A nudge and a link

A FEW MONTHS back during the cphack fracas, the American Civil Liberties Union asked the judge in that case whether injunctions on that Net-filter workaround extended to third-party sites that linked to the information rather than hosting it on their own servers. The judge's response? "Do it and you'll find out."

Now that's rough justice.

Net sites and the Netizens who love them are faced with an increasingly uncertain legal landscape as laws such as the Digital Millennium Copyright Act obscure constitutional free-speech protections. In some cases, new laws criminalize forms of speech that even the most anti-First Amendment politicians will concede are protected—or would be if you engaged in them offline. Congress knows they done you wrong by passing those laws; they expect the courts to clean up after them—and for you to foot the bill.

YOU WISH WE'D have to go farther than our own backyard to see this in action, but then there's Microsoft. On 11 May, Microsoft's lawyers sent a letter to Slashdot, the well-known geek repository, requesting that Andover.net (Slashdot's parent company) remove various postings about a certain Microsoft security standard (the Microsoft Authorization Data Specification v.1.0 for Microsoft Windows 2000 Operating Systems, if you must know). The posts were part of a discussion castigating Microsoft for taking Kerberos, the venerable Unix-based open-source security protocol, slapping some proprietary foo on it, and requiring anyone who wants to see the spec (even if it's just to try to get a Win2000 machine to talk civilly to a Unix Kerberos machine) to treat it as a trade secret.

Some of those posts included the actual text of the spec, cut-and-pasted from Microsoft's own PDF-format files. Some of them, on the other hand, contained only links to Web pages allegedly violating the copyright. And some of them described how to get around the End-User License Agreement (the "I agree" click) that interested parties had to wade through to get to the aforementioned PDF.

Notice the mix—copyrighted content, links, description. Remember it. There'll be a test.

Microsoft has denied reported problems with Win2000 Kerberos implementation, but they've been shouted down—by the DoJ, which cited Kerberos interop problems in the antitrust suit; by trade publications such as Linux Journal, which ran the story that led to those posts; and by loud and sustained derision from techies on sites such as Slashdot. Apparently the Redmond thought process went as follows: Can't sue Justice, 'cause they bite back . . . can't sue Linux Journal, 'cause they're dead-tree press . . . hey, I have an idea!

OK, FREEZE. This in a nutshell is why the DMCA is not only bad news but bad legislation. Not only does it attempt to carve out differences between free-speech rights online and off—terrain covered in the courts when the poisonous 1996 Communications Decency Act was thrown out—but according to Microsoft's lawyers, it makes the Slashdot Web site responsible not only for possible copyright-violating stuff posted by their users (tricky, since Slashdot will let anyone post basically any information), but for links to entirely different sites. More troubling, this interpretation of the DMCA attempts to censor description—making it as wrong to tell someone how to decompress a PDF file as it is to yell "fire" in a crowded theater.

People saw this coming. The DMCA sent up a garden of red flags to free-speech advocates long before it passed in 1998. One of the most disturbing clauses—and the reason Microsoft sent their letter to Slashdot rather than to individual Slashdot users— is the section on "Online Copyright Infringement Liability Limitation," which states that if you're a service provider (say, a site offering discussion areas, like Slashdot), you can be sued along with your users if someone claims that there's copyright-violating stuff on your service. However you, the service provider, can get off the legal hook easily: Just take down the offending material and cooperate with the claimant's lawyers, and presto! Liability gone! You can investigate the charge for yourself if you like; if you decide your user's in the right, you can refuse to take the material down (or take it down and restore it after your investigation), lawyer up, and prepare for battle. That's a lot of time and expense for a user who's probably not paying you a dime to be on your site, wouldn't you say?

Plenty have said. For instance, just last month a former user of Yahoo filed suit in federal court against that service for revealing his name to his employer after the man posted various derogatory comments on a Yahoo message board. The employer, Florida-based AnswerThink, didn't like the fellow's tone and subpoenaed Yahoo for his contact info; Yahoo gave it up without notifying the man in question and without ascertaining the validity of the subpoena. The man was fired.

When the histories are written, the current DMCA climate will be illustrated by a photo of Metallica marching into the Napster offices with box after box of printouts, telling the public it's about the "art" while making damn sure that the Net companies know its really about the attorneys.