inamerrata

Read it. Bookmark it. Read it again, beforehand, next time you choose to argue about something.

Quoth the Belmont Club:

The so-called strengths of Islamic terrorism: fanatical intent; lack of a centralized leadership; absence of a final authority and cellular structure guarantee uncontrollable escalation once the nuclear threshold is crossed. Therefore the ‘rational’ American response to the initiation of terrorist WMD attack would be all out retaliation from the outset.

…gets expected results.

UPDATE 2003/09/27:

Where are my manners? Hat tip: Kim Weatherall.

UPDATE 2003/10/24:

Hey, and a month later slashdot catches up! Advantage: Weatherall.

Matthew Hall, who’s running the Digital Agenda review at Phillips Fox, presented this paper (doc format) in New Zealand earlier this month, which discusses some of the findings of the review so far. Some excerpts:

Presently, no economic data supporting the additional costs that are being or are likely to be incurred or that demonstrate how (and the extent to which) any costs savings generated by [squid proxies, etc] would be passed onto consumers has been made available to the review. Similarly, no economic data supporting any argument that this activity does, in fact, divert sales or otherwise adversely impact on an owner’s legitimate entitlements or markets has been made available.

There are no time or format shifting exceptions in the Australian Act. However, inclusion of these matters are issues being advocated by users’ interests and opposed by owners’ interests.

There’s some other interesting stuff in there about what’s going on in NZ.

Tim Lister of the south Sydney Greens attended the Sydney forum, and posted a summary. An excerpt:

One rebel, the chap who built the modchip that Sony got exercised about, had a good time denigrating the illogicality of the legal system, that made it illegal to modify legal hardware that he legally owned to play legal datafiles that he legally owned, but that was the high spot of the day. I talked to him afterwards, and he has a lot of support, but unfortunately nearly all of it from people with no money; and it will cost him $38,000 just to file his appeal.

Read the whole thing.

A number of people have already made submissions:

• Deacons (TPM measures insufficiently effective)
• Stevens (the guy being sued by Sony for modchipping Playstations)
• Green (got ripped off by product activation)
• Van Emmerik (reverse engineer)
• International Disc Duplicating Association (IDDA) (broader statutory licensing)
• Australian Consumers’ Association (ACA) (various topics)

(Links repeated here since the Phillips Fox scrollover stuff for the submissions has inconsistent upper/lower case and doesn’t work with my web browser)

The rest of us have got five days left…

One risk of solving spam (by doing cool ecash stuff, or by any other means) is that you might be attacked by people who don’t want it solved.

I underestimated both the enemy’s level of sophistication, and also the enemy’s level of brute malevolence. I always knew that spammers had no principals and no ethics, but up until recently, I had no idea that they could or would stoop this low, or that they would engage in quite this level of criminality.

Finding a provider that can cope with DoS attacks might be interesting. Avoiding DoS attacks that exploit the protocol properties might be challenging too. On the upside, perhaps serious DoS attacks are unlikely until there’s already enough money in running the service that it’s not a major issue. On the other hand:

If there are people on the net that can DDoS the likes of Yahoo and eBay out of existance (as happened in the year 2000), then little Ron Guilmette and Monkeys.Com hasn’t got a chance.

We’d need to (eventually) reach a level of reliability similar to that of the root DNS servers, rather than eBay or Yahoo. Challenging. Or just avoid being a monopoly. But where’d be the fun in that?

robochan writes “According to this report in the Sydney Morning Herald, Chief Operating Officer of Symantec, John Schwarz, was quoted as ‘calling for laws to make it a criminal offense to share information and tools online which could be used by malicious hackers and virus writers.’ This article takes a look at the negative affects and also a couple of recent examples of “censorship legislation” backed by the COO of Symantec, and what little effect it has had on criminals, while having a substantial affect on responsible citizens.”

Hat tip: slashdot.

One of the fundamental properties of digital content is that the content ceases to exist if you don’t make copies. You can’t view it (that means making a copy onto the screen from what was on disk or the network), you often can’t transfer it (that involves making a copy on someone else’s hard disk, then removing it from yours). Fundamentally, the technological measures that allow an after-market in content (second hand books, rental libraries, etc) to exist without requiring copying cease to exist.

There are good reasons for this after-market to exist. It provides strong practical limits on the ability of copyright holders to rort the market (charge too much for a book? fine a library will buy a copy, and everyone’ll borrow it to read it), and increases the value of the goods (if a book is worth $10 to someone, and costs $20, it’s more likely to be bought if that someone can then sell it second hand for $12), leading to more efficient use of resources (only one book is produced, which sells for $20 and satisfies the market, rather than producing two books that sell for $10 and can’t be resold, eg).

The lack of an effective after-market in software allows the maintenance of artificially inflated prices; eg, Microsoft Windows Me currently costs $203.50, in spite of it being three years old, and in spite of most original purchasers no longer using it in place of more recent releases. For comparison, the more advance Windows XP Home and Professional Editions cost $159.50 or $248.60 respectively. Similarly, Windows 98 is almost entirely unavailable.

In essence it seems beneficial to modify copyright law to ensure the existance of a functional after-market in digital works.

How can this be done, exactly? The key point of copyright is the exclusive right to create new, saleable copies. Once you have a saleable copy, you should be able to do essentially whatever you want with it remains in your possession, and you should be able to sell it, give it away, or loan it out.

Why should people be able to do whatever they want with a product they have? The question amounts to whether the benefit to authors of being able to sell multiple copies of their work to the same person in different formats (and thus get more money from people who value the work enough to want it in multiple formats) is worth the cost of restricting purchasers from being able to enjoy the work in formats that aren’t available from the publisher. In general, it seems like the latter costs are more severe than the former benefits: the end result is forbidding people from making compilation tapes or CDs of their favourite songs for car trips, or setting up mp3 jukeboxes to provide entertainment at parties without having to worry about regularly changing CDs. Historically, the copyright holders tend to lag significantly behind creative fans in making use of new technologies, and in general it’s likely to be far more efficient to allow people to manipulate copies they already own than to authorise and distribute new copies in the desired forms from the copyright owners all the way to the consumer.

Given this, how do we define exactly what it is we want to protect with copyright law? How do we define what sort of copies are okay; or more particularly what can you do with copies you make before you violate copyright law?

I think the answer is that you should be able to make as many copies of a work you own as you like; as long as you don’t try to treat those copies or the original work independently. That is, if you sell any of the copies or the original work; everything goes with it. Ditto if you give it away, or loan it out. The copies might grant you a number of benefits, but the key benefit they should not give you is the ability to give away the work, while keeping it.

Another aspect of this is allowing people to share derived works. Clearly, giving away an mp3 of a song to someone who doesn’t have it on CD affects the owners market for the CD. However if you’re allowed to rip songs you do own on CD to mp3; there’s no great effect on owners markets if you restrict the people to whom you give copies of your mp3 to those who’d already bought the original CD. This is essentially what mp3.com did, and which was shot down by a US court.

It difficult to come up with some wording that allows this behaviour in a generic fashion; concepts as vague as “fair use” evidently don’t work, and being precise is difficult without being overly confusing. A definition that allows pretty much everything but the above is comparatively simple: you allow the creation (and destruction) of “auxiliary copies” by owners of copies to any degree they might wish, but require them and the original copy to be treated as a single unit when dealing with transfers of the work; that is it’s either all of it, or nothing when selling, loaning or giving it away.

Generalising this principle from individuals is complicated by the fact that we don’t with corporations and associations to be able to provide their employees or members with the benefits of multiple copies of the work without having to pay for them. Microsoft have a business model that relies on selling one copy of their programs for each worker in a business, as do a majority of software providers, and upsetting that model would likely have catastrophic consequences on the structure of the software industry. For groups, then, a straightforward limitation on the above principle is required: an arbitrary number of auxiliary copies can be made, as long as any ability to access those copies simultaneously is avoided.

The final issue that is probably appropriate to address by a concept of “auxiliary copies” is that of copies for more efficient distribution; such as those made on web proxies. An exemption allowing (re)distributors of copyrighted works to make as many additional copies of the work they’re distributing, provided those copies are not accessed except as part of the technical process of distributing legal copies of the work, would seem fairly effective.

Volokh proposes an interesting hypothetical to gain a better understanding of property rights over ideas, Solum replies and the debate continues.

dbs on what to do with orphaned code. Excerpt:

When a company is deregistered in Australia, its property at deregistration vests in ASIC: Corporations Act 2001 (Cth) s 601AD. ASIC may deal with the property as it sees fit: Corporations Act s 601AE.

I think it would be a neat idea if computer software that ASIC owns as a result of the winding-up provisions of the Corporations Act would become publicly, freely available.

Okay, so here’s a better summary of the forum which I’ve posted to the linux-aus mailing list. And we’re off…

Archives are at http://your.phillipsfox.com.au/digitalreview/

The format was:

• Libraries, etc
• ISP liability
• Technology and Rights
• TPM, Circumvention devices and RMI
• General discussion

There were a bunch of people from Phillips Fox and the Attorney General’s department observing; there weren’t a great number of folks in attendance.

A quote from the 2pm forum to get us started:

One thing’s not quite clear to me: are we focussed on describing problems (working out what they are, and showing that they are problems) or finding solutions to them, or both in this review? I’m finding it a little difficult to focus my responses.

We are interested in both problems (or issues) and potential solutions to those problems.

Many of the issues have been identified, and discussed. However, very few solutions have been canvassed.

— comments from Matthew Hall, partner at Phillips Fox conducting the review, in response to a question from me

In more detail:

The libraries topic didn’t get much response at all. (It doesn’t cover online stuff, just real libraries, and no one who was on at the time seemed particularly interested; Matthew Hall speculated that they’d probably already said what they wanted at the previous public fora) From that session:

It is difficult for us to know who has an interest … the forum has been publicised by us and the Department. By all means, if you know anyone that might be interested, please invite them to participate.

The big issue in our feedback so far, from publishers and authors, is that a library is allowed to create a digital copy from a hardcopy. That copy will not have any rights management information attached. Do you have any comments on this?

— comments from Matthew Hall

ISP liability (or ISP indemnities) was a bit more active. This is about working out what ISP’s have to do to ensure they aren’t liable for copyright violations that are due to the actions of their usables; and what assistance they’re expected to offer to people persuing copyright violations. The discussion seemed to be mostly in favour of producing a code of conduct for ISPs, and getting some ideas on how that shoul dbe administered.

… an indemnity may need to go further than just ISPs. If an owner is prepared to give an indemnity in respect of any damage that flows from complying with their take down request, then that may alleviate many concerns. It would be equivalent tot he undertaking they would have to give if they sought an injunction. It may also mean greater care would be taken before issuing a demand. An issue is whether this indemnity should be provided by the legislation or covered in a Code of Conduct? Thoughts?

— Matthew Hall

… I think it is also important to distinguish between an ISP’s role as ‘carrier’ of data, versus their role as a ‘host’ for data. In the former case, I think ISP’s should not be held liable for the actions of their users (IMHO); in the latter case I think ISP’s probably do have a responsibility to act when material is being hosted by them in violation of copyright.

— Raymond Smith

Page 14 of the issues paper suggests the ISPs will be caught in the middle with both take-down and put-up notices possible. The copyright holder wants the material gone and the customer wants the material there. Are ISPs in a position to recover costs?

Excellent point. To consider this further, we would appreciate data on the additional costs that are likely to be incurred by this process. This can be done in a written submission.

— Matthew Hall in response to Mark Suter

Rights and technology issues is the most interesting issue in my book: it covers the more fundamental question (IMO) of which copies should “count” as far as copyright violations. There’s already an exemption for copies that aren’t “in material form” and temporary copies made as part of the technical process of accessing a work, this covers whether those exemptions and others work, and whether they’re enough. Of interest is that there’s apparently been no responses at all wrt the reverse engineering clauses (being allowed to fix Y2k bugs without the copyright owners assitance, decompilation, etc).

The review includes issues in respect of the computer software amendments made in 1999. The issues raised include the exceptions to infringement allowing reprroduction of code in certain circumstances and the incidence, treatment or effect of orphaned or abandoned code.

No comments were made about these issues at the face to face fora. Does this mean that the amendments are working effectively? Does anyone have any views?

(I think this is referring to the reverse-engineering stuff — fixing bugs for Y2k and that sort of thing)

I think the amendments are working effectively; I’m not aware of any litigation about it, and I believe most of the people interested in this area feel fairly confident in that what they’re doing is legal.

— me in response to Matthew Hall

With regards to ISPs caching files for faster access, it definitely creates greater efficiencies. End users are able to download files faster and reducing costs for the ISPs due less repeated accesses. This should not adversely affect owner’s interests if it is done transparently to the user and only stored temporarily. However, I can see that problems may arise if works are permanently saved in a locally accessible point, outside the context of the owner’s site. For example, if an entire site is downloaded so that users no longer need to access the original location.

any information that you have (or that others may have) about actual savings or other efficiencies (in a written submission) would be helpful.

— Matthew Hall in response to taufiqkh

For example, if I purchase a CD, encode the tracks as sound files (og vorbis, mp3, etc) on my computer and then listen to the music on my computer, how do we make this legal?

Why do you say that this activity should be legal? How does this activity not affect an owner’s interests? Why should the balance of competing interests favour this format shifting?

— Matthew Hall in response to Mark Suter

Some of the discussion regarding what should and should not be legal would potentially be caught by a more generalised fair use exception, based on the US approach which is not limited in application to specific purposes. It’s fair use that has allowed time-shifting copies in the US (the old Universal v Sony “betamax” case). If we had a broad fair use doctrine in Aust, it would be flexible enough that the courts could apply the provision to excuse “copies” made in many socially/economically desirable situations. But for now, the reality is that when we record a TV program to watch later, or copy a CD to tape for listening to in the car, we breach copyright. Silly really.

— Jamie Wodetzki

Do you have any further comment on what are, or should be, “socially/economically desirable situations” and any data to support any suggestion that a situation is economically desirable?

— Matthew Hall in response to Jamie Wodetzki’s remarks above The TPM session was, unsurprisingly, a bit more confrontational.

As a consumer, what has me caused great alarm in the marketplace is the introduction of Copy Control software on Retail CDs.

In my experience of using this software, where it irrevocably installs onto PCs which you play the CDs from, causing the PC to crash, when some other retail CDs are played. This is a particularly annoying issue, and I hear that this technology has not been introduced to the US market, in fear of legal repercussions from affected users.

— Kieren Reynolds (via Matthew Hall)

Do you support the inclusion of fair dealing as a permitted purpose for the supply of a circumvention device?

In addition to any comment about the extension of permitted purposes, is there any comment about any concern of owners seeking to prohibit by contract the use of circumvention devices to make a fair dealing of a work?

This goes more to the issue of the definition of a tech protection measure. Do you have any suggestions as to how that definition can be modified or clarified to take into account your concerns?

Do you have any examples to demonstrate that copy protection is failing in controlling piracy in Australia?

— Matthew Hall (in various posts)

I just wanted to say that the anti-circumvention laws are essentially very new and still yet to be fully understood. One thing is certain: there is no case for extending these provisions further without the evidence to support the need for such action. And as your issues paper rightly points out, the evidence is very thin on the ground.

— Jamie Wodetzki

And if removing the region lock on your dvd player is illegal, does this mean it’s illegal to view websites that tell you how to remove it? Is reading about circumventing copy protection (not that I consider dvd region codes to be legitimate copy protection) as illegal as actually circumventing the copy protection?

Supplying or manufacturing a circumvention device for that purpose is illegal, but the use of the deivce by an individual is not

— Matthew Hall in response to Sandra Milne

There were a few other issues raised in the general forums. I dislike quoting myself, so I’ve tried to avoid it, but I’m sure I said something worthwhile. As they say, read the whole thing. > I’m afraid I simply could not make it, but it’d be very interesting to > find out how it went, what was discussed etc?

We look forward to receiving your written submissions.

— Matthew Hall

(Oh, and yes, this does mean we’re back to cover-to-cover digital agenda coverage)

Solidarity! Resistance!

Integration, derivation
L’Hopital’s rule, FIGHT!
E to the x, e to the x,
E to the x, d-y-d-x,
Cosine, secant, tangent, sine,
Three-point-one-four-one-five-nine,
Label the axes y and x,
Hell with football — we want sex!

Issue 19

19.1: Do the decompilation amendments achieve the intended balance between owners and users of software?

One of the considerations of the review is the changes to the copyright act made back when Y2k was looming. These changes concerned allowing users to demcompile programs they own for compatibility reasons, and to fix bugs in them if the copyright owners weren’t doing that. This was considered fairly important when the Y2k-bug was going to destroy civilisation, but has gone back to being something of a niche field now.

Interestingly, it seems to be so niche that the review team apparently hasn’t received any information about the results of the clause at all. Hopefully the various interested parties will be defending their turf.

The issues paper makes a couple of points about this, including:

6.3.5 There is a concern that [the qualifications on the exemptions for decompilation for compatibility and debugging abandoned and orphaned software], in effect, provides exclusive rights to all commercial and non-commercial clones, derivatives, extensions and patches in relation to the original software.

6.3.7 Also, users’ interests have suggested that it is not clear under these provisions the extent to which educators, researchers and technical journalists can decompile an application, examine the source code and publish or otherwise communicate the findings of their research and include illustrative small extracts of the code without infringing copyright.

This area is certainly interesting, because, hey, decompilation is just plain fun. And Australia happens to be one of the safest places to do it, too. On the other hand, it’s not very common or useful in some senses, because it’s just plain so hard to do; analysing code that’s meant to be read by humans is hard enough, analysing code that’s written for machines, or deliberately obfuscated is beyond even most professionals. The Samba team, who do some of the best and most useful reverse-engineering for compatibility purposes on the planet, specifically avoid doing decompilation both to avoid legal risks and to ensure they’re not distracted by any poor coding in the product they’re trying to be compatible with.

Given both the absence of harm to copyright owners, and the limited utility of the clauses, maybe this is something to consider extending, instead of just defending?

19.2: Are any further amendments required to include other exceptions or to clarify the existing exceptions to the definition of “infringement” (as referred to in this section) to better preserve the balance between owners and users of software, including the extent to which, if any, there are issues with use of or access to orphaned or abandoned code?

An interesting further amendment in this area is mentioned immediately beforehand:

6.3.8 […] Nor has any data been made available to the review that present solutions to any problems that are identified […], for example, the creation of a “code repository” where source code which is either live (and therefore possibly under escrow), abandoned or orphaned code could be stored and the administration and the licensing of source code from such a repository.

This is very similar to one of Lawrence Lessig‘s pet ideas — that copyright owners should be required to submit their source code to the government, so that when the program enters the public domain they can make modifications without having to do decompilation. Lessig links it to copyright terms in two ways — one, that copyright terms should be shorter for them to have any relevance to software, which rarely continues to be useful for the entire length of its current term; and the other that software should simply not attract any copyright without source code escrow.

It would certainly be useful for dealing with abandoned or orphaned code; bug fixing with the source code is hard, but much easier than without. Managing such an archive might be tricky — authors would certainly be very leery about giving out their source code. On the other hand it might make an effective counter to one open source argument: hey, if we go away (which we won’t!) you can get the source code from the government anyway! A government policy of not using software that’s not escrowed in such a manner could go some way towards providing an incentive, without being unreasonably protectionist.

One way of handling such things might be to have a policy that after ten years, copyright will only be enforced if the copyright owner can be contacted, and is willing to continue providing the product (for a reasonable price presumably?). Having a centralised copyright database would make this easier — both for users, as they have a simple place to look for the author, and for authors, because they only have to inform one person that yes, they’re still here and still want their copyright. There may be problems with this sort of rule and the Berne Convention, however, which requires copyright to be automatic, and last for fifty years after the author’s death.

The issues paper also points out that when fixing bugs in programs abandoned by their owners, customers can’t share their fixes, and asks:

19.3: Is any clarification required in relation to the application of the existing amendments to the following particular circumstances:

• the publication of research undertaken under the exceptions; and
• the distribution of programs and error corrections created under the exceptions.

If the issues paper is correct that customers can’t collaborate on fixes for abandoned software they both happen to use (which I wouldn’t have guessed from the act itself, but they don’t seem under any doubt, and unlike me, they’re lawyers…) then that’s probably not good.

One of the difficulties in making submissions for this review is they expect arguments to be supported not by opinions or petitions but rather by solid economic arguments and data. Curse them!