LibertyVoice

Copyright trolls are nothing new, and Righthaven is just the latest group of lawyers to try to turn copyright litigation into a business model. What these lawyers have in common is that they seek to take advantage of copyright’s draconian damages in order to bully Internet users into forking over money. To anyone who has watched the file-sharing lawsuits of the last few years or the current BitTorrent cases brought by a DC law firm, the Righthaven saga is developing into a familiar, unfortunate story. It also has some especially troubling twists.

The basic pattern: Righthaven has brought over a hundred lawsuits in Nevada federal court claiming copyright infringement. They find cases by (a) scouring the Internet for parts of newspaper stories posted online by individuals, nonprofits, and others, (b) buying the copyright to that particular newspaper story, and then (c) proceeding to sue the poster for copyright infringement. Like the RIAA and USCG before them, Righthaven is relying on the fact that their victims may face huge legal bills through crippling statutory damages and the prospect of paying Righthaven’s legal fees if they lose the case. Consequently, many victims will settle with Righthaven for a few thousand dollars regardless of their innocence, their right to fair use, or other potential legal defenses.

However, Righthaven is unlike other copyright trolls in some key ways:

• Righthaven is going after bloggers using text news stories for comment or discussion. Many lawsuit targets are using the newspaper articles to augment discussions about current events. Reposting all or part of news stories is part and parcel of digital commentary and discussion and usually the goal of the reposting is to share the uncopyrightable facts included in the article, not the copyrighted expression, like the specific turns of phrase used by the author. By targeting news, Righthaven’s lawsuits could have a chilling effect on individuals’ attempts to engage their communities in free and open discussion.
• Righthaven is fighting the basic mode of Internet debate. Other copyright trolls have involved controversy over file-sharing programs and encoded digital media, like music and movies. But Righthaven is taking aim at folks who are using elementary “copy & paste” functionalities. Online discussion survives and thrives on showing others the original text before adding a commentary or response. Accurate quoting is a virtue of Internet discussion that can minimize mischarcterization and support progress in a debate.
• Righthaven lawsuits are demanding that courts freeze and transfer the defendants’ domain names. Imagine if a single copyright infringement on Huffingtonpost.com or Redstate.com could result in forfeiture of the entire domain. Effectively asking for control of all of a website’s existing and future content — instead of only targeting the allegedly infringing material — is an overreaching remedy for a single copyright infringement not validated by copyright law or any legal precedent. This also indicates that the attorneys are willing to make overreaching claims in order to scare defendants into a fast settlement.
• Righthaven goes straight for litigation. Righthaven isn’t sending cease and desist letters or DMCA takedown notices that would allow the targeted bloggers or website operators to remove or amend only the news articles owned by Righthaven. Instead, Righthaven starts with a full-fledged lawsuit in federal court with no warning. It’s sue first and ask questions later, which smacks of a strategy designed to churn up legal costs and intimidate defendants into paying up immediately, rather than a strategy aimed at remedying specific copyright infringements.

Righthaven is claiming that its activities are intended to have a “deterrent effect” on the reposting of news stories online, but it’s hard to resist viewing Righthaven’s actions as purely business-related. In addition to the sharp legal tactics discussed above, Righthaven appears to only buy copyrights that it believes can be used for lawsuits and otherwise has no involvement in the practice of journalism.

Righthaven also appears to be soliciting other newspapers to sign on with it. But newspaper publishers who think that suing bloggers a story at a time will save journalism are sorely mistaken. Newspaper publishers have actually been having meaningful discussions about innovative business models to support real journalism. Sadly, Righthaven — if it continues to attract clients — threatens to derail those conversations with a sideshow proven to distract from progress.

But no matter where a newspaper may stand on the debate about journalism’s future, we think it is abundantly clear that a “sue the audience” tactic is nowhere near worth considering. Newspapers should resist the temptation to put themselves into the same position as the music industry circa 2004, where futile lawsuits distracted them from the incorporating new technology and creating new ways to market product to fans.

EFF is watching Righthaven and other copyright trolls closely for overbroad tactics that hurt free speech and fair use, and abuse the legal system. We’re looking for good cases to defend and will deliver more news and analysis as the issue develops.

Scary news from California’s Contra Costa County — school officials there have reportedly decided to track some preschoolers with RFID chips, thanks to a federal grant supplying the funding.

According to a story from the Associated Press, the students will wear a jersey at school that has the RFID tag attached. The tag will track the children’s movements and collect other data, like if the child has eaten or not. According to a Contra Costa County official, this is a cost-savings move, as teachers used to have to manually keep track of a child’s attendance and meal schedule.

But of course, an RFID chip allows for far more than that minimal record-keeping. Instead, it provides the potential for nearly constant monitoring of a child’s physical location. If readings are taken often enough, you could create an extraordinarily detailed portrait of a child’s school day — one that’s easy to imagine being misused, particularly as the chips substitute for direct adult monitoring and judgment. If RFID records show a child moving around a lot, could she be tagged as hyper-active? If he doesn’t move around a lot, could he get a reputation for laziness? How long will this data and the conclusions rightly or wrongly drawn from it be stored in these children’s school records? Can parents opt-out of this invasive tracking? How many other federal grants are underwriting programs like these?

These are questions that desperately need answers. California is in the middle of a terrible budget crunch, but the solution is not federally funded surveillance of children who are too young to understand the implications.

Hari Prasad, the Indian security researcher arrested for allegedly stealing an electronic voting machine, has been released on bail.

Earlier this year, an anonymous source gave the machine to Prasad and a team of researchers, who discovered critical security flaws. Under questioning by authorities last weekend, Prasad refused to divulge the identity of the source who gave them the machine. He was then arrested and reportedly charged with theft and trespass on the theory that he stole the machine himself.

According to the Indian news agency PTI, the magistrate who released Prasad on bail noted that “no offence was disclosed with Hari Prasad’s arrest and even if it was assumed that [the electronic voting machine] was stolen it appears that there was no dishonest intention on his part…he was trying to show how [electronic voting] machines can be tampered with.”

The court reportedly also asked the Election Commission of India to confirm or disprove Prasad’s claim that the country’s electronic voting machines can be compromised. If Prasad’s claims are false, action could be taken against him, the magistrate said.

Music lovers take note: the classical music archive Musopen needs your help to liberate some classic symphonies from copyright entanglement. Museopen is looking to solve a difficult problem: while symphonies written by Beethoven, Brahms, Sibelius, and Tchaikovsky are in the public domain, many modern arrangements and sound recordings of those works are copyrighted. That means that even after purchasing a CD or collection of MP3s of this music, you may not be able to freely exercise all the rights you’d associate with works in the public domain, like sharing the music using a peer-to-peer network or using the music in a film project.

To fix this, Musopen is asking backers to join an effort to hire a world-class orchestra to record sublime digital performances of the symphonies by the composers mentioned above. Musopen will then relinquish all rights to the recordings, giving the public the freedom to experience these works in full: to download, share, derive, and remix without limit. The fundraising campaign is taking place on Kickstarter, a site where users can pledge money to various creative projects. (Users pledge an amount towards a project, but the money doesn’t actually go to the project unless the specified funding goal is reached. Kickstarter has a great explanation for their “all-or-nothing funding” design on their FAQ.)

It’s too bad such seminal, cultural works have been effectively buried by copyright interests — despite their age, ubiquity, and importance. (Note problems like this are exacerbated by discrepancies in international laws that create different “public domains” that copyright owners can exploit to stop online archives.) The Musopen campaign presents a creative solution that could help ensure that such essential music is preserved and shared for generations to come. Music lovers and copyfighters — vote with your wallet and support Museopen’s work!

Good news in the fight against bad software patents: a jury in the Eastern District of Texas recently found the Firepond/Polaris patent (U.S. Patent No. 6,411,947) invalid. This patent was on EFF’s “Most Wanted” list, targeted because it claimed nothing more than a system using natural language processing to respond to customers’ online inquires by email.

EFF was not involved in this case, in which Bright Response, LLC — the technical owner of the patent — sued Google, Inc., Yahoo!, Inc. and eight other companies, alleging that Google’s AdWords and Yahoo!’s Sponsored Search infringes the Firepond/Polaris patent. The jury found three of the patent’s claims invalid based on the public use bar, obviousness, and for lacking written description. The jury also found that neither Google nor Yahoo! infringed those claims. Finally, the jury found the entire patent invalid due to improper inventorship.

In addition to the jury’s findings, the Patent and Trademark Office is nearing completion of a reexamination of the patent, instituted by Google, that narrows the scope of that patent’s claims.

“This is a great outcome and good news for people and developers who create new products related to customer service or email,” said Patrick King, one of the attorneys assisting EFF on this matter.

Because the court has not yet entered a final judgment, Bright Response could still, in theory, attempt to prohibit others from using the basic natural language processing technology in its patent. EFF is on the lookout for this threatening behavior, so please make sure to let us know if you hear of any. EFF will continue to monitor this case — and the corresponding reexam — and will take action as necessary to fight any additional efforts to use the Firepond/Polaris patent to quash competition and hurt innovation.

“We are still waiting for the court case to finish up and to see if Bright Responses will appeal the decision. If any of the patent is still alive after that, we will do whatever we can to invalidate it, and allow competitors to use this simple technology, which was well known prior to the patent filing,” said Gina M. Steele, another attorney assisting EFF with this matter.

The Firepond/Polaris patent was one of the ten original Top Ten Patents targeted by EFF’s Patent Busting Project, which combats the chilling effects of bad patents on the public and consumer interests. So far nine patents targeted by EFF have been busted, invalidated, narrowed, or had a reexamination granted by the Patent Office.

EFF today asked the Ninth Circuit Court of Appeals to reinstate its landmark case against the federal government for warrantlessly wiretapping millions of ordinary Americans. The case, called Jewel v. NSA is part of EFF’s ongoing efforts to Stop the Spying.

In January, the District Court dismissed the case on the incorrect argument that, because so many Americans have had their communications and communications records illegally obtained by the government, no single person has legal “standing” to challenge the ongoing program of government surveillance. This is incorrect because the number of people harmed — here the number of people whose personal communications and communications records were improperly obtained by the government — simply has nothing to do with whether the case can or should be adjudicated.

EFF’s brief says:

Unless corrected, the District Court’s ruling risks creating a perverse incentive for the government to violate the privacy rights of as many citizens as possible in order to avoid judicial review of its actions. Neither the Constitution nor the settled statutory structure protecting the privacy of Americans’ communications allows such a result. The District Court’s dismissal of Plaintiffs’ claims must be reversed.

EFF points out that three longstanding statutes protect the privacy of Americans’ communications from wholesale, unwarranted government surveillance: Title III (Wiretap Act), Foreign Intelligence Surveillance Act and the Stored Communications Act. It also notes that the Constitution forbids such surveillance. Like EFF’s earlier case, Hepting v. AT&T, the Jewel case relies in part on the whistleblower evidence uncovered by former AT&T technician, Mark Klein, detailing a secret facility at the Folsom Street office of AT&T in San Francisco where copies of private customer communications are routinely given to the NSA.

The brief points out that the District Court’s dismissal of the case is inconsistent with long-settled law:

The Supreme Court has made clear that the fact that a harm is widely shared does not undercut a plaintiff’s claim to standing: “Once it is determined that a particular plaintiff is harmed by the defendant, and that the harm will likely be redressed by a favorable decision, that plaintiff has standing—regardless of whether there are others who would also have standing to sue.” Clinton v. City of New York, 524 U.S. 417, 435-36 (1998). To hold otherwise “would mean that the most injurious and widespread Government actions could be questioned by nobody.” Massachusetts v. EPA, 549 U.S. 497, 526 n.24 (2007) (quoting United States v. Students Challenging Regulatory Agency Procedures (SCRAP), 412 U.S. 669, 687-88 (1973)) (italics omitted).

EFF’s other case arising from the warrantless surveillance, Hepting v. AT&T, brought against telecom giant AT&T, is also up on appeal.

The law firm of Keker and Van Nest, the Law Offices of Richard Wiebe and the Moore Law Group all work with EFF on the Jewel v. NSA case.

Last month, we wrote about a New Jersey case in which the former publisher of a magazine and dating website for gay youth had declared bankruptcy. He and his former business partners were fighting over ownership of various business assets of XY Magazine and XY.com, including extensive personal information about more than a million customers. XY’s privacy policies, however, had promised customers that their personal information would never be given to anybody.

The Federal Trade Commission warned (pdf) that any transfer or further use of the data would not only violate the privacy promises that XY had made to consumers, but would also likely be unlawful under the Federal Trade Commission Act, which prohibits unfair and deceptive acts and practices. The Commission suggested that the data be destroyed, which we agreed would be the best course of action.

We’re happy to report that this potential privacy fiasco has ended well for XY’s customers. The parties reached an agreement (pdf) under which the publisher is required to destroy all personally identifiable information about XY’s customers. He may keep a limited amount of data for a short time to authenticate the identities of customers who have ordered back issues of the magazine, but he may not use that information to contact or locate any customers.

While this is a good outcome, the case highlights a problem that we’re likely to see again and again. Companies provide services that rely on personal information supplied by consumers. Some of those companies will be sold or go out of business. The information that they’ve collected from their customers is a valuable asset, and its possible sale to the highest bidder will implicate the privacy of millions of people.

XY’s customers were fortunate that the parties reached an agreement to destroy their personal data, but the Bankruptcy Code itself doesn’t handle this scenario very well. Companies that possess customers’ personal information are likely — through their own privacy policies — to give themselves permission to sell that information if they go out of business or have a change in ownership. And in the rare case where a company promises its customers that their personal information will never be disclosed to anyone, a bankruptcy court can still allow the data to be leased or sold if that transfer wouldn’t otherwise violate the law.

Ultimately, Congress should update the Bankruptcy Code to better protect consumers whose personal information is treated as an asset in a bankruptcy proceeding. Bankruptcy courts should enforce privacy commitments that companies have made to their customers. And where a privacy policy permits transfer of customer information, those who buy the data should be required to obtain consumer consent to the transfer, and should not be allowed to use it for purposes different from those for which it was originally collected.

This morning’s Washington Post reveals that the Department Of Justice has been pressuring Congress to expand its power to obtain records of Americans’ private Internet activity through the use of National Security Letters (NSLs).

NSLs, you may remember, are one of the most powerful and frightening tools of government surveillance to be expanded by the Patriot Act. These letters allow the FBI to secretly demand data from phone companies and internet service providers about the private communications of ordinary citizens. The letters include a gag order, which forbids recipients from ever revealing the letters’ existence to their coworkers, their friends, or even to their family members, much less the public.

The gag order and the lack of oversight make this power ripe for abuse. Indeed, the FBI’s systemic abuse of this power was confirmed both by a Department Of Justice investigation and in documents obtained by EFF through Freedom of Information Act litigation. Yet, in the years since that abuse became publicly known, there has been no reform of the law governing NSLs.

Now, the DOJ is asking Congress to pass vague and broad new language meant to expand the kinds of data that can be acquired through NSLs. This morning’s Washington Post article suggests that the new language could allow access to detailed web browsing history, search history, location information, or even Facebook friend requests.

Considering the FBI’s dismal record on surveillance abuses, this is a stunning and brazen request. They’re asking Congress to reward bad behavior by allowing even more bad behavior. We’re hoping that Congress will have the courage and integrity to turn them down. Keep reading Deeplinks for more news on this as it develops.

Tomorrow afternoon, legislators from the House Committee on Oversight and Government Reform will be holding a hearing on the topic of “Public Access to Federally-Funded Research.” The hearing will be a perfect opportunity for key representatives to look into supporting public access policies — various requirements that scientific research funded by the federal government be made available on the Internet to the tax-paying public. EFF wrote about the benefits of public access policies earlier this year when the Office of Science and Technology Policy asked for input.

Tomorrow, members of the committee will no doubt hear about the excellent Federal Research Public Access Act, (FRPAA) a bill that would require a great deal of research funded by government agencies to be made publicly available through a digital database no later than six months after publication. The law is modeled after the National Institute of Health’s Public Access policy, which on its own has granted millions of people access to critical, up-to-date medical research since it was implemented in 2008.

Public access policies essentially “close the loop” on tail end of the cycle of research funded by the government. Now, the public pays for scientific research through taxes, but in most cases, that same taxpayer-funded innovation and discovery gets locked up in journals, accessible only through expensive per-article fees or massively expensive institutional licenses. With the FRPAA, academic journals still get a critical window of time to be the first to publish important findings, but shortly thereafter, the public gets unprecedented access to the knowledge that they paid for.

You can catch the webcast of the hearing tomorrow at 2pm EDT (11am PDT) or attend the hearing in person if you’re in Washington, D.C. Stay tuned to EFF for future updates on how to support the Federal Research Public Access Act and other public access efforts!

Good news: another federal judge has ruled that violating a website terms of service is not a crime. But there’s bad news, too — the court also found that bypassing technical or code-based barriers intended to limit access to or uses of a website may violate California’s computer crime law.

The decision comes in Facebook v. Power Ventures, a case in which Facebook is suing a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook’s terms of service don’t allow users to access their information through “automated means,” Facebook claimed that Power accesses its service “without permission” in violation of California Penal Code Section 502. Facebook has also argued that Power broke the law by evading Facebook’s effort to block the Power browser’s IP address, which was meant to try to keep users from accessing their Facebook accounts though the Power website.

EFF filed an amicus brief in this case, urging the court to reject Facebook’s computer crime claims. We argued that turning any violation of terms of use into a crime would give websites unfettered power to decide what conduct is criminal, leaving millions of Internet users vulnerable to prosecution for everyday activities.

The court agreed with our position, relying heavily on our brief. This part of the ruling is great.

Unfortunately, the court also said that Power might be liable if it changed its IP address so that its browser could continue to interoperate with the Facebook service. In other words, it may be a crime to circumvent technological barriers imposed by a website, even if those measures are taken only to enforce the terms of service through code. There’s nothing inherently wrong or unlawful about avoiding IP address blocking, and there are valid reasons why someone might choose to do so, including to sidestep anticompetitive behavior by other Internet services. As long as an end user is authorized to access a computer and the way she chooses doesn’t cause harm, she should be able to access the computer any way she likes without committing a crime.

Overall, yesterday’s opinion is an important precedent that aligns with United States v. Drew, a decision last year finding that a woman did not violate the federal hacking law when she created a fake MySpace profile, as well as recent Ninth Circuit cases. We welcome the court’s rejection of terms of service violations as triggers for criminal liability, but will continue to work to demonstrate to courts that not all technological measures are created equal. If the measure seeks to control access to or use of data, then evasion of it is almost certainly criminal. But if the restriction merely seeks to impose owner preferences or terms of service on otherwise authorized users, bypassing it should not be a crime.

As other courts look at this issue, we hope that they will agree that code-based restrictions require a very fact-specific inquiry, and will remain open to the possibility that bypassing such measures should not necessarily be criminal.