Slashdot Mirror
Ask Jennifer Granick About Computer Crime Defense
Attorney Jennifer Granick has defended many high profile hackers, including researcher Christopher Soghoian, creator of a fake boarding pass generator (2006); Michael Lynn versus Cisco/ISS (2005); Jerome Heckenkamp; and Luke Smith and Nelson Pavlosky in Online Policy Group v. Diebold Election Systems (now Premier Election Solutions), a copyright misuse case related to electronic voting. Granick also won an exemption from the U.S. Copyright Office in 2006 allowing phone unlocking despite the anti-circumvention provisions of the Digital Millennium Copyright Act, which set the stage for renewal of the exemption and for the jailbreaking exemption in 2009. At Stanford, Granick worked with Lawrence Lessig on constitutional copyright cases and taught six years worth of law students about computers, technology and civil liberties. While Civil Liberties Director at the EFF, Granick started the Coders' Rights Project and participated in litigation against ATT and the federal government for violation of surveillance regulations. Now an attorney at ZwillGen PLLC, Granick assists individuals and companies creating new products and services. And now, she's graciously agreed to answer your questions. Please, as usual, ask as many questions as you'd like, but confine each question to a separate post.
Should the exemption granted for jailbreaking cell phones apply to game consoles like the Xbox 360 and PS3 as well?
SJW: Someone who has run out of real oppression, and has to fake it.
Couldn't your clients break in to the court computers after the trial and change the verdict to "not guilty"?
How much does it cost to defend against these sorts of lawsuits?
That's a good question. I believe that once you've bought the hardware, it should be yours and you can do what you want with it. You may void warranties, but there should not benaything stopping people from sharing information about jailbreaking a system, nor should it be illegal to do so. It should remain illegal to copy and sell games, but I'm a developer, who would like to play with some nice hardware.
10 years ago, what would've you said would be the most pressing issue regarding personal electronics/personal data use?
So I used to play an online game with some friends called Star Wars Galaxies (SWG). Which is now seemingly forever dead. And so the fans decided to work on building their own servers with the given clients. You seem to know a lot about reverse engineering so my question -- when applied more broadly -- is simply this: how come I shelled out $50 for a piece of software back in the day, now that software can no longer be used and that's completely legal? I realize I probably agreed to a ToS that forfeited my right to life, liberty and the pursuit of happiness but I thought consumer protection groups were supposed to prevent this exact sort of thing from happening. Last part of this question is simply do you ever foresee SWG becoming public domain? Of course, it's mired in Lucas' copyrights as well as Sony's but at some point in the distant future, all that copyrighted stuff (including server code and artwork) is supposed to be public domain, right? What then? Is that even going to happen? Is Sony legally required to hang on to that server source code so that I can finally once again play SWG while watching Matlock in the nursing home? Why are consumer rights non-existent when it comes to software? Will the Library of Congress open up all that source? Source control history included? I know I'll probably be dead but I'm curious.
My work here is dung.
Where do you see this all leading to? Will there be rulings in the near future that will blow more holes in the DMCA, and if so will that potentially lead to a more or less strict revision by the government?
After seeing the heartless machinations of our political and legal system up close, are you still hopeful that an individual can get a fair shake in our system? How rampant is prosecutorial abuse, such as that suffered by Kevin Mitnick (e.g. the NORAD whistle)? Is the complete lack of accountability for incompetent, corrupt, and malicious prosecutors and judges as serious of a problem as it appears from the outside?
What is your advice to someone who has absolutely no faith whatsoever in the legal system?
Give me Classic Slashdot or give me death!
Do you feel as though law is finally catching up with technology when it comes to computer security or are we pretty far off still? Do you think that current law does a bad job of protecting security researchers and if so why? Which laws make their life living hell and what is the best way to avoid confrontation with the feds?
Given the vast disconnect between society's common opinion on data piracy and the large fines and penalties being pursued in the legal system by copyright holders, do you think the 'unlocking' argument could lead towards more leniency in civil cases involving copyright violations, or will that be confined to purely criminal violations?
Is is possible to get a fair Jury trial for these highly technical cases? It seems like the prosecution would generally aim to eject any jurors remotely technical, and the general public is highly susceptible to sensationalization because of how technology and hacking is portrayed in the media.
Bringing suit or taking creative non-traditional enforcement actions against hackers, cheats, in-game spammers, RMT sellers, and others who disrupt the game experience;
I like the creative non-traditional enforcement route but I have to question why would you bring suit against this group of users? You might not agree but the way I see it is that I paid for my phone, I'll now do what I want with it. What do you care if I'm running different software on it? Similarly, I paid for this game and what do you care that I'm selling items for real money on the side? Or writing a bot to farm gold? It seems like users that derive an alternative means to enjoy something they buy outside of the intended usage get targeted and locked out when it happens. They're both cat and mouse games between user and corporation, why is one a legal right to do whatever you want with something you paid for and the other is prosecuted by your firm?
My work here is dung.
Advising clients on EULAs, Terms of Use, and related contract issues;
What do you tell your clients (who apparently include Blizzard Entertainment, Square Enix, Disney and Zynga) when that "thing" I agree to before playing their game is unreadable and painfully lengthy? Are you providing them more legalese or are you saying, "Look, no gamer is going to 1) sit down and read all of this and 2) have the background to comprehend some of these terms." Because right now, in the software world, those EULAs are a complete joke. Is your firm making any positive headway on shoring up that gap between the understandings of both company lawyer and end user? If so, how?
My work here is dung.
I'm a third year evening student at Georgetown Law School. Do you need a summer intern for 2012?
Genius is one percent inspiration and 99 percent perspiration, which is why engineers sometimes smell really bad.
Company vs. enthusiast (hacker) arguments often seem to go back to the Terms of Service that are associated with the company’s product (Sony vs. geohot). Are these Terms of Service legal contracts between the company and the user? The ones that I have read never state that you must be a legal adult to agree to the Terms of Service. I remember clicking “I Agree” on hundreds of installations before I was over the age of 18. My guess is that these contracts would not be legally binding since I was not a legal adult. It seems like I would get around the Terms of Service by having my 2 year old daughter click the “I Agree” button, or maybe I would just be illegally using their product.
Hi Jennifer. To what extent can lack of a login "banner" (disclaimer defining usage guidelines, monitoring and prohibiting unauthorized access, etc) can be used as defense by someone who has unlawfully gained access to that system? I have heard of past cases where system "welcome" statements have been interpreted as an invitation to use a system, but does this apply inversely to lack of system "unwelcome" statement? Thanks.
Bow before me, for I am root.
Hi Jennifer, what are your thoughts on the recent Sony PSN Terms of Service revision including a class-action lawsuit waiver? Is this legal? Sure the consumer can decide not to buy their product, but what about those who already paid for their PlayStations? Furthermore - what if every other company follows suit and consumers are no longer able to seek retribution for identity theft, data loss or even physical harm caused by any product (sure they can individually sue, but who has the money to hire a lawyer to take on Sony's legal team)? This sounds like a very bad practice to go undisputed. Thanks.
Bow before me, for I am root.
What are the more interesting ways you have seen prosecutors prove that the person sitting at the defendant's chair was the person committing the cybercrime at the keyboard.
My question for Jennifer:
I've observed in work and professional life (my job is 50% nerd whisperer, 50% energy policy and political matters) that while laws that protect "the little guy" are practically worthless unless one is willing to shell out several hundred dollars for a lawyer--and perhaps even $10K+ for a litigator.
It's also scary and disheartening to hear an experienced and successful friend say that he selected a US Government-owned patent for technology his startup is implementing--if only because he hopes the Feds will come to his defense if he's sued for patent infringement.
Could you please suggest some political and/or legislative outcomes that we need to pursue to try to make access to law more egalitarian from technology and innovation standpoints?
(My apologies... posted anonymously.)
Just about every PC game out now or in development is using SteamWorks [wikipedia.org]. Square Enix's products are some of those that do.
SteamWorks makes a game DVD into a Steam game so it's no different than buying it online with no DVD. Because of this, the buyer isn't allowed to trade, lend or resell the DVD under the TOS [steampowered.com]. If they are found doing this the account and the DVD key may be terminated. Unlike MMOs this is being applied to single-player games that don't use the internet at all. This may be unprecedented.
Several questions arise from this. We're only supposed to ask one so I guess just pick the one you like best!
1) Is there any legal precedent for or against this practice? ie Does the Right of First Sale apply? (As this is a physical medium rather than digital-only, as it has been confirmed to apply to digital data on a disc (UMG v. Augusto) regardless of the copyright holder trying to restrict the sale.) If not, even though it's a maxim that "software is licensed not sold" what is the relevant actual law that says this?
2) If the EULA that enforces this is in fact legally binding (which has not been established with any regularity as there have been decisions for and against) does this mean that these discs should not legally be allowed to be sold to minor persons who can't sign contracts? (This is to be contrasted with online purchases where the buyer is presenting evidence of being age of majority by their method of payment. Someone else also asked this before I was done typing mine.)
-- Insert witty one-liner here. --
Many people use an IM add-on called Off-the-Record. On top of encryption, it also provides deniability by not proving any digital signatures for the other party to present to a court, and the procol ensures everyone can make false messages in the past. How strong do you this technical protection would be from a legal perspective if one of the two parties has a logfile with all messages?
Do you agree that, for many people who are wrongly accused, it is cheaper to settle or plea than to fight and win?
And if you do, how will you suggest to fix the system?
The other day there was a story about the fines associated with file sharing. Like many here on slashdot I feel that a $675,000 fine is way over the top.
So here is my question.
Is there any legal definition to the limits that the eighth amendment would seem to imply as it applies to an individual?
"For I desired mercy, and not sacrifice" -- God
My question: Now that "3d hacking" becomes mainstream, what (L)awful restrictions should we expect?
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!