Yes, Microsoft, This Really IS About Free Speech

Microsoft's attempt to silence Slashdot postings concerning its Kerberos extensions shows what's wrong with the Digital Millennium Copyright Act (DMCA)--and why it should be abolished immediately.

If you've been ambivalent about the U.S. Justice Department's plans to break up Microsoft, consider this: Microsoft's recent actions show that it does pose a threat to competition in the computer industry. But far more dangerous is the threat the company poses to the most fundamental freedoms that define human rights in a liberal democratic state, including the freedom of speech and the right of citizens to due process of law. An extreme statement? If you think so, read on.

You've probably heard that the premiere on-line discussion site for open-source software enthusiasts, Slashdot, received a demand from Microsoft's attorneys concerning postings that recently appeared on the site. These postings were about Microsoft's proposed extensions to the Kerberos security protocol, which Microsoft has incorporated into its Windows 2000 operating system.

What is Kerberos, and why is it important? Kerberos is a security infrastructure that was developed at the Massachusetts Institute of Technology (MIT) with funds provided by U.S. taxpayers. Since its development, Kerberos has become an international security standard and is widely implemented in computer systems. In keeping with the company's "embrace and extend" policy, Microsoft has added its own, proprietary extensions to this protocol, as it is implemented in the company's Windows 2000 servers. The effect of these extensions is to assure that, in an organization running both UNIX and Windows systems, only Windows 2000 servers will provide full functionality for both types of systems. It would not be overly cynical to suppose that the company's extensions to the Kerberos protocol are intended for no other purpose than to drive the company's competition out of the marketplace.

Because the release of Windows 2000 with the Kerberos extensions occurred in the midst of widespread public discussion regarding the merits of the proposed Microsoft breakup, it is obviously essential that an informed citizenry should be able to obtain the facts regarding Microsoft's Kerberos extensions. However, the company has chosen to treat these facts as a proprietary matter, a trade secret, and it insists that anyone who wishes to become familiar with these facts agrees to the following license:

The Specification is confidential information and a trade secret of Microsoft. Therefore, you may not disclose the Specification to anyone else (except as specifically allowed below), and you must take reasonable security precautions, at least as great as the precautions you take to protect your own confidential information, to keep the Specification confidential. If you are an entity, you may disclose the Specification to your full-time employees on a need to know basis, provided that you have executed appropriate written agreements with your employees sufficient to enable you to comply with the terms of this Agreement.

One would think that a company truly wishing to protect a trade secret would do everything it could to keep it private, but Microsoft chose to publish the Kerberos extensions at a publicly accessible web site. However, this site is not directly accessible unless the viewer assents to an "End User Agreement", in which the above-quoted license appears.

Where does Slashdot come in? On May 2, an anonymous Slashdot contributor posted the full text of the Kerberos specification. In the ensuing on-line discussion, additional contributors revealed that it is child's play to bypass the end-user license in order to extract the specification without having assented to the agreement; one merely downloads and decompresses the file.

On May 10, a Microsoft attorney wrote to Andover Advanced Technologies, the registered owner of Slashdot, demanding the removal of the following items:

  • Copies of the Kerberos specification that were anonymously or otherwise posted to Slashdot discussions;

  • Comments containing links to sites with unauthorized copies of the specification; and

  • Comments containing instructions on how to bypass the End User License Agreement and extract the specification.

What is Microsoft's legal rationale? None other than the Digital Millennium Copyright Act (DMCA) of 1998, a U.S. federal law that Microsoft and other large software firms strongly backed. Among the DMCA's provisions is a sea change in copyright law, one amounting, in effect, to a monstrous and constitutionally unsupportable denial of due process. In brief, the DMCA enables any person who purports to be the owner of copyrighted material to demand its removal from the Internet, without having to go to a judge to obtain an injunction. All that is necessary is a formal notification, such as the one Slashdot received, demanding that the Internet service provider (ISP) remove the offending page. The Act also states that, if the ISP fails to remove the page, the ISP then automatically becomes a co-infringer! The Act further spells out that, should the accused infringer believe the material is not subject to the claimed copyright, the infringer can put it back on the site after a 15-day hiatus - which is, of course, tantamount to an invitation to a lawsuit. For more information on this mind-boggling perversion of long-established copyright law, see Kupferschmid 2000.

What's so bad about the Microsoft-backed DMCA? For starters, it constitutes a wholesale reversal of basic, fundamental tenets of due process in U.S. law. Before the DMCA, copyright holders had to go to a judge to obtain an injunction before they could force the removal or suppression of copyrighted material. With the DMCA, that's no longer necessary. All it takes is a certified letter to an ISP, which is then faced with the following choice: either remove the material, or you become a co-infringer. Under such circumstances, ISPs will of course remove the material, even if they believe it does not infringe on anyone's copyright; who would want to take such a risk? In short, the DMCA - strongly backed by Microsoft and its growing army of well-funded lobbyists - represents a radical, subversive and unconstitutional denial of the most fundamental provision of U.S. jurisprudence, a tradition dating all the way back to the Magna Carta: that a person is presumed innocent until proven guilty.

During the Congressional debate prior to the DMCA's passage, a host of civil libertarians, legal scholars, librarians and free-speech advocates warned their money-besotted "representatives" that the proposed legislation would quickly become a weapon against the expression of views which corporations found displeasing. That is precisely what has happened. The Microsoft/Andover fracas is only the latest in a long string of cynical proceedings that were designed, first and foremost, to intimidate Internet service providers and independent critical commentators from publishing facts - facts that are needed by the public in order to reach an informed conclusion regarding matters of compelling public interest.

The very fact that Microsoft would be brazen enough to publish these alleged "trade secrets" on the Web, and then try to protect them with a "Click Here" licensing agreement, shows the appalling extent of the company's hubris and the deep, abiding threat it poses to the most basic conceptions of U.S. law. The "Click Here" concept is, of course, enshrined in Microsoft's most recent foray into the radical subversion of U.S. law, UCITA. In case you're not aware, UCITA is a model legislative act proposed for adoption by the 50 U.S. states. Despite the fact that it is opposed by 23 U.S. attorneys general, by every consumer-rights organization that has ever examined the issue, and by hosts of legal scholars, two U.S. states (Virginia and Maryland) have already adopted the measure. (In a noted U.S. pattern called "The Race to the Bottom", you can expect other states - hoping to cash in on lobbyists' bucks and the tax revenues they'll get by attracting software firms to their states - to adopt UCITA in short order.)

Among UCITA's many odious provisions is another blow against long-established legal conceptions, namely that consumers should be protected against contracts with small-print provisions which would be "surprising" to a rational, disinterested party. Under UCITA, when you click "I Agree", you're bound, baby. This will set off a round of on-line fraud cases that will undoubtedly tarnish the reputation of e-commerce, perhaps fatally. Under UCITA, for example, it's quite possible for an on-line vendor to attach a lifetime credit-card charge to a customer's account without calling this to the customer's attention, and there's no way the customer can escape the resulting financial obligation. (If you think this is an extreme analysis of UCITA, my source is none other than 23 attorneys general of the United States, who cited this potential as one of their chief objections to the proposed legislation.) If UCITA becomes law in your state, take my advice: don't shop on-line.

Microsoft's use of the "click here" end-user agreement discloses yet another devious and unconstitutional use of UCITA's would-be provisions: namely, the elevation of a legally weak (and probably unsupportable) claim to a "trade secret" to the level of copyright, which has much stronger protection (thanks to the DMCA). You see, trade secrets are protected only weakly by intellectual property law. In particular, a trade secret ceases to be a trade secret once it is revealed to the public, even if the revelation takes place by illegal means. With the DMCA, Microsoft can suppress the publication of the trade secret, or even the publication of links to material describing the trade secret, by claiming that the publication of this material violates copyright.

Let's sum this up, okay?

  • In a cynical bid to push its competitors out of the marketplace, Microsoft Corporation has appropriated and made extensions to an open, public protocol that was developed with the assistance of U.S. taxpayers.

  • It is widely suspected that the extensions Microsoft has introduced have no other conceivable purpose than to render its competitors' products incompatible with Microsoft offerings so that firms will be compelled to adopt Microsoft rather than UNIX servers.

  • U.S. citizens, faced with the prospect of a Microsoft breakup under the provisions of U.S. antitrust law, have a compelling need and right to know the facts and the truth concerning Microsoft's proposed extensions to the Kerberos protocol.

  • In U.S. law, it is a well-established tradition that the rights of copyright holders are not absolute, and that occasionally they must take a back seat to broader considerations of public welfare. This is precisely the line of thinking that holds the publishers of the Pentagon Papers, secret U.S. Defense Department papers regarding the Vietnam conflict, immune to prosecution under U.S. copyright law. Had the publication of the Pentagon Papers been suppressed, the U.S. presence in Vietnam may have been prolonged, and thousands more would have died in a war that, the Papers conceded, could not possibly be won.

  • Microsoft's strong backing of the DMCA, and its leadership in drafting and pushing for the adoption of UCITA, show that the company has too little regard for fundamental conceptions of free speech and due process under the law. The firm apparently aspires to become a state unto itself, and poses a genuine and very real threat to the fundamental liberties of people in all the countries where the firm operates.

What can you do?

Bryan Pfaffenberger, a professor in the University of Virginia's new Media Studies program, is the author of Linux Clearly Explained and the forthcoming Linux Networking Clearly Explained, both published by Morgan Kaufmann Publishers; and of Mastering GNOME, published by Sybex.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Ebay fraud and the DMCA being used to protect eBay

eBuster's picture

Yes eBay just got my site took down at www.eBuster.co.uk because it links back to scammer accounts on eBay so people can see the scams for themselves what these people are doing and it also contained copies of many pages I had preserved because eBay has a habit of trying to hide pages in an effort to prevent the course of justice.

The site also contains millions of eBay member names that can be searched but I’m not sure if that come under copyright law or not as it is possible to search member for member names from Google that gives you links directly into eBay accounts.

I think my best bet is to take a leaf out of eBays book which is to side step many laws here in the UK including the FSA by having eBays registered office in Luxemburg so maybe I need to look offshore myself for my service provider.

Maybe it’s becoming against the law to expose fraud on eBay as the only way I can see anyone making a case is by linking to eBay pages themselves or by taking static copied of pages but it seems both are prohibited under DMCA rules and eBay certainly seems to have their way with the law here in the UK when it comes to the Birmingham police and trading standards who point blank refuse to except concrete evidence linking a fraudster to no less than eight eBay accounts being used to sell death traps as cars.

What seems to have really have upset eBay was a fake login page hosted by about.ebay.com that I exposed on my site by taking a copy of the page and adding in big red text that not to used the page as it was a fake.

Any advise would be appreciated before I decide how I should go about hosting the site that is dedicated to exposing multiple frauds on eBay that eBay is turning a blind eye towards.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix