Regular Slashdot contributor Bennett Haselton wrote in with a story about the DMCA. He starts "On January 16, a man named Guntram Graef who invoked the Digital Millennium Copyright Act to ask YouTube to remove a video of giant penises attacking his wife's avatar/character in the virtual community "Second Life", retracted the claim and stated that he now believes the video was not a copyright violation. (He had sent similar notices to BoingBoing and the Sydney Morning Herald just for posting screen shots of the video.) His statements in a C-Net interview suggest that he didn't mean to alienate the anti-censorship community and was probably angry over what he saw as a sexually explicit attack on his wife. But the event sparked renewed debate over the DMCA and what constitutes abuse of it. I sympathize with Graef and I admire him for admitting an error, but I still think the incident shows why the DMCA is a bad law." Hit that link below to read the rest of his story.
The DMCA is known mainly for its two most controversial provisions: the ban on technology to circumvent copyright restrictions, and the procedures by which ISPs must respond to "take down" notices if a third party claims that one of the ISP's users is violating their copyright. The first of these, I am opposed to in principle; the second, I am not opposed to in principle but I think is too easy to abuse in practice -- because I think incidents like the Graef case and my own limited court experience in related areas has suggested that the protections against DMCA-type abuses are very weak.
First, I'm against the anti-circumvention provision in principle because I agree with the position espoused by the EFF that computer code is protected under the First Amendment, even if some uses of that computer code may be illegal. After all, at one point a U.S. court even ruled that a manual for carrying out murders as a hit man was protected speech! That ruling was overturned on appeal, and the case was settled out of court before a final decision was ever reached, but still -- given that a handbook for killing people was considered free speech by at least one court, it's a bit of a stretch to think that a DVD-copying program should be given less protection. Just because X is illegal does not mean that tools or instructions for doing X should also be illegal.
With regard to the second provision, I'm not against requiring ISPs to take down infringing material on receipt of a notice from the copyright holder. But in practice there are two avenues for abuse here: (a) the party sending the take down notice can make statements that are not technically false, but which have the effect of persuading the ISP to take the material down, or (b) the party sending the take down notice can simply lie -- because the truth is that in too many cases, false statements made "under penalty of perjury" are not prosecuted, or even noticed, by the courts.
The EFF has already done a good job documenting abuses under the DMCA, and I'm not going to repeat all of that here. My argument is that these are not just temporary problems with a relatively new law, but rather that the abuses are the result of realities that won't change any time soon: ISPs being too busy to look closely at every complaint, and courts being too busy to go after everyone who violates court rules to get what they want. And thus it does no good to say that the DMCA would be fine if only enforcement actually got done properly instead of the ham-handed way it's been carried out so far, because that's not going to happen.
As I said, I think that if you have a bona fide case against a party, there's nothing wrong with taking action against them that would otherwise be considered a violation of their privacy and other rights. I've never sent a DMCA take down notice myself, but I've been involved in court cases in which I asked the judge to sign an order requiring a third party to turn over information about someone that was pertinent to the case. I don't consider that an abuse of the system, if the information you're after is relevant.
I realize this may separate me from some fellow privacy advocates, and some of the things I've done may make them uncomfortable. In one case, I had invited a girl to a charity luncheon where the tickets were $100 apiece, and when she showed up she had "forgotten her checkbook" and needed to borrow the money... Now, don't get ahead of me... Later, in what will not come as a huge spoiler to my fellow male Seattle residents, she apparently decided that, being a non-overweight, non-single-Mom, non-sexually-repressed girl in a city full of rich single guys, she was under no obligation to pay me back, and said, "Go ahead and sue me". Anyone who knows about my sideline taking spammers to court would tell you, it is not a terrifically smart move to say to me, "Go ahead and sue me". So, since I was going to be at the courthouse for an upcoming case against a spammer, I figured, why not, and filled out a Small Claims form with the defendant's address listed as "to be determined", since all I had was her cell phone number. Then I asked the judge to sign an order asking T-Mobile to give me the rest of her information so I could serve the papers on her. The judge signed it, I mailed it off to T-Mobile, and three weeks later T-Mobile sent me a letter containing her address, where I had the papers served. Most people don't know it's possible to do this just in a case where someone owes you $100 and all you have is a phone number, but that's just because a lawyer would never bother with such a small case, and most non-lawyers don't know the option exists -- and of course, it also depends on the judge, who may or may not sign the order.
(In that vein, people always ask me, is that sort of thing really worth the time? In this case, since I was going to be at the courthouse anyway, the extra time to write the motion, get it signed, and mail it off, was less than 30 minutes. But I was mainly curious about whether or not it could be done, and how much privacy protection there really is under the law, and knowing that was worth more to me than the $100 anyway.)
So I don't think it's unethical to request such information if you have a genuine case against a party. But while I don't think that what I did constitutes abuse of the system, I think it clearly shows how the system could be abused. Nobody checked my ID when I filed the case or asked the judge to sign the subpoena; I could have been anybody, and I could have disappeared once I had the information. (I had T-Mobile mail it to my address, but I could have just as easily had them mail it to the court, and then gone down and asked to look at the court file.) DMCA opponents should be aware that even without the DMCA, privacy protections are not as great as most people probably think they are.
As a result, I'm especially nervous about laws that enable abuse based on copyright assertions, because almost all of the legal threats we've ever received at Peacefire were based on what I considered to be bogus "copyright" claims. In 1997 we published a program that you could run on any computer with CYBERsitter blocking software installed, and it would decrypt the file that stored CYBERsitter's "secret" blocked-site list, and print it out in plain text. The CEO of CYBERsitter claimed that we were "violating every intellectual property law ever written" and sent threatening notices to our ISP demanding that they remove the program. I argued that every byte of the decryption program was our original work, so it didn't violate their copyright. In fact, it didn't even enable violations of their copyright, because it didn't make it any easier for someone to distribute illegal copies of their program, and I also said the decryption program served a worthwhile purpose by allowing customers or potential customers to see what the program really blocked. (Although to me, the enabling issue and the "worthwhile purpose" issue were secondary to the primary point, that original works of computer code should be protected by the First Amendment.) Fortunately our ISP stood their ground, but if the DMCA had existed back then, CYBERsitter could have invoked it, and possibly the extra pressure might have caused our ISP to back down. (Blocked-site-decryption programs were originally exempt from the DMCA as a result of the decision of the Copyright Office, but that exemption was revoked in 2006 because nobody had written a new decryption program in three years.)
So that was an example of how a company could intimidate an ISP into taking down material, without technically lying about the situation, but tacking on the words "copyright violation" and hoping the ISP would capitulate. What about cases where the sender of a DMCA take down notice just lies?
The Dutch activist group Bits Of Freedom conducted an experiment in 2004, in which they signed up with 10 different ISPs and posted a copy of a work that was clearly labeled with a notice that the author had died 100 years ago and the copyright had expired. Then they sent fake "complaints" to all 10 ISPs from an anonymous Hotmail address. 7 of the 10 ISPs removed the content immediately, and one even replied to give the personal details of the account holder, without being asked to do so. So completely fictitious complaints do apparently work. The DMCA does more protection than that because it requires the complainer to make a copyright claim "under penalty of perjury". But how much assurance does that really provide?
No one has yet tried to get our site shut down with a copyright claim or other accusation that was simply made up out of whole cloth. But my experiences in other areas have left me without much confidence in statements that are made "under penalty of perjury". The times I've been to court against spammers, I usually get to watch a few other Small Claims cases being tried. Probably at least once every time that I've been there, it's come to light that some party in a case said something that they almost certainly knew was not true, and I've never seen a judge do anything about it -- and court employees who have been there much longer have said they've never seen it happen either. (Judges are far more likely to get upset about people speaking out of turn. It's OK to lie, as long as you do it while the judge isn't talking!) It's true that Small Claims court is for resolving small matters, but lying under oath in Small Claims court is still a felony, punishable at least in theory by up to 10 years in jail. (And in any case, lawyers have told me that even in higher-level courtrooms, most false statements don't get anyone in big trouble. High-profile cases like Martha Stewart are the exception.) I don't think that everyone who lies under oath should go to the big house for 10 years. But I have no faith in the DMCA just because it requires accusatory statements to be made "under penalty of perjury", when judges usually let false statements under oath go completely unnoticed.
I doubt that a lawyer would risk their career and even their freedom to make up a completely fraudulent DMCA claim against us, such as claiming a page on our site was a ripoff of something originally produced by their client. But I don't think it's out of the realm if possibility that a lawyer would claim that, for example, a parody of one of their logos that appeared on our site, was a "copyright violation" -- even though the company would almost certainly be advised by their lawyer that such parodies are protected speech, which means their statement would constitute perjury, but it would probably never be punished.
The low point of my own confidence in the enforcement of anti-perjury laws, came when I sued a spammer who appeared in court and claimed that he had absolutely no knowledge of the spam being sent, and had never accepted any orders for spamming of any kind, while the judge, who appeared to hate anti-spam cases even more than most judges did, kept haranguing me for suing a clearly "innocent" person. I then played a recording of a conversation that I had with the spammer over the phone, pretending to be an interested customer (with a disclaimer played at the beginning of the call saying that it could be recorded, in order to make the taping legal), in which he said, among other things:
"I mean, we have all their information to back up any email we send them. If we have their ISP information, we can prove that they've given it out, because you can't get someone's ISP unless they've given it to somebody." [sic -- he meant "get someone's e-mail address", although the statement is still wrong]
"Do you already have your creatives and everything? So I've just got to upload what you have and just blast it out?" [note: "creatives" are copies of ads that sent out for you by advertisers and spammers]
"It's a United-States-based company but they pump everything through China and then it comes back to the United States."
The judge appeared very flustered at that point and started accusing me of "entrapment" (which was backwards -- I'd never heard of the spammer until he spammed me first, and then I called him afterwards, just to get evidence that he was in the spamming business in case he showed up in court and denied it). Since she claimed it was entrapment, I still lost and the spammer walked out home-free, without the judge ever even commenting on the questionable veracity of the statements he had made at the beginning. And that is all the protection that exists in the real world against people making false statements "under penalty of perjury".
The point is that when reading the wording of a proposed law, there's a temptation to think that the scenario described is exactly how the law will play out when it's enforced (see the "Alice, Bob and Charlie" scenario in the Wikipedia entry on the relevant section of the DMCA), and that anyone who deviates from the rules will be punished. But my narrow experience in court, in an area unrelated to the DMCA, taught me some things that several lawyers, with sad smiles, have confirmed to be true throughout the law: (a) judges will do what they want; (b) even if judges do sincerely want to follow the law, they're unlikely to agree on what it says; and (c) courts don't have the will or the time to chase down every person who violates the rules.
Don't judge a law by what it says will happen. Judge it by how it will play out if more than half of the steps in the process get screwed up. Guntram Graef apparently wasn't even trying to do anything dishonest when he got a video removed from YouTube on the basis of copyright claims that turned out not to be valid. Imagine how much abuse is possible when you're gaming the system on purpose.