Adam Fields (weblog)

In reference to this Gizmodo piece analyzing the rights granted by the Kindle and Sony e-reader:

http://gizmodo.com/369235/amazon-kindle-and-sony-reader-locked-up-why-your-books-are-no-longer-yours

I think the analysis in that article is flawed. It doesn’t make any sense to be able to resell the reader with the books on it, because the license for the books is assigned to you, not to the reader. For example, if your Kindle breaks, you can move your books to another one. I’ve never heard anything other than the opinion that you can’t resell the digital copy - the assumption has always been that these sorts of transactions break the first sale doctrine. The problem then becomes “what are you buying?”, if there’s nothing you can resell.

The first sale doctrine has to apply to the license, not the bits themselves, because under the scenario in which it applies to the bits, arguably Amazon retains no rights whatsoever. They had no direct hand in arranging the bits of your copy the way they are - they merely sent instructions to your computer about how to arrange them in a certain pattern. The article asserts that you can’t “transfer” the bits, but in the same way, in downloading a copy, Amazon hasn’t actually “transferred” anything to you, either.

There’s no reason you shouldn’t be able to sell your Kindle, and the books don’t necessarily go with it, but if you want to sell the books separately, you can do that too. Legally, if you do that, you’d be obligated to destroy all of the copies you’ve made. Amazon’s inability to police that is as relevant as their inability to police the fact that you haven’t made a photocopy of the physical book you sold when you were done with it. There’s no weight to the argument that this will encourage rampant piracy, given that unencrypted cracked copies of all of these things are available to those who want them anyway, and always will be. People comply with reasonable laws willingly because they’re honest, it’s the “right thing to do”, and they feel that the laws are an acceptable tradeoff for living in a civilized society where sometimes you have to make compromises and not just do whatever you want. People do not comply with one-sided laws where they feel like they’re being ripped off for no reason. A law which turns your sale into a non-sellable license is of the latter kind. It turns normal users into petty criminals who don’t care when they break the law, because the law is stupid. Once they’ve ignored some of the terms, it’s a shorter step to ignore others, or ignore similar terms for other products. People like consistency, especially in legal treatments. I would argue that it’s in Amazon’s interest (and the others) to not niggle on this point, because a reasonable license with terms that look like a sale makes for happier customers who aren’t interested in trodding on the license terms, and that’s better for everyone.

(Yes, I’m arguing that restrictive license “sales” are anti-civilization.)

The Kindle ToS not only prohibits selling the Kindle with your books on it, it prohibits anyone else from even looking at it. If someone reads over your shoulder on the train, you’re in violation.

This is, of course, ridiculous.

The right legal response here seems to me to be to not dicker about with splitting hairs about whether you can sell your digital copies if they’re on a physical device and you can’t if they’re not, but to declare that anything sufficiently close to a “right to view, use, and display [...] an unlimited number of times” de facto consitutes a sale, and with it comes certain buyer’s rights regardless of what kinds of outrageous restrictions the licensor tries to bundle in the ToS. The fact that this also seems to be the right business response reinforces my belief that this is the correct path. This kind of a transaction is different from renting, which is by nature a temporary one.

It is the right thing for society to declare that if you’ve bought something that isn’t time or use limited, you’ve therefore also bought the right to resell it, whether it’s a physical object or a license.

Previously:

http://www.aquick.org/blog/2006/04/30/sony-cant-make-up-its-mind-if-music-is-sold-or-licensed/

http://www.aquick.org/blog/2004/12/30/cory-rants-on-drm-and-rightly-so/

Tags: sony, amazon, kindle, gizmodo, first sale doctrine, digital work, content, licensing, purchase, sale

We have different classifications for the crime of “killing a person”, and those classifications encompass whether it was an accident or not, whether it was premeditated, and how many people were killed - e.g.: How serious a crime has actually been committed. But when we talk about terrorism, it’s always just “terrorism”. This results in the really sinister megacriminals being lumped in with the group of morons that can’t get it to together to leave the house without forgetting to wear pants, let alone actually arrange to blow anything up.

Most “terrorists” are less dangerous than your average serial killer or bus accident, but we still lump them all together simply because they have an agenda.

Similar to murder, I think we need some sort of classification system for these crimes:

1. Intent to commit terrorism: you “plotted” with someone who may or may not have been an undercover cop, but didn’t actually acquire passports or learn how to make liquid explosives
2. Manfrightening: you committed some other crime, and along the way someone got scared and called you a terrorist, but you have no stated agenda.
3. Terrorism in the third degree: You actually blew up something, but no one was hurt.
4. Terrorism in the second degree: You actually blew up something and killed some people, but failed to garner any sympathy from the public.
5. Terrorism in the first degree: You actually blew up something, lots of people were killed, and the US declared war on some country you were unaffiliated with.

Tags: terrorism, legal definition, degree

Crappy DRM company says the DMCA forces you to buy their technology instead of building your own because not buying their technology is a circumvention of an effective copyright tool.

The thing is, I think they’re right. I mean, it’s stupid, but then so is the DMCA.

There are some other provisions (which seem to not apply), but the crux of it is:

“No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that–

`(A) is primarily designed or produced for the purpose of
circumventing a technological measure that effectively
controls access to a work protected under this title;”

It explicitly does NOT say “copy the work”, it says “circumvent the technology”. “Circumvent” is not the word they were looking for.

In fact, now that I think about it, convincing someone that DRM is bad is also a violation, as that may be interpreted as offering a service that is primarily design for the purpose of circumventing technological protection. Crap.

http://www.forbes.com/business/feeds/afx/2007/05/10/afx3708595.html

(via boingboing.)

Tags: drm, dmca, violation

Oh yeah.

http://www.nytimes.com/2007/04/14/technology/14deal.html?ex=1334203200&en=d94eb7f788b32db5&ei=5090&partner=rssuserland&emc=rss

This is a NYT article about an Iraqi show which seems to be called “Hurry Up, He’s Dead”.

The description is painful to read, a horrible ironic reminder of the awfulness:

“In a recent episode, the host, Saad Khalifa, reported that Iraq’s Ministry of Water and Sewage had decided to change its name to simply the Ministry of Sewage — because it had given up on the water part.”

“Mr. Sudani, the writer, said he has lost hope for his country. Iraq’s leaders are incompetent, he said. He fears that services will never be restored. The American experiment in democracy, he said, was born dead.

All anyone can do, he said, is laugh.”

Via Perry Metzger:

http://www.nytimes.com/2006/10/24/world/middleeast/24show.html?ex=1319342400&en=1bf22396b7ede7a3&ei=5090&
partner=rssuserland&emc=rss

Tags: iraq, daily show, awful, nyt, humor

With an open source monitoring program - Dorgem.

http://www.simplehelp.net/2006/09/27/how-to-use-your-pc-and-webcam-as-a-motion-detecting-and-recording-s
ecurity-camera/

Tags: warrantless wiretapping

Bravo.

http://observer.guardian.co.uk/world/story/0,,1869074,00.html

Tags: shaming search engines, wikipedia, china, censoring, not

I’ve often said that terrorism is an auto-immune disease afflicting civilization. Bruce Schneier has a great article up about how responding to terrorism by locking things down is, in fact, exactly what the terrorists want.

http://www.schneier.com/blog/archives/2006/08/what_the_terror.html

Tags: terrorism, play into their hands, auto-immune disease, schneier, security

Britt pointed me at this piece about how Lieberman still has very strong support:

http://www.talkingpointsmemo.com/archives/009461.php

There’s an important lesson in here. When you hang principles on a single race, and then lose, the principle goes with the race and suffers a horrible blow. This >WAS< the Dean mistake - it represented the internet way, and everybody fled when he lost, and how long has it taken that approach to recover its reputation?

When Lieberman wins, the ENTIRE “unseat the incumbents” approach dies a horrible death, in one single event.

How to dissociate the principles from the individual race?

Tags: lieberman, lamont, senate, races, keyraces, politics

This is a serious breach of user privacy, and I can’t imagine there won’t be lawsuits over this.

Either they didn’t think this through, or this is the best way they could think of to raise a public outrage.

http://www.interesting-people.org/archives/interesting-people/200608/msg00027.html

Tags: privacy. data security, search, aol

I think it’s simultaneously good that Google is turning a watchful eye on the government, but also somewhat creepy that they’re putting themselves in the position of proxying people’s access to potentially sensitive information. I do NOT think that the Google privacy policy is sufficient to cover this situation.

As many have predicted, this is also likely to expose some interesting accidentally unprotected things at some point in the future.

http://www.google.com/ig/usgov

Tags: search, privacy, google, us government

Boingboing points out this Wired article about a reporter who crashed a conference of wiretapping providers, mentioning this quotation in particular:

‘He sneered again. “Do you think for a minute that Bush would let legal issues stop him from doing surveillance? He’s got to prevent a terrorist attack that everyone knows is coming. He’ll do absolutely anything he thinks is going to work. And so would you. So why are you bothering these guys?”‘

It’s an interesting read, but I fundamentally disagree with the above statement, and this is the problem.

It’s not the surveillance that bothers me, it’s the resistance to oversight, even after the fact.

If there was any confidence that what they were doing was a reasonable tradeoff, they wouldn’t have to a) lie or b) break the law to do it. Yet they’ve done both of these things.

If the law enforcement community said “well shit, we’re out of ideas about how to stop these people, and so we really need to have our computers read everyone’s email and tap everyone’s phones and we guarantee that this information won’t be used for anything else, and anyone we find doing something nefarious will be dealt with according to due process”, then we could, you know, engage in a meaningful discussion about this. And then we could move on to the fact that “terrorist” is not a useful designation for a criminal, and then maybe we could fire the people who thought up this brilliant idea and find someone who would practice actual security because wholesale surveillance and profiling have been widely debunked as largely useless for anything besides persecution, political attacks, and invasions of privacy.

But we won’t, because that’s not what this is about.

This opinion of a member of the Dutch National Police is particularly telling:

‘He said that in the Netherlands, communications intercept capabilities are advanced and well established, and yet, in practice, less problematic than in many other countries. “Our legal system is more transparent,” he said, “so we can do what we need to do without controversy. Transparency makes law enforcement easier, not more difficult.”

The technology exists, it’s not going away, and it’s really not the problem. The secrecy is the problem.

http://www.wired.com/news/technology/1,71022-1.html

Tags: surveillance, wiretapping, wired, secrecy

Another idea that came out of the tired and somewhat inebriated tail end of last night’s gathering, that I didn’t want to forget.

Our system of representative democracy is predicated on the core idea that elected representatives are beholden to their constituents, because if they’re not, they’ll get elected out on the next cycle. But this is typically a four-year turnaround, and that’s plenty of time to do irreparable damage. I posit that this is not enough feedback, and we need to have a way to get citizen input taken more seriously, with direct consequences for representatives who fail to listen. This also probably goes along with increasing the number of representatives, and possibly giving up on the presumption that people who live near each other necessarily share the same views (or have views that are not directly contradictory and can be rationalized into a coherent position by one representative).

I have to think about this more.

Tags: elections, feedback, constituency

“Elections officials in several states are scrambling to understand and limit the risk from a “dangerous” security hole found in Diebold Election Systems Inc.’s ATM-like touch-screen voting machines.

The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.”

Perhaps it’s time to acknowledge that the Diebold systems themselves ARE the security glitch.

http://www.insidebayarea.com/ci_3805089

Tags: diebold, electronic voting, security

Remember the privacy implications of the government asking Google for search data? (http://www.aquick.org/blog/2006/01/19/doj-demands-large-chunk-of-google-data/)

It’s going to get worse before it gets better. No online service considers your IP address to be private information, and now they will be required to maintain logs mapping your IP address to real contact information, for a period of at least one year after your account is closed.

The only way to prevent this information from being misused is to not keep it, and now there won’t be any choice.

http://www.interesting-people.org/archives/interesting-people/200604/msg00176.html

I’ve discussed this before:

http://www.aquick.org/blog/2006/01/29/whats-the-big-fuss-about-ip-addresses/

Tags: surveillance, ip address, data retention

Apparently, crooks have been breaking into vacation homes, stealing the >OVEN DOORS<, repackaging them in real flat screen TV boxes, and selling them to dupes on the street.

Words fail me.

http://www.consumerist.com/consumer/consumer-alert/dont-take-any-wooden-flat-screens-165345.php
http://www.consumerist.com/consumer/scam/update-dont-take-any-wooden-flat-screens-165526.php

Tags: oven door, flat screen tv, theft, scam, everythingbuttheovendoor

http://www-tech.mit.edu/V126/N15/RIAA1506.html

Of course, this is nothing compared to the fact that the RIAA says you shouldn’t be allowed to break DRM even if it’s going to kill you if you don’t:

http://www.freedom-to-tinker.com/?p=984

I’ve discussed this before:

http://www.aquick.org/blog/2005/08/01/why-i-oppose-drm/

Tags: drm, riaa, quit school, MIT, unreasonable

Due to a lost patent claim, on April 11th, Active X controls (all embedded objects in IE) will have changed behavior and will require an “activation click” before they can be interacted with.

http://www.eweek.com/article2/0,1895,1943847,00.asp
http://msdn.microsoft.com/library/?url=/workshop/author/dhtml/overview/activating_activex.asp

1) This does not affect pure DHTML/javascript, only DHTML/javascript that interacts with embedded applets.

2) As described in the MS article and some of the links below, it is possible to bypass the restriction by loading the objects from an external page, and this can be automated in some circumstances. Apparently, Adobe/Macromedia is also working on better fixes.

http://www.macromedia.com/devnet/activecontent/
http://www.devx.com/webdev/Article/18063
http://news.com.com/Microsoft+tweaks+browser+to+avoid+liability/2100-1012_3-5980658.html
http://www.betanews.com/article/Microsoft_Offers_60Day_ActiveX_Reprieve/1143650536

Tags: microsoft, eolas, patent, activex, control, widget, interaction

I’ve been collecting examples of cases where there are hidden dangers facing consumers, cases where the information necessary to make an informed decision about a product isn’t obvious, or isn’t included in most of the dialogue about that product. Sometimes, this deals with hidden implications under the law, but sometimes it’s about non-obvious capabilities of technology.

We’re increasingly entering situations where most customers simply can’t decide whether a certain product makes sense without lots of background knowledge about copyright law, evidence law, network effects, and so on. Things are complicated.

So far, I have come up with these examples, which would seem to be unrelated, but there’s a common thread - they’re all bad for the end user in non-obvious ways. They all seem safe on the surface, and often, importantly, they seem just like other approaches that are actually better, but they’re carrying hidden payloads - call them “Trojan technologies”.

To put it clearly, what I’m talking about are the cases where there are two different approaches to a technology, where the two are functionally equivalent and indistinguishable to the end user, but with vastly different implications for the various kinds of backend users or uses. Sometimes, the differences may not be evident until much later. In many circumstances, the differences may not ever materialize. But that doesn’t mean that they aren’t there.

• Remote data storage. I wrote a previous post about this, and Kevin Bankston of the EFF has some great comments on it. Essentially, the problem is this. To the end user, it doesn’t matter where you store your files, and the value proposition looks like a tradeoff between having remote access to your own files or not being able to get at them easily because they’re on your desktop. But to a lawyer asking for those files, it makes a gigantic difference in whether they’re under your direct control or not. On your home computer, a search warrant would be required to obtain them, but on a remote server, only a subpoena is needed.
• The recent debit card exploit has shed some light on the obvious vulnerabilities in that system, and it’s basically the same case. To a consumer, using a debit card looks exactly the same as using a credit card. But the legal ramifications are very different, and their use is protected by different sets of laws. Credit card liability is typically geared in favor of the consumer - if your card is subject to fraud, there’s a maximum amount you’ll end up being liable for, and your account will be credited immediately, as you simply don’t owe the money you didn’t charge yourself. Using a debit card, the money is deducted from your account immediately, and you have to wait for the investigation to be completed before you get your refund. A lot of people recently discovered this the hard way. There’s a tremendous amount of good coverage of debit card fraud on the Consumerist blog.
• The Goodmail system, being adopted by Yahoo and AOL, is a bit more innocuous on the surface, but it ties into the same question. On the face of it, it seems like not a terrible idea - charge senders for guaranteed delivery of email. But the very idea carries with it, outside of the normal dialogue, the implications of breaking network neutrality (the concept that all traffic gets equal treatment on the public internet) that extend into a huge debate being raged in the confines of the networking community and the government, over such things as VoIP systems, Google traffic, and all kinds of other issues. I’m not sure if this really qualifies in the same league as my other examples, but I wanted to mention it here anyway. There’s a goodmail/network neutrality overview discussion going on over on Brad Templeton’s blog.
• DRM is sort of the most obvious. Consumers can’t tell what the hidden implications of DRM are. This is partly because those limitations are subject to change, and that in itself is a big part of the problem. The litany of complaints is long - DRM systems destroy fair use, they’re security risks, they make things complicated for the user. I’ve written a lot about DRM in the past year and a half.
• 911 service on VoIP is my last big example, and one of the first ones that got me started down this path. This previous post, dealing with the differences between multiple kinds of services called “911 service” on different networks, is actually a good introduction to this whole problem. I ask again ‘Does my grandmother really understand the distinction between a full-service 911 center and a “Public Safety Answering Point”? Should she have to, in order to get a phone where people will come when she dials 911?‘

I don’t have a good solution to this, beyond more education. This facet must be part of the consumer debate over new technologies and services. These differences are important. We need to start being aware, and asking the right questions. Not “what are we getting out of this new technology?“, but “what are we giving up?“.

Tags: DRM, consumer, hidden dangers, trojan, techology, voip, Goodmail, Google, Amazon, debit, consumerist

If you bought an infected CD from Sony, you’re entitled to some benefits under the lawsuit settlement:

http://www.eff.org/sony

Tags: Sony, DRM, busted, lawsuit, eff, settlement

As predicted, U.S. Judge James Ware intends to force Google to hand over the requested data to the DoJ.

http://www.cnn.com/2006/TECH/internet/03/14/google.hearing.ap/index.html

Tags: Google, privacy, search, records, surveillance

The big news this week - video that Bush knew that Katrina would destroy New Orleans a day before the storm hit:
http://www.truthout.org/multimedia.htm
http://websrvr20.audiovideoweb.com/avwebdswebsrvr2143/news_video/apbushkatrina512K.mov

Asking for complaint forms in Flordia Police stations gets you harassed and threatened:
http://cbs4.com/topstories/local_story_033170755.html

Greek cell phone taps of high officials were enabled by embedded surveillance tech:
http://www.schneier.com/blog/archives/2006/03/more_on_greek_w.html

Zogby poll shows 72% of troops want to get out of Iraq in the next year, but also that 85% of them think they’re there to retaliate for Saddam’s attacking us on 9/11. So, there’s that:
http://www.estripes.com/article.asp?section=104&article=35385

Human rights abuses in Iraq are worse than under Saddam (oops, Freudian slip - I typed Bush there first):
http://www.chron.com/disp/story.mpl/ap/world/3696105.html

Daily Kos is mumbling something about State-initiated impeachment:
http://www.dailykos.com/story/2006/3/1/235828/9378

And, a kitten:
http://www.dailykitten.com/archives/340-Poppy.html

Tags: outrage fatigue, news, depressing, makeitstop

Power, once given, will be abused. And not necessarily by those it’s given to.

Bruce Schenier has a blog entry about the Greek cell phone tapping scandal - about 100 cell phones of politicians and officials, including the American embassy, have been tapped by an unknown party since the 2004 Olympics.

Bruce points out that the “malicious code” used to enable this was actually designed into the system as an eavesdropping mechanism for the police.

“There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That’s exactly what happened here.”

http://www.schneier.com/blog/archives/2006/03/more_on_greek_w.html

Tags: surveillance, greek, wiretapping, security, privacy

Joe Gratz and I are having an interesting discussion about Creative Commons licenses over in the comments of his blog post about Schmap:

http://www.joegratz.net/archives/2006/02/23/schmap/

Tags: flickr, debate, creative commons, commercial, non-commercial

Harold Hurtt, police chief of Houston, has advocated changing building permits to require cameras in public areas of malls and apartment complexes, to try to deter crime:

http://seattlepi.nwsource.com/national/1110AP_Police_Cameras.html

He’s quoted in the article, saying “I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?”

1) “Wrong” is always changing, and isn’t always correct.

2) Our society and legal system are neither constructed for or capable of handling perfect law enforcement.

3) It’s not worth any price to catch all of the criminals. There are tradeoffs to be made.

The Hurtt Prize is a $1000-and-growing bounty offered for anyone who gets a video capture of Mr. Hurtt committing a crime.

http://www.hurttprize.org/

Tags: hurtt prize, security, cameras, surveillance

In an interview with a senior Chinese official responsible for policing the Internet, he defends China’s monitoring and filtering as no different from what other countries do to enforce their laws and keep the content on the internet “safe”. He points to the Patriot Act as evidence that the US is “doing a good job on this front”.

http://www.nytimes.com/2006/02/14/international/asia/14cnd-china.html?ex=1297573200&en=f7e5e2a8d90dfbeb&ei=5090&partner=rssuserland&emc=rss

Tags: china, patriot act, censorship

Declan McCullagh has compiled responses from AOL, Microsoft, Yahoo and Google on the following questions (two of which are nearly verbatim from my previous query, uncredited):

So we’ve been working on a survey of search engines, and what data they keep and don’t keep. We asked Google, MSN, AOL, and Yahoo the same questions:

- What information do you record about searches? Do you store IP addresses linked to search terms and types of searches (image vs. Web)?
- Given a list of search terms, can you produce a list of people who searched for that term, identified by IP address and/or cookie value?
- Have you ever been asked by an attorney in a civil suit to produce such a list of people? A prosecutor in a criminal case?
- Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value?
- Have you ever been asked by an attorney in a civil suit to produce such a list of search terms? A prosecutor in a criminal case?
- Do you ever purge these data, or set an expiration date of for instance 2 years or 5 years?
- Do you ever anticipate offering search engine users a way to delete that data?

http://news.com.com/2100-1025_3-6034626.html

Tags: privacy, search, retention, tracking