FC: Congressional source replies to RIAA's we-don't-want-to-hack denial

From: Declan McCullagh (declanat_private)
Date: Fri Oct 26 2001 - 08:10:50 PDT

  • Next message: Declan McCullagh: "FC: Cato Institute tech-and-society conf 11/14 on intellectual prop."

    [This is a letter provided by a congressional source on condition of 
    anonymity. It's a little hard to parse, but Anonymous' comments have ">>" 
    prepended to them. I invite RIAA to reply. --Declan]
    
    Some background:
    http://www.politechbot.com/cgi-bin/politech.cgi?name=riaa
    
    ---
    
    Response to Billboard Article on Anti-Terrorism Bill
    Billboard's issue of October 27 contained an article, "RIAA Criticized Over 
    Effort to Change Anti-Terrorism Bill," that is so patently false that we 
    are driven to respond immediately.
    
    Dear Editor:
    It is hard to believe that Billboard would print stories as offensive and 
    irresponsible as your recent articles attacking RIAA's work on the 
    anti-terrorism bill. The baseless rumors that we took advantage of this 
    important piece of legislation to gain rights to hack into personal 
    computers were debunked before the article was even written; yet Billboard 
    perpetuates the malicious myths without regard for even the most basic of 
    journalistic standards.
    
    Let's be clear: RIAA never lobbied Congress to give us the ability to hack 
    into PCs, plant viruses, destroy MP3 files on people's computers, or 
    anything resembling such actions. These assertions are not only completely 
    false, but also incredibly offensive and extremely irresponsible.
    
     >> The RIAA does not assert that the language they provided staff would 
    not have permitted this sort of conduct.
    Had your reporter bothered to call even one of the Senate staffers involved 
    in the legislation, or consulted with even one lawyer who could explain the 
    meaning of the proposed amendments, he would have learned that he was 
    unfairly maligning the RIAA and our industry.
    
     >> What they may have "meant" to do does not explain their "extremely 
    irresponsible" (at best) drafting.
    The true story here is that the Senate drafted its anti-terrorism bill 
    privately. When it was made public on October 5th it was discovered that 
    one of the provisions would have had an unintended effect on anti-piracy 
    measures that are lawful under current law. This inadvertent mistake would 
    have negatively impacted not just copyright owners, but also ISPs, telecom 
    providers and many other high-tech businesses, such as the companies of the 
    NetCoalition. As written, the measure would unintentionally have subjected 
    such businesses to lawsuits for activities that should be and are currently 
    allowed under law to protect the integrity of their products and networks.
    
     >>According to the RIAA, the drafting of the Senate bill was done 
    "privately" and would have had "unintended effects" on the law.  But what 
    Hillary Rosen fails to note is that their solution -- offered in the vacuum 
    of private  negotiations --  would have done what EFF and other copyright 
    scholars NOT on the RIAA payroll say it would have done: it wouldve created 
    a license to hack. I suppose the RIAA position must be that private 
    negotiations involving the RIAA cannot possibly result in similarly 
    "unintended effects."
    
    When we became aware of this inadvertent consequence in the draft 
    legislation, we notified the Department of Justice, the Senate, and other 
    industry groups; the proponents of the bill acknowledged that the draft 
    legislation created an unintended, negative side effect. We were asked to 
    propose language to avoid the unintended effects on our industry. We did so 
    - based on suggestions from the Department of Justice and Senate staff.
    
     >> Perhaps the RIAA will tell us who they met with at DOJ about this 
    amendment? Did they show their proposed language to anyone from the 
    Executive Branch negotiating the bill? If so, whom?
    
    And none of those drafts - we repeat, none - would have permitted the use 
    of viruses or anything else that could damage a user's computer or data in 
    any way. Contrary to the assertions in Billboard, measures that cause 
    damage to a computer or anyone's data would be actionable. Nor did the 
    article mention that the language provided no immunity from criminal 
    investigation or prosecution. Thus a copyright holder using any technical 
    measures to protect its works could do so only at risk of criminal 
    liability, a substantial guarantee that any such actions would be conducted 
    responsibly.
    
     >> This is simply false! The bill itself defines damage as "any impairment 
    to the integrity or availability of data, a program, a system or 
    information" The The RIAA proposed 2 versions of a proposed amendment and 
    asked that it be added to the end of the civil cause of action section 
    (section 1030(g)): "No action may be brought under this subsection arising 
    out of any impairment of the availability of data, a program, a system or 
    information, resulting from measures taken by an owner of copyright in a 
    work of authorship, or a person authorized by such owner to act on its 
    behalf, that are reasonably intended to impede or prevent the infringement 
    of copyright in such work by wire or electronic communication; provided 
    that the use of the work that the owner is intending to impede or prevent 
    is an infringing use." OR "No action may be brought under this subsection 
    arising out of any impairment of the availability of data, a program. a 
    system, or information, resulting from measures taken by an owner of 
    copyright in a work or authorship, or any person authorized by such owner 
    to act on it behalf, that are reasonably intended to impede or prevent the 
    unauthorized transmission of such work by wire or electronic communication 
    if such transmission would infringe the rights of the copyright owner." 
    Both proposals would have prohibited any civil cause of action for actions 
    by a copyright owners for the "impairment of the availability of data, a 
    program, a system or information" [ which the LAW and the terrorism bill 
    define as "damage"] for actions they take that are 'reasonably intended' to 
    impede or prevent infringement of copyright or an unauthorized copy. Yes, 
    the RIAA could still have been prosecuted - which one must assume is how 
    they are able to argue that their conduct resulting in damage would be 
    "actionable". But no civil actions could have been brought! So victims 
    could not have sued. Period. This is the sort of verbal parsing and 
    misleading statement that the heads of the major record labels should 
    instruct their staff at the RIAA to put a stop to once and for all.
    
    A person unfamiliar with the complex terminology of the Computer Fraud and 
    Abuse Act might not grasp these points from a quick reading of the proposed 
    amendments, which is why it is all the more important that anyone writing 
    on this subject check the facts and consult with informed sources. But the 
    writer of the article apparently made no efforts to contact the Senate 
    staff who actually handled this issue or to consult with anyone 
    knowledgeable about the facts or the law.
    
     >> No, the folks who are concerned about this mess grasped the points. The 
    entire focus of the original section of the bill that amended section 1030 
    was hackers. Previously, the definition of "damage" under the act required 
    that there be $5,000 in damages or loss to a victim. Accordingly, absent 
    some narrow exceptions, if a person hacked into a private network or 
    computer and caused less than $5,000 in damage, he or she would not have 
    broken the law. The law also provides victims of section 1030 with the 
    right to bring a civil cause of action - a lawsuit - against the hacker. 
    But the $5,000 damage threshold also applied to these victim lawsuits. 
    Hence, the problem that others but the recording industry (NetCoalition, 
    eBay, AOL, e.g.) was trying to solve was: if you change to law to make it 
    easier to for the government to prosecute hackers by dropping the $5,000 
    threshold then you are also making it easier for victims of hackers to 
    bring a private civil lawsuit. The RIAA's proposed solution - above - would 
    have given them a complete carve out from the civil actions - Not just acts 
    those resulting in less than $5000 in damage but any amount of damage so 
    long as they were trying to stop "unauthorized" (note, not necessarily 
    illegal) copying.
    
    Incredibly, the only person cited in the article is a lawyer for the 
    Electronic Frontier Foundation in San Francisco, who had nothing to do with 
    the legislation and knew nothing about what happened. But she was more than 
    happy to criticize RIAA for actions that the reporter described to her. And 
    Billboard was delighted to highlight her unfounded criticisms in large, 
    bold type.
    
    The article also failed to mention that multiple industry groups and 
    companies likewise saw the need to fix the inadvertent error in the Senate 
    provision. Ultimately, the Senate staff decided to re-draft their original 
    amendment to avoid the problems it had caused, thus obviating the need for 
    an industry-specific solution. As finally drafted, the new provision is 
    supported by eBay, the NetCoalition, MPAA, RIAA and SIIA, among others.
    
     >> Yes there were a myriad of organizations concerned about the effects of 
    the change on current law, but the RIAA's proposed amendment was not 
    supported by those groups, was it? Did eBay, the Net Coaltion, SIAA support 
    their draft. No. Not even AOL -- a member of RIAA -- was happy withthe 
    original amendment offered by Mr. Glazier. Yes, they all supported the 
    final version - the version that was worked out AFTER the RIAA was caught.
    
    The damage done by these irresponsible acts continues to spread. On October 
    24, the Billboard Bulletin featured a story that a Member of Congress 
    "decries RIAA's tactics on legislation." The quotations attributed to the 
    Congressman make it clear that he had no idea what had actually transpired 
    - but having read Billboard's article, it's only natural that he would be 
    critical.
    
    Let's be honest: the not-so-subtle message implicit in Billboard's articles 
    is that we were trying to "slip" something into the legislation, an act 
    that would be downright unpatriotic at this time of national crisis. And 
    that's what makes Billboard's articles so incredibly insulting - 
    manufacturing a story that makes us look underhanded and impugns our 
    patriotism at the same time. In fact, we became involved in the 
    anti-terrorism bill only because an inadvertent error in its drafting would 
    have negatively impacted legitimate businesses engaged in legitimate means 
    of protecting their products and networks; we proposed amendments only 
    because we were specifically asked to do so by Senate staff; and the 
    proposals we made were in fact narrow and responsible.
    
    It's time for Billboard to start honoring some editorial standards. It's 
    not responsible to write articles without researching any facts, consulting 
    with any informed sources, or checking with the staffers actually involved. 
    It's time to start printing stories that are factually accurate, not 
    malicious gossip masquerading as news.
    
    Billboard owes their readers, and the RIAA, an apology.
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 08:30:38 PDT