Author: James Grimmelmann

1

Obstructionism, Roman-Style

Cato the Younger made his name by tirelessly advertising his high personal morals. His public career as a senator and tribune of the Roman republic was distinguished by a use of obstructionist tactics whose mixture of pig-headed stubbornness and improvisation may sound humorously familiar to modern Congress-watchers. Here are some highlights, based on Adrian Goldsworthy’s fantastic biography of Julius Caesar, Cato’s principal political enemy.

Cato was a filibusterer par excellence. The rules of debate in the Roman senate forbade cutting off a speaker. When asked his opinion on an issue he opposed, Cato gave it, and gave it, and gave it, talking all day, without notes, until the Senate would adjourn with the issue unresolved. Most notably, in 59 BC, Cato so infuriated Caesar by trying to run out the clock on a land-reform bill that Caesar simply ordered him jailed. It was a (short-lived) political triumph for Cato: one senator walked out, saying he’d rather join Cato in prison than remain with Caesar, and Cato was rapidly released.

In 62 BC, while serving as tribune, Cato used his veto powers to block another bill being proposed by Quintus Metellus Nepos with Caesar’s support. As Goldsworthy describes it:

Nepos ordered a clerk to read the bill aloud. Cato used his veto to forbid this, and when Nepos himself took up the document and started to read, he snatched it from his hands. Knowing the text by heart, [Nepos] then began to recite it, until [Cato’s ally] Thermius slapped his hand over his mouth to stop him.

A riot ensued, again embarrassing Cato’s political enemies. But not everything he did to embarrass Caesar worked out so well. During a critical debate over how to punish the Catiline conspirators, a note was brought in and handed to Caesar. Cato, who was speaking, proclaimed that it must be a secret communication from those conspirators still at large. When Cato demanded that the note be read aloud, Caesar instead passed it to Cato. It turned out to be a love letter from Cato’s half-sister.

You can keep your blood-drenched fictionalizations; good legislative floor fights are timeless.

3

The Privacy Virus

I’ve been thinking recently about social networking services and privacy. Certainly, they raise profiling and investigation concerns that seem quite familiar from debates about ISP and search engine surveillance. I’m becoming increasingly convinced, however, that they also present some quite distinctively social privacy issues. The flow of information within a Facebook or a LiveJournal both is deeply embedded in a particular set of social relationships and also regularly defies the expectations of the participants in those relationships. Hilarity, or rather privacy trouble, regularly ensues.

One of things I did when starting to ponder these privacy problems was to make a list of the ways in which social networking services encourage users to supply personal information. There are actually quite a few. Here’s an incomplete list:

  • Explicit appeals to reciprocity: If someone tries to add you as a friend, it seems impolite to refuse.
  • Implicit appeals to reciprocity: If friends have pictures on their pages, you’re spurning their social advances if you don’t have pictures on your page.
  • Norming the network as “private” space: Facebook started on a college campus; people use it in ways that recreate the informality of students scribbling jokes on whiteboards posted to each others’ dorm-room doors.
  • Norming the network as “safe” space: It’s hard to estimate the risk that releasing a little private information now will bite you later, so we use our peers’ actions as a heuristic to tell us whether it’s safe to speak freely here. If they share, you share.
  • Creating a barter economy in personal information: By affiliating with new groups and adding more friends, you decrease the distance between you and others. That means more access: it opens up more profiles to your inspection (and vice-versa).
  • Encouraging status competition: Facebook helpfully lists how many friends your friends have; can you blame Robert Scoble for wanting to have more than 5,000?

I could go on, but have you noticed the common pattern? All of these mechanisms use other people’s personal information to convince you to supply more of your own. Facebook is a privacy virus: an organism that reproduces itself within a social network by convincing infected hosts to use their own replication mechanisms to spread it to others. And the way it gets past our privacy defense mechanisms is to turn them against us: social network service interactions have almost all the indicia we look for in reassuring ourselves that we’re in a private setting, rather than out in public.

1

Summer Reading Rave: C.J. Sansom

Summer means different things to different people. For academics, the end of grading means a new opportunity for pleasure reading. My beach-reading recommendation for the relaxing law professor is C.J. Sansom’s historical mysteries: Dissolution, Dark Fire, Sovereign, and Revelation.

The novels are set in the latter part of Henry VIII’s reign, after the break from Rome. It’s a world of religious reformation, enormous new wealth, painful social dislocations, and ugly corruption. The protagonist, Matthew Shardlake, is a reform-minded protestant, a skilled lawyer, and a sour-tempered “crookback.” He starts in the service of Henry’s chief minister, Thomas Cromwell, but the dark deeds he witnesses lead Shardlake to try to pull a Jack Goldsmith: to return to private life while keeping both his principles and his loyalties intact.

The first great pleasure of the Shardlake mysteries is that they do excellently what any mystery should do: take the reader inside the distinctive forms of corruption of a particular time and place. Shardlake is caught up in conspiracies that pit bad people against worse ones. There’re money and power everywhere for the taking, and Shardlake faces some especially unscrupulous attempts to seize both. Sansom is particularly good at working the old multiple-plots magic: more than one person is up to something, and part of the fun is trying to figure out which crime a given clue relates to.

Even better, though, is Sansom’s treatment of Shardlake himself. He’s a wholly credible lawyer. The cases he handles ring true with what I know of Tudor legal history (this is especially telling, because it would have been all to easy to fudge the legal details). He also solves cases like a lawyer: splitting his time between careful book research and dogged cross-examination. Shardlake isn’t a Holmesian genius; he’s just a sharp, diligent lawyer who trudges back and forth from one witness to another, looking for inconsistencies and working them relentlessly. His physical deformity also contributes to his interestingly complex personality and narrative voice: cranky, a little self-pitying, and determined to look beyond appearances. The books are bleak affairs, but reading them is an absolute joy.

6

DRMbarassment for Us Law Professors?

In my first post about DeCSS, I gave the conventional law professor’s description of how it works, and then pointed out an obvious-in-hindsight problem with that description. In my second post, I delved (a little) deeper into the specifics of how DVDs work and showed how the explanatory hole can be plugged with some facts not normally in evidence. Along the way, we saw that the effectiveness of DVD anti-copying protections depends just as much on patent-enforced standards as it does on copyright and the DMCA.

Here are the results of some searches I ran on Lexis’s “US Law Reviews and Journals” database:

  • DVD and “title key”: 2 results, neither relevant
  • DVD and “disc key”: 0 results
  • DVD and “disk key”: 1 result, a student note (Peter Moore, Notes & Comments: Steal This Disk: Copy Protection, Consumers’ Rights, and the Digital Millennium Copyright Act, 97 Nw. U.L. Rev. 1437 (2003)), containing the following text in a footnote: “One might wonder why a DVD burner capable of copying the disk key table could not be produced. It is likely that the owners of patents on DVDs are very careful to ensure, with licenses, that such devices are not made.”
  • DVD and CSS and pressing: 34 results, only one of which distinguishes “pressing” from “burning.” That one, also by a student (Nika Aldrich, An Exploration of Rights Management Technologies Used in the Music Industry, 2007 B.C. Intell. Prop. & Tech. F. 624), points out, again in a footnote: “‘Burning’ compact discs actually requires a different technology than ‘pressing’ (replicating) discs, which is used in commercial manufacturing plants. ‘Burning’ involves putting the pits and lands on the disc by burning holes in a layer of substrate with a laser. In a ‘pressed’ disc the pits and lands are molded into the disc.’”
  • DVD and CSS and (press! w/p burn!): 18 results, the only one of which using the words in this sense is the same article from the previous search.
  • DVD and CSS and lead-in: 20 results, only one of which uses is talking about the location of CSS disc keys. That article—yet another student piece (Eric W. Young, Note: Universal City Studios Inc. v. Remeirdes: Promoting the Progress of Science and the Useful Arts by Demoting the Progress of Science and the Useful Arts?, 28 N. Ky. L. Rev. 847 (2001))—proceeds to assert: “These types of pirates do bitwise copies, which means that their pirate copies are precise duplicates of the originals, including the CSS encryption. The DVD player will notice no difference between such a copy and the original version. CSS cannot stop this kind of piracy.”
  • DVD and leadin: 0 results

But compare:

  • DVD and DMCA: 731 results
  • DeCSS: 390 results

This disproportion is not healthy. We’ve collectively spilled a lot of ink over DeCSS. One might think it worthwhile to make sure that CSS actually matters, first. It does, but that fact is not at all obvious from the conventional stories. Even the exercise I’ve gone through here is itself a fairly half-assed effort. Bruce caught an important fact I didn’t get quite right. Just in doing the research for this series of posts I’ve learned all sorts of things that seem awfully relevant to any careful analysis of the role of law in controlling the distribution of media on shiny discs, and I’ve barely even scratched the surface, so to speak.

We law professors who regularly opine on high technology are often dangerously blasé about the details of the technology we’re opining on. We get caught up in the minutiae of 1201(a)(1) versus 1201(a)(2) versus 1201(b), and we don’t pay anywhere near as much attention to the surrounding web of other kinds of IP, business arrangements, and especially technical specifications as we ought to. Consider these posts another plea for better interdisciplinarity. Our students are doing a better job of it than we are.

4

The De-Pressing Truth About DVDs

Yesterday, I told a simplistic story about DeCSS—indeed, the self-same simplistic story about DeCSS that I told my classes this year, and that I suspect a lot of other professors tell their classes—and asked what was wrong with it. The way I put it, if DeCSS really is about preventing only decryption of DVDs, what’s to stop pirates from simply making copies of discs in their encrypted forms? The story simply doesn’t make sense without some additional fact.

Sarah L. (“[T]he CSS disk’s descrambling keys are in sectors that aren’t copied when you make a copy of the disk using a noncompliant player.”) and Bruce Boyden (“[T]he whole scheme depends on licensed drives, which must play by the licensing rules.”) both had important parts of the answer, but what I was looking for is that it is physically impossible to produce CSS-encoded DVDs using home equipment. Sarah’s and Bruce’s points are both true, but even taken together, they wouldn’t explain why DVD Jon or someone else similarly disinclined to care about licensing doesn’t just write a program that writes the descrambling keys to the special sectors. They don’t because they can’t.

To decrypt a CSS-encrypted DVD, you actually need two kinds of keys. One is universal but nominally secret; it’s baked into every DVD player. This is the one that DVD Jon found. The other is different for every disc. But this second key isn’t really secret; it’s written out on the disc, plain as day for anyone to see, in a special “lead-in” sector. Ordinarily, your DVD player reads the public disc key, combines it with its own secret player key, and uses the two together to decrypt the disc contents.

Here’s the twist. There are two ways to make readable DVDs, and they use completely different technology. The large-scale industrial method is to “press” the DVD: that involves encoding the data as a series of tiny three-dimensional bumps on a mold used to stamp a corresponding pattern of pits into metal blanks, which are then encased in a layer of lacquer to make DVDs. This process, as you might imagine, has high fixed costs; the equipment alone will run you upwards of a million dollars. In contrast, the home method is to “burn” the DVD. Here, the blank disc comes from the factory prelacquered and containing an optically sensitive dye on the surface of the metal. Focus the right kind of laser on the dye and its transparency changes. From the perspective of the DVD player that will later read the disc’s patterns of opaque and transparent regions, the results are much the same as if the disc had pits and non-pits. Some areas reflect; others don’t. Ones and zeroes, more or less.

The trick that makes CSS “work” is that you can’t burn lead-in sectors. DVD-Rs (and DVD+Rs) come from the factory with the lead-in sectors zeroed out. Thus, a would-be pirate can easily read an entire encrypted disc, disc key and all, but can only burn back the data portion of the disc, without the disc key. The resulting disc is useless in a standard DVD player; there’s no disc key to be read, which means the player is at a loss in trying to decrypt it. While one could manufacture and distribute home-copied DVDs without having to bust CSS, those DVDs are only going to work on specially-coded software DVD players, not on the mass-produced home players most people have.

That’s why everything does in fact depend on CSS, and why DeCSS really is a big deal. It goes back to the control that the DVD cartel has over their hardware platform, specifically over the manufacturing format of blank media. And that control, in turn, is backed up by patent pools. Yes, you could in theory press (not burn) exact-copies of encrypted discs, or mass-produce your own non-standard blank DVD-Rs with writable lead-in areas, but to do either, you’d need some significant (and hard-to-move) capital, which makes you vulnerable if the cartel comes after you. It’s an ingenious technologico-legal trap.

Tomorrow: Some thoughts on the implications (including responses to comments).

14

The DRMperor’s New Clothes?

Like a good many law professors, I teach and write about digial rights management: the technological “locks” copyright owners use to keep people from getting at digital media without authorization. Exhibit A in any discussion of DRM is the DeCSS saga. CSS, the “Content Scramble System,” is the encryption system that keeps you, the home user, from watching DVDs without permission. The way it works is that some DVDs (the ones Hollywood cares about) come encrypted. The decryption key is stored in each and every DVD player, but manufacturers can’t get a license to make DVD players (and thereby get authorized access to the key) unless they sign an extensive license agreement with the DVD Copy Control Association. By obvious linguistic principles, DeCSS is the thing that makes CSS not do its thing. In particular, a Norwegian teen (fun fact: seven of the first ten Google hits for “Norwegian teen” are about him), frustrated at the lack of software DVD players that run on the open-source operating system Linux, wrote a program that decrypts CSS-protected DVDs. The idea is that one could then take the unencrypted version from your computer, burn it to a blank DVD, and then view the DVD on a Linux computer.

As normally told, this story illustrates all sorts of useful points. It shows how a classic DRM-based business model works: sell individual copies with DRM that keeps them from turning into lots of copies. It shows how painfully insecure such business models can be: DVD Jon was easily able to find the super-seekrit CSS decryption key in the code of a Windows DVD player (every DVD player in existence, after all, must contain a copy of the key). And it shows the might of the law descending with fury and malice in response: lawsuits under the Digital Millenium Copyright Act soon followed.

But there’s a gaping technological hole in this story. You see, CSS as I’ve described it above, tries to block one specific attack vector: copying an encrypted DVD onto a computer and decrypting it, then using the computer’s DVD burner to make a new, unencrypted DVD version. DeCSS opens up this attack again. But why would anyone bother with this slow, clumsy way of making copies? Why not just read the encrypted contents of the DVD onto the computer, keep the bits encrypted, and burn them back onto a new DVD in exactly the same form? You wind up with a new DVD, exactly identical to the old. And, of course, thanks to the convenient fact that every DVD player in existence has a copy of the decryption key, that new DVD is playable on any DVD player in existence.

In other words, CSS sounds like a gigantic dust-up over nothing. Would-be pirates already have a perfectly good way of making any number of perfect copies. Worrying about DeCSS, it would seem, is like worrying about the barn’s windows when the wide-open door is just gaping at you. Hasn’t the legal system—and by extension, the legal academy—just spent who knows how many hours on a massive intellectual boondoggle?

Thus, a question for the readership. What crucial fact is missing from the story above? I’ll post the answer tomorrow, along with some pointed observations about the implications.

6

Grand Theft Legal System

Last week’s release of Grand Theft Auto IV (actually somewhere between the sixth and ninth game in the series, depending on how you count) was big news in the gaming world (even if some observers questioned the suspiciously universal acclaim). Players cleared their calendars and in some cases emptied their wallets to play the latest installment in this series of open-ended games, which drop the player into a vast city of cars to steal, bystanders to gun down, insane stunt jumps to make, and real-life references to spot.

Among lawyers, the games may be best-known for the regular moral panics they induce over fears of copycat violence, and for attorney Jack Thompson’s increasingly bizarre crusade against them. We might also ask what kind of a legal world the GTA series envisions within its famously capacious in-game universe.

The series’s built-in attitude of rampant lawlessness—it’s named after a crime, after all—might suggest a kind of deliberate criminality. That’s certainly the interpretation that fuels the regular calls for the games to be banned. And yes, the plots typically chart the protagonist’s Scarface-style rise as he carries out errands both murderous and larcenous for an entertaining assortment mob bosses. This interactive representation of lawlessness—the player playing at the role of criminal—puts the Grand Theft Auto games squarely within the tradition of deliberate shockers like Postal.

But this may be an unduly harsh take, and not just because the claim that playing violent games leads to violence in meatspace rests on some dubitable social science. San Andreas may well show us the world as Holmes’s bad man would see it, but consider the lessons he’d learn from it. Crime doesn’t always pay. In fact, offhandedly casual offenses—driving on the sidewalk to circle around traffic, say, and in the process clipping a pedestrian—can put the police on your tail. And the aggresive things you do to try and shake them often wind up making matters worse. Before you know it, you have a six-star wanted rating, they’re sending in the black helicopters, you’re crouched in a doorframe, and there’s pretty much only one way this story can end. Exaggerated though the arc may be, it does illustrate some of the vicious circles trapping the poor, the desperate, and the criminal.

Or consider the in-game depictions of the legal system itself. Get arrested by the police, and you’re back on the streets within seconds—minus some bribe money. Call it an indictment of revolving-door-prison liberalism, or call it an indictment of police more interested in protecting their turf than in doing justice or confronting Liberty City’s very real problems. The lawyers don’t come across much better: Ken Rosenberg is a paranoid cokehead who asks our hero to fix a case by intimidating jurors.

One last thought. Given the games’ increasingly humongous alternate reality, how about building in a penal code? Grand Theft Auto’s legal geekery index would soar if every unlawful act were accompanied by a statement of exactly what crime the player had just committed. “Arson in the second degree!” “Involuntary manslaughter!” “Grand theft garbage truck!” For added fun, the crimes could be correlated with a set of sentencing guidelines, so that the in-game statistics screen would tally up precisely the number of years of imprisonment the protagonist deserved.