AACS keys cracked. Again.

Nothing demonstrates the futility of DRMs arms like the HD-DVD fiasco. Ed Felten has posted about the latest crack on the latest patch of the failing security system used to protect high definition discs. After the now infamous key number was cracked last month and publicised last month, the solution has been to blacklist some keys and update players with the blacklist. But as soon as one key is blacklisted, another crack is sure to follow.

The problem for AACS and similar technological protection measure providers is that they are fighting a hopeless arms race against hackers, regardless of what anti-circumvention legislation says. The Internet community will go to great lengths to publicise anything that seems to be an act of "repression", including a person tattooing the AACS key on himself.

Yes, the Interwebs is a strange place full of whacky people willing to tattoo circumvention of effective techological measures on themselves. The war is lost, change!

By the way, DRM free music available on iTunes! I've purchased my first DRM-free iTunes album, although apparently the music is tagged with the purchaser's name and email.

Trouble with Facebook

I'm still not sure about the whole Facebook thing, but this is a video that makes me think twice about the whole endeavour.

One of the interesting legal issues raised is indeed correct (read the terms of use). By posting on Facebook you are granting the company:

"By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content."

The "get out clause" is of course to close the account, but they will retain copies of the content nonetheless. I must not be the only person who finds this troubling.

Furthermore, here is a funny legal conundrum for you. According to the above, I'm granting Facebook a licence to use the work because all of my posts from my blog are sent to Facebook, but my blog is published under a Creative Commons licence. Which prevails?

Fairytale use

Absolutely brilliant video. Watch some unexpected characters explaining the basics of copyright law. In a faraway land...

Travel

I will be travelling to Sri Lanka, Spain and Croatia over the next few weeks, but I will try to update the blog whenever possible, wireless weather permitting.

Forever Copyright

(via David Berry) The New York Times has published the most misinformed article on the copyfight that I have ever read, and believe me, I have read some humdingers! The premise is simple. Great ideas last forever, right? So, why should not copyright last forever as well? Property rights do not expire when you die, so why should copyright?

I wish I had the time, the talent, and the inclination to give this article its well-deserved thrashing. Perhaps a few ideas will do. To show my contempt, I will even enumerate my criticism in the lowliest format known to man, the bullet point!

• For the thousandth time, intellectual property does not equate real property. Ideas are intangible, non-rivalrous goods. With ideas, you can have your pie, and eat it too!
  
• Repeat after me, copyright was not designed by the framers of the American Constitution. Google "Statute of Anne".
  
• When a work goes into the public domain, it is not "expropriated" by the State, it simply is not awarded protection any more.
  
• So, your poor starving grandchildren may not be able to profit from your work 70 years after death. They may have to *gasp* find jobs! Or here's a novel idea, they could find lost notes from granddad's works and release a new book under his name!

I better stop before my pancreas goes into over-drive.

Update: Check out Lessig's wiki against Helprin's article.

Fraud law used to fight P2P

(via Suw Charman) A man in London has been arrested for being the UK's representative of AllofMP3, the Russian infamous for selling subscription services at a fraction of "legal" downloads sites, but that does not pay royalties to artists.

According to the IFPI, the arrest is part of a growing set of actions against the site, which include IP blocking, and denial of credit card transactions for purchases on the site. While I have no sympathy whatsoever with AllofMP3, I find the legislation used to arrest this man quite an interesting change in strategy for the copyright industry. The man was not arrested under copyright enforcement legislation, he was arrested under fraud prevention, namely section 2 of the Fraud Act 2006. This section reads:

"Fraud by false representation
(1) A person is in breach of this section if he-
(a) dishonestly makes a false representation, and
(b) intends, by making the representation-
(i) to make a gain for himself or another, or
(ii) to cause loss to another or to expose another to a risk of loss.
(2) A representation is false if-
(a) it is untrue or misleading, and
(b) the person making it knows that it is, or might be, untrue or misleading.
(3) "Representation" means any representation as to fact or law, including a representation as to the state of mind of-
(a) the person making the representation, or
(b) any other person.
(4) A representation may be express or implied.
(5) For the purposes of this section a representation may be regarded as made if it (or anything implying it) is submitted in any form to any system or device designed to receive, convey or respond to communications (with or without human intervention)."

The original press story is wrong, the arrest is not about licensing music, it's about fraudulent misrepresentation. The above criminal offence also applies for online communications, and it seems a fair enough fraud-prevention type, if you misrepresent for your own commercial gain or to cause loss to another, you will be commiting a crime. This particular case applies to Allofmp3.com because the Russian site states that it gives money to artists, which does not seem to be the case. This is false representation in accordance to the above, and therefore the site's London representative can be held criminally liable.

As a wider implication, it seems like people should be careful about what they post online.

City of Merchants

(An auction house in City of Heroes)

(via Ashley Theunissen) The UK's Fraud Advisory Panel has issued a recommendation asking for regulation of the fledgling economies in virtual worlds. According to this group, virtual costumers are increasingly involved in commercial transactions in virtual environments. These virtual online communities "... are a combination of internet chat room, 3D games and next generation internet environment in which residents can choose what they look like and what they do, with goods and services traded using virtual money." According to the recommendations, the risks to users are:

• Credit card fraud against genuine customers and suppliers
• Hacking into databases and identity theft
• New opportunities for money laundering via false online identities
• Tax evasion and unregulated cross-border money movements
• Sales of age-restricted goods and services to minors.

Being my cynical self, I just cannot see why more regulation is needed for these activities. We already have regulation for credit card fraud, regardless of the object being purchased. Similarly, hacking and illegal database entry are already covered in the UK's Computer Misuse Act. Is online money laundering a problem? And if so, how is it any different from offline money laundering? I'm similarly sceptical about calls to treat online currencies as real money. The report's author stated that virtual money issuers should report to financial regulators, just as other money issuers do.

Perhaps I'm just suffering from the cyber-libertarian bug, but I'm increasingly sceptical of calls to regulate online environments when there is already perfectly serviceable legislation that does the job quite well. Similarly, why should you regulate currency that only operates in a limited private virtual environment? It's like trying to regulate Monopoly money! Just because some people may ascribe value to the online currency, it does not mean that it should be immediately subject to regulation.

I have been experiencing the intricacies of a nascent virtual economy in City of Heroes. The game was famous amongst other MMOs by its lack of crafting and economic structure. However, the latest update to the game has introduced an invention system that has added an economic value to in-game goods. Players will now receive recipes and salvage that can be used to craft enhancements to their powers and rare costume parts (such as the tech wings pictured above). Not only that, there are now auction houses in which players can blind-bid on items, which has meant that the game has found an economy overnight.

This has been quite an interesting phenomenon to witness. How does an economy assert itself from the start? The markets were crazy early-on, and some people made quite a lot of cyber-cash, but the market has been settling after the initial blip, with truly rare items acquiring disproportionate value, while common items have dropped even below NPC rates. This is community and market regulation at its best, and I cannot see how any governmental regulation would serve to do anything but get in the way of normal enjoyment.

What do you know? I'm turning into John Perry Barlow!

Web site? What's a web site?

(via Rebecca Henderson) A cloud of shame has now descended upon the UK's legal community. The Honourable Mr Justice Openshaw, a High Court judge hearing the Internet terrorism trial in London, has admitted that he did not understand what a web site was. According to Yahoo News, he told the court that "The trouble is I don't understand the language. I don't really understand what a Web site is". How depressing.

Nevertheless, I am an optimist and I prefer to look on the bright side of life. At least the judge was honest and did not pretend to know all about the Internet while producing a dreadful judgement.

Data Protection film-making

Faceless is an unusual film for many reasons. The plot, apparently, talks of a world where everybody's faceless due to calendar reform (huh?), but one day a woman wakes up and finds she has a face (Terry Gilliam meets Kafka).

What makes the film truly unique is that it is the world's first CCTV feature thanks to the magic of the Data Protection Act 1998 and of London's unequalled surveillance network. The film-maker, Manu Luksch, has created a story by simply walking in front of CCTV cameras, and then making a data subject request to obtain the data held about her. She then edited out the faces in the crowd (save her own) and edited the footage with a voice over. According to the director/script-writer/actress:

"For FACELESS, the filmmaker swaps data controllers for a film team, already installed surveillance devices for cameras and cranes, and a lawyer for a script writer. The process of accessing these images activates multiple legal layers of regulations concerning these recordings: Data Protection Act 1998, Article 8 Human Rights Act 1998, Freedom of Information Act 2000, as well as aspects of copyright and image rights. It is this information that mirrors the way society relates to its techno/mediated environment and tries to arrange and control itself. The arrangements expressed in these legal codes is used to craft a story."

I think the Data Protection aspect is pretty straightforward. Data subjects have the right to access data held on them, and this includes CCTV footage. However, I find the copyright aspects intriguing. Who owns CCTV footage? I'm guessing that the owner is the institution making the recording, and I am guessing that the editing together of all the images is enough to warrant originality. What about image and personality rights?

(Via BBC's Digital Planet podcast)

Perfect 10 v Google

The U.S. Ninth Circuit has decided an appeal on the Perfect 10 v Google case, and has sent it back to the district court. For those unfamiliar with the case, Perfect 10 is an adult content provider who sued Google over Google Image thumbnails, claiming that the tiny images displayed after a search constitute direct and secondary infringement.

(Pictured, a gratuitous llama inline image to illustrate the point)

At the heart of the direct infringement case is Google's practice of displaying reduced-sized inline picture. An inline is an HTML element that displays content hosted elsewhere. Perfect 10's argument was that such depictions are directly infringing copyright, and the district court agreed in first instance. Now the Ninth Circuit has found that these images were not direct infringement, because they were not "copied" in the important sense, a decision that will be welcome by bloggers and website designers everywhere. The relevant part of the decision says:

"Instead of communicating a copy of the image, Google provides HTML instructions that direct a user’s browser to a website publisher’s computer that stores the full-size photographic image. Providing these HTML instructions is not equivalent to showing a copy. First, the HTML instructions are lines of text, not a photographic image. Second, HTML instructions do not themselves cause infringing images to appear on the user’s computer screen. The HTML merely gives the address of the image to the user’s browser. The browser then interacts with the computer that stores the infringing image. It is this interaction that causes an infringing image to appear on the user’s computer screen. Google may facilitate the user’s access to infringing images. However, such assistance raises only contributory liability issues, see Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 929-30 (2005), Napster, 239 F.3d at 1019, and does not constitute direct infringement of the copyright owner’s display rights."

This is an extremely interesting decision for many reasons. Firstly, it brings back a bit of common sense to copyright litigation. It still leaves open the issue of secondary or contributory liability, but it legitimises the common practice undertaken everywhere on the Internet of making images available through inline tags.

Now we need a case in the UK on this, and also a sensible decision on linking.

Cyberwar 1.0

The mainstream press has been reporting on what could very well be the world's first cyberwar. A diplomatic conflict between Estonia and Russia over a bronze statute has resulted in what seems to be a series of coordinated attacks against Estonian institutions. Denial-of-service attacks have brought down websites belonging to news sources, the parliament and presidency, political parties, banks and telecomms firms. The sites were overwhelmed by requests from Russia, which prompted the blocking of foreign IP addresses to the affected sites. There has not been any indication that the attacks come from the Russian government, after all, Russia has a long-standing hacker tradition, but it is interesting to witness the disruptive power of concerted attacks against a national target.

No word as to how many bits have lost their lives in the conflict.

AACS to sue the MPAA?

(via Machine-Envy and PanGloss) It's amazing what a little hacktivism and playing around with search engines can do. If AACS starts issuing more cease-and-desist letter to take down the much-commented HD-DVD key from websites, they may have to remove this one.

And then Think Geek has a set of notes from a secret meeting at the AACS, which we reproduce:

Lessons Learned:
1) When trying to keep a secret, serving people legal notice re: its existence slightly less than effective. Possibly deploy ninjas next time?
2) Members of online communities object to posts being removed. Ask owners of affected sites to replace posts with smiley face emoticons.
3) Allowing lawyers to create public relations policy = bad idea.
4) "Cease and Desist" kinda does the opposite.

Action items:
1) See what other numbers we can get. Check on availability of 0 and 1 as vital part of circumvention technology.
2) DMCA not working: investigate banning computers?
3) Appeal to the kids. Introduce "Ernie the Encryption Key!"
4) Expire the key. They can't possibly crack it again, can they?

I like the ninja idea. Killer DRM Ninja Strikeforce vs The Pirates of Cyberspace. Now, that's a film I would pay to see.

PayPal now a bank

PayPal has sent an email to all its UK subscribers announcing that it will now be considered a bank. The message reads:

"Currently, PayPal (Europe) Ltd. is the service provider for PayPal in the EU. PayPal (Europe) Ltd. is a UK company regulated and authorised by the Financial Services Authority (FSA) in the UK as an electronic money institution. This authorisation enables PayPal to provide its service throughout the EU. From 2 July 2007, a new PayPal company, PayPal (Europe) S.à r.l. & Cie, S.C.A. (PayPal Luxembourg), will become the service provider for PayPal in the EU. This is a Luxembourg entity regulated as a bank by the Commission de Surveillance du Secteur Financier (CSSF), the Luxembourg equivalent of the FSA. PayPal Luxembourg will provide the PayPal service throughout the EU."

As it says, PayPal used to be an Electronic Money Institution regulated in the UK, but it will now be a full financial institution in Luxembourg (i.e a bank). This piece of news was particularly welcomed by Lilian Edwards and yours truly. Former students and the few people who have read our musings on the subject may recall that I have always claimed that PayPal behaved like a bank, and that it should be regulated as one. One of the small perks of academic life is being able to say "I was right all along!" (followed by the small voice inside of you saying "who cares?", but I digress).

For those who wonder about the causes for this move, according to the Telegraph it has been prompted by fears of competition from Google Checkout, the new payment systems from, guess who? Google. It is an interesting move. PayPal will have to comply with more stringent regulation, as financial institutions are scrutinised more closely. It seems clear to me that whatever commercial reasons, the user is the winner, as there is now more certainty about PayPal's European operations.

(via Lilian Edwards)

Spanish jazz club wins case on copyleft claims

Last week we reported on the case brought by Spain's collecting agency SGAE against a bowling bar in Alicante, which lost on its claim that it only played "copyleft" music.

Almost immediately, another case has come out, this one in favour of the claimant bar. As I reported last week, the reason for all of these cases in Spain is that Article 150 of the Spanish Copyright Law provides a defence against legal action from collecting societies if the defendant can prove that he/she does not play music of artists represented by SGAE. The new case has been won by the defendant in a sentence in Salamanca, and in a very interesting ruling that provides a detailed description of copyleft and Creative Commons.

The case deals with jazz club Birdland, which was sued by SGAE claiming payment for failing to pay royalties for making music available to the public in the locale. As with other cases, the club owner claimed as his defence that they played only alternative and free music. It came down then to the element of proof, but before that, the judge-magistrate Luis Sanz Acosta, delivered a rather accurate description of copyleft and Creative Commons:

"...in recent years we have seen the rise of so-called "música libre" in our country, very much an Internet phenomenon as a medium for music distribution. From a distribution model very much circumscribed to the sale and rent of works, controlled by content industry, there is now an almost unlimited model, thanks to the global diffusion provided by the Internet, in which creators themselves, without industry intermediaries, can make digital copies of their work available to the public. This phenomenon has originated the coexistence of different content distribution models with regards to the new possibilities offered by the Internet:

a) The traditional model, based on copyright protection, which seeks to restrict access and use of online content, by using negotiating formulae of restrictive nature and technological control measures, expressed in the so-called "Digital Rights Management".

b) A model that provides free online access to content, on occasions allowing personal use (implicit licensing models), and in other situations, the free redistribution of the work, its transformation and even its public economic exploitation, with the only proviso of citing the source. These are models of public domain and general licences (General Public License), such as, for example, the Creative Commons licences, which include a copyleft clause.

With this copyleft clause, the owner allows, by means of a general public licence, the transformation or modification of his work, compelling the author of the modified work to make it available to the public with the same conditions, that is, allowing free access and further transformation. With the Creative Commons licences, the rights-holder reserves the right of economic exploitation and can forbid modifications. It is vital then to distinguish Creative Commons licences that have, and have not, the copyleft clause. In some instances there will be Creative Commons licences that include the copyleft clause (translation mine, traduttore = traditore)."

This is close enough to what the movement is all about, although it still confuses some of the terminology, but it is clear that the judge understood the concepts involved, and that he was willing to look at the evidence in a fair manner. When it came to that, SGAE presented a detective and one of their local representatives. They produced a recording that was found to have been made in another establishment altogether, a fact that did not go down well with the judge. On the other hand, Birdland's owners were able to produce several witnesses that attested to the fact that the jazz club played alternative and unusual "música libre", which was available from download from two computers installed in the bar. Similarly, the judge heard from the technicians who installed the computer equipment. It was clear that SGAE produced poor evidence, while Birdland substantiated their case quite well. The relevant part of the ruling reads:

"Certainly, from the presented evidence it is not possible to claim that each and every one of the musical works communicated to the public in the demanded establishment have been granted freely by their authors through a Creative Commons licence, but to demand such proof, in those exhaustive terms, would be to demand evidence as diabolical as to ask SGAE to prove that each and every one of the songs communicated in the locale belongs to their represented artists. [...] Hence, the evidence has the consequence that it breaks the presumption that the music communicated to the public in the establishment had to be, at least partially, musical works managed by SGAE. With that presumption in tatters, it is the plaintiff who has the burden to prove that the music played in the locale is managed by them. Well, as things stand, it is evident that SGAE's evidence has been lacking and irrelevant."

A pretty impressive result for copyleft-playing locales in Spain. Besides, any sentence that uses the word 'diabolical' deserves my unashamed and utter respect.

(Thanks to all who emailed about this, including Erick Iriarte, Ignasi Labastida and Miguel Peguera. Also thanks to Javier de la Cueva for his excellent report)

Linux infringes Microsoft's patents

Fortune Magazine has published an interview with Microsoft's Steve Ballmer, where he has made the comment that Linux infringes 235 of its software patents, and it will be looking for licences from developers and corporate users. As your friendly neighbourhood Prophet of Doom, I have been announcing the advent of the Great Software Patent War for some time now. Yes, I know, being right all the time is tiring and risky business, Cassandra had a cruel fate after all.

The argument put forward by Microsoft seems straightforward. "We own some patents, Linux implements some of those inventions in their code, if you want to use Linux, then you must pay us". Nobody has been sued yet, but it is obvious that the interview has been designed in order to issue a blunt threat against Linux users and developers to enter into negotiations with Microsoft.

This threat is unlike the much debated and scorned SCO v IBM case, where SCO has been conducting a lengthy (and ultimately futile) suit arguing copyright infringement by IBM and Red Hat. Unfortunately for Free and Open Source developers and users, Microsoft's claims have more weight given the strength of software patent claims in the United States. 235 patents are not something to be shrugged-off, this could truly spell the demise of many small-scale FOSS projects.

I've been trying to figure out the strategy behind this, after all, there was a feeling in some sectors that Microsoft had been warming towards FOSS. There was the adoption of an open source strategy, and the heavily talked-about deal between Novell and Microsoft. Under that deal, Microsoft and Novell promised not to enforce each other's patents, while Novell promised to pay Microsoft a percentage of its revenue. This deal, of course, is not kosher in Free Software circles. Moglen made it clear that the GPL v3 would be re-drafted in order to make such a deal a breach of the GPL, which was eventually done with the latest draft. According to the new version:

"You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a patent license (a) in connection with copies of the covered work conveyed by you, and/or copies made from those, or (b) primarily for and in connection with specific products or compilations that contain the covered work, which license does not cover, prohibits the exercise of, or is conditioned on the non-exercise of any of the rights that are specifically granted to recipients of the covered work under this License [...]"

This convoluted clause is designed specifically to attack the Novell and Microsoft deal, hence its nightmarish wording. Similarly, the new GPL contained a clause that could eventually be used to make the patent licence contained in the new GPL into a viral clause similar to existing copyleft clause in GPL v2. Obviously, these developments seemed to prompt action from Redmond, and today's announcement seems precisely to do that.

But why now? It seems obvious that the threat is designed to issue a clear threat against the GPL v3, and perhaps it attempts to influence the draft's discussion. This may be the reason why the FSS, Stallman and Moglen have answered forcefully, almost with a "bring it on" attitude. They know that the pendulum is swinging against unfettered software patents, and that this case could very well prove to be the silver bullet that fatally wounds the current system. Imagine a situation where large numbers of corporate Linux users are sued by Microsoft. The result could very well be a legislative push against broad patentability. Microsoft is also playing with fire by entering into IBM's turf. As one of open source's corporate patrons, IBM has an impressive software patent arsenal that it could deploy if things get to an all out litigation battle. It is an open secret in the industry that as things stand, everyone is infringing someone else's patents, and what sustains the balance at the moment is a complex network of cross-licensing between industry giants. I have always believed this is one of the reasons why FOSS projects have managed to remain litigation-free so far. If Microsoft sues, will IBM retaliate? What would such a case look like?

Expect geekdom and the blogosphere to go nuclear over this one.

Sued for NOT using DRM?

This is a bizarre take on copyright law. DRM manufacturers Media Rights Technologies (MRT) and BlueBeat.com have issued cease and desist letters against Apple, Microsoft, Real and Adobe for not including their technological protection measures in products like Windows, iPod and Flash Player. I could try to explain the convoluted reasoning behind this, but I will let MRT's press release do it for me:

"The Digital Millennium Copyright Act (DMCA) was signed into law by President Clinton in 1998 to disseminate and protect the arts in the digital age. It makes illegal and prohibits the manufacture of any product or technology that is designed for the purpose of circumventing a technological measure which effectively controls access to a copyrighted work or which protects the rights of copyright owners. Under the DMCA, mere avoidance of an effective copyright protection solution is a violation of the act.
MRT and BlueBeat have developed a technological measure which effectively controls access to copyrighted material. [...] Therefore, Media Rights Technologies (MRT) and BlueBeat.com have issued cease and desist letters to Microsoft, Adobe, Real Networks and Apple with respect to the production or sale of such products as the Vista OS, Adobe Flash Player, Real Player, Apple iTunes and iPod."

This is probably nothing more than a publicity stunt, and should not be taken seriously, but imagine the implications of a world that operated in this twisted reading of the law. You could be sued for all sorts of passive behaviours and inaction!

(via Ronald Chichester).

WOW Visa

Because nothing says "I'm a geek" like a piece of plastic with the picture of an elf on it.



So many jokes, so little time...

(via Colin Miller)

M@rking...

It's that time of year again.



Following this method could help alleviate the pain.

Top 10 passwords

Everyone is going to be blogging this in the next few days, so I might as well share it.

This is the list of Top 10 passwords according to PC Magazine:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

password? myspace1? link182? Some people do deserve to have their data stolen.

Electronic Money Strikes Back

I have been a long-time critic of electronic money. We've been hearing about how we'll all be ditching our banknotes and coins within "the next two years" since 1998. Similarly, we've had a regulatory response to the subject which has been particularly inadequate, as it was drafted with specific technologies in mind, while the market has moved towards account-based systems such as PayPal.

Now UK banks have charted the roll-out of a payment system to be included in new debit and credit cards that will allow electronic payment for amounts under ten pounds. The new system is a "contact-less" or swipe-through system similar to that used by London Transport in their Oyster Card scheme. An RFID system will be placed in the cards, which can make payment as easy as flashing out your card. The scheme has been piloted here in Edinburgh, in 11 shops surrounding the Royal Bank of Scotland. The scheme will then be tested in London, and then, as film villains like to say, the world (cue maniacal laughter).

I must admit that this seems like the real deal. It will be convenient, and it is set to reduce the cost of handling cash for businesses, so there is a strong incentive for adoption by intermediaries. It's also added to existing payment systems, so there will be no need to get extra cards to our already bulging wallets.

This feels strangely un-climactic. I cannot be curmudgeonly about new technologies! I must be losing my edge.

Update: The system is called payWave for Visa and PayPass for Mastercard (insert snarky comment about names here).

Another Spanish bar loses on copyleft licences

(via Erick Iriarte) Javier de la Cueva has posted a report on yet another defeat for copyleft against the Sociedad General de Autores y Editores (SGAE) in Spain, this time in Alicante.

The ruling from 21 March 2007 decides on an appeal to a previous decision with regards to a bowling bar called Bowling Vistahermosa in Alicante. The reason why we have been witnessing so many cases with regards to copyleft music in Spain is because Article 150 of the Spanish Copyright Law provides a defence against legal action from collecting societies (namely SGAE). If a collecting agency requests payment for licensing of music in a bar, it is a legitimate defence to "allege, subject to due substantiation, the lack of representative qualification of the plaintiff or of authorization by the owner of the exclusive rights, or failure to pay the corresponding remuneration." In other words, defendants may claim that they do not play music of artists represented by SGAE.

In this case, as in previous ones, the bar argued that they did not play SGAE-managed music, but that they played copyleft music. The case dates from 2002-2004, so it's important to note that this is not a Creative Commons case. The problem was one of evidence, as the court found that there was not enough evidence that locale did play only copyleft music. SGAE presented only two witnesses, one a local representative, and one a detective, and both argued that they had attended the bowling bar, and that id played regular commercial music, including "dance music and reggaeton". The defence, on the other hand, did not present any admissible evidence as to the fact that it played copyleft music, therefore the defeat.

These cases should not be seen as a defeat to copyleft licences, they respond to a very idiosyncratic twist of copyright procedural rules in Spain. The lesson to be learnt, if any, is that pursuing these type of actions against the SGAE seems counter-productive.

However, I believe that Bowling Vistahermosa deserved to lose from the fact that it plays reggaeton. Ugh.

AACS vows to fight bloggers over number

(via David Berry) The BBC reports that AACS has vowed to fight against bloggers, aggregators, and all sort of users who have posted the now infamous key online. I must admit that my original scepticism has dissipated, and I cannot possibly believe that AACS would ever dream to take on the Web 2.0 posse.

Assuming that the master key posted all over the Internet actually works (and there is now little doubt that it does), its posting indeed is a very important element of a circumvention device for an effective technological protection measure as defined by legislation all over the world. In the U.S., posters of the key could be in breach of anti-circumvention measures enacted by the DMCA ( s 1201 17 U.S. Code, see Fred Von Lohmann's analysis).

In Europe, anti-circumvention measures are protected by the EU Copyright Directive, which states that:

"Art. 6: 1. Member States shall provide adequate legal protection against the circumvention of any effective technological measures, which the person concerned carries out in the knowledge, or with reasonable grounds to know, that he or she is pursuing that objective.
2. Member States shall provide adequate legal protection against the manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services which:
(a) are promoted, advertised or marketed for the purpose of circumvention of, or
(b) have only a limited commercially significant purpose or use other than to circumvent, or
(c) are primarily designed, produced, adapted or performed for the purpose of enabling or facilitating the circumvention of, any effective technological measures."

And in the UK, s296ZB of the CDPA applies, as it establishes an offence for knowingly making available to the public a circumvention device.

So, to put it in vulgar parlance, we're screwed, right?

Not necessarily. Firstly, there may be a case to be made that the actual key, in and by itself, is not a circumvention device in the sense of the law. You cannot break protection with just the key, and I'm pretty sure that not a lot of people would know how to do it right away, as the decoding software is still needed. Secondly, I would argue that many people simply replicated the number not knowing what it did, they simply got caught in the hype sweeping the Net. A lot of the legislation places a requirement of knowledge, there is mens rea required as posting of the circumvention device must be done knowing that it is, indeed, a circumvention device. Thirdly, there is a matter of safety in numbers. Googling the number, there are 1,010,000 hits without hyphens, 908,000 results with hyphens, and even 482 results with underlines. And these are only searchable items. There are hundreds of non-searchable examples!

I guess the more popular your blog, the more likely you're to be prosecuted. Thankfully, that rules me out (famous last words).

University students' identities revealed to RIAA

(via George Sakellariadis) The University of Wisconsin-Madison will be revealing the identity of 53 of its students to the RIAA after the educational institution lost a case against the music industry. The students are file-sharers, and it means that they will almost certainly be receiving some of the infamous "settlement letters", and could even be slapped with lawsuits for infringement.

Remember kids, don't download on campus. And if you do, use a secure system.

A digital bully den?

I've read an interesting article in The Independent by Yasmin Alibhai-Brown, and while I don't agree with it, I've been noticing an increase in cyber-scepticism and technophobic criticism against all things online. While some of the protestations can be classed as the typical grumbling against change from the Luddites, some of the criticism may be justified.

The Alibhai-Brown piece is a good example of this. Why should she complain about a friend who's late for a dinner party because he was playing around in Second Life? Would she publish the same criticism if he was late because of reading the newspaper, or watching the news? Being late for an appointment is irrelevant to the technological cause, it's bad manners. Similarly, complaining about people married to their Blackberries fails to realise that those people are simply rude, and if they did not have their devices, they would ignore you anyway.

However, the article may have a point about the growing virulence of expression online. The Kathy Sierra affair has helped to uncover the ugly side of sexist targeting of online personae. Similarly, anyone who has spent any time in an online community will be familiar with the disruptive change that happens to some people as soon as they're behind a keyboard. After all, anonymity + keyboard + audience = frakwad. There seems to be a growing fear that the Internet brings out the worst in some people. Closet racists, misogynists and homophobes can find communities of similarly-minded people where they will reinforce their own prejudices by producing feedback and looking at the world from their own perspective, and filtering out any dissenting opinion. This has been expressed in Cass Sunstein's excellent Republic.com, and I think that is indeed cause for concern.

The Internet can offer the world at our fingertips, yet increasingly many choose it to connect to the cyber-sewer of the mind.

On a lighter note, Lilian Edwards has sent me this wonderful picture (click to enlarge):

HD-DVD brought down by Web 2.0

Back in January I had reported on the hacking of HD-DVD protection by improper key management. AACS, makers of the DRM protecting the new format, vowed to try to shut down BackupHDDDVD, which is instrumental to some part of the cracking process. At the time I thought it was likely to be the last we would hear about this topic, after all, cracked protection is hardly news, is it? Once the how-to had been posted in Ed Felten's blog, the game was up. Or so I thought...

In order to understand the cracking process, we need to understand keys. Felten explains it best, so here he goes:

"In AACS, each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “title key” is generated and the video content on the disc is encrypted under the title key. The title key is encrypted in a special way that specifies exactly which devices’ decryption keys are able to extract the title key, and the result is then written into a header field on the disc.
When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to extract the title key from the disc’s header; then it uses the title key to unlock the content."

However, January's vulnerability was limited, as it could not decrypt the title's key, it was only a player key, which would be useless by itself. Suggestions were made to have a title key database that cracking software could access, but as far as I know it was not implemented. That was the state of play until yesterday, when a key was released to the public which allegedly can be used to decrypt most existing titles. Apparently, this is a processing key, something akin to a master key. I have not been able to find the first source of the key, although some sites have posted a link to a removed WordPress blog here. The earliest post I could find in this meme is here. Perhaps in the days of Web 2.0, it is impossible to find sources. Anyway, what we know for sure is that someone posted this somewhere (vagueness is also very web 2.0):

"Spread this number. Now.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0. It's the HD-DVD processing key you can use to decrypt and play most HD-DVD movies in Linux. Movie studios are going ballistic over this leak, so Digg the story up and make it reach the front page."

This was like DeCSS all over again, but this time with blogs, YouTube, Digg and the whole force of a meme-churning machine. In other words, AACS does not stand a chance. That doesn't mean they did not try! Apparently the number made front page of Digg, who then received a Cease & Desist letter and decided to remove the stories and even cancel user's accounts. Needless to say, the slightest whiff of censorship sent the copyfight warriors on overdrive, and we had a t-shirt (pictured), replication in countless blogs, and even a song uploaded on YouTube. Some of the discussions in Slashdot and Wired have been worth reading as sociological examples of slighted self-righteous geekdom. I can imagine this repeated in chat-rooms across the world:

"Replicate this number, it allows you to copy your HD-DVDs"
"But, I don't own any"
"Doesn't matter man, they're trying to censor us!"

Digg realised they were losing the good will of geekdom, so they posted a "we hear ya", together with the dreaded number on the title. They have decided to "go down fighting" and side with the rebelling masses.

I may be forgiven for being my cynical self, but I must admit that I'm getting slightly suspicious about this whole affair, I'm missing some very basic information in order to make sure that this is a legitimate issue. Here are some problems that I have with the news:

1. Where is the original post? Has it really been taken down?
2. The earliest key replication seems to come from a meme post designed to anger the masses. No, you cannot copyright numbers, but keys may be protected as part of an effective technological protection measure.
3. AACS has not made any official declaration that it's pursuing infringers, something that they have done in the past.
4. I would like to see Digg's cease-and-desist letter, it seems to me like lawyers for the industry moved incredibly fast.
5. There's something about the whole story that smells like urban legend to me. The meme has spread too fast in order to get accurate information.
6. Has anyone actually tried to use the key?

It's possible that my suspicions are misplaced. If that is the case, AACS may have committed the biggest blunder by trying to suppress the key; the level of dissemination is such that it will be impossible to recall it. This may prove to be a case study of how useless cease-and-desist may become in the Web 2.0 era. Even if the story proves to be a clever hoax, copyright owners should heed the lesson.

Update. Some interesting replication strategies from David Berry:

• Doom9 original thread.
  
• Saved version of the original Digg post and discussion here.
  
• Domain names here, here, and here.
  
• A techno song here.
  
• Wired blog post here.
  
• More madness here.
  

But I still haven't seen any first-hand report that anyone has actually used the key to crack an HD-DVD.

Update 2: Chilling effects has posted the AACS C&D letter to Google, so I guess that makes it official, the key seems legit. If AACS wants to take it down, there must be a reason.
"Ladran Sancho, señal que caminamos".

Update 3: Fred von Lohmann from EFF has posted a warning against posting the key.

Microsoft wins patent case in US Supreme Court

The United States Supreme Court has ruled on Microsoft v AT&T, a dispute over patent infringement abroad. Patent law is pre-eminently national, so it does not apply over items manufactured and sold in other countries. American patent law has only one exception to that rule, and it is if components have been manufactured in the U.S. and then are assembled abroad then there can be infringement actionable by U.S. courts (s271(f) 35 U.S. Code).

The case is whether there is patent infringement for a software product that may be sent in a master disk from the United States, and then assembled and sold abroad. AT&T owns a patent over speech-encoder (RE32580), and it sued Microsoft arguing that Microsoft Windows contains code which infringes their patent claim. AT&T included in their infringement suit international claim for all copies of Windows manufactured and sold abroad, a claim that Microsoft contended.

The U.S. Supreme court was asked two questions, is Windows a component in the sense of s271(f)? Here the answer was yes. If so, was the component supplied from the United States? The answer here was no, as evidence pointed out that the physical master disks were shipped from places outside of the United States to overseas assembly factories, even if there was a presumption that some of the software could have been coded in the U.S. AT&T protested that this was a loop-hole in the legislation. The Court recognised that was potentially a concern, but that it was up to the Legislative to plug the hole. They commented:

"AT&T urges that reading §271(f) to cover only those copies of software actually dispatched from the United States creates a 'loophole' for software makers. Liability for infringing a United States patent could be avoided, as Microsoft's practice shows, by an easily arranged circumvention: Instead of making installation copies of software in the United States, the copies can be made abroad, swiftly and at small cost, by generating them from a master supplied from the United States [...] The 'loophole', in our judgment, is properly left for Congress to consider, and to close if it finds such action warranted."

However important this discussion is, to me the most important part from a foreign perspective is the unambiguous statement against extraterritoriality. The ruling states:

"Any doubt that Microsoft’s conduct falls outside §271(f)’s compass would be resolved by the presumption against extraterritoriality, on which we have already touched. The presumption that United States law governs domestically but does not rule the world applies with particular force in patent law."

It's refreshing to see extraterritoriality shut down in certain terms by the U.S. Supreme Court. This is heartening, as it helps to maintain software patent madness well within American borders. We can only hope that it stays there.

Not an IP Day post

Because I have the strong psychological urge to be different (or at least different-ish), I'm trying to make today the "Non-IP Day", seeing as yesterday was "World Intellectual Property Day".

We need a snazzy name though.

Social networking, one month on

It's been a month since I decided to take the plunge into the dark and mysterious world of social networking by joining LinkedIn and Facebook. My initial motivation was to join in order to conduct research, I'm one of those old-fashioned academics who prefers to experience first-hand what they're talking about (not always advisable, as academics conducting research into hyena mating practices could tell you).

The first thing I did was to research social networks available. I had some recommendations from colleagues Nicolas Jondet and Colin Miller, but I also wanted to look at other alternatives. MySpace was out of the question, as I'm not a band (check out Malpaís and Broken Records), I'm not a popular podcast, nor an unruly teenager. Also, I have read about the 10 ways in which Myspace can ruin your life. Other sites did not offer what I was looking for, so I decided to go for the two recommended to me.

LinkedIn is serious networking, you fill in your professional details, hook with other like-minded people, and share their contacts. You can also write recommendations, and virtually introduce one of your contacts to another. I'm almost certain that I will keep using it, although the contact build-up has been slower than I expected, but the site fits well with my research into network theory.

However, Facebook is an entirely different kettle of fish, and I'm not sure what to think of it yet. At first glance, the only difference between Facebook and MySpace is that the former is directed to older audiences, and it seems particularly popular with University students. It also offers a range of "privacy" settings, which allow users to share information only with selected friends, or to the world. I've found it well-designed and easy to use, and I've been immersed into the wealth of snippets into other people's lives.

Facebook is very popular with Edinburgh students and with some members of staff, which has created a conundrum for me. Should I join a network dominated by students? If so, everything I do or say in the environment will be open to scrutiny. How much information should I make available? Can I relax and be myself, or should I adopt a more professional outlook? Should I use the privacy settings or be open about it?

I've found the network useful, and I've decided to go for an open approach, but I'm still experimenting with the settings. One thing is sure, I can already see some interesting legal implications with social networking. There are a lot of avenues for research on defamation, intermediary liability, copyright and privacy that require further exploration.

Then again, I could just relax and post kitten pictures. Everyone loves kittens, right?

Update: I've just read this article on The Guardian. BNP in Facebook? Perhaps there's a new Godwin's Law for social networking, once the BNP moves in, the site is over.

Attack of the killer robots

The BBC Technology News and the Today programme have been talking today about the great robot debate. Experts, academics and other assorted folk will discuss tonight about the potential threats arising from increasing numbers of robots, a discussion organised by the Dana Centre and the Science Museum. While at first I thought this was going to be a mirth-inducing exercise, reading more about it has prompted me to explore the issue further.

The debate will discuss a foresight report entitled Robo-rights: Utopian dream or rise of the machines? commissioned and conducted by the DTI's Chief Scientific Adviser. The report concludes that:

"As computers and robots become increasingly important to humans and over time become more and more sophisticated, calls for certain rights to be extended to robots could be made. If artificial intelligence is developed to a level where it can be deployed widely -- a development some argue is likely in the coming years -- this debate may intensify."

Robot Liberation Army, here we come...

Nevertheless, experts present at the debate are going to argue about more worrying problems arising from robotics. The threat will not come from conscious androids asking for their right to vote in the next European election, nor will it come from human-looking automatons. Experts are concerned about something more worrying, they believe that the threat comes from dumb automated robots, highly independent machines involved in decision-making that has little or no oversight by humans. One particular area of concern seems to be the military use of drones and other independent mindless machines, where the potential for things going wrong would increase. I have to agree somewhat, hasn't the military ever seen a science fiction film? Everybody knows that military robots always go bad.

Seriously though, I tend to be sceptical about these claims, as they seem to me to respond to scaremongering technophobic fears. Automated machines have been with us for decades, and they still have not decided to take over the world. Similarly, military drones making mistakes are similarly dangerous to military personnel making mistakes. Even less so, if the appropriate checks are built into the system's architecture. Fears of robots are entrenched in culture, but they tend to ignore the fact that we have been living with vending machines, VCRs, AIBO and factory assembly arms for years now. When was the last time that you saw a Coke machine kill a person? (actually, people have been killed by vending machines).

Anyway, a discussion of robots is not complete without Asimov's Three Laws of Robotics:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

State of Play Academy

The State of Play Academy begins today, and will offer classes until June 2007. SOPA will be teaching law and technology classes from an impressive array of experts on a wide range of topics. SOPA is taught through www.there.com. Unfortunately for those of us on this side of the Atlantic, the classes are held in Pacific Time, which means that to attend I will have to stay up late. I may do it tonight, where David Post will talk about the Viacom-YouTube case.

Canadian lawyer needed

You may have read about the CC Canadian enforcement case reported earlier. David Wise, the photographer involved, has left a comment stating that he may actually go to court over this.

If you know of a pro-bono Canadian lawyer, please email David.

WiFi thieves?

(via Trey Roberts) Reuters and the BBC are reporting on two arrests made in Worcestershire for wi-fi piggybacking, but where released under caution.

Wi-fi leechers are a growing phenomenon, as more and more houses have wireless devices and routers, the number of unprotected networks also increases. A leecher will conduct wardriving to find unprotected hotspots, and then connect to the unsecured network. The intentions of the piggybacker may be honest, the person may just want to get a free wireless connection to check his/her email. But there is a more sinister side to wardriving. For example, it has been reported that some people are using piggybacking in order to engage in illegal activities, such as infringing file-sharing, or child pornography. One can see this as an attractive proposition for criminals, as it would lay the burden of proof entirely on the person with an open access point.

The solution to the problem is to make wardriving and piggybacking illegal. In the UK there is enough legislation to prevent piggybacking and to allow the police to intervene. Firstly, the Computer Misuse Act 1990 could be applied, as section 1 reads:

"1.—(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case."

However, this would be subject to interpretation, as a wardriver may not fulfil the type. The Communications Act 2003 is clear with regards to the prohibition, as it establishes an offence of up to five years for dishonestly obtaining electronic communications services. Section 125 reads:

"(1) A person who-
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence."

Other legislation that could apply is the Regulation of Investigatory Powers, as it establishes an offence for intercepting communications.

40k

The blog has now reached forty thousand hits since I started counting, and most days we get more than one hundred individual visitors (not counting those reading through RSS).

Thanks to all regular and non-regular readers for making the early mornings worthwhile.

Virtual prostitution or virtual prank?

This seems to be an urban legend or prank, but I found some of the potential legal implications quite interesting. Supposedly, a female gamer from New York placed an advert on Craigslist stating that she would have sex in exchange for 5000 gold in Wolrd of Warcraft so that she could buy an Epic Flying Mount in game. The listing was allegedly removed from Craigslist, but someone managed to make a screen-shot.

As you can imagine, the item generated considerable amounts of discussion in its own thread in the WOW forums. The story culminated, according to WOW Insiders, with the player posting again on Craigslist to advertise the fulfilment of the transaction, and share an image of the epic mount (the beastie, not the act).

Besides the very strong possibility that this is some kind of prank, and leaving aside some of the unsavoury and misogynistic comments in some of the forums, I've wondered about the potential legal issues here. Firstly, there is the self-regulatory element of Craigslist removing posts that advertise or make offers of selling sex. Would this act be considered prostitution? Does it make a difference that the payment is in a currency that can only be accessed in-game, to make virtual purchases? Does it matter that the exchange is in virtual goods?

Similarly, I have been wondering at the amount of social regulation taking place here. Most of the forum participants have expressed their disapproval or disgust as this type of practice. Why is this? Is it just that it seems a little sad? Isn't this just another commercial transaction involving virtual goods? Should we care what two consenting adults get to in their own time?

I will leave the most lurid details out of the discussion, but perhaps we will have to start thinking of virtual pimping, virtual brothels and such soon. Reading Wired's Sex Drive column is always quite an education on what some people do with their online existence.

I guess I'm just too boring, all I do with my online time is blog.

Creative Commons enforced in Chile

(via Erick Iriarte) The Chilean NGO Derechos Digitales has successfully issued its first cease and desist letter to enforce a work released under a Chilean Creative Commons licence (read the original story in Spanish here). The image (pictured on the right) is the work of young designer Armando Torrealba, and it was part of a promotional campaign of Chilean rock group Marlou. Torrealba wanted to distribute the image in a way that would allow fans to remix it and reuse it, so he released it under the Chilean CC.

However, the picture was picked up by department store Falabella and used in their own Internet advertising campaign. Torrealba contacted Derechos Digitales, who decided to help the designer enforce his work against the commercial use by drafting and sending a cease and desist letter. The missive was successful and Falabella has taken down the picture.

Congratulations to Claudio Ruiz and his team in CC-Chile for their work, which demonstrates that Creative Commons licences can be enforced in Civil Law systems. This also shows that a support system is required in order to properly enforce open licences, as evidenced by the power wielded by organisations such as GPL-violations.org. Chile is lucky to have an excellent team behind the licences, and similar support can be found throughout many jurisdictions.

Legal issues aside, am I the only person who thinks that the panda is particularly cool-looking? The Sex Pistols meets WWE meets Andy Warhol. Nice.

ORG raffle winners announced

The winners of the ORG Raffle have been announced in the ORG blog. They are:

• A signed copy of Lawrence Lessig’s Code 2.0 goes to Kimberley Gahramt
• A signed copy of Bruce Schneier’s Beyond Fear goes to Karen Molden
• A signed copy of the Gowers Review of Intellectual Property goes to Grant Slater
• Neil Gaiman’s signed keyboard goes to Ben Goldacre
  
• £90 of O’Reilly vouchers goes to Laurie Rich
• £60 of O’Reilly vouchers goes to Zach Robinson
• The 12 CD Beatpick compilation goes to Lawrence Lessig
  
• And the chance to be written into Cory Doctorow’s next book and receive a signed author’s galley goes to Graeme Sutherland
  

I will not deign to comment on the fact that I did not win anything at all. Or that a certain Professor won some CDs. Or that the Bad Science columnist won the much-coveted keyboard. Nothing. Zilch. Zip. Nada. I will not make a comment. Not that I'm bitter about it. Not at all. I'm OK. Really I am. No problems. Truly. I'm all right. I never win anything anyway. No skin off my back. Really.

Anyway, pictures from the event are shown here for all who care. I do not, but I just point out in case anyone does.

Will patents kill the MP3 format?

Recently, Microsoft lost a case filed by Alcatel-Lucent with regards to patent infringement of MP3 technologies owned by the later. In Lucent Techs. Inc. v. Gateway, a jury awarded 1.5 billion in damages to the plaintiff and against Gateway, Dell, Microsoft and other defendants for using patented technology without a licence. Alcatel-Lucent owns two patents, US 5,627,938 and a reissue of the same. Alcatel's claim is for "Rate loop processor for perceptual encoder/decoder". The abstract for the patent reads:

"A method and apparatus for quantizing audio signals is disclosed which advantageously produces a quantized audio signal which can be encoded within an acceptable range. Advantageously, the quantizer uses a scale factor which is interpolated between a threshold based on the calculated threshold of hearing at a given frequency and the absolute threshold of hearing at the same frequency."

Defendants claimed that they had already licensed technology from the Fraunhofer Institute, which was perceived to own the patent. However, this ruling seems to establish that all MP3 licensing should go to Lucent, and therefore many companies may be getting nervous, as they could be sued next.

The case have prompted some to imagine the much advertised demise of the MP3 file format. I usually get a distinct feeling of deja-vu when reading such comments, as I have been reading about the demise of MP3 since 1997. True, the patent may prove too cumbersome for some companies, but I'm afraid that the issue is not one for the developers, it's one for the users. Consumers use Mp3, it's the standard format, therefore, it will continue to be used until they can convince millions of people to convert their music to other formats. The closest the market will get to change is through built-in formats in other systems. iTunes and Windows Media Player already use their own proprietary systems, but they have not even dented MP3's prevalence. The first thing I do when installing iTunes is to change the ripping settings to save files into MP3.

Blogosphere's code of conduct?

(via Wiebke Abel and other sources) The blogosphere has exploded once more in collective cries for or against a proposed code of conduct for bloggers. Tim O'Reilly has made a call for the imposition of a self-regulatory set of rules that bloggers will post under. The proposed code is:

1. Take responsibility not just for your own words, but for the comments you allow on your blog.
2. Label your tolerance level for abusive comments.
3. Consider eliminating anonymous comments.
4. Ignore the trolls.
5. Take the conversation offline, and talk directly, or find an intermediary who can do so.
6. If you know someone who is behaving badly, tell them so.
7. Don't say anything online that you wouldn't say in person.

Rather sensible rules that I would otherwise follow, but I would never label the "abuse toleration" level, or something like that. However, the reply has been quite amazing, from the reasoned to the trollish shouting and gnashing of teeth. "O'Reilly wants to take away our freedom!" you can hear the thousands of keyboards shouting in unison.

While I think that a code of conduct is superfluous, I'm rather amused by the response. The blogosphere, new as it is, is finding its own way, establishing rules and social norms. I think that it has worked reasonably well so far, with all levels of content available, with a similar range of opinions on offer. I don't think that I need a label to know that certain blogs are distasteful, I will just move on and never come back. However, even the suggestion of such a rule is anathema to the libertarians that see the blogosphere as the last refuge of the politically incorrect. To some of these people, even a kind suggestion that they are being a bunch of tossers smacks of repression and oppression. It's political correctness gone mad!

The bottom line for me is, the Internet is full of people. People do stupid things from time to time. Get over it.

"Ye can take away my keyboard, but ye cannae take away my FREEDOM!!!"

YouTube's content is mostly user-generated

The New York Times comments on a report by vidmeter.com about the popularity of user-generated content prevalent on YouTube as opposed to content owned by the creative industries. The report concludes that of the most popular videos, only 9% had been removed due to DMCA take-down requests, while those potentially infringing videos had generated less than 6% of all views.

This is quite a remarkable study, but it confirms my own experience with the site. I never visit YouTube to watch potentially infringing content, I visit to watch some amazing user generated content, such as this brilliant explanation on the genetic evidence for evolution.

The implications of the study are clear for Viacom v Google, as it seems to remove potential inducement arguments made by copyright owners.

Social network me that neutral Web 2.0

I never thought I would say this, but I've actually read something written by Andrew Orlowski which has not prompted me to throw things at my computer screen in anger. In an article on Net Neutrality, he has actually uncovered something that has been worrying me since I first heard about the debate. The big problem is, how do you define the term? You can get five different definitions from Wikipedia alone.

But this is not a post about net neutrality, I don't know enough about the subject to comment intelligently on it. However, this is a Monday morning rant against easy sound bites and complacent application of terms just because they sound good. Web 2.0 is one of those terms, similar to social networking and other neologisms prevalent in technology writing.

Piracy rates prove Pastafarianism

(via Jordan Hatcher) Ben Muse recently linked to an International Chamber of Commerce report on high-seas piracy. Apparently, sea piracy is on the decrease as pirates find it more difficult to collect plunder from their victims. There were 239 piracy attacks during 2006, while 2005 saw 445 attacks in total. That is an astounding drop in all things that go "Argh", but what does it all mean?

As a devout Pastafarian, this only serves as further proof that we have been touched by His Noodly Appendage. After all, one of the main tenets of the Church of the Flying Spaghetti Monster is that global warming is caused by the decrease in pirates. It's all proven by this useful chart:

This however, spells doom to all of us. If piracy rates continue to decrease, we're all going to fry. I've often wondered if online piracy rates can help to alleviated global temperatures, but alas, the Gospel of the FSM does not make any mention of that. I'm firing up BitTorrent just in case.

ORG party and raffle

Becky Hogge from the always excellent Open Rights Group has reminded me that their support ORG party will take place next Wednesday 11 April. Details about the venue, how to get there, times and other questions can be found here.

Becky also has reminded me of the most excellent raffle they're running. What's in display is an astounding range of geeky goodies, including the chance to be written into Cory Doctorow's next novel, a keyboard signed by the one and only geek god Neil Gaiman, a signed-copy of the Gowers Review for the law geeks, signed copies of Lawrence Lessig’s Code v2 and Bruce Schneier’s Beyond Fear, and other nice goodies.

I've bought four raffle tickets already because all prizes are tremendously appealing to me, but I'm particularly hoping to win the signed copy of the Gowers Review. Yes, I'm THAT sad...

CC Canadian enforcement case

(via Michael Geist). A Canadian photographer posted some pictures in Flickr and licensed them under a Creative Commons ShareAlike licence. According to one Mr Spatial Mongrel from Kamloops BC (no real name is given, but you have to love the nick), one of his pictures was used for political propaganda by Betty Hinton MP, who has been the subject of previous IP-related incidents as I recall.

I have written an analysis of the case, but I am now aware that this is rather moot as I'm not sure what was this picture licensed under, as it now shows as "All Rights Reserved" in Flickr. I will base the analysis under the assumption that it was licensed under a CC-BY-SA Canadian licence and not under the old generic one.

The first element of analysis is one of mere breach of the terms of the licence. As the original picture was licensed using a CC Attribution Share Alike 2.5 licence, then the derivative is in breach because it did not attribute and it did not share the derivative under a similar CC licence. To me this would be enough to warrant a suit if the author feels slighted.

However, the author claims that the use of the licence is done by someone with whom they don't share political views. This is irrelevant to the existing licence for several reasons. Firstly, the Canadian CC licence is the only one that waives the moral right of integrity. The current language reads in section 3:

"Except as otherwise agreed by the Original Author, if You Use a Work or any Derivative Works or Collective Works in any material form, You must not do anything that would offend the Moral Rights of the Original
Author, including but not limited to:
1. You must not falsely attribute the Work to someone other than the Original Author; and
2. If applicable, You must respect the Original Author's wish to remain anonymous or pseudonymous.
All other moral rights are waived. This means the Original Author is not reserving the ability to prevent downstream creators from engaging in material distortion or modification of the work, including, but limited to, associating the Work with a particular product, service, cause or institution."

This clause made the Canadian licence incompatible with other jurisdictions where moral rights could not be waived (Continental Europe, Latin America, etc.). This prompted changes and version 3.0 will be ported to remove this clause and to leave integrity rights intact. This is the solution we use in Scotland at the moment, where our licence asserts the moral right of paternity, but does not waive the integrity right. The new Generic CC Licence 3.0 contains this in section 4.d:

"You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation."

Similarly, s 4.c now has specific no-endorsement language:

"You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties."

Even if the author was using this licence instead of the Canadian one, I would still be sceptical of making an integrity claim. This is because you'll notice that the language is quite strong. The derivative must "distort, mutilate, modify or take other derogatory action", and this must be prejudicial to the author's honour and reputation. In my opinion, the mere use of the picture in political advertisement does not fulfil the language. In the UK, I believe that the right of integrity has not produced a lot of case law because the bar is set too high.

And even if the author is not using the Canadian version, his best case is to allege breach of licence. I do hope we get a case out of this, as it would be interesting for many different reasons.

So, in other words, "fight, fight, fight!"

Update: Spatial Mongrel is called David Wise.

Further update: Jordan Hatcher has pointed out that Flickr uses CC 2.0 Generic.

SCRIPT-ed March Issue out

The March 2007 issue of SCRIPT-ed is now live. In this issue:

Editorial:
The internet and security: do we need a man with a red flag walking in front of every computer? Lilian Edwards.

Peer-reviewed Special Issue - Creating Commons:

• Introduction to the Special Issue, Graham Greenleaf.
• Finding and Quantifying Australia’s Online Commons, Ben Bildstein.
• Simplification and Consistency in Australian Public Rights Licences, Catherine Bond.
• Business Models to Support Content Commons, Roger Clarke.
• Creative Commons – The Next Generation: Creative Commons licence use five years on, Jessica Coates.
• The Future Of Fair Dealing In Australia: Protecting Freedom Of Communication, Melissa de Zwart.
• Creating commons by friendly appropriation, Graham Greenleaf.
• Cooperative Intellectual Property in Biotechnology, Dianne Nicol.
  

Analysis:

• An Electronic Health Record for Scotland: Legal Problems Regarding Access and Maintenance, Renate Gertz.
  

Book Review:

• The WTO, The Internet and Trade in Digital Products: EC-US Perspectives, by Sacha Wunsch-Vincent. Reviewed by Katia Bodard.

Nothing to report on EMI

As I mentioned yesterday, the EMI and iTunes DRM deal did happen, and it was not a joke. I have nothing else to add, as it seems like everyone and their mothers have been talking about it. The demise of DRM? The beginning of the end? The rise of iTunes? I have no idea, but this feels like one of those "turning of the tide" moments. The entire geeky blogosphere is shouting "We were right, and they know it!".

Just check Techmeme's coverage of the subject, their algorithms must be going crazy.

April's Fools roundup

Another good April 1st has gone by, with some beautiful stories. Google sits on top of the April's Fool list, as usual. This year everybody's talking about Google's TiSP, a convenient ISP that comes through your toilet, and whose tag is "Want WiFi around? Just Flush it down!" The service works like this:

Finally! They've found uses for their many PhD students!

But my favourite this year is Google's explanation of their ranking system. Did you think that Google's ranking had anything to do with the popularity of links? No! It's all done through millions of pigeons tapping away on computers (as pictured above). Google's patented PigeonRank™ is so succesful because it "relies primarily on the superior trainability of the domestic pigeon (Columba livia) and its unique capacity to recognize objects regardless of spatial orientation. The common gray pigeon can easily distinguish among items displaying only the minutest differences, an ability that enables it to select relevant web sites from among thousands of similar pages."

In other sites, NASA's Astronomy Picture of the Day shows the first space quidditch match. In other items, Microsoft's Open Source Software Lab has announced a penguin adoption programme (just in case of doubt, there is such a thing as Microsoft's Open Source Software Lab, it's not part of the joke).

Interestingly, at first I thought that this story about EMI dropping DRMs was also a joke, until I saw it replicated everywhere. This goes to show that truth is indeed stranger than fiction.