Around the time of the dinosaurs, a four inch long creature named Morganucodon oelheri ("Morgie" to his/her friends), scurried between the feet of the dinosaurs. Morgie, a nocturnal, warmblooded, fur-covered animal, holds the distinction -- this week at least -- of being the "first mammal."

Two hundred and ten million years ago, Morgie was scarcely noticed.  Life went on like that for quite a while. Then, as the Smithsonian tells us, "After the extinction of the dinosaurs 65 million years ago, more than 40 new groups of mammals arose from this common ancestor. As climates and habitats changed, some species adapted, but many went extinct. But this tiny mammal passed on its DNA to billions of descendents, including humans."

Morgie survived because he was agile, small, able to hunt at night, and adaptive.

Let's suggest to ourselves that an "eBay for services" will soon arrive on the scene, with small, nocturnal, agile, adaptive micro-firms doing work and passing on DNA in the form of metainformation about the individuals and groups involved.  Will micro-firms survive the increasing consolidation (creation of corporate dinosaurs) and changes (global disasters of various kinds) that we face?

Or will the capital commitments that are made in large corporations continue to be unbeatable?   What's important about these commitments -- these capital lock-ins -- is that they cannot be withdrawn.  Maybe a micro-firm can't attract that kind of capital. 

Maybe the corporate versions of Morgie and the dinosaurs will continue to share the same environment.  This time around, the dinosaurs may be here to stay -- particularly if the dinosaurs are capable of taking the long view.

(Thanks to Sarah Brosnan for the pointer to Morgie.) 

Handel had "one of the most majestic, tender, and human voices ever lifted in praise of life, of love, of beauty, and of the art of music."  

Why are the overtures to Handel's operas so long?  They're so long because Handel expected his audiences to be late.  Very late.  And he knew that they would be having passionate trysts on arrival, using the benches in the hall for this purpose.  The women wore hoopskirts.  Everything took a lot of time.  So the overtures gave everyone ample opportunity to settle down so that they'd be able to listen.  Attention, then as now, was a scarce resource. 

Because the internet does away with time as well as distance (not to mention visible concert halls), what does it take to get people to pay attention to something as lovely as a Handel opera? 

People don't always act rationally.  If social ties are stronger, they may not ask for exact returns on their investments.  If they see someone being treated unfairly, they may act -- even though they're not themselves part of the unfair transaction.   

There's a movement out there -- soon someday to be a standard college department -- to refute the assumptions of homo economicus.  There are people doing studies of chimpanzees dutifully returning tokens in exchange for grapes (or not).  There are people doing studies of the effects of emotion on human learning and memory.  There are people wondering what effect such empirical studies may have (or should have) on law and corporate behavior.

I had a fine time this past week listening to the chimp and brain studies in particular.  (We law professors have terrible graphics.)  This gets interesting when intangible "property" is being examined.  Do humans have an instinct to uphold property, but perhaps not to uphold intellectual property in the form of bits?  Does this suggest that efforts to perfectly enforce tech mandates that hobble machines may be not only unconstitutional (because they give no opportunity for fair use) but also inhuman?

Someone at a recent meeting said that a software product embodying Hermann Hesse's Glass Bead Game was being developed.  Another person said "I loved that book!" with enormous enthusiasm -- but then couldn't remember what it was about.  So I'm reading it.

I think I'll remember the Glass Bead Game:  Intellectuals begin to see curves, trends, and universal constants across musicological, mathematical, philosophical, and any other field you can think of.  So they develop a language of symbols and moves that are abstractions of these universalities, and they come together to play games with these abstractions with intense joy, exultation, and engagement.  The community that plays the game is peopled with scholars who write famous treatises like The Reception and Absorption of Slavic Folk Music by German Art Music from Joseph Haydn on. 

This community is an elect group, chosen and trained from a young age.  It starts as a utopian rarefied society, rigidly controlled and cultivated, and is enormously respected.  Things begin to decay when the connection between the world that funds this intellectual enterprise and the inner elect inhabitants of it becomes attenuated.

I can't imagine how the game will be made into a software product.  You'd have to take all the knowledge of the world and distill it into a few visualizations.  Sure, I'm a big believer in pictures, but I'm suspicious of reductionism -- I ran across a lot of it in music theory that made me frustrated and skeptical. (In fact, The Glass Bead Game has a heavy musicological/theoretical bent.  But no one in the elect community actually composes any music.  They just admire the serenity of classical themes.  Scary.)

And isn't the point of the book that such cross-disciplinary abstractions are beautiful but ultimately doomed?

I'm at a conference on Law and the Brain sponsored by the Gruter Institute.  Maybe I'll ask the other attendees how they feel about the Game. 

ICANN has released its draft new budget (pdf).  The document gives us a good look at how ICANN sees itself.  It's arguably an internally inconsistent view.

ICANN is growing.  This budget calls for ICANN to have almost 60 staff members by the end of the next fiscal year.  Expenses under this budget are predicted to be twice those of last year ($16 million v. $8 million). 

  2001-2002:  $5m
  2002-2003:  $6m
  2003-2004:  $8.3m
  2004-2005:  $15.8m

ICANN is providing value by providing services.  "Compliance" efforts affecting registries and registrars will be much greater under this budget. There are rumors that new registry services will trigger new fees paid to ICANN (see p. 17).   ICANN continues to work towards a process "for evaluation of proposed changes in registry operations."  (Not new Registry Services, a defined term under the contracts, but "registry operations.")  ICANN intends to provide better IANA services.  The budget calls for ccTLDs to recognize the value of these services and others and pay 25% more to ICANN this coming year; notes following the budget indicate that ICANN's "internal goals [for raising money from ccTLDs] are greater."

ICANN is under attack. The budget lists as one of ICANN's programmatic areas "managing developments springing from the UN's WSIS."  Although there's no line item given for this effort, it's clear that ICANN feels it is important to explain "the value ICANN provides to the worldwide Internet community."

Each budget of ICANN's for the last few years has been remarkable, and this one is no exception.  There is a great deal of emphasis on process in this document - the budgeting process itself is described three or four times, in various levels of detail.  By focusing on process, it's easy to sidestep what ICANN's actual role in the world is.  ICANN can say, "we do this, and this, and this, and publish this, and we need much more money to do it."  ICANN's vision is to monetize all transactions by every link in the chain (registries, registrars, and registrants) in order to fund its growth.

But what's ICANN's basis for taking all these steps?  What is ICANN?  It's clear that it sees itself as legislature, prosecutor, and executive all at once -- a pronouncer of policy and a compliance officer; an operational IANA service provider/customer service representative for registrants, and also a controller of registry "operations."  

This is the internal inconsistency that the budget reveals:  ICANN is under attack precisely because it believes itself to be (and appears to be) important.  ICANN should remember what it is:

• ICANN should go back to the use of a thin contract that contains only the essential elements of the consensus policy bargain.  With a thin contract, ICANN wouldn't need all this staff to scrutinize each step taken by a registry or registrar, and wouldn't be appearing to compete with the ITU.  The model proposed is clearly unworkable. 
• ICANN should refrain from using the leverage it has as a gate-keeper of new entries into the root zone file to impose complex regulatory policies (and fees) on new tlds.  ICANN should not see each new TLD and registrar as another revenue opportunity.  That it does so makes other countries wonder whether ICANN is indeed "doing Internet governance."  Paul Twomey is very good indeed at explaining ICANN's role as a forum for discussion of minor coordination issues.  That explanation doesn't fit this budget.

I've said this before.  And there's no limiting principle that would clarify the internal inconsistency dogging ICANN.  There is a feeling of inevitability in the air.  Nothing is the last straw, apparently. 

It seems like an important year for online policy.  The FCC is making strides towards treating all online applications alike.  The UN is getting into the internet governance (some people now call it "IG") game.  Every day brings news of one kind or another.

But on Friday I dropped in on the Harvard ILaw seminar very briefly, and during the 40 minutes I was there I heard two people talking about policy proposals they'd made over the last couple of years.  I said to someone near me, "This seems a little old."  He said, sensibly, "That's just because you're bored with it."  And someone else said to me, a little later, "You're just in a time warp," or words to that effect.

I feel a little like the older Schlegel sister, who has a dinner party of very trendy people who talk very quickly to one another about books and plays that they've all seen.  They flit from subject to subject, darting towards the new thing, alighting with joy on each bright fresh subject like a literary pack of hounds.  To this dinner party the eldest Schlegel invites Mrs. Wilcox from across the street.  Mrs. Wilcox is older, wiser, and quiet - she doesn't say much, and leaves early.  Mrs. Wilcox says something vague and soothing to Margaret Schlegel as she leaves, about how smart her friends are, but Margaret is cut to the quick.  She feels terrible about how Mrs. Wilcox has been treated, and in the end comes to understand what Mrs. Wilcox's wisdom is made of (you have to read the book).

There's a risk of darting from thing to thing ("Oh, ICANN, that's so yesterday") in this area.  I'm as subject to it as anyone else.  In fact, the nature of the medium we use (lots of news, infinitely interesting varieties of information) lends itself to fractured attention and a sense that events are rushing by. 

Following my Schlegel-ist feeling of this weekend, I'm chagrined.  I pledge to be more sensible this summer. 

Only connect! That was the whole of her sermon. Only connect the prose and the passion and both will be exalted, and human love will be seen at its height. Live in fragments no longer.

It's official:  Cardozo will be the site of a one-day Nethead/Bellhead conference on Tuesday, Sept. 28.  I'm hoping to make this as zippy and interactive as BloggerCon and as substantive as TPRC.  But shorter than either.  After being provoked, prodded, and challenged, you'll be home for dinner (if you live on the East Coast; if not, you'll get another day in NY, which isn't so bad).  I also need to plan deliverables coming out of the meeting:  white papers, comments to the FCC, studies.

All suggestions welcome.  I need help planning this, just as I needed help getting ready to teach cyberlaw (thanks for the assistance).  This is an authentic plea for help.  Maybe Kevin, David, Mary, Ernie, or James will have suggestions.

Someone who doesn't know anything about me except my phone number called me up and asked me to come play string quartets tonight.

There's a whole ritual to this.  You don't get to ask who the other players are -- it's like a dinner party in that way.  But there's no food.  You arrive and meet the other three.  There's some jousting:  who plays where, who knows who, who went to school where.  You try not to engage in too much of this, because, after all, it doesn't really matter.  All that matters is what happens when you sit down to play.

Usually, it sounds awful when you sit down to play for the first time, and tonight was no exception.  A quartet is four people, each of whom is Saving The Situation.  So movements are exaggerated, sounds are harsh -- it's just terrible.  You just have to get through that part.  Tonight we first read a fugue that one of the players had written "in school."  We praised him extravagantly.  That's traditional too.

Things usually get a little better as people stop being self-conscious and just play.  That happened tonight too.  We moved on from a little-known Haydn quartet to a better-known Beethoven quartet.  Sure, there were some destructive moments.  We will draw a veil across the scene, or at least across the sound of the scene.  But we made it through, together, and we ended up feeling great and as if we'd gotten away with something.  In the middle of midtown

Today was also a day for getting a NY driver's license.  There was a lot of waiting around, and a tremendous amount of jousting about credentials.  Without your original social security card, you just can't get a driver's license in this state.  The social security office here in NYC says that 75% of its transactions are people replacing lost cards.

It is usually awful to stand in line at the DMV, and today was no exception.  There was a chokepoint -- two people dealing with every single inquiry and checking every single credential.  But then (as with the quartets) the system started to work.  After the computers in the entire state went down, they came back up.  People were getting licenses right and left.  An almost tangible sense of bonhomie kicked in.  We left feeling great.

The quartet evening ended with a sense of purpose:  playing a lovely Mendelssohn movement.  All we got from the DMV was a temporary license.  Both groups (quartet and people getting licenses) disbanded and went off into midtown. 

The quartet is like the group-of-people-at-the-DMV in that they start out not knowing eachother, but end up chatting away.  But the quartet creates something (sometimes awful, to be sure) that is greater than itself.  The quartet might even be persistent, if the host manages to drag everyone back again to play.  And the quartet depends on interplay among its members to work.  The people-at-the-DMV are only following procedures and hoping to be allowed a credential that will allow them on airplanes. 

So the DMV is like a string quartet in that both have terrible, deadly moments that may, with luck, get smoothed over.  Both have people with roles that they play, and some people are more helpful than others.  But the DMV is not like a string quartet in that what it produces is the same every time -- a top-down credential, with a picture.  The quartet produces something different, something occasionally beautiful, and something ephemeral that causes us to think twice.  Some groups are more meaningful -- more metainformationally interesting -- than others.

I was struck by the Post's writeup yesterday of Helen Vendler's talk.  It is clearly right that the arts (and I'd say, specifically, music) provide the most "basic, most fundamental, first access to the world."  It is also clearly right that music and poetry are part of our physical worlds in ways we don't sufficiently acknowledge.  Listening to the world with the same intensity and attentiveness we devote to the arts (if we do -- let's hope we do) would be transformative for us.

When we read a line slowly, or listen attentively to a beautiful song, we are changed by this experience.  We understand suddenly how the words create the impression of the line and how the richness of the song is built on many layers, each with its own meaning.  Our minds work out these puzzles with delight, alternately filtering and focusing, awake to the contextual and structural relationships streaming by.  The work of art becomes a living synecdoche, standing (in that moment) for human experience.

If we listened to the world in the same way, we'd understand it and ourselves better.  We'd grasp why a particular platitude in a speech felt so empty to us.  We'd see the context of the speaker and understand why the speech was being made.  We'd be alert and curious and wise, listening attentively, hearing both the constant caustic and the bland banality and understanding why each had taken its place on the stage. 

If you listen to the world, you have to treat each note, each speaker, with respect.  If we were attentive, we would be empathetic, because we would have learned to appreciate and take on board the depth and complexity of those around us.  And we would be humble, because the music that had taught us all of these skills would always be greater than ourselves.  

So -- good for Helen Vendler, a new hero, and good that such a report can make its way into a major newspaper (an admittedly unedited newspaper -- maybe that's how this writeup got in).  It's nice to read about the eternal at breakfast.   

Earlier today the FCC held what it labeled a "VoIP Solutions Summit:  Focus on Disability Access Issues."  It was a four-hour festival during which no negative notes were struck.  The same message came across again and again:  we must regulate all ip-enabled services (not just VoIP) in order to ensure that the disabled -- the blind, the deaf, the hard of hearing -- have access.

The Chairman came in and gave a ringing peroration to close off the meeting [paraphrased]:

I've worked with the disability community over the last seven years, and the same criticism is always made:  accessibility is always retrofitted, always being bolted on at the end. . . . We need to work on these issues in these networks from the beginning.. . . This is vital. . . . I hope this isn't an event we'll celebrate having happened on this day in May, but really an inauguration of a relationship -- a demonstration as to how to protect core values in a regulatory exercise. 

Paul Schroeder, from the American Federation for the Blind, made the point of the summit plain:

We're really talking about something far different from VoIP. IP-enabled services are far more significant.  How do we ensure disabled people have reliable access?  Through regulations.  Voluntary market forces simply don't work.  . . . . We need to move beyond the focus on voice and talk about content communication.  So many forms of content are of great significance to people like us and are not being made accessible.  I'm sure that businesses will create services and find a way to make money, but disabilities will be afterthoughts and retrofits.. . . . Regardless of whether we're describing telephones or something else, we can set standards for IP-enabled services -- and require them of PCs, software, ecommerce, electronic services. . . Use your ancillary jurisdiction.

Jim Tobias talked about the difficulty of registering and downloading client applications that don't have keystroke equivalents or for which screen readers don't work.  Installation wizards are very hard for the blind to use   When you sign up for free email services, bots are avoided by presenting passwords that are pictures; you have to type out the graphic text in order to sign up.  Blind users can't do this.  Other people talked about the need for adjustable volume controls, simultaneous voice and text display, and the ability to add text to any voice application.  Frame rates are a problem.  Companies are in fact developing applications and products that are useful for the disabled community (in fact, 10% of Sidekick users are deaf), but "to get more services and better prices," the disabled need regulations.

Claude Stout said that many disabled people rely on library access that in turn depends on support from universal service funds.  "We need to have a fee structure set up that won't rely on phone services only -- but will also depend on ip-enabled services fee structures."

The room was full of members of the disabled community.  Many of the speakers used sign language and "spoke" through interpreters.  The interpreters were so good and so smooth that it very quickly ceased to be strange to hear a man speak in a woman's voice.  Seeing-eye dogs waited patiently.

As I said, no one -- not one speaker on any of the three panels -- said anything negative about the prospects of FCC regulation in this area, or mentioned any possible unintended consequences of FCC action.  Indeed, I can't imagine who would have in this setting. 

One of the FCC officials present said, [paraphrasing again]:  "In a world of software, where incremental costs of designing functionality in at the very beginning are very low, shouldn't the goal be to identify requirements and design them in from the beginning?"  

Does anyone tell magazines that they have to be accessible to the disabled?  Or books or photographs or cars? 

Net applications are much more like magazines etc. then they are like hotels or libraries.  And the internet, unlike the phone system, was designed according to the "principle of good enough" -- "the open source tenet that you don't begin a project by over-engineering the end result."   Instead, you go with POGE and let things go their own way.  Net applications, including the WWW, are often built in the same fashion, and change all the time.  (Yet another reason why net-heads can't understand bell-heads.)

Three questions:

1.  The disability community is trying to get through the FCC what it couldn't get through either legislation (the ADA) or litigation (NFB's suit against AOL): a technical mandate for online applications.  Let's assume the merit of this quest -- as we assumed the merit of the FDA's attempt to regulate tobacco.  What would give the FCC the authority to mandate design standards for web sites, email clients, IM applications, and everything else that rides on IP?

2.  The premise seems to be that if we don't do something to find additional sources of income, universal service "as we know it" is dead.  Having internet applications pay a little something to the FCC in exchange for the privilege of being online sounds fine to the Commission.  But, again, who gave the FCC the power to tax the online world?

3.  What's the limiting principle on the "core values" the FCC intends to impose on ecommerce?  So far, they're focusing on disability access, E911 services, and law enforcement access.  (They probably need to make sure law enforcement access is in place so as to get the DOJ to help out with the BrandX case.) 

What kinds of content controls are next?  Indeed, aren't these disability access demands (keystroke equivalents, screen reader compatibility) a kind of forced speech?  A web site is much more a kind of speech than a Burger King:  you can require the Burger King to have accessible doors, but can you require a site not to use Flash?  Wouldn't it be a short step from there to require that web sites and applications clean up their language, only show flesh behind electronic closed doors, and goodness knows what else?  Not to mention the mischief the studios could do at the FCC in the name of "core values."

The IP-enabled services NPRM is like the broadcast flag in (at least) the following ways:

BF Speech:  Broadcast television is America.  We need to protect the medium that gave us I Love Lucy.  To save it, we should do anything we can (including imposing design mandates on any electronic device that might touch digital television).  If you're against doing this, you're against America.

The flag is just the first of many tech mandates that the studios will get out of the FCC.  Up next -- closing the analog hole and outlawing unauthorized P2P applications. 

Even though nothing can save broadcast.  It is a wasteland.

IP Speech:  Universal service is America.  We need to protect the subsidization plan that gave us telephone access.  To save it, we should do anything we can (including imposing design mandates on all internet applications).  If you're against doing this, you're against disabled people (and America).

This proceeding will implement just the first of many internet mandates that all kinds of people will get out of the FCC.  Up next -- CALEA access to everything, and consumer protections everywhere (not yet identified).

Even though nothing can save universal service -- it is doomed.

Greg Elin of Fotonotes talked last night about how cameraphone pictures are communicative acts.  People take billions of these pictures already, and as they snap an image they often think to themselves, "I'm going to send this one to my aunt," or "I'm going to post this one on my office wall."  The picture has a destination and a gesture ("here, I was thinking about you") inherent in its creation.

Greg's focus is making pictures, and objects within pictures, easily annotatable in a standard, flexible, and dynamic way.  He's making a great deal of progress along these lines -- watch for chat applications that incorporate Fotonotes.  We'll soon assume that any conversation includes (or, indeed, is focused on) writing about/on/with pictures.

Cameraphone pictures are already communicative; Greg wants to make the communication explicit.

I've loved Google Images ever since I first stumbled across it.  I stick pictures into emails to show where I've been -- because I don't take pictures (yet), I like using other people's pictures for this.  What if Google Images had pictures that were full of conversations and explanations and pointers?  Greg says, "Sure."  As he says, "jaw-dropping."

Howard Rheingold's Smart Mobs taught us that social interactions changed with messaging.  People feel themselves to be present where the message is read -- already at the party, say, even though they're half a city away, because they've been messaging with people there. 

What will "presence" mean when we're messaging with mixed-media/RFID-enabled cameraphones?  Does it bring distance back into the equation (as in "I'm here, taking this picture, and you're not")?  Or does it make us all feel present, in a small electronic way, wherever the picture was taken (when we see it on our screen)?  And with RFID capability built in, our presence in a picture will be a piece of data of record.  (Add FBI access to phone records that include pictures, and you can worry.  But we're in the ecstatic part of the story here, not the fearful part.)

What makes a picture such a desirable and interesting object, even one taken on the fly by a phone?  For the taker, it's bound up with looking for companionship ("I want you to understand where I was so that you can understand me," or "I want to remember where I was so that I can understand myself").  For the recipient, it's a communication and a gateway into another world. 

Pictures are decentralized electronic oracles that reveal a world mediated by the taker and understood by the recipients.  We all want to see them -- our eyes go to pictures and rest there, as we actively look with imagination and insight (compare the video experience, where we read for plot rather than expression most of the time, passively led by the video author).  And we'll have billions and billions of them online. 

Here's the elevator speech (might take a very tall building to carry out):

1.  The FCC wants to make sure that the universal service program doesn't run out of money.

2.  The universal service program has historically been funded by enormous access charges paid by long distance companies to local phone companies.

3.  Long distance companies want to make calls look local so they don't have to pay these enormous access charges.

4.  One way long distance companies can implement "access avoidance" is to insert an IP section into their call pathway.  Then they can say that the call isn't really a public switched telephone network call at all.  It's a VoIP call, which should be lightly regulated (if at all).

5.  VoIP (voice over IP) lobbyists have said that all IP-enabled services are the same, in that they all involve packets traveling over the internet, and so VoIP shouldn't be discriminated against in a regulatory sense just because it involves voice.

6.  But if most telephone calls are made over the internet-based network, the universal service program will run out of money.

7.  FCC has started dealing with this problem by nibbling at two ends of the continuum:  Pulver, which looks just like Napster and doesn't use the PSTN, won't be regulated.  But ATT's VoIP, which looks just like a telephone call with a little internet thrown in, and does use the PSTN, will be regulated.

8.  What does it mean to be "regulated"?  That's what the IP-enabled services NPRM is all about.  There, the FCC is proposing a discussion about social policy goals for all IP-enabled services:  

E911 and public safety issues (should all IP-enabled applications be able to call the police?);

Disability access (should all IP-enabled applications be able to support screen-reading and avoid graphical interaction?);

Payment of access charges to local phone companies (should all IP-enabled applications have to pay access charges?);

Payment for universal service obligations (should all IP-enabled applications have to fund universal telephone services?);

Tariffing and preemption and CALEA (should all IP-enabled services have to be tariffed, and should state regulatory roles be preempted, and should CALEA obligations apply to them?); and

Consumer protection (should all IP-enabled services have to provide standardized protection for personally-identifiable information, and meet other desirable consumer protection standards that are established -- such as prohibiting slamming and supporting "portability"?)

9.  Meanwhile, the 9th Circuit has said in the BrandX case that cable modem service is a telecommunications service, despite FCC efforts to say that it isn't.  Some portions of the FBI must be delighted with this holding, because it means that these sorts of services will be subject to CALEA -- meaning that these services can't be designed without making it possible for the FBI to have a back door.  Some portions of the DOJ will never give up on pushing for this.

10.  So the FCC is being pushed towards "regulation" of ip-enabled services from two directions:  Universal service has to be paid for, and the DOJ has to have access.  The ip-enabled services NPRM provides a menu of things that might happen, and we can't predict that all of these regulatory elements would be applied to, say, email, but there are powerful institutional reasons for the FCC to take a heavy hand.

Three questions for the demos:

1.  Why do we assume that the universal service program has to be funded?  Is this an untouchable third rail?  Are there other ways to provide communications services to rural areas?

2.  Why does the FBI assume that it should have CALEA interests in every application that rides over the internet?  Is this another example of the "new normal"?  Is there any link between all of this and the DOJ push for increased copyright police powers? 

3.  If the ATT VoIP petition is easy, and the Pulver petition is easy (ends of the continuum), what about everything in the middle?  What about PCs or handheld devices (which don't look like phones) providing applications that do everything a phone does, plus text and graphics and IM and anything else you can think of? 

(plus, isn't the WWW an "IP-enabled application"?  what about the DNS?)

In preparing for today's lecture on internet governance (whatever that is), I ran across an essay by Langdon Winner from 1997. It's called "Cyberlibertarian Myths and the Prospect for Community," and it's pretty bleak.

Mr. Winner says, in summary, that cyberlibertarians in 1997 are both shallow and obsessed. Shallow because they don't seem to care about community, institutions, democracy, or citizenship, and obsessed because they value individuality, free markets, and homogeneity above all else.

Let's assume he was right. Has the Wired culture made any progress towards enlightenment in the last seven years?  I'm going to suggest that it has -- but it just hasn't become conscious of the communitarian realities of online life yet.  The time may be ripe to collectively imagine a better world.  We can do this in two ways:  by shedding light on the role of groups in our lives, and by realizing how the networked, interactive screen changes our relationships with these groups. 

If this sounds vague to you, consider this:  We are just now beginning to see the structure of social organizations in new ways. We know that scale matters. We know that, given the chance, people will find ways to trust each other and work creatively together to pursue shared goals.

But many groups we're involved with are dysfunctional (like large corporations) and don't seem susceptible to change by individuals.  This is stressful. (Indeed, one definition of "bad" stress is an inability to change your environment.)

What if you could enrich your life with groups you haven't thought of before: different forms of jobs, interest groups, affiliations; crossing geographical and other boundaries, perhaps lasting for only a short time?

What if you could change groups you care about by acting collectively with others? What if you had more choices, both of roles and affiliations?

Networked, interactive screens make all of this possible.  We can visualize the groups we're involved with (and we should force those groups to have an online component); we can form new kinds of firms that exist only online; we can see the state of the group at a glance; and we can interact with the group using the screen. 

It turns out that the individual may not be the most important element of online life.  Groups may be -- and now we can collectively imagine them in ways we haven't been able to in the past.

David R. Johnson and I are talking about writing a treatment of this subject.  This sounds to me like a possible response to Mr. Winner.  But let me know.

It seems to me that we need to get the net heads to talk to the bell heads.  I'm planning to have a Cardozo conference in the fall that would focus on the IP-enabled services rulemaking. 

How can it be that email/IM etc. should be taxed "just a little" and the FBI should have a back door into these services -- just to support the existing telephone system?  I'm sure I have a great deal to learn.  But even the language makes little sense to me.  Who should speak at this conference?

Now that CFP taught me all about FCC regulatory policy, I feel empowered to be paranoid. 

ATT wants to offer VOIP.  Because their service touches the telephone system at some point, the FCC has said that ATT's VOIP will be a regulated service -- meaning CALEA, E911, and other obligations have to be met, and access charges have to be paid.  This seems entirely consistent with the notion that, someday, email, IM, and P2P generally will be regulated services too.

Here's the reasoning.  To the extent the following are true of  ATT's VOIP, they're true of email and IM:  the service (1) uses ordinary customer premises equipment, (2) originates and terminates on the telephone system, and (3) undergoes no net protocol conversion and provides no enhanced functionality to end users due to the provider's use of IP technology.  As I understand it, if a service isn't "processed" somehow by its transport across the net, it's a telecommunications service (that's what the "enhanced functionality" reference means).

Chairman Michael Powell says that ATT "argues that its service should be exempt from the access charge regime because it may use IP in its transport system. . . [but] customers are in no discernable way receiving the transforming benefits of an IP-enabled service.  In fact, the consumer receives the same plain old telephone service."  He goes on to say that if the FCC listens to ATT, that would be merely "sanction[ing] regulatory arbitrage and would collapse the universal service system virtually overnight."

The argument about email and IM (as I dimly understand it) is that consumers are receiving the same services they used to get from Western Union.  No difference.  Sure, the old telegraph operators aren't there, and the consumer is doing the typing, but once the message has been put together it's sent along the same plain old telephone lines.  In this view, the email or IM is just like a telegraph that gets routed along by the telephone network.  So email and IM should be on a level playing field with (now not thought about much) Western Union.

The justification for putting email and IM on a regulated footing as "just another" IP-enabled service is that if we don't do this the whole regulatory system will collapse.  The telephone system as we know it will be destroyed.

This rationale is very similar to the broadcast flag reasoning:  if we don't make rules for the devices that receive, store, and manipulate television broadcasts (and the devices that connect to those devices), the broadcast system as we know it will be destroyed.

The arguments for protecting telephones are stronger than for protecting broadcasts, but they're undeniably similar.  We have to do this, or the American way of life will be destroyed.  If you argue against this, you're un-American.  In fact, if you argue against this, you're in league with terrorists.

Where is this going?  One key IP-enabled service that's quite popular these days is P2P.  "Operation Fastlink" went after warez sites and hackers the other day, using language that sounds just like the war on terrorism:  "These groups are sophisticated and able to communicate instantly via the Internet, and have the ability, with the stroke of a button, to destroy evidence located across the globe. The synchronized efforts of law enforcement worldwide prevented the thieves from destroying the evidence or disappearing into cyberspace without detection."

Where would these warez files end up?  On P2P systems:  "Once a product is stolen and made available on a "warez" group's secure server, it is only a matter of hours before the stolen works are distributed throughout the world, ending up, for example, on public peer-to-peer file-sharing networks accessible to anyone with Internet access."

What does the content industry want more than anything? To shut down P2P systems.  How can they get there?  I'm not sure they can.  But having the FCC regulate P2P has got to be a start.

A current FCC Notice of Proposed Rulemaking is suggesting guidelines for IP-enabled services.  At CFP yesterday, Bob Cannon and Chris Savage gave a thorough FCC tutorial, and ended with a discussion of this NPRM and VOIP generally.  I raised my hand and asked whether "IP-enabled services" included the DNS and email.  Answer:  yes.

Here's the footnote setting the scope of the NPRM: 

Specifically, the scope of this proceeding – and the term "IP-enabled services," as it is used here – includes services and applications relying on the Internet Protocol family. IP-enabled "services" could include the digital communications capabilities of increasingly higher speeds, which use a number of transmission network technologies, and which generally have in common the use of the Internet Protocol. Some of these may be highly managed to support specific communications functions. IP-enabled "applications" could include capabilities based in higher-level software that can be invoked by the customer or on the customer’s behalf to provide functions that make use of communications services. Because both of these uses of IP are contributing to important transformations in the communications environment, this Notice seeks commentary on both, and uses the term "IP-enabled services" to refer to "applications" as well as "services." Recognizing the broad scope entailed by this definition, we invite comment below on how we might more rigorously distinguish those specific classes of IP-enabled services, if any, on which we should focus our attention. We emphasize, however, that this Notice does not address standard-setting issues for the Internet Protocol language itself, which are more appropriately addressed in other fora, or other items outside this Commission’s jurisdiction, such as Internet governance.

That last sentence makes you think about ICANN -- the White Paper said that the idea was to create a group to deal with "management and administration of Internet names and numbers on an ongoing basis," and not to provide "Internet governance."  So maybe the FCC is interested in taking on ICANN.  Whoof.

But putting ICANN aside, what about everything else that uses IP?  What about email (and blogging applications)?

The pro-regulatory view is that email is "affected with the public interest" and some sort of a common carrier. Email equals Western Union. Whoof again.  The thinking would be that because we all use email, maybe there should be CALEA obligations inherent in it (backdoors for snooping).  Or 911 obligations.  Or address portability.  Or you name it.

My reaction is mostly amazed disbelief.  Aren't there user agreements that have to do with email?  Don't we want to let the market dictate which email solutions people prefer because of the kinds of rules and promises those solutions provide? Don't we want to encourage businesses to roll out applications without having to check whether FCC guidelines are being met? Is there really a market failure here that drives a need for regulation?

Because one bit looks very like another, all of the VOIP discussions may also apply to any other sort of application you can think of.  What does this mean for the future? 

Have you seen the draft Calif. SB 1506?  Tell me it won't pass.  It makes anyone criminally liable who "knowingly electronically disseminates a commercial recording or
audiovisual work without disclosing his or her true name and address, and the title of the recording or audiovisual work."

You say, "No big deal.  We already have criminal copyright law on the books."  But don't criminal copyright statutes involve infringement?  This is a strict liability offense:  no name and address, and boom, you're in jail.

What if you're twelve years old?  We have one federal statute, COPPA, which makes it illegal for an ISP to knowingly gather personal information about a person under the age of 13 without parental consent.  Here, the twelve-year-old must provide that information. 

What if you're doing research?  Forget it; no name and address, and the inquiry is over.  No fair use exception here. 

Now, the proposed bill has an exception for people who electronically disseminate "a commercial recording or audiovisual work to his or her immediate family, or within his or her personal network, defined as a restricted access network controlled solely by that person or people in his or her immediate household."  Well, that's nice.  But what's a family?  And what about friends and colleagues and personal noncommercial use generally?  Isn't this a run towards a "personal digital network network environment" or PDNE?  (Some pronounce that acronym as "PID-nee" and smile.  Some don't smile.)  What's the relationship between that PDNE and traditional copyright law? 

(A great lobbying move:  soon if you object to the concept of a "family-use" exception you'll be tagged as being against the idea of families.)

Perhaps the statute is preempted, but it doesn't (except in the findings) talk about copyright.  In fact, like the broadcast flag rule, it aggressively does not deal with traditional copyright concepts. 

I have to agree with Arnold:  being a proud member of the California legislature should be a part-time position.

I'm spending the morning at BloggerConII.  Dave Winer is right:  panels and "experts" are dead ways of running conferences.  This one is saying about itself that it's going to be a real discussion.  We'll see.  The crowd is serious and intent.  Good group of discussion leaders, including some of my favorite bloggers:  Dan Gillmor and David Weinberger.

Group now plans to sing the BloggerConII song and has chosen Take Me Out To The Ballgame.  Poor accordion guy has to play with us.

I had fun sitting next to John Palfrey.  That made this session worthwhile; real people definitely needed for overheated-rooms in which we talk about blog tool features. 

When Cory Ondrejka of Second Life started talking the other night, I had my new (graphically adequately powerful) laptop open.  If you think it's hard to concentrate on a presentation when you're looking at email, just imagine how difficult it is to focus when you're in a different world.

Second Life is well worth looking into, and Cory (SL's Vice President for Product Development) is a very patient man.  He's a good ambassador for Second Life; he'll answer any question thoughtfully and carefully, and he has an open mind.

Cory met with a small group here in NY on Tuesday night, and then went up to Yale to see the ISP fellows and Yochai Benkler's class; he's speaking at New York Law School today.

After a while, I put the laptop lid down so I could listen closely.  (I'm not a very agile presence in Second Life just yet; if you see an avatar spinning and gesturing meaninglessly, that's me.  The new laptop just came into my life this week.)

What Cory had to say was fascinating.  Fully half of SL's subscribers are busy building interactive, scripted objects, using a C-like scripting language.  Artists and all sorts of other people have adopted the SL language, and they're producing like mad.  They're building museums and stores and planes and taxis, both individually and in groups.  Cory says a big bump in productivity happened after SL announced it was giving IP rights to subscribers in their creations.

"What?" you say.

Well, it would be good for Cory to create an IP-free island in Second Life to test this hypothesis, but it appears that having the spur (or carrot) of IP rights has actually had its intended effect:  people are building.  It's a green world; a place where copyright is being used to support the overall interest of the place.  Lots of great questions here; but mostly it seems to me that this isn't creating a litigious world (at least not yet). It's creating a creative burst of energy, as people buy land and build. 

Cory kindly did a demonstration of "Property Law: The Game" for us.  I had sent him a list of adverse possession elements, and he had the idea of providing lots of building materials and asking students "build what, where, and be there for how long" in order to prove title.  Gripping.  The next step is to do a very short course module "in world."  Small is possible.  Big is overwhelming.

So I'm a huge fan of Second Life, and I hope to be able to figure out how to talk to the people there at some point.  (The avatars clump, predictably; we all look for companionship.)  And the next time Cory comes to talk, I'll remember to be in the same world.

Why do we have reunions?  The Yale Symphony had its first-ever reunion this past weekend, and I have some suggested answers to this question.

We have reunions to celebrate getting older rather than to return to our youth.  It was great to see the current instantiation of the orchestra -- there are wonderful players in the group -- but I don't think that those of us who were distant from our college years (compared to, say, the class of '02) wanted to be that age again.  We were having too much fun ignoring the current occupants and talking to the other alumni.

There are exceptions to this celebration, of course; it was hard to know what to say to the alum who saw pictures of himself/herself from his/her undergraduate days and said "I've gained 50 pounds since then."

Reunions give us a chance to see places we used to see.  It was great to be on the stage of Woolsey Hall again in the middle of a very loud orchestra.  (Large numbers of trombone players showed up from the alumni ranks.)  I remembered the view out the windows and how uncomfortable the hall's chairs are. 

We like reunions because they take us out of our day-to-day lives briefly, reconnect us to the past, and then let us go home.  Reunions are disruptive.  We leave our homes and our routines to visit another life.  It's space travel and time travel combined.  The air is different at a reunion.  We tell old stories to friends who understand us.  But then it ends, mercifully, and we return to where and how we live, and all the problems/joys/deadlines of that life.

So:  when has social software/social life online been sustained enough to trigger a desire for a reunion?  And what do those reunions look like?  I'm sure they've happened.  But how do we celebrate our aging, see places we used to see, and experience the disruptiveness of a reunion online? Or does the timeless, borderless, "classless" nature of the online flow make all sessions reunions, in a sense?

Let me know. 

After they finished the tenth installment of their enormous multi-volume history, The Story of Civilization, Will and Ariel Durant wrote a set of thirteen essays entitled The Lessons of History.  I happened to pick up this volume yesterday; it's both slim and sweeping.  

The Durants loved history, and wanted to show their readership what waves and tensions and trends they perceived.  It's not a great book, but it's an undeniably forceful one.  One essay discusses the essential moral characteristics of individuals, listing six traits and providing "positive" and "negative" descriptions of ways in which people act.  Here's a quote:  "Human beings are normally equipped by "nature" (here meaning heredity) with six positive and six negative instincts, whose function it is to preserve the individual, the family, the group, or the species. (Action, Fight, Acquisition, Association, Mating, Parental Care) . . . Each instinct generates habits and is accompanied by feelings. Their totality is the nature of man ." (Note to law review editors:  not a footnote within miles.)

For "Association," the Durants say flatly that "privacy" is a negative instinct of mankind.  That's it.  If you're private, if you want solitude, you're just not helping Progress.

Now, I don't agree with the Durants' black-and-white view of human nature.  There's a continuum out there, and putting things into boxes the way they did may not have advanced Progress either.  (And they say "cooperation" is a negative trait too -- the opposite of "competition.  I don't agree with that either.)  But having this 35-year-old use of "privacy" in front of me on the page provokes me to say the following:

We have no assurances, as we walk down the street, that no one is watching.  In fact, to the contrary, there may be all kinds of things and people and machines watching that we do not see.  Instead of worrying about that, we talk to the people behind the counters in the stores, we engage with the cab driver about the weather, and we notice who goes by. 

If we're really worried about privacy, what concerns us is someone developing a full-blown dossier of our every move and publishing it to people whose possession of this information would be hurtful to us in some way.  But, other than this particular worry, whether someone's watching is of no particular interest or consequence.  There is so much information in the world that it is unlikely that we'll be important enough to cause the sifting that would produce such a dossier.

Same thing for online life.  All of us send a great deal of email and wander around for hours at a time.  Sure, someone could be watching.  But should we worry?  Should we be concerned that an ad may be targeted at our computer based on our online activities?  Who is hurt by the personalization of advertising? or even content?  Might it be a "negative" instinct to be concerned about this -- and particularly to be so concerned about it that we stop wandering around online or sending email?

The recent protest letter re Google mail strikes me as a negative step -- a step backwards.  Google may indeed have established for itself something that is much more like a global platform than a search engine.  Its engineering costs have likely gone way down, while its pool of available information has grown enormously.  But asserting that Google mail should be suspended for privacy reasons seems out of proportion to the risks involved.

After all, the people I deal with every day (dry cleaners, doormen, shopkeepers) have made no promises to me about how long they'll keep my image in their minds.  The people at my school aren't telling me how long they will keep records of my employment. These people know much more about me (granted, only shards of information, but more of it) than Google will. 

But EPIC and others are asserting that Google's "data retention and correlation policies are problematic in their lack of clarity and broad scope." So don't use Google. It's not being forced on you. Go use a paid-for mail service that makes clearer promises to you.

Google shouldn't need permission from privacy-knowledgeable people before opening up a new service.  The fact that some are distressed about Google automatically transmitting email says more about perceived lack of choices of rulesets for email data than anything else.  Google is so successful that people worry it will become the only show in town.

Yes, privacy matters, particularly (and maybe exclusively) when there is a risk of disclosure of a detailed dossier of your online life.  But a commercial company can open up a new service without making promises to anyone about its privacy practices.  If it breaches the promises it has made, that's one thing.  Merely rolling out the service, on the other hand, might just be Progress.

Steven Johnson's Mind Wide Open is a book you should buy and read.  There is a great deal to say about this book, but I'll start with the jokes.

On p.129, there's a good section about jokes -- it turns out that their real purpose is social bonding rather than humor.  We laugh so easily with people we know, and there's a reason.

Johnson says:

[S]ocial interaction without laughter produces modified brain chemistry, which affects both your background impression of the exchange -- its emotional color -- and the resulting trace memories the exchange leaves in your head.  Putting smiley faces into email to supplement the lack of verbal intonation helps convey when you're trying to be funny, but because the recipient of your message is still alone when reading it, she won't be likely to laugh out loud . . .

As the brain science of social connection becomes more widely appreciated, our communications tools will be judged increasingly with this yardstick.  Attention deficit disorder is conventionally described as the classic ailment of our multitasking age, but when you look at most electronic communication through the lens of neuroscience, it's hard not to think that autism might be a more appropriate "poster condition" for the digital society.

This was an "aha" set of paragraphs for me; I've often wondered about the effect or meaning the flatness of electronic communications will have for society.  Nothing comes close, so far, to the many channels of communication we have when we talk face to face.  Maybe we'll get better at graphics; maybe our emoticons will be tied to our pulse rates and sweatiness; maybe it'll be done through gentle constant probing of our foreheads.  But communication isn't rich enough online (yet) to be humanly satisfying.

This is too long for a blog posting, but here it is -- my lunchtime address to the Copyright Office. 

I'm delighted to be here this afternoon, and thanks to my hosts.  Particularly appropriate that you've come here to Cardozo, which has one of the top-ranked IP programs in the country.  I'd tell you we were ranked sixth, but that information is under lock and key until this afternoon.

I'm proud to be talking to you.  The copyright office leads the establishment of copyright policy for this country.  You provide invaluable domestic and international policy advice and take part in treaty negotiations.  You're a vital congressional agency

The copyright office serves the nation and communicates to the public about copyright policy.

You understand the copyright balance better than anyone.  You understand that copyright is a tradeoff between exclusive rights being accorded to authors and copyright owners, on the one hand, and public, lawful use of works on the other.  You know that we provide statutory intellectual property incentives to innovators to produce new creations -- because we have a desire to provide to society a steady stream of follow-on innovations that lead to further gains.

But I'm here to tell you during this peaceful lunchtime in this lovely setting, right here at the intersection of 12th and 5th, that copyright policy is being taken away from you

And you may never get it back; and if you're told that you're in charge of it, as you assist with international negotiations, you're not being told the truth.

Where is copyright policy for the internet age being made?

three quick examples: 

first -- the story of the clever state statute

As you probably know, bills to protect cable and movie companies, based on an MPAA model, are moving rapidly through numerous state legislatures. The only problem is that we don't really know what this legislation will end up doing, and it's very broadly drafted.

The MPAA says these are just updating telecommunications and cable- theft laws to reflect rapidly changing digital technologies.  They call them "theft of service" legislation, and often there is no discussion of these bills at all before they're passed.  The form of these bills is changing,  but they're continuing to be mounted in the states.

But the laws as drafted go far beyond protecting the copyright interests of cable and movie companies. The bills reach into homes to control what kinds of devices consumers may use in connection with the services they've paid for. Consumers have never needed the "express authorization" of their cable or phone company before buying a new TV, VCR or PC.  But now they may.  

So, they're called "theft of service" laws but can be understood as "theft of copyright policy" laws.  As the people who know about copyright policy know, a copyright owner hasn't in the past had the ability to proclaim what kind of machine can get access to his content.  Last time I checked, it was still the law that a copyright owner’s statutory monopoly will not reach a device so long as that device is “merely …capable of substantial noninfringing uses.”

Next:  I'll call this The Case of Policy By Demand

Another way in which copyright policy in the internet age is being shaped is by demand letters being sent under the authority of the DMCA.  You're probably familiar with the genre -- there are many recent particularly egregious examples:

Diebold used DMCA demand letters to attempt to cut off political speech about the competency of its machines

Chamberlain claimed that the DMCA's anti-circumvention provisions prevented competitors from developing products that inter-operated with Chamberlain's garage door openers,

Sony claimed that game enhancer software violated the DMCA (by outlawing avoiding country codes for games).  this gave Sony control over complementary games and stopped competition with Sony's OWN game enhancer

Sony, again, used the DMCA to threaten hobbyists who created competing software for Sony’s Aibo robot dog.

Lexmark threatened aftermarket laser printer toner vendors that offered toner cartridges to consumers at lower prices. 

This seems like anticompetitive behavior -- controlling markets by controlling anti-circumvention techniques, and using demand letters to do it.  This was not what Congress had in mind when enacting the DMCA.  And you know that better than anyone.

And those are just the things we know about that have become lawsuits.   You might suspect that many demand letters are going out that don't ripen into lawsuits because the demandee just doesn't want to spend the money to fight.  And ISPs receiving letters like this may be cutting people off so as to avoid hassle.   Even though many of these claims are far away from what the DMCA's job was supposed to be. 

What does this tell us?  that copyright policy is perceived to provide an engine of control over aftermarkets -- not the balanced regime you know it is.

And finally:  the Case of the Breathtaking Reach

The FCC's recent rulemaking in the broadcast flag matter raises significant questions about where copyright policy is going.  The name of the proceeding was changed at the last moment from "copy protection" to "content protection."  But it's really all about copyright.

The video content industry has successfully convinced the FCC that television broadcasts need to be protected against online redistribution by people who receive such broadcasts.  This fight is not (really) about television broadcasts.  This fight is really about the protection of the video content industry's business model.  This 20th century industry is very afraid of the effects of the online world on its ability to protect content from unauthorized distribution.  The friction of the offline world (the cost and difficulty of making hard copies) does not exist online, where perfect copies can be made instantly of the largest conceviable sets of bits.  So distribution control is made much more difficult online.

The broadcast flag rule, distilled to its essence, is a mandate that all consumer electronics manufacturers and information technology companies ensure that any software or device that touches digital television content protect the content against unauthorized onward distribution.  In order to make this happen, the FCC has established a new and extraordinarily broad regulatory regime that mandates the use of "authorized" content protection technologies by virtually every consumer electronics product and computer product -- including digital television sets, digital cable set-top boxes, direct broadcast satellite ("DBS") receivers, personal video recorders (PVRs), DVD recorders, D-VHS recorders, and computers with tuner cards. Until the FCC can settle on a new regime for approval of "authorized" technologies, it itself will decide which technologies manufacturers are allowed to use. 

In effect, the broadcast flag rule represents a (so far) successful effort by the content industry to shift the costs of protecting controlled distribution of their product from their shoulders to those of  the high-tech and consumer electronics manufacturing sectors in this country.  Rather than have encryption or other protection travel with the content, and having the evasion of such encryption be subject to enforcement actions under the DMCA, the idea is that protection of such content will be assured by machines after they have received it.

The broadcast flag proceeding started off in August 2002 entitled "In the Matter of Digital Broadcast Copy Protection."   The NPRM clearly stated in its first paragraph that the issue with which the FCC was concerned was about protecting copyright rights:

"Without adequate protection, digital media, unlike its analog counterpart, is susceptible to piracy because an unlimited number of high quality copies can be made and distributed in violation of copyright laws."

The FCC's logic appears to have been that without a broadcast flag scheme in place, "high value" content would migrate away from broadcast and towards cable and satellite systems -- in which content was encrypted before it was sent out, and thus protected against infringement.   The FCC was clearly concerned about protecting the copyright rights of the content owners. 

The flag is itself a very simple signal that will have to be listened to and implemented by a huge array of devices and software programs.  It is the implementation of the flag that matters -- the mandate that devices have to follow its dictates.  And once one device in a home follows the flag's rules, all content received by that device, whether broadcast or not, in the public domain or not, copyrightable or not, can't be sent outside the home.  It's the vampire rule -- once I bite you on the neck, you're mine.  All consumers will be protected against their own "unauthorized uses." 

Also, slightly inside baseball, the Commission is being urged to create a definition of a PDNE (personal digital network environment) within which copying and transmission can occur.  This is an incredibly broad request to do something incredibly constraining.  The MPAA is suggesting that the Commission define a "local environment" within a tightly defined geographic area.

Wait a minute.  I have content provider bona fides.  Both my parents are composers.  But this is the era of the internet.  Things don't happen in a "local environment" any more, and to suggest that they do seems to attempt to avoid involvement of the internet in digital media altogether.

This is, quite simply, breathtaking.  And once the public figures out what's going on in the name of protecting copyright policy, they'll be furious. 

And I'm not even going to start with the effort to close the analog hole.

these are just sketches of what's going on.  And I'm a centrist on these matters.  But the polemics of copyright policy has become these days like a threat -- if you're not with us, you're against us.  There's the rising perception that copyright owners have control over all unauthorized uses.  As if the mere right to control is the ultimate end of copyright policy.  It's the new normal.

But you know that this new normal isn't reflective of actual copyright policy as was intended in the Constitution or by the framers.  And that the enlistment of neutral third parties in the implementation of this new normal (manufacturers, ISPs, software companies) is overreaching.

A key part of the copyright policy response has to be resisting the claimed "newness" of this situation.  The same arguments are still being made over and over again about bad generation of internet users feeling they have an entitlement to listen to music while, meanwhile, new business models are taking off -- and the video guys will have the same experience.

In fact, this isn't so new.  It certainly doesn't require new laws, new bureacracies, or new asymmetries of information [Koh talk about Patriot Act compliance].  What do I mean by that?

What authorities don't copyright owners already have?  We need to ask that question.

We need some demonstration that the authorities already given (like the DMCA) have been wisely used.

We need to question whether new institutions should be making copyright policy -- why does FCC get to start making copyright policy?

Why does the "new normal" include such asymmetry of information?  Content owners can get all information about uses of their content, but there's no evidence that we're getting more or better content as a result -- no tradeoff for this

Technology is not a substitute for ideas; even new threats do not require new rules (new legislation), new bureaucracies (such as the FCC), or new asymmetries of information (in any mandated DRM context).  We need to resist the claimed necessity for these things, and, overall, the idea of the new normal.

It's gotten to the point where even mainstream manufacturing companies are worrying about balance -- recent report by the Committee for Economic Development, a group of mainstream US businesses that has taken strong public positions on the Marshall Plan and campaign finance, evidences this, where we took a hard look at the effects on economic growth of the nation of implementing the "new normal" in the digital world.  And these companies weren't happy.

You, the copyright office policy makers, are the keepers of the flame.  Don't let this happen.  Don't let copyright policy be made without you.

It's so bloggy to talk about blogging, but I have to say that blogging the terrific Yale cybercrime conference gave me new insights into the blogging process.

This was a truly enjoyable conference, made more so for me by the fact that I wasn't performing myself.  I had no paper to sweat over and revise at the last moment.  So, instead, I could work at absorbing what people were saying.  For me, blogging forces me to focus on the themes being brought out in real-time.  Then, when I've finished an entry, I can see it as a whole -- beginning to end, introduction to triumphant conclusion.  This not only helps me to grasp what's going on but also reveals to me what makes a presentation great.

What makes it great?  Clarity, forcefulness, meta-ness.  Many of the speakers at the Yale conference had all of these qualities.  (Michael Froomkin has these things going for him too, and I was busily blogging his talk when my right fourth finger slipped and I pressed a mysterious "backwards" function button that wiped out my entry.  Sorry, Michael.)  A beginning, a middle, and an end.  A strong voice.  Not reading from notes.  Conviction laced with a sense of humor.  Awareness of time (great speakers never run short on time).  And, most importantly, something to say that matters -- and that the speaker deeply understands. 

Sitting in the timeless classroom (literally -- Yale's Room 127 has no clocks, but does have a lot of portraits on the walls), I felt that I was contributing in some way by writing about what was going on.  I probably felt a little guilty about being there "just" as a participant rather than a speaker, but blogging gave me something to do.  (Note to self:  do not respond to IMs from two different people at the same time while attempting to record what's going on -- this happened during Zittrain's talk, and I'm sorry.  Sorry, Jon.)

So, although blogging means you DO sometimes have to say you're sorry (after all, if I'd gotten distracted while taking hand-notes no one would know), it adds a dimension to conferences that I enjoy.

Jack Balkin is up.  He presents three problems: 

first, what are the different forms of cyberprotest, and how do they relate to the freedom of speech?

second, what is the conflict between freedom of speech and other rights (let's clump those rights as "property")?

third, why is cyberprotest difficult to do?

First, point of freedom of speech is to support democracy. 

Think about different forms of cyberprotest as different forms of technologies; eg, sit-ins, hack-ins, allow small cells to do information-sharing (to get around filters), google-bombing (more). You can divide types of cyberprotest that enhance free flows of information (routing around) from those that block the flow of information.  Both types can be disruptive -- but in different ways. 

But this is a rough cut:  Although the idea of freeing information sounds "good," and the kind of thing activists would be interested in, there may be times to limit the flow (viruses, worms, child porn).  Central question is under what conditions is it a good idea to use code to free up the flow of information.

Second:  You have a factory, people organize, decide to walk out.  Is this freedom of association/speech or criminal conspiracy and destruction of expected profits.  Beginning of 20th century, walkouts are seen as destruction of property.  Then a big debate over what part of this we call speech and what part we call destruction of property.

This is the same problem we have with cyberprotest.

Three phases of protest: first, courts say this is conspiracy and destruction of profits; second, courts say this is freedom of association and speech (AFL v. Swing, eg).  Labor unions have right to organize, even if action lowers profits.  So we get to the third stage: now labor protest treated as a highly regulated subject, treated in labor law.  Completely out of the First Amendment category.

Balkin is not saying these same three stages will happen.  But boundary between speech and destruction of property is not a fixed line.  It changes over time through social movements.  So our view of what's "appropriate" for cyberprotest will inevitably change.

Back to the first rough cut: blocking v. facilitating.  That's too simple.  But there's no a priori way to divide what's cyberprotest and what's destruction.  Dead cow (Oxblood Ruffin hacktivist group) focuses on routing around, which seems appropriate to Balkin.  They also, interestingly enough, say that they don't want technologies to be used for "illegal" speech (like child porn).  But what's the baseline for determining what we think of as illegal speech?  Dead cow seems to be working with US baseline re what's "illegal".  But that choice of baseline is worth talking about.  An important question.

Third point:  what produces the development of technologies of cyberprotest.  Answer:  The Temptations.  Balkin will explain the link.

The key problem in cyberspace speech is proximity and attention.  Have to get the attention of your audience, and have to get next to them (picket around them).  Find some place where people interested in your speech will listen to you.

Balkin student wrote a paper about cyberprotest.  His conclusion was that internet didn't create spaces in proximity to other spaces.  You can move easily around, but you can't interpose yourself between audience and person you're criticizing.  Everyone is your neighbor but you can't get next to anybody. "I Can't Get Next To You, Babe" -- that's The Temptations.

Virtual worlds allow this kind of proximity.  Eg, Third Voice required that the audience join in, to get attention of people who agree with you AND disagree with you (and have no idea you exist). [what about Gator?]  Interest in 1A is also to encounter people you don't know.  Eg, parody sites!  Will take creative minds to design these spaces that will solve problem of proximity and attention.  When they arrive, let's not assume that they're destroying property, but decide whether they're promoting basic democratic values of routing around and glomming on.

Bravo! 

Jon Zittrain is up now to talk about filtering in China and circumvention of such filtering. And hacktivism.

Shows a DMCA notice received by Google for infringing search listing -- threat is that Google will be sued unless it takes result down.  Google even says that there are things you're not seeing.  So Google is cooperating in taking things away from public view (supply side filtering).

If you're China, and you want to stop your citizens from seeing things, you stop people from even seeing google.com (shows search page from Beijing University).  Shows lists posted of blocked sites.  All of MIT and Brown blocked; and all US courts.

JZ did a dialup to Beijing (from his office in Cambridge) to see what could be seen -- but that was expensive.  Then Ben Edelman and JZ asked Chinese servers what was available (eg, search results on google.com for "Tibet" -- top search results unavailable from Chinese servers).  And people out in the world found many other additional sites blocked.  Over 50K were blocked.

Doing this work is becoming more difficult.  (And empirical research is hard!)  Effort to do this entails assuming that China blocks sites for everyone (or not).  Looks as if what's going on is more subtle.  If you type political name into Google, suddenly you won't get access to Google any more. 

Evolving towards a drivers license approach - eg, junior highs do this.  Maybe countries may someday as well -- AUPs for citizen use.  We'll be taught what we should do and what we shouldn't. 

Saudi Arabia also does this -- and allows sites to be unblocked.  Gave JZ two weeks to see what's blocked.  Both SA and China block some common things (like Amnesty International).

Pennsylvania does this too.  Discusses Pappert case statute.  Order can go out to PA ISP saying don't allow Pennsylvanians to go out to particular sites.  (JZ didn't mention that CDT is leading this litigation; see ABDavidson presentation.)

JZ is tracking all of this using the OpenNet Initiative.  Accepting help.

Now:  circumvention.  OpenNet has a circumvention lab in Toronto.  Internet offers opportunity to unhook civil disobedience from wrong being attacked -- before maturation of social moment.  [distracted for a few minutes]

Quick tour of JZ efforts.  Thanks!

Lee Tien:  How does a user know when a device has been redesigned to limit what the user can do?

Deeply, this is a question about the nature of law.  We have a legal sense that appeals to a sense of legitimacy and discourse.  Where architectural regulation hides what it does, we're heading out of law and into instrumental control.  We're leaving the realm of law and any moral dimension/legitimacy issue.

Cf. seatbelt regulation.  Everyone knows about that and can see it.  But when we talk about privacy we're talking about govt attempting to change the conditions of social experience.  From a 4A standpoint the standard is reasonable expectation of privacy -- and if we have no concern about govt steps to design things, we won't know what has happened to our privacy or what is reasonable.  We won't have the opportunity to experience that privacy.  (eg, never having had doors on phone booths would have changed the Katz result).

So rearchitecting network to expose information (creating an audit trail, as Nimrod suggests) may foreclose personal experiences that might inform expectations about privacy.  Eg, zipcode plus birthdate is enough to re-identify 80-90% of data -- triangulation is very easy.  Yahoo! gets this information all the time from users.  Do I know what the invisible consequences of my actions are?  What do you need to know when you're on the internet or using DRM?  How is that that you know you're being injured in some way? 

Do users need to know design options (could it have been done differently so this wouldn't have happened)?  Without knowing the harm, how can your expectations be shaped?

When you're dealing with systems, parts of these systems are in shadow -- so we can't know how these work (eg, PCs, telephones).  Metaphor of architecture means we only perceive in bits and pieces.

Finally, in the world of enforcement -- we don't talk much about the way automated enforcement changes things.  Rules can have a normative career; enforcement of rules is an entrepreneurial event.  You make a decision, using your discretion, that has cost.  That's not the case in architectural decisions to enforce.  Additionally, architectural enforcements are private and unseen.  We can't work on the social meaning of a rule.

Excellent, thoughtful talk by Lee.

Paul Ohm gets up and confesses that his boss is John Ashcroft.  Gets a laugh (post John Podesta talk last night about Ashcroft as destroyer of civil liberties).

Technology in the courtroom:  Too much of it, and not enough of it ("hyperlinks are typically blue").

Digital evidence review:  we look at hard drives for things (what will they do when hard drives go away?).

But question is:  is the person looking at hard drive an expert?  Do we need a Daubert hearing?  Usual answer is "yes."  If we're going to have someone saying child porn is there, we need to be able to say that person was an expert.  Certification as an expert is viewed as needed. 

But it shouldn't be that everyone talking about a hard drive file has to be qualified as an expert.  Eg, if someone pulls fibers on behalf of the FBI, we don't need to say that person is an expert.  This high hurdle won't change Ohm's job -- there are plenty of resources there.  But for small-time prosecutors, it creates enormous costs.

Second:  Court opinions in the surveillance/seach and seizure field are rare.  And they describe technology clumsily.  Where statutory construction depends on this, we're in trouble.  It's not that judges can't understand technology, but analogies don't work well, and litigants don't help them, and labels for things change rapidly.  Eg, arguing to the court that "the internet is like a giant tube, and if you put too much into it it will burst" (for distributed denial of service).  Doesn't help people understand things.

And even use of "email" as a term, without further description or definition, doesn't help people much.  Over time, things change.  So we can't understand the scope of the precedent.

Eg, under Stored Communications Act, what does "electronic storage" mean? defines line between search warrants (storage) and subpoenas (if not storage).  Kozinski focused on "backup protection" element -- all email systems are in backup protection.  But what's he talking about?  POP, IMAP, webmail? entire logic turned on this distinction, but we can't tell what's going on. 

In CDA case:  Stevens says web pages "generally also contain 'links' to other documents created by that site's author"... "typically, the links are either blue or underlined text"

He gets a big laugh and applause.

One of the paper-writing winners (Nicolai Seitz) is standing up to talk about the problems of transborder enforcement of requests for information.

In 80% of all German cases, access to data located abroad is necessary for criminal investigations inolving the internet, he says.  Usually, people ask for letters rogatory, but this takes an enormous amount of time.  And evidence is often deleted.  There have been some improvements in the EU cybercrime convention, but these are inadequate often.

The solution?  Transborder search might do it.  But this might violate the international principle of territoriality.  And, such efforts might make changes on foreign soil.

He points to cybercrime convention.  Article 32(b) doesn't cover transborder search without consent (does cover search with consent).  There's a case (Ivanov-Gorhskov) that does touch on this issue, but FBI has overreached and we're worried (FBI accessed password-protected servers in Russia and downloaded evidence in form of data).  Terrorism may be seen by FBI as a good enough reason to trigger transborder searches and create admissable evidence.

This Russian case is an egregious example of overreaching by US, and we would be outraged if they did it here.  But it underscores the need for some transnational cooperation agreements about this subject.  We have no standardized international practices.  Seitz thinks foreign retrieval of not-freely-accessible data should be illegal.

Richard Clarke is the Washington personality of the week.  Marc Rotenberg testified in early December 2003 before the same Commission on a separate issue re security/privacy issues for going forward in preventing attacks. 

Four key points he made then:

1. long tradition of privacy protection for communications and records stored by governments.  Established during times when US faced nuclear weapons, unrest, assassinations -- but Congress went ahead and set them up.

2.  Sept. 11 provides major challenges, and the people involved in coordinating in govt. efforts completely changes the Terry landscape.  Checks and balances have been changed.

3.  Our understanding of privacy enhancing technologies following 9/11 has changed.  We thought there were tools that could enhance privacy -- TIA bothersome because message was that it would protect privacy, because govt surveillance under it would be less intrusive than other alternatives.

To understand this issue, three dimensions:

1.  What do we mean by privacy enhancing.

2.  What's relationship between federal govt and legal obs to safeguard privacy

3.  How does this all work in practice.

First, definitional problem.  What is a privacy enhancing technology?  Prior to 9/11, we all thought definition was an electronic world where transactions could occur that were verifiable and authenticated, but personally identifiable information wouldn't be necessary.  So these techniques would limit use of this personal information.

In the physical world, we can imagine cash, postage stamps etc. -- forms of value that allow transactions without personally identifiable information.  How translate this to the online world?  This was our core concept prior to 9/11.

No one proposed in Florida in 2000 that there should be an availability to check that vote had gone through.  Why?  Because concept of anonymity at that point, and recognition of need to sever transaction from surveillance is a core part of our democratic society.

This concept of a privacy enhancing technology was derailed by two processes:  first, in the private sector, the view that we wouldn't provide legal obligations to collection and use in the digital world.  it's just notice and choice.  So we saw P3P emerge to translate rights and obligations into a market-based transaction where anything goes. 

Post 9/11, law enforcement said we need to enable surveillance that respect privacy -- but what they meant by privacy was "within the context of a larger scheme that anticipates surveillance."  So, when a vote is cast, it becomes possible to link transaction back to the identified individual.  That's a principle without a boundary.

Rotenberg thought this idea died in the Clipper chip era.  People then said to open the door to this form of storage would create unlimited opportunities for abuse. 

Now our challenge is:  where do we stop?  If you assume all information might be useful in some investigation, where do we draw the line?

Go back to Brandeis dissent in Olmstead v. US.  What would be the appropriate 4A standard to apply to the conduct of telephone surveillance?  Was this warrant-based, or just out there in the ether?  Court said no physical entry has occurred, it's just information out there in the ether; if you are concerned, go to Congress.

Holmes dissented ("a dirty business").  Brandeis said:  look at surveillance in electronic space -- this is far more invasive than what would happen in physical space.  In electronic space, we're unbounded by space and time.  Could be lots of people talking, on many different subjects.  He argues for a higher standard of oversight, because oppty to obtain information is so vast.

When you go to wiretap statute of 1968, it's a "super warrant" when compared to what you get in physical space.  Constitutional response is based on fear that govt will overreach. 

So answer about incorporation of techniques to protect privacy post 9/11 is to keep in mind:  to the extent actors seek to comply with legal obligations and claim that they are "privacy enhancing," then technologies must incorporate auditing, transparency, all other requirements -- because of the enormous risk of government misuse.

Sonia Katyal is up, reminding us that it's important to think about the relationships among public/private law enforcement and surveillance.  Cyberspace allows us to contemplate the limits and possibilities of architecture and law.

Focusing on piracy surveillance:  monitoring users.  Convergence between modes of consumer surveillance and law enforcement -- but quite distinct from both.  An extrajudicial regime of copyright enforcement that poses serious complications for privacy, security, and anonymity.

Basic premise of the paper is an architecture of p2p transmissions.  Rise of piracy surveillance in cyberspace is attributable to this type of architecture.  In property, we have bricks for architecture; in cyberspace, architecture is permeable, allows facilitation of surveillance.  As consumer surveillance rises, we see rise of piracy surveillance.  (By piracy surveillance, she means monitoring that encompasses private notions of infringement; done privately; extralegal -- outside of ongoing litigation). 

Interesting from an IP perspective, because this kind of surveillance alters understanding of IP rights in cyberspace, by giving copyright a predatory and invasive and panoptic dimension.  Speech-based judgments as well.  Enables a copyright owner to determine whether or not an individual is engaging in fair use (and raises substantial due process concerns).

Three major forms of surveillance:  raise similar issues.  Eg, monitoring, using smart agents or bots that search for files.  Key problem raised by that is seen in Verizon case (challenge to 512(h)).  Disclosure of identity with very little real judicial oversight.

Also, problem that similar (but noninfringing) files will be caught up in this.

And how do we protect anonymous speech.

Two other forms of surveillance:  DRM collecting consumer information.  And interference (self-help).

Normative conclusions:  This modes raise complicated questions about the intersection of privacy and identity.  We shouldn't avoid enforcement, but should do it to fit freedom of speech and informational privacy.  Don't force tradeoff between privacy and protection of property.

Orin Kerr is up.  His suggestion is that computer-related crimes will end up with a different set of procedural rules -- "network" criminal procedures.  Even if crimes remain the same, they're committed in different ways.  New facts will trigger needs for new laws.

Start with physical world crime -- bank robbery.  Fred will walk in, go to teller, hands note, teller gives money, goes to car, runs away. 

Cop will show up -- what does he do? He looks for eyewitness testimony.  He also observes what the bank is like and whether there are trace materials of the crime.  He will collect physical evidence tying the crime to Fred.  Eg, the threatening note.

Fred gets out of prison, says he'll be an online bank robber.  He'll hack into the bank.  Logs onto ISP and passes through intermediaries to hide his tracks.   Sets up account, fills with money, sends money offshore.

Now you're the police officer called to investigate this crime.  You'll notice a really different crime scene.  No physical evidence, no eyewitnesses.  Just zeros and ones.  Have to trace evidence back to attacker, but can't do it in traditional ways. 

So you start from bank victim, track back through intermediaries. Hope that system admin has these records.  Trace back to Fred's ISP, and hope that ISP will help you.  But you don't have proof beyond a reasonable doubt -- you only have electronic evidence from third parties.  You have to get a search warrant and go to the target's home -- then forensically analyze Fred's computer.  Fred might keep notes ("I'm looking forward to hacking into the bank tonight.")  You seize the drive and image it, then run a string searcdh for that account number.  Takes weeks.

Different set of processes.  What does this mean for law?  Means that we need new rules to regulate these processes.  4th Amendment and 5th Amendment are tailored to the physical world.  Eg, search rules are about "the entry of the place."  Also, collecting physical evidence is about 4th Amendment seizure rules.  So how do those rules map on to facts of investigations of online crimes?

They don't map well.  You either get extraordinarily expansive rules or rules that are too narrow (where there are no real threats).  We need a relatively balanced set of rules.

Eg, if you want to get records from a third party, you have to get a subpoena.  No privacy protection there.  Traditional 4A doesn't apply to third-party stored information.  This just isn't a problem in the offline world.  So we have new facts where the information is collected and stored in a different way.  Old rule doesn't help.

Last stage -- forensics.  Bunch of interesting problems.  If you map what has to happen to 4A rules, you have big issues.  For a warrant, you have to describe things and only take that.  But in online crime, might be lots of other evidence involved.  Can't get a pinpointed warrant -- have to seize more than you have probable cause to seize.  What about making a bitstream copy?  Is that a seizure of a person's computer?  Traditionally, no -- not a seizure, just making a copy.  So govt could run off a copy and search that!  But intuitively that seems like a problem.

So what will happen in response to this problem?  We've begun to see a new field of network criminal procedure evolving.  Eg, ECPA, and 18 USC 2703, regulates process of going to third-party provider and asking for information.  So it's more than a mere a subpoena.  Statute recreates warrant requirement from the physical world.

Similarly, for forensics, courts are creating new rules to cover these last-stage searches.  So, eg., in a home, the police can't look for physical information that hasn't been described.  But electronically there's no restriction.  So courts have changed rule that governs whether intent matters when you're searching a computer.  Outside scope of warrant/inside distinction doesn't matter.  Subjective intent, though, does matter.  We'll ask agent "what were you thinking when you accessed this file."  Courts are responding to changed set of facts by looking at intent. 

We'll see more and more computer-specific set of rules.  A new body of law to study.

Great presentation.  Good work, Orin!

Beryl Howell, formerly counsel to the Senate Judiciary Committee, is up talking about real-world problems caused by crimes on digital networks.  Moral for all three stories:  specific laws directed to specific problems are very important.  So we need to keep updating these laws to fix mistakes and keep up with changes in technology.

First -- leak of many staffers' memos.  Two Republican staffers had taken thousands of documents and zipped them up with passwords.  Taken from common server.  No staffers were supposed to look at other staffers' memos, but permissions were set incorrectly and the files were wide open.  Appalling breach of custom.  Was a crime committed under the CFAA?  Or just an immoral action?  What does "authorized access" mean?

"Authorized access" was intended to be a case-by-case inquiry.  [note that civil liability requires damage as well, so a higher standard than the criminal part.]  Seems to be "you know it when you see it."

Second case:  FBI agents arrive at a suburban house, say computer being used to distribute child porn.  Teenager there had downloaded Kazaa, downloaded files that contained child porn, then had become a supernode, being used as a pointer.  Teenager had enough files for a felony.  Had he been emailing images to his friends? going to specific sites and downloading them beyond Kazaa?  Son said he wasn't aware of anything.  Child porn is strict liability; hard to do forensic exams because examiners don't want to be in possession of it either.  Happy ending:  prosecutor declined to prosecute.  But signals that technology can take you over a line.  Is the user at fault, or the technology?

Third case:  Company target of embarrassing emails with sexually explicit attachments (sexually explicit patents) sent on their behalf; clients took business elsewhere.  Company seemed incapable of stopping it.  Insecure wifi points and student internet accounts used to send these messages; couldn't track spoofer down.  Howell's company did an investigation.  Complaining emails about these attachments were also spoofed (from "wounded grizzly").  Started talking to wounded grizzly; got an extortion demand for 17million.  Suspect surveilled; able to pinpoint him as spoofer.  Arrested him two weeks ago; found ricin and guns in his house.  Threats you think you're aware of are just the tip of the iceberg.

So we have a problem: limits of CFAA.  Couldn't go after "wounded grizzly" because act unclear; stymied legitimate self-help efforts.

Alan Davidson from CDT is up.  Why does criminal law only seem to expand?  Does it ever go the other direction?  "how many laws have you broken today?"  There's a disconnect between social norms and the laws we have on the books.  Why can't we allow rulesets to evolve -- and why can't we have different views about what's wrong online v. what's wrong offline?  A lot of policy FUD here.  Will rote application of offline law lead to unintended consequences.

Three quick examples:  the case of the nation of felons.  How do we think about criminal copyright?  Has changed dramatically in the last ten years?  We've have criminal copyright for a long time on the books.  Was a misdemeanor for a long time.  With 1997 NET act, we got rid of "commercial profit" requirement; instead said if you distribute works of greater than X value over Y days, you're guilty.

And in 1998, DMCA creates new crimes for circumvention and removal of information.

So we're responding to a felt need to protect material, but what's wrong with this picture?  Millions of people regularly violate this law.  And this is likely to get worse.  Expectations offline (first sale, fair use) drive us to use works online.  Technology that precludes these kinds of uses will be counter-intuitive for a lot of people.  Seems odd from morality perspective -- "criminal" activities may not be felt as wrong.  And from deterrence/utilitarian perspective; these laws aren't having a large effect.  What does it mean for the rule of law if millions of people routinely ignore it?

Two approaches:  House Judiciary committee; maybe problem is that it's too hard to bring these cases (so eliminate wilfulness, make a single copy made a available on a P2P network trigger wilfulness).  Second, give govt civil enforcement powers here.  This seems to resonate with online social norm.  A speeding ticket and not a felony.  We may be overreaching in our expansion of criminal law.

Second:  case of culpable carrier.  Creating criminal liability for ISPs.  Challenge in Pappert case:  DA can get ex parte order from judge based on showing that child porn is there; gets order saying "you must block material from this source."  Make sure they can't see this web site.  Couple things wrong with that.  ISPs block bluntly -- by blocking IP address.  This blocks all other things hosted there.  We discovered over a million blocked based on 500 blocking orders coming out of PA.  Well-intentioned law leads to incredible overbreadth.  Trend is to look to ISPs to hold liable.  Begins to jeopardize end-to-end model.

Third case:  case of the aborted Koogle family vacation to France.  Tim Koogle subject of criminal action in France based on larger Yahoo! case.  So he can't go there.  This was ultimately resolved just last year when charge dismissed [is that true?], but leaves open question about how to deal with criminal laws.  US govt will certainly do this (eg, Elcomsoft).  Calls into question relationship between individuals and govt. 

In DC, legislators only expand laws -- don't contract them. 

Five modest suggestions:

1. go slow re cybercrimes

2. revise defs of crimes and access

3. prefer civil enforcement (things less harmful in the online context)

4. issues of international prosecution

5.  tie to social norms more carefully

this was the best presentation on this panel.  Very substantive and thoughtful -- great job, Alan.

I'm delighted to say that I've been added to the roster of Fellows of The Information Society Project at Yale Law School. This means more trips to New Haven ("The Hub"), and, with luck, some engaging meetings in New York. Thanks.

I'm here in Room 127 of the Yale Law School for a cybercrime conference.  So far, we had an excellent keynote from Dan Geer, and Tony Rutkowski (VP of Regulatory Affairs at VeriSign) is getting up to talk now.

But I'm distracted by a conversation I had with someone before the meeting began.  He said that this whole game of ICANN and VOIP and lots of other worries is essentially over -- FCC plans to assert jurisdiction over the DNS as an IP-enabled service (and assert jurisdiction over email and any other application that uses IP).  He pointed to an FCC NPRM (MC 04-36) in support of this assertion.  He also said that the EC has issued a similar notice.  These notices point to a limited set of obligations for providers.  Game over, in this individual's view.

Back to Tony.  He's pointing to the fact that there are very few content intercepts in the real world.  Most requests are made for subscriber information.  Law enforcement access is essential, and all we're talking about is what costs will be paid by whom.  Anonymity is over.  Key developments are happening in the private sector.  In the public sector, we're talking about the cybercrime treaty (probably will come into effect this year), the UK data retention code, and the FCC CALEA proceeding.  Europe cares only about data retention; they're way past CALEA.

He says re CALEA proceeding: 

Coverage:  Nothing really new here (real time access to data is a fact of life under state and federal law); we're just shifting costs to providers.  And need capabilities in place in order to do this stuff.  Law enforcement has a critical need for access in today's nomadic architecture environment.  He says this is innovative.

Compliance:  Creative, more flexible, adopts 15 month benchmark approach to enforcement.

Costs:  Pass on implementation costs to subscribers; transparency is good; service bureaus make the costs minor; parity with other regulatory mandates (E911, Universal Service); costs are trivial compared to stored data production via subpoenas. (that's an interesting point, if true, and Tony seems to know what he's talking about.)

More when the next panel comes up.

Paul Marino is going to help me pull together some surprising Machinima materials to show the Copyright Office.  This will help me pose questions to the group -- like who owns what and why, and what if another avatar wanders by?  Thanks to Ernest Miller for the suggestion.

I just watched another Red vs. Blue movie, and I'll need Paul's help making a zippy demo out of this.  All ideas welcome.

Next Thursday, I'm giving a lunchtime talk to the Copyright Office (part of a program called The Copyright Office Comes To New York).  Send me your suggestions.  This is my chance to say something sensible.

I thought I'd talk about the feeling of being in Canada in June 2003, during an otherwise uneventful ICANN meeting, when Lawrence v. Texas came down.  The Canadians were feeling awfully smug and superior.  They didn't have to tussle with any ridiculous anti-sodomy laws.  They had even worked peacefully through the issue of same-sex marriage.  They were waaay ahead of us, and surprised at our lame approach to these issues.

I'd mention with sadness the prospect of more election-year debate over same-sex marriage.  (Fighting over who gets to marry whom seems completely pointless to me, and I'm embarrassed that those who govern us are even worried about it.) 

Then I'd talk about the recent Canadian copyright decision to which Michael Geist has pointed us.  Once again, our friendly neighbors to the north seem to be waaay ahead of us.  According to Michael, the Court concluded that the Canadian analogue to the fair use affirmative defense "should be granted a large and liberal interpretation."  Indeed, Michael points out that the court shaped this "exception" to copyright infringement (in our parlance, this defense) as new copyright rights for users.  Users' rights.  Those Canadians have the idea that these rights need to be balanced against the rights of copyright holders. They also think that it's appropriate for manufacturers to presume that their machines will be used for lawful purposes -- and they seem to think that copying for personal purposes is different and special.  Hmmm.

Then I'd talk about some of the more outrageous elements of the broadcast flag proceeding (continued studio role as gatekeepers) and what's coming up next via the analog hole funnel (lingering on nomenclature here).

So:  don't blame Canada, blame us if we can't get this right; don't press for more laws or tech mandates at the moment; keep the FCC out of copyright policy; let Congress decide the difficult questions of secondary copyright liability.  Congress has been decidedly not technology neutral when it comes to the internet (section 230 comes to mind).  We should want to avoid another Lawrence v. Texas moment 15 years from now -- when we come to our senses after a great deal of wasted time.

Look forward to your comments.

The New England Spring Flower Show is on right now in an enormous hall near the JFK Library.  It doesn't have much to do with copyright, but it has a lot to do with spring.  They've created warmth and color (deep oranges, bright blues) by forcing flowers to bloom and then bringing crowds by to admire them.  I'm not a gardener, but I'm related to generations of gardeners, and I have respect for the enterprise.

The kind of gardening that takes place at the Spring Flower Show is carefully planned and executed.  It's a celebration of control; the plants are spaced beautifully and placed against each other so as to show up well; silvers and blues, rough and smooth.  It isn't spring -- not yet -- and many of the blooms don't belong together because (the gardeners tell me) they'd never be present at the same time in the real world.  But they're all there in the convention hall, blooming bravely under bright white lights.    

The moss is dying right and left, and many of the flowers are starting to look tired -- I guess it's a strain, being forced to bloom. 

If you think about it, it's what will happen in the minds of the gardeners that's really interesting; they'll bring ideas home and try them in their own back yards.  Notes were being taken; advice was being sought.  There is beauty made possible by the control in the convention hall, and a great deal of work has gone into making those exhibits possible.  But the show gardens, although ordered, can't be owned.  No one seemed too worried when pictures were taken of their model gardens by amateurs.

It's good to get away from ownership once in a while.  We so easily go too far.

So (as they say in cybercircles) I've been working on some new ideas.  The Cigarettes and Copyrights article is gaining flesh ("don't let the broadcast flag go through, because the FCC has exceeded its jurisdiction and is making copyright policy").  Now I'm working on a new project.

The main idea here is that we take lazy shortcuts in reifying information.  We use property concepts ("trespass to chattels") in talking about automatic searching of information that will do nothing other than lower costs.  We confuse objects with information when we talk about whether people have rights to access content stored in a particular format ("you can watch that DVD and take notes; you don't have a right to manipulate that content when it's in DVD form").  Software is a hard case, and sometimes it's not clear whether it is speech (bits) or action (atoms). 

But these lazy shortcuts are ultimately quite destructive.  After all, law is about people.  Law is supposed to serve people.  So we should serve core human values in developing legal frameworks.  People progress through acquiring (participating in, creating) metainformational depth.  That's what maturing and learning is; that's what a cultural conversation is. 

What's interesting and different about information (as opposed to clods of dirt) is that it interacts and amplifies in ways that dirt doesn't.  It's not just that information isn't scarce -- although that's a difference too.  That difference isn't as fundamental, though.  It's that information isn't conserved and interacts with other information in ways that create (taa-dah) metainformational depth.  Dirt can't do this.

So, any time we unnecessarily reify information, or drag in bodies of assumptions that are based on objects, we're cutting ourselves off from basic human interests in metainformational interesting-ness.  We don't even know what we're missing.  But it's very likely that more complex and interesting clumping is being truncated.  Without that clumping, we can't learn. 

We need to have different (more sensitive, more freeing) regimes for information than we do for real property, and we need to be careful about lazy theoretical shortcuts that don't do us any favors.  Pieces of dirt can't talk, so they're fine under real property law.  But as humans we need to be careful not to cut off our own conversations.