A nudge and a link

The shifting sands of Net legislation make for expensive real estate.

By Angela Gunn • October 9, 2006 12:00 am
Metallica vs. Napster: just another legal battle muddying the waters of the Net.
Metallica vs. Napster: just another legal battle muddying the waters of the Net.

A FEW MONTHS back during the cphack fracas, the American Civil Liberties Union asked the judge in that case whether injunctions on that Net-filter workaround extended to third-party sites that linked to the information rather than hosting it on their own servers. The judge’s response? “Do it and you’ll find out.”

Now thats rough justice.

Net sites and the Netizens who love them are faced with an increasingly uncertain legal landscape as laws such as the Digital Millennium Copyright Act obscure constitutional free-speech protections. In some cases, new laws criminalize forms of speech that even the most anti-First Amendment politicians will concede are protected—or would be if you engaged in them offline. Congress knows they done you wrong by passing those laws; they expect the courts to clean up after them—and for you to foot the bill.

YOU WISH WE’D have to go farther than our own backyard to see this in action, but then there’s Microsoft. On 11 May, Microsoft’s lawyers sent a letter to Slashdot, the well-known geek repository, requesting that Andover.net (Slashdot’s parent company) remove various postings about a certain Microsoft security standard (the Microsoft Authorization Data Specification v.1.0 for Microsoft Windows 2000 Operating Systems, if you must know). The posts were part of a discussion castigating Microsoft for taking Kerberos, the venerable Unix-based open-source security protocol, slapping some proprietary foo on it, and requiring anyone who wants to see the spec (even if it’s just to try to get a Win2000 machine to talk civilly to a Unix Kerberos machine) to treat it as a trade secret.

Some of those posts included the actual text of the spec, cut-and-pasted from Microsoft’s own PDF-format files. Some of them, on the other hand, contained only links to Web pages allegedly violating the copyright. And some of them described how to get around the End-User License Agreement (the “I agree” click) that interested parties had to wade through to get to the aforementioned PDF.

Notice the mix—copyrighted content, links, description. Remember it. There’ll be a test.

Microsoft has denied reported problems with Win2000 Kerberos implementation, but they’ve been shouted down—by the DoJ, which cited Kerberos interop problems in the antitrust suit; by trade publications such as Linux Journal, which ran the story that led to those posts; and by loud and sustained derision from techies on sites such as Slashdot. Apparently the Redmond thought process went as follows: Can’t sue Justice, ’cause they bite back . . . can’t sue Linux Journal, ’cause they’re dead-tree press . . . hey, I have an idea!

OK, FREEZE. This in a nutshell is why the DMCA is not only bad news but bad legislation. Not only does it attempt to carve out differences between free-speech rights online and off—terrain covered in the courts when the poisonous 1996 Communications Decency Act was thrown out—but according to Microsoft’s lawyers, it makes the Slashdot Web site responsible not only for possible copyright-violating stuff posted by their users (tricky, since Slashdot will let anyone post basically any information), but for links to entirely different sites. More troubling, this interpretation of the DMCA attempts to censor description—making it as wrong to tell someone how to decompress a PDF file as it is to yell “fire” in a crowded theater.

People saw this coming. The DMCA sent up a garden of red flags to free-speech advocates long before it passed in 1998. One of the most disturbing clauses—and the reason Microsoft sent their letter to Slashdot rather than to individual Slashdot users— is the section on “Online Copyright Infringement Liability Limitation,” which states that if you’re a service provider (say, a site offering discussion areas, like Slashdot), you can be sued along with your users if someone claims that there’s copyright-violating stuff on your service. However you, the service provider, can get off the legal hook easily: Just take down the offending material and cooperate with the claimant’s lawyers, and presto! Liability gone! You can investigate the charge for yourself if you like; if you decide your user’s in the right, you can refuse to take the material down (or take it down and restore it after your investigation), lawyer up, and prepare for battle. That’s a lot of time and expense for a user who’s probably not paying you a dime to be on your site, wouldn’t you say?

Plenty have said. For instance, just last month a former user of Yahoo filed suit in federal court against that service for revealing his name to his employer after the man posted various derogatory comments on a Yahoo message board. The employer, Florida-based AnswerThink, didn’t like the fellow’s tone and subpoenaed Yahoo for his contact info; Yahoo gave it up without notifying the man in question and without ascertaining the validity of the subpoena. The man was fired.

When the histories are written, the current DMCA climate will be illustrated by a photo of Metallica marching into the Napster offices with box after box of printouts, telling the public it’s about the “art” while making damn sure that the Net companies know its really about the attorneys.

MUCH OF THE LATEST Net-related legislation jams together spending bills, commercial-code issues, and hot-button topics like pornography and privacy; it’ll take years of case law to patch the holes and clear the fuzz. Blame a Congress unwilling to write laws that are more than rough drafts, under the assumption that the courts will iron out the details. It worked for the Communications Decency Act, after all.

But DMCA is different. Despite its multimillion-dollar revenues, the porn industry doesn’t have the kind of political power that movie or music or software concerns do. Where the CDA was sloppy, DMCA is precise—and precise in favor of large copyright holders, whose lobbying efforts convinced Congress to seize upon the Net’s unique characteristics to pass speech restrictions they’d never get away with offline. You’ll not find empty terms like “indecent” or “harmful to minors” in the DMCA’s pages. You will find a cynical divide-and-conquer strategy that encourages site providers to throw their patrons to the wolves at the drop of a letter from a lawyer.

Expecting the courts to clean up the mess means that whoever can afford the best lawyers is likely to shape the future of free speech online. Whether there’s an actual violation doesn’t matter; whether the speech is in fact protected doesn’t matter. With the DMCA, a law degree is a fishing license; the very act of linking to someone else’s site can be a violation if you say it is. Even describing a link—telling someone that the Microsoft Kerberos information is available from the front page of Joe Blow’s site—can draw legal fire. If the offending material gets removed, great; if the site provider wants to spend money on a lawyer, what has a Microsoft lost?

What matters is whether the respondent (the person accused of wrongdoing) can afford to mount a defense. Often as not, they can’t; often as not, they’ll simply slink away, whether or not their cause was just.

On 18 May, Andover’s lawyers responded to Microsoft. Invoking Microsoft’s ongoing DoJ troubles as well as a legally protected tradition of citing information for purposes of commentary and criticism, the Andover letter asked Microsoft to explain where they got off claiming secrecy for a document the company itself made available for the clicking online, and how they expected to defend the information as a trade secret while still alleging that it was an enhancement to an open-source protocol, and so forth. The saga, as they say, continues.