Workplace ethics;
working with your boss
January 28 Challenger Launch
O-ring problems on the Solid Rocket Boosters (SRBs) had been known for a decade.
Managers want yes/no answers; engineers give floating-point answers.
Both at NASA and at the SRB contractor Morton Thiokol, managers put engineers on the spot by demanding yes/no answers.
In general, frank discussions with ones manager are not only appropriate but required.
That said, however, managers do not necessarily respond positively to "ethical" arguments. Here are a few alternatives:
Bringing ethical issues to the attention of your supervisor
Programmers: quality issues
Network admins:
Nobody wants to make a Career Limiting Move
BUT your boss doesn't want something to blow up later.
Going over your boss's head: Generally a CLM, but sometimes there are specific avenues.
Challenger engineers
How managers tend to think, versus techies
Ethics and the notion of the Social Contract: JJ Rousseau, 1762
Legal liability: "yes, but we don't wanna get sued...."
Whistleblower protections: federal & state law, company policy
Writing a CYA memo: Richard M Daley and that guy who first noticed the potential leak
Louis Koncza was Chief Engineer for Chicago in 1992. He (or his staff) discovered leaks in the coal-railway tunnels under the Chicago River. He wrote a memo to his boss, DOT head John LaPlante, about the leaks. But the memo asked for money for repairs and didn't make it clear it was an emergency. LaPlante authorized, for example, a bidding process, which is not an emergency response. Daley fired Koncza, for failing to convey sufficient urgency, and because "sending a memo to a supervisor does not absolve you".
John LaPlante was fired too: "Daley did what he had to do"
Baase, section 3.3.2
Yahoo offered nazi memorabilia for sale on its auction site. They were sued by LICRA (LIgue Contre le Racisme et l'Antisémitisme)
(This is a JURISDICTIONAL case that probably should be discussed elsewhere, except that it addresses a free-speech issue.)
French courts decided they did have jurisdiction to hear the case. But Yahoo has no assets in France!
Appellate US court (9th circuit), en banc, held that the US might have jurisdiction in the reverse case against LICRA (and UEJF). BUT the case was directed to be "dismissed without prejudice", as it's not yet ready to be decided. It was not "ripe".
(same thing happened to US v Warshak, when the 6th circuit en banc ruled the case was not "ripe")
Yahoo was asking a US court to assert that France had no authority. The 9th circuit refused to do that. Yet.
Judge William Fletcher:
Part of the issue: Yahoo was not able to point to any speech of its own that was "chilled" by the French decision. Yahoo did adopt an anti-hate-speech policy.
The court did not address the notion that the only way to restrict access in France would be to restrict access in the US.
These issues led to the declaration of non-ripeness.
This is a JURISDICTIONAL case that was left undecided
At about the same time, there was growing realization that advertising-based geolocation software (IP addr -> location) was better than sometimes understood, and that by using such software it was possible to block apperarance in France (at least to 90% of users).
Yahoo never really implemented this; they decided instead to ban all "hate material", everywhere. This includes KKK memorabilia.
We kind of omitted this, but it's a real nuts-and-bolts example, where, like with store cards, we agree to give up information, but unlike store cards the information has real power over us.
What if we're offered a DRM per-view (or per-listen) option, with licensing verified over the Internet?
That would mean that whoever was doing the licensing would know exactly what we were watching!
Do we have a problem with that?
What about just some of the time?
What if the alternative were to buy the DVD, but because this scheme marginalized DVD sales, a DVD now cost ~$35?
Largely, this strategy seems to have gone nowhere. Is it different at all from what Netflix already does?
essential problem:
This is a significant issue in the "free speech" of employees. Note
how giving providers an easy way to get libel cases dismissed via
summary judgement makes this strategy for corporations much more
difficult.
See http://www.chillingeffects.org/johndoe/faq.cgi
Note that the issue here is the use of the legal system to
find identities of anonymous posters.
Baase has an extensive section on anonymity.
What about employee bloggers?
Well, is it?
Cases where it's been debated:
For a while, the NSA (National Security Agency) tried very hard to block even publication of scientific papers. They would issue "secrecy orders".
But eventually the government's weapon of choice was ITAR: International Trade in Armaments Regulations
Suppose you make F-16 fighters. You need a munitions export permit to sell these oversees. What about if you make open-source encryption software? You need the same kind of permit! Even if you GIVE IT AWAY!!
BOOKS were exempt. The rule applied only to machine-readable forms. For a while, there was a machine-readable T-shirt with the RSA encryption algorithm on it.
Zimmermann case
Phil Zimmermann released PGP ("Pretty Good Privacy") as an open-source project in the early 90's. The gov't made him promise not to do it again. Zimmermann's associates outside the US released the next version. Zimmermann was under indictment for three years, but charges were eventually dropped.
Schneier case
Bruce Schneier wrote a textbook on cryptography. All the algorithms were printed, and also included on a FLOPPY in the back of the book. Phil Karn applied for an export license for the package. It was granted for the book, denied for the floppy.
Bernstein case
Daniel Bernstein created a cipher called "snuffle". In 1995 he sued to be allowed to post it to a course website. In 1997 the district court ruled in his favor. In 1999 a 3-judge panel of the 9th circuit ruled in his favor, although more narrowly. Opinion of Judge Betty Fletcher:
http://epic.org/crypto/export_controls/bernstein_decision_9_cir.html
Prior-restraint was one issue
Bernstein's right to speak is the issue, not foreigners' right to hear
But does source code qualify? see p 4230 4232: for loop 4233: LISP
Snuffle was also intended, in part, as political expression.
Bernstein discovered that the ITAR regulations controlled
encryption exports, but not one-way hash functions. Because
he believed that an encryption system could easily be fashioned
from any of a number of publicly-available one-way hash functions,
he viewed the distinction made by the ITAR regulations as absurd.
To illustrate his point, Bernstein developed Snuffle, which
is an encryption system built around a one-way hash function. (Arguably, that would now make Snuffle political speech, generally subject to the fewest restrictions!)
Here is Judge Fletcher's main point:
Thus, cryptographers use source code to express their scientific ideas in much the same way that mathematicians use equations or economists use graphs. Of course, both mathematical equations and graphs are used in other fields for many purposes, not all of which are expressive. But mathematicians and economists have adopted these modes of expression in order to facilitate the precise and rigorous expression of complex scientific ideas.13 Similarly, the undisputed record here makes it clear that cryptographers utilize source code in the same fashion.
Gov't argument: ok, source code might be expressive, but you can also run it and then it does something: it has "direct functionality"
Fletcher: source code is meant, in part, for reading.
More importantly, the idea that it can be banned due to its "direct functionality" is a problem:
what if a computer could be ordered to do something with spoken commands?
Would that make speech subject to restraint? In some sense absolutely yes; if speech became action then it would be, well, actionable (that is, something that could be legally prohibited).
In 1999, the full 9th circuit agreed to hear the case; it was widely expected to make it to the supreme court.
But it did not. The government dropped the case.
Junger v Daley
Junger was prof at Case Western Reserve University. He wanted to teach a crypto course, with foreign students.
6th circuit:
The district court concluded that the functional characteristics of source code overshadow its simultaneously expressive nature. The fact that a medium of expression has a functional capacity should not preclude constitutional protection.
Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.
BUT: there's still a recognition of the need for balancing:
We recognize that national security interests can outweigh the interests of protected speech and require the regulation of speech. In the present case, the record does not resolve whether ... national security interests should overrule the interests in allowing the free exchange of encryption source code.
DeCSS case
There are several; the best known is MPAA v Reimerdes, Corley, and Kazan.
Eric Corley, aka Emmanuel Goldstein, is the publisher of 2600 magazine.
Corley:
DeCSS was developed in ~1999, supposedly by Jon Lech Johansen. He wrote
it with others; it was released in 1999 when Johansen was ~16. He was
tried in Norway in 2002, and was acquitted.
Judge Kaplan memorandum, Feb 2000
As a preliminary matter, it is far from clear that DeCSS is speech protected by the First Amendment. In material respects, it is merely a set of instructions that controls computers.
He then goes on to consider the "balancing" approach between free speech and regulation, considering the rationale for the regulation and the relative weights of each side.
The computer code at issue in this case does little to serve these goals [of expressiveness]. Although this Court has assumed that DeCSS has at least some expressive content, the expressive aspect appears to be minimal when compared to its functional component. Computer code primarily is a set of instructions which, when read by the computer, cause it to function in a particular way, in this case, to render intelligible a data file on a DVD. It arguably "is best treated as a virtual machine . . . ." [the decision cites Lemley & Volokh, Freedom of Speech and Injunctions in Intellectual Property Cases, Duke Law Journal 1998. However, the sentence in Lemley and Volokh's paper explicitly refers to executable object code, not source! "The Bernstein court's conclusion, even if upheld, probably doesn't extend past source code to object code, however. We think most executable software is best treated as a virtual machine rather than as protected expression." Judge Kaplan apparently did not grasp the distinction.]
Note that this virtual-machine argument renders irrelevant the Bernstein precedent! Actually, the virtual-machine argument pretty much presupposes that you have come down solidly on the side of code-as-function instead of code-as-expression.
Also note the weighing of expression versus functionality, with the former found wanting.
Do you think that Judge Kaplan was stricter here than in the crypto
cases because crypto was seen as more "legitimate", and deCSS was
clearly intended to bypass anticircumvention measures?
Gallery of DeCSS: http://www.cs.cmu.edu/~dst/DeCSS/Gallery
Check out these in particular:
Does the entire gallery serve to establish an expressive purpose?
Baase §4.7
Do they help advance progress? or hinder it?
Patents are pretty clearly a market regulation
with the sole goal of improving innovation in technology. Inventors
don't "deserve" to profit from their ideas; we simply want to make sure
they are motivated to continue. In other words, this is purely
utilitarian.
Patents are intended to cover INVENTIONS rather than IDEAS. If you have an idea to sell hamburgers with salsa, or newspapers & beer together, or to create a website where people can post their own stuff, that's an IDEA. It can't be protected: everyone else is entitled to copy it freely.
My (former) three-part test on when it is appropriate to recognize software patents:
35 U.S.C. §101 (patent-eligibility law):
Whoever invents or discovers any new and useful process, machine,
manufacture, or composition of matter, or any new and useful
improvement thereof, may obtain a patent therefor, subject to the
conditions and requirements of this title.
The meaning of "process" is critical here: does it mean any procedure or method? Or does it mean "industrial process"? Historically, it pretty clearly was intended to mean the latter.
Pharmaceutical patents are sort of the poster child for Why Patents Are Good For Us. Here the patent system IS effective at encouraging investment:
One weirdness: patents "for the use of";
someone can, if drug X is in the public domain, patent
the use of X to treat disease Y (this must be in some legal sense a "new" use of X).
In practice this is not
much of a problem, because generic manufacturers can still make and
market X for its old purpose, and doctors can prescribe it for its new
purpose. Such prescriptions are sometimes said to be "off-label"; they
are an important way for drugs to get to people who will probably be
helped by them, but for which no company has yet done clinical trials,
and never will.
Some specific drugs:
cancer monoclonal-antibody drugs
These protein compoundss are antibodies that are highly specific to a certain substrate; they have very narrow targets. From http://en.wikipedia.org/wiki/History_of_cancer_chemotherapy:
Another branch in targeted therapy is the increasing use of monoclonal antibodies in cancer therapy. Although monoclonal antibodies (immune proteins which can be selected to precisely bind to almost any target) have been around for decades, they were derived from mice and did not function particularly well when administered to humans, causing allergic reactions and being rapidly removed from circulation. "Humanization" of these antibodies (genetically transforming them to be as similar to a human antibody as possible) has allowed the creation of a new family of highly effective humanized monoclonal antibodies. Rituximab, a drug used to treat lymphomas, is a prime example. -- Wikipedia
The point is
that some cancers can be specifically targeted by certain antibodies,
because they have specific antibody receptors not present in
non-cancerous cells. The receptors involved tend to be very
idiosyncratic.
None of these drugs would exist in the US marketplace if it were not for pharmaceutical patents.
On the other hand, the US Food and Drug Administration, which
regulates new drugs, is arguably a massive government intrusion into
the free market. Why shouldn't patent law intrude as well?
imatinib/gleevec: leukemias,
stomach cancers. It is used to treat cancers where the cells involved
have a specific receptor. Time magazine called it the "magic bullet
against cancer" in 2001, when it was approved, though that was an
overbroad assessment. It was also the subject of a patent lawsuit in
India in 2007; the case was referred by the Madras High Court to the
WTO.
rituximab/rituxan: binds to the WBC surface protein CD20. Used to treat leukemias/lymphonmas, also some autoimmune diseases such as lupus
cetuximab/erbitux: metastatic colorectal cancer, head&neck cancers. Binds to EGFR receptor; it is an EGFR-inhibitor.
trastuzumab/herceptin:
breast cancer. Monoclonal antibody that interferes with HER2/neu
receptor. In some breast cancers, the HER2 receptor is, as wikipedia
put it, "stuck in the 'on' position".
Antibiotics
nobody makes these, actually. The FDA requires not just proof of
effectiveness, but proof that the infection that was cured was in fact
resistant to existing antibiotics. This makes clinical trials very expensive.
Protein pump inhibitors (PPIs): used for various stomach-acid problems, including ulcers
omeprazole/prilosec
lansoprazole/prevacid
esomeprazol/nexium
HIV: protease inhibitors moved HIV from a short-term acute illness
to a long-term chronic illness. This made drug development profitable
again. When AZT
(one of the first effective anti-HIV drugs) was first applied in the
early 1990's to HIV patients, though, it was an off-label use.
red/white-blood cell drugs:
filGRAStim/neupogen
makes more neutrophils/other WBCs. Used for cancer/chemo/BMT patients
erythropoietin
makes more RBCs: kidney disease, cancer, cancer treatment
diabetes
exENatide/byetta: this often means the patient can
avoid taking insulin. It is offcially for type-2 (non-insulin
dependent) diabetes. From byetta.com: Byetta may also be used for other purposes not listed in this medication guide.
In 1984, Congress passed the Drug Price Competition and Patent Term Restoration Act, also known as the Hatch-Waxman Act. This allowed generic drug makers to use a patented drug in their own
FDA application, so that approval would be in place as soon as the
original patent expired (normally after 20 years). However, it also
gave pharmaceutical developers a chance at a patent extension for up to five extra years, subject to the following:
Basically, if a country is too poor to afford to treat all its
citizens with a new drug, many may die. This has definitely been the
case with some HIV drugs. As a result, the Third World has long argued
that it should be exempt from pharmaceutical patents.
In the mid-1990's, the WTO basically agreed, and allowed (I'm not
sure of the exact terms) third-world countries to manufacture generic
equivalents of first-world drugs for use within their own borders only.
The manufacturing must be for the government's own use (eg in
distributing to its people; the manufacturing can't be a for-profit
initiative of a private company in that country). Also, a good-faith
attempt must have been made first to negotiate for a reduced-rate
license to manufacture the drug, and such profits as are made must be
given to the patent holder. In practice, large US pharmaceutical
companies often enter into vastly-reduced-price licensing arrangements
with third-world companies.
In 2005, the WTO relaxed this rule to allow poorer nations to import
generics that would otherwise be covered by a patent. This is sometimes
described as a "compulsory license". The manufacturer would not be
prosecuted.
Four kinds of software-patent issues:
A classic "broad" patent is the Wright brothers patent on
"wing-warping" to control flight (to the Wrights, the wings were the
"aero-planes", planing the air, the rest of it was the "flying
machine"). The Wright brothers actually twisted the whole biplane
structure -- using cables -- to bank in a turn. This later led to the
development by others of ailerons, which achieve the same
effect but which mechanically are entirely different. A court ruled the
Wright patent still applied: what mattered was the concept of adjusting wing angles to tilt the craft.
History of software patents
For a long time, software was held to be unpatentable,
as mathematical algorithms are unpatentable. Any fundamental mathematical or physical laws are unpatentable.
1972: Gottschalk v Benson: can't patent a mathematical algorithm (in this case a number-format-conversion algorithm)
1973: ATT somehow manages to patent the setuid bit, claiming it's
hardware. This patent was dedicated to the public domain in 1979. This
patent is certainly a deep idea: if a certain bit is set in the
filesystem information node for a file (not in the file itself), then
when the file is executed,
it runs with the privileges of its owner and not the user. Before then
(and after; see what Windows does), there were complex ad-hoc methods
for running selected programs with elevated (or alternative) privileges.
1981: Diamond v Diehr: computer + machine IS patentable. For a
long time after, software patents always described the software in
combination with some hardware device. This patent dealt with the
curing of rubber, using a computer to guide the process.
Diamond v Diehr: SCOTUS says that an invention isn't automatically unpatentable just because it contains an algorithm But PTO & lower courts read in the converse: algorithms are patentable
Note that the current business-world baseline thus rests on USPTO policy and lower-court case law, NOT congress or SCOTUS.
Problem of "non-obviousness" the rules state that it's not enough to prove it's obvious today. Uh oh. That becomes an extremely difficult burden.
To be patentable, an invention must be "novel". Novelty is usually challenged by the presentation of "prior art":
did someone else discover it first? Often there are arguments about this.
If prior art is published,
it can invalidate a patent. However, if it was used privately, those
users can continue to use their idea without paying royalties to the
owner of the patent, but the patent may still stand. The patent can be challenged on the grounds of not being novel, but this is harder.
Broad patents for fundamental new ideas, narrow patents for improvements
compatibility issues: What if the default, standard implementation
is patented? Two cases where there was at least some movement away from a patented format:
GIF => PNG
MP3 => ogg vorbis
software patent v copyright
Supreme-court cases limit the word "process" in USC Title 35, Chapter 10, §101:
Inventions Patentable: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Some software patents
xor cursor
cpu Stack Pointer register
Using an xml document to describe the grammar of another xml document (Part of Scientigo's patent suite on xml)
British Telecom patent on the hyperlink, files 1976, granted 1989
Altavista patents on "web searching"
compression algorithms
RSA encryption: patent 4405829
RSA uses standard high-precision arithmetic in its calculations; the underlying number theory has been well-known for centuries. The patent is for the APPLICATION of these standard methods to encryption!
The RSA patents finally expired.
Compton 1989 patent on multimedia, despite Apple Hypercard in ~1987.
Steir's patent 5,060,171 on artificially adding hair to a person's image [Garfinkel article]
Eolas v Microsoft:
About a way for running "applets" in a browser window. See below.
NTP v RIM: the blackberry patent
mp3: lots of development went into this
Lempel-Ziv / LZW compression
This is the compression scheme in GIF file formats. The gif format was
developed by CompuServe in 1987. A year later, they noticed that the
algorithm was patented, and that the patent was currently held by
Unisys. Allegedly, Unisys told Compuserve at that time that they would
not need to pay royalties.
In 1999, Unisys demanded that some noncommercial websites pay a
$5000 fee for hosting files in the gif format. Some commercial sites
were asked for even more. It's not clear whether anyone paid it; most
affected sites rapidly switched to .jpeg or .png. Some observers were
especially offended by the fact that Unisys allowed the use of the GIF
format as a free standard until it became well-established, and then demanded fees.
There's some question as to whether this was the only or even the
dominant reason for the shift to PNG format; the latter does offer more
features (especially alpha and gamma) than GIF, and is a lossless
format unlike JPEG.
Natural-order recalculation in spreadsheets:
Rene K. Pardo and Remy Landau filed for a patent in 1971: U.S. Patent 4,398,249. This was an important case in allowing software patents (initially their request was denied as an "algorithm")
Spreadsheets were a brilliant idea (Dan Bricklin, VisiCalc?), but not order of recalculation.
MS has tried to patent FAT disk format. Their request was turned down.
compatibility issues where a patented file format (or file-creation algorithm) has led to a new standard:
GIF => PNG
MP3 => ogg vorbis
PTO (Patent & Trademark Office) problems:
ignorance is no defense: "submarine" patents
The entire process is secret: you can be making good-faith effort
to be noninfringing and get hit with a huge verdict.
willful: you had advance notice of infringing. Your belief that the patent was invalid is NOT a defense. Damages automatically triple.
Three groups:
how large corporations manage:
small inventors:
Open source: voip
Legal advantage of small inventor: somewhat diminished with rise in legal fees & increased ambiguity
But small inventors can still sell to patent-holding companies.
Legal situation of large corporations: