In preparing for today's lecture on internet governance (whatever that is), I ran across an essay by Langdon Winner from 1997. It's called "Cyberlibertarian Myths and the Prospect for Community," and it's pretty bleak.

Mr. Winner says, in summary, that cyberlibertarians in 1997 are both shallow and obsessed. Shallow because they don't seem to care about community, institutions, democracy, or citizenship, and obsessed because they value individuality, free markets, and homogeneity above all else.

Let's assume he was right. Has the Wired culture made any progress towards enlightenment in the last seven years?  I'm going to suggest that it has -- but it just hasn't become conscious of the communitarian realities of online life yet.  The time may be ripe to collectively imagine a better world.  We can do this in two ways:  by shedding light on the role of groups in our lives, and by realizing how the networked, interactive screen changes our relationships with these groups. 

If this sounds vague to you, consider this:  We are just now beginning to see the structure of social organizations in new ways. We know that scale matters. We know that, given the chance, people will find ways to trust each other and work creatively together to pursue shared goals.

But many groups we're involved with are dysfunctional (like large corporations) and don't seem susceptible to change by individuals.  This is stressful. (Indeed, one definition of "bad" stress is an inability to change your environment.)

What if you could enrich your life with groups you haven't thought of before: different forms of jobs, interest groups, affiliations; crossing geographical and other boundaries, perhaps lasting for only a short time?

What if you could change groups you care about by acting collectively with others? What if you had more choices, both of roles and affiliations?

Networked, interactive screens make all of this possible.  We can visualize the groups we're involved with (and we should force those groups to have an online component); we can form new kinds of firms that exist only online; we can see the state of the group at a glance; and we can interact with the group using the screen. 

It turns out that the individual may not be the most important element of online life.  Groups may be -- and now we can collectively imagine them in ways we haven't been able to in the past.

David R. Johnson and I are talking about writing a treatment of this subject.  This sounds to me like a possible response to Mr. Winner.  But let me know.

It seems to me that we need to get the net heads to talk to the bell heads.  I'm planning to have a Cardozo conference in the fall that would focus on the IP-enabled services rulemaking. 

How can it be that email/IM etc. should be taxed "just a little" and the FBI should have a back door into these services -- just to support the existing telephone system?  I'm sure I have a great deal to learn.  But even the language makes little sense to me.  Who should speak at this conference?

Now that CFP taught me all about FCC regulatory policy, I feel empowered to be paranoid. 

ATT wants to offer VOIP.  Because their service touches the telephone system at some point, the FCC has said that ATT's VOIP will be a regulated service -- meaning CALEA, E911, and other obligations have to be met, and access charges have to be paid.  This seems entirely consistent with the notion that, someday, email, IM, and P2P generally will be regulated services too.

Here's the reasoning.  To the extent the following are true of  ATT's VOIP, they're true of email and IM:  the service (1) uses ordinary customer premises equipment, (2) originates and terminates on the telephone system, and (3) undergoes no net protocol conversion and provides no enhanced functionality to end users due to the provider's use of IP technology.  As I understand it, if a service isn't "processed" somehow by its transport across the net, it's a telecommunications service (that's what the "enhanced functionality" reference means).

Chairman Michael Powell says that ATT "argues that its service should be exempt from the access charge regime because it may use IP in its transport system. . . [but] customers are in no discernable way receiving the transforming benefits of an IP-enabled service.  In fact, the consumer receives the same plain old telephone service."  He goes on to say that if the FCC listens to ATT, that would be merely "sanction[ing] regulatory arbitrage and would collapse the universal service system virtually overnight."

The argument about email and IM (as I dimly understand it) is that consumers are receiving the same services they used to get from Western Union.  No difference.  Sure, the old telegraph operators aren't there, and the consumer is doing the typing, but once the message has been put together it's sent along the same plain old telephone lines.  In this view, the email or IM is just like a telegraph that gets routed along by the telephone network.  So email and IM should be on a level playing field with (now not thought about much) Western Union.

The justification for putting email and IM on a regulated footing as "just another" IP-enabled service is that if we don't do this the whole regulatory system will collapse.  The telephone system as we know it will be destroyed.

This rationale is very similar to the broadcast flag reasoning:  if we don't make rules for the devices that receive, store, and manipulate television broadcasts (and the devices that connect to those devices), the broadcast system as we know it will be destroyed.

The arguments for protecting telephones are stronger than for protecting broadcasts, but they're undeniably similar.  We have to do this, or the American way of life will be destroyed.  If you argue against this, you're un-American.  In fact, if you argue against this, you're in league with terrorists.

Where is this going?  One key IP-enabled service that's quite popular these days is P2P.  "Operation Fastlink" went after warez sites and hackers the other day, using language that sounds just like the war on terrorism:  "These groups are sophisticated and able to communicate instantly via the Internet, and have the ability, with the stroke of a button, to destroy evidence located across the globe. The synchronized efforts of law enforcement worldwide prevented the thieves from destroying the evidence or disappearing into cyberspace without detection."

Where would these warez files end up?  On P2P systems:  "Once a product is stolen and made available on a "warez" group's secure server, it is only a matter of hours before the stolen works are distributed throughout the world, ending up, for example, on public peer-to-peer file-sharing networks accessible to anyone with Internet access."

What does the content industry want more than anything? To shut down P2P systems.  How can they get there?  I'm not sure they can.  But having the FCC regulate P2P has got to be a start.

A current FCC Notice of Proposed Rulemaking is suggesting guidelines for IP-enabled services.  At CFP yesterday, Bob Cannon and Chris Savage gave a thorough FCC tutorial, and ended with a discussion of this NPRM and VOIP generally.  I raised my hand and asked whether "IP-enabled services" included the DNS and email.  Answer:  yes.

Here's the footnote setting the scope of the NPRM: 

Specifically, the scope of this proceeding – and the term "IP-enabled services," as it is used here – includes services and applications relying on the Internet Protocol family. IP-enabled "services" could include the digital communications capabilities of increasingly higher speeds, which use a number of transmission network technologies, and which generally have in common the use of the Internet Protocol. Some of these may be highly managed to support specific communications functions. IP-enabled "applications" could include capabilities based in higher-level software that can be invoked by the customer or on the customer’s behalf to provide functions that make use of communications services. Because both of these uses of IP are contributing to important transformations in the communications environment, this Notice seeks commentary on both, and uses the term "IP-enabled services" to refer to "applications" as well as "services." Recognizing the broad scope entailed by this definition, we invite comment below on how we might more rigorously distinguish those specific classes of IP-enabled services, if any, on which we should focus our attention. We emphasize, however, that this Notice does not address standard-setting issues for the Internet Protocol language itself, which are more appropriately addressed in other fora, or other items outside this Commission’s jurisdiction, such as Internet governance.

That last sentence makes you think about ICANN -- the White Paper said that the idea was to create a group to deal with "management and administration of Internet names and numbers on an ongoing basis," and not to provide "Internet governance."  So maybe the FCC is interested in taking on ICANN.  Whoof.

But putting ICANN aside, what about everything else that uses IP?  What about email (and blogging applications)?

The pro-regulatory view is that email is "affected with the public interest" and some sort of a common carrier. Email equals Western Union. Whoof again.  The thinking would be that because we all use email, maybe there should be CALEA obligations inherent in it (backdoors for snooping).  Or 911 obligations.  Or address portability.  Or you name it.

My reaction is mostly amazed disbelief.  Aren't there user agreements that have to do with email?  Don't we want to let the market dictate which email solutions people prefer because of the kinds of rules and promises those solutions provide? Don't we want to encourage businesses to roll out applications without having to check whether FCC guidelines are being met? Is there really a market failure here that drives a need for regulation?

Because one bit looks very like another, all of the VOIP discussions may also apply to any other sort of application you can think of.  What does this mean for the future? 

Have you seen the draft Calif. SB 1506?  Tell me it won't pass.  It makes anyone criminally liable who "knowingly electronically disseminates a commercial recording or
audiovisual work without disclosing his or her true name and address, and the title of the recording or audiovisual work."

You say, "No big deal.  We already have criminal copyright law on the books."  But don't criminal copyright statutes involve infringement?  This is a strict liability offense:  no name and address, and boom, you're in jail.

What if you're twelve years old?  We have one federal statute, COPPA, which makes it illegal for an ISP to knowingly gather personal information about a person under the age of 13 without parental consent.  Here, the twelve-year-old must provide that information. 

What if you're doing research?  Forget it; no name and address, and the inquiry is over.  No fair use exception here. 

Now, the proposed bill has an exception for people who electronically disseminate "a commercial recording or audiovisual work to his or her immediate family, or within his or her personal network, defined as a restricted access network controlled solely by that person or people in his or her immediate household."  Well, that's nice.  But what's a family?  And what about friends and colleagues and personal noncommercial use generally?  Isn't this a run towards a "personal digital network network environment" or PDNE?  (Some pronounce that acronym as "PID-nee" and smile.  Some don't smile.)  What's the relationship between that PDNE and traditional copyright law? 

(A great lobbying move:  soon if you object to the concept of a "family-use" exception you'll be tagged as being against the idea of families.)

Perhaps the statute is preempted, but it doesn't (except in the findings) talk about copyright.  In fact, like the broadcast flag rule, it aggressively does not deal with traditional copyright concepts. 

I have to agree with Arnold:  being a proud member of the California legislature should be a part-time position.

I'm spending the morning at BloggerConII.  Dave Winer is right:  panels and "experts" are dead ways of running conferences.  This one is saying about itself that it's going to be a real discussion.  We'll see.  The crowd is serious and intent.  Good group of discussion leaders, including some of my favorite bloggers:  Dan Gillmor and David Weinberger.

Group now plans to sing the BloggerConII song and has chosen Take Me Out To The Ballgame.  Poor accordion guy has to play with us.

I had fun sitting next to John Palfrey.  That made this session worthwhile; real people definitely needed for overheated-rooms in which we talk about blog tool features. 

When Cory Ondrejka of Second Life started talking the other night, I had my new (graphically adequately powerful) laptop open.  If you think it's hard to concentrate on a presentation when you're looking at email, just imagine how difficult it is to focus when you're in a different world.

Second Life is well worth looking into, and Cory (SL's Vice President for Product Development) is a very patient man.  He's a good ambassador for Second Life; he'll answer any question thoughtfully and carefully, and he has an open mind.

Cory met with a small group here in NY on Tuesday night, and then went up to Yale to see the ISP fellows and Yochai Benkler's class; he's speaking at New York Law School today.

After a while, I put the laptop lid down so I could listen closely.  (I'm not a very agile presence in Second Life just yet; if you see an avatar spinning and gesturing meaninglessly, that's me.  The new laptop just came into my life this week.)

What Cory had to say was fascinating.  Fully half of SL's subscribers are busy building interactive, scripted objects, using a C-like scripting language.  Artists and all sorts of other people have adopted the SL language, and they're producing like mad.  They're building museums and stores and planes and taxis, both individually and in groups.  Cory says a big bump in productivity happened after SL announced it was giving IP rights to subscribers in their creations.

"What?" you say.

Well, it would be good for Cory to create an IP-free island in Second Life to test this hypothesis, but it appears that having the spur (or carrot) of IP rights has actually had its intended effect:  people are building.  It's a green world; a place where copyright is being used to support the overall interest of the place.  Lots of great questions here; but mostly it seems to me that this isn't creating a litigious world (at least not yet). It's creating a creative burst of energy, as people buy land and build. 

Cory kindly did a demonstration of "Property Law: The Game" for us.  I had sent him a list of adverse possession elements, and he had the idea of providing lots of building materials and asking students "build what, where, and be there for how long" in order to prove title.  Gripping.  The next step is to do a very short course module "in world."  Small is possible.  Big is overwhelming.

So I'm a huge fan of Second Life, and I hope to be able to figure out how to talk to the people there at some point.  (The avatars clump, predictably; we all look for companionship.)  And the next time Cory comes to talk, I'll remember to be in the same world.

Why do we have reunions?  The Yale Symphony had its first-ever reunion this past weekend, and I have some suggested answers to this question.

We have reunions to celebrate getting older rather than to return to our youth.  It was great to see the current instantiation of the orchestra -- there are wonderful players in the group -- but I don't think that those of us who were distant from our college years (compared to, say, the class of '02) wanted to be that age again.  We were having too much fun ignoring the current occupants and talking to the other alumni.

There are exceptions to this celebration, of course; it was hard to know what to say to the alum who saw pictures of himself/herself from his/her undergraduate days and said "I've gained 50 pounds since then."

Reunions give us a chance to see places we used to see.  It was great to be on the stage of Woolsey Hall again in the middle of a very loud orchestra.  (Large numbers of trombone players showed up from the alumni ranks.)  I remembered the view out the windows and how uncomfortable the hall's chairs are. 

We like reunions because they take us out of our day-to-day lives briefly, reconnect us to the past, and then let us go home.  Reunions are disruptive.  We leave our homes and our routines to visit another life.  It's space travel and time travel combined.  The air is different at a reunion.  We tell old stories to friends who understand us.  But then it ends, mercifully, and we return to where and how we live, and all the problems/joys/deadlines of that life.

So:  when has social software/social life online been sustained enough to trigger a desire for a reunion?  And what do those reunions look like?  I'm sure they've happened.  But how do we celebrate our aging, see places we used to see, and experience the disruptiveness of a reunion online? Or does the timeless, borderless, "classless" nature of the online flow make all sessions reunions, in a sense?

Let me know. 

After they finished the tenth installment of their enormous multi-volume history, The Story of Civilization, Will and Ariel Durant wrote a set of thirteen essays entitled The Lessons of History.  I happened to pick up this volume yesterday; it's both slim and sweeping.  

The Durants loved history, and wanted to show their readership what waves and tensions and trends they perceived.  It's not a great book, but it's an undeniably forceful one.  One essay discusses the essential moral characteristics of individuals, listing six traits and providing "positive" and "negative" descriptions of ways in which people act.  Here's a quote:  "Human beings are normally equipped by "nature" (here meaning heredity) with six positive and six negative instincts, whose function it is to preserve the individual, the family, the group, or the species. (Action, Fight, Acquisition, Association, Mating, Parental Care) . . . Each instinct generates habits and is accompanied by feelings. Their totality is the nature of man ." (Note to law review editors:  not a footnote within miles.)

For "Association," the Durants say flatly that "privacy" is a negative instinct of mankind.  That's it.  If you're private, if you want solitude, you're just not helping Progress.

Now, I don't agree with the Durants' black-and-white view of human nature.  There's a continuum out there, and putting things into boxes the way they did may not have advanced Progress either.  (And they say "cooperation" is a negative trait too -- the opposite of "competition.  I don't agree with that either.)  But having this 35-year-old use of "privacy" in front of me on the page provokes me to say the following:

We have no assurances, as we walk down the street, that no one is watching.  In fact, to the contrary, there may be all kinds of things and people and machines watching that we do not see.  Instead of worrying about that, we talk to the people behind the counters in the stores, we engage with the cab driver about the weather, and we notice who goes by. 

If we're really worried about privacy, what concerns us is someone developing a full-blown dossier of our every move and publishing it to people whose possession of this information would be hurtful to us in some way.  But, other than this particular worry, whether someone's watching is of no particular interest or consequence.  There is so much information in the world that it is unlikely that we'll be important enough to cause the sifting that would produce such a dossier.

Same thing for online life.  All of us send a great deal of email and wander around for hours at a time.  Sure, someone could be watching.  But should we worry?  Should we be concerned that an ad may be targeted at our computer based on our online activities?  Who is hurt by the personalization of advertising? or even content?  Might it be a "negative" instinct to be concerned about this -- and particularly to be so concerned about it that we stop wandering around online or sending email?

The recent protest letter re Google mail strikes me as a negative step -- a step backwards.  Google may indeed have established for itself something that is much more like a global platform than a search engine.  Its engineering costs have likely gone way down, while its pool of available information has grown enormously.  But asserting that Google mail should be suspended for privacy reasons seems out of proportion to the risks involved.

After all, the people I deal with every day (dry cleaners, doormen, shopkeepers) have made no promises to me about how long they'll keep my image in their minds.  The people at my school aren't telling me how long they will keep records of my employment. These people know much more about me (granted, only shards of information, but more of it) than Google will. 

But EPIC and others are asserting that Google's "data retention and correlation policies are problematic in their lack of clarity and broad scope." So don't use Google. It's not being forced on you. Go use a paid-for mail service that makes clearer promises to you.

Google shouldn't need permission from privacy-knowledgeable people before opening up a new service.  The fact that some are distressed about Google automatically transmitting email says more about perceived lack of choices of rulesets for email data than anything else.  Google is so successful that people worry it will become the only show in town.

Yes, privacy matters, particularly (and maybe exclusively) when there is a risk of disclosure of a detailed dossier of your online life.  But a commercial company can open up a new service without making promises to anyone about its privacy practices.  If it breaches the promises it has made, that's one thing.  Merely rolling out the service, on the other hand, might just be Progress.

Steven Johnson's Mind Wide Open is a book you should buy and read.  There is a great deal to say about this book, but I'll start with the jokes.

On p.129, there's a good section about jokes -- it turns out that their real purpose is social bonding rather than humor.  We laugh so easily with people we know, and there's a reason.

Johnson says:

[S]ocial interaction without laughter produces modified brain chemistry, which affects both your background impression of the exchange -- its emotional color -- and the resulting trace memories the exchange leaves in your head.  Putting smiley faces into email to supplement the lack of verbal intonation helps convey when you're trying to be funny, but because the recipient of your message is still alone when reading it, she won't be likely to laugh out loud . . .

As the brain science of social connection becomes more widely appreciated, our communications tools will be judged increasingly with this yardstick.  Attention deficit disorder is conventionally described as the classic ailment of our multitasking age, but when you look at most electronic communication through the lens of neuroscience, it's hard not to think that autism might be a more appropriate "poster condition" for the digital society.

This was an "aha" set of paragraphs for me; I've often wondered about the effect or meaning the flatness of electronic communications will have for society.  Nothing comes close, so far, to the many channels of communication we have when we talk face to face.  Maybe we'll get better at graphics; maybe our emoticons will be tied to our pulse rates and sweatiness; maybe it'll be done through gentle constant probing of our foreheads.  But communication isn't rich enough online (yet) to be humanly satisfying.

This is too long for a blog posting, but here it is -- my lunchtime address to the Copyright Office. 

I'm delighted to be here this afternoon, and thanks to my hosts.  Particularly appropriate that you've come here to Cardozo, which has one of the top-ranked IP programs in the country.  I'd tell you we were ranked sixth, but that information is under lock and key until this afternoon.

I'm proud to be talking to you.  The copyright office leads the establishment of copyright policy for this country.  You provide invaluable domestic and international policy advice and take part in treaty negotiations.  You're a vital congressional agency

The copyright office serves the nation and communicates to the public about copyright policy.

You understand the copyright balance better than anyone.  You understand that copyright is a tradeoff between exclusive rights being accorded to authors and copyright owners, on the one hand, and public, lawful use of works on the other.  You know that we provide statutory intellectual property incentives to innovators to produce new creations -- because we have a desire to provide to society a steady stream of follow-on innovations that lead to further gains.

But I'm here to tell you during this peaceful lunchtime in this lovely setting, right here at the intersection of 12th and 5th, that copyright policy is being taken away from you

And you may never get it back; and if you're told that you're in charge of it, as you assist with international negotiations, you're not being told the truth.

Where is copyright policy for the internet age being made?

three quick examples: 

first -- the story of the clever state statute

As you probably know, bills to protect cable and movie companies, based on an MPAA model, are moving rapidly through numerous state legislatures. The only problem is that we don't really know what this legislation will end up doing, and it's very broadly drafted.

The MPAA says these are just updating telecommunications and cable- theft laws to reflect rapidly changing digital technologies.  They call them "theft of service" legislation, and often there is no discussion of these bills at all before they're passed.  The form of these bills is changing,  but they're continuing to be mounted in the states.

But the laws as drafted go far beyond protecting the copyright interests of cable and movie companies. The bills reach into homes to control what kinds of devices consumers may use in connection with the services they've paid for. Consumers have never needed the "express authorization" of their cable or phone company before buying a new TV, VCR or PC.  But now they may.  

So, they're called "theft of service" laws but can be understood as "theft of copyright policy" laws.  As the people who know about copyright policy know, a copyright owner hasn't in the past had the ability to proclaim what kind of machine can get access to his content.  Last time I checked, it was still the law that a copyright owner’s statutory monopoly will not reach a device so long as that device is “merely …capable of substantial noninfringing uses.”

Next:  I'll call this The Case of Policy By Demand

Another way in which copyright policy in the internet age is being shaped is by demand letters being sent under the authority of the DMCA.  You're probably familiar with the genre -- there are many recent particularly egregious examples:

Diebold used DMCA demand letters to attempt to cut off political speech about the competency of its machines

Chamberlain claimed that the DMCA's anti-circumvention provisions prevented competitors from developing products that inter-operated with Chamberlain's garage door openers,

Sony claimed that game enhancer software violated the DMCA (by outlawing avoiding country codes for games).  this gave Sony control over complementary games and stopped competition with Sony's OWN game enhancer

Sony, again, used the DMCA to threaten hobbyists who created competing software for Sony’s Aibo robot dog.

Lexmark threatened aftermarket laser printer toner vendors that offered toner cartridges to consumers at lower prices. 

This seems like anticompetitive behavior -- controlling markets by controlling anti-circumvention techniques, and using demand letters to do it.  This was not what Congress had in mind when enacting the DMCA.  And you know that better than anyone.

And those are just the things we know about that have become lawsuits.   You might suspect that many demand letters are going out that don't ripen into lawsuits because the demandee just doesn't want to spend the money to fight.  And ISPs receiving letters like this may be cutting people off so as to avoid hassle.   Even though many of these claims are far away from what the DMCA's job was supposed to be. 

What does this tell us?  that copyright policy is perceived to provide an engine of control over aftermarkets -- not the balanced regime you know it is.

And finally:  the Case of the Breathtaking Reach

The FCC's recent rulemaking in the broadcast flag matter raises significant questions about where copyright policy is going.  The name of the proceeding was changed at the last moment from "copy protection" to "content protection."  But it's really all about copyright.

The video content industry has successfully convinced the FCC that television broadcasts need to be protected against online redistribution by people who receive such broadcasts.  This fight is not (really) about television broadcasts.  This fight is really about the protection of the video content industry's business model.  This 20th century industry is very afraid of the effects of the online world on its ability to protect content from unauthorized distribution.  The friction of the offline world (the cost and difficulty of making hard copies) does not exist online, where perfect copies can be made instantly of the largest conceviable sets of bits.  So distribution control is made much more difficult online.

The broadcast flag rule, distilled to its essence, is a mandate that all consumer electronics manufacturers and information technology companies ensure that any software or device that touches digital television content protect the content against unauthorized onward distribution.  In order to make this happen, the FCC has established a new and extraordinarily broad regulatory regime that mandates the use of "authorized" content protection technologies by virtually every consumer electronics product and computer product -- including digital television sets, digital cable set-top boxes, direct broadcast satellite ("DBS") receivers, personal video recorders (PVRs), DVD recorders, D-VHS recorders, and computers with tuner cards. Until the FCC can settle on a new regime for approval of "authorized" technologies, it itself will decide which technologies manufacturers are allowed to use. 

In effect, the broadcast flag rule represents a (so far) successful effort by the content industry to shift the costs of protecting controlled distribution of their product from their shoulders to those of  the high-tech and consumer electronics manufacturing sectors in this country.  Rather than have encryption or other protection travel with the content, and having the evasion of such encryption be subject to enforcement actions under the DMCA, the idea is that protection of such content will be assured by machines after they have received it.

The broadcast flag proceeding started off in August 2002 entitled "In the Matter of Digital Broadcast Copy Protection."   The NPRM clearly stated in its first paragraph that the issue with which the FCC was concerned was about protecting copyright rights:

"Without adequate protection, digital media, unlike its analog counterpart, is susceptible to piracy because an unlimited number of high quality copies can be made and distributed in violation of copyright laws."

The FCC's logic appears to have been that without a broadcast flag scheme in place, "high value" content would migrate away from broadcast and towards cable and satellite systems -- in which content was encrypted before it was sent out, and thus protected against infringement.   The FCC was clearly concerned about protecting the copyright rights of the content owners. 

The flag is itself a very simple signal that will have to be listened to and implemented by a huge array of devices and software programs.  It is the implementation of the flag that matters -- the mandate that devices have to follow its dictates.  And once one device in a home follows the flag's rules, all content received by that device, whether broadcast or not, in the public domain or not, copyrightable or not, can't be sent outside the home.  It's the vampire rule -- once I bite you on the neck, you're mine.  All consumers will be protected against their own "unauthorized uses." 

Also, slightly inside baseball, the Commission is being urged to create a definition of a PDNE (personal digital network environment) within which copying and transmission can occur.  This is an incredibly broad request to do something incredibly constraining.  The MPAA is suggesting that the Commission define a "local environment" within a tightly defined geographic area.

Wait a minute.  I have content provider bona fides.  Both my parents are composers.  But this is the era of the internet.  Things don't happen in a "local environment" any more, and to suggest that they do seems to attempt to avoid involvement of the internet in digital media altogether.

This is, quite simply, breathtaking.  And once the public figures out what's going on in the name of protecting copyright policy, they'll be furious. 

And I'm not even going to start with the effort to close the analog hole.

these are just sketches of what's going on.  And I'm a centrist on these matters.  But the polemics of copyright policy has become these days like a threat -- if you're not with us, you're against us.  There's the rising perception that copyright owners have control over all unauthorized uses.  As if the mere right to control is the ultimate end of copyright policy.  It's the new normal.

But you know that this new normal isn't reflective of actual copyright policy as was intended in the Constitution or by the framers.  And that the enlistment of neutral third parties in the implementation of this new normal (manufacturers, ISPs, software companies) is overreaching.

A key part of the copyright policy response has to be resisting the claimed "newness" of this situation.  The same arguments are still being made over and over again about bad generation of internet users feeling they have an entitlement to listen to music while, meanwhile, new business models are taking off -- and the video guys will have the same experience.

In fact, this isn't so new.  It certainly doesn't require new laws, new bureacracies, or new asymmetries of information [Koh talk about Patriot Act compliance].  What do I mean by that?

What authorities don't copyright owners already have?  We need to ask that question.

We need some demonstration that the authorities already given (like the DMCA) have been wisely used.

We need to question whether new institutions should be making copyright policy -- why does FCC get to start making copyright policy?

Why does the "new normal" include such asymmetry of information?  Content owners can get all information about uses of their content, but there's no evidence that we're getting more or better content as a result -- no tradeoff for this

Technology is not a substitute for ideas; even new threats do not require new rules (new legislation), new bureaucracies (such as the FCC), or new asymmetries of information (in any mandated DRM context).  We need to resist the claimed necessity for these things, and, overall, the idea of the new normal.

It's gotten to the point where even mainstream manufacturing companies are worrying about balance -- recent report by the Committee for Economic Development, a group of mainstream US businesses that has taken strong public positions on the Marshall Plan and campaign finance, evidences this, where we took a hard look at the effects on economic growth of the nation of implementing the "new normal" in the digital world.  And these companies weren't happy.

You, the copyright office policy makers, are the keepers of the flame.  Don't let this happen.  Don't let copyright policy be made without you.

It's so bloggy to talk about blogging, but I have to say that blogging the terrific Yale cybercrime conference gave me new insights into the blogging process.

This was a truly enjoyable conference, made more so for me by the fact that I wasn't performing myself.  I had no paper to sweat over and revise at the last moment.  So, instead, I could work at absorbing what people were saying.  For me, blogging forces me to focus on the themes being brought out in real-time.  Then, when I've finished an entry, I can see it as a whole -- beginning to end, introduction to triumphant conclusion.  This not only helps me to grasp what's going on but also reveals to me what makes a presentation great.

What makes it great?  Clarity, forcefulness, meta-ness.  Many of the speakers at the Yale conference had all of these qualities.  (Michael Froomkin has these things going for him too, and I was busily blogging his talk when my right fourth finger slipped and I pressed a mysterious "backwards" function button that wiped out my entry.  Sorry, Michael.)  A beginning, a middle, and an end.  A strong voice.  Not reading from notes.  Conviction laced with a sense of humor.  Awareness of time (great speakers never run short on time).  And, most importantly, something to say that matters -- and that the speaker deeply understands. 

Sitting in the timeless classroom (literally -- Yale's Room 127 has no clocks, but does have a lot of portraits on the walls), I felt that I was contributing in some way by writing about what was going on.  I probably felt a little guilty about being there "just" as a participant rather than a speaker, but blogging gave me something to do.  (Note to self:  do not respond to IMs from two different people at the same time while attempting to record what's going on -- this happened during Zittrain's talk, and I'm sorry.  Sorry, Jon.)

So, although blogging means you DO sometimes have to say you're sorry (after all, if I'd gotten distracted while taking hand-notes no one would know), it adds a dimension to conferences that I enjoy.

Jack Balkin is up.  He presents three problems: 

first, what are the different forms of cyberprotest, and how do they relate to the freedom of speech?

second, what is the conflict between freedom of speech and other rights (let's clump those rights as "property")?

third, why is cyberprotest difficult to do?

First, point of freedom of speech is to support democracy. 

Think about different forms of cyberprotest as different forms of technologies; eg, sit-ins, hack-ins, allow small cells to do information-sharing (to get around filters), google-bombing (more). You can divide types of cyberprotest that enhance free flows of information (routing around) from those that block the flow of information.  Both types can be disruptive -- but in different ways. 

But this is a rough cut:  Although the idea of freeing information sounds "good," and the kind of thing activists would be interested in, there may be times to limit the flow (viruses, worms, child porn).  Central question is under what conditions is it a good idea to use code to free up the flow of information.

Second:  You have a factory, people organize, decide to walk out.  Is this freedom of association/speech or criminal conspiracy and destruction of expected profits.  Beginning of 20th century, walkouts are seen as destruction of property.  Then a big debate over what part of this we call speech and what part we call destruction of property.

This is the same problem we have with cyberprotest.

Three phases of protest: first, courts say this is conspiracy and destruction of profits; second, courts say this is freedom of association and speech (AFL v. Swing, eg).  Labor unions have right to organize, even if action lowers profits.  So we get to the third stage: now labor protest treated as a highly regulated subject, treated in labor law.  Completely out of the First Amendment category.

Balkin is not saying these same three stages will happen.  But boundary between speech and destruction of property is not a fixed line.  It changes over time through social movements.  So our view of what's "appropriate" for cyberprotest will inevitably change.

Back to the first rough cut: blocking v. facilitating.  That's too simple.  But there's no a priori way to divide what's cyberprotest and what's destruction.  Dead cow (Oxblood Ruffin hacktivist group) focuses on routing around, which seems appropriate to Balkin.  They also, interestingly enough, say that they don't want technologies to be used for "illegal" speech (like child porn).  But what's the baseline for determining what we think of as illegal speech?  Dead cow seems to be working with US baseline re what's "illegal".  But that choice of baseline is worth talking about.  An important question.

Third point:  what produces the development of technologies of cyberprotest.  Answer:  The Temptations.  Balkin will explain the link.

The key problem in cyberspace speech is proximity and attention.  Have to get the attention of your audience, and have to get next to them (picket around them).  Find some place where people interested in your speech will listen to you.

Balkin student wrote a paper about cyberprotest.  His conclusion was that internet didn't create spaces in proximity to other spaces.  You can move easily around, but you can't interpose yourself between audience and person you're criticizing.  Everyone is your neighbor but you can't get next to anybody. "I Can't Get Next To You, Babe" -- that's The Temptations.

Virtual worlds allow this kind of proximity.  Eg, Third Voice required that the audience join in, to get attention of people who agree with you AND disagree with you (and have no idea you exist). [what about Gator?]  Interest in 1A is also to encounter people you don't know.  Eg, parody sites!  Will take creative minds to design these spaces that will solve problem of proximity and attention.  When they arrive, let's not assume that they're destroying property, but decide whether they're promoting basic democratic values of routing around and glomming on.

Bravo! 

Jon Zittrain is up now to talk about filtering in China and circumvention of such filtering. And hacktivism.

Shows a DMCA notice received by Google for infringing search listing -- threat is that Google will be sued unless it takes result down.  Google even says that there are things you're not seeing.  So Google is cooperating in taking things away from public view (supply side filtering).

If you're China, and you want to stop your citizens from seeing things, you stop people from even seeing google.com (shows search page from Beijing University).  Shows lists posted of blocked sites.  All of MIT and Brown blocked; and all US courts.

JZ did a dialup to Beijing (from his office in Cambridge) to see what could be seen -- but that was expensive.  Then Ben Edelman and JZ asked Chinese servers what was available (eg, search results on google.com for "Tibet" -- top search results unavailable from Chinese servers).  And people out in the world found many other additional sites blocked.  Over 50K were blocked.

Doing this work is becoming more difficult.  (And empirical research is hard!)  Effort to do this entails assuming that China blocks sites for everyone (or not).  Looks as if what's going on is more subtle.  If you type political name into Google, suddenly you won't get access to Google any more. 

Evolving towards a drivers license approach - eg, junior highs do this.  Maybe countries may someday as well -- AUPs for citizen use.  We'll be taught what we should do and what we shouldn't. 

Saudi Arabia also does this -- and allows sites to be unblocked.  Gave JZ two weeks to see what's blocked.  Both SA and China block some common things (like Amnesty International).

Pennsylvania does this too.  Discusses Pappert case statute.  Order can go out to PA ISP saying don't allow Pennsylvanians to go out to particular sites.  (JZ didn't mention that CDT is leading this litigation; see ABDavidson presentation.)

JZ is tracking all of this using the OpenNet Initiative.  Accepting help.

Now:  circumvention.  OpenNet has a circumvention lab in Toronto.  Internet offers opportunity to unhook civil disobedience from wrong being attacked -- before maturation of social moment.  [distracted for a few minutes]

Quick tour of JZ efforts.  Thanks!

Lee Tien:  How does a user know when a device has been redesigned to limit what the user can do?

Deeply, this is a question about the nature of law.  We have a legal sense that appeals to a sense of legitimacy and discourse.  Where architectural regulation hides what it does, we're heading out of law and into instrumental control.  We're leaving the realm of law and any moral dimension/legitimacy issue.

Cf. seatbelt regulation.  Everyone knows about that and can see it.  But when we talk about privacy we're talking about govt attempting to change the conditions of social experience.  From a 4A standpoint the standard is reasonable expectation of privacy -- and if we have no concern about govt steps to design things, we won't know what has happened to our privacy or what is reasonable.  We won't have the opportunity to experience that privacy.  (eg, never having had doors on phone booths would have changed the Katz result).

So rearchitecting network to expose information (creating an audit trail, as Nimrod suggests) may foreclose personal experiences that might inform expectations about privacy.  Eg, zipcode plus birthdate is enough to re-identify 80-90% of data -- triangulation is very easy.  Yahoo! gets this information all the time from users.  Do I know what the invisible consequences of my actions are?  What do you need to know when you're on the internet or using DRM?  How is that that you know you're being injured in some way? 

Do users need to know design options (could it have been done differently so this wouldn't have happened)?  Without knowing the harm, how can your expectations be shaped?

When you're dealing with systems, parts of these systems are in shadow -- so we can't know how these work (eg, PCs, telephones).  Metaphor of architecture means we only perceive in bits and pieces.

Finally, in the world of enforcement -- we don't talk much about the way automated enforcement changes things.  Rules can have a normative career; enforcement of rules is an entrepreneurial event.  You make a decision, using your discretion, that has cost.  That's not the case in architectural decisions to enforce.  Additionally, architectural enforcements are private and unseen.  We can't work on the social meaning of a rule.

Excellent, thoughtful talk by Lee.

Paul Ohm gets up and confesses that his boss is John Ashcroft.  Gets a laugh (post John Podesta talk last night about Ashcroft as destroyer of civil liberties).

Technology in the courtroom:  Too much of it, and not enough of it ("hyperlinks are typically blue").

Digital evidence review:  we look at hard drives for things (what will they do when hard drives go away?).

But question is:  is the person looking at hard drive an expert?  Do we need a Daubert hearing?  Usual answer is "yes."  If we're going to have someone saying child porn is there, we need to be able to say that person was an expert.  Certification as an expert is viewed as needed. 

But it shouldn't be that everyone talking about a hard drive file has to be qualified as an expert.  Eg, if someone pulls fibers on behalf of the FBI, we don't need to say that person is an expert.  This high hurdle won't change Ohm's job -- there are plenty of resources there.  But for small-time prosecutors, it creates enormous costs.

Second:  Court opinions in the surveillance/seach and seizure field are rare.  And they describe technology clumsily.  Where statutory construction depends on this, we're in trouble.  It's not that judges can't understand technology, but analogies don't work well, and litigants don't help them, and labels for things change rapidly.  Eg, arguing to the court that "the internet is like a giant tube, and if you put too much into it it will burst" (for distributed denial of service).  Doesn't help people understand things.

And even use of "email" as a term, without further description or definition, doesn't help people much.  Over time, things change.  So we can't understand the scope of the precedent.

Eg, under Stored Communications Act, what does "electronic storage" mean? defines line between search warrants (storage) and subpoenas (if not storage).  Kozinski focused on "backup protection" element -- all email systems are in backup protection.  But what's he talking about?  POP, IMAP, webmail? entire logic turned on this distinction, but we can't tell what's going on. 

In CDA case:  Stevens says web pages "generally also contain 'links' to other documents created by that site's author"... "typically, the links are either blue or underlined text"

He gets a big laugh and applause.

One of the paper-writing winners (Nicolai Seitz) is standing up to talk about the problems of transborder enforcement of requests for information.

In 80% of all German cases, access to data located abroad is necessary for criminal investigations inolving the internet, he says.  Usually, people ask for letters rogatory, but this takes an enormous amount of time.  And evidence is often deleted.  There have been some improvements in the EU cybercrime convention, but these are inadequate often.

The solution?  Transborder search might do it.  But this might violate the international principle of territoriality.  And, such efforts might make changes on foreign soil.

He points to cybercrime convention.  Article 32(b) doesn't cover transborder search without consent (does cover search with consent).  There's a case (Ivanov-Gorhskov) that does touch on this issue, but FBI has overreached and we're worried (FBI accessed password-protected servers in Russia and downloaded evidence in form of data).  Terrorism may be seen by FBI as a good enough reason to trigger transborder searches and create admissable evidence.

This Russian case is an egregious example of overreaching by US, and we would be outraged if they did it here.  But it underscores the need for some transnational cooperation agreements about this subject.  We have no standardized international practices.  Seitz thinks foreign retrieval of not-freely-accessible data should be illegal.

Richard Clarke is the Washington personality of the week.  Marc Rotenberg testified in early December 2003 before the same Commission on a separate issue re security/privacy issues for going forward in preventing attacks. 

Four key points he made then:

1. long tradition of privacy protection for communications and records stored by governments.  Established during times when US faced nuclear weapons, unrest, assassinations -- but Congress went ahead and set them up.

2.  Sept. 11 provides major challenges, and the people involved in coordinating in govt. efforts completely changes the Terry landscape.  Checks and balances have been changed.

3.  Our understanding of privacy enhancing technologies following 9/11 has changed.  We thought there were tools that could enhance privacy -- TIA bothersome because message was that it would protect privacy, because govt surveillance under it would be less intrusive than other alternatives.

To understand this issue, three dimensions:

1.  What do we mean by privacy enhancing.

2.  What's relationship between federal govt and legal obs to safeguard privacy

3.  How does this all work in practice.

First, definitional problem.  What is a privacy enhancing technology?  Prior to 9/11, we all thought definition was an electronic world where transactions could occur that were verifiable and authenticated, but personally identifiable information wouldn't be necessary.  So these techniques would limit use of this personal information.

In the physical world, we can imagine cash, postage stamps etc. -- forms of value that allow transactions without personally identifiable information.  How translate this to the online world?  This was our core concept prior to 9/11.

No one proposed in Florida in 2000 that there should be an availability to check that vote had gone through.  Why?  Because concept of anonymity at that point, and recognition of need to sever transaction from surveillance is a core part of our democratic society.

This concept of a privacy enhancing technology was derailed by two processes:  first, in the private sector, the view that we wouldn't provide legal obligations to collection and use in the digital world.  it's just notice and choice.  So we saw P3P emerge to translate rights and obligations into a market-based transaction where anything goes. 

Post 9/11, law enforcement said we need to enable surveillance that respect privacy -- but what they meant by privacy was "within the context of a larger scheme that anticipates surveillance."  So, when a vote is cast, it becomes possible to link transaction back to the identified individual.  That's a principle without a boundary.

Rotenberg thought this idea died in the Clipper chip era.  People then said to open the door to this form of storage would create unlimited opportunities for abuse. 

Now our challenge is:  where do we stop?  If you assume all information might be useful in some investigation, where do we draw the line?

Go back to Brandeis dissent in Olmstead v. US.  What would be the appropriate 4A standard to apply to the conduct of telephone surveillance?  Was this warrant-based, or just out there in the ether?  Court said no physical entry has occurred, it's just information out there in the ether; if you are concerned, go to Congress.

Holmes dissented ("a dirty business").  Brandeis said:  look at surveillance in electronic space -- this is far more invasive than what would happen in physical space.  In electronic space, we're unbounded by space and time.  Could be lots of people talking, on many different subjects.  He argues for a higher standard of oversight, because oppty to obtain information is so vast.

When you go to wiretap statute of 1968, it's a "super warrant" when compared to what you get in physical space.  Constitutional response is based on fear that govt will overreach. 

So answer about incorporation of techniques to protect privacy post 9/11 is to keep in mind:  to the extent actors seek to comply with legal obligations and claim that they are "privacy enhancing," then technologies must incorporate auditing, transparency, all other requirements -- because of the enormous risk of government misuse.

Sonia Katyal is up, reminding us that it's important to think about the relationships among public/private law enforcement and surveillance.  Cyberspace allows us to contemplate the limits and possibilities of architecture and law.

Focusing on piracy surveillance:  monitoring users.  Convergence between modes of consumer surveillance and law enforcement -- but quite distinct from both.  An extrajudicial regime of copyright enforcement that poses serious complications for privacy, security, and anonymity.

Basic premise of the paper is an architecture of p2p transmissions.  Rise of piracy surveillance in cyberspace is attributable to this type of architecture.  In property, we have bricks for architecture; in cyberspace, architecture is permeable, allows facilitation of surveillance.  As consumer surveillance rises, we see rise of piracy surveillance.  (By piracy surveillance, she means monitoring that encompasses private notions of infringement; done privately; extralegal -- outside of ongoing litigation). 

Interesting from an IP perspective, because this kind of surveillance alters understanding of IP rights in cyberspace, by giving copyright a predatory and invasive and panoptic dimension.  Speech-based judgments as well.  Enables a copyright owner to determine whether or not an individual is engaging in fair use (and raises substantial due process concerns).

Three major forms of surveillance:  raise similar issues.  Eg, monitoring, using smart agents or bots that search for files.  Key problem raised by that is seen in Verizon case (challenge to 512(h)).  Disclosure of identity with very little real judicial oversight.

Also, problem that similar (but noninfringing) files will be caught up in this.

And how do we protect anonymous speech.

Two other forms of surveillance:  DRM collecting consumer information.  And interference (self-help).

Normative conclusions:  This modes raise complicated questions about the intersection of privacy and identity.  We shouldn't avoid enforcement, but should do it to fit freedom of speech and informational privacy.  Don't force tradeoff between privacy and protection of property.

Orin Kerr is up.  His suggestion is that computer-related crimes will end up with a different set of procedural rules -- "network" criminal procedures.  Even if crimes remain the same, they're committed in different ways.  New facts will trigger needs for new laws.

Start with physical world crime -- bank robbery.  Fred will walk in, go to teller, hands note, teller gives money, goes to car, runs away. 

Cop will show up -- what does he do? He looks for eyewitness testimony.  He also observes what the bank is like and whether there are trace materials of the crime.  He will collect physical evidence tying the crime to Fred.  Eg, the threatening note.

Fred gets out of prison, says he'll be an online bank robber.  He'll hack into the bank.  Logs onto ISP and passes through intermediaries to hide his tracks.   Sets up account, fills with money, sends money offshore.

Now you're the police officer called to investigate this crime.  You'll notice a really different crime scene.  No physical evidence, no eyewitnesses.  Just zeros and ones.  Have to trace evidence back to attacker, but can't do it in traditional ways. 

So you start from bank victim, track back through intermediaries. Hope that system admin has these records.  Trace back to Fred's ISP, and hope that ISP will help you.  But you don't have proof beyond a reasonable doubt -- you only have electronic evidence from third parties.  You have to get a search warrant and go to the target's home -- then forensically analyze Fred's computer.  Fred might keep notes ("I'm looking forward to hacking into the bank tonight.")  You seize the drive and image it, then run a string searcdh for that account number.  Takes weeks.

Different set of processes.  What does this mean for law?  Means that we need new rules to regulate these processes.  4th Amendment and 5th Amendment are tailored to the physical world.  Eg, search rules are about "the entry of the place."  Also, collecting physical evidence is about 4th Amendment seizure rules.  So how do those rules map on to facts of investigations of online crimes?

They don't map well.  You either get extraordinarily expansive rules or rules that are too narrow (where there are no real threats).  We need a relatively balanced set of rules.

Eg, if you want to get records from a third party, you have to get a subpoena.  No privacy protection there.  Traditional 4A doesn't apply to third-party stored information.  This just isn't a problem in the offline world.  So we have new facts where the information is collected and stored in a different way.  Old rule doesn't help.

Last stage -- forensics.  Bunch of interesting problems.  If you map what has to happen to 4A rules, you have big issues.  For a warrant, you have to describe things and only take that.  But in online crime, might be lots of other evidence involved.  Can't get a pinpointed warrant -- have to seize more than you have probable cause to seize.  What about making a bitstream copy?  Is that a seizure of a person's computer?  Traditionally, no -- not a seizure, just making a copy.  So govt could run off a copy and search that!  But intuitively that seems like a problem.

So what will happen in response to this problem?  We've begun to see a new field of network criminal procedure evolving.  Eg, ECPA, and 18 USC 2703, regulates process of going to third-party provider and asking for information.  So it's more than a mere a subpoena.  Statute recreates warrant requirement from the physical world.

Similarly, for forensics, courts are creating new rules to cover these last-stage searches.  So, eg., in a home, the police can't look for physical information that hasn't been described.  But electronically there's no restriction.  So courts have changed rule that governs whether intent matters when you're searching a computer.  Outside scope of warrant/inside distinction doesn't matter.  Subjective intent, though, does matter.  We'll ask agent "what were you thinking when you accessed this file."  Courts are responding to changed set of facts by looking at intent. 

We'll see more and more computer-specific set of rules.  A new body of law to study.

Great presentation.  Good work, Orin!

Beryl Howell, formerly counsel to the Senate Judiciary Committee, is up talking about real-world problems caused by crimes on digital networks.  Moral for all three stories:  specific laws directed to specific problems are very important.  So we need to keep updating these laws to fix mistakes and keep up with changes in technology.

First -- leak of many staffers' memos.  Two Republican staffers had taken thousands of documents and zipped them up with passwords.  Taken from common server.  No staffers were supposed to look at other staffers' memos, but permissions were set incorrectly and the files were wide open.  Appalling breach of custom.  Was a crime committed under the CFAA?  Or just an immoral action?  What does "authorized access" mean?

"Authorized access" was intended to be a case-by-case inquiry.  [note that civil liability requires damage as well, so a higher standard than the criminal part.]  Seems to be "you know it when you see it."

Second case:  FBI agents arrive at a suburban house, say computer being used to distribute child porn.  Teenager there had downloaded Kazaa, downloaded files that contained child porn, then had become a supernode, being used as a pointer.  Teenager had enough files for a felony.  Had he been emailing images to his friends? going to specific sites and downloading them beyond Kazaa?  Son said he wasn't aware of anything.  Child porn is strict liability; hard to do forensic exams because examiners don't want to be in possession of it either.  Happy ending:  prosecutor declined to prosecute.  But signals that technology can take you over a line.  Is the user at fault, or the technology?

Third case:  Company target of embarrassing emails with sexually explicit attachments (sexually explicit patents) sent on their behalf; clients took business elsewhere.  Company seemed incapable of stopping it.  Insecure wifi points and student internet accounts used to send these messages; couldn't track spoofer down.  Howell's company did an investigation.  Complaining emails about these attachments were also spoofed (from "wounded grizzly").  Started talking to wounded grizzly; got an extortion demand for 17million.  Suspect surveilled; able to pinpoint him as spoofer.  Arrested him two weeks ago; found ricin and guns in his house.  Threats you think you're aware of are just the tip of the iceberg.

So we have a problem: limits of CFAA.  Couldn't go after "wounded grizzly" because act unclear; stymied legitimate self-help efforts.

Alan Davidson from CDT is up.  Why does criminal law only seem to expand?  Does it ever go the other direction?  "how many laws have you broken today?"  There's a disconnect between social norms and the laws we have on the books.  Why can't we allow rulesets to evolve -- and why can't we have different views about what's wrong online v. what's wrong offline?  A lot of policy FUD here.  Will rote application of offline law lead to unintended consequences.

Three quick examples:  the case of the nation of felons.  How do we think about criminal copyright?  Has changed dramatically in the last ten years?  We've have criminal copyright for a long time on the books.  Was a misdemeanor for a long time.  With 1997 NET act, we got rid of "commercial profit" requirement; instead said if you distribute works of greater than X value over Y days, you're guilty.

And in 1998, DMCA creates new crimes for circumvention and removal of information.

So we're responding to a felt need to protect material, but what's wrong with this picture?  Millions of people regularly violate this law.  And this is likely to get worse.  Expectations offline (first sale, fair use) drive us to use works online.  Technology that precludes these kinds of uses will be counter-intuitive for a lot of people.  Seems odd from morality perspective -- "criminal" activities may not be felt as wrong.  And from deterrence/utilitarian perspective; these laws aren't having a large effect.  What does it mean for the rule of law if millions of people routinely ignore it?

Two approaches:  House Judiciary committee; maybe problem is that it's too hard to bring these cases (so eliminate wilfulness, make a single copy made a available on a P2P network trigger wilfulness).  Second, give govt civil enforcement powers here.  This seems to resonate with online social norm.  A speeding ticket and not a felony.  We may be overreaching in our expansion of criminal law.

Second:  case of culpable carrier.  Creating criminal liability for ISPs.  Challenge in Pappert case:  DA can get ex parte order from judge based on showing that child porn is there; gets order saying "you must block material from this source."  Make sure they can't see this web site.  Couple things wrong with that.  ISPs block bluntly -- by blocking IP address.  This blocks all other things hosted there.  We discovered over a million blocked based on 500 blocking orders coming out of PA.  Well-intentioned law leads to incredible overbreadth.  Trend is to look to ISPs to hold liable.  Begins to jeopardize end-to-end model.

Third case:  case of the aborted Koogle family vacation to France.  Tim Koogle subject of criminal action in France based on larger Yahoo! case.  So he can't go there.  This was ultimately resolved just last year when charge dismissed [is that true?], but leaves open question about how to deal with criminal laws.  US govt will certainly do this (eg, Elcomsoft).  Calls into question relationship between individuals and govt. 

In DC, legislators only expand laws -- don't contract them. 

Five modest suggestions:

1. go slow re cybercrimes

2. revise defs of crimes and access

3. prefer civil enforcement (things less harmful in the online context)

4. issues of international prosecution

5.  tie to social norms more carefully

this was the best presentation on this panel.  Very substantive and thoughtful -- great job, Alan.

I'm delighted to say that I've been added to the roster of Fellows of The Information Society Project at Yale Law School. This means more trips to New Haven ("The Hub"), and, with luck, some engaging meetings in New York. Thanks.

I'm here in Room 127 of the Yale Law School for a cybercrime conference.  So far, we had an excellent keynote from Dan Geer, and Tony Rutkowski (VP of Regulatory Affairs at VeriSign) is getting up to talk now.

But I'm distracted by a conversation I had with someone before the meeting began.  He said that this whole game of ICANN and VOIP and lots of other worries is essentially over -- FCC plans to assert jurisdiction over the DNS as an IP-enabled service (and assert jurisdiction over email and any other application that uses IP).  He pointed to an FCC NPRM (MC 04-36) in support of this assertion.  He also said that the EC has issued a similar notice.  These notices point to a limited set of obligations for providers.  Game over, in this individual's view.

Back to Tony.  He's pointing to the fact that there are very few content intercepts in the real world.  Most requests are made for subscriber information.  Law enforcement access is essential, and all we're talking about is what costs will be paid by whom.  Anonymity is over.  Key developments are happening in the private sector.  In the public sector, we're talking about the cybercrime treaty (probably will come into effect this year), the UK data retention code, and the FCC CALEA proceeding.  Europe cares only about data retention; they're way past CALEA.

He says re CALEA proceeding: 

Coverage:  Nothing really new here (real time access to data is a fact of life under state and federal law); we're just shifting costs to providers.  And need capabilities in place in order to do this stuff.  Law enforcement has a critical need for access in today's nomadic architecture environment.  He says this is innovative.

Compliance:  Creative, more flexible, adopts 15 month benchmark approach to enforcement.

Costs:  Pass on implementation costs to subscribers; transparency is good; service bureaus make the costs minor; parity with other regulatory mandates (E911, Universal Service); costs are trivial compared to stored data production via subpoenas. (that's an interesting point, if true, and Tony seems to know what he's talking about.)

More when the next panel comes up.

Paul Marino is going to help me pull together some surprising Machinima materials to show the Copyright Office.  This will help me pose questions to the group -- like who owns what and why, and what if another avatar wanders by?  Thanks to Ernest Miller for the suggestion.

I just watched another Red vs. Blue movie, and I'll need Paul's help making a zippy demo out of this.  All ideas welcome.

Next Thursday, I'm giving a lunchtime talk to the Copyright Office (part of a program called The Copyright Office Comes To New York).  Send me your suggestions.  This is my chance to say something sensible.

I thought I'd talk about the feeling of being in Canada in June 2003, during an otherwise uneventful ICANN meeting, when Lawrence v. Texas came down.  The Canadians were feeling awfully smug and superior.  They didn't have to tussle with any ridiculous anti-sodomy laws.  They had even worked peacefully through the issue of same-sex marriage.  They were waaay ahead of us, and surprised at our lame approach to these issues.

I'd mention with sadness the prospect of more election-year debate over same-sex marriage.  (Fighting over who gets to marry whom seems completely pointless to me, and I'm embarrassed that those who govern us are even worried about it.) 

Then I'd talk about the recent Canadian copyright decision to which Michael Geist has pointed us.  Once again, our friendly neighbors to the north seem to be waaay ahead of us.  According to Michael, the Court concluded that the Canadian analogue to the fair use affirmative defense "should be granted a large and liberal interpretation."  Indeed, Michael points out that the court shaped this "exception" to copyright infringement (in our parlance, this defense) as new copyright rights for users.  Users' rights.  Those Canadians have the idea that these rights need to be balanced against the rights of copyright holders. They also think that it's appropriate for manufacturers to presume that their machines will be used for lawful purposes -- and they seem to think that copying for personal purposes is different and special.  Hmmm.

Then I'd talk about some of the more outrageous elements of the broadcast flag proceeding (continued studio role as gatekeepers) and what's coming up next via the analog hole funnel (lingering on nomenclature here).

So:  don't blame Canada, blame us if we can't get this right; don't press for more laws or tech mandates at the moment; keep the FCC out of copyright policy; let Congress decide the difficult questions of secondary copyright liability.  Congress has been decidedly not technology neutral when it comes to the internet (section 230 comes to mind).  We should want to avoid another Lawrence v. Texas moment 15 years from now -- when we come to our senses after a great deal of wasted time.

Look forward to your comments.

The New England Spring Flower Show is on right now in an enormous hall near the JFK Library.  It doesn't have much to do with copyright, but it has a lot to do with spring.  They've created warmth and color (deep oranges, bright blues) by forcing flowers to bloom and then bringing crowds by to admire them.  I'm not a gardener, but I'm related to generations of gardeners, and I have respect for the enterprise.

The kind of gardening that takes place at the Spring Flower Show is carefully planned and executed.  It's a celebration of control; the plants are spaced beautifully and placed against each other so as to show up well; silvers and blues, rough and smooth.  It isn't spring -- not yet -- and many of the blooms don't belong together because (the gardeners tell me) they'd never be present at the same time in the real world.  But they're all there in the convention hall, blooming bravely under bright white lights.    

The moss is dying right and left, and many of the flowers are starting to look tired -- I guess it's a strain, being forced to bloom. 

If you think about it, it's what will happen in the minds of the gardeners that's really interesting; they'll bring ideas home and try them in their own back yards.  Notes were being taken; advice was being sought.  There is beauty made possible by the control in the convention hall, and a great deal of work has gone into making those exhibits possible.  But the show gardens, although ordered, can't be owned.  No one seemed too worried when pictures were taken of their model gardens by amateurs.

It's good to get away from ownership once in a while.  We so easily go too far.

So (as they say in cybercircles) I've been working on some new ideas.  The Cigarettes and Copyrights article is gaining flesh ("don't let the broadcast flag go through, because the FCC has exceeded its jurisdiction and is making copyright policy").  Now I'm working on a new project.

The main idea here is that we take lazy shortcuts in reifying information.  We use property concepts ("trespass to chattels") in talking about automatic searching of information that will do nothing other than lower costs.  We confuse objects with information when we talk about whether people have rights to access content stored in a particular format ("you can watch that DVD and take notes; you don't have a right to manipulate that content when it's in DVD form").  Software is a hard case, and sometimes it's not clear whether it is speech (bits) or action (atoms). 

But these lazy shortcuts are ultimately quite destructive.  After all, law is about people.  Law is supposed to serve people.  So we should serve core human values in developing legal frameworks.  People progress through acquiring (participating in, creating) metainformational depth.  That's what maturing and learning is; that's what a cultural conversation is. 

What's interesting and different about information (as opposed to clods of dirt) is that it interacts and amplifies in ways that dirt doesn't.  It's not just that information isn't scarce -- although that's a difference too.  That difference isn't as fundamental, though.  It's that information isn't conserved and interacts with other information in ways that create (taa-dah) metainformational depth.  Dirt can't do this.

So, any time we unnecessarily reify information, or drag in bodies of assumptions that are based on objects, we're cutting ourselves off from basic human interests in metainformational interesting-ness.  We don't even know what we're missing.  But it's very likely that more complex and interesting clumping is being truncated.  Without that clumping, we can't learn. 

We need to have different (more sensitive, more freeing) regimes for information than we do for real property, and we need to be careful about lazy theoretical shortcuts that don't do us any favors.  Pieces of dirt can't talk, so they're fine under real property law.  But as humans we need to be careful not to cut off our own conversations.

Just a quick link to an International Herald Tribune article about the ICANN meetings last week.

And a link to the PFIR request for an "internet meltdown" conference ASAP.

These two articles connect, of course.  ICANN is under attack, but that doesn't mean the internet is melting down.  ICANN has nothing to do with spam, spyware, security, or content.  All of those issues can and should be addressed by better tools that users can understand.

We're getting close to the end of the public forum section of the ICANN Rome meetings.  Two big pieces of news here tie together.

First, the ccNSO has been formed.  It's true that it could use more members from around the world, and it's true that the ccTLD constituency still meets separately from the ccNSO.  (This is inside baseball - stay with me.)  But what's important here is that ICANN has been encouraged to recognize that the country code domains are capable of making their own policies and do not need to be put under centralized control.  Most decisions affecting the country codes should be (and will be) left to local initiatives.  The ICANN Board clearly does not need to be involved. 

The next step will be to allow the ccTLDs to have more say over the IANA function (the part of this operation that changes nameserver information for TLDs) -- it's my understanding that IANA won't say what staff does what, how long requests take on average to be implemented, or how much it costs to perform its job.  But that's for later.

The second key piece of data here is that Bruce Tonkin gave a terrific presentation about the need for standardized processes (written dockets, timelines) when considering registry/registrar requests for contractual amendments.  Now, one response to such a request could be the ICANN Board just saying "Yes."  But the Board is under worldwide scrutiny, and Bruce's point is that ad hockery has not served the Board (or ICANN) well. 

The relationship between these two topics is:  ICANN is trying to clarify its place in the world (eg, not making local rules for registries) and professionalize its relationship with the contracts it has signed.  These are both good steps, and they'll help ICANN survive. 

I am at the ICANN meeting in Rome.  The big story here is that ICANN is under attack for not sticking to its narrow mission -- technical coordination of the DNS and IP numbering system.  People here are referring obliquely to the VeriSign lawsuit as "recent events" (as in "in light of recent events").  This euphemism reminds me of words used to reference the US Civil War ("the late unpleasantness").

The lawsuit will force a fundamental reexamination of ICANN's role in the world.  It will, I hope, provide some needed clarity for the businesses that are involved in the domain name system.  ICANN will survive this unpleasantness -- in fact, it is likely that ICANN will come out the better for it.

By acting as if it is indeed a regulator of the internet, ICANN has made itself into a rather large target.  So attacks are coming from several quarters -- it's not just VeriSign, it's the UN and WSIS who are gunning for ICANN.  In fact, there are direct links between the VeriSign suit and the WSIS/UN initiative.

Here's the connection:  by forcing registries to sign elaborately detailed contracts as a condition of entering the root, by acting as if its role in approving new registry services includes the right to tweak the implementation of those services, and by generally claiming to represent the global internet community, ICANN has made itself look like a useful lever for control.  There aren't very many levers when it comes to the internet -- there are very few chokepoints online.  So when governments are frustrated by spam and security problems, they look at ICANN and say it must be doing a bad job.  Governments also notice the control that the US Department of Commerce continues to have over ICANN and are troubled.

If ICANN stuck to its knitting and focused on its coordination role, it would present a smaller target to the litigating, globetrotting community.  ICANN should be boring.  ICANN isn't purely technical (just notice who goes to these meetings, and read the UDRP), but it should act like a standards body -- opening new TLDs, accrediting registries, and providing a forum for discussion of multilingual issues.  If it did this, no civil servant would want to be involved, and governments could more readily defer to its actions.

There are spam, security, spyware, and content problems online.  Connectivity is also a problem.  But these are not problems ICANN is equipped to solve.  I am optimistic for ICANN's future, as long as it sticks to its job.

Here is a link to the report issued today by the Council on Economic Development.  Times coverage is here.

Mainstream businesses are becoming concerned about rushing too quickly to protect intellectual property rights through legislation or rulemaking -- such as the technology mandates recently suggested by the FCC in connection with its broadcast flag rulemaking.  The report presents a centrist, "go slow" set of recommendations.

Leonard Slatkin did a great thing last night:  he made an entire hall of jaded, sophisticated concertgoers (bathing in the cream bath that is Carnegie Hall) really listen to Beethoven's 9th.  And it's all related to the current battle between innovation and intellectual property overreaching.

Slatkin turned around and talked to the hall about Mahler's re-orchestration of this symphony.  He pointed out that Beethoven died sixty years before Mahler's prime as a great opera conductor and composer, and that during those sixty years a lot changed:  orchestras got bigger, halls got bigger, and instruments evolved.  Notes that a flute couldn't play in B's time became accessible.  (There are still notes that the sopranos in the Kennedy Center chorus couldn't reach last night, but let's be charitable: pitch has gone up an awful lot since B's time, and human vocal cords haven't changed that much.)

Mahler, as a guy with dramatic flair and an urge to actually hear the melodies of the piece, liberally redrafted the orchestration of the 9th.  He used massed winds to emphasize points.  He changed dynamics and articulations.  He had the entire wind section raise their bells (a very Mahlerian move) to play what had been a lone piccolo's trill near the end of the last movement.  He marked up the famous recitative so it would sound meaningful instead of plodding.  Slatkin illustrated this for us, using the orchestra to provide musical examples.  Slatkin pointed out that lots of conductors had done similar things to the 9th -- the Szell 9th, the Toscanini 9th, the Walter 9th. 

He ended by saying that during the last 25 years or so we've adopted this prayerful, pure (my words, not his) approach to "classical" music.  We see and hear these works as unchanging and unchangeable.  But that's not what they are -- they're not frozen in amber, they're not things we're supposed to respect in the abstract.  They change with the times.

Some people near me arrived after this portion of the concert, before the NSO actually played the symphony all the way through.  When I told them about what they'd missed, one woman said: "Oh, well, I'm very familiar with the piece," as if she couldn't imagine that it might change.  And then she told her husband that the symphony was 70 minutes long.  Wellll, maybe it is and maybe it isn't! It depends what's being done to it.

Maybe (here's the tie-in to innovation and intellectual property) we're in an era in which we're beginning numbly to accept that "content" is just provided to us.  It's an atom, a thing that floats in space, unchanging.  We can hear or see it, as part of a mass content-absorption experience, but we are at a distance from it. 

But musical experiences are informational.  They're made of bits, not of atoms.  They should happen anew every single time, if things are going well.  Music isn't wallpaper, and you don't "acquire" concerts.  You experience them. 

Anyway, the performance was stunningly beautiful, full-hearted, and novel.  Maybe that's just me.  I thought it was. 

And I did get the sense that everyone in the hall who had been there for Slatkin's talk was listening intently with new ears. 

The truly talented Paul Marino came to talk this afternoon about Machinima, and I'm looking for volunteers to help me with "Property Law: The Video Game."  Seriously, folks, this is big.

Paul (and many others) are working on and using tools that make film-making within a real-time 3D environment easy for the rest of us.  They're using game engines (like Quake) as a way to produce movies.  This all started with teenagers recording what they themselves were doing in the game -- so they could show their friends -- and has amplified into a new way to make animated movies with a real director's touch. 

Paul (who is writing a book that will be coming out soon) says that Machinima was coined in Scotland and means "machine cinema."  At this point, people are deep into building post-production tools that provide all kinds of control.  There are some breathtaking films on this site.  Watch the one with the flower.

Basically, the Machinima tools take a game environment (many different game environments) as a given, and allow directors to choose camera angles, lay down "tracks" of different characters (so they appear to interact), add music -- you name it.  Game developers have mostly been quite receptive to Machinima, because it provides another channel for their engines.  So far, the licensing part of all this is a little ad hoc, but will likely become more standard in time.  This may be the way the next blockbuster animated film gets made.

Paul pointed us towards Red v. Blue, a group in Austin that's making very funny films using Halo.  Guys just talking and standing around in a multiplayer game, talking about standing around.  Take my word for it -- it's funny.

You can imagine all the gamer sorts of things that can happen in these films -- characters gathering together to be directed (people playing characters who are playing actors), avatars wandering on to the set, killing/maiming (but not really in what Paul showed us)..

He showed us some very realistic character work for which the interface for human directors would be sliders.  Raise a slider, raise an eyebrow!  And if you have a .wav file of someone speaking, that will drive the character's speech.  Really neat (words fail me at this point).

If you join the Machinima Academy, you can get a tool that allows creation of these things for a modest yearly fee.  As long as you don't make commercial films.  Paul did a demo for us in about 3 minutes -- very impressive.

So the law professors started asking questions:

can we load documents in and make this a course?

can we modify the environments?

can we use this to stage reenactments of accidents?

Paul pointed us to Adobe Atmosphere, a virtual world tool that allows for documents to be involved.  I'm most interested in the course applications.  What if you walked into a property course, and it was a game like one of these films?  (This is a lot of work for the professor.) 

But it might just be the future.

Part of the premise of the accountable net is that each individual will be setting up his/her own set of rules for who they connect to (this is a who rather than a what question -- trustworthy sources of bits).  We're still working on the paper, so there's nothing to blog yet, but the roadshow has been quite constructive. 

At the Berkman Center last week, we heard from several people who are concerned about making any changes at the ISP level.  The worry is that packets won't be guaranteed to get anywhere unless they find a route through congenial ISPs.  If any ISP can block anything, the reasoning goes, we'll end up with a net that doesn't actually interconnect.  No quality of service guarantees.

The response to this is that ISPs, to be valuable, will want to connect to networks that make adequate security guarantees (and enforce them).  So interconnection will be desirable and growing.  Backbones will want to make the same deals.

It's at the individual level that things get most interesting.  Let's assume that we flip the default setting and connect only to those we actually trust (or who are recommended to us).  In a sense, we will have set up an individual set of "laws" for online interactions.  We could even draw a picture of these laws so that we'd understand them for ourselves in a continuously updated way.  If we're not up to doing this for ourselves, we could go to vendors of rules and get the package that made sense.

Now, if laws can be bought and sold in this fashion, what does that mean for our respect for and understanding of "real" law?  If "real" law only governs atoms, is it more or less meaningful to us?  It may be that we end up with two complementary systems, with overlaps.  After all, the sovereign who has power over us, physically, could try to mandate particular sets of default rules -- a tricky task to enforce.  Things will be moving too quickly for the sovereign to keep up with our filters and connections.

But a new question does arise -- what happens to respect for "real" law when another system of rules exists that has legal effect in the online world?

Two recent (or upcoming) ICANN moments should cause concern. 

First, the sTLD beauty contest.  The application requirements for these sTLDs make it seem as if registries are applying for venture funding rather than a string.  Take a look, particularly at the financial and business plan requirements.  Headcounts down to the mailroom.  Travel plans.  It's as if ICANN has hired an investment banker to look into these plans.  ICANN has no special competency in any of these areas, and it would make much more sense -- and fit ICANN's limited role so much better -- if ICANN had a neutral third party develop minimum technical/financial standards.  ICANN could then then roll TLDs (not sponsored, not unsponsored, just TLDs) out as applications came in and were approved. 

Second, the suggestion that ICANN needs a Policy Development Process about changes to the "architecture and operations" (or "services and actions" -- pick your broad description) of a registry.  Although the staff says (and I believe them) that all they're doing is trying to develop a coherent process for responding to registry requests to amend their contracts, it's very clear that other constituencies view this PDP as an opportunity to ensure that no registry does anything without their permission.  This has gone far out of scope and needs to be hauled back.  Yes, we need a docket for the process and substance of actions ICANN is taking -- but we don't need one or another constituency blocking registry services for idiosyncratic reasons. 

The idea is that registries are free to innovate unless there is a consensus policy in existence to the contrary.  This PDP should not be viewed as changing that default setting, which is set forth in each of the contracts ICANN has signed with gTLDs.  Nor should the sTLD process be looked on as a model for future TLD activities.  It's time to move on to an ICANN that is more clearly in the business of technical coordination.

The MPAA comments in the broadcast flag proceeding are worth reading.

At p.9, the MPAA asserts that "the focus of attention on unauthorized redistribution should be on whether a proposed technology affirmatively and reasonably constrains unauthorized distribution beyond the local environment. . . " What the MPAA means by this is that it believes no content protection technology that allows transmission of content online could ever be added to Table A.

What does that mean in humanspeak?  Well, it means that if you're using a "compliant" TV and you see a news clip that you'd like to send to your parents (who, let's assume, don't live with you), you won't be able to.  Nope, not unless you find a way to make a hard copy and mail it to them in a box (and they have a compliant device in their home that they understand and can use to play the recording).  Sounds cumbersome, doesn't it?  Sort of puts things in a box. 

Focusing on a "tightly defined geographic area" for redistribution allowed by content protection technologies seems odd in the age of the internet.  But even stranger is the MPAA's contention that software demodulators (code that "tunes" TV signals so that people can see them) must be covered by the flag rule.  So this means that the FCC is now in the business of assuring the "compliance" and "robustness" of code.  Software demodulators, the MPAA claims, can only be sold on the market if they are incorporated in a compliant "Demodulation Product."  Again, the box:  software "tuners" will have to be sold in a box with approved hardware in order to be legal. And won't be available, separately, for use in PCs (unless the digital outputs of those PCs are adequately robust and protected).

This is shaping up to be quite a battle.  Stay tuned (but don't use software to do so).

It would be good to get mainstream computer enthusiasts interested in this proceeding.  What's the best way to do that?

There's reputable work going on with human cloning. A group of South Korean scientists has figured out how to clone a human embryo.

Immediately, we're into the circle of ethical handwringing that is familiar to us all. But a new intersection struck me as I listened to the stories on the radio.

There's a sense that we want to hold technology back, to prohibit certain kinds of copying that some view as immoral. I have a strong view on this when it comes to humans: so much about a pre-wired person is shaped by their environment that a clone could turn out entirely differently than its original. I refuse to worry about cloning, and I think the importance of creating useful stem cells far outweighs any concerns about creating embryo copies that are "human" in some sense.

Similarly, the copyright debate (particularly in the broadcast flag setting) is often focused on limiting technology so as to prohibit certain kinds of copying that some view as immoral.

I'm going to make a provocative suggestion:  Although it is true that too much copying produces cancer (or destructive infringement), the machines that make copying possible don't have moral content.  So there is no reason to punish copying machines when they do their job -- either when copying  embryos or content. 

Additionally, the act of copying is purely informational.  Too much of it, or too much public distribution of it, can be considered wrongful (cancerous or infringing), but small amounts of copying for personal purposes don't meet this test.

Don't punish technology.  Punish people who copy too much.  (And let stem cell research flourish.)

A good property/cyberlaw connection for this week.  Courts often strongly discourage self-help in landlord-tenant disputes because of the risk of violence, even when the landlord and tenant have agreed in a lease that the landlord may retake if there's a breach of the lease conditions.  (Tomorrow's case:  Berg v. Wiley.) 

We just don't like vigilantes.  And we point to things like eviction summary proceedings as the place landlords should go.

In the copyright context, though, we're encouraging self-help by content owners by saying that technical copy protections are in effect the law of the land.  We say that it's too cumbersome to go to court and fight about each individual infringement.  Instead, just fix it through technology.  (Looking around, I find that Julie Cohen figured this out a while ago.  Maybe I can provide a different spin.)

In the broadcast flag setting, we've gone even further.  Not only are we saying that technical copy protection is the law of the land, but the FCC has attempted to claim that the flag has nothing to do with copyright.  So there's no chance that anyone could say "wait a minute, go to court before you say I'm infringing, don't prompt violence through self-help."  It's not about copyright.  It's about I Love Lucy.  It's about the American Way.  It's completely unconnected from legal liability rules.  "We have to use self-help," say the studios, "because otherwise broadcast television as we know it will cease to exist."

There's no contract in place between broadcasters and the public, as there was in the Berg case (a lease that had pretty clearly been breached).  There's no claim that copyrights are being infringed by non-compliant demodulators (because the FCC's jurisdiction would be weakened).  But self-help is being written into regulations nonetheless.  

Surely that's doubly wrong.  Self help is wrong in the first place (as the Berg court reminds us), but self help that claims no legal background for justification must be really wrong. 

I've been thinking about how to present a suite of offerings to law students -- a basic cyberlaw course, a seminar for case studies, a group of people working on papers -- and I think something that's missing is actual technical expertise (both in me and in many students).  We have long textual introductions in articles that explain, over and over again, how the DNS works, for example.  Surely it's time to standardize and expect that that knowledge as well as more sophisticated understanding.

So I think I'm going to suggest a technology course (or set of course-lets) to run alongside the basic cyberlaw course.  The technology course would be pass/fail, so as to eliminate anxiety.  It might consist of a few long sessions, or one short session a week.  I've seen a sample tutorial that is given at Harvard, and I thought it was great.  I'd like to have someone do something like that at Cardozo.

The comments I got on "what is cyberlaw" were extremely helpful, and I'm going to adopt a more modular, case-studies approach next year.  This is another authentic plea for commentary:

What should law students (or business students, or any graduate student in a relevant field) know about the internet, networks generally, or the personal computer?  How is this best taught? 

Last night, John Palfrey, David Johnson, and I gave the first roadshow presentation of the Accountable Net, a paper that we're working on. We talked to a group of Yale and Harvard cyberscholars. 

David led off, summarizing the paper wisely; John cleaned up, sagely noting what points we weren't taking on (e.g., the longtime discussions about whether the internet can be governed at all); and in between I said some things about the strengths and weaknesses of the paper.  A very intense discussion ensued.  All involved were brilliant and insightful.

It's too early to talk about the paper in any specific way on this blog -- the three of us are still thinking through what its scope will be, and we go up and down in our various assessments of its possible impact. 

But it's not too early to talk about whom to trust.  From my perspective, choices of private labeling/filtering systems, choices of private DRM, choices of platforms, choices of private content -- all of this is good.  I assume that competition will produce lots of choices for the future of communication online.  I refuse to be worried about allowing private firms to make these kinds of decisions for us if we're too technically incompetent to make them for ourselves.

(Note yesterday's NYT front-page story about how incompetent people are at arranging for their own online security, and how important it is that they learn about this; note that Cardozo's own Zach Rubenstein made a point of talking about how idiotic law professors are in particular on this subject.  But I digress.)

I also think that we're at a crucial moment of growing knowledge and understanding of individual power to form communities online.  Social software, brutal and blunt though it is right now, is taking off.  We're all linking wildly.  We're learning how to include as well as exclude.  We will someday have much more nuanced understandings of our own online networks, and we'll be accountable to each other as individuals for what we send and receive.

So I trust private firms, and I trust individuals, to come up with a scenario that is a viable alternative to some sort of locked-down, government-controlled future internet.  That alternative may be more filtered and more limited than the internet we have today, but it's better than the vision that the copyright industry and the Department of Homeland Security have of online life.

But I heard last night from several people who are not as optimistic about human nature and who do not want to privilege private firms (of any size or description) in providing forms of "governance" through linking/filtering tools.  There's a sharp split between those who trust governments and those who cannot imagine trusting governments (much less groups of governments) in the creation of rules about non-physical-harm-causing bits.  There's a deep divide between the common-carrier, we're-all-in-this-together-and-it's-got-to-be-fixed view of the internet and the let's-fix-it-ourselves view.

Yes, this is a simple and obvious set of points.  But it may be that we're not as distant from the "can it be governed at all" set of arguments as we'd like to be.  We'd like to say, "oh, that's SO late 1996," but in fact we haven't progressed very far.  Some people think: governments have a role when it comes to atoms, and have physical power over ISPs in their countries, but most online problems aren't easily addressable in any mass way (much less fixable) by courts and legislators.  Other people think:  nothing much has changed here, of course governments should be fixing spam and content issues and everything else under the sun, bring in more treaties right away.

And the two camps aren't drawing more closely together -- at least not yet.