You may recall Judge Beryl Howell, the former RIAA lobbyist who helped author the DMCA, and also went against a very large number of other judges dealing with copyright trolling lawsuits by ruling that it was perfectly fine to lump over 1,000 John Doe defendants into a single lawsuit and then get discovery on them for the purpose of shaking them down for payment. While so many other courts have ruled that such lumping together is an abuse of the legal system in misjoining unrelated parties, Howell not only stuck to her guns, but then proceeded to blame ISPs for copyright trolls, suggesting that if they just did more to crack down on infringing, trolls wouldn’t be a problem.

What you may not remember is that the key case in which Howell did this happens to be a case involving… you guessed it… AF Holdings and its “law firm” Prenda Law. Oh, and the “copyright assignment” that AF Holdings is using for this case was one of those supposedly signed by… Alan Cooper. While Judge Howell may be well served to pay attention to Judge Otis Wright in California and his actual investigation into Prenda/AF Holdings/Alan Cooper, the case is out of her hands for now, as the various ISPs who have the info in this particular case have appealed Howell’s ruling and the EFF, ACLU, Public Citizen and Public Knowledge have stepped in as well with additional arguments in an amicus brief.

Both briefs are well worth reading, though you might be surprised that the amicus brief is probably the more reserved of the two. The ISPs who took part include: Bright House, Cox, Verizon, AT&T and Comcast — with most of them (Verizon and Comcast being the exceptions) not even providing service in the jurisdiction of the district court: Washington DC. Comcast joining in is interesting, given that they own NBC, but we’ll leave that aside for now. To put it mildly, the ISPs think the appeals court should put an end to these kinds of cases, noting that a majority of other courts have refused to allow joinder on so many defendants, and have blocked the discovery process. It points out, of course, that these cases are almost never taken to court, but are usually just used to reveal names and then offer settlement demands. Specifically, they feel that Howell made a pretty big legal mistake, in that a showing of “good cause” is required for discovery, and Howell ignored that.

The district court’s conclusion that rules governing personal jurisdiction and
venue provide no impediment to pre-Rule 26 discovery of the ISPs is legal error.
A showing of “good cause,” which is required for discovery ostensibly intended to
identify defendants, requires an evaluation of whether the information sought from
the ISPs would be used to name and serve defendants in the forum. See, e.g.,
Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 352-53 & n.17 (1978) (where
“the purpose of a discovery request is to gather information for use in proceedings
other than the pending suit, discovery properly is denied”). The Copyright Act and
the District of Columbia’s long-arm statute limit the court’s reach to defendants
who reside in the district. And the uncontroverted evidence before the district
court showed that few, if any, of the targeted Internet subscribers reside in the
District of Columbia—as publicly available geolocation software used by
Plaintiff’s counsel in other cases confirms. The district court’s decision to defer
any consideration of personal jurisdiction or venue until after the subscribers’
personal information had been disclosed to Plaintiff requires reversal.

The court’s decision to permit discovery of the ISPs before deciding whether
the 1,000-plus “Does” are misjoined provides an additional basis for reversal.
Plaintiff, by routinely declining to name and serve defendants after obtaining the
subscribers’ personal information, virtually ensures that Rule 20’s requirements for
joinder will go unaddressed if not evaluated at the outset. And as a growing
majority of courts have concluded, deferring a ruling on joinder deprives the courts
of filing fees and encourages a proliferation of improperly coercive lawsuits.
Given the groundswell of published opinions that disagree with the lower court and
have severed or dismissed non-resident “Does” or all Does except for “Doe No. 1,”
deferring a ruling on joinder in a suit that seeks nationwide subscriber information
also encourages forum shopping—as the record here shows persuasively.

The ISPs also, quite reasonably, point out that if mass joinder and discovery is allowed in this case, the trolls will descend on the DC Circuit courts in a mass forum shopping situation:

The record
reflects that Plaintiff’s counsel’s cases have migrated across the country, with the
venues selected, not by the locus of the parties or situs of harm, but based on
counsel’s perceptions of which forum is most likely to authorize the greatest
discovery, at the lowest cost, with the least judicial oversight.

The specter of intra-district, judge-specific shopping in Plaintiff’s counsel’s
cases further underscores the problem with the lower court’s approach. The ISPs
raised below Plaintiff’s counsel’s practice of filing complaints and dismissing them
vel non based on the judicial assignment—only to re-file in another court. When presented with the same facts, Judge Wilkins quoted with approval Judge Huvelle’s finding: “Plaintiff’s actions a[re] akin to ‘judge
shopping.’… This Court could not agree more.” …

The ISPs respectfully submit that the district courts in this Circuit should not
be the destination for 1,000-plus Doe cases that are brought primarily to compile
mailing lists—not to adjudicate actual cases or controversies.

The ISPs also go through, in detail, the accusations against Team Prenda, and the claims of Alan Cooper. As it notes:

AF Holdings and its counsel owe a duty of candor to the Court, and a duty of
fairness to appellants…. The serious issues concerning attorney misconduct and potentially forged
documents were not identified for the court below; they necessarily affect the
“good cause” analysis and provide an alternative basis for reversal to address the
evidence now being considered in the pending disciplinary proceedings in the
Central District of California.

The EFF/ACLU/PK/PC filing is more focused on the specific errors in Howell’s ruling, concerning the “good faith” standard for discovery and the mass joinder of over 1,000 people. They also point out the jurisdiction problems of the defendants who are clearly outside the jurisdiction of a DC court — and the fact that these cases rarely end up in actual lawsuits means that the question of proper venue will not be “cured” later. Finally, the brief argues that Howell ignored key First Amendment issues concerning revealing anonymous internet users, and the higher standard for them to be revealed. This argument wasn’t made by the ISPs, so we’ll focus on that one here. It points to the key Dendrite standard we’ve discussed many times before concerning the revealing of anonymous users. This does not mean that you cannot identify those accused of copyright infringement, but rather that you can’t go on a random fishing expedition to get names, as many copyright trolls have done.

Specifically, in a series of cases beginning with Dendrite Int’l, Inc. v. Doe
No. 3, 775 A.2d 756, 760-61, 342 N.J. Super. 134 (App. Div. 2001), courts have
adopted a balancing standard to assess requests for early discovery to identify
anonymous online speakers that protects the right to speak anonymously while at
the same time ensuring that plaintiffs who have valid claims are able to pursue
them. Without such a standard, abusive plaintiffs could too easily use extrajudicial
means against defendants from whom they could not, in the end, obtain judicial
redress. See Levy, Litigating Civil Subpoenas to Identify Anonymous Internet
Speakers, 37 Litigation No. 3 (Spring 2011).

The use of BitTorrent to select and share movies is expressive and,
therefore, protected by the First Amendment. Call of the Wild Movie, 770 F. Supp.
2d at 350 (“[F]ile-sharers are engaged in expressive activity, on some level, when
they share files on BitTorrent, and their First Amendment rights must be
considered before the Court allows the plaintiffs to override the putative
defendants’ anonymity.”).

Although the expressive aspect of the conduct alleged here – the posting of
copyrighted movies to BitTorrent – is somewhat minimal, that does not mean that
discovery to identify the anonymous user without adequate initial evidence that
individual Doe Defendants committed the alleged infringement. The weakness of
AF Holdings’ assertions of personal jurisdiction and proper joinder means that
First Amendment concerns weigh more strongly here in favor of quashing the
subpoenas. Certainly it was not appropriate for the district court to ignore the
question altogether.

It will be interesting not only to see how the appeals court deals with it… but also Prenda’s argument, since they seem to be getting more and more wacky lately.

Permalink | Comments | Email This Story

You may have heard about a fair bit about Attorney General Eric Holder testifying before the House Judiciary Committee on Wednesday morning. He was — quite reasonably — raked over the coals by members of both parties for the incredible decision to obtain phone records from AP reporters, under very questionable circumstances.

There was one other odd tidbit that might be worth discussing around here as well. Suddenly, in the middle of all the questions about the Associated Press, Rep. Mel Watt — who, during the SOPA markup famously declared that he didn’t understand the technology, or why tech people were concerned, but also that he didn’t care and wanted to pass SOPA without bothering to understand — started asking questions about copyright and “enforcement.” Yes, Mel Watt is the ranking member on the IP subcommittee (scary enough in its own right), but it seemed completely off topic.

Most of the coverage on Watt’s questioning has focused on the fact that he did most of his questioning with his two-year-old grandson on his lap, who interrupts the questioning at one point. But the questions were ridiculous, as were the answers, and deserve some scrutiny. First, despite it being soundly rejected when SOPA went down in flames, Watt asks Holder if Congress should make online streaming of infringing material a felony, rather than the misdemeanor that it currently is. There are all sorts of problems with this idea, as we’ve discussed in the past, but Holder embraced the idea wholeheartedly, saying that the Justice Department would love to have “another tool,” ignoring just how widely the DOJ has abused existing tools to shut down legitimate companies and websites.

And then Watt directly asks about a connection to terrorism:

Watt: Are there increasing indications of links between this problem and terrorism? Have you found any of those links and would you describe them for the committee?

Holder: Yes, that’s a very good question. It’s something that’s very worrisome. As we saw organized crime get into a variety of other businesses in order to support their efforts, we’re now seeing terrorist groups getting into the theft of intellectual property. Again, to generate money to support what they’re trying to do for their terrorist means. So we have to broaden our enforcement efforts, broaden the investigative efforts that we take, to examine what are the precise reasons why people are engaging in this kind of intellectual property thievery. And to consider whether or not there’s a terrorist connection to it. This is a relatively new phenomenon, but one we have to be aware of.

Watt then asks about things that Congress can do to help, and Holder says he’s “particularly concerned” about this problem, and he asks for “enhanced penalties” for “intellectual property theft.”

That all sounds very interesting. And it might be, if there were any truth to it at all. Unfortunately, there’s not. We’ve yet to see a single piece of evidence supporting the idea that terrorists are involved in infringement. The claim has been around for years, and we’ve asked for evidence for years, and none has ever been provided. Because it doesn’t exist. Researcher Joe Karaganis looked into the issue a few years ago and found that there were some very vague reports of organized crime being involved in counterfeit CDs/DVDs in the 80s and 90s. But that was small and short-lived — in large part because online infringement basically made that business obsolete:

Arguing that piracy is integral to such networks [organized crime and terrorism] means ignoring the dramatic changes in the technology and organizational structure of the pirate market over the past decade. By necessity, evidentiary standards become very loose. Decades-old stories are recycled as proof of contemporary terrorist connections, anecdotes stand in as evidence of wider systemic linkages, and the threshold for what counts as organized crime is set very low. The RAND study, which reprises and builds on earlier IFPI and Interpol reporting, is constructed almost entirely around such practices. Prominent stories about IRA involvement in movie piracy and Hezbollah involvement in DVD and software piracy date, respectively, to the 1980s and 1990s. Street vendor networks in Mexico City–a subject we treat at length in the Mexico chapter–are mischaracterized as criminal gangs connected with the drug trade. Piracy in Russia is attributed to criminal mafias rather than to the chronically porous boundary between licit and illicit enterprise. The Pakistani criminal gang D-Company, far from “forging a clear pirate monopoly” in Bollywood, in RAND’s words, plays a small and diminishing part in Indian DVD piracy–its smuggling networks dwarfed by local production.

The US record isn’t more convincing in this regard. Jeffrey McIllwain examined the Department of Justice’s IP-related prosecutions between 2000 and 2004 and found that only 49 out of the 105 cases alleged that the defendant operated within larger, organized networks. Nearly all of these were “warez” distribution groups for pirated software–hacker communities that are explicitly and often fiercely non-commercial in orientation. McIllwain found “no overt references to professional organized crime groups” in any of the DOJ’s criminal charges (McIllwain 2005:27). If organized crime is a serious problem in these contexts, it should not be difficult to produce a stronger evidentiary record.

In other words, Rep. Mel Watt, a well known supporter of Hollywood’s position on copyright, tossed a bogus softball FUD talking point to Eric Holder in the middle of an important hearing about a very different subject, and Holder proceeded to make claims to Congress that have been made for decades without a single bit of evidence to support it.

Holder has plenty of other serious issues to deal with these days, but it makes me incredibly uncomfortable to see our Attorney General appear to be spreading known scare stories that have been proven bogus from decades ago as if they’re new, despite a single bit of evidence concerning any modern connection to terrorism.

Permalink | Comments | Email This Story

Once the UK recording industry realized that UK courts would order ISPs to block websites it didn’t like, it appears that the industry, led by BPI and PPL began putting together a list of over two dozen sites that they’re asking to have blocked by all UK ISPs, even though many of the sites on the list have never been tried in a court of law or convicted of copyright infringement. Included on the list, for example, is Grooveshark, who has been sued, but has not yet been found to violate copyright laws. It may very well be true that there is infringement on many, if not all of those sites. But, generally speaking, there’s this thing called due process that allows a site to defend itself before being censored from an entire country. Just because a site has some infringing content does not mean that the entire site should be blocked — or you’d have absolutely no user generated content sites online, because the liability would be too high. The UK courts started down this slippery slope by allowing sites to be blocked, and now the record labels are just going to keep piling the list higher and higher.

Permalink | Comments | Email This Story

Although New Zealand’s decision not to allow patents for programs “as such” was welcome, other moves there have been more problematic. For example, after it became clear that the New Zealand intelligence service, the Government Communications Security Bureau (GCSB), illegally wiretapped and spied on Kim Dotcom, the New Zealand government announced that it would change the law so as to make it legal in the future to snoop on New Zealanders as well as on foreigners. Judging by a major new bill that has been unveiled, that was just the start of a thoroughgoing plan to put in place the capability to spy on every New Zealander’s Internet activity at any moment.

Here’s an excellent analysis of what the bill proposes, from Thomas Beagle, co-founder of the New Zealand digital rights organization Tech Liberty:

The TICS [Telecommunications (Interception Capability and Security)] Bill is a replacement for the Telecommunications (Interception Capability) Act 2004. This law forced communications providers (ISPs, telcos, data networks, etc) to provide “lawful intercept” capabilities so that the Police, SIS and GCSB could access communications once they had a suitable warrant. The new bill expands and clarifies these requirements.

However, the addition of the word “security” is the key to what has changed. The new bill now gives the GCSB sweeping powers of oversight and control over the design, deployment and operation of all data and telecommunications networks run by network providers in New Zealand. The stated reasons are to both protect New Zealand’s infrastructure and to ensure that surveillance agencies can spy on traffic when required. As part of this, the GCSB will have the power to stop network providers from reselling overseas services that do not provide these capabilities.

As Beagle goes on to explain, this will have a number of implications, including a requirement to build backdoors into all telecoms networks:

From the Bill:

A network operator must ensure that every public telecommunications network that the operator owns, controls, or operates, and every telecommunications service that the operator provides in New Zealand, has full interception capability.

Note that the surveillance agencies still need to have a legally issued warrant (under the Search & Surveillance Act, NZ SIS Act, or GCSB Act) to actually intercept any communications and there are obligations to avoid capturing communications that are not covered by the warrant.

Here’s one way that could dramatically impact Internet users in New Zealand:

It then goes on to give the Minister the power to ban the resale of an off-shore telecommunications service in New Zealand if it does not provide interception capabilities. This could stop the resale of foreign-hosted VPNs, instant message services, email, etc.

Another clause could have major implications for Megaupload:

Network operators must decrypt the intercepted communications if they have provided the encryption, but there is no obligation to do so if the encryption is provided by others.

What does this mean for providers such as Mega (file locker) or LastPass (password storage) who have a business model based on the fact that they supply a cloud product that uses encryption but have deliberately designed it so that they can not decrypt the files themselves? This gives users the assurance that they can trust them with their data. Will the government close them down unless they provide a backdoor into the system?

One deeply troubling aspect is the following:

There is also a provision that allows the courts to receive classified information in a court case in the absence of the defendant or the defendant’s lawyer. This applies to information that might reveal details of the interception methods used by the surveillance agency or is about particular operations in relation to any of the functions of the surveillance agency, or is provided as secret information from the surveillance agencies of another country. It can also be used if that disclosure would prejudice security of NZ, prejudice the maintenance of law, or endanger the safety of any person.

As Beagle notes:

particularly offensive to civil liberties are the provisions for convicting people based on secret evidence. How can you defend yourself fairly when you can’t even find out the evidence presented against you?

He concludes with an important point:

One must ask where the justification for this expansion of power is coming from. Has New Zealand already been materially affected by attacks on our communications infrastructure? It seems clear that while the GCSB may not be that competent at exercising the powers they already have, they have done a fine job of convincing the government that they can handle a lot more.

That’s a question that needs to be put to the governments of other countries, like the US and UK, that are also seeking to extend massively their ability to spy on their own citizens. What evidence do they have that such extreme, liberty-threatening powers are actually necessary, and will make the public safer, rather than simply being a convenient way for governments to identify whistleblowers who expose their incompetence and corruption, say, or to spy on those who dare to oppose them?

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

The New Yorker has announced a new anonymous document sharing system called Strongbox, that will allow people to anonymously and securely submit documents to reporters from the New Yorker. Other publications have tried to set up something like this — often inspired by Wikileaks — but for the most part, they’ve been full of security holes, sometimes big and serious ones. What may be more interesting than the fact that this system is being set up is the story behind it. It’s based on DeadDrop, an open source system that was put together by Aaron Swartz and Kevin Poulsen.

Poulsen has the backstory of DeadDrop here, which is well worth reading. Basically, he and Aaron worked on this project on and off for quite some time, and it was only just completed a few weeks before Aaron’s death. The full story is worth reading, though here’s a snippet:

I wondered about this young tech-startup founder who put his energy into the debate over corporate-friendly copyright term extensions. That, and his co-creation of an anonymity project called Tor2Web, is what I had in mind when I approached him with the secure-submission notion. He agreed to do it with the understanding that the code would be open-source—licensed to allow anyone to use it freely—when we launched the system.

He started coding immediately, while I set out to get the necessary servers and bandwidth at Conde Nast. The security model required that the system be under the company’s physical control, but with its own, segregated infrastructure. Requisitioning was involved. Executives had questions. Lawyers had more questions.

Poulsen also notes that there were questions raised about the code after Aaron’s death, but those were eventually sorted out:

By December, 2012, Aaron’s code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death. A launch, like so many things, was secondary. His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.) The New Yorker, which has a long history of strong investigative work, emerged as the right first home for the system.

Of course, Poulsen leaves out his own history here as well. As (perhaps?) many of you know, Poulsen was a somewhat infamous hacker back in the day who eventually (after avoiding law enforcement for quite some time) went to prison for some of his hacks. Since then, he’s become one of my favorite journalists, writing for SecurityFocus and then Wired (and writing a wonderful book, Kingpin about some more recent hackers). While Poulsen and Swartz met long before Swartz was indicted — and Swartz and Poulsen were indicted for very different types of activities — having the two of them work together on a project like this is really quite fascinating.

The unfortunate part of all of this, of course, is that DeadDrop is basically Aaron’s “final project.” Given how much he accomplished prior to that in his short life, it’s just one more thing to add to a very long list of incredible accomplishments, but yet another reminder of how much potential was wiped away by his suicide.

Permalink | Comments | Email This Story