While the legal situation in the United States has been dominated by the
SCO case, many community members in Europe are more concerned by what is
happening on the legislative front. A couple of initiatives underway in
the European Parliament's Committee on Legal Affairs and the Internal
Market are worthy of attention - and activism.
The first of these, of course, is software patents. The Committee now
looks set to adopt the directive on software patents on
September 1. Opponents of software patents in Europe have been
working hard to raise awareness on the issue; protests on the net and in
Brussels happened on August 27. There is still time
to be heard on this issue and, perhaps, influence the outcome. It is worth
the effort; software patents are one American export that Europe can do
Patents are just the beginning, however.
Starting, seemingly, on September 11, the Committee will begin discussing a
directive "on measures and procedures to ensure the enforcement of
intellectual property rights." The full (54-page) text of the directive
can be downloaded from this
EU page. Two parts of this directive are cause for concern:
- Article 9 requires identification of anybody who, in the view of a
copyright holder, is "thought to infringe upon an intellectual
property right". This article, it is expected, will lead to the same
sort of "subpoena storm" currently being engaged in by the recording
industry in the U.S.
- Article 21 includes a (criminal) prohibition of "illegal technical
devices." This is, of course, a DMCA-style anti-circumvention law,
which will lead to DMCA-style problems.
For a much more detailed look at the draft directive, see this
analysis by the Foundation for Information Policy Research. This
analysis also notes that there is, apparently, still time to bring about
major changes to this draft. With luck - and suitable pressure on members
of the European Parliament - the worst features of this directive can be
eliminated before it ever comes to a serious vote.
Comments (2 posted)
[This article was contributed by Joe 'Zonker' Brockmeier]
The decision handed down by the California Supreme Court on Monday in
the DVD Copy Control Association v. Bunner case is being hailed
by many as a victory for the entertainment industry. In fact, the ruling
is far from a major victory for the DVD Copy Control Association. The
California Supreme Court has remanded the case back to the Court of
Appeal to "determine whether the evidence in the record supports the
factual findings necessary to establish that the preliminary injunction
was warranted under California's trade secret law."
For those not familiar with the case, the DVDCCA sued Andrew Bunner for
posting the DeCSS code posted by Jon Johansen. Johansen and others
reverse-engineered software created by Xing Technology corporation to
create the DeCSS package, which can decrypt DVDs for viewing. (Despite the
assertions that DeCSS is used for copying DVDs, the software is not
necessary to copy a DVD -- only to view it.) The trial court sided with
the DVDCCA and issued a preliminary injunction against Bunner, which was
later overturned by the Court of Appeals. Interestingly, Bunner's case
is still winding through the American court system while Johansen has
already been acquitted in Norway of charges of using DeCSS for illegal purposes.
The California high court's ruling had very little to do with the
specifics of the DeCSS code or whether CSS is a legitimate trade secret.
The court simply accepted the trial court's findings that CSS is a trade
secret, and ruled on the question of whether it is a violation of the
First Amendment to issue a preliminary injunction in the interests of
protecting a trade secret. The Court of Appeals had ruled that trade
secrets were not as important as First Amendment protections and lifted
the injunction against Andrew Bunner posting the DeCSS source code. The
California Supreme Court, however, disagreed that First Amendment
considerations trump the protection of trade secrets:
Our decision today is quite limited. We merely hold that the preliminary
injunction does not violate the free speech clauses of the United States
and California Constitutions, assuming the trial court properly
issued the injunction under California's trade secret law. On remand,
the Court of Appeal should determine the validity of this assumption.
So, the fight over DeCSS is far from over, which is good news. The bad
news is that the California Supreme Court doesn't see any value in the
DeCSS code in the continuing debate over the entertainment industry's
use of encryption. From page 22 of the decision:
Disclosure of this highly technical information adds nothing to the
public debate over the use of encryption software or the DVD industry's
efforts to limit unauthorized copying of movies on DVD's. And the
injunction does not hamper Bunner's ability to "discuss and debate"
these issues as he has in the past in both an educational, scientific,
philosophical and political context. Bunner does not explain, and we do
not see, how any speech addressing a matter of public concern is
inextricably intertwined with and somehow necessitates disclosure of DVD
CCA's trade secrets.
Many in the open source community would disagree that the disclosure of
the code "adds nothing to the public debate." Ed Felten writes
that access to the code is important factor in the debate over CSS:
CSS is a controversial technology, and information about how it works is
directly relevant to the debate about it. True, many people who are
interested in the debate will have to rely on experts to explain the
relevant parts of DeCSS to them; but the same is true of Enron's
accounting or the Shuttle's engineering.
Certainly the fact that CSS was so easily defeated is of public interest
when debating whether CSS qualifies as a "trade secret" or simply a
veiled attempt to rob users of their fair use rights over copyrighted
materials they've legally purchased. The code should also be of some
interest to those who wish to disprove the DVDCCA's continual claims
that DeCSS exists primarily for copying DVDs, rather than watching them.
Whether Bunner is legally permitted to post DeCSS or not, the cat is out
of the bag. For all practical purposes, anyone who wants to get access
to the DeCSS code is able to do so. However, the case will set
precedents that no doubt be revisited as the entertainment industry
rolls out new media formats, and new encryption schemes.
Comments (4 posted)
It may have seemed like a relatively quiet week on the SCO front - to the
relief of many - but a number of things have been happening. It's time to
get caught up in the latest developments in this case.
People have continued to look at the code samples presented by SCO in Las
Vegas. Eric Raymond posted his own
analysis which included a comparison of the Linux atealloc()
code with the SYSV malloc() implementation - something that Eric
evidently has sitting around somewhere. Eric's conclusion was that the
Linux code derives from the ancient malloc() implementation found
in 32V Unix. LWN, looking at Eric's diff, came to a different conclusion;
the Linux code appears to have been taken from (proprietary) SYSV Unix.
See this article for a full description of
our reasoning. Since then, FreeBSD kernel hacker Greg Lehey has posted his analysis,
which also points to a SYSV derivation.
The sad fact is that this particular piece of code is problematic no matter
how you look at it. The alternatives are:
- The code was lifted from SYSV Unix, which makes it a direct
infringement of SCO's copyrights.
- The code actually derives from the ancient 32V Unix release. SCO,
back when it was called Caldera, released 32V under an older,
four-term BSD license; this license is incompatible with the GPL, due
to its advertising requirement. The code in Linux also lacked the
requisite copyright headers. In this scenario, the inclusion of this
code infringes SCO's copyrights (due to the missing copyright headers)
and also those of the other Linux kernel contributors (due to the GPL
- There are other opinions on how 32V is really licensed. SCO has
started making noises to the effect that 32V was really only released
for 16-bit, non-commercial use, though the license letter that went
around (and, indeed, was sent to us anew by SCO PR person Blake
Stowell) says otherwise. Any attempt by SCO to "call back" this
release is likely to fail at this point.
Then, there is the assertion that 32V is actually public domain. This
conclusion comes from the March 3,
1993 ruling in the USL case, which reads: "...I find that
Plaintiff has failed to demonstrate a likelihood that it can
successfully defend its copyright in 32V. Plaintiff's claims of
copyright violations are not a basis for injunctive relief."
But saying that USL lacks evidence strong enough to justify a
preliminary injunction is different from a true finding that the 32V
code has gone into the public domain. Given the rather friendly
stance the courts have taken toward copyright holders in modern times,
relying on this preliminary ruling to hold in a new court case seems
risky at best.
It is thus hard to conclude that this code belongs in Linux. And, in fact,
it has already been removed from the 2.4 and 2.6-test branches. In any
case, it is a tiny piece of ancient code performing a trivial task; it is
not the basis of a $3 billion lawsuit. If this is the best that SCO
has, its case will not go that far.
SCO's other code sample, of course, was the Linux implementation of the
Berkeley Packet Filter (BPF) library. There appears to be no way that SCO
can claim ownership of this code; indeed, Greg Lehey's analysis suggests
that, perhaps, SCO has stripped the copyright headers from its copy of that
code, in violation of its (BSD) license. SCO would seem to have figured out
that it is on especially thin ice here; a
recent InfoWorld article quotes SCOSource VP Chris Sontag as follows:
But Sontag said the BPF routines were not intended to be an example
of stolen code, but rather a demonstration of how SCO was able to
detect 'obfuscated' code, or code that had been altered slightly to
disguise its origins. The slide displaying the code should have
been written differently to reflect that intention, he said.
Given that the slide in question reads "Obfuscated System V code has been
copied into Linux kernel releases 2.4x and 2.5x," one might well agree that
it should have been "written differently." One might well ask what other
parts of the company's recent output should be written differently.
Meanwhile, SCO lawyer Mark Heise is still taking potshots at the GPL; his
assertion (from this
ZDNet interview) is that Section 301 of the U.S. Copyright Act preempts
the GPL. Now, one of the advantages of having an Internet around is that
one can go and check these things directly; the first part of Chapter 3 of
the Copyright Act reads:
§ 301. Preemption with respect to other laws
(a) On and after January 1, 1978, all legal or equitable rights
that are equivalent to any of the exclusive rights within the
general scope of copyright as specified by section 106 in works of
authorship that are fixed in a tangible medium of expression and
come within the subject matter of copyright as specified by
sections 102 and 103, whether created before or after that date and
whether published or unpublished, are governed exclusively by this
title. Thereafter, no person is entitled to any such right or
equivalent right in any such work under the common law or statutes
of any State.
Those of us who are unused to reading legalese will probably have to go
over this paragraph two or three times, but, in the end, the title sums it
up pretty well: this part of the copyright law states that it preempts
other laws at the state level. Since very few states have enacted
the GPL into law, the §301 preemption really is not relevant. The GPL
is a license in which the copyright holder waives certain rights under
certain conditions, as is allowed by the rest of the copyright law. If
§301 preempts the GPL, it preempts every other software license as
well. So Mr. Heise's reasoning remains unconvincing, to say the least.
However, he appears to be in charge of this case at this point; David Boies
would seem to have found more pressing engagements elsewhere.
Then, there is SCO CEO Darl McBride's amusing and paranoiac assertion (as
reported in InfoWorld) that IBM is behind the attacks on his company.
No further comment seems necessary there.
SCO's web site was evidently the target of a denial of service attack over
the weekend of August 23. The Linux community should have nothing to
do with such attacks. They do not help us in any way, and they go strongly
against the principles of openness and freedom upon which the community is
based. This sort of attack also gives SCO a great opportunity to portray
the community as a bunch of criminals. Taking down SCO's site is wrong; it
is a big mistake. Let us hope that it does not happen again.
Finally, Rob Landley and Eric Raymond have put together a response
to SCO's amended complaint in the IBM case. Think of it as the "Mystery
Science Theater 3000" version of the complaint; SCO's text is presented
with Rob and Eric ruthlessly heckling each paragraph as it comes. It is a good
resource for those wanting to put SCO's actual allegations in the IBM case
Comments (6 posted)
The September 26, 2002 LWN Weekly Edition
the beginning of a major change for this publication. Therein, we said:
We will now try to transition LWN into a subscription-based
publication, supported by the readers that benefit from it. If LWN
is valuable enough to its readers to earn that support, we will
continue to produce it - and try to make it better. If not, well,
then we will search for some other way to use our skills in the
free software community.
At the time, we concluded that we needed about 4000 subscribers to begin to
see LWN as a stable enterprise. We're still a bit short of that - there's
just under 3000 individual subscribers, currently - but we're still here.
Things seem to be headed in the right direction.
Much depends on what happens in the next month or so, however. Many of you
went for one-year subscriptions when they first became available. That
money has sustained us over the last year, and we are more than grateful
for that. But those subscriptions are now about to expire. Over the next
month or so, almost one third of our subscriptions will come to an end. If
the renewal rate is high enough, we should get a cash infusion that will
prove most helpful in taking LWN to the next level, and we can continue our
march toward 4000 subscribers (and beyond). If it's not, well...
We're optimistic. We came out of the "mini expiration" last spring (when
the first set of six-month subscriptions ran out) with as many subscribers as we
had going in. With luck, the same will hold true this time.
Please note that, if you signed up for an automatic monthly subscription,
you, too, will have to renew it. Some businesses, once they get your
credit card, feel entitled to keep charging to it until you show up on the
premises with a baseball bat and make them stop. We've never felt we had
that right, so automatic subscriptions include a maximum number of
authorized charges. That maximum was capped at twelve months (we've since
raised it to 24), and will be running
out for those of you who subscribed a year ago. Many of you will have
already received the "last charge" message we send when the authorized
payments run out. Renewing is just a matter of going to the My Account page and enabling more charges.
The rest of you will not get mail from us until your subscription actually
ends and the grace period begins.
Many of you, however, will not get mail from us at all. We have never made
any attempt to force people to give us a real email address when they set
up an account; if you really don't want us to have it, we can live with
that. But, if we do not have your email address, we cannot communicate
with you regarding subscription expiration. Some of you may also lose our
email because your mailboxes are full of SoBig output; we also simply do
not have the time to be feeding cookies to challenge/response systems. If
any of the above situations apply to you, please keep an eye out for the
"renew your subscription" link that will show up in the left column. Or
just head over the the "My Account" page and top up your subscription ahead
Finally, please note that we will soon stop offering automatic monthly
subscriptions at the "starving hacker" level. When we make credit card
charges that small, the processing fees eat up a substantial amount of the
money we get. Honestly, we'd rather that subscriber money (your money!) went to us,
rather than credit card processing companies. The "starving hacker" level
will continue to exist, but subscriptions will need to be prepaid at least
three months at a time. Existing monthly subscriptions at that level will
not be affected as long as they are maintained.
Once again, please accept our thanks for supporting LWN so strongly over
the last year. We will continue to try to show our appreciation by making
LWN the best resource that it can be.
Comments (30 posted)
Page editor: Jonathan Corbet
Inside this week's LWN.net Weekly Edition
- Security: JAP tapped; Most over- and under-rated vulnerabilities; new vulnerabilities in gdm, pam, sendmail, vmware.
- Kernel: The return of dev_t expansion; scheduler improvements; freeing net devices safely.
- Distributions: Red Hat Based Live CDs; new: Echelon Linux, Onebase Linux
- Development: PostgreSQL donates Database Replication software,
New versions of Aegir CMS, Tiki, GNOME System Tools,
BIE, PyX, Gnome Jabber, Gnumeric, PHP, Unix Squeak, DrJava.
- Press: Lots of SCO articles, DeCSS not considered free speech,
new Linux clusters, Mozilla use on the rise.
- Announcements: Turbolinux Joins OSDL, SGI partners with SuSE, two anti-SCO groups formed,
DotGNU Coding Competition, Kastle reports.