Slashdot Mirror
Our Attorney's Response To Microsoft
To: J.K. Weston, Designated Agent, Microsoft Corporation
This firm represents Andover.Net, Inc. ("Andover.Net") which operates the Slashdot service. Andover.Net has asked us to investigate your e-mail message regarding certain postings by users of Slashdot relating to a Microsoft Kerberos specification.
As a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users. Andover.Net is particularly concerned about censoring the user postings on which you have focused given their apparent relevance to issues in the current antitrust litigation between the Microsoft and the government.
In our review of this matter, it would be helpful if you could provide certain information:
1. How can Microsoft claim proprietary protections for enhancement to an open standard protocol?
2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?
3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet?
4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?
5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?
6. How could posting of the Microsoft Kerberos specification on Slashdot have any detrimental impact on the market for authorized distribution of Microsoft's version of Kerberos?
7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?
8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?
Any information you could provide in response to these questions and any other information that you believe we should consider would be helpful.
Very truly yours,
- Mark D. Robins
______________________________
Mark D. Robins
Hutchins, Wheeler & Dittmar
A Professional Corporation
"Can't wait to see the reply"
Okay, I'll play the Devil's Advocate:
1. How can Microsoft claim proprietary protections for
enhancement to an open standard protocol?
We claim proprietary protections only for our enhancements. No such claims
have been made for the standard Kerberos protocol.
2. How can Microsoft use the Kerberos name, which signifies
an open standard protocol, in connection with a proprietary
protocol?
Our implementation of the Kerberos protocol meets all standards of the
protocol, thus preserving our right to use the name. Our extensions to
the protocol do not interfere in any way with the standard Kerberos
protocol.
3. How can Microsoft claim trade secrecy for a protocol that
is distributed over the Internet?
4. What measures has Microsoft taken to protect the trade
secrecy of its Kerberos specification beyond the use of a
click-wrap license agreement?
Answers to #3 and #4:
The use of click-wrap non-disclosure agreements to protect trade secrets
have been upheld as legally binding in numerous court cases. The advent
of the internet as a means to widely and quickly distribute restricted
information does not change the fact that it is a violation of a legally
binding agreement to do so.
5. What measures has Microsoft taken to ensure that its
Kerberos specification is only distributed to persons who are
capable of entering into a binding contract in jurisdictions
where such an agreement would be enforceable?
The Microsoft Kerberos specification non-disclosure agreement is enforcable
under the laws of the state of Washington in all United States jurisdictions
where Microsoft does business, and in most foreign nations by virtue of
their own laws, and various treaties and trade agreements they might have
with the United States.
By it's very nature a raw software listing of this type is only of interest
to professional IT personnel. Microsoft therefore has a reasonable
expectation that:
A. Only professional IT personnel would be interested in obtaining
the specification, and
B. Anyone qualified to be an IT professional is also qualified
to enter into a binding contract.
6. How could posting of the Microsoft Kerberos specification
on Slashdot have any detrimental impact on the market for
authorized distribution of Microsoft's version of Kerberos?
The Microsoft Kerberos specification is a trade secret in order to
protect our investment, and protect our ability to profit from that
investment. We are in a highly competitive market and must take measures
to ensure that our innovations do not help our competitors at our expense.
7. Why wouldn't prospective purchasers of Windows 2000
need to know the contents of Microsoft's Kerberos
specification in order to make informed judgments regarding
interoperability in connection with their purchasing decisions?
Microsoft agrees that prospective purchasers of Windows 2000 should be
aware of our Kerberos specification. That is the reason we made it
conveniently available over internet. Microsoft customers are able to
to easily review the contents of the specification as long as they agree
to protect our trade secrets.
8. Why shouldn't Slashdot users and the general public be
able to view this protocol for purposes of commentary and
criticism in light of its apparent relevance to issues in the
government's antitrust litigation?
Firstly, Microsoft's Kerberos specification is a copyrighted trade secret.
The laws of the United States do not require the public release of trade
secrets simply due to their relevence to on-going legal action. In fact,
the law specifically protects trade secrets in those instances. We are
sure that you would agree that it would be undesirable for any entity
(including Microsoft) to be capable of discovering trade secrets by
merely bringing an "apparently relevant" lawsuit.
Secondly, our copyrighted Kerberos specification has been posted on
Slashdot for 16 days now, for as you put it, "commentary and criticism",
yet there has been no discussion whatsoever of its technical merits. The
only commentary and criticism we are aware of relate to the user license
itself, not the specification.
- just another AC
Microsoft won't answer those questions.
This is just laywerease for "fuck off, we're not going to do what you asked us to do".
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
In my experience, documentation released under a restrictive NDA is distributed via physical media (CD, print, fax) after a signed NDA has been submitted. An anonymous clickwrap agreement, followed by a non-watermarked, unencrypted, unprotected PDF shows not even a cursory effort to protect the document from casual redistribution.
From a "real security" standpoint, there's not much of a practical difference between what they did and, say, distributing it on CD to a signer of an NDA. But this is almost as if they left the barn door open and then put a neon sign on the barn roof saying "OPEN BARN! TAKE OUR COWS!"
The doctrine of Fair Use can be applied to the presence of copyrighted material here on Slashdot:
From http://fairuse.stanford.edu/rice.html
I. Fair Use for Teaching and Research
The "fair use" doctrine allows limited reproduction of copyrighted works for educational and research purposes. The relevant portion of
the copyright statue provides that the "fair use" of a copyrighted work, including reproduction "for purposes such as criticism, news
reporting, teaching (including multiple copies for classroom use), scholarship, or research" is not an infringement of copyright. The law lists
the following factors as the ones to be evaluated in determining whether a particular use of a copyrighted work is a permitted "fair use,"
rather than an infringement of the copyright:
the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational
purposes;
the nature of the copyrighted work;
the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and
the effect of the use upon the potential market for or value of the copyrighted work.
Although all of these factors will be considered, the last factor is the most important in determining whether a particular use is "fair." Where
a work is available for purchase or license from the copyright owner in the medium or format desired, copying of all or a significant portion
of the work in lieu of purchasing or licensing a sufficient number of "authorized" copies would be presumptively unfair. Where only a small
portion of a work is to be copied and the work would not be used if purchase or licensing of a sufficient number of authorized copies
were required, the intended use is more likely to be found to be fair.
-- End Quote --
Since Microsoft is giving the information away for free on the internet to anyone (including those who due to their age are unable to enter into a binding contract) it's obvious that the presence on Slashdot isn't affecting their ability to make money off the material.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
I know copyright laws go against your Linux/communist agenda, but these laws are what America was built upon. Without them, many great products would never have been created such as the car, light bulb, telephone...and Windows 98. That's right, Windows 98 is a great product. Anyone who says otherwise is a pro-Linux zealot or a fool.
You obviously are unfamiliar with how copyright (or most other law) actually works. Microsoft has informed Andover that MS believes Andover to be infringing its copyright. The response by Andover's lawyers is requesting clarification of MS's claims, while challenging MS's assertions. Just because a lawyer (MS's) says something, doesn't mean it is true. So Andover asks questions about the finer points of copyright law in an attempt to determine if the posts really are copyright material, and whether the posts actually infringe copyright law. Yes and No is a possible combination of answers to those two questions.
Part of what you don't understand is that Intellectual Property has limits, just as real property does. Andover is asserting (in the subtext of its questions) that the posts fall outside those limits, and are not subject to action.
Anthony Argyriou
Capitalist for Linux
ps: I quoted the entire post, because it isn't really a troll
The question is this:
1. Do slashdot's servers currently contain copyrighted material which they do not have appropriate permission to distribute?
That's it. Now, you can argue the *trade secret* part separately, but the fact is, the text of the spec *is* copyrighted, and entitled to protection, just as slashdot's code is copyrighted, and entitled to protection.
How would you feel if Microsoft went and ran a closed, proprietary, message system based on slashcode, and when asked, found some side issue to the question of ownership and licensing and hammered on that instead?
If there are copies of the spec, they should be removed. Instructions on bypassing the "copy protection" are much more difficult to discuss; after all, that's the DMCA, which is new law, and not very well understood.
All that said... I agree, I'd love to see Microsoft explain this one to Judge Jackson.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
"fair use" is a term of art, it doesn't just mean "reasonable".
1. Fair use is what's called an "affirmative defense". You say "yes, your work is under copyright, and I did indeed copy it without your permission, but that's okay because...", and as such, you *NEVER* argue it until you lose every other point, because claiming fair use voids most of the other defenses. You admit that you did it to claim fair use.
2. How is this "fair use"? Fair use allows for, as an example, quotes to support a point. It very rarely allows for a wholesale copying of protected material.
I would not think this would be a good case to take a "fair use" angle. Slashdot's primary defense, IMHO (and I am not any kind of lawyer), should be:
1. The "trade secret" stuff is intrinsically meaningless to many members of the community. Some of them may, indeed, have protected MS's trade secret as well as they protect their own. MS should not publish trade secrets on the internet and expect to be taken seriously.
2. Slashdot did not post the material intentionally; users chose to use slashdot to post it. This is the "sort-of-like-a-common-carrier" defense.
3. Removing the material, at this point, changes nothing. Microsoft botched, Microsoft lost control of a proprietary hack, Microsoft is now trying to regain face by making someone suffer. Let's run this by Judge Jackson.
I dunno. I think slashdot is probably close to technically in the wrong... That said, I guess they could also try:
4. The specification, while it may be copyrighted, is covered by the merger doctrine; the idea itself of the spec extension cannot be protected by copyright. The text could be, but it is hard in this case to distinguish the extension from the text describing it, and thus, protection may not apply to the work.
5. Even if we grant, for the sake of argument, that unauthorized copying has occurred, such copying is clearly in the spirit of the fair use clause, because it is necessary for people to see this material to manage compatability. Microsoft released this material after people complained about interoperability. They should cope.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
This was a specification of a product that was supposedly "infringing". If people posted the source code that Microsoft wrote, that is like posting the secret formula. If people post the Microsoft Kerberos specification, they are passing around the ingredient list. Some people are allergic to nuts and need to check the ingredients; others are allergic to vendor lock-in and incompatibility.
-Nathan Whitehead
For some reason I've managed to get an advance copy of Microsoft's responses to the questions:
To Mark D. Robins,
Thank you for your interest in our proprietary protocols products. The answers to your inquiries are as follows:
1. We claimed protections mostly because we didn't think you'd notice. It pains us to realize that you were one of the few people who actually took the time to read the license agreement before clicking.
2. If you notice, our product is in fact entitled Kerberoos, which is almost completely different from the product you refer to as Kerberos. Our product is in reality a tasty, but proprietary children's cereal. Maybe you've seen our mascot Kangy the Kerberoo?
3. We deny the existence of the internet.
4. Microsoft has taken measures such as writing you this letter and threatening other people. One time on the street a guy from our marketing department made fun of a kid whom he suspected of distributing our Kerberoos brand cereal, the child began crying.
5. We have a "rewards" program that pays any person who turns in a friend for unauthorized use of Kerberoos. So far, we have paid out over $73 in rewards.
6. Most of the detrimental impact is to our already fragile emotions. The justice department has been very mean to us and we're in a pretty rough place right now. You guys showing up and just spilling all our secrets isn't helping.
7. We've found the prospective purchasers of Microsoft products like to know as little as possible before making a purchase. Did you know that we're friends with Jay Leno? Yup, now here's your copy of Office.
8. You guys suck and we hate you. Stop bringing up the damn lawsuit 'cause it sucks to. You guys are just the suckiest sucks ever.
I hope this clarifies the situation and are position. Don't hesitate to contact us by telegram or pigeon if you have any more questions.
Hotnutz.com - Funny
It may very well be considered fair use. I was speaking with one of the attorneys from the copyright office at Stanford today and asked her this specific question, whether the document posted in whole would be considered a violation of copyright. She explained that it would be for a court to decide, but that it could be considered fair use.
US Code: Title 17, Section 107
Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -
(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.
Thus the nature of the question:
8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?
I think that in this particular case that it might fall under the "criticism and commentary" definition of fair use.
Frankly, on that last point, Microsoft doesn't have a good answer. The information that they are claiming is a trade secret is being freely shared; the fact that the clickshit agreement claims to keep it a trade secret isn't legally binding for those in certain jurisdictions or who are under 18, so in fact, they have not made a reasonable effort to protect their trade secret. They will probably be laughed out of court by ajudge for this reason, if (s)he doesn't kick their asses for wasting the court's time.
"What's that? You mean, it's a secret, but you put in a public place where everyone can see it? Oh, they have to agree to keep it secret? What if they aren't legally able to enter into that contract? What about the people who reposted the info on that web site? Are they 18? US citizens? Did you even check? Did you try to check at any time before they downloaded the information from your site? No? Thank you, I'll render my decision on the injunction in 5 seconds... one, two, three, four, five... NO!"
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
OK everyone. Step back and take a breath. It's obvious that in everyone's righteous indignation about Microsoft's proprietary extensions (PAC) to the Kerberos protocol, that very few people here have actually analyzed this with a critical eye.
First, Microsoft did NOT violate the Kerberos standard. Proprietary or not, secret or not, open source or not, they're using (according to one of the designers of Kerberos) the PAC field EXACTLY as it was intended to be used.
We can debate the morality of proprietary extensions until we're blue in the face, but it DOES NOT break interoperability, because the standard explicitly states that any Kerberos app may ignore the PAC field since it is optional.
Microsoft's implementation does intero perate with other implementations. You just can only get the PAC data from a Windows 2000 KDC, which requires you to have a Windows 2000 KDC in addition to your non-Windows TGS and AS if you want Windows 2000 clients to be able to access Windows 2000 resources such as shares in a Kerberos fashion.
As far as these questions go, most of them are not relevant:
1. How can Microsoft claim proprietary protections for enhancement to an open standard protocol?
Microsoft is claiming protection for its own work, not for the Kerberos protocol. The Kerberos standard defines the PAC field but intentionally leaves it's implementation to vendors at this time
2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?
Very easily. Microsoft is not claiming any rights to the Kerberos name, and is fully complying with the specification. They are not requesting the PAC document be removed for any reason related to copyright of the Kerberos name.
3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet
At last, a relevant question.
4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?
There is a long legal history of using licensing and contracts to protect trade secrets, and like it or not, it may be a DMCA violation to try to circumvent this license.
5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?
This is another relevant question, but maybe less so than it initially appears, because there may be a copyright infringement issue here.
6. How could posting of the Microsoft Kerberos specification on Slashdot have any detrimental impact on the market for authorized distribution of Microsoft's version of Kerberos?
Irrelevant- you allowed to be posted (and have so far failed to remove) information that you did not have the legal right to post.
7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?
This is exactly why the specification was published
8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?
It is completely irrelevant to the antitrust case. That notwithstanding, Slashdot users DO have the right to view the specification, and to comment on it, provided that it is obtained lawfully
This is exciting. It's like watching the future of MS Kerberos unfold before our very eyes. Many of the "questions" (apart from the antitrust references, which I think are kind of weak) are excellent, probing challenges to the MS claim of proprietary rights. I can't wait to see how Microsoft responds.
But I have a question for the legally inclined. How binding are all of these thinly-veiled hostilities? For example, what would have happened if Andover hadn't replied to Microsoft's letter? Were they obligated to under law? And similarly, is Microsoft required to respond in kind?
I'm curious because it seems that, if the conspiracy theories about MS Kerberos were true (not that I would know) then wouldn't Microsoft be reluctant to address these thorny points? Can they drop this all and go home now, or are they formally bound to answer?
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
From the firm's website: http://www.hutchinswheelerdittmar.com
Mark D. Robins
Mark is an Associate of Hutchins, Wheeler
& Dittmar and a member of the firm's
Litigation Practice. Mark's practice is
concentrated in the areas of commercial
litigation, intellectual property and insurance.
Mark received his B.A. from Trinity
College and his J.D., cum laude, from
Boston College Law School. He was Law
Clerk to the Honorable Joyce London
Alexander, U.S. District Court, District of
Massachusetts.
Mark has written the following articles:
Computers and the Discovery of
Evidence: A New Dimension to Civil
Procedure, 17 J. Marshall J. Computer &
Info. L. (forthcoming 1999); Electronic
Trespass: An Old Theory in a New
Context, 15 Computer Law. 1 (July 1998);
The Reformation Defense to Motions for
Preliminary Injunctive Relief in
Trademark Litigation, 16 IPL Newsletter
10 (Spring 1998); Intellectual Property:
The Path to Preliminary Injunctive
Relief, 24 Massachusetts Lawyers Weekly
2180 (July 1, 1996); The Resurgence and
Limits of the Demurrer, 27 Suffolk U.L.
Rev. 637 (1993).
Self-inflicted wounds
These are aimed at attacking Microsoft's claim of trade secret status.
For how this works, see the material at TRADE SECRET FAQs (Answers to Frequently Asked Questions)
and
(emphasis added)
These are trying to establish fair use defenses against the copyright claims.
The lawyer is so good he can actually make his points in English!
Good points, but what's the point? Here is Microsoft's key complaint:
Regardless of whether or not Microsoft is allowed to attach the Kerberos name to their protocol, or whether or not it's technically still a Trade Secret, Microsoft still owns EXCLUSIVE copyrights to said work, and if someone is redistributing that work, then there are laws being broken.
In some ways I'm surprised that you actually paid your lawyers for this (or should I say "lawyers"), on the other hand, it is a good deflection tactic (one that the hyper-aggressive Linux/OSS advocates (fanatics) in the IRC channels I frequent use to derail perfectly valid points) so maybe it is worth the money.
1) They never did in the e-mail they sent to you.
2) Not once do they mention "Kerberos" in their request.
3) They don't mention "trade secret" either. The closest they come is proprietary, which can also mean exclusive rights.
4) Again, not relevant to the request.
5) Not relevant to the copyright infringement alleged.
6) Lack of harm does not make copyright infringement legal.
7) Irrelevant to copyright infringement allegation.
8) There's no reason why they shouldn't be able to, but it's up to Microsoft to let that happen. They own the copyright on the work so they can do whatever they want.
On another note, I notice that Microsoft recognizes who owns comments:
In short: You might want to address the claims that Microsoft has laid forth in its letter. The other questions are great, yes, but is not going to get you very far in stating your case as for why unauthorized reprodctions of copyrighted work appear on your site. Even if Microsoft relinquished all rights that they have to the specification, the infringement still occurred in the past and is punishable.
CDLU said, "...but does it really get to the legal issues[?]"
And the answer is yes. Look at the questions again, and do so with a copy of the DMCA in hand. See, there are little loopholes in the DMCA which are being opened by this article. Let me point you to one - not all, but one.
See section 1302 of the DMCA. It's the section which lists what CANNOT be covered by the DMCA. Item 5 is of particular note. Paraphrased, it says that the DMCA can't be used to protect something which is merely an extension of something else which is public property. Such as (I imagine) a proprietary extension of a widely established open source service - say, Kerberos?
Each of the points in the letter have similar critical points. As another poster noted, what this letter is doing is challenging the claim of copyright or trade secret (interesting how Microsoft is claiming both here) which gives them the right to conduct the exercise in the first place.
Ya, Slashdot doesn't really have a traditional legal team. They just post a few relevant articles and use the top 10 moderated comments as legal defence (AKA open source litigation).
- Mark D. Robins
______________________________
Mark D. Robins
Hutchins, Wheeler & Dittmar
A Professional Corporation
Boy, it sure is good to see you guys picked a professional corporation! (You never know when you might get hoodwinked by some "amateurs.")
--
Have fun: Join D.N.A. (National Dyslexics Association)
because what they should have said is
"By reading this letter, you hearby agree to drop any legal action against andover.net and agree not to ever sue anybody again."
heh. clickwrap my ass.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
They have also given themselves a way to ensure interoperability among all versions of kerberos!
From RFC 1510:
In order to ensure the interoperability of realms, it is necessary to define a minimal configuration which must be supported by all implementations. This minimal configuration is subject to change as technology does. For example, if at some later date it is discovered that one of the required encryption or checksum algorithms is not secure, it will be replaced.
Microsoft seems to really have worked itself into a pickle. On one hand, they have woven kerberos so tightly in with Active Directory that it would take a major overhaul to make it compatible with other versions of kerberos, even if they decided that was the smart(customer-saving) thing to do. On the other hand, according to their technet page interoperability is their top IT goal. MIT could press them on this, take away their right to call the software kerberos, or insist that MS publish the extension to qualify for the interoperability rule.
I'm starting to wonder what the people at Microsoft in charge of this stuff are thinking. Clearly they have a weak legal case, at best. They have got to be in damage control mode right now, both on the public image front, and for the folks at MIT and the IETF who are undoubtedly pissed at MS.
In fact, it wouldn't surprise me that this letter was a result of someone on the legal team seeing the post and acting on it without consulting management. I bet Microsoft would love to just drop this and hope everyone forgets about it.
No, Thursday's out. How about never - is never good for you?
Unfortunately, none of those question have anything to do with the matter at hand.
The fact of the matter is that Slashdot's servers contain copyrighted material. The copyright holder asked that it be removed. Your response seems to be, "well, you suck, and should never have copyrighted it in the first place. Nyahh!"
The point is that they did copyright it. Slashdot is in the wrong.
Here's my question: Is this going to be Slashdot's official policy? That you will never remove copyrighted material if the copyright holder asks you to? Or is this a special rule only for Microsoft?
--
Sometimes it's best to just let stupid people be stupid.