[I promised Jano that I would send out RIAA's sur-reply with no editorial comment prepended, and here it is. It's a response to: http://www.politechbot.com/p-02702.html --Declan] ********** From: JCabreraat_private Subject: Re: RIAA claims it never wanted to hack PCs, was misunderstood To: Declan McCullagh <declanat_private> Date: Wed, 24 Oct 2001 14:05:26 -0400 That's a good question. The answer to whether our proposal would permit a copyright holder to hack computers and delete information is: No, absolutely not. Here is why: First, our language would have applied only to actions that do no more than "impair the availability" of data, a program, or a computer. (Note that section 1030 refers to both the "integrity" and "availability" of data. Our language addressed only availability.) Thus, if any action taken to protect copyright had the effect of deleting, altering or destroying data, a program or a computer -- even unintentionally -- that would still be defined as "damage" under the Computer Fraud and Abuse Act and the copyright holder would have been subject to suit. Second, our language would only have protected "reasonable" measures. Actions that caused damage to a computer would not be "reasonable." Finally, our language provided no immunity from criminal investigation or prosecution. Thus, any actions taken by a copyright holder to protect its works would be at risk of criminal liability, a substantial guarantee that such actions would be reasonable ones. That all said, we recognize that a perfectly reasonable human being -- when shown this language without any context -- could think that it would allow any number of things, including hacking and what not. But in fact, that is not the case. Once the language is read carefully, in context as an amendment to an amendment to an existing statute (a very long and complex statute) that clearly does not allow anyone to damage a user's data or computer, we would hope that that same reasonable human being would agree that there has simply been a misunderstanding. ********** [The next message is a reply from R. Polk Wagner, an assistant professor at the University of Pennsylvania's law school who teaches intellectual property law, to the above message from the RIAA. --DBM] Date: Wed, 24 Oct 2001 15:47:10 -0400 Subject: Re: RIAA claims it never wanted to hack PCs, was misunderstood From: "R. Polk Wagner" <polkat_private> To: Declan McCullagh <declanat_private> >> From: JCabreraat_private >> Subject: Re: RIAA claims it never wanted to hack PCs, was misunderstood >> To: Declan McCullagh <declanat_private> >> >> >> That's a good question. The answer to whether our proposal would permit a >> copyright holder to hack computers and delete information is: No, >> absolutely not. >> >> Here is why: >> >> First, our language would have applied only to actions that do no more than >> "impair the availability" of data, a program, or a computer. (Note that >> section 1030 refers to both the "integrity" and "availability" of data. Our >> language addressed only availability.) Thus, if any action taken to >> protect copyright had the effect of deleting, altering or destroying data, >> a program or a computer -- even unintentionally -- that would still be >> defined as "damage" under the Computer Fraud and Abuse Act and the >> copyright holder would have been subject to suit. >> Fair enough. But he's saying that _another_ law would presumably trip them up, not this particular law. It obviously raises the question about why they felt they should seek an exception from this new law, if the CFAA would stop them anyway. I simply don't know enough about the details of the CFAA to understand their strategy here. But as the Wired News article pointed out, something seemed to be up. And it doesn't change the thrust of the controversy: that the RIAA was seeking an exception to new causes of action relating to hacking. >> Second, our language would only have protected "reasonable" measures. >> Actions that caused damage to a computer would not be "reasonable." >> It might if the intent of the hack was reasonable, even if things went wrong and caused all sorts of trouble. Did the proposed language mean that: (1) the "intent" had to be reasonable (i.e., related to copyright protection) or (2) that the "techniques" had to be reasonable (i.e., not disproportionate) or (3) that the "end result" had to be reasonable (i.e., unexpected consequential damages). >> Finally, our language provided no immunity from criminal investigation or >> prosecution. Thus, any actions taken by a copyright holder to protect its >> works would be at risk of criminal liability, a substantial guarantee that >> such actions would be reasonable ones. >> Again, this is certainly correct. Other penalties and limitations might apply. But the question remains: _why_ seek the new shield from liability? They've answered that for us: to preserve their existing right (in their view) to use technological measures (which may include hacking). >> That all said, we recognize that a perfectly reasonable human being -- when >> shown this language without any context -- could think that it would allow >> any number of things, including hacking and what not. But in fact, that is >> not the case. Once the language is read carefully, in context as an >> amendment to an amendment to an existing statute (a very long and complex >> statute) that clearly does not allow anyone to damage a user's data or >> computer, we would hope that that same reasonable human being would agree >> that there has simply been a misunderstanding. >> Sure. Reasonable people can disagree about the meaning and intent of statutory language, as well as differ in their speculation about the effect of the text once enacted. One person's misunderstanding is another's perfectly reasonable position. That's precisely why we should be talking about this, and challenging the RIAA to explain it's intent. I don't doubt at all the veracity of the RIAA's claims here: that the changes to the law were likely to restrict their ability to use technological measures to enforce copyrights, and that their proposals were intended to return the law to it's prior position. But that's the point. Best, Polk -- ===================================== R. Polk Wagner University of Pennsylvania Law School 3400 Chestnut Street Philadelphia, Pennsylvania 19104 http://www.law.upenn.edu/polk/ ===================================== ********** Date: Wed, 24 Oct 2001 14:56:11 -0400 Subject: Re: FC: RIAA claims it never wanted to hack PCs, was misunderstood From: "R. Polk Wagner" <polkat_private> To: <declanat_private> On 10/24/01 12:04 PM, "Declan McCullagh" <declanat_private> wrote: > I thank the RIAA for replying. There seems to be only one important > question here: Did the RIAA's now-abandoned amendment do what legal > analysts, such as the folks I quoted in my article, say it would? > Note that the RIAA's response makes this an issue about baselines. The facts are not (and weren't) really in dispute. Congress was considering measures that related to civil penalties for hacking. The RIAA admits that these measures would have affected their ability to conduct technological activities to enforce copyrights. Accordingly, they sought to exempt copyright owners from the new measures. The RIAA suggests that the weren't seeking any "new" powers, but just to maintain their status quo powers. Okay. But of course this assumes we all agree that the "status quo" gave content owners the right to hack (and especially the apparent shield from consequential liability they proposed). To folks who oppose the copyright owners' use of hacking to enforce copyrights, the distinction between (1) an explicit new power and (2) a shield from liability is going to seem a little thin, eh? Yet the most ironic thing about this "debunking" is that it merely confirms RIAA's desire/plan to hack -- which is what people were objecting to. Their response to your article: that the law was changed in other ways to preserve their legal right to hack ("never mind"). Somehow I don't think this provides much comfort; nor does it debunk the suggestion that they're at least strongly considering hacking as a copyright enforcement tool. -- ===================================== R. Polk Wagner University of Pennsylvania Law School 3400 Chestnut Street Philadelphia, Pennsylvania 19104 http://www.law.upenn.edu/polk/ ===================================== ********** From: "Trei, Peter" <ptreiat_private> To: "'declanat_private'" <declanat_private> Subject: RE: RIAA claims it never wanted to hack PCs, was misunderstood Date: Wed, 24 Oct 2001 16:42:25 -0400 MIME-Version: 1.0 OK, up front: 1. I Am Not A Lawyer. 2. This letter contains my *personal opinion*, not that of my employer. From: Declan McCullagh[SMTP:declanat_private] wrote: > Subject:FC: RIAA claims it never wanted to hack PCs, was > misunderstood > I thank the RIAA for replying. There seems to be only one > important question here: Did the RIAA's now-abandoned > amendment do what legal analysts, such as the folks I quoted > in my article, say it would? > If the answer to that question is "yes" -- if the RIAA's > amendment would permit a copyright holder to hack computers > and delete information -- then it doesn't matter what the RIAA > now insists its intentions were. The RIAA has some very bright > lawyers who don't draft amendments carelessly. The truth is in > the language of the legislation; the rest is spin. > This is not meant to be an attack on the RIAA. The group has > done some laudable work in the past on First Amendment issues, > and sometimes gets unfairly attacked in the > Net.community. Somehow, though, I don't think this is one of > those times. > The RIAA's proposed amendment to the USA anti-terrorism bill: > http://www.wartimeliberty.com/article.pl?sid=01/10/14/1756248 > Previous Politech message: > http://www.politechbot.com/p-02656.html > -Declan > ********* Declan: I think you're original interpretation was spot on. The proposed amendments immunized copyright holders for any damage they do to a system in protecting their copyrights. Note that there are two proposed versions of the amendment, differing only in the inclusion of 'reasonably' in the second, which qualifies the types of measures that a copyright holder can use. I guess they figured - 'well, why not try to get unreasonable powers if we can?' Under the first version, if a copyright holder caught you in public listening to a bootleg Metallica MP3, he could smash your player with a sledgehammer, and walk away. Under the second, he might be able to seize it from you, delete the offending file, and hand it back (subject to court interpretations of 'reasonably'). The letter from the RIAA is a masterful example of spin and lawyer talk. I have a longer version of this letter deconstructing it, which I could send you tomorrow if you want. Peter Trei ********** Date: Wed, 24 Oct 2001 12:40:01 -0400 To: declanat_private, politechat_private From: Philo <philoat_private> Subject: Re: FC: RIAA claims it never wanted to hack PCs, was misunderstood Cc: JCabreraat_private In-Reply-To: <5.0.2.1.0.20011024115532.02617410at_private> At 12:04 PM 10/24/2001 -0400, Declan McCullagh wrote: >I thank the RIAA for replying. There seems to be only one important >question here: Did the RIAA's now-abandoned amendment do what legal >analysts, such as the folks I quoted in my article, say it would? > >If the answer to that question is "yes" -- if the RIAA's amendment would >permit a copyright holder to hack computers and delete information -- then >it doesn't matter what the RIAA now insists its intentions were. The RIAA >has some very bright lawyers who don't draft amendments carelessly. The >truth is in the language of the legislation; the rest is spin. Declan, more to the point - nowhere in the reply from RIAA do they say they have no interest in pursuing illegal copies to personal machines. In fact, there seems to be a tacit admission that's where they were going: > But we've also said that there were technical measures that could be > used to address the problem. We didn't get very specific about what > those technical measures were, but we always made clear that we would > rely on technological solutions to address technological problems. > > And in fact, a number of companies have developed the technology for > these technical measures. Some of them may already be in use, but at > RIAA, we've been analyzing the law to make sure that using these > technical measures would be completely lawful. > > A couple of weeks ago, the Senate made public for the first time the > anti-terrorism legislation it had privately been drafting. And when we > looked at it, we found that one of the provisions in this massive bill > would have changed existing law in a way that would prevent us from > using technical measures that would otherwise have been perfectly > lawful. It reads to me like there's lots of room here for "we were starting to think of going viral to protect our work, but the new legislation would've made that illegal and we just had to protect the option" This quote is particularly disingenuous: > Contrary to what you may have seen, read or heard the recording industry > never lobbied congress to give us the ability to hack into PCs, plant > viruses, destroy MP3 files on people's computers, and worse. That is > complete nonsense, and totally untrue. No, the RIAA didn't want the ability created; they wanted an existing ability protected. Talk about splitting hairs and spin control. I look forward to reading more legal analysis regarding the proposed amendment. Philo philoat_private AOLIM: philo589 ICQ: 9802707 Get legal advice or find a local attorney: http://www.lawguru.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ********** Date: Wed, 24 Oct 2001 13:16:06 -0400 Subject: Re: FC: RIAA claims it never wanted to hack PCs, was misunderstood From: Richard Forno <rfornoat_private> To: <declanat_private> CC: <politechat_private> Declan, some comments on your RIAA note, and ending with an observation. rf > Contrary to what you may have seen, read or heard the recording industry > never lobbied congress to give us the ability to hack into PCs, plant > viruses, destroy MP3 files on people's computers, and worse. That is > complete nonsense, and totally untrue. Under Clintonian English, it all depends on how you define "hack." > And we've said that the real solution ? the long-term solution ? is a > marketplace solution. That we have to get into the marketplace and offer > not only a legitimate alternative, but a better alternative that will > attract consumers because of the value we provide. Under Entertainment Cartel English, "marketplace solution" equals collusion with vendors and content providers. The DVD Copy Control Assn. is a prime example of a 'marketplace solution' in action. > But we've also said that there were technical measures that could be > used to address the problem. We didn't get very specific about what > those technical measures were, but we always made clear that we would > rely on technological solutions to address technological problems. Perhaps work to insure any MP3 player is unable to exchange files with PCs or other players unless done under a RIAA-endorsed 'technical DRM solution' like the MPAA-endorsed 1384 HDTV interfaces? > And in fact, a number of companies have developed the technology for > these technical measures. Some of them may already be in use, but at > RIAA, we've been analyzing the law to make sure that using these > technical measures would be completely lawful. Sure - who needs to 'hack' if the recording industry cartel agrees to only sell products with DRM technical solutions, solutions that exist "in the marketplace" that could facilitate a backdoor for 'authorized use' by the device manufacturer and/or its agents (eg, RIAA). Yes, I use the term 'cartel' for a reason. RIAA is no different than OPEC or Cali. > A couple of weeks ago, the Senate made public for the first time the > anti-terrorism legislation it had privately been drafting. And when we > looked at it, we found that one of the provisions in this massive bill > would have changed existing law in a way that would prevent us from > using technical measures that would otherwise have been perfectly > lawful. As I said, it all depends on how one defines 'technical measures.' > The provision wasn't aimed at anything we were doing or thinking of > doing. Nor was it aimed at technical measures used by ISPs, and eBay, > and other businesses to protect the integrity of their products and > their systems. But inadvertently, this change in the law would have > prevented us from using technical measures to protect copyrighted works. 'Technical measures' in this respone by RIAA is like the Bill Gates mantra that Microsoft makes 'great software' - how about giving details, and not nebulous verbiage? Sounds like RIAA is taking its lessons in conducting public relations from Pentagon news briefings. > When we discovered the change, we brought it to the attention of the > Department of Justice; the Senate staff working on the bill; and other > industry groups. The staff confirmed that the effect on us was > inadvertent, and asked us to propose a fix, a "patch" to eliminate the > problem for our industry. We did so ? based on suggestions from the > Department of Justice and Senate staff. More like they discovered it and nearly had a heart attack. > Ultimately, the Senate staff figured out a way to change their original > provision to eliminate its unintended effect, and that worked just fine > for us. And it worked for a whole lot of other industry groups that also > felt that this provision had to be fixed ? the ISP community, telecom > companies, the NetCoalition, the Chamber of Commerce, as well as content > industries like motion pictures and music. Let's remember that RIAA and MPAA are siblings under King Jack and Queen Hillary. I'm waiting for the Thirty Years' War to begin over DRM. :) > There is nothing unusual about what happened here, especially in the > hectic closing days of a Congressional session. But somehow, it became a > story that we were looking for special new powers to hack into personal > computers. Maybe not to them, but it sure appeared like Hollywood was trying to do what Justice was doing, namely trying to get as much power as possible during this once-in-a-lifetime golden opportunity to rush things through Congress without prolonged public hearings, scrutiny, and comment. Very sneaky! > What's worse ? we were accused of equating Internet piracy with > terrorism. We may take Internet piracy seriously, but we're not insane. Seems to be the thing to do by industry - wasn't it only last week that Microsoft essentially equated the full disclosure of security problems to supporting computer crime and information terrorism? That's how many of us security folks read it. RIAA and their MPAA sibling take profits more seriously, and as we've seen, will pursue anything that guards their turf from new technologies, distributions, or ideologies. These clowns are terrified that the paradigm shifted and consumers have the demonstrated technical ability (matching a desire long ignored by the entertainment cartels) to pick and chose what they want to listen or watch, and not be forced into settling for whatever teeney-bopper's looks will sell the most albums. > It's one thing to be criticized for what we do ? that's fair game. But > to be vilified for what we don't do ? that's very disheartening. Crocidile tears are being shed, and no sympathy should be given. Two observations: - They DON'T listen to their customers' desires to pick and choose their entertainment, something we've complained about for years. Now that it's been proven that folks CAN do this (Napster, etc), the cartels play the victim while scrambling to bastardize technology that not only restricts what, where, and how people listen to music, but also what artist cuts get released, if at all. Even Microsoft XP is catering to the needs of Hollywood and not supporting the alleged "pro-piracy" MP3 format in default XP installations, charging $30 or so for that as an 'add-on' feature. (Remember the collusion reference I mentioned earlier?) - They DON'T embrace technology to better society or make it more convienient for end-users (eg, endorsing fair use), but they DO embrace it to enable them to better control the content information in today's information-based society. We saw this with VCRs, the demise of DAT, etc. If they can't innovate protection, they legislate it under such things as DMCA. > Unfortunately, we get a lot of that. Half of what is written about us is > just plain wrong. And that's why we really do appreciate you taking the > time to read this, giving us a chance to set the record straight on this > one. Truth is in the eyes of the beholder, and that the entertainment cartels are notorious for spinning their version of "the truth." (Remember King Jack's alleged real-time download of 'Gladiator' in the Senate hearing room to demonstrate how quick someone could 'pirate' movies? They ran it from a CD-ROM, there was no live net connection in the hearing room!) RIAA is is the same industry cartel terrified of CD burners and technology in the hands of the general public. Whether it's taxing blank CDs, new CD burners, DMCA, or 'technical measures' and collusion with vendors (eg, DVD CCA), this scares them to death. According to RIAA, sales of (overpriced) CDs were down for the first part of 2001, down 2.7 percent from the previous year. Forget the fact that the economy has been dismal this year, and that in economic hardships, luxury items (like overpriced CDs) are often passed over until consumers are more confident to spend lavishly on such items......nevertheless, RIAA blames their financial woes on technology in the hands of the masses. Although they didn't come out and say it (who EVER takes the direct approach in Washington?) - they make a strong suggestion and imply that consumer piracy was to blame for their losses. According to RIAA's President Queen Hillary.: "Many in the music community are concerned about the continued use of CD-Rs (compact disc recordables) and we believe this issue deserves further analysis. A preliminary survey of tech savvy online music enthusiasts recently conducted for the RIAA showed that nearly one out of two consumers surveyed downloaded in the past month and nearly 70 percent burned the music they downloaded. All of this activity continues to show the passion of the consumer for music and the need for both legal protection and legitimate alternatives," concluded Rosen. (http://www.riaa.org/News_Story.cfm?id=446) Message to RIAA - It's The Economy, Stupid! My 2 cents. Rick Forno infowarrior.org Add'l Reading: National Security and Individual Freedoms: How the Digital Millenium Copyright Act (DMCA) Threatens Both http://www.infowarrior.org/articles/2001-05.html ********** From: "Richard Willey" <richard.willeyat_private> To: <declanat_private> Subject: RE: RIAA claims it never wanted to hack PCs, was misunderstood Date: Wed, 24 Oct 2001 09:54:23 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Declan I am a long time lurker. I found the RIAA letter a bit disingenuous. It certainly does not match the subject line "RIAA claims it never wanted to hack PCs, was misunderstood" Carefully read the following clause: But we've also said that there were technical measures that could be used to address the problem. We didn't get very specific about what those technical measures were, but we always made clear that we would rely on technological solutions to address technological problems. And in fact, a number of companies have developed the technology for these technical measures. Some of them may already be in use, but at RIAA, we've been analyzing the law to make sure that using these technical measures would be completely lawful. A couple of weeks ago, the Senate made public for the first time the anti-terrorism legislation it had privately been drafting. And when we looked at it, we found that one of the provisions in this massive bill would have changed existing law in a way that would prevent us from using technical measures that would otherwise have been perfectly lawful. What the RIAA is claiming is that they currently have both the legal right to hack individuals PCs. They also have the necessary "technical measures". The wording of the Senate's Anti-Terrorism legislation would remove their existing rights to hack individuals PCs so the RIAA attempted to have an ammendment added to restore this capability. You wrote: >I thank the RIAA for replying. There seems to be only one important >question here: Did the RIAA's now-abandoned amendment do what legal >analysts, such as the folks I quoted in my article, say it would? In my mind, the really important question is what assumptions is the RIAA operating under today? Richard Willey -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBO9byPtZbGc4pZHvJEQLJegCg2QSiEkTx/6iZXkiGzgq7Vj3lIGIAnRQQ Yc1Xgg7r/uv+7YclX8BDideG =6Iqb -----END PGP SIGNATURE----- ********** From: "Ben" <bmwat_private> To: <declanat_private> Cc: <JCabreraat_private> References: <5.0.2.1.0.20011024115532.02617410at_private> Subject: Re: RIAA claims it never wanted to hack PCs, was misunderstood Date: Wed, 24 Oct 2001 14:08:12 -0400 It bothers me just a bit to know that the RIAA gets to insert proposals into legislation when it and the government agree that it will be affected, while actual citizens like us only get to learn how it will affect us after we get home from work, the day it passed. And that's assuming that the mainstream press, who's job it is to keep us informed about earth-shattering changes like the DMCA, bothers to cover the story. That is, in itself, a gamble and a conflict of interest; since members of the RIAA, like Warner Bros. (Time Warner/AOL), own almost all major news outlets, (www.cjr.org/owners). And, well, with Rupert Murdock's well documented habit of making his agenda news coverage, and the investigation into the CEO of General Electric, who supposedly cheered and directed NBC from behind the scenes, to call the election for George Bush, excuse me if I don't seem optimistic. Oh well. Who needs balance of power, right? I just don't remember electing J. Cabrera, is all. ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 19:31:57 PDT