DeCSS was developed in ~1999, supposedly by Jon Lech Johansen. He wrote it with others; it was released in 1999 when Johansen was ~16. He was tried in Norway in 2002, and was acquitted.
Workplace ethics;
working with your boss
January 28 Challenger Launch
O-ring problems on the Solid Rocket Boosters (SRBs) had been known for a decade.
Managers want yes/no answers; engineers give floating-point answers.
Both at NASA and at the SRB contractor Morton Thiokol, managers put engineers on the spot by demanding yes/no answers.
In general, frank discussions with ones manager are not only appropriate but required.
That said, however, managers do not necessarily respond positively to "ethical" arguments. Here are a few alternatives:
Bringing ethical issues to the attention of your supervisor
Programmers: quality issues
Network admins:
Nobody wants to make a Career Limiting Move
BUT your boss doesn't want something to blow up later.
Going over your boss's head: Generally a CLM, but sometimes there are specific avenues.
Challenger engineers
How managers tend to think, versus techies
Ethics and the notion of the Social Contract: JJ Rousseau, 1762
Legal liability: "yes, but we don't wanna get sued...."
Whistleblower protections: federal & state law, company policy
Writing a CYA memo: Richard M Daley and that guy who first noticed the potential leak
Louis Koncza was Chief Engineer for Chicago in 1992. He (or his staff) discovered leaks in the coal-railway tunnels under the Chicago River. He wrote a memo to his boss, DOT head John LaPlante, about the leaks. But the memo asked for money for repairs and didn't make it clear it was an emergency. LaPlante authorized, for example, a bidding process, which is not an emergency response. Daley fired Koncza, for failing to convey sufficient urgency, and because "sending a memo to a supervisor does not absolve you".
John LaPlante was fired too: "Daley did what he had to do"
DRM and privacy
We kind of omitted this, but it's a real nuts-and-bolts example, where, like with store cards, we agree to give up information, but unlike store cards the information has real power over us.
What if we're offered a DRM per-view (or per-listen) option, with licensing verified over the Internet?
That would mean that whoever was doing the licensing would know exactly what we were watching!
Do we have a problem with that?
What about just some of the time?
What if the alternative were to buy the DVD, but because this scheme marginalized DVD sales, a DVD now cost ~$35?
Largely, this strategy seems to have gone nowhere. Is it different at all from what Netflix already does?
corporate cybersmear:
essential problem:
This is a significant issue in the "free speech" of employees.
See http://www.chillingeffects.org/johndoe/faq.cgi
Note that the issue here is the use of the legal system to
find identities of anonymous posters.
Baase has an extensive section on anonymity.
What about employee bloggers?
France (LICRA) v Yahoo: Baase, section 3.3.2
Yahoo offered nazi memorabilia for sale on its auction site. THey were sued by LICRA (LIgue Contre le Racisme et l'Antisémitisme)
(This is a JURISDICTIONAL case that probably should be discussed elsewhere, except that it addresses a free-speech issue.)
French courts decided they did have jurisdiction to hear the case. But Yahoo has no assets in France.
Appellate US court (9th circuit), en banc, held that the US might have jurisdiction in the reverse case against LICRA (and UEJF). BUT the case was directed to be "dismissed without prejudice", as it's not yet ready to be decided. It was not "ripe".
(same thing happened to US v Warshak, when the 6th circuit en banc ruled the case was not "ripe")
Yahoo was asking a US court to assert that France had no authority. The 9th circuit refused to do that. Yet.
Judge William Fletcher:
Part of the issue: Yahoo was not able to point to any speech of its own that was "chilled" by the French decision. Yahoo did adopt an anti-hate-speech policy.
The court did not address the notion that the only way to restrict access in France would be to restrict access in the US.
These issues led to the declaration of non-ripeness.
This is a JURISDICTIONAL case that was left undecided
At about the same time, there was growing realization that advertising-based geolocation software (IP addr -> location) was better than sometimes understood, and that by using such software it was possible to block apperarance in France (at least to 90% of users).
Yahoo never really implemented this; they decided instead to ban all "hate material", everywhere. This includes KKK memorabilia.
Well, is it?
Cases where it's been debated:
For a while, the NSA (National Security Agency) tried very hard to block even publication of scientific papers. They would issue "secrecy orders".
But eventually the government's weapon of choice was ITAR: International Trade in Armaments Regulations
Suppose you make F-16 fighters. You need a munitions export permit to sell these oversees. What about if you make open-source encryption software? You need the same kind of permit! Even if you GIVE IT AWAY!!
BOOKS were exempt. The rule applied only to machine-readable forms. For a while, there was a machine-readable T-shirt with the RSA encryption algorithm on it.
Zimmermann case
Phil Zimmermann released PGP ("Pretty Good Privacy") as an open-source project in the early 90's. The gov't made him promise not to do it again. Zimmermann's associates outside the US released the next version. Zimmermann was under indictment for three years, but charges were eventually dropped.
Schneier case
Bruce Schneier wrote a textbook on cryptography. All the algorithms were printed, and also included on a FLOPPY in the back of the book. Phil Karn applied for an export license. It was granted for the book, denied for the floppy.
Bernstein case
Daniel Bernstein created a cipher called "snuffle". In 1995 he sued to be allowed to post it to a course website. In 1997 the district court ruled in his favor. In 1999 a 3-judge panel of the 9th circuit ruled in his favor, although more narrowly. Opinion of Judge Betty Fletcher:
http://epic.org/crypto/export_controls/bernstein_decision_9_cir.html
Prior-restraint was one issue
Bernstein's right to speak is the issue, not foreigners' right to hear
But does source code qualify? see p 4230 4232: for loop 4233: LISP
Snuffle was also intended, in part, as political expression. Bernstein discovered that the ITAR regulations controlled encryption exports, but not one-way hash functions. Because he believed that an encryption system could easily be fashioned from any of a number of publicly-available one-way hash functions, he viewed the distinction made by the ITAR regulations as absurd. To illustrate his point, Bernstein developed Snuffle, which is an encryption system built around a one-way hash function.
Here is Judge Fletcher's main point:
Thus, cryptographers use source code to express their scientific ideas in much the same way that mathematicians use equations or economists use graphs. Of course, both mathematical equations and graphs are used in other fields for many purposes, not all of which are expressive. But mathematicians and economists have adopted these modes of expression in order to facilitate the precise and rigorous expression of complex scientific ideas.13 Similarly, the undisputed record here makes it clear that cryptographers utilize source code in the same fashion.
Gov't argument: ok, source code might be expressive, but you can also run it and then it does something: it has "direct functionality"
Fletcher: source code is meant, in part, for reading. More importantly, the idea that it can be banned due to its "direct functionality" is a problem: what if a computer could be ordered to do something with spoken commands? Would that make speech subject to restraint?
In 1999, the full 9th circuit agreed to hear the case; it was widely expected to make it to the supreme court.
But it did not. The gov't dropped the case.
Junger v Daley
Junger was prof at Case Western Reserve University. He wanted to teach a crypto course, with foreign students.
6th circuit:
The district court concluded that the functional characteristics of source code overshadow its simultaneously expressive nature. The fact that a medium of expression has a functional capacity should not preclude constitutional protection.
Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.
BUT: there's still a recognition of the need for balancing:
We recognize that national security interests can outweigh the interests of protected speech and require the regulation of speech. In the present case, the record does not resolve whether ... national security interests should overrule the interests in allowing the free exchange of encryption source code.
DeCSS case
There are several; the best known is MPAA v Reimerdes, Corley, and Kazan.
Eric Corley, aka Emmanuel Goldstein, is the publisher of 2600 magazine.
Corley:
DeCSS was developed in ~1999, supposedly by Jon Lech Johansen. He wrote
it with others; it was released in 1999 when Johansen was ~16. He was
tried in Norway in 2002, and was acquitted.
Judge Kaplan memorandum, Feb 2000
As a preliminary matter, it is far from clear that DeCSS is speech protected by the First Amendment. In material respects, it is merely a set of instructions that controls computers.
He then goes on to consider the "balancing" approach between free speech and regulation, considering the rationale for the regulation and the relative weights of each side.
The computer code at issue in this case does little to serve these goals [of expressiveness]. Although this Court has assumed that DeCSS has at least some expressive content, the expressive aspect appears to be minimal when compared to its functional component. Computer code primarily is a set of instructions which, when read by the computer, cause it to function in a particular way, in this case, to render intelligible a data file on a DVD. It arguably "is best treated as a virtual machine . . . ." [ref to Volokh]
Note that this virtual-machine argument renders irrelevant the Bernstein precedent!
Also note the weighing of expression versus functionality, with the former found wanting.
Do you think that Judge Kaplan was stricter here than in the crypto
cases because crypto was seen as more "legitimate", and deCSS was
clearly intended to bypass anticircumvention measures?
Gallery of DeCSS: http://www.cs.cmu.edu/~dst/DeCSS/Gallery
Check out these in particular:
Does the entire gallery serve to establish an expressive purpose?
Baase §4.7
Do they help advance progress? or hinder it?
Patents are intended to cover INVENTIONS rather than IDEAS. If you have an idea to sell hamburgers with salsa, or newspapers & beer together, or to create a website where people can post their own stuff, that's an IDEA. It can't be protected: everyone else is entitled to copy it freely.
My (former) three-part test on when it is appropriate to recognize software patents:
35 U.S.C. §101 (patent-eligibility law):
Whoever invents or discovers any new and useful process, machine,
manufacture, or composition of matter, or any new and useful
improvement thereof, may obtain a patent therefor, subject to the
conditions and requirements of this title.
The meaning of "process" is critical here: does it mean any procedure or method? Or does it mean "industrial process"?
Pharmaceutical patents: here the patent system IS effective at encouraging investment:
One weirdness: patents "for the use of";
someone can, if drug X is in the public domain, patent
the use of X to treat disease Y (this must be in some legal sense a "new" use of X).
In practice this is not much of a problem.
Third-world issues with pharma patents
Four kinds of software-patent issues:
Classic "broad" patent: Wright brothers patent on wing-warping. This later led to the development of ailerons, which achieve the same effect but which mechanically are entirely different. A court ruled the Wright patent still applied.
History of software patents
for a long time, software was held to be unpatentable, as mathematical algorithms are unpatentable.
1972: Gottschalk v Benson: can't patent a mathematical algorithm (in this case a number-format-conversion algorithm)
1973: ATT somehow manages to patent setuid bit, claiming it's hardware. This patent was dedicated to the public domain in 1979.
1981: Diamond v Diehr: computer + machine IS patentable. For a long time after, software patents always described the software in combination with some hardware device.
Diamond v Diehr: SCOTUS says that an invention isn't automatically unpatentable just because it contains an algorithm But PTO & lower courts read in the converse: algorithms are patentable
Note that the current business-world baseline thus rests on USPTO policy and lower-court case law, NOT congress or SCOTUS.
Problem of "non-obviousness" the rules state that it's not enough to prove it's obvious today. Uh oh. That becomes an extremely difficult burden.
Problem of "prior art": did someone else discover it first? Often there are arguments about this.
Broad patents for fundamental new ideas, narrow patents for improvements
compatibility issues: What if the default, standard implementation is patented?
GIF => PNG
MP3 => ogg vorbis
software patent v copyright
Supreme-court cases limit the word "process" in §101
Business patents:
Once the USPTO began patenting software as part of a business process, it became too difficult to distinguish between software-as-algorithmic-invention and software-as-business-method. So the USPTO reversed its longstanding refusal to issue "business-method" patents.
Exhibit A: Amazon "one-click" patent, # 5960411
Several more mundane patents on online shopping carts
IBM[?]'s patent on suggesting new purchases based on past ones
This took off in earnest in 1998 with the "State Street Bank" case: SSB wanted to patent an algorithm regarding calculation of value of investment portfolios.
Until 2005, the USPTO required some "involvement of the technological arts" in business-method patents, but they then dropped that requirement as too hard to enforce. However, there is still a great deal of overlap with business-method and software patents.
Things MAY be reined in by the recent Bilski case.
Some software patents
xor cursor
cpu Stack Pointer register
Using an xml document to describe the grammar of another xml document (Part of Scientigo's patent suite on xml)
British Telecom patent on the hyperlink, files 1976, granted 1989
Altavista patents on "web searching"
compression algorithms
RSA encryption: patent 4405829
RSA uses standard high-precision arithmetic in its calculations; the underlying number theory has been well-known for centuries. The patent is for the APPLICATION of these standard methods to encryption!
The RSA patents finally expired.
Compton 1989 patent on multimedia, despite Apple Hypercard in ~1987.
Steir's patent 5,060,171 on artificially adding hair to a person's image [Garfinkel article]
Eolas v Microsoft: About a way for running "applets" in a browser window.
Is this really an "invention"? NTP v RIM: the blackberry patent
mp3: lots of development went into this
Lempel-Ziv / LZW compression
natural-order recalculation in spreadsheets:
Rene K. Pardo and Remy Landau filed for a patent in 1971: U.S. Patent 4,398,249. This was an important case in allowing software patents (initially their request was denied as an "algorithm")
Spreadsheets were a brilliant idea (Dan Bricklin, VisiCalc?), but not order of recalculation.
MS has tried to patent FAT disk format. Their request was turned down.
compatibility issues where a patented file format (or file-creation algorithm) has led to a new standard:
GIF => PNG (there's some question about exactly what happened there; PNG does offer more features (esp alpha and gamma) than GIF, and is a lossless format unlike jpeg.
MP3 => ogg vorbis
PTO (Patent & Trademark Office) problems:
ignorance is no defense: "submarine" patents
The entire process is secret: you can be making good-faith effort
to be noninfringing and get hit with a huge verdict.
willful: you had advance notice of infringing. Your belief that the patent was invalid is NOT a defense. Damages automatically triple.
Three groups:
how large corporations manage:
small inventors:
Open source: voip
Legal advantage of small inventor: somewhat diminished with rise in legal fees & increased ambiguity
But small inventors can still sell to patent-holding companies.
Legal situation of large corporations:
Is software legitimately a special case?
Eolas v Microsoft: About a way for running "applets" in a browser window. Is this really an "invention"?
Microsoft v Eolas (+ Univ of California, as part of UCSF):
MS lost; was ordered to pay $521 million.
Patent covers
Filed 1994, granted 1998, USPTO review 2004, upheld 2005
"Viola" prior art: may or may not be
The Viola browser project was found by the district court to have been "abandoned",
but the circuit court found that Viola version 1.0 was "abandoned"
only in the sense that it was replaced with version 2.0.
Part of the technical issue was about the meaning of the term "executable application". The court allegedly gave this broad meaning. Microsoft claimed it only meant "standalone applications".
Eolas started by Michael Doyle, faculty member of UCSF. UC Berkeley has a financial interest in the patent.
Patent: 5,838,906
2007: MS has claim they invented it; this loses in Sept, but Eolas & MS settle in August
Stallman article: why software is different
NTP v RIM (Research In Motion): maker of Blackberry
Was this really a "business method" patent?? The software case is VERY weak.
See http://www.spectrum.ieee.org/mar06/3087
Thomas Campana filed his patents in 1991.
Lawsuit brought in 2000, after RIM (and others) wouldn't agree to license.
Campana died in October 2004.
RIM settled for $612 million in Mar 2006 (part of the settlement is that there are no ongoing royalty payments.)
