The Laboratorium
November 2011

This is an archive page. What you are looking at was posted sometime between 2000 and 2014. For more recent material, see the main blog at http://laboratorium.net

GBS: Motion to Dismiss Coming in December


Judge Chin today filed a scheduling order in response to Google’s notification that it would like to file a motion to dismiss the Authors Guild and ASMP lawsuits. He set the following deadlines:

  • Google moves to dismiss by December 23, 2011.
  • Plaintiffs respond by January 23, 2012.
  • Google replies by February 3, 2012.

He left in place all the deadlines from his previous order, which means that Google’s motion to dismiss will overlap with the Authors Guild’s motion for class certification. December will be interesting.

A Straussian Reading of The Magicians


The Magicians is a modern atheistic retelling of The Chronicles of Narnia, with a twist: its message is the moral and aesthetic emptiness of atheism. If Fillory seems flat and cartoonish, that is because we are seeing it through the hedonistic haze of the feckless young adults at the center of the book. They are looking for an entertaining quest and to be anointed kings and queens. That they have stumbled into a land suffering from severe and prolonged anarchy and stalked by forces of evil is simply beyond their capacity to notice.

Quentin is not the hero, he is the antihero. If he seems unlikeable, that is because we are not supposed to like him. This is not the story of a talented but unhappy young man who is redeemed by his acceptance into the elite world of magic; it is the story of a talented but unhappy man who is fundamentally irredeemable. He is alienated from society because he is alienated from himself, and magic can do nothing about that.

Within the first twenty pages, Quentin walks in on a dead man, and all he can think is, “If he didn’t move, nobody could involve him in this any further.” When offered the chance to start at Brakebills, he accepts, but only on condition that he not have to go home to say good-bye to his parents. When his careless student prank gets a classmate killed, does he set off to atone and set things right, like Ged? No. He keeps quiet, glad that no one can finger him for opening a portal to an evil power. He’s competitive, bad-tempered, selfish, faithless, and jealous.

Indeed, The Magicians makes explicit that Quentin, for all his academic and magical adeptness, is fundamentally of learning anything that matters. Others tell Quentin that the unhappiness lies within, but he will not listen. Fogg says, “I think you’re magicians because you’re unhappy. A magician is strong because he feels pain.” Quentin’s reaction? To space out and stare at the ceiling.

And here is Alice, in a scene that is utterly merciless in illustrating how Quentin’s lack of self-awareness is rivaled only by his incapacity for empathy:

Even if this whole thing came off without a hitch, you wouldn’t be happy. … Stop looking for the next secret door that is going to lead you to your real life. Stop waiting. This is it: there’s nothing else. It’s here, and you’d better decide to enjoy it or you’re going to be miserable wherever you go, for the rest of your life, forever.

Quentin’s response is priceless:

There was something true about what Alice was saying. But he couldn’t grasp it. It was too complex, or too simple. Too something.

But Quentin’s moral and personal failings cannot be laid at his feet alone. Brakebills is the Bennington of magical colleges: a playground for the idle, the heartless, and the rich. Its curriculum is academically intensive but narrow: magical practice and nothing else. It offers no science, no arts: philosophical exploration is explicitly discouraged. There is no discussion about how one should make one’s way in the world as a magician; the students are never invited to think about right and wrong.

Quentin and his classmates show all the moral failings one would expect from being let loose at an opulent school with no educational philosophy to speak of. They display a talent for casually wounding each other that would do Tom and Daisy Buchanan proud: indeed, it seems to be their main source of amusement. The drinking — including wine supplied by Brakebills itself — starts early and soon reaches Pantagruelian proportions. The sex is a joyless, competitive sport; the drugs follow in due course. Their chief emotion, and only significant motivation, is boredom. The Magicians is a Brat Pack novel in which there are also talking animals.

Once they cross into Fillory, the religious message becomes overt. The one Christian character, though mocked by the others for his belief, both correctly intuits the basic wrongness of what the others are doing and then arrives just in time to save them. Faced with the closest thing Fillory has to God, Quentin and his “friends” do the exact opposite of what He asks. Motivated by fear and their louche sense of aesthetics, rather than reason and moral cognition, they make one terrible decision after another. Death and disaster ensue.

But of course, they learn nothing. This is not that sort of novel.

To Us Nigh Miraculous


But to characterize the to us nigh miraculous processes whereby these images actuate airwaves so as to cause electronic changes in sets in millions of homes which are then “unscrambled” or “descanned” and thus produce pictures on television screens — along with the simultaneous electronic transmission of sound — as “analogous” to cinematography pushes the analogy beyond the breaking point.

Bartsch v. Metro-Goldwyn-Mayer, Inc., 391 F. 2d 150, 153 (2nd Cir. 1968) (Friendly, J.)

Also of note in the opinion is this, from the conclusion:

The risk that some May might find the nation’s television screens bereft of the annual display of “Maytime,” interlarded with the usual liberal diet of commercials, is not one a court can take lightly.

Affirmed.

Id. at 155.

Undiplomatic Immunity


My latest review for Jotwell is live. In it, I salute Felix Wu’s Collateral Censorship and the Limits of Intermediary Immunity, which is arguably the best paper ever written on Section 230, the provision that shields the Facebooks of the world from liability when users defame each other. Wu gives a clever new interpretation, one that explains not just what Section 230 is intended to do, but what it isn’t. Here are some excerpts:

Wu’s move, so elegant that it is obvious in hindsight, is to recognize that there are really two questions about Section 230, not one. The first is how strong its protection should be: this was the issue in Zeran and it is the one on which scholars have mostly divided. The second is when that protection should apply at all: this part has received less attention. If we have two sliders to play with, perhaps we should set them differently. Section 230 could be broad and shallow: shielding intermediaries in a variety of factual settings but offering only a thin immunity that can be overcome with a sufficient showing of malice or unconcern on the intermediary’s part. Or it could be narrow and deep: protecting intermediaries only from defamation and closely related torts, but offering absolute protection when it does.

Having distinguished these sliders, Wu offers guidance on how to set them. He does so by reconstructing a theory of what Section 230 is supposed to do: prevent “collateral censorship.” It’s a commonplace that an online intermediary can’t be counted to stick up for its users when its own ass is on the line. (Exhibit A: PayPal and Amazon disgracefully dropped WikiLeaks based on little more than Joe Lieberman’s disgraceful jawboning.) Faced with even the vague and distant threat of liability for user speech, the rational intermediary will yank the challenged content. It has nothing to gain and everything to lose by doing anything else. This gives opponents of speech an easy-to-use heckler’s veto: just threaten the intermediary. A robust, deep immunity recognizes that the intermediary has much weaker incentives than the original poster does.

As Wu demonstrates, however, this rationale only works some of the time. …

3.75 Million Lawbreaking Parents


The Department of Justice would like the authority to put millions of American parents in prison. Don’t believe me? Read on.

A House Judiciary Committee hearing today considered the federal computer crime statute, the Computer Fraud and Abuse Act, known to its friends as the CFAA. Among other things, the Act punishes anyone who “exceeds authorized access, and thereby obtains … information.” The penalty for a first-time offense is a fine and up to a year in prison.

This provision has been used to prosecute people whose only misuse of a computer was violating a website’s terms of service. Most famously, when Lori Drew helped her daughter create a fake MySpace profile under the name “Josh Evans” to flirt with and then disparage a 13-year-old neighbor, Megan Meier. After “Josh” told Megan, “Have a shitty rest of your life. The world would be a better place without you,” Megan killed herself. When Drew was prosecuted, it wasn’t for homicide, but for exceeding authorized access to MySpace’s servers. Drew herself deserves no sympathy, but the theory that her crime was complete when she created the fake profile would make a criminal out of anyone who fails to comply with every last term in the fine print in a website’s terms of service.

Orin Kerr, the leading academic authority on the CFAA, has pointed out the absurdity of this reading of the CFAA. At the hearing today, he explained that it would make him a criminal because he lives in Arlington, Virginia but lists “Washington, D.C.” on his Facebook profile. In his written testimony, he pointed to simple statutory fixes that would draw a more sensible line between routine computer use and real computer crime.

But Richard Downing, the Deputy Chief of the the Computer Crimes and Intellectual Property Section of the Department of Justice, was having none of it. In his testimony, he explained:

We believe that Congress intended to criminalize such conduct, and we believe that deterring it continues to be important. Because of this, we are highly concerned about the effects of restricting the definition of “exceeds authorized access” in the CFAA to disallow prosecutions based upon a violation of terms of service or similar contractual agreement with an employer or provider.

Here’s an example of the severe criminal computer misuse that Downing would like the CFAA to prohibit: parents helping their children get on Facebook. Not just getting on Facebook with fake profiles to harass classmates, like in Drew. No, getting on Facebook at all.

Facebook doesn’t let users sign up unless they’re 13 or older. Facebook does this in order to comply with a 1998 law, the federal Children’s Online Privacy Protection Act. It puts stringent limits on the personal information websites can collect from children under 13. Some websites comply by going through the hard work of getting and verifying parental consent. But many others, including Facebook, comply by prohibiting children under 13 from using their site at all.

The prohibition is honored mainly in the breach. According to Consumer Reports, 7.5 million children under 13 use Facebook. One academic study found that 46% of 12-year-olds used Facebook, and other research is consistent with these findings. Pre-teens are on Facebook, notwithstanding its policies.

A recent paper by danah boyd, Eszter Hargittai, Jason Schultz, and John Palfrey examined the motivations of parents whose underage children were on Facebook. Some misunderstood the minimum age, or thought it was only a recommendation, but a substantial fraction understood that it was a genuine requirement. Over three quarters of the parents they surveyed agreed there were circumstances under which they’d let their child violate a site’s age restrictions, particularly for school-related reasons or to communicate with family members. And of the half of the parents in the survey (roughly 50%) with children who had Facebook accounts, over half had helped create the account.

Facebook’s terms of service leave no room for doubt:

4. … Here are some commitments you make to us relating to registering and maintaining the security of your account: …

1. You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.

5. You will not use Facebook if you are under 13.

Parents who create accounts for their children violate section 4.1 by “creat[ing] an account for anyone other than yourself.” On the Department of Justice’s theory of “exceeds authorized access,” that means the parents have directly violated the CFAA. But even parents who merely help their underage children create accounts (for example by explaining how to enter a false birthdate) are in trouble. Their children “exceed[] authorized access” by violating section 4.5. That makes the parents guilty of aiding and abetting a violation of the CFAA. The punishment is the same.

boyd and her coauthors focus mainly on the failure of COPPA’s regulatory strategy, and on the moral lesson parents teach their children when they show that lying online is acceptable. But there is another, even more frightening point implied by their findings. A mother in Ohio who helps her son sign up for Facebook to keep in touch with his cousin in Arizona is exposing herself to criminal liability, if the CFAA means what the Department of Justice claims it does. Worse still, the Department of Justice wants it to make a criminal of the mother.

This ought to be a scandal. A high official in the Department of Justice is endorsing a law that could be used to put millions of parents in prison. Do something to tick off a federal prosecutor and even if you’ve otherwise lived a blameless life, they can lock you up for helping your kid use Facebook.

UPDATE: Orin Kerr is cautiously optimistic that the DOJ is taking a more moderate position in its interpretation of the CFAA.

Bells Are Ringing


The music industry is a little less hapless than it was.

In a former professional life, one of my coworkers was Slovak. He would talk about “my country” in a tone vaguely reminiscent of the “Old Country” from Borgel. And one day, he came into the office with a CD he called “My country’s Sgt. Pepper and Dark Side of the Moon combined.” And despite my initial skepticism, I had to admit it was a striking album: late-1960s folk rock with catchy tunes, creative but never ostentatious instrumentation, and an infectious confidence.

Since then, that album — Zvoňte Zvonky by Prúdy — has been my touchstone for whether the music industry is genuinely serious about making authorized purchases more convenient than piracy. It’s not particularly obscure: indeed, it’s number one on the 100 Greatest Slovak Albums of All Time. There are presumably international licensing issues involved, but solving licensing issues is after all their job. That was a decade ago, and I’ve checked periodically since then. Each time my conclusion was the same: not legally available for sale in the U.S., by hook or by crook.

Until this week. I found Zvoňte Zvonky on iTunes. I hope it’s legit, rather than the handiwork of someone pretending to be the rightsholder. But assuming that it is, I’m pleased, surprised, and a little impressed. I’m not ready to declare the recording industry the victor in this contest. But I am now willing to say that it is at least taking the game seriously. And when it does, we all win.

So, go listen to Zvoňte Zvonky on iTunes or on Amazon and enjoy.

Zittrain vs. Zittrain


Jonathan Zittrain and I had a Twitter exchange last week that I think is extremely illuminating on the brilliance — and the limits — of his book The Future of the Internet—And How to Stop It. It started with this tweet:

zittrain: Apple one step closer to locking down PCs as predicted in The Future of the Internet at http://t.co/yYhvdrEE ; see http://t.co/e4kmgQWi

Let me unpack. The story Zittrain linked to was about how Apple will soon be “sandboxing” all applications that are sold through the Mac App Store. Regular applications can read or write files at will, launch other programs, open network connections, and do all kinds of complicated things to your computer. Sandboxed applications can’t even see the rest of the computer, let alone affect it: it’s as if they’re playing safely with soft rubber toys in a glass-encased sandbox. In order to get outside the sandbox, they need adult supervision from Apple. The developer gives Apple a list of “entitlements” that the application needs: being able to write a file to a place specified by the user through the Save dialog box, for example. Apple will only let the application have those entitlements if really needs them to do its job: there’s no reason for a stock ticker to save files to arbitrary places.

The reasons for this, of course, are security and stability. Apple doesn’t want Mac App Store applications to install spyware or fill your Documents directory with gibberish. Properly sandboxed applications can’t take advantage of security holes in pieces of software. They can mess themselves up, but nothing else.

The Future of the Internet predicted it. The book starts off as a celebration of “generativity”: the openness of a system to new and unplanned change from its users. We have open computers: you can run any programs you want. And we have an open Internet: you can run any protocols you want and connect to anyone you want. The combination is a remarkably generative system — no, the most generative system in human history. The consequences for innovation, creativity, sharing, and community have been, well, adjectives fail me.

But generative systems’ greatest strength, Zittrain observes, is also their greatest weakness. Their openness makes them open to bad uses as well as good. The Internet is open: to spam. Computers are open: to viruses. The onslaught of abuse starts to make them unusable, as anyone who has ever pitched a computer that just “got slow” can attest. This, Zittrain argues, creates counter-pressures fighting back against generativity: people flee to safety as bad software drives out good. They seek defensible systems: ones that aren’t actually open to new uses, but which at least work reliably. Instead of general-purpose computers, we get specialized, sealed appliances: like ATMs and TiVos.

Thus Zittrain’s tweet. Apple is closing off the Mac App Store. Programs available through it can do less. In order to make your Mac run more smoothly, Apple is restricting what you can run on it. The Future of the Internet absolutely nailed it on this point. Zittrain has a compelling explanation both of why Apple is sandboxing applications, and what we lose by it.

There’s just one problem with this story of fear and loss: you can still install anything you want on your Mac, just not through the Mac App Store. Any users who want to run unsandboxed applications are still free to. Any developers who want to write unsandboxed applications are still free to. The Mac App Store is not old, and it is not exclusive. Developers used to sell direct to users; many still do.

So, in a sense, Apple is now giving users the best of both worlds, open and closed. Users who want the power of openness can install applications directly. Users who want the safety of closure can install applications from the Mac App Store. In fact, here’s a powerful argument for this kind of hybrid model:

In an effort to satisfy the desire for safety without full lockdown, PCs could be designed to pretend to be more than one machine, capable of cycling from one split personality to the next. In its simplest implementation, we could divide a PC into two virtual machines: “Red” and “Green.” The Green PC would house reliable software and important data—a stable, mature OS platform and tax returns, term papers, and business documents. The Red PC would have everything else. In this setup, nothing that happens on one PC could easily affect the other, and the Red PC could have a simple reset button that sends it back to a predetermined safe state. Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably.

This is almost exactly what Apple has done. The Mac App Store is the Green PC Mac. Everything you install on your own is the Red PC Mac. The only significant difference is that the Red Mac, unlike the Red PC, can affect the environment that the Green Mac runs in, which means that Red Mac users need to be a little more careful with their computer offroading. But this is not a major issue in the scheme of things. The important part is having a computer that supports both “safe” and “unsafe” modes: one for greater security, and one for greater generativity.

Sounds like a good idea to me. And it also sounds like a good idea to Jonathan Zittrain. He wrote that passage about the Red PC and the Green PC. It’s on page 155 of The Future of the Internet. So I replied to him:

grimmelm: @zittrain Isn’t this exactly the red PC/green PC split that you called for?

Zittrain’s response was what lawyers call a “confession and avoidance,” or, in lay terms, “yes, but.”

zittrain: @grimmelm Sure - so long as one can install apps outside the App Store environment. I think that will be made more difficult or eliminated.

I want to leave aside the questions of whether Apple really will try to stamp out independent applications, whether it would succeed if it did, whether it could weather the antitrust storm that would immediately erupt, and whether it would be for the best if Apple did, would, and could. My best guesses are “no,” “no,” “no,” and “no.” Instead, I want to focus on whether this is really a convincing reply to my question. What does it tell us if Zittrain himself now thinks that Red-and-Green is not such a good development after all because it’s just a hand-basket service station on the road to lockdown hell?

In the context of The Future of the Internet, the Red-and-Green proposal was designed to help address the tension between generativity’s innovative upside and its security downside. It came in a chapter titled “Stopping the Future of the Internet: Stability on a Generative Net.” The “Future” to be stopped was lockdown; this chapter was the one in which Zittrain explained how other, lesser measures could provide security and usability without sacrificing generativity entirely. In other words, Red-and-Green was meant to be a stable policy, one we could all get behind because it would stave off the march to lockdown. It is, to say the least, not encouraging if the proposal’s own author now sees it as a harbinger of doom, rather than the generative Internet’s last, best hope.

Paul Ohm and I wrote a book review of The Future of the Internet last year. Although we showered the book with praise for isolating generativity as an essential technical goal for policy-makers, this was precisely where we had the most skepticism about Zittrain’s analysis. We compared Wikipedia (which Zittrain clearly loves) with the iPhone (which he seems to regard with dread):

Even with these restrictions, though, it isn’t obvious that the App Store is all that far away—from a generativity perspective—from Wikipedia. Many of the charges that could be hurled against the iPhone would also stick to Wikipedia. Many Wikipedia edits are reverted quickly after they are made. Some IP addresses are banned entirely. One organization has its finger on Wikipedia’s master override switch, and sometimes it uses that power. For example, the news of a New York Times reporter’s kidnapping in Afghanistan was suppressed for almost a year, on orders straight from Wikipedia’s founder. Compared with some of the convoluted fights over Wikipedia article edits, the iPhone App Store application process sometimes seems like a model of bureaucratic rationality.

This isn’t to say that Wikipedia is ungenerative, or dystopian, or doomed. It isn’t. But it is a complex, messy system, and one that accepts significant limits to its generativity. Those limits may be necessary to make the whole thing work, of course. Someone has to run the server, someone has to resolve disputes, someone has to deal with spammers and sock puppets,168 and so on. But structurally, this is the same argument used to justify Apple’s control over the iPhone environment. The Wikipedia model may be superior to the Apple model, all things considered, but it’s not self-evidently superior. Or, put another way, it’s easy to say the first-generation, locked-down iPhone was generatively inferior to Wikipedia, but it’s much harder to explain why Wikipedia beats the modern iPhone. They both make sacrifices in the name of overall generativity. You need a more precise analytical framework than what Zittrain provides to explain why one tradeoff is better than another.

The Future of the Internet makes a compelling case that more generativity is better than less — and also that there is such a thing as too much generativity. That commits Zittrain to finding sensible in-between positions that realize the best of both worlds. But the book never really explains how to distinguish the sensible compromises from the dangerous ones. As we wrote, using another example:

On what basis does he conclude that extensive firewalling and virus scanning is worse for generativity than some packet filtering? He’s probably right, but it’s hard to escape the conclusion that Zittrain’s gut is doing as much work here as his theory. He knows generativity when he sees it.

We could have said much the same about Red-and-Green.

Compare Zittrain’s book to his tweet, and I think it’s fair to say that he is of two minds about sandboxes. This is not a charge of cognitive dissonance or confusion. I think he really is wrestling with the problem. This is a man, after all, who teaches a seminar on “Difficult Problems in Cyberlaw.” No, these two points are the sign of a first-rate intelligence, one that really can hold two opposing ideas in mind at the same time. But there is a conflict here, and it deserves to be recognized as such.


Further reading

For more technical details on OS X sandboxing (and much more), see John Siracusa’s review of OS X Lion.

For an interesting take on some of the security issues, see Wil Shipley’s Real Security in Mac OS X Requires Apple-Signed Certificates.)