Video Cory Doctorow Talks About Fighting the DMCA (2 Videos) 48
Timothy Lord for Slashdot: Cory, we’re here at [Solid] and at Solid there is a lot of what they are calling the manifestations of software in the real world. When it comes to laws like the DMCA that affected great deal of software out there, I want to hear a little bit about how that affects devices and constructed things, objects in the world?
Cory Doctorow : Well, the DMCA was passed in 1998 and it was supposed to be an antipiracy law. It makes it a felony to break a lock that’s being used to restrict access to a copyrighted work. And in the early 2000s, we had a couple of important cases where companies tried to use it to do lock-in. So there was a garage door opening company, and they are called Skylink, and then Lexmark, a division of IBM, tried to use it to lock people into their printer cartridges. And in both cases, the judge looked at it and he said you know, there isn’t a copyrighted work that these locks are restricting access to, they are just like the only copyrighted work is the lock itself, the DRM is the thing that you are stopping the DRM from circumventing, it’s too circular. And the judge tossed them out. But today if you put a software lock on a set-top box or if you put a software lock on a home games console.
Slashdot: Really, that’s software.
Cory: Or a thermostat – yeah that’s software, like nobody is going to say, oh, iOS, that’s not a copyrighted work, right, really clearly it is. And so there is this invitation to firms to use locks to validate the add-ons and software for their technologies to maximize their profits. To make sure, in the case of cars for example that the only mechanics who can get diagnostics from the engine are mechanics who sign a license, that says we’re only going to buy original GM parts. And so then the GM parts, they can command a much higher margin, because all the mechanics who can do service, not just the mechanics who can display the sign that says, we are authorized by GM, but literally every mechanic has to buy their parts from GM. And so, you can see why companies will be really attracted to this. But the problem is that the DMCA in order to make software lock somewhat viable, because like anyone who has ever broken DRM knows that it’s just not hard to break DRM. So to make it viable, you have to make it a crime to tell people how to break DRM.
Slashdot: And a serious crime too.
Cory: A serious felony, five years in prison for first offense, $500,000 fine for first offense, you have to make it a serious crime to abet the breaking of a lock. And that includes telling people about vulnerabilities, right, flaws, defects in the code that you could use to leverage a jailbreak, because once you know about a mistake a programmer made, you can leverage a jailbreak out of it. And of course the vulnerabilities in your devices, they are not just used to jailbreak your devices, so that you can do more with them, they are also used by malware authors to jailbreak your devices, they can run malware on them, and better yet, they can run malware on a device that already treats you as an untrusted attacker and does whatever it can to hide certain processes, files and programs from you, so that once the malware is running in that protected mode, your antivirus software can’t see it, you can’t see it, you can’t terminate it. And what it means is that product is covered by the DMCA which increasingly are products that like speed down the highway at 100 miles an hour with your body trapped inside of them become reservoirs of long lived vulnerabilities that have the potential to be used against you both by like griefers and also by criminals.
Slashdot: Cars are going to get more autonomous. It's going to be the norm before long.
Cory: Sure, I mean but we're already there, right? You know people who do subprime auto lending put ignition overrides on their cars so they can repo them, and we've seen people break into the systems of car dealerships and immobilize every car they ever sold, right, because they can, just for pure griefing. So we're already – like this is a point that I really want to stress. You don't have to wait until we're all dressed like extras from Tron, right, before like we live in a world made of computers where the DMCA is a bad idea. You live in that world today. If you have an implanted pacemaker you need to go watch this video from the University of Michigan where they tunnel in through the wireless interface, attach a pacemaker to a piece of bacon and then cook the bacon. And then you need to look at the filings in this year's copyright office exemptions hearings, where they hear petitions for exemptions to the DMCA where they have medical researchers saying we're not allowed to tell you, we know about flaws galore like this one and worse in implanted insulin pumps and morphine pumps, in hospital equipment. One of the researchers said in fields where my counsel has told me I may not even tell you what field I'm working in because that itself will attract so much liability that I'm not even going to tell you, right. And he's petitioning for an exemption. And we know about these vulnerabilities and we can't tell you about them. And so, you know, you and the people around you are already dependent for life and limb on the discovery and patching of vulnerabilities in these systems and we have a law on the books that is totally unfit for purpose that in order to make sure that you don't rip your DVDs has made it a crime to tell you about the bugs in your systems.
Slashdot: It's like a small but just as blocking instance of things like National Security matters, if you can’t tell someone even what the topic is.
Cory: That's right, I mean, you know, there's really only one process we have for discovering and patching software vulnerabilities and that's disclosure, right. Security is a process and not a product because there's no provable security, there's only peer review and without adversarial peer review, without people who actually don't like you reviewing your material, people who have no stake in being easy on you, then your vulnerabilities will last longer.
Slashdot: And if manifesting the knowledge of a problem and disclosing and sending it along, that becomes a crime, people can use it to keep down competition.
Cory: That's exactly right. Yeah.
Slashdot: Right now the EFF is actually actively working to fix some of these provisions. I would like to see the whole DMCA repealed personally, but these provisions seem especially bad, if people are interested in that aspect, what should they learn if
Cory: So, we've got some big announcements coming, we hope, this summer. There is a lawsuit that we're hoping will be brought against one of our clients, and that when it is brought, we believe that the facts around our client's violations of the DMCA or alleged violations of the DMCA will be well situated to overturn Section 1201. But it's going to be a long process. It will be maybe a decade of delaying tactics and appeals and more appeals. And during that time, if you're a technologist and you're thinking about this stuff, one way that you can help is by doing a calculated risk benefit analysis where you say there's lots of businesses that nobody's allowed to go into because of the DMCA.
If I went into them and EFF was upheld, my business would also be legal. Is it worth taking the risk, like Uber and Airbnb have done, that the law will come out my way in order to do that? And there's lots and lots of opportunities that DRM have made possible. We want to see a robust marketplace of tools that enable otherwise lawful functionality in the field, not least because we think that it will help our case because it will help judges see that the sky doesn't fall when people start circumventing.
I mean a good analogy is to the VCR. In 1976, when the VCR was invented, people who claimed the VCR would destroy the film industry and people who said that the film industry would adapt to it, they were all speaking on the basis of ideological prediction. But by 1984, when the Supreme Courts ruled on it, there were 6 million VCRs in the field. Every judge had seen a movie on a VCR. They drove past video rental stores to get to the court and the judges like just didn't take seriously the idea that VCRs were an existential threat to the film industry. So, we need that equivalent. We need to see those technologies in the field so that judges can come to appreciate that they're not scary illegitimate technologies, that they're part of a long tradition of people making third-party technologies that add on to your lawful property to let you do more lawful things with it.
Slashdot: Besides which in other countries that don’t face the same restrictions.
Cory: Well, in most countries, they do, unfortunately. The U.S. Trade Representative has really arm-twisted most of the countries that America trades with in the world into adopting their own versions, but again, if there are lots of businesses in America that are ignoring that law, then that sets up every one of those countries to repeal their own because there's activist groups like EFF in all those countries and there's industry groups that would really like to see those laws overturned.
And one thing we've seen with the striking down of Section 215 of Patriot Act with the SOPA fight, with the net neutrality fight is that while in most cases, policy outcomes can be predicted by who's spending the most money, that when activists and industry are on one side of an issue and another industry is on the other side of the issue, then you can't handicap it, that activists are wild cards when they're on the same side as industry.
And so, in all of those territories, we think that there's good scope to have their own versions of the DMCA knocked out as well on the basis of firms in America, where people are making money by giving people the products that they want. And you know, honestly, like what more could you ask for than a political cause that allows you to rescue technology from security oblivion by starting businesses that sell people stuff they want?
Re: (Score:3)
"Due to management-imposed restraints on video lengths, we broke the ~10 minute interview into two parts,"
Re: (Score:2)
Well, apologies for not spotting that. I allowed my automatic assumption that there was no possible good reason for doing this to lead me to not checking the text.
That said, I still can't see any good reason for doing this. "Management-imposed restraints" could mean anything. Does "management" think two 5 minute videos costs less in bandwidth than one 10 minute video?
Was "management" perhaps previously in charge of disposable razor marketing [theonion.com]?
Re: (Score:2)
That said, I still can't see any good reason for doing this. "Management-imposed restraints" could mean anything.
Well, "management-imposed restraints" doesn't actually answer the question of why, so your question wasn't unreasonable.
Based on the trajectory of Slashdot after the Dice takeover, though, presumably the real answer for "why" is "because our managers are total morons."
Re: (Score:2)
Rob answered above. Spreadsheet-based managers say "Average view is 3 minutes".
Re: (Score:2)
Spreadsheet-based managers say "Average view is 3 minutes".
What use is that statistic? So the average view is 3 minutes. Why does that mean videos shouldn't be over X minutes long?
Is it to stop the staff wasting time shooting and editing videos that are too long? If so, that idea hasn't worked at all, because we've still got 10 minutes of video to go with this article, just pointlessly broken up into two videos.
Re: (Score:2)
windows 3.11 for work groups could only record 30 seconds worth of music in pcm format with the built in tools.
Re: (Score:3)
Re:Why two videos? For the love of dog, why?! (Score:5, Informative)
Tim just put the "let's have the ability to attach two or more HTML5 video to one text block" on the developers' work request list. It'll happen. When? Um.... "Soon." This is yet another case where the people who actually work on the site agree with readers -- which we do 90% of the time. Believe it or not, our management is gradually learning that the people who work on the site know a thing or two. The Beta debacle was great training for them. Gawd, that thing was awful...
As for video length restrictions: A spreadsheet manager looks at video costs and sees that a majority of people jump off of a video within 3 minutes. So, asks the spreadsheet manager, why would we ever want to have longer videos? Reality = people not interested in that video or topic watch 3 minutes, while people interested in the topic or interviewee stick around for 10, 15, 30, even 60 minutes. What Tim and I want is 3-minute (or so) summary videos for the uninterested, followed by full-length ones for those who are interested. At least, when the topic is interesting to at least some readers, we now can (and generally do) provide a transcript that covers the full, uncut video interview for you.
Believe me, we appreciate questions and criticism. We read what you have to say. Like about the cartoon-balloon m,ain page comment counts. I can't say that I personally care much about them one way or another, but I think Tim or one of the other guys brought them up in a meeting to which I was not invited -- because I rarely am since I'm retired and I just work part-time editing /. videos for hourly pay to supplement my Social Security. Thinking of which, I have some howto videos to edit for another site, so I'd better break off here and go do that.
Re: (Score:2)
Re: (Score:1)
"Due to management-imposed restraints on video lengths, we broke the ~10 minute interview into two parts,"
Wait, this site has management?
Re: Why two videos? For the love of dog, why?! (Score:1)
Re: (Score:2)
I am not in love with Slashdot on Android. "It needs work," is a gentle way to say what I think of it.
I don't see the transcript on my phone, either. Thanks for reminding me about that. I'll pass it up the chain.
Re: (Score:1)
* purposefully excluding the fact that copyright infringement =/= theft legally, and the opinion that the t
Re: (Score:1)
No, two new videos! That's got to be twice as good!
The honest version (Score:5, Informative)
The honest version of the answer to that would be very short. "We lost."
Re: (Score:2)
It's not censorship if it's done by private companies.
citation needed.
Every definition I have read has nothing on where the SOURCE of the action is, just on the ACTION itself. Censorship is not about who does it, but that there is an editing, a repressing of opinion - some cases, like private companies editing their journalists (to various extends) are fine, but that's not a matter of "censorship" versus "not censorship," but a question of "acceptable censoring" versus "unacceptable censoring."
Re: (Score:1)
I gave up on it long ago, the Boing Boing Nazis censor the living crap out of anyone who doesn't worship them and agree with everything they say. I'm fairly left leaning, and they make me look like [insert conservative nutjob], people like Xeni Jardin and her pretentious bs make me barf.
Only men can be sexist (Score:4, Insightful)
Fuck off bellend.
Re: (Score:1)
Yea Cory is a tool. Makes it hard to take anything he says seriously.
Re: (Score:1)
Can't stand him, Xeni Jardin and their pack of 'if you aren't on board with everything we say, you're a fascist' aholes.
Re: (Score:1)
Re: (Score:1)
I was wondering how they expected us to pronounce such long sequences of consonants. Of course, even the part that's left is wrong -- alveolar trills are not a part of English.
For those of us familiar with X-SAMPA, I might render it /'kAr\i 'dAk.tr\=.oU/.
Efram (Score:1)
Re: (Score:1)
Fuck him and his simpering SJW fan club who will breathlesssly suck up anything this fucking asswipe has to say.
Oh, if only I had mod points, they'd be yours. Fuck Cory Doctorow, that fucking poser pukebag.
Fuck Cory Doctorow (Score:1)