal or Sensitive Data.

posted by Thomas Sydnor @ 9:54 AM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Legislation and Legislators , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

CSDP just released a new paper addressing a question that has attracted much recent attention: Does posting a copyrighted work on a website or “sharing” it over a peer-to-peer file-sharing network like KaZaA infringe the exclusive rights that U.S. law grants to copyright owners? In other words, does the U.S. Copyright Act provide the “making available” right required by the WIPO Copyright Treaty, the WIPO Performances and Phonograms Treaty, and at least six bilateral or multilateral Free Trade Agreements?

This paper raised one of the more vexing legal issues that I have encountered in some time. The problem was not so much the difficulty of the underlying substantive issue. (Indeed, as the paper indicates, I think there is a very powerful case for recognizing a making-available right by adopting a plain-meaning interpretation of “to authorize” the phrase used to define the scope of all the exclusive rights granted by the Act.) Rather, the problem was that I have always thought it important that Congress and the President had both expressly and necessarily interpreted the Copyright Act to provide a making-available right when they enacted the implementing legislation for the WCT, the WPPT, and the six FTAs.

Many others with whom I have discussed this issue did not agree that these interpretations were particularly important. Our disagreements centered on a question that, does, at least in the context of international law and at the Supreme-Court level, seem to be open. Since the 1804 case Charming Betsy, the Supreme Court has held that courts should adopt any possible interpretation of a U.S. statute that would avoid a conflict with the international agreements and obligations of the United States. Nevertheless, to date, almost all cases invoking the Charming-Betsy interpretive principle seem to involve efforts to construe statutes that were enacted after a given treaty or international agreement had imposed some sort of obligation upon the United States.

The case of the making-available right reverses the temporal relationship between the relevant domestic statute and international agreements: The WCT, WPPT and the FTAs all postdate the Copyright Act of 1976 by at least thirty years. Many people found it odd that the terms of international obligations should influence the interpretation of a statute enacted about 30 years earlier. I could neither deny that such arguments had some force nor that I still found them unpersuasive, though for reasons that I could never quite articulate.

I hope that this paper can explain the source of these disagreements. I happen to have a longstanding interest in administrative law. Consequently, when I look at the Copyright Act of 1976, the implementing legislation for the WCT, WPPT, and the FTAs, and cases like Barker, I think that the resulting situation raises a question about the need for judicial deference analogous to that raised and resolved in cases like Chevron v. NRDC.

In the typical Chevron case, a governmental entity (usually a federal agency) must interpret an existing statute in order to determine how best to exercise lawfully acquired law-making powers. In such cases, courts accord so-called Chevron deference to statutory interpretation adopted by the agency: Regardless of whether the reviewing court might think some other interpretation more persuasive, it will defer to any reasonable interpretation that the agency adopted during the exercise of its law-making powers.

To be clear, I do not contend that Chevron is literally binding precedent in cases like Barker, but neither do I see why it is distinguishable as a matter of law and logic. The same factors that justify Chevron deference in the administrative-law context seem to recur here: To implement international agreements, Congress and the President must exercise their constitutionally delegated law-making powers, and to do so, they must interpret the meaning of existing statutes. Indeed, the interests in predictability and comity that justify Chevron deference seem to be both present and heightened in international-agreement implementation context. It is not clear why a case-or-controversy-bound judge should conclude that the President and Congress seven times executed the international obligations of the United States incompetently or duplicitously if a permissible interpretation of the Copyright Act would avoid the need to draw such conclusions.

Questions about the existence or scope of a U.S. making-available right will clearly be occupying many minds as the summer progresses. For the reasons set forth in the paper, I suspect that as courts begin looking closely at these questions, they will realize that their answers are less difficult to discern than they might seem at first glance.

posted by Thomas Sydnor @ 3:40 PM | DMCA , DRM & Watermarks, etc. , Enforcement & Remedies , Free Culture Movement , General , International , Internet: P2P, Search Engines... , Legislation and Legislators

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (3)

Yesterday, convicted identity thief Gregory Kopiloff was reportedly sentenced to 51-months in prison for using LimeWire to download inadvertently shared tax returns, credit reports, bank statements and student financial aid applications that he then used to commit credit-card fraud.

Some sources report Kopiloff as the first case involving inadvertent sharing and identity theft. Actually, it is the first federal prosecution of an ID thief who exploited inadvertent sharing. Back in 2006, Denver District Attorney Mitchell Morrissey indicted an 8-person ring that used LimeWire to download inadvertently shared files, commit identity theft and fraud, and then use its proceeds to buy and sell crystal meth.

For prosecutors, this means that nine identity thieves exploiting inadvertent sharing have gone down and "tens of thousands" remain. This latter point was reinforced in two recent Information Week stories (here and here) that focused on inadvertent sharing of corporate data:

Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely--surely people wouldn't be that sloppy....

The results were shocking and scary--loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition....

The Info Week researcher looking for such documents also reportedly found an "information concentrator," someone who appeared to be deliberately collecting other people's inadvertently shared data--bank passwords, credit card numbers, credit reports and tax returns. The researcher realized the irony of what he had discovered: Persons trolling for inadvertently shared documents have the strongest legal and practical reasons not to "share" the data they download. Consequently, Info Week's potential identity thief was almost certainly "sharing" his data stash inadvertently.

If the professional thieves who exploit inadvertent sharing cannot consistently manage to avoid doing it themselves, one can well imagine what happens to the 26% of the 9-to-14-year-olds who reportedly use LimeWire. Indeed, those who would assume that such kids understand even the best-known of the risks that they are incurring should review Torrentfreak's interview with "Hannah," the reported pseudonym of a nine-year-old LimeWire user. Here is a sample:

TF. …"You mentioned you like Sean Kingstone - what if I told you that Sean Kingstone’s boss might send you a letter asking for money because you shared his album on LimeWire? What would you say to him?...."

[Hannah]: "I’d say “tooooo strict!” and anyway he can’t make me do anything. He’s not the boss of me, he’s the boss of Sean Kingstone."

TF. "What do you think might happen if you didn’t pay him?"

[Hannah]: Nothing. I’m too young to be charged by the government so he can’t charge me.

This interview illustrates yet another reason why inadvertent sharing must end. It also illuminates three other important points about Internet copyright enforcement:

First, if Hannah's family has to drain her college fund to settle a potentially ruinous infringement lawsuit, that will happen because distributors of programs like LimeWire chose to ignore the 512(d) safe harbor and to lack any means of disconnecting infringing users and responding to takedown notices. They chose, in other words, to create a conflict between users of their programs and copyright owners that the latter could not resolve through means less punitive than infringement lawsuits. As a result, suing infringing LimeWire users (like "Hannah") was the copyright-enforcement solution proposed by LimeWire LLC in Grokster.

Second, in Grokster, over 8 public-interest organizations, 79 professors of intellectual-property law and a vast array of technology companies and Internet savants argued that that distributors of file-sharing programs should not be liable even if they did intentionally "induce," (i.e., encourage or dupe), 9-year-old-girls into violating federal law. Why not? Well, these amici argued, inter alia, that the adult inducers should go free because copyright owners could just sue the many thousands of children and college students that they induced. Such sue-the-children arguments were made by entities including the distributors of LimeWire, Morpheus and Grokster, CNET, university librarians, some Internet-service providers, and Project Gutenberg, the Internet Archive and four professors from Harvard Law School's Berkman Center for the Study of the Internet and Society. In Grokster, such arguments were also rejected, unanimously, by all nine Justices of the United States Supreme Court.

Third, today, many countries are re-assessing whether and how we can significantly reduce the deliberately-crafted problem of file-sharing piracy without asking copyright holders (or prosecutors) to sue tens of thousands of children, students, and single mothers. For the sake of all concerned, I hope that this debate will feature Internet-community thinking more creative than the sue-the-children/my-customers mantra that animated the defense of the Grokster respondents. Indeed, even LimeWire LLC now argues that there are now better, alternative solutions to the mess that it made--albeit legislated solutions that impose significant costs upon all concerned, except LimeWire LLC.

posted by Thomas Sydnor @ 9:45 AM | Academia , DMCA , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security , Supreme Court

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (3)

Over at Public Knowledge, Sherwin Siy is lecturing Ranking Member Coble about the relationship between file-sharing and identity theft. Mr. Siy claims that his recent editorial shows that Legislators Just Don’t Get P2P:

“Coble … implicitly equat[es the risk of identity theft] with both copyright infringement and p2p software generally. This is a real mistake, and a real cause for concern if that’s the attitude policymakers take when approaching online copyright infringement.”

Mr. Siy both misstates the content of this editorial and ignores evidence strongly suggesting that risks of identity theft are associated with the piracy-driven business models of some distributors of file-sharing programs. As in Grokster, it is once again Public Knowledge that Just Doesn’t Get P2P.

First, it is not a “mistake” to infer a link between inadvertent sharing of sensitive files and the prevalence of copyright infringement. USPTO has explained why the available evidence strongly suggests that inadvertent sharing of sensitive files may be a side-effect of distributor’s seemingly deliberate efforts to trick program users into inadvertently sharing infringing files. Even more information is available here.

Indeed, it is Mr. Siy’s alternative explanation for persistent inadvertent sharing—“bad software” or “dumb software design”—that is far more difficult to square with the available data. So difficult, in fact, as to suggest an ostrich-like desire to cling to a treasured belief in the face of contrary evidence.

Continue reading Public Nonsense about File-Sharing, Identity Theft and Inadvertent Sharing . . .

posted by Thomas Sydnor @ 2:08 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Thomas Sydnor @ 11:54 AM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Amy Smorodin @ 12:35 PM | Enforcement & Remedies , Media: Video, Music...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Amy Smorodin @ 2:45 PM | Academia , Enforcement & Remedies , Internet: P2P, Search Engines... , Universities

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (4)

posted by Solveig Singleton @ 1:33 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 1:38 PM | Academia , Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Thomas Sydnor @ 10:29 AM | Enforcement & Remedies , Free Culture Movement , Markets: Business, Investment & Innovation

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (12)

posted by Solveig Singleton @ 9:02 AM | Enforcement & Remedies , Internet: P2P, Search Engines... , Media: Video, Music...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (2)

posted by Solveig Singleton @ 8:57 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 11:21 AM | Enforcement & Remedies , Media: Video, Music...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Thomas Sydnor @ 5:46 PM | DMCA , Enforcement & Remedies , Internet: P2P, Search Engines... , Markets: Business, Investment & Innovation , Prices, Terms, and Licensing , Standards

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (2)

posted by Thomas Sydnor @ 2:26 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Thomas Sydnor @ 11:50 AM | DMCA , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Noel Le @ 7:04 PM | Academia , Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Solveig Singleton @ 2:06 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (2)

posted by Thomas Sydnor @ 9:56 AM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Noel Le @ 5:47 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Solveig Singleton @ 11:58 AM | Enforcement & Remedies , International , Legislation and Legislators

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Solveig Singleton @ 10:01 AM | DRM & Watermarks, etc. , Enforcement & Remedies , Liberty and IP , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Solveig Singleton @ 9:47 AM | Enforcement & Remedies , Patents , Supreme Court

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 8:47 AM | Enforcement & Remedies , Internet: P2P, Search Engines... , Markets: Business, Investment & Innovation , Prices, Terms, and Licensing

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 8:06 AM | Enforcement & Remedies , Internet: P2P, Search Engines... , Markets: Business, Investment & Innovation

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 7:47 AM | Enforcement & Remedies , Media: Video, Music... , Prices, Terms, and Licensing

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 11:29 AM | Enforcement & Remedies , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 12:12 PM | Enforcement & Remedies , Legislation and Legislators , Markets: Business, Investment & Innovation , Patents

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 12:08 PM | DRM & Watermarks, etc. , Enforcement & Remedies , Internet: P2P, Search Engines... , Markets: Business, Investment & Innovation

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 10:33 AM | Enforcement & Remedies , Legislation and Legislators , Patents

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 11:53 AM | Enforcement & Remedies , Markets: Business, Investment & Innovation

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 10:21 AM | DRM & Watermarks, etc. , Enforcement & Remedies , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Noel Le @ 8:02 PM | Enforcement & Remedies , Free Culture Movement , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

posted by Noel Le @ 8:36 PM | Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (15)

posted by Amy Smorodin @ 9:26 AM | Counterfeit , Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 11:21 AM | Enforcement & Remedies , International , Internet: P2P, Search Engines... , Media: Video, Music...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 5:23 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Amy Smorodin @ 10:28 AM | Access: Commons, Fair Use, Orphan Works, Public Domain , DMCA , Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Amy Smorodin @ 1:09 PM | Access: Commons, Fair Use, Orphan Works, Public Domain , Art , Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (3)

posted by James DeLong @ 1:57 PM | Enforcement & Remedies , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 11:36 AM | Enforcement & Remedies , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 10:03 AM | Academia , DRM & Watermarks, etc. , Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 2:05 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (4)

posted by Patrick Ross @ 2:32 PM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (9)

posted by Solveig Singleton @ 3:03 PM | DMCA , Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 9:51 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Patrick Ross @ 11:51 AM | Enforcement & Remedies , Legislation and Legislators

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Amy Smorodin @ 12:15 PM | Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (2)

posted by James DeLong @ 8:38 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 10:46 AM | Counterfeit , Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 11:13 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 9:48 AM | Enforcement & Remedies , Internet: P2P, Search Engines...

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 8:33 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (11)

posted by Patrick Ross @ 4:48 PM | Enforcement & Remedies , International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 8:53 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (5)

posted by James DeLong @ 8:35 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (2)

posted by James DeLong @ 8:46 AM | Enforcement & Remedies

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)