November 21, 2007

Two standing ovations

Filed under: law — wseltzer @ 2:59 pm

Barack ObamaThe first for Simon Rattle, the Berlin Philharmonic, Ben Heppner, and Thomas Quasthoff, in a spectacular performance of Mahler’s Das Lied von der Erde at Symphony Hall. The audience didn’t want it to end, letting the last notes hang in the air as Sir Simon held the baton out, then roaring to their feet to call the performers back out several times.

The second for Barack Obama, who spoke to an enthusiastic crowd in Manchester, NH, to launch his education plan. As a teacher, I appreciate his thought to the many phases of education, from support for early-childhood development through training and supporting teachers as true professionals. I’ve also been impressed by Obama’s technology policy, including Network Neutrality and patent reform.

November 15, 2007

Masterclass: Ben Heppner’s geek cred

Filed under: fccboston08, music — wseltzer @ 9:10 pm

One of the great things about teaching at Northeastern is the proximity to Boston’s cultural scene. The Museum of Fine Arts is just across the from the Law School; Symphony Hall is just down the street; and conservatories are all around.

This afternoon I was tipped off to a masterclass with heldentenor Ben Heppner at New England Conservatory, so along with no more than 100 others, I got to hear him coaching four young singers and annotating with a bit of singing of his own. The students were superb, and yet Heppner was able to inspire each of them to sing better. I could hear the effect of the changes he suggested, and of course the thrill of getting personalized advice from a reigning master must have helped.

Amid lots of great signing, though, the best moment was discovering Heppner’s geek cred. When prompting a singer to keep the energy up through a sustained note, he suggested “think of renewing a lease,” as in DHCP lease, “for the techies out there.”

Now to see if I can scavenge a ticket to hear his Mahler Monday night…

Facebook: Privacy versus cross-context aggregation

Filed under: law — wseltzer @ 12:10 pm

Over at Huffington Post, David Weinberger posts a critique of Facebook’s new “social advertising”: Facebook’s Privacy Default.

The new ad infrastructure enables Facebook to extend their reach onto other companies’ sites. For example, if you rent a copy of “Biodome” from, Blockbuster will look for a Facebook cookie on your computer. If it finds one, it will send a ping to Facebook. The Blockbuster site will pop up a “toast” (= popup) asking if you want to let your friends at Facebook know that you rented “Biodome.” If you say yes, next time you log into Facebook, Facebook will ask you to confirm that you want to let your friends know of your recent rental. If you say yes, that becomes an event that’s propagated in the news feed going to your friends.

Yet, I find myself creeped out by this system because Facebook gets the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away … and a “yes” is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking “I’ll save myself the click.”

Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you’ve been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely. So, if you’ve deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the list, if you go to a new site that’s done the deal with Facebook, you’ll get the popup again there. We should be allowed to Just Say No, once and for all.

Why? Because privacy is not just about information. It’s all about the defaults.

In one sense, what Facebook is doing is merely a progression from what credit card companies and loyalty card programs already do. In another sense, though, it seems like a breach of the norms of the Net.

If you want to be unaggregable in the real world, you pay in cash at stores large enough or far enough from home that the cashiers don’t recognize you. If you pay by credit card, Amex learns your purchase history across merchants, and can sell targeted lists to advertisers or advertising space in its billing statements. If you use a “partner” card, such as an airline rewards card or affiliate card, the partner gets access to your information while the credit card issuer learns one more piece of your profile. It’s as though American Airlines gets to tag along to watch all your purchases.

Facebook’s cookie mechanism puts that into web browsing, except instead of using a credit card to trigger it, you do nothing, just keep using your web browser. So it’s as though Facebook has dropped clerks (with incredible powers of recognition and infallible memory) into every store that you might visit, giving you no indication up-front.

The possibility of generating multiple profiles and of visiting sites without leaving trails from one to the next has led us to expect that the Net is less like using a credit card and more like paying cash: we can keep activities distinct online. Facebook has thrived on that, offering a space in which many participate because they think they can say there what they wouldn’t say in their neighborhood bar or the pages of the New York Times.

But new features tamper with sense of place, aggregating information brought in across contextual boundaries. The upside is that Facebook is doing this visibly: so pushing information about your commercial behavior into a social space can trigger user backlash. (Browse with a plugin like noscript to see who else is trying this with less warning.) Based on the similarities this “toast” behavior has to cross-sites scripting attacks, I hope it prompts browser or plugin developers to offer finer-grained viewing and control.

Update: Ethan Zuckerman gives detail on the sequence and some privacy thoughts of his own.

Update2: Thomas Roessler adds some ideas for policy hooks in code.

November 14, 2007

Freeing Legal Code

Filed under: law — wseltzer @ 5:24 pm

A cool development from Public Resource:

WASHINGTON, D.C. / SEBASTOPOL, CA—November 14, 2007—Public.Resource.Org and Fastcase, Inc. announced today that they will release a large and free archive of federal case law, including all Courts of Appeals decisions from 1950 to the present and all Supreme Court decisions since 1754. The archive will be public domain and usable by anyone for any purpose.

Law and legal opinions aren’t copyrightable, but for too long, access to them in bulk has been restricted behind contractual firewalls. Courts have begun publishing their opinions electronically, but much of the historical information our common-law system is built around isn’t there yet. Lawyers have access to Lexis or Westlaw, and law students get that access for free (with the cost of a legal education), but contractual terms on those databases prevent sharing the contents more widely.

Furhter, this new effort will be Law 2.0:

Public.Resource.Org intends to perform an initial transformation on the federal case law archive obtained from Fastcase using open source “star” mapping software, which will allow the insertion of markers that will approximate page breaks based on user-furnished parameters such as page size, margins, and fonts. “Wiki” technology will be used to allow the public to move around these “star” markers, as well as add summaries, classifications, keywords, alternate numbering systems for citation purposes, and ratings or “diggs” on opinions.

One Laptop Per Child, Plus One

Filed under: law — wseltzer @ 5:18 pm

The One Laptop Per Child program has opened its give-one get-one campaign. For a limited time, members of the general public can get in on what’s otherwise a kids-only affair: get a rugged hackable meshable laptop.

The OLPC could be the next generation’s erector set — finished product yes, but even more building-block for further creativity. The computers are built on open-source software, designed for rather than against their users. As the FAQ indicates, in response to questions about technical support: “One goal of the project is that children will learn to troubleshoot the XO themselves and subsequently use their experiences to help others.”

Get yours while you can!

November 13, 2007

Stop Congress From Breaking Higher Education Networks

Filed under: law — wseltzer @ 6:50 am

Entertainment lobbyists have dumped a nasty trojan horse into the Higher Education bill scheduled for markup Wednesday in the House Committee on Education and Labor. On page 412 of the massive 747-page “College Opportunity and Affordability Act of 2007″ is a requirement that educational institutions spend their scarce resources to

develop a plan for offering alternatives to illegal downloading or peer-to-peer distribution of intellectual property as well as a plan to explore technology-based deterrents to prevent such illegal activity.

So even as the committee asserts it wants to “make college more affordable and accessible,” it frustrates that purpose by letting Hollywood-driven mandates suck money away from the educational mission of colleges and universities. While “encourag[ing] colleges to rein in price increases,” the bill would force campuses to spend money exploring broken anti peer-to-peer technologies that make their networks less useful. Colleges that don’t fall into line risk losing federal student aid.

“Technology-based deterrents” are bound to be both over- and under-inclusive: blocking true educational uses while failing to stop piracy. A school cannot screen or filter all its Internet traffic without seriously impeding network innovation and research. If the “deterrents” block unknown communications, they stop students from experimenting on an end-to-end network, blocking the development of lawful peer-to-peer applications in the mold of Skype, distributed search, or LOCKSS (Lots of Copies Keep Stuff Safe), a library archival system. If they block encrypted traffic, they compromise privacy and security. If they don’t, they’re trivially circumvented.

Finally, there’s no automated way to determine whether “unauthorized” uses are fair. Even were a technology to have perfect access to all Internet traffic for comparison against a corpus of works, it would not be able to incorporate the judge necessary to determine whether a given use were fair, transformative, educational, or merely substitutive and unfair.

Half-baked ideas like these have no place in an education bill. Rather than forcing schools to spend scarce resources on entertainment companies’ agendas, Hollywood should do its own homework, offering students enough compelling, compatible alternatives that they choose authorized access.

Meanwhile, you should call congress to keep this mess out of our schools. Educause provides a page of resources including committee member phone numbers.

November 7, 2007

MLB throws a DRM sinker to fans

Filed under: law — wseltzer @ 5:46 pm

Via BoingBoing, comes the account of a sports writer and avid fan who spent $280 to purchase video footage of Major League Baseball games, only to lose the ability to watch his purchases when MLB switched DRM providers.

As Allan Wood, who wrote a book on the 1918 Red Sox blogs tells it:

Since MLB started this download service, I have bought and downloaded 71 games — many of them from the Red Sox’s August-September 2004 hot streak — which works out to a total cost of $280.45 (plus the price of the blank discs). Thanks to MLB, I now have nearly six dozen coasters.

Calling MLB to inquire, he was told:

“MLB no longer supports the DDS system” that it once used and so any CDs with downloaded games on them “are no good. They will not work with the current system.”

Thus rather than supporting the fans who paid money to watch games, MLB is turning them away — and turning them off from purchasing future content. What you rip from your DVR is more useful, long-term, than what you can buy. And all DRM has this bug built-in — it’s protecting content against its end-users, and can as easily break with less functionality than the users paid for if its supporting infrastructure is pulled.

In the comments, thread, a poster points to the Fairuse4WM utility in the Doom9 forums, suggesting that purchasers can extract the video. Of course that seems perfectly reasonable, as they paid for the content and were promised it would remain accessible, but the good old DMCA makes it legally questionable — circumvention of a “technological measure that effectively controls access to a work protected [by copyright]” is forbidden by sec. 1201(a)(1). Don’t purchasers have “authorization”? That’s what DVD owners argue, unsuccessfully so far.

What about exemptions? The Copyright Office, in its 2006 rulemaking created an exemption from circumvention liability for those who circumvent “obsolete” technological protections — seemingly the case here — but it applies only to computer programs and video games. While telecast baseball might be a “video game,” it’d take some creative lawyering to squeeze into the exception for archival use and preservation.

November 5, 2007

University of Oregon Stands up to Record Labels

Filed under: DMCA, law — wseltzer @ 9:01 pm

Standing up for student privacy, the University of Oregon has refused to identify “alleged infringers” at record labels’ request. Unlike most universities, which have identified students, U of O recently moved to quash the labels’ discovery subpoena in Arista et al. v. Does 1-17. Ray Beckerman links the documents at Recording Industry vs The People. See also Associated Press.

The university argues in its brief that the subpoena imposes an undue burden on the university “because it requires the University to affirmatively investigate potential copyright infringement by its users.” Particularly on a campus, where a single IP address might be shared my multiple roommates, visitors, or users of an open access point, the IP address will not uniquely identify a person. The U of O doesn’t want to go net-fishing, as the record labels do, turning over student names that might match their complaint, but says it would have to “undertake an investigation of all the individuals who were or who may have been present in the shared rooms in question at the time of the alleged acts of copyright infringement,” including interviews and forensic investigations, in order to turn over the right names. Even where the university can find the occupant of a single room, that identifies only the occupant, “not the identity of the user engaged in the alleged copyright infringement.”

The university should not be forced to do the record labels’ investigations for them. As I’ve argued in The Crimson and at Cornell, this demand conflicts with the mission of a university. As Oregon puts it, “The University … has both a legal and an ethical obligation to ensure that its students’ right to privacy is protected under the law and defended against intrusion.”

While Oregon’s other arguments are weaker, this one is enough. The Federal Rules of Civil Procedure proscribe subpoenas that subject their recipients to “undue burden” and the University of Oregon demonstrates that complying thoroughly and responsibly with this subpoena would place severe and unjustified burden on the educational institution.

Powered by WordPress