A hacker crackdown?

As the long arm of the law reaches Napster and its lookalikes, programmers could be held responsible for what others do with their code.

Topics:

A hacker crackdown?

Shawn C. Reimerdes awoke on July 26, confident that his own fate had nothing to do with Napster’s. He had just released Yo!NK, a file-sharing program that could be used to trade copyrighted MP3s, but since the Yo!NK network consists of various servers whose owners voluntarily host the program, Reimerdes figured he was safe.

“They realize they cannot shut down these decentralized systems,” the 23-year-old Queens, N.Y., native wrote in an e-mail that morning.

Then, at about 8 p.m. EDT, Reimerdes began to reconsider. He discovered in a chat room that U.S. District Judge Marilyn Hall Patel had issued a sweeping injunction against Napster, blaming Napster’s founder, Shawn Fanning, for creating a “monster” that has encouraged millions of people to download pirated MP3s. In her unforgiving ruling, Patel ordered the service to remove copyrighted songs within a matter of days — a sentence that would require Napster to shut down.

Suddenly, the scales seemed tipped. If Napster could be held responsible for how other people use its technology, couldn’t Reimerdes, whose Yo!NK gave people the ability to find music and movies all over the Web — copyright protected or not — find himself in hot water? His program might be unstoppable, but he wasn’t counting on being held accountable for what others might do with it.

Even worse, as an independent programmer, couldn’t Reimerdes be held personally liable for the actions of Yo!NK’s users, if he was sued by the litigious recording or movie industries for contributory copyright infringement? Fanning is shielded by the corporate veil that was created when he transferred the software’s ownership to Napster, but in Reimerdes’ case, couldn’t a legal defeat cost him his car, his apartment, even his computer? Instead of waiting to find out, he went in search of a lawyer the very next day.

At about the same time, Freenet creator Ian Clarke experienced a similar change of heart. When Patel’s ruling first broke, Clarke’s e-mails were filled with fiery defenses, and on CNN, the baby-faced Irish programmer told the world he wasn’t worried about the ruling, since — with no central servers — his file-swapping software could never be stopped. But by early last week Clarke had changed his tune and was looking for ways to protect himself. “I’m investigating setting up a nonprofit corporation in conjunction with an L.A.-based lawyer,” he now says.



Is this newfound interest in the law warranted — or are these two programmers just paranoid? Well, if you listen to the attorneys, it sounds like a storm of lawsuits could rain down on developers at any moment.

An appellate court stayed Patel’s decision until summer’s end, leaving the gates open a bit longer to the MP3 free-for-all. But Howard King, an attorney for Metallica — which has brought its own suit against Napster — figures Patel’s ruling, if upheld, will give record companies and movie studios “the ability to bring actions for damages against users and developers — actions that will stop them in their tracks.” And Cindy Cohn, a San Mateo, Calif., attorney who successfully defended a professor’s rights to share encryption code with his colleagues, says “If Judge Patel … is upheld, then there is trace-back liability to the authors. It’s very likely that the creators of these programs will find themselves in court.”

It sounds a bit scary. And Reimerdes has been in this spot before. He was one of three webmasters sued by several movie studios late last year for posting the code of DeCSS, a program that decrypts DVDs. In that case, he reached a pretty easy settlement, by agreeing to take down the DeCSS code and not provide links to sites that posted it. But, his fellow defendant, Eric Corley, aka Emmanuel Goldstein, the publisher of the hacker quarterly 2600, is still facing down the movie studios, who will ask that Corley pay their legal fees (surely a bankrupting proposition) if they manage to win the case and permanently strip him of his right to post the code. And a separate DeCSS case in California is proceeding, with the DVD player industry adding new defendants as it finds them — everyone from alleged DeCSS creators like Jon Johansen to Copyleft, a company that sells T-shirts adorned with the DeCSS code. In essence, the DVD cases go one step beyond the Napster suit — making not just the creators, but even the distributors of code, somehow accountable for the uses it may be put to by others.

Free speech, copyright, piracy and the fundamental nature of source code — ever since the Internet began its surge to cultural and economic prominence, these concepts have swirled around each other in a confusing and contradictory morass. Now, in courtrooms from coast to coast, judges are attempting to bring order to the burgeoning online chaos. And from the first indications, programmer freedom may end up coming under the most sustained assault yet seen.

If courts decide that software’s creators are responsible for how their creations are used, we could find ourselves facing a colossal cultural shift. Ever since 1945, when the physicist J. Robert Oppenheimer defended his role in building the nuclear bomb by saying, in essence, “I built the bomb, I didn’t drop it,” American inventors have enjoyed the luxury of moral indifference. Gunmakers, carmakers and plenty of other industries have made successful use of this argument.

But legal experts say it’s not so clear-cut for software. For one thing, courts haven’t even decided how to classify code — is it primarily a tool, a service, a work of art? And what to do about the fact that one developer’s code has the inherent ability to morph in the hands of another? Unless technologists take a leading role in shaping the legal debate, says Jennifer Granick, a San Francisco lawyer who regularly defends people accused of computer crimes, Oppenheimer’s legacy of freedom could be lost.

“People have always said that the law doesn’t matter because technology will outpace it,” Granick says. “The idea is that you’ll never be able to stop things like Napster or its new iterations — the horse is out of the barn. But the law is a lot more powerful than people realize. It has the ability to severely retard or stop these things entirely.”

Already, there is evidence that the mere threat of legal hassles is convincing some programmers to lay off their grand plans. Just ask Andrew Appel. The Princeton University computer science professor had wanted to post the DeCSS code last year so that his computer security students could analyze it and learn how hackers had cracked the original DVD encryption. But he soon learned about the federal injunction against DeCSS and, with no time to scrutinize the legalities, he says he “decided not to post it rather than run the risk.”

And more recently, at this year’s Def Con, the annual hackers conference held in Las Vegas (which took place the weekend after Patel’s injunction), “participants couldn’t stop talking about the law,” Granick says. She sits on a legal panel every year, but typically questions center on criminal liability: what will land people in jail. “This year, most of the questions were directed at the civil lawyer,” Granick says. “They’re not worried about going to jail. They’re worried about losing their businesses, their cars, their homes. They realize that they may be at risk.”

And these worries will probably result in self-censorship, argues Martin Garbus. “Whether a lawsuit is valid or not, the power of a lawsuit stops people,” says the First Amendment attorney, who is defending Corley/Goldstein in the DeCSS case. “The real question isn’t whether or not Corley or Napster wins or loses, it’s about how much the content industries are willing to throw at this issue.” Looking at the number of lawsuits they’ve started — MP3.com, Napster, Scour, DeCSS, iCraveTV and others — it’s easy to see that “they’re ready to throw a lot. The mere fact that you know someone is out there — with the money and desire to sue — keeps you locked up,” Garbus asserts.

Certainly Remeirdes is thinking about what might happen to him if the RIAA or the MPAA — which have already brought seven lawsuits against companies making possible the online distribution of various forms of entertainment — decide to make an example of him.

“I hired a lawyer to preserve the concept in case the media companies decide to sue me,” he says. “If the MPAA was going to come after me again, I wanted to make sure everything would be in order. I’m not going down without a fight. The worst thing that could happen would be to see federal judges censoring my coding.”

Whether or not that happens depends, in large part, on how the courts interpret copyright law as it applies to software. And copyright is a pretty murky area of the law. “Up until 1982 or 1985, copyright law was this very obscure branch of the law where you only had a few people in New York and L.A. who practiced it,” says Mark Radcliffe, a copyright specialist at the Palo Alto, Calif., law firm of Gray Carey Ware and Friedenrich. Unlike, say, product liability law, which is rich with cases of injury and harm, furnishing judges with a strong body of precedent to rely on, copyright law typically has come to play only in minor skirmishes that often settled quickly, leaving little of the legal nuance that most judges rely on. “There are still so many things up that are up in the air,” he says.

Under copyright law, for example, Clarke, Reimerdes and the developers of other file-sharing software could be held liable for contributory infringement if it can be proven that they profit from illegal uses of the service. Since no one has made any money from file-sharing just yet — not even Napster — they would seem to have a foolproof defense.

But, it turns out that “profit” can be construed in a variety of ways. “Even if it’s not in the form of cash, judges often find direct financial interest,” Radcliffe points out, noting that the court came down against a swap meet organizer who failed to keep pirated goods out of the flea market. Rather than considering the organizer’s role to be that of a landlord, who can’t be held responsible for what occurs on his property, the court ruled that organizers profited from a vendor selling pirated Latin music tapes, “because the seller draws more people to the meet, who then pay for hot dogs and soda, giving the swap meet owner a profit,” Radcliffe says. You can bet this precedent will be trotted out when and if Napster and its brethren ever start selling advertising.

And the profit question barely touches on larger holes in the law, including the fact that there is still no formalized legal definition for software. Is it a product subject to the same Uniform Commercial Code that would hold Maytag responsible if a washing machine electrocuted its user? Or because it can be repeatedly upgraded and changed, is it more like an ISP — a service that’s governed by the terms of a contract between its operator and user? Or is it speech, worthy of protection for its contribution to “an open exchange of ideas?”

No single statute or decision spells this out. Generally, the only thing the courts have established is that when software is incorporated into other products, it is considered a product. Radcliffe says that in one classic case, the courts held the maker of X-ray machine software liable for sending out a dangerous level of radiation — which suggests that if the GPS system in your Mercedes urges you to plunge down a hillside, the software’s designer would probably be found liable.

But this does little to solve the problem of pure software — things without a single clear function, code that can do as many things as a ball of Silly Putty. And it says even less about hybrids like Napster, in which you download a product that gives you access to a constantly changing service. Add to this the fact that software is by its very nature a malleable entity, and what you’ve got is a legal quandary.

What, from a legal point of view, is software? “This is all a new area,” answers King, Metallica’s lawyer. “I don’t think anyone knows the answer.”

And that’s why the stakes are extremely high in the DeCSS cases, the Napster suit and the potential for charges against Reimerdes, Clarke and others. We are on the verge of defining software and determining the responsibility of software developers to control the uses of their work. Programmers seem to grasp this reality almost intuitively. And people like Gene Kan, a creator of Gnutella for computers running Unix, or Clarke of FreeNet defend their right to code with vehemence.

“What technologists do is create technologies,” says Kan. “What policymakers do is try to control technologies that do ill and what criminals do is use the technology for ill purposes. So go after the criminals, not the technologists.”

Kan says programmers are being singled out. The law is threatening to abandon them even though it has previously protected the people who invented cars, guns, bombs and everything that’s come before.

“Computer technologists should not be held to a higher standard than anyone else,” he argues. “These questions were never asked when automobiles, paper clips, candles and computers themselves were invented. Fortunately not, because if society were bound to invent technologies which could only be used entirely within the law, then we would still be sitting in caves sucking our feet.”

And Clarke points out that even other technologists seem to be held in higher legal regard than the file-swappers. “The creators of the Internet know that the Internet can be used for violation of copyright, yet does that make them legally liable?” asks Clarke. “Creators of women’s pantyhose know that they can be and are being used in bank robberies, but does that make them liable?”

One hope left to programmers lies with the First Amendment. Garbus, Corley and others are relying on the idea that code is speech, that computer science is expressed as code and that if computer code is not afforded full First Amendment protection — in the words of Carnegie Mellon computer scientist David Touretzky — “anyone who publishes a computer program is at risk.”

On the last day of the New York DeCSS trial last month, Touretzky argued that if the court cracked down on people who simply posted code, it would be limiting his ability to discuss, analyze and tinker with it; it could conceivably take away his right to work and even to express himself.

“We’re looking at a new kind of vulnerability that we didn’t have before. The idea that we can’t talk about things is pretty un-American and dangerous,” he said in an interview. Besides, “It’s not always easy to foresee the effects of technology and a lot of times people are wrong,” he added, pointing to the much used example of VCRs, which rather than destroying the movie industry have made it far richer.

In arguing for the right to share code that may be used illegally by others, Touretzky asked the court to protect the freedom to share code as it does the freedom of speech. “My theories are expressed as computer programs,” he said.

But this argument is hardly foolproof. If the courts rule that DeCSS or Napster’s code is speech, for instance, it won’t necessarily follow that they are protected forms of speech. “Conduct is more important,” Garbus says. “It outweighs speech. That’s why in a draft card case called the O’Brien case, in which a guy burned a draft card, the courts held that that you can’t burn something of value. You can’t turn over a car for speech, for example.”

With that in mind, some attorneys suggest that developers take an active role in changing the conduct on their services. “There’s nothing about their programs that says they’re only for piracy,” says Cohn. But if that’s the only thing they are used for, they may still find themselves in trouble. After all, the most damning evidence against Napster, in Patel’s opinion, seemed to be that 87 percent of the songs were copyrighted.

“I think people who want to see this system go forward need to post other things — public documents and source code for example,” says Cohn. “Public domain items need to go on these networks. They need to be filled with ‘substantial non-infringing uses.’”

To a certain extent this is already happening. Freenet’s indexes — text lists of what people say they’ve posted — contain not just Britney Spears MP3s, but also a Commodore 64 programmer’s reference guide and the Unabomber manifesto. It also contains editorial comments like “INSERT ALL YOUR METALLICA. FUCK LARS,” but you get the point.

Still, this brings up the question: Will technologists have to clean up the messes made by the unruly, law-ignoring masses who might make use of their software? And, if so, shouldn’t we be outraged?

Bill Joy, Sun Microsystems’ chief scientist, says no, times have changed. “Most scientists, historically, have believed that discovering things was always OK, that they weren’t responsible for uses … That was in the days when there was a sharper distinction between pure and applied science, and between science and technology …”

“Now, it’s harder to argue that inventors aren’t responsible for consequences,” he says. “I think the common-sense answer is that scientists and technologists have to take responsibility. This is why I have argued, among other steps, to start with an oath for scientists along the lines of the Hippocratic oath. I think scientists and technologists need to make this part of their culture.”

That, however, is a process likely to be as lengthy and as contentious as any of the lawsuits against new technologies now making their way through the courts. And in the meantime, coders like Reimerdes still believe in the inherent power of technology — arguing that, with legal sanction or not, software and the applications people put it to, will certainly continue to unfold.

“It’s possible that the RIAA/MPAA will try and crush all the coders to ensure that their new business models survive,” says Reimerdes. “The DeCSS lawsuit was a scary example of just how far the corporations will go to try to stop technology and computer science. But more lawsuits against technology will just mean more ingenious software being written. You cannot silence the techno-elite. The idea has already been planted and others will help it evolve.”

Damien Cave is an associate editor at Rolling Stone and a contributing writer at Salon.

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and the friends with whom he recorded in middle school in Texas (photo courtesy of Dan Pickering)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser publicity shot (L-R: Tony Lash, Brandt Peterson, Neil Gust, Elliott Smith) (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and JJ Gonson (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    "Stray" 7-inch, Cavity Search Records (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott's Hampshire College ID photo, 1987

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott with "Le Domino," the guitar he used on "Roman Candle" (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Full "Roman Candle" record cover (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott goofing off in Portland (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser (L-R: Elliott Smith, Neil Gust, Tony Lash, Brandt Peterson)(courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    The Greenhouse Sleeve -- Cassette sleeve from Murder of Crows release, 1988, with first appearance of Condor Avenue (photo courtesy of Glynnis Fawkes)

  • Recent Slide Shows

Comments

0 Comments

Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>