June 10, 2011

Deceptive Assurances of Privacy?

Filed under: code, privacy — wseltzer @ 11:52 am

Earlier this week, Facebook expanded the roll-out of its facial recognition software to tag people in photos uploaded to the social networking site. Many observers and regulators responded with privacy concerns; EFF offered a video showing users how to opt-out.

Tim O’Reilly, however, takes a different tack:

Face recognition is here to stay. My question is whether to pretend that it doesn’t exist, and leave its use to government agencies, repressive regimes, marketing data mining firms, insurance companies, and other monolithic entities, or whether to come to grips with it as a society by making it commonplace and useful, figuring out the downsides, and regulating those downsides.

…We need to move away from a Maginot-line like approach where we try to put up walls to keep information from leaking out, and instead assume that most things that used to be private are now knowable via various forms of data mining. Once we do that, we start to engage in a question of what uses are permitted, and what uses are not.

O’Reilly’s point –and face-recognition technology — is bigger than Facebook. Even if Facebook swore off the technology tomorrow, it would be out there, and likely used against us unless regulated. Yet we can’t decide on the proper scope of regulation without understanding the technology and its social implications.

By taking these latent capabilities (Riya was demonstrating them years ago; the NSA probably had them decades earlier) and making them visible, Facebook gives us more feedback on the privacy consequences of the tech. If part of that feedback is “ick, creepy” or worse, we should feed that into regulation for the technology’s use everywhere, not just in Facebook’s interface. Merely hiding the feature in the interface, while leaving it active in the background would be deceptive: it would give us a false assurance of privacy. For all its blundering, Facebook seems to be blundering in the right direction now.

Compare the furor around Dropbox’s disclosure “clarification”. Dropbox had claimed that “All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password,” but recently updated that to the weaker assertion: “Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so).” Dropbox had signaled “encrypted”: absolutely private, when it meant only relatively private. Users who acted on the assurance of complete secrecy were deceived; now those who know the true level of relative secrecy can update their assumptions and adapt behavior more appropriately.

Privacy-invasive technology and the limits of privacy-protection should be visible. Visibility feeds more and better-controlled experiments to help us understand the scope of privacy, publicity, and the space in between (which Woody Hartzog and Fred Stutzman call “obscurity” in a very helpful draft). Then, we should implement privacy rules uniformly to reinforce our social choices.

June 9, 2011

UN Rapporteur on Free Expression on the Internet

Filed under: Chilling Effects, Internet, censorship, open, privacy — wseltzer @ 5:54 pm

“[D]ue to the unique characteristics of the Internet, regulations or restrictions which may be deemed legitimate and proportionate for traditional media are often not so with regard to the Internet.”

This statement of Internet exceptionalism comes not from the fringes of online debate, but from the UN Human Rights Council’s Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. The Rapporteur, Frank La Rue, recently presented a report emphasizing the importance of rule of law and respect for free expression.

  • State-sponsored content blocking or filtering is “frequently in violation of their obligation to guarantee the right to freedom of expression.” Blocking is often overbroad and vague, secret (non-transparent), and often lacks independent review.
  • Intermediary liability, even with notice-and-takedown safe-harbor, “is subject to abuse by both State and private actors.” Private intermediaries, like states, will tend to over-censor and lack transparency. They’re not best placed to make legality determinations. “The Special Rapporteur believes that censorship measures should never be delegated to a private entity, and that no one should be held liable for content on the Internet of which they are not the author.”
  • Disconnecting users cuts off their Internet-based freedom of expression. The report calls out HADOPI, the UK Digital Economy Bill, and ACTA for concern, urging states “to repeal or amend existing intellectual copyright laws which permit users to be disconnected from Internet access, and to refrain from adopting such laws.”
  • Anonymity. “The right to privacy is essential for individuals to express themselves freely. Indeed, throughout history, people’s willingness to engage in debate on controversial subjects in the public sphere has always been linked to possibilities for doing so anonymously.” Monitoring, Real-ID requirements, and personal data collection all threaten free expression, “undermin[ing] people’s confidence and security on the Internet, thus impeding the free flow of information and ideas online.”

    “The Special Rapporteur calls upon all States to ensure that Internet access is maintained at all times, including during times of political unrest.” I couldn’t say it better myself.

  • Editorials against PROTECT-IP

    Filed under: Chilling Effects, censorship, copyright, domain names — wseltzer @ 2:40 pm

    First the Los Angeles Times, now the New York Times have both printed editorials critical of the PROTECT-IP bill.

    Both the LAT and NYT support copyright — and announce as much in their opening sentences. That doesn’t mean we should sacrifice Internet security and stability for legitimate DNS users, nor the transparency of the rule of law. As the LAT puts it “The main problem with the bill is in its effort to render sites invisible as well as unprofitable.” Pulling sites from search won’t stop people from reaching them, but will stifle public debate. Copyright must not be used to shut down the engine of free expression for others.

    Let’s hope these policy criticisms, combined with the technical critiques from a crew of DNS experts will begin a groundswell against this poorly considered bill.

    June 8, 2011

    Privacy, Attention, and Political Community

    Filed under: privacy — wseltzer @ 2:22 pm

    In the ferment of ideas from PLSC, and the lead-up to Berkman’s HyperPublic I wanted to get back to my draft paper on “Privacy, Attention, and Political Community” (PDF)

    Privacy scholarship is expanding its concept of what we’re trying to protect when we protect “privacy.” In the U.S. legal thought, that trend leads from Warren and Brandeis’s “right to be let alone,” through Prosser’s four privacy torts, to Dan Solove’s 16-part taxonomy of privacy-related problems.

    In this thicker privacy soup, I focus on the social aspects, what danah boyd and others refer to as “privacy in public.” It is not paradoxical that we want to exchange more information with more people, yet preserve some control over the scope and timing of those disclosures. Rather, privacy negotiation is part of building political and social community. I use the political liberalism of John Rawls to illuminate the political aspects: social consensus from differing background conceptions depends on a deliberate exchange of information.

    We learn to negotiate privacy choices as we see them reflected around us. Yet technological advances challenge our privacy instincts by enabling non-transparent information collection: data aggregators amass and mine detailed long-term profiles from limited shared glimpses; online social networks leak information through continuous feeding of social pathways we might rarely activate offline; cell phones become fine-grained location-tracking devices of interest to governments and private companies, unnoticed until we map them.

    I suggest that privacy depends on social feedback and flow-control. We can take responsibility for our privacy choices only when we understand them, and we can understand them best through seeing them operate. Facebook’s newsfeed sparked outrage when it launched by surprise, but as users saw their actions reflected in feeds, they could learn to shape those streams to construct the self-image they wanted to show. Other aspects of interface design can similarly help us to manage our social privacy.

    This perspective sits before legal causes of action and remedies, but it suggests that we might call upon regulation in the service of transparency of data-collection. Architectures of data collection should make privacy and disclosure visible.

    Cross-posted at HyperPublic blog.

    May 12, 2011

    Debugging Legislation: PROTECT IP

    Filed under: Chilling Effects, censorship, copyright, domain names, events — wseltzer @ 10:45 am

    There’s more than a hint of theatrics in the draft PROTECT IP bill (pdf, via dontcensortheinternet ) that has emerged as son-of-COICA, starting with the ungainly acronym of a name. Given its roots in the entertainment industry, that low drama comes as no surprise. Each section name is worse than the last: “Eliminating the Financial Incentive to Steal Intellectual Property Online” (Sec. 4) gives way to “Voluntary action for Taking Action Against Websites Stealing American Intellectual Property” (Sec. 5).

    Techdirt gives a good overview of the bill, so I’ll just pick some details:

    • Infringing activities. In defining “infringing activities,” the draft explicitly includes circumvention devices (”offering goods or services in violation of section 1201 of title 17″), as well as copyright infringement and trademark counterfeiting. Yet that definition also brackets the possibility of “no [substantial/significant] use other than ….” Substantial could incorporate the “merely capable of substantial non-infringing use” test of Betamax.
    • Blocking non-domestic sites. Sec. 3 gives the Attorney General a right of action over “nondomestic domain names”, including the right to demand remedies from (A) domain name system server operators, (B) financial transaction providers, (C), Internet advertising services, and (D) “an interactive computer service (def. from 230(f)) shall take technically feasible and reasonable measures … to remove or disable access to the Internet site associated with the domain name set forth in the order, or a hypertext link to such Internet site.”
    • Private right of action. Sec. 3 and Sec. 4 appear to be near duplicates (I say appear, because unlike computer code, we don’t have a macro function to replace the plaintiff, so the whole text is repeated with no diff), replacing nondomestic domain with “domain” and permitting private plaintiffs — “a holder of an intellectual property right harmed by the activities of an Internet site dedicated to infringing activities occurring on that Internet site.” Oddly, the statute doesn’t say the simpler “one whose rights are infringed,” so the definition must be broader. Could a movie studio claim to be hurt by the infringement of others’ rights, or MPAA enforce on behalf of all its members? Sec. 4 is missing (d)(2)(D)
    • WHOIS. The “applicable publicly accessible database of registrations” gets a new role as source of notice for the domain registrant, “to the extent such addresses are reasonably available.” (c)(1)
    • Remedies. The bill specifies injunctive relief only, not money damages, but threat of an injunction can be backed by the unspecified threat of contempt for violating one.
    • Voluntary action. Finally the bill leaves room for “voluntary action” by financial transaction providers and advertising services, immunizing them from liability to anyone if they choose to stop providing service, notwithstanding any agreements to the contrary. This provision jeopardizes the security of online businesses, making them unable to contract for financial services against the possibility that someone will wrongly accuse them of infringement. 5(a) We’ve already seen that it takes little to convince service providers to kick users off, in the face of pressure short of full legal process (see everyone vs Wikileaks, Facebook booting activists, and numerous misfired DMCA takedowns); this provision insulates that insecurity further.

    In short, rather than “protecting” intellectual and creative industry, this bill would make it less secure, giving the U.S. a competitive disadvantage in online business.

    UPDATE: Sen. Leahy has posted the bill with a few changes from the above-linked draft (thanks Ryan Radia for the link).

    May 5, 2011

    In DHS Takedown Frenzy, Mozilla Refuses to Delete MafiaaFire Add-On

    Filed under: Chilling Effects, censorship, code, copyright, domain names — wseltzer @ 8:27 pm

    Not satisfied with seizing domain names, the Department of Homeland Security asked Mozilla to take down the MafiaaFire add-on for Firefox. Mozilla, through its legal counsel Harvey Anderson, refused. Mozilla deserves thanks and credit for a principled stand for its users’ rights.

    MafiaaFire is a quick plugin, as its author describes, providing redirection service for a list of domains: “We plan to maintain a list of URLs, and their duplicate sites (for example Demoniod.com and Demoniod.de) and painlessly redirect you to the correct site.” The service provides redundancy, so that domain resolution — especially at a registry in the United States — isn’t a single point of failure between a website and its would-be visitors. After several rounds of ICE seizure of domain names on allegations of copyright infringement — many of which have been questioned as to both procedural validity and effectiveness — redundancy is a sensible precaution for site-owners who are well within the law as well as those pushing its limits.

    DHS seemed poised to repeat those procedural errors here. As Mozilla’s Anderson blogged: “Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order.” DHS simply “requested” the takedown with no such procedural back-up. Instead of pulling the add-on, Anderson responded with a set of questions, including:

    1. Have any courts determined that MAFIAAfire.com is unlawful or illegal inany way? If so, on what basis? (Please provide any relevant rulings)

    2. Have any courts determined that the seized domains related to MAFIAAfire.com are unlawful, illegal or liable for infringement in any way? (please provide relevant rulings)
    3. Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.

    Unless and until the government can explain its authority for takedown of code, Mozilla is right to resist DHS demands. Mozilla’s hosting of add-ons, and the Firefox browser itself, facilitate speech. They, like they domain name system registries ICE targeted earlier, are sometimes intermediaries necessary to users’ communication. While these private actors do not have First Amendment obligations toward us, their users, we rely on them to assert our rights (and we suffer when some, like Facebook are less vigilant guardians of speech).

    As Congress continues to discuss the ill-considered COICA, it should take note of the problems domain takedowns are already causing. Kudos to Mozilla for bringing these latest errors to public attention.

    February 2, 2011

    Super Bust: Due Process and Domain Name Seizure

    Filed under: Internet, copyright, domain names, sports — wseltzer @ 10:22 pm

    This domain name has been seizedWith the same made-for PR timing that prompted a previous seizure of domain names just before shopping’s “Cyber Monday,” Immigration and Customs Enforcement struck again, this time days before the Super Bowl, against “10 websites that illegally streamed live sporting telecasts and pay-per-view events over the Internet.” ICE executed seizure warrants against the 10, ATDHE.NET, CHANNELSURFING.NET, HQ-STREAMS.COM, HQSTREAMS.NET, FIRSTROW.NET, ILEMI.COM, IILEMI.COM, IILEMII.COM, ROJADIRECTA.ORG and ROJADIRECTA.COM, by demanding that registries redirect nameserver requests for the domains to 74.81.170.110, where a colorful “This domain name has been seized by ICE” graphic is displayed.

    As in a previous round of seizures, these warrants were issued ex parte, without the participation of the owners of the domain names or the websites operating there. And, as in the previous rounds, there are questions about the propriety of the shutdowns. One of the sites whose domain was seized was Spanish site rojadirecta.com / rojadirecta.org, a linking site that had previously defeated copyright infringement claims in Madrid, its home jurisdiction. There, it prevailed on arguments that it did not host infringing material, but provided links to software and streams elsewhere on the Internet. Senator Ron Wyden has questioned the seizures, saying he “worr[ies] that domain name seizures could function as a means for end-running the normal legal process in order to target websites that may prevail in full court.”

    According to ICE, the domains were subject to civil forfeiture under 18 U.S.C. § 2323(a), for “for illegally distributing copyrighted sporting events,” and seizure under § 981. That raises procedural problems, however: when the magistrate gets the request for seizure warrant, he or she hears only one side — the prosecutor’s. Without any opposing counsel, the judge is unlikely to learn whether the accused sites are general-purpose search engines or hosting sites for user-posted material, or sites providing or encouraging infringement. (Google, for example, has gotten many complaints from the NFL requesting the removal of links — should their domains be seized too?)

    Now I don’t want to judge the sites’ legality one way or the other based on limited evidence. Chilling Effects has DMCA takedown demands from several parties demanding that Google remove from its search index pages on some of these sites — complaints that are themselves one-side’s allegation of infringement.

    What I’d like to see instead is due process for the accused before domain names are seized and sites disrupted. I’d like to know that the magistrate judge saw an accurate affidavit, and reviewed it with enough expertise to distinguish the location of complained-of material and the responsibility the site’s owners bear for it: the difference between direct, contributory, vicarious, and inducement of copyright infringement (for any of which a site-owner might be held liable, in appropriate circumstances) and innocent or protected activity.

    In the best case, the accused gets evidence of the case against him or her and the opportunity to challenge it. We tend to believe that the adversarial process, judgment after argument between the parties with the most direct interests in the matter, best and most fairly approaches the truth. These seizures, however, are conducted ex parte, with only the government agent presenting evidence supporting a seizure warrant. (We might ask why: a domain name cannot disappear or flee the jurisdiction if the accused is notified — the companies running the .com, .net, and .org registries where these were seized have shown no inclination to move or disregard US court orders, while if the name stops resolving, that’s the same resolution ICE seeks by force.)

    If seizures must be made on ex parte affidavits, the magistrate judges should feel free to question the affiants and the evidence presented to them and to call upon experts or amici to brief the issues. In their review, magistrates should beware that a misfired seizure can cause irreparable injury to lawfully operating site-operators, innovators, and independent artists using sites for authorized promotion of their own materials.

    I’d like to compile a set of public recommendations to the magistrate judges who might be confronted with these search warrants in the future, if ICE’s “Operation In Our Sites” continues. This would include verifying that the alleged infringements are the intended purpose of the domain name use, not merely a small proportion of a lawful general-use site.

    February 1, 2011

    Reflections on Egypt and the Net

    Filed under: Internet, censorship, networks — wseltzer @ 9:07 am

    Over the last week, I’ve been glued to my Twitter feed (hashtags #jan25, #egypt, and @ioerror, @jilliancyork and @EthanZ are good aggregators) and Al Jazeera English to follow events in Egypt. I can only watch and tweet my support (and work with groups like Tor Project whose technology and training helps dissidents stay safer when they have Net access) as people mass in Tahrir Square for a million+ person march.

    I recognize the location of some of Al Jazeera footage from a visit to Cairo. Poignantly, that was in November 2008, in the final days of the U.S. presidential election, when I used the Internet to make skype-based get-out-the-vote calls. Since Mubarak has been in power for 30 years, the Egyptians who cheered Obama’s victory around me had never had the opportunity to vote in meaningful free elections.

    As Egypt’s January 25 protests continued, the Egyptian government cut off Internet access (see reports from The Tor Project, Renesys, and RIPE) and mobile SMS from most of the country’s providers. Yesterday, Noor.net, the final provider that had continued to offer Internet connectivity, also became unreachable. Even phone service is uncertain. Andrew McLaughlin eloquently called upon Communications Minister Tarek Kamel to restore communications.

    That cut-off in itself demonstrates some of the value of Internet communications: the unpopular government fears the organizing resources the Net provides for citizens, and the window it gives to the world watching and trying to help. While it’s far too early to measure the Net’s impact on revolutionary movements in Egypt, and Tunisia only weeks earlier, we can find potential impacts. Were Egyptians inspired by news from Tunisia’s uprising, some of it reaching them faster online? Did they use social media to organize, along with off-line means? Did social media help to amplify off-line protests, showing solidarity among friends and people they respected, encouraging more to take to the streets? It’s clear that we in the United States have had access to much more information, through the Net, even cut off as it has been, than we’d get quickly from a pre-Internet revolution.

    We also see that the Internet is not any particular means of data transport. The independence of layers means that applications don’t care what the route underneath looks like, so long as there is one. That meant that even cutting off Internet service providers couldn’t stop information flows: while Egyptians could call out from the country, they could tell their stories at @jan25voices, and through the Google-Twitter-Phone service, @speak2tweet, that automates some of the voice-Twitter connection. Other providers outside Egypt have offered dial-up lines.

    Moreover, the situation illustrates the value of open Internet here at home. Al Jazeera English, the television broadcaster giving the most thorough coverage of the Egyptian events — despite having its Cairo bureau closed and six of its journalists jailed — is not available through most US cable providers. Ryan Grim on Huffington Post calls this a “blackout”, but thanks to the Internet, that need not be a barrier. I’m watching Al Jazeera English on my computer, through pipes that can carry video, audio, and text of my choice. (So it’s disturbing to see Chris Sacca tweet that he “worked at an Akamai competitor when Al-Jazeera sought CDN [content delivery network: local caching that can help improve network delliery] help in 2002. US Gov made clear to us that we would suffer.” Cable’s limited-purpose pipe, where subscribers get only bundles chosen from among the channels their providers offer, seems an anachronism in the Internet age. We may still want to watch video (and not only create it ourselves), but we need Net neutrality’s assurance that we can get it from any source: peer, professional, or dissident.

    I’ll continue to watch the tweets and video online, hoping that in the near future, I’ll be able to celebrate with the Egyptian people as they vote in free and democratic elections.

    September 21, 2010

    Copyright, Censorship, and Domain Name Blacklists at Home in the U.S.

    Filed under: Chilling Effects, Internet, censorship, copyright, trademark — wseltzer @ 12:33 pm

    Last week, The New York Times reported that Russian police were using copyright allegations to raid political dissidents, confiscating the computers of advocacy groups and opposition newspapers “under the pretext of searching for pirated Microsoft software.” Admirably, Microsoft responded the next day with a declaration of license amnesty to all NGOs:

    To prevent non-government organizations from falling victim to nefarious actions taken in the guise of anti-piracy enforcement, Microsoft will create a new unilateral software license for NGOs that will ensure they have free, legal copies of our products.

    Microsoft’s authorization undercuts any claim that its software is being infringed, but the Russian authorities may well find other popular software to use as pretext to disrupt political opponents.

    “Piracy” has become the new tax evasion, an all-purpose charge that can be lobbed against just about anyone. If the charge alone can prompt investigation — and any electronics could harbor infringing copies — it gives authorities great discretion to interfere with dissidents.

    That tinge of censorship should raise grave concern here in the United States, where Patrick Leahy and Orrin Hatch, with Senate colleagues, have introduced the “Combating Online Infringement and Counterfeits Act.” (PDF).

    This Bill would give the Attorney General the power to blacklist domain names of sites “offering or providing access to” unauthorized copyrighted works “in complete or substantially complete form, by any means, including by means of download, transmission, or otherwise, including the provision of a link or aggregated links to other sites or Internet resources for obtaining such copies for accessing such performance or displays”; as well as those offering items with counterfeit trademarks. The AG could obtain court orders, through “in rem” proceedings against the domains, enjoining the domain name registrars or registries from resolving the names. Moreover, in the case of domains without a U.S. registrar or registry, other service providers, financial transaction providers, and even advertising servers could be caught in the injunctive net.

    While the Bill makes a nod to transparency by requiring publication of all affected domain names, including those the Department of Justice “determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section,” it then turns that information site into a invitation to self-censorship, giving legal immunity to all who choose to block even those names whose uses’ alleged illegality has not been tested in court. (Someone who is listed must petition, under procedures to be determined by the AG, to have names removed from the list.)

    Finally, the statute’s warped view — that allegations of infringement can only be good — is evident in the public inputs it anticipates. The public and intellectual property holders shall be invited to provide information about “Internet sites that are dedicated to infringing activities,” but there is no provision for the public to complain of erroneous blockage or lawful sites mistakenly or maliciously included in the blacklist.

    Hollywood likes the Bill. Unfortunately, there’s plenty of reason to believe that allegations of infringement will be misused here in the United States. Even those who oppose infringement of copyright and trademark (myself included) should oppose this censorious attempt to stop it.

    Cross-posted at Freedom to Tinker.

    July 28, 2010

    Jailbreaking Copyright’s Scope

    Filed under: DMCA, code, markets, open, phone — wseltzer @ 8:29 am

    A bit late for the rule’s “triennial” cycle, the Librarian of Congress has released the sec 1201(a)(1)(C) exceptions from the prohibitions on circumventing copyright access controls. For the next three years, people will not be ” circumventing” if they “jailbreak” or unlock their smartphones, remix short portions of motion pictures on DVD (if they are college and university professors or media students, documentary filmmakers, or non-commercial video-makers), research the security of videogames, get balky obsolete dongled programs to work, or make an ebook read-aloud. (I wrote about the hearings more than a year ago, when the movie studios demoed camcording a movie — that didn’t work to stop the exemption.)

    Since I’ve criticized the DMCA’s copyright expansion, I was particularly interested in the inter-agency debate over EFF’s proposed jailbreak exemption. Even given the expanded “para-copyright” of anticircumvention, the Register of Copyrights and NTIA disagreed over how far the copyright holder’s monopoly should reach. The Register recommended that jailbreaking be exempted from circumvention liability, while NTIA supported Apple’s opposition to the jailbreak exemption.

    According to the Register (PDF), Apple’s “access control [preventing the running of unapproved applications] does not really appear to be protecting any copyright interest.” Apple might have had business reasons for wanting to close its platform, including taking a 30% cut of application sales and curating the iPhone “ecosystem,” those weren’t copyright reasons to bar the modification of 50 bytes of code.

    NTIA saw it differently. In November 2009, after receiving preliminary recommendations from Register Peters, Asst. Secretary Larry Strickling wrote (PDF):

    NTIA does not support this proposed exemption [for cell phone jailbreaking]…. Proponents argue that jailbreaking will support open communications platforms and the rights of consumers to take maximum advantage of wireless networks and associated hardware and software. Even if permitting cell phone “jailbreaking” could facilitate innovation, better serve consumers, and encourage the market to utilize open platforms, it might just as likely deter innovation by not allowing the developer to recoup its development costs and to be rewarded for its innovation. NTIA shares proponents’ enthusiasm for open platforms, but is concerned that the proper forum for consideration of these public policy questions lies before the expert regulatory agencies, the U.S. Department of Justice and the U.S. Congress.

    The debate affects what an end-user buys when purchasing a product with embedded software, and how far copyright law can be leveraged to control that experience and the market. Is it, as Apple would have it, only the right to use the phone in the closed “ecosystem” as dictated by Apple, with only exit (minus termination fees) if you don’t like it there? or is it a building block, around which the user can choose a range of complements from Apple and elsewhere? In the first case, we see the happenstance of software copyright locking together a vertically integrated or curated platform, forcing new entrants to build the whole stack in order to compete. In the second, we see opportunities for distributed innovation that starts at a smaller scale: someone can build an application without Apple’s approval, improving the user’s iPhone without starting from scratch.

    NTIA would send these “public policy” questions to Congress or the Department of Justice (antitrust), but the Copyright Office and Librarian of Congress properly handled them here. “[T]he task of this rulemaking is to determine whether the availability and use of access control measures has already diminished or is about to diminish the ability of the public to engage in noninfringing uses of copyrighted works similar or analogous to those that the public had traditionally been able to make prior to the enactment of the DMCA,” the Register says. Pre-DMCA, copyright left room for reverse engineering for interoperability, for end-users and complementors to bust stacks and add value. Post-DMCA, this exemption helps to restore the balance toward noninfringing uses.

    In a related vein, economists have been framing research into proprietary strategies for two-sided markets, in which a platform provider is mediating between two sets of users — such as iPhone’s end-users and its app developers. In their profit-maximizing interests, proprietors may want to adjust both price and other aspects of their platforms, for example selecting fewer app developers than a competitive market would support so each earns a scarcity surplus it can pay to Apple. But just because proprietors want a constrained environment does not mean that the law should support them, nor that end-users are better off when the platform-provider maximizes profits. Copyright protects individual works against unauthorized copying; it should not be an instrument of platform maintenance — not even when the platform is or includes a copyrighted work.

    « Previous PageNext Page »

    Powered by WordPress