There are really three largely separate issues here:
Quality control... when you buy a drug from a pharmacy, is it the right drug, in the right quantity, how old is it, and was it manufactured and stored correctly? This is the least controversial area. It's the area that Clinton was playing up.
It's also the area in which the case for government regulation is the weakest. A private organization like Underwriter's Laboratories could easily certify pharmacies. People would be unlikely to use uncertified pharmacies, and those who did would be taking the risk knowingly.
... and before you whine about the poor, bear in mind that if they couldn't afford to buy the drug in a certified pharmacy, they also wouldn't be able to buy it in a regulated one. In your system, they do without unless they have a public subsidy (which subsidy is a separate issue). In my system, they at least have a chance and a choice.
Saving people from their own stupidity. Most drugs only work in certain relatively complex circumstances, and there are often other circumstances that make a particular drug a bad idea. Physicians and pharmacists go through a lot of training to learn about those situations... and physicians have the tools to make accurate diagnoses much of the time, whereas the rest of us are more frequently just guessing.
This means that it's usually stupid to take a drug without first getting expert advice. There are exceptions, but you need to know what you're doing when you take something. Actually, by the way, it's also stupid to take something, even if you have expert advice, unless you've researched it yourself, or, if you're not qualified to research it, gotten the best second opinion you can.
However, there's a philosophical issue here. Should the government stop people from doing stupid things? Especially, should the government stop people from doing things that may not be stupid in a particular case, even though they might be stupid in general?
I say no. That means that as far as I'm concerned, you ought to be able to choose to buy, say, Viagra, if you feel like it. If doesn't work because you bought it in the wrong situation, that's your tough luck. If it gives you a stroke and kills you, good... the gene pool has been improved. Nonetheless, it's your choice and your right to make that choice.
Of course, that also means that if it gives you a stroke and it doesn't kill you, I'm not going to feel particularly obligated to pay for your nursing home care. I may just let you die in the street. That's the price of stupidity.
The public health issue. Some drugs, notably antibiotics, can affect the health of third parties if they're misused. If you create a resistant strain of the Creeping Crud because you misused antibiotics, and I catch it and die, that's a problem for me. There may be some appropriate role for the government here. It's a shame that this issue is the one least addressed.
Talking about "informed decisions" is meaningless in a system in which the patient can't make a decision. I cannot buy certain drugs without a prescription, no matter how informed I am. It's just an outright lie to call that giving me an informed decision.
As far as stocking up on EBay goes, the reason that's dangerous is that it's illegal. It's pretty hard to set up a reliable certifying organization for an illegal activity, and furthermore decent operators are likely to be put off by the illegality, leaving the field for fast-buck operators. This is an almost inevitable consequence of outlawing something, and is one of the reasons why outlawing things that people are going to do anyway, and that hurt nobody but themselves, is stupid.
You should already have counsel"... Huh? Why? What the hell for?
What are you thinking of here, something like "Uh, Mr Lawyer, can you please pre-inform me of the proper response for every possible threatening phone call?"
Obviously you have no idea what you're talking about.
Anybody who has any serious chance of needing a lawyer should have one. You don't ask them all your questions in advance. You call them up when you need them. The point is that you know who to call... you don't have to spend time finding a decent lawyer when you need an answer immediately. Your lawyer will already know your business, so you don't have to spend a lot of time explaining the situation to her. You will already have a relationship of trust, so you don't have to spend a lot of time building one.
... and, for likely cases like this, yes, you can even get your lawyer to explain enough of the law to you, in advance, that you at least feel comfortable telling, say, the FBI to wait while you call that lawyer.
Oh yes, the movie was SOOOOOOO provocative. C'mon, it was a poorly-done spoof.
We're talking about the feds, not a bunch of film critics. From their point of view, it's provocative. It doesn't matter how well done it is. They have no sense of humor and no sense of aesthetics. If you don't know that much about feds, you're really not in a position to have an opinion here.
"...whom I wouldn't have trusted to run a small office network". What they hell releveance does that have to do with anything?
Um, incompetence isn't relevant to complaining about incompetence? Exactly what is relevant?
I expect basic competence in every area... technical, business, and legal.
ISPs that cannot support their customers will go out of business rather quickly.
... and BECamation, which obviously can't support its customers because of its total lack of a clue, should be one of them.
Sounds more like you are a hidden-agenda person for a megalithic communications company of some type.
Actually, I'm with an equipment vendor, which means I get to see the inside workings of a lot of big and small ISPs. I've also run business, home, and hobby networks, which means I've had to rely on ISPs as a customer.
Most of the small ones, and many of the big ones, are incompetent. Most of the big ones, and many of the small ones, are disorganized and unwilling to help their customers to the degree they deserve. Damned few of either kind provide an acceptable level of service. Hosting providers are often, but certainly not always, worse than bandwidth providers. Consultants vary widely but are frequently completely worthless Web designers are the absolute bottom of the barrel.
... and BECamation has demonstrated that it's not trustworthy if you want your content to stay online.
It's not one customer, you fucking moron. It's one contract. This dickweed made a deal to host some content. He went back on the deal as soon as it was inconvenient for him, and he didn't even bother to find out first exactly how inconvenient it would be, or what his options were.
That's not "your freedom of speech ends on my server". It's "I'll sell you something but I want to keep total control over it". Even if the written agreement allowed him to drop the content, we all know damned well that he was representing that he'd try to give good service, not drop stuff for no reason at the first sign of trouble.
If he'd refused to host the stuff in the first place, that would have been a perfectly reasonable exercise of his freedom to control his server. Once he takes the stuff on, he's morally (and often legally) bound to make an effort to retain it.
Contract is the issue here. Freedom of speech is only peripherally related.
Sorry. He shouldn't be calling lawyers in the phone book. He should already have counsel. He shouldn't be guessing what to do in a case like this. He should already know. If he doesn't, he's not competent to be in the hosting business.
Calls from the FBI are not routine, but they aren't rare, either, nor are similar calls from others. If you're running a hosting service with more than a very few pages, you're eventually certain to get some cease-and-desists, and you may very well get some law enforcement activity... like this case. Even if you're very small, it's not unlikely, and it's not something you should be unprepared for.
These things are even less rare if you're hosting something obviously provocative, like that movie. This is a situation for which anybody with any brains at all should have been ready.
The reason this bugs me is that I'm getting really tired of the general level of incompetence that's tolerated on the Web, and the Internet in general, these days. I've dealt professionally with people who were holding themselves out as ISPs, whom I wouldn't have trusted to run a small office network. This is just one more kind of idiocy.
The comment about money was an answer to something in the main body of the article. I am not equating sending money with telling the FBI to fuck off.
I am not a revolutionary, and have never claimed to be one. Were I a revolutionary, I would be taking action, not whining on Web sites or worrying about lawyers.
The point is that this guy's business was not on the line, and he didn't have the brains to know that. Furthermore, he was in a completely foreseeable situation, and he had made no preparations for it... he hadn't even thought about what he'd do. That makes him incompetent and an unsuitable choice for any customer who needs reliable service.
OFF the point, I have had my job (not a business, but still my livelihood) potentially on the line over something like this. I wouldn't have been on the street if I'd lost the job, but I would have been out literally hundreds of thousands of dollars in stock.
I have also run a site that posted very controversial material submitted by others. I think I have some idea of the risks.
I have also received an (unjustified) cease-and-desist letter, from a company with many times my financial resources, alleging trademark infringement in a domain name owned by me personally. I replied to it with legal action, not by folding.
I don't think I've ever told the FBI to go away, but I assure you I at least know when they are and aren't in a legal position to order me around... and if I'm not, I'll call my lawyer first. That's not only the right thing to do, it's also the safe thing to do.
None of which has anything to do with the fact that this guy clearly wasn't properly prepared to be in the hosting business. He didn't even have a policy for this sort of case.
If reasonable evidence is presented that there's a pattern of this sort of activity by the FBI, I will pledge $250 toward the costs of any credible legal effort to end the practice.
There are places where people can make pledges to support the costs of open source development. Perhaps there needs to be something similar for public-interest litigation. Not something as amorphous as donating to the ACLU, but a way to target your donation to a specific action. Anybody know of anything?
As far as I'm concerned, Becamation got no more than they deserved. I don't care if it's a one-man operation or not. If a business doesn't have the resources to deal with foreseeable situations appropriately, then it shouldn't be in operation.
This idiot could have called a lawyer before pulling the site down... or he could have schooled himself enough in the basics of the law as it applied to his business to know, even without consulting a lawyer, that the FBI had no power to shut him down. Instead, he chose to hide behind this "little outfit without a clue" pose. Incompetence is no more excusable than cowardice.
... and, yes, I have frequently sent money to people who had this kind of trouble. Not that it would have been necessary in this case, since the FBI didn't have a leg to stand on, and surely knew it.
It's a bit late for me to be answering this, but...
Hmm. You're right. I'd forgotten how it worked. The law is even more evil than I remembered.
It could be worse, though. If the user who owns the site claims that the material doesn't infringe copyright, then the person who complained has 10 days to get a court order, or it goes back up. In the old scheme, ISPs were routinely taking things down, permanently.
Also, if the complaining person can be proved to have deliberately lied, it costs them big bucks in damages... they have to pay every cent lost by the site owner, the ISP, and anybody else, including legal fees.
Frankly, I don't think that the common carrier view of ISPs would have held up, anyway. I'd rather have seen a law that actually declared them to be common carriers, but since corporations really do own the US government, that obviously wasn't going to happen.
I don't dispute the fact that the DMCA is a disgusting piece of legislation whose primary purpose is to give away important public rights, for no better reason than that Disney, the SPA, and friends screamed "jobs" and waved around a bunch of campaign contributions. I don't dispute that the law is plain evil. However, I don't see how the evil parts apply here.
The only DMCA provisions I can think of that might apply are the procedures for complaining about copyrighted (not trademarked) material on Web pages. Those particular provisions weren't very controversial. They actually make it easier for ISPs to keep certain material on line.
Before the DMCA, US law could have been interpreted to make the ISP responsible for any copyright violation. That meant that the ISP had to actually judge whether something violated copyright. If it guessed wrong (or differently from a judge), the ISP could lose a lot of money. That meant that it was very easy for people to engage in exactly the kind of intimidation you're complaining about.
Unless I completely misread the law back when the law was passed, or unless my memory has failed, the DMCA actually makes this area of the law better. Under the DMCA, the ISP is safe if it follows certain procedures, and the procedures really aren't that complicated. The ISPs still don't seem to have the motivation to actually do that, but they were even less motivated to stick up for their users before the DMCA.
Can you explain how the DMCA is evil in this particular situation? I agree that most of the DMCA is bad law, but this part seems like an improvement to me.
Serious anonymity servers, such as ZKS and, I believe, the Anonymizer as well, do NOT keep logs, and do NOT keep subscriber information. They're well aware that they could be subpoenaed. ZKS's system goes further than that; they chain the connection through several servers, each of which knows only the hop before itself and the hop after itself. This is all pretty standard mix technology...
There is not now, nor has there ever been, a 40-bit "export" version of PGP. Other programs, yes. PGP, no.
I'm not sure what you mean by "the keys can be reconstructed on a LAN, with only the time of message known". Frankly, I suspect that you just don't know what you're talking about... but maybe you'd like to explain how to go about it? If you think that the random number generator is seeded with the time of day, think again... it's seeded with keystroke cadence information.
Of course if you send your pass phrase or the cleartext of your key over any network, LAN or otherwise, you lose. The solution is not to do that, as has been clearly explained in the PGP documentation since version 2.
Newer commercial versions of PGP do have a rather nasty data recovery system, but it's optional; you turn it on at key generation. It's also intended for corporations to use to recover messages encrypted by their own employees, and there's no infrastructure for giving it to the government. Anyway, if you buy your own copy of PGP, you just don't turn on the recovery feature.
PGP has problems. It's big and complex, so it might have unknown bugs. It has a corporate key recovery system. It's not clear that the "web of trust" PKI will scale even as well as the (also problematic) hierarchical model. Weakness of the cryptography is not, however, one of PGP's problems.
Slashdot Mirror
It's also the area in which the case for government regulation is the weakest. A private organization like Underwriter's Laboratories could easily certify pharmacies. People would be unlikely to use uncertified pharmacies, and those who did would be taking the risk knowingly.
This means that it's usually stupid to take a drug without first getting expert advice. There are exceptions, but you need to know what you're doing when you take something. Actually, by the way, it's also stupid to take something, even if you have expert advice, unless you've researched it yourself, or, if you're not qualified to research it, gotten the best second opinion you can.
However, there's a philosophical issue here. Should the government stop people from doing stupid things? Especially, should the government stop people from doing things that may not be stupid in a particular case, even though they might be stupid in general?
I say no. That means that as far as I'm concerned, you ought to be able to choose to buy, say, Viagra, if you feel like it. If doesn't work because you bought it in the wrong situation, that's your tough luck. If it gives you a stroke and kills you, good... the gene pool has been improved. Nonetheless, it's your choice and your right to make that choice.
Of course, that also means that if it gives you a stroke and it doesn't kill you, I'm not going to feel particularly obligated to pay for your nursing home care. I may just let you die in the street. That's the price of stupidity.
Talking about "informed decisions" is meaningless in a system in which the patient can't make a decision. I cannot buy certain drugs without a prescription, no matter how informed I am. It's just an outright lie to call that giving me an informed decision.
As far as stocking up on EBay goes, the reason that's dangerous is that it's illegal. It's pretty hard to set up a reliable certifying organization for an illegal activity, and furthermore decent operators are likely to be put off by the illegality, leaving the field for fast-buck operators. This is an almost inevitable consequence of outlawing something, and is one of the reasons why outlawing things that people are going to do anyway, and that hurt nobody but themselves, is stupid.
Obviously you have no idea what you're talking about.
Anybody who has any serious chance of needing a lawyer should have one. You don't ask them all your questions in advance. You call them up when you need them. The point is that you know who to call... you don't have to spend time finding a decent lawyer when you need an answer immediately. Your lawyer will already know your business, so you don't have to spend a lot of time explaining the situation to her. You will already have a relationship of trust, so you don't have to spend a lot of time building one.
... and, for likely cases like this, yes, you can even get your lawyer to explain enough of the law to you, in advance, that you at least feel comfortable telling, say, the FBI to wait while you call that lawyer.
We're talking about the feds, not a bunch of film critics. From their point of view, it's provocative. It doesn't matter how well done it is. They have no sense of humor and no sense of aesthetics. If you don't know that much about feds, you're really not in a position to have an opinion here. Um, incompetence isn't relevant to complaining about incompetence? Exactly what is relevant?I expect basic competence in every area... technical, business, and legal.
Most of the small ones, and many of the big ones, are incompetent. Most of the big ones, and many of the small ones, are disorganized and unwilling to help their customers to the degree they deserve. Damned few of either kind provide an acceptable level of service. Hosting providers are often, but certainly not always, worse than bandwidth providers. Consultants vary widely but are frequently completely worthless Web designers are the absolute bottom of the barrel.
It's not one customer, you fucking moron. It's one contract. This dickweed made a deal to host some content. He went back on the deal as soon as it was inconvenient for him, and he didn't even bother to find out first exactly how inconvenient it would be, or what his options were.
That's not "your freedom of speech ends on my server". It's "I'll sell you something but I want to keep total control over it". Even if the written agreement allowed him to drop the content, we all know damned well that he was representing that he'd try to give good service, not drop stuff for no reason at the first sign of trouble.
If he'd refused to host the stuff in the first place, that would have been a perfectly reasonable exercise of his freedom to control his server. Once he takes the stuff on, he's morally (and often legally) bound to make an effort to retain it.
Contract is the issue here. Freedom of speech is only peripherally related.
Calls from the FBI are not routine, but they aren't rare, either, nor are similar calls from others. If you're running a hosting service with more than a very few pages, you're eventually certain to get some cease-and-desists, and you may very well get some law enforcement activity... like this case. Even if you're very small, it's not unlikely, and it's not something you should be unprepared for.
These things are even less rare if you're hosting something obviously provocative, like that movie. This is a situation for which anybody with any brains at all should have been ready.
The reason this bugs me is that I'm getting really tired of the general level of incompetence that's tolerated on the Web, and the Internet in general, these days. I've dealt professionally with people who were holding themselves out as ISPs, whom I wouldn't have trusted to run a small office network. This is just one more kind of idiocy.
I am not a revolutionary, and have never claimed to be one. Were I a revolutionary, I would be taking action, not whining on Web sites or worrying about lawyers.
The point is that this guy's business was not on the line, and he didn't have the brains to know that. Furthermore, he was in a completely foreseeable situation, and he had made no preparations for it... he hadn't even thought about what he'd do. That makes him incompetent and an unsuitable choice for any customer who needs reliable service.
OFF the point, I have had my job (not a business, but still my livelihood) potentially on the line over something like this. I wouldn't have been on the street if I'd lost the job, but I would have been out literally hundreds of thousands of dollars in stock.
I have also run a site that posted very controversial material submitted by others. I think I have some idea of the risks.
I have also received an (unjustified) cease-and-desist letter, from a company with many times my financial resources, alleging trademark infringement in a domain name owned by me personally. I replied to it with legal action, not by folding.
I don't think I've ever told the FBI to go away, but I assure you I at least know when they are and aren't in a legal position to order me around... and if I'm not, I'll call my lawyer first. That's not only the right thing to do, it's also the safe thing to do.
None of which has anything to do with the fact that this guy clearly wasn't properly prepared to be in the hosting business. He didn't even have a policy for this sort of case.
There are places where people can make pledges to support the costs of open source development. Perhaps there needs to be something similar for public-interest litigation. Not something as amorphous as donating to the ACLU, but a way to target your donation to a specific action. Anybody know of anything?
This idiot could have called a lawyer before pulling the site down... or he could have schooled himself enough in the basics of the law as it applied to his business to know, even without consulting a lawyer, that the FBI had no power to shut him down. Instead, he chose to hide behind this "little outfit without a clue" pose. Incompetence is no more excusable than cowardice.
Hmm. You're right. I'd forgotten how it worked. The law is even more evil than I remembered.
It could be worse, though. If the user who owns the site claims that the material doesn't infringe copyright, then the person who complained has 10 days to get a court order, or it goes back up. In the old scheme, ISPs were routinely taking things down, permanently.
Also, if the complaining person can be proved to have deliberately lied, it costs them big bucks in damages... they have to pay every cent lost by the site owner, the ISP, and anybody else, including legal fees.
Frankly, I don't think that the common carrier view of ISPs would have held up, anyway. I'd rather have seen a law that actually declared them to be common carriers, but since corporations really do own the US government, that obviously wasn't going to happen.
The only DMCA provisions I can think of that might apply are the procedures for complaining about copyrighted (not trademarked) material on Web pages. Those particular provisions weren't very controversial. They actually make it easier for ISPs to keep certain material on line.
Before the DMCA, US law could have been interpreted to make the ISP responsible for any copyright violation. That meant that the ISP had to actually judge whether something violated copyright. If it guessed wrong (or differently from a judge), the ISP could lose a lot of money. That meant that it was very easy for people to engage in exactly the kind of intimidation you're complaining about.
Unless I completely misread the law back when the law was passed, or unless my memory has failed, the DMCA actually makes this area of the law better. Under the DMCA, the ISP is safe if it follows certain procedures, and the procedures really aren't that complicated. The ISPs still don't seem to have the motivation to actually do that, but they were even less motivated to stick up for their users before the DMCA.
Can you explain how the DMCA is evil in this particular situation? I agree that most of the DMCA is bad law, but this part seems like an improvement to me.
Serious anonymity servers, such as ZKS and, I believe, the Anonymizer as well, do NOT keep logs, and do NOT keep subscriber information. They're well aware that they could be subpoenaed. ZKS's system goes further than that; they chain the connection through several servers, each of which knows only the hop before itself and the hop after itself. This is all pretty standard mix technology...
There is not now, nor has there ever been, a 40-bit "export" version of PGP. Other programs, yes. PGP, no.
I'm not sure what you mean by "the keys can be reconstructed on a LAN, with only the time of message known". Frankly, I suspect that you just don't know what you're talking about... but maybe you'd like to explain how to go about it? If you think that the random number generator is seeded with the time of day, think again... it's seeded with keystroke cadence information.
Of course if you send your pass phrase or the cleartext of your key over any network, LAN or otherwise, you lose. The solution is not to do that, as has been clearly explained in the PGP documentation since version 2.
Newer commercial versions of PGP do have a rather nasty data recovery system, but it's optional; you turn it on at key generation. It's also intended for corporations to use to recover messages encrypted by their own employees, and there's no infrastructure for giving it to the government. Anyway, if you buy your own copy of PGP, you just don't turn on the recovery feature.
PGP has problems. It's big and complex, so it might have unknown bugs. It has a corporate key recovery system. It's not clear that the "web of trust" PKI will scale even as well as the (also problematic) hierarchical model. Weakness of the cryptography is not, however, one of PGP's problems.
Sheesh.