April 30, 2003
No TM, no .com for Puerto Rico

The Puerto Rico Tourism Company lost its UDRP bid to take puertorico.com from Virtual Countries, Inc. The WIPO panelists decided that because geographic identifiers were not trademarks under United States law, the territory had no right to kick the domain's registrant out. Like the recent newzealand.biz decision, this decision underscores the serious problems of non-uniformity that should tank WIPO's recommendations to ICANN for a new protection for geographic identifiers. (Link to ALAC draft comments)

A bit of absurdity from the puertorico.com decision:

The Complainant, possibly aware that United States federal trademark law does not support its position, contends that the Commonwealth of Puerto Rico is not part of the United States of America, but the Panel takes administrative notice that Puerto Rico is a Territory of the United States of America and subject to its law.

In other UDRP news, the Markle Foundation, U.Mass's Center for Dispute Resolution, and Cornell's fantastic LII offer the URDP-DB, whose advanced search categorizes decisons by claims and outcomes. Combined with Lawcite's quasi-Sheperdization (follow a decision's subsequent citations), you can actually find quite a few of these non-precedential, non-arbitration UDRP decisions.

Posted by Wendy at 08:33 PM
RIAA abusing peer-to-peer systems?

Dan Gillmor has a good query: Do the RIAA's messages to file-sharers misuse the software or networks of others? For example, the KaZaA terms of use prohibit using the software to "Transmit or communicate any data that is ... threatening, abusive, harassing, ... [or] invasive of another's privacy." The claims in the RIAA messages could be construed as harassment or interference with the software networks. This is pretty weak as threats go, though, and more likely to get a First Amendment pass on any "interference" claim.

The full warning (thanks Jim):
COPYRIGHT INFRINGEMENT WARNING: It appears that you are offering copyrighted music to others from your computer. Distributing or downloading copyrighted music on the Internet without permission from the copyright owner is ILLEGAL. It hurts songwriters who create and musicians who perform the music you love, and all the other people who bring you music.

When you break the law, you risk legal penalties.There is a simple way to avoid that risk: DON'T STEAL MUSIC, either by offering it to others to copy or downloading it on a "file-sharing" system like this.

When you offer music on these systems, you are not anonymous and you can easily be identified.You also may have unlocked and exposed your computer and your private files to anyone on the Internet. Don't take these chances. Disable the share feature or uninstall your "file-sharing" software.

For more information on how, go to http://www.musicunited.net/5_takeoff.html.

This warning comes from artists, songwriters, musicians, music publishers, record labels and hundreds of thousands of people who work at creating and distributing the music you enjoy. We are unable to receive direct replies to this message. For more information about this Copyright Warning, go to www.musicunited.net.

Posted by Wendy at 07:52 PM
April 29, 2003
RIAA warns file-sharers

The week after its first major loss in the peer-to-peer wars, the RIAA sent instant-message warnings to hundreds of thousands of users of the Grokster and KaZaA networks:

It appears that you are offering copyrighted music to others from your computer. ...When you break the law, you risk legal penalties. There is a simple way to avoid that risk: DON'T STEAL MUSIC, either by offering it to others to copy or downloading it on a 'file-sharing' system like this. When you offer music on these systems, you are not anonymous and you can easily be identified.
While its labels of "theft" mischaracterize the acitivty, the warning about lack of anonymity is unfortunately far too true. Users of peer-to-peer networks are identified by IP address ('internet protocol', not 'intellectual property'), and the recording industry has been using subpoenas to prod Internet service providers to reveal the user identities connected to those IP addresses.

At one point in the Verizon lawsuit, the RIAA had claimed that it needed subpoena-derived identifying information simply to contact the users, but since the software itself permits them to send messages, that claim rings hollow. They want to pick and choose their targets for suit, to comb for The Hacker Quarterly of file-sharing, before judicial review and opportunity for the users to oppose discovery.

Posted by Wendy at 02:14 PM
April 25, 2003
Betamax Lives! Morpheus and Grokster beat back entertainment companies

Morpheus and Grokster are not responsible for the activities of their users, the Central District of California ruled today in MGM Studios v. Grokster. Because their software is "capable of substantial non-infringing uses," like the Sony Betamax video recorder, the companies are neither contributorily nor vicariously liable for infringements committed by the software's users. Let's hope this ruling is the first of many, clearing the air for technological innovation.

Judge Wilson's ruling does not deny that some of the peer-to-peer services' users are infringing copyrights, but says that cannot outweigh the software's utility for other, non-infringing uses, including sharing of public domain and government documents (such as, I hope, this opinion itself) and distribution of media content whose copyright owners want the extra visibility and presence. We don't pull the plug on the library photocopier because some users will make infringing copies.

Liability for contributory infringement requires actual knowledge of the direct infringement "at a time when [defendants] can use that knowledge to stop the particular infringement" and active facilitation of the infringement. Generalized, after-the-fact awareness of infringement will not create liability for a technology distributor: "Defendants distribute and support software, the users of which can and do choose to employ it for both lawful and unlawful ends. Grokster and StreamCast are not significantly different from comapnies that sell home recorders or copy machines, both of which can be and are used to infringe copyrights."

The vicarious liability claim foundered on the similar "right and ability to supervise." "Defendants provide software that communicates across networks that are entirely outside Defendants control." The court properly rejected plaintiffs' suggestions that the companies could force "updates" on their users to enable supervision.

This decision is a happy contrast to yesterday's ruling against Verizon (RIAA v. Verizon), which gave copyright holders broad leeway to flood ISPs with demands for the identities of alleged copyright infringers. That decision, which Verizon is appealing, would compromise privacy and anonymity on the mere rubber-stamped say-so of any copyright claimant.

Posted by Wendy at 11:15 AM
April 23, 2003
Off to Emerging Tech

I'm off to O'Reilly's Emerging Technology Conference, to talk about Digital Restrictions Management and listen in to some of the other discussions (lots of wireless, perhaps some GNU Radio). Thanks to Cory's notes from day 1's tutorials, I've got a feeling this will be good. More coverage.

Posted by Wendy at 06:00 AM
April 20, 2003
Madonna, Spoofing, and Trademark Dilution

Madonna has launched a new album by distributing decoy files (MP3) on peer-to-peer networks, greeting listeners with curses rather than music. (Thanks Andrew.) To fool downloaders, of course, these files have Madonna's name and song titles in the filenames.

I doubt Madonna has thought about the damage these planted spoofs could do by diluting her trademarks. Trademarks, after all, are intended to protect consumers by defending a source's association with quality goods and services. If the same name is increasingly found on deliberately poor quality music files -- or curses, with the authorization of the trademark holder, duped listeners might reasonably stop thinking favorably of the brand -- giving a plausible argument that the artist had diluted or abandoned her own mark.

Madonna should be particularly conscious of this risk, given that she used trademark claims to get the madonna.com domain name (from Dan Parisi, who tried to give it to the Madonna Rehabilitation Hospital).

More immediately, the spoofing stunt also got madonna.com hacked.

Posted by Wendy at 06:02 PM
April 18, 2003
Even Harvard's Dean Misreads the DMCA Safe Harbor

In his recent Message from the Office of the Dean, the Dean of Harvard College states that to obtain protection under the DMCA, the college "will terminate the network access of any student who is a repeat offender ... The length of termination will be one year." While the Digital Millennium Copyright Act is far from perfect, copyright law does not require these severe and potentially unwarranted penalties.

Dean Lewis indicated that the College felt constrained by the DMCA to act as it did. The DMCA's safe harbor provisions are far more palatable if read closely: To obtain immunity, a service provider must adopt and implement "a policy that provides for the termination in appropriate circumstances of ... repeat infringers." [17 U.S.C. 512(i)(1)(A)] A "repeat infringer" is not someone who has merely been accused of wrongdoing, but one who has been proven to have engaged in unlawful activity, twice.

The distinction is important because entertainment industry accusations are not proof of infringement; at times, they are downright laughable. Universal Studios recently sent a demand letter to the Internet Archive because some of the Archive's public domain films had numerical filenames, apparently leading an automated 'bot to mistake a promotional film of a seamstress-in-training for the submarine movie "U-571." (See the notice and response at Chilling Effects.) Even when they accurately identify files, these notifications may not take account of personal uses or fair use defenses.

Further, the law does not specify a duration for the "termination" of access, nor the "appropriate circumstances." Here too, the College should place its students' interest in connectivity first. It can treat verified demands as a teaching opportunity by means of a brief disconnection; on today's networked campus a year's isolation is inappropriate. The College rightly recognizes the importance of the network to its educational mission, and it should likewise recognize the importance of balanced network policies that promote academic freedom. The law permits, and students are entitled to, full process before the termination of network access on copyright grounds.

Posted by Wendy at 07:50 AM
April 11, 2003
proxy fight [Domains-by-proxy update]

The same case that brought Domains by Proxy to my attention demonstrates its shortcomings: Domains by Proxy doesn't proxy for long (via nettime-l).

Re-Code bills itself as "a new space for political satire using products that already exist in stores" -- it offered bar-codes, purportedly for printing and swapping with those on WalMart products. There's plenty of room for argument whether the site was "encouraging and facilitating theft and fraud", as WalMart claimed, or satirizing consumer culture [recall voteauction.com, where First Amendment defenses prevailed], but that debate should happen before breach of the site-owner's anonymity.

On April 10th, Re-Code was informed that their anonymity service agreement had been terminated by Domains by Proxy -- on the mere allegation of unlawful activity. Unfortunately, that means the anonymizing service fails just when it's needed most. It fails to protect unpopular speakers from the chilling effect of threats. We still need anonymous domain name registration for those cases.

Posted by Wendy at 11:37 AM
April 10, 2003
Until there's anonymous domain name registration ...

...there's Domains by Proxy, a Go Daddy affiliated registration service.

Your domain is registered in our name, which means Domains By Proxy takes ownership of it. As a result, our information, and not yours, is published in WHOIS. You still control your domain because your agreement with us gives you FULL BENEFITS of ownership.

I had been complaining about the WHOIS Accuracy recommendations because registrants have used "inaccurate" data to register under pseudonyms. Requiring accurate, complete data in WHOIS records precludes anonymous ownership of a domain name. Since a domain name is part of the virtual printing press for online speech, lack of an anonymous option is troublesome.

Although I'd still like to see explicit acceptance of anonymous or pseudonymous domain name registrations (wronged parties could use a "John Doe" suit or default judgment), I'm pleased to see that there is a market for anonymizing services.

Posted by Wendy at 07:07 PM
April 07, 2003
C, less F and P

Last week's CFP was focused on the "freedom to think, move, and travel." Sadly, it tended to highlight a decline in most of these since last year, as the government has increased surveillance without proving any increased security to justify these privacy invasions. Bruce Schneier kicked things off with a reminder that new security measures usually introduce new risks of their own, usually overlooked in their planning. Follow-on speakers noted that the political incentives often diverge from the stated security goals. I suppose we should be encouraged that so many people are thinking about the problem, but it's hard to come away optimistic about civil liberties right now. Dan Gillmor's warning about a perpetual state of war on terrorism catches the mood.

Posted by Wendy at 06:50 PM