I tend to favor protecting end-to-end in the Internet context, but I’m a bit worried about what the net neutrality rules will look like in practice. There are two ways to think of this problem. First, who is the target of regulatory action? The FCC’s rules seem to look at the CEO or CTO of an ISP or telecom company. I think the correct focus is farther down the corporate ladder: the IT folks who have to implement rules on their routers. The new rules seem fine as policy statements, but how do they translate into what you can and can’t do with bits?

Second, what existing practices are covered by the net neutrality rules? I worry there are some laudable practices that might run afoul of the rules – even if it’s unlikely the FCC would seek enforcement against them. (Safety that depends on agency discretion is not particularly comforting.) Here’s a fast list of practices that might violate net neutrality right now:

• Port blocking – can ISPs prevent you from sending e-mail except through their servers by blocking port 25? Many, including Verizon, already do. (See Rule 2 in the Press Release.)
• Network Address Translation – NAT rewrites IP addresses to ensure that packets reach their destination. Does altering header information violate the rules? (Rule 6 at least, maybe Rule 4.)
• Spam filtering – ISPs routinely drop connections, or quarantine messages, from known spammers and spam-friendly destinations. (Rules 1, 4.)
• VoIP routing – some telcos route their own VoIP traffic across their network rather than the public Internet, which is more efficient (assuming both ends of the conversation have the same provider). That’s almost certainly out. (Rule 5.)
• Virus prevention – some educational institutions scan connecting devices for Trojans / viruses / malware, or software that protects against them, and condition network access on passing this scan. (Rule 3, though doubtless the FCC would use the “harm” criterion as a dodge.)

So, I’m worried about how the FCC’s legal rules are implemented in code. I think we need a lot more guidance from the agency, particularly since net neutrality still feels somewhat like a solution in search of a problem…

The two additional principles are extremely important aspects of the plan. First, a “nondiscrimination” principle would embody the heart of the concerns expressed by activists for free speech and end-to-end openness who warned that providers would begin to offer preferential treatment to some content based on the identity of the sender, either to extract fees for high-speed delivery or to block competition. Second, a “transparency” principle addresses the concern I’ve always expressed: consumers and regulators can’t find out about ISPs’ traffic-shaping. As if the formal rule and the new principles weren’t enough, Genachowski also said he would apply the new regime to wireless as well as broadband carriers.

This will be a major fight, probably the most significant battle we have seen within the federal government over the structure of the internet.

A few other observations after the jump:

Language: Genachowski appears to avoid the language of “network neutrality.” He prefers to talk about a “free and open internet.” I don’t think it means much substantively, but it suggests he is thinking carefully about how to present these complex ideas to the wider public.

Characterizing Supporters: The story was leaked in advance to the New York Times, Washington Post, and Wall Street Journal, which all run stories over the weekend. I could not help but notice that the Journal cast the entire debate in terms of telecoms (like AT&T or Verizon) against content providers (like Google or Amazon), making no mention whatsoever of the grass roots citizen activism on the issue. The Times, meanwhile, did just the opposite, painting the dispute only as a corporate vs. consumer one without ever noting the interest of big content providers in getting federal regulation of internet access. Both portraits are grossly inaccurate, of course.

The Need for Action: Genachowski strongly refuted the argument often made by telecoms that there are not serious access problems (yet) so action on network neutrality is premature. He said:

Saying nothing — and doing nothing — would impose its own form of unacceptable cost. It would deprive innovators and investors of confidence that the free and open Internet we depend upon today will still be here tomorrow. It would deny the benefits of predictable rules of the road to all players in the Internet ecosystem. And it would be a dangerous retreat from the core principle of openness — the freedom to innovate without permission — that has been a hallmark of the Internet since its inception, and has made it so stunningly successful as a platform for innovation, opportunity, and prosperity.

Details, details: Boy oh boy is the devil in the details on this one! There are so many questions about implementation. For example, under the plan the FCC would evaluate cases under the nondiscrimination principle on a case-by-case basis, so we may not know precisely what’s allowed for a long time to come. Also, there would continue to be “reasonable” exceptions to allow for network management, but how much scope would wireless broadband providers have to constrain bandwidth-hogging applications, especially at peak times? And Eric Goldman just tweeted about the tension between network neutrality and Section 230 immunity. And those are just the first ones that come to mind. This is going to be a doozy…

I wasn’t at the courtroom, so I’m relying on reporting / blogs, but I think they’re wrong. Here’s why.

First, Tenenbaum’s attorneys failed to object to the liability question. So, it’s not preserved for appeal. That’s bad, unless the First Circuit decides to tackle it sua sponte, which they won’t.

Second, look at Joel’s actual testimony (quotes from Ray Beckerman’s helpful site, emphasis mine):

“He also testified that he had used the sublimeguy14 username, admitted that he had used KaZaA, and that the KaZaA shared folder in the screenshots from MediaSentry were his. He also testified that it was not uncommon for him to see other people uploading files from him on the KaZaA traffic tab.”

“He testified that he had burned CDs of the music in his shared, and testified that he had ripped CDs to his computer.”

“He testified that he had listened to, talked about, made mixes of, and made available for distribution all of the music in his shared folder.” [ignore the distribution part]

“The redirect was very short… He was asked if he was now admitting liability, to which he said yes. ”

Even throwing out the redirect, if Beckerman is reporting this accurately (I trust him), Tenenbaum has admitted to facts that constitute violations of 17 USC 106(1), 106(2), and 106(3). The liability bit came on redirect and can be ignored without affecting the outcome. The plaintiffs thus clearly made out their case on chief on infringement, and since Tenenbaum’s fair use defense was shot down ahead of time, it was all over but the shouting (and the damages calculation)…

The judge in the copyright infringement lawsuit against Joel Tenenbaum has issued a directed verdict on the issue of infringement liability. The only remaining issue for the trial is that of damages. I predict Joel is going to get whacked: he admitted to lying in a deposition, and suggested that “burglars” might have downloaded the songs to his computer. (Increasingly tech-literate, those burglars!) The jury in the Thomas-Rasset case seemed to think that her somewhat incredible story counted against her in terms of damages, and it may be the same here.

On the other hand, Tenenbaum’s defense team has substantial ammunition on its side regarding damages. Pam Samuelson’s paper makes a compelling case that the Copyright Act’s damages scheme should not only be interpreted differently by courts, but may in fact be constitutional. This could well be the most important aspect of this case.

Stay tuned – via Ben Sheffner and Brent Whelan. Predictions on the size of damages welcomed in the comments.

I don’t want to be harsh about Kaus – Section 230 is a little obscure – but I think any blogger, and especially one who’s a lawyer, should have some familiarity with it. (Citizen Media Law Project has a great summary of its effects, for example.) Kaus goes on to list five observations, which merit a bit of comment:

1. “lawyers for big journalistic outfits (like the Washington Post, which owns Slate) won’t require blogs to be edited.” Yep. Even some editing may pass 230 muster – see Batzel v. Smith.
2. “Most bloggers themselves are probably poor enough to be judgment-proof.” Also true, at least until Bill, Tim, and I land that lucrative Nike contract.
3. “unverified undernews would now have a prominent, semi-official, de facto-sanctioned home.” Yep – see AutoAdmit.
4. “Are they really going to apply this to organizations that pay freelance bloggers for their submissions?” The FTC doesn’t think so. Bill and I have been trying to figure this out.
5. “What about repeating these protected-by Sec. 230-but-unverified blog allegations in the core MSM?” Ah, the joys of cyberexceptionalism! A blogger posts something saying, “Sarah Palin resigns due to threats from wildlife sick of being shot at from helicopters.” The Boston Globe’s Web site republishes it – they’re immune under 230. The Boston Globe publishes exactly the same content in its print edition – no immunity. (They’ve got to depend on NYT v. Sullivan rather than the 230 shield.) So, the MSM has to be careful about how it deals with Web rumors, at least if they’re going to circulate them offline.

Kaus then confidently predicts Congress will amend the statute (”"But I find it difficult to believe that the broad web-site-protecting reading of Section 230 will hold up… When Congress sees how that phrase has been interpreted, it may (as they say) revisit the issue”). Um, no. It’s been around since 1996, and I know of no serious effort to amend it since. Scholars keep putting up alternatives, but Congress seems quite happy with Section 230, even when it gets interpreted in ways that prevent children who are sexually assaulted from recovering against the on-line sites where they met their assailants. If Congress isn’t going to help the kids, it’s not going to be too worried about Palin’s press image…

This might be useful in getting Australia to reform its content classification system, which has some weird dichotomies in evaluating on-line vs. off-line material, and in dealing with different media for the same content. This particular quirk, though, seems like it’s vulnerable to gamesmanship: if I were an Australian gaming company, I’d surely submit complaints about my competitors’ games (especially foreign ones) – censorship could help my sales by eliminating alternatives.

Fun stuff. Hat tip to Boing Boing.

In Germany, the major parties in Parliament are in agreement on a plan to require ISPs to filter a list of sites – limited to child pornography, says the government – provided by the federal police. Opposition has been strong, but for naught, as the government passed legislation today. Ralf Bendrath, an activist and academic whom I met at CFP 2009, is following the situation on his blog. Initially, the government pressed for “voluntary” blocking by ISPs, but the Greens and others pushed for a public, not private, law solution. Rebecca MacKinnon points out that some German politicians already want to expand the scope of blocking – for example, to cover extremist or gambling sites.

Coverage of Internet censorship tends, unsurprisingly, to be libertarian in tone: filtering is implicitly treated as undesirable or illegitimate. Nicole Wong of Google had an insightful point at CFP that captures this argument beautifully: filtering is problematic when adopted by democratic states, she said, because it offers cover to authoritarian ones who use the same practice to more troubling ends.

But, for a change of pace, let me offer three reasons why Germany’s move looks legitimate, and then one criticism.

1. The new filtering legislation has support from the Christian Democratic Party and the Social Democratic Party – in other words, from both conservative and liberal politicians. Thus, filtering has a fairly broad base of political support (unlike, say, in Australia).
2. Germany opted for formal public law after debate, rather than bullying ISPs into quasi-voluntary filtering (as in the UK). Governments make bad law all the time, which is why we vote them out. Legislation is more transparent and more amenable to policy change than private deals.
3. The government recognizes – this was a driver in the shift from private to public law – that the legislation treats questions of fundamental rights, such as expression and access to information. That’s preferable to simply lumping opponents in with child pornographers (as Minister Conroy has done in Australia).

The problem is scope creep: the first step in putting filtering in place is the hardest, both politically and technically. Germany, like most Western states that have contemplated Internet censorship, has focused on the easy case: child pornography. The child pornography lobby is, shall we say, small and underfunded. But once the filtering apparatus is in place – “the machine,” Wendy Carlisle calls it – it can be set to block other things about which there’s less consensus – gambling, euthanasia, copyright infringement. And since the lists of sites to be blocked are secret, it’s very difficult to detect how far the system slips down that slope.

Much depends on the details of Germany’s new law, and on its implementation. We’ll see how much the country’s system looks like the others in the news…

Google uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers’ login information. However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar. As a result, Google customers who compose email, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries, and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers. Tools to steal information are widely available on the Internet.

Thanks to Chris Soghoian for his leadership on this one!

You got to know when to hold em, know when to fold em,
Know when to walk away and know when to run.

The department wisely ran.

The complaint in the lawsuit makes for interesting reading. First, I’m depressed that a complaint still has to describe the Internet. Second, iMEGA rightly argues that ISPs are not common carriers, and hence not subject to the Wire Act’s demands about leasing, furnishing, or maintaining a facility whereby gambling information is transmitted. (See 18 U.S.C. 1084(d).) Third, I think it’s undesirable to have states making content blocking decisions, especially ones that apply to national and international carriers – it has the risk of increasing access costs, and of leading to overblocking if providers want to reduce those costs. (Cheaper and simpler to block a site for everyone than to differentiate by geographic location.)

But the neatest, and most brilliant, part of the complaint is that it throws Minnesota between Scylla and Charybdis: if ISPs block gambling sites by fully-qualified domain name or IP address, they’ll prevent access to lawful information (such as a history of blackjack) protected by the First Amendment – but if they block at a deeper level, such as individual URLs, it’ll be under-inclusive. This is clever, probably accurate, and diabolical. It points out the flaws in filtering: either it’s easily evaded, or it’s going to sweep up content that is permissible. The First Amendment frowns on both.

I don’t know why Minnesota started down this path. My intuition is that there’s either a norms-based goal, or a political one. The norms-based goal would be to signal Minnesota’s disapproval of on-line gambling. The political one would be to advance someone’s career by appearing to tackle (mostly out-of-state) gambling interests, even in a losing battle. (Battle of Thermopylae metaphor, anyone?)

Prediction: there will be more state-based filtering efforts, and soon. Pick your targeted material: a) child porn, b) terrorism materials, c) gambling, or d) “obscene” content. Any bets?

Hat tip, and serious props, to my colleague Karen Schneiderman for great research following this case…

I made a few points that I’ll share here. First, I think that Internet filtering has had three epochs:

1. Filtering 1.0: filtering is technically impossible (Gilmore and the cyber-exceptionalists / cyber-libertarians)
2. Filtering 2.0: filtering is possible, but only done by bad actors / authoritarian states (China, Iran, Saudi Arabia, etc.)
3. Filtering 3.0: filtering becomes widespread, including in Western democracies, and we face hard questions about how to assess the practice’s legitimacy

Second, Australia is the beta for Filtering 3.0. The country is having useful, vehement disagreements over how filtering is implemented (what method is used? who pays? what trade-off in performance is acceptable?) and what gets blocked (who decides? why is certain content prohibited? how can one challenge censorship decisions?). The Rudd government, via Senator Conroy, seems to be backing down on two fronts – specifying that only Refused Classification (RC) material will be blocked in a mandatory fashion, and that a “voluntary” industry code to which all ISPs adhere could substitute for legislation – but a requirement to filter is still a government objective.

Finally, there’s a persistent myth that the U.S. is a filtering-free zone. I think this derives because what we block seems natural / inevitable / invisible. Google has to remove certain search results that link to infringing content to stay within the safe harbor of the Digital Millennium Copyright Act. This is like the dog that didn’t bark in Sherlock Holmes: how do you know what you’re missing? (To Google’s credit, the site includes notification that it has filtered results, and links to Chilling Effects so you can read the DMCA take-down notice.) Linking to a site that you know posts DeCSS is unlawful. Napster had to institute filtering to satisfy the district court in California (which it failed to do). Americans think that prohibiting copyright infringement just makes sense – but Saudi Arabia thinks this about porn, and France for hate speech, and Australia for euthanasia. We aren’t different, and that’s what makes Filtering 3.0 hard.

I’ve got an initial proposal for how to approach Filtering 3.0 (my paper Cybersieves, coming out this year in the Duke Law Journal) that looks at process rather than the content that’s banned. Filtering is coming: to Australia, to Germany, to Minnesota. Gilmore’s optimism no longer applies. We need to think about what comes next.