As if there weren’t enough problems with lawyers sending out improper cease-and-desists, Wired News reports that a Nevada man has pleaded guilty to impersonating a lawyer to extort domain registrants to turn over their domain names.

A Nevada man pleaded guilty Thursday to his plotting to steal domain names from their legitimate owners by impersonating a California intellectual property lawyer and send threatening letters to domain name owners in hopes of convincing them to turn over the domains to him.

Las Vegas resident David Scali registered the email address trademarkinfringement@netzero.net in 2006 and then, pretending to be a real Califonia lawyer (whose intials are K.Y.C.), threatened domain name owners with $100,000 trademark infringement suits, unless they transferred the domains within 48 hours.

I wonder if his C&Ds were any further afield than some we see from real lawyers.

Author Denise McCune posts a great account of the workings and failings of the DMCA’s notice-and-takedown procedures.

As Cory Doctorow has also reported on BoingBoing, the VP of the Science Fiction and Fantasy Writers of America sent an error-filled takedown complaint to text-sharing site Scribd, causing removal of many non-infringing postings including reading lists suggesting great science fiction, and Cory’s own novels, which he’s CC-licensed for free redistribution.

The DMCA safe-harbor is most charitably described as an intricate dance for all parties involved: the copyright claimant, the ISP, and the poster. When the dancers are synchronized, its notice, takedown, and counternotice steps give each party a prescribed sequence by which to notify the others of claims and invite their responses. That’s why the DMCA requires the claimant to identify the copyrighted works, specify alleged infringements with “information reasonably sufficient to permit the service provider to locate the material,” and state good faith belief that the uses are unauthorized. When a copyright claimant misses one of those key elements, he starts stepping on toes.

The service provider isn’t obliged to respond to deficient notices, but if a notice contains all the right formal elements — even if it’s factually wrong about copyright ownership or copying — the service provider must choose between taking down the material or losing its DMCA safe-harbor and facing potential lawsuits. Posters who believe their material is non-infringing or fairly posted can counter-notify and even file their own lawsuits for misuse of copyright claims, under sec. 512(f).

I share McCune’s hope that the brouhaha will help the SFWA to help authors express all their copyright interests, including that of free sharing:

I hope the SFWA’s lawyers are sitting down with Andrew Burt and explaining how the DMCA actually works, so that actual, legitimate violations of copyright (on Scribd and on other sites) can get dealt with swiftly and promptly and the people who have asked SFWA to be their copyright representative can get infringing uses of their material removed. I’m also glad to see that the SFWA ePiracy Committee has suspended operations until they can investigate further — and, hopefully, come up with an effective process and procedure that benefits both fair and/or transformative use while also protecting the rights of copyright holders to have control over where and how their material is posted — whether that control is a more traditional “nobody gets to use this, period” or a Creative Commons-style authorization of transformative work.

The Houston Chronicle reports that celebrity gossip site PerezHilton.com has battled ISP takedown over claimed copyright infringement. The problem is, site-owner Mario Lavanderia is already disputing those claims in federal court, where a judge refused to grant an injunction. Instead, as the judicial process properly works, Lavanderia must be proven a likely infringer before his speech is silenced.

The DMCA, however, offers copyright claimants an easy route around the niceties of judicial process — make it too much of a nuisance for an ISP to deal with an accused infringer as a client, and get his site removed. And this underscores the precarious nature of our reliance on private infrastructure. Even though the DMCA insulates ISPs from liability once they’ve received counter-notification, copyright claimants can still shower them with complaints, and ISPs are still free to bow to risk aversion and refuse to do business with challenging customers — including those who challenge powerful copyright interests.

Los Angeles photo agency X17 Inc. sued Lavandeira in federal court last year, asking for $7.6 million in damages. The suit claimed Hilton used 51 photographs without permission, payment or credit, including images of a pregnant Katie Holmes, Kevin Federline pumping gas and Britney Spears.

A federal judge denied the company’s motion for an injunction against the site, although the lawsuit continues, as does another filed on behalf of several other photo agencies. A lawsuit filed by Universal Studios claiming the site posted a stolen photo of Jennifer Aniston from the film “The Break-Up” is also pending.

X17 co-owner Brandy Navarre said the company has sent more than a dozen notices to the Australian Web hosting company Crucial Paradigm in the past two weeks, demanding that copies of copyrighted photos on the Perezhilton.com site be removed.

“They quickly realized it wasn’t worth taking on this liability just to host this one client who was a repeat infringer,” Navarre said Thursday.

Tuesday, Crucial Paradigm sent a strongly worded letter to the company that represents Lavandeira, saying it had received numerous complaints of copyright violations and warning that one more complaint would result in the site being taken offline.

“Please note that with any other provider this would have been done a long time ago, and moving your site to another provider will not solve this issue,” the letter read. “Continued abuse is leaving us more liable each day, which we can’t afford.”

PerezHilton.com appears to have found a new host in short order, but other critics with fewer resources often find themselves chilled well short of any judicial decision on the merits of their defenses.

According to observers and civil society NGO participants, the WIPO Standing Committee on Copyright and Related Rights will not recommend a Diplomatic Conference on the proposed WIPO Broadcasting Treaty. In non-WIPO-ese, that means broadcasters won’t get the unjustified grant of copyright-plus rights they’ve been asking for. Instead, they’ll still have copyright protection for their programs, while the public will get its fair use without an extra layer of exclusion.

From Intellectual Property Watch » WIPO Broadcasting Treaty Talks Break Down:

World Intellectual Property Organization negotiations for a treaty on rights for broadcasters broke down at the eleventh hour, according to participating government officials. A high-level final treaty negotiation scheduled for November will not take place, they said.

The SCCR, which does its work through “non-papers” and meetings in Geneva, has been pushing for a broadcasting treaty for nearly a decade. It was nearing its conclusion, sending the draft on to a Diplomatic Conference to be adopted as an international treaty, when delegates apparently finally recognized they could not reach consensus. The latest draft would have added DRM-protection, anti-circumvention, and new exclusive rights to broadcasts, threatening innovations like TiVo and SlingBox. While the United States was at most stages willing to sell out its innovators, even pushing at times for grant of new “webcasting” exclusive rights, Brazil, India, and the Africa Group took the lead in rejecting a new treaty if it lacked public rights and exceptions to balance those granted to broadcasters.

EFF and KEI, among others, have been keeping this process under scrutiny for a long time. Amazing how similar the debates look to what I first helped live-blog in 2004.

Update: Not dead yet? Jamie Love reports the “surreal” draft conclusions of the Chair, that a Diplomatic Conference should be held in 2008.

It’s not just the pros who want control. Over the weekend the NCAA ejected a Louisville Courier-Journal reporter from a college baseball championship for live-blogging the game. Brian Bennet reports that he had been posting updates throughout the game on his Courier-Journal blog, until, at the bottom of the fifth inning, “an NCAA representative came to my seat on press row and asked for my credential and asked me to leave. I complied.”
Apparently, according to a memo NCAA circulated, the college athletic association believes that live-blogging interferes with its revenue streams from broadcast licenses:

The College World Series Media Coordination staff along with the NCAA Broadcasting group needs to remind all media coordinators that any statistical or other live representation of the Super Regional games falls under the exclusive broadcasting and Internet rights granted to the NCAA’s official rights holders and therefore is not allowed by any other entity. Since blogs are considered a live representation of the game, any blog that has action photos or game reports, including play-by-play, scores or any in-game updates, is specifically prohibited. In essence, no blog entries are permitted between the first pitch and the final out of each game.

Now there are legal and policy questions here: First off, this wasn’t a copyright or misappropriation claim. If the reporter had watched or listened to a broadcast and blogged details from there, the NCAA would have no claim against him (see NBA v. Motorola, where the basketball association lost just such a claim). It can’t claim ownership of the facts, even if it currently makes money from selling privileged access to the facts.

Instead, the NCAA was clamping down on the data through a claimed right to control physical access to the game, at least to the press box.
Was the NCAA within its legal rights to revoke a press credential? Probably. The NCAA has no obligation to issue press credentials, and apart from anti-discrimination law, can condition them on whatever arbitrary terms it likes. But David Price points out another twist: The University of Louisville, where the game was played, is a public institution, subject to First Amendment limitations on the speech-limiting rules it can impose. Can it ban speech or allow others to do so on its space based on claimed disruption to a business deal? Does it depend whether a baseball stadium is a “public forum”? (Under current law, it’s probably not.)

Finally, there’s the policy. Even if banning bloggers is legally permissible, it;s silly. Silly of the NCAA to think it can keep up this kind of control, silly of licensees to see blogs as a substitute to what they’re licensing, and silly of schools to endorse and accept such policies for their student athletes’ games. Exclusivity of facts is unlikely to last long in practice, as the Courier-Journal reports: “The Oregonian newspaper in Portland decided to work around the rules by blogging Oregon State’s game against Michigan on Sunday off a radio broadcast in its newsroom, said its executive editor, Peter Bhatia. He said the newspaper heard no objections from the NCAA and planned to do the same yesterday.”

My OII colleague Tobias Escher reports on a German decision on website operator liability for user-posted content. A professor unhappy with his reviews on Meinprof.de, such as comments calling him a “psychopath,” sued. The site had removed the comments on his complaint, but he nonetheless demanded that the site pay a fine and be enjoined from allowing similar comments to be re-posted. The appeals court sensibly rejected that injunction. According to Tobias:

The court has decided that a general “cease and desist” for unacceptable comments is against the law. As a professor one has to face public criticism that cannot be prohibited ex ante.

…
In general this is a positive outcome for web sites that leverage the wisdom of the crowds as it offers some protection for the often not-for-profit operators of these sites. However, this does not justify defamatory comments on those sites and the court has emphasized the operators’ duty to remove those entries as soon as they are recognized. Last but not least, the subject under public scrutiny does matters as professors might well be made to face personal criticism in their role as public figures while teachers and nurses might have to be treated differently.

German law lacks a CDA Section 230, which immunizes U.S. service providers from defamation liability for user-contributed comments. So RateMyTeachers.com can ignore claims of defamation, leaving U.S. teachers to fight back with words, leaving their own comments or questioning the reliability of the site.

German sites, by contrast, can be held liable for their users’ false assertions. If such liability were automatic, triggered immediately upon the posting of a defamatory comment, sites that permitted users to post content might as well paint lawsuit targets on their homepages: anyone could claim to have been defamed there; anyone unhappy with postings could get a heckler’s veto against not just individual posts but the site itself. Sensibly, then, the MeinProf.de court limits the potentially unbounded liability in a manner similar to the U.S. caution against prior restraints of speech. The site can’t be held liable until it has been given an opportunity to defend or remove the post; those who want to make libel claims against hosts should start by giving the host notice.

My U.S.-centric view is still that posters and their subjects should battle over online defamation between themselves, leaving their online hosts out of the picture. As we all depend on intermediaries to speak online, our speech gets less free with each new burden and risk-sensitivity we put on the intermediaries. Those who feel victimized have access to the same speech technologies to respond — putting them on a more level playing field than arises when one calls in the law and an intermediary is chilled. In the German context and legal tradition, however, this decision seems to get close.

After the widely-heralded circulation and revocation of one AACS key, Ed Felten ran a satirical integer sale on his Freedom-to-Tinker blog. Now it seems one of the commenters decided to hide another processor key there, BoingBoing reports.

Of course, the odds are basically zero if the number was chosen at random. You have a better chance of winning the Powerball jackpot four days in a row. So, for more than a week, everyone who read the comment assumed that it was just another joke. But one thing about it was different: the cryptic hint to arnezami, a “uv” number, a pointer to a specific key within the AACS keyspace.

You can probably guess the rest of the story. Eventually someone tipped off arnezami about the strange comment, and he tried using the 45 5F … number to decrypt the new discs. It worked! It really is the new processing key. As a result, all HD-DVDs are open to the public again, at least until new titles can be updated once more.

Should blog-owners start to worry that their comment forums will earn them takedowns? I don’t think so, but the law is remarkably unclear, as I wrote in a piece, Anticircumvention Takedowns, LinuxWorld just published, describing the last round of AACS-key purges:

Note that this claimed contribution to circumvention is a degree further removed from underlying copyright harm than a contributory infringement. The claim is not that hosts assisted in unlawful copying, but that they assisted in distribution of a component of a tool with which others might circumvent technological measures and thereby access copyrighted works or infringe copyright. That’s a lot of layers of indirection, and courts have never yet adopted a “contributory circumvention” claim.

David Weinberger proposes that we balance the scales against wrongful DMCA takedowns by adding statutory damages for speech harms. If the law presumes that a copyright holder is harmed up to $150,000 per work infringed, without making it prove actual damage, we should adopt the same approach, and figures, to the measurement problems for lost speech.

We faced the speech-damages question in OPG v. Diebold, which we ultimately settled for $125,000 in damages and attorneys’ fees. $5,000 of that was our claim for OPG’s hosting disruption; the Swarthmore students who had to pull essential materials from their symposium website couldn’t put a dollar figure on that.

Presumed damages could solve that problem and make it easier for those harmed by bad copyright claims to find and pay counsel. As Weinberger says, “Protecting free speech ought to be at least as important as protecting the rights of copyright holders.”

Score 8.5 for public access. In Perfect 10 v. Amazon.com and Google, the Ninth Circuit reaffirmed and strengthened Kelly v. Arriba Soft, holding that neither showing image thumbnails nor inline linking/framing in an image search engine constitutes copyright infringement.

In the ongoing battle between adult-content purveyor Perfect 10 and Google, the court reversed the lower court’s ruling to hold that Google could not be held directly liable for infringement even if its image search spidered in some unauthorized images. As in Kelly, the court found that search was a transformative fair use. The court further rejected the argument that Google’s Adsense program made it a vicarious infringer.

The rub is that the court sent the case back for further factfinding on questions of contributory infringement and Google’s safe harbor defense.

Accordingly, we hold that a computer system operator can be held contributorily liable if it has actual knowledge that specific infringing material is available using its system, and can take simple measures to prevent further damage to copyrighted works, yet continues to provide access to infringing works. (citations omitted)

While that standard sounds nice in theory, it gums up the works of search engines in practice. In the dozen takedown notices Perfect 10 sent to Google are hundreds of URLs Google must investigate or remove, if the allegation is enough to impute knowledge. In return for ease of copyright-holder policing, the public gets less access to comprehensive search.

Now the court did say considerable factfinding remained before Google could be held contributorily liable, including “factual disputes over whether there are reasonable and feasible means for Google to refrain from providing access to infringing images.” Moreover, the safe harbor should protect Google, which routinely does “expeditiously” remove alleged infringements, but I’ve often argued the safe harbor goes beyond legal liabilities.

Reading the Supreme Court’s decision in Microsoft v. AT&T, I wonder whether that case can be read as an argument against
liability for those who posted the infamous key number to Digg and elsewhere.

The Supreme Court was reviewing a claim against Microsoft for sending software abroad to users who installed it on machines which, if they were in the U.S., would apparently infringe an AT&T speech-processing patent. The Court makes much of the distinction between source and object code, and the steps between intangible program and execution. These fuel its determination that Microsoft’s “intangible” Windows software cannot be a “component of a patented invention” and therefore that Microsoft is not liable for inducing infringement by exporting a master disk.

Abstract software code is an
idea without physical embodiment, and as such, it does not match
§271(f)’s categorization: ‘components’ amenable to ‘combination.’… A
blueprint may contain precise instructions for the construction and
combination of the components of a patented device, but it is not itself
a combinable component of that device.

The Court even cites Corley,
but to say that Congress can act upon gaps in earlier statutes, not that
it necessarily reaches complete solutions to new problems.

So, can we read MS v. AT&T as casting doubt on the assumption that a hex key
is a “component or part” of a circumvention “technology, product,
service, [or] device” (the key language of the §1201 prohibition on trafficking in circumvention tools)? By itself, this number doesn’t circumvent, and
there’s not even a drop-in program with which one could readily use it
to circumvent. And the posters supply no tangible copies of the number,
but only a “blueprint” for making your own. At this stage, it’s merely
abstract information that might be, but isn’t being, implemented in
circumvention devices.

If it works for Microsoft, why not for the key-posters?