Jack Balkin is up.  He presents three problems: 

first, what are the different forms of cyberprotest, and how do they relate to the freedom of speech?

second, what is the conflict between freedom of speech and other rights (let's clump those rights as "property")?

third, why is cyberprotest difficult to do?

First, point of freedom of speech is to support democracy. 

Think about different forms of cyberprotest as different forms of technologies; eg, sit-ins, hack-ins, allow small cells to do information-sharing (to get around filters), google-bombing (more). You can divide types of cyberprotest that enhance free flows of information (routing around) from those that block the flow of information.  Both types can be disruptive -- but in different ways. 

But this is a rough cut:  Although the idea of freeing information sounds "good," and the kind of thing activists would be interested in, there may be times to limit the flow (viruses, worms, child porn).  Central question is under what conditions is it a good idea to use code to free up the flow of information.

Second:  You have a factory, people organize, decide to walk out.  Is this freedom of association/speech or criminal conspiracy and destruction of expected profits.  Beginning of 20th century, walkouts are seen as destruction of property.  Then a big debate over what part of this we call speech and what part we call destruction of property.

This is the same problem we have with cyberprotest.

Three phases of protest: first, courts say this is conspiracy and destruction of profits; second, courts say this is freedom of association and speech (AFL v. Swing, eg).  Labor unions have right to organize, even if action lowers profits.  So we get to the third stage: now labor protest treated as a highly regulated subject, treated in labor law.  Completely out of the First Amendment category.

Balkin is not saying these same three stages will happen.  But boundary between speech and destruction of property is not a fixed line.  It changes over time through social movements.  So our view of what's "appropriate" for cyberprotest will inevitably change.

Back to the first rough cut: blocking v. facilitating.  That's too simple.  But there's no a priori way to divide what's cyberprotest and what's destruction.  Dead cow (Oxblood Ruffin hacktivist group) focuses on routing around, which seems appropriate to Balkin.  They also, interestingly enough, say that they don't want technologies to be used for "illegal" speech (like child porn).  But what's the baseline for determining what we think of as illegal speech?  Dead cow seems to be working with US baseline re what's "illegal".  But that choice of baseline is worth talking about.  An important question.

Third point:  what produces the development of technologies of cyberprotest.  Answer:  The Temptations.  Balkin will explain the link.

The key problem in cyberspace speech is proximity and attention.  Have to get the attention of your audience, and have to get next to them (picket around them).  Find some place where people interested in your speech will listen to you.

Balkin student wrote a paper about cyberprotest.  His conclusion was that internet didn't create spaces in proximity to other spaces.  You can move easily around, but you can't interpose yourself between audience and person you're criticizing.  Everyone is your neighbor but you can't get next to anybody. "I Can't Get Next To You, Babe" -- that's The Temptations.

Virtual worlds allow this kind of proximity.  Eg, Third Voice required that the audience join in, to get attention of people who agree with you AND disagree with you (and have no idea you exist). [what about Gator?]  Interest in 1A is also to encounter people you don't know.  Eg, parody sites!  Will take creative minds to design these spaces that will solve problem of proximity and attention.  When they arrive, let's not assume that they're destroying property, but decide whether they're promoting basic democratic values of routing around and glomming on.

Bravo! 

Jon Zittrain is up now to talk about filtering in China and circumvention of such filtering. And hacktivism.

Shows a DMCA notice received by Google for infringing search listing -- threat is that Google will be sued unless it takes result down.  Google even says that there are things you're not seeing.  So Google is cooperating in taking things away from public view (supply side filtering).

If you're China, and you want to stop your citizens from seeing things, you stop people from even seeing google.com (shows search page from Beijing University).  Shows lists posted of blocked sites.  All of MIT and Brown blocked; and all US courts.

JZ did a dialup to Beijing (from his office in Cambridge) to see what could be seen -- but that was expensive.  Then Ben Edelman and JZ asked Chinese servers what was available (eg, search results on google.com for "Tibet" -- top search results unavailable from Chinese servers).  And people out in the world found many other additional sites blocked.  Over 50K were blocked.

Doing this work is becoming more difficult.  (And empirical research is hard!)  Effort to do this entails assuming that China blocks sites for everyone (or not).  Looks as if what's going on is more subtle.  If you type political name into Google, suddenly you won't get access to Google any more. 

Evolving towards a drivers license approach - eg, junior highs do this.  Maybe countries may someday as well -- AUPs for citizen use.  We'll be taught what we should do and what we shouldn't. 

Saudi Arabia also does this -- and allows sites to be unblocked.  Gave JZ two weeks to see what's blocked.  Both SA and China block some common things (like Amnesty International).

Pennsylvania does this too.  Discusses Pappert case statute.  Order can go out to PA ISP saying don't allow Pennsylvanians to go out to particular sites.  (JZ didn't mention that CDT is leading this litigation; see ABDavidson presentation.)

JZ is tracking all of this using the OpenNet Initiative.  Accepting help.

Now:  circumvention.  OpenNet has a circumvention lab in Toronto.  Internet offers opportunity to unhook civil disobedience from wrong being attacked -- before maturation of social moment.  [distracted for a few minutes]

Quick tour of JZ efforts.  Thanks!

Lee Tien:  How does a user know when a device has been redesigned to limit what the user can do?

Deeply, this is a question about the nature of law.  We have a legal sense that appeals to a sense of legitimacy and discourse.  Where architectural regulation hides what it does, we're heading out of law and into instrumental control.  We're leaving the realm of law and any moral dimension/legitimacy issue.

Cf. seatbelt regulation.  Everyone knows about that and can see it.  But when we talk about privacy we're talking about govt attempting to change the conditions of social experience.  From a 4A standpoint the standard is reasonable expectation of privacy -- and if we have no concern about govt steps to design things, we won't know what has happened to our privacy or what is reasonable.  We won't have the opportunity to experience that privacy.  (eg, never having had doors on phone booths would have changed the Katz result).

So rearchitecting network to expose information (creating an audit trail, as Nimrod suggests) may foreclose personal experiences that might inform expectations about privacy.  Eg, zipcode plus birthdate is enough to re-identify 80-90% of data -- triangulation is very easy.  Yahoo! gets this information all the time from users.  Do I know what the invisible consequences of my actions are?  What do you need to know when you're on the internet or using DRM?  How is that that you know you're being injured in some way? 

Do users need to know design options (could it have been done differently so this wouldn't have happened)?  Without knowing the harm, how can your expectations be shaped?

When you're dealing with systems, parts of these systems are in shadow -- so we can't know how these work (eg, PCs, telephones).  Metaphor of architecture means we only perceive in bits and pieces.

Finally, in the world of enforcement -- we don't talk much about the way automated enforcement changes things.  Rules can have a normative career; enforcement of rules is an entrepreneurial event.  You make a decision, using your discretion, that has cost.  That's not the case in architectural decisions to enforce.  Additionally, architectural enforcements are private and unseen.  We can't work on the social meaning of a rule.

Excellent, thoughtful talk by Lee.

Paul Ohm gets up and confesses that his boss is John Ashcroft.  Gets a laugh (post John Podesta talk last night about Ashcroft as destroyer of civil liberties).

Technology in the courtroom:  Too much of it, and not enough of it ("hyperlinks are typically blue").

Digital evidence review:  we look at hard drives for things (what will they do when hard drives go away?).

But question is:  is the person looking at hard drive an expert?  Do we need a Daubert hearing?  Usual answer is "yes."  If we're going to have someone saying child porn is there, we need to be able to say that person was an expert.  Certification as an expert is viewed as needed. 

But it shouldn't be that everyone talking about a hard drive file has to be qualified as an expert.  Eg, if someone pulls fibers on behalf of the FBI, we don't need to say that person is an expert.  This high hurdle won't change Ohm's job -- there are plenty of resources there.  But for small-time prosecutors, it creates enormous costs.

Second:  Court opinions in the surveillance/seach and seizure field are rare.  And they describe technology clumsily.  Where statutory construction depends on this, we're in trouble.  It's not that judges can't understand technology, but analogies don't work well, and litigants don't help them, and labels for things change rapidly.  Eg, arguing to the court that "the internet is like a giant tube, and if you put too much into it it will burst" (for distributed denial of service).  Doesn't help people understand things.

And even use of "email" as a term, without further description or definition, doesn't help people much.  Over time, things change.  So we can't understand the scope of the precedent.

Eg, under Stored Communications Act, what does "electronic storage" mean? defines line between search warrants (storage) and subpoenas (if not storage).  Kozinski focused on "backup protection" element -- all email systems are in backup protection.  But what's he talking about?  POP, IMAP, webmail? entire logic turned on this distinction, but we can't tell what's going on. 

In CDA case:  Stevens says web pages "generally also contain 'links' to other documents created by that site's author"... "typically, the links are either blue or underlined text"

He gets a big laugh and applause.

One of the paper-writing winners (Nicolai Seitz) is standing up to talk about the problems of transborder enforcement of requests for information.

In 80% of all German cases, access to data located abroad is necessary for criminal investigations inolving the internet, he says.  Usually, people ask for letters rogatory, but this takes an enormous amount of time.  And evidence is often deleted.  There have been some improvements in the EU cybercrime convention, but these are inadequate often.

The solution?  Transborder search might do it.  But this might violate the international principle of territoriality.  And, such efforts might make changes on foreign soil.

He points to cybercrime convention.  Article 32(b) doesn't cover transborder search without consent (does cover search with consent).  There's a case (Ivanov-Gorhskov) that does touch on this issue, but FBI has overreached and we're worried (FBI accessed password-protected servers in Russia and downloaded evidence in form of data).  Terrorism may be seen by FBI as a good enough reason to trigger transborder searches and create admissable evidence.

This Russian case is an egregious example of overreaching by US, and we would be outraged if they did it here.  But it underscores the need for some transnational cooperation agreements about this subject.  We have no standardized international practices.  Seitz thinks foreign retrieval of not-freely-accessible data should be illegal.