District Court Rules Virginia Law Protecting Social Security Numbers Unconstitutional As Applied to Watchdog Website
By Jon Choate — Edited by Daniel Ray

Ostergren v. McDonnell
E.D. Va. No. 3:08cv362
Slip Opinion (hosted by the ACLU)

On August 22, 2008, Judge Robert E. Payne of the U.S. District Court for the Eastern District of Virginia found § 59.1-443.2 of the Virginia Code to violate the First Amendment as applied to Betty J. Ostergren’s website The Virginia Watchdog. The court granted plaintiff Ostergren limited injunctive relief against the State of Virginia as represented by its Attorney General, Robert F. McDonnell.

Ostergren is a privacy advocate who has lobbied the General Assembly of Virginia to stop publicly posting land records containing Social Security Numbers (“SSNs”) online without redacting the SSNs. On her own site, she has posted a number of these land records, including those of former Secretary of State Colin Powell, former House Majority Leader Tom Delay, and members of the Virginia legislature and judiciary. She has also posted examples of publicly available records from other states containing SSNs.

Section 59.1-443.2 of the Virginia Code is a provision of Virginia’s Personal Information Privacy Act (“PIPA”). In part it provides that “a personal shall not . . . [i]ntentionally communicate another individual’s social security number to the general public.” Until July 1, 2008, PIPA excepted “records required by law to be open to the public.”
(more…)

Federal Circuit Affirms Economic Interest of Open Source Copyright Holder
By Yelena Shagall – Edited by Evie Breithaupt

Jacobsen v. Katzer
Federal Circuit, August 13, 2008, No. 2008-1001
Slip Opinion

On August 13, the Federal Circuit ruled that open source license terms can create enforceable copyright conditions.  In Jacobsen v. Katzer, the Federal Circuit addressed the Northern District of California’s rejection of Jacobsen’s motion for preliminary injunction against competitor Matthew Katzer and Kamind Associates, Inc (“Katzer/Kamind”) for infringement of the terms of an open source license (“Artistic License”).  Jacobsen held the copyright to computer programming code, which he made available for free subject to the Artistic License.  According to Jacobsen, Katzer/Kamind incorporated portions of the code into one of their software packages without following the terms of the license. The district court concluded that the Artistic License was an unlimited non-exclusive license.  The district court held the terms of the license created mere covenants, not copyright conditions, and the defendants were thus not liable for copyright infringement.  At most, they had breached a non-exclusive license.  Breach of contract, unlike copyright infringement, creates no presumption of irreparable harm, and the court rejected Jacobsen’s motion for a preliminary injunction. The Federal Circuit reversed and remanded the district court.

The Open Source Initiative provides commentary, stating that “the District Court decision was wrong and wrong in a way that could have been a disaster for open source community.”

(more…)

D. Mass: MIT Students’ Security Presentation Merits Temporary Restraining Order
By Jon Choate – Edited by Dan Ray 

Mass. Bay Transp. Auth. v. Anderson
D. Mass., August 9th, 2008, No. 08-11364-GAO
Temporary Restraining Order (Hosted by EFF)  

On August 9th, Judge Woodlock of the U.S. District Court, District of Massachusetts granted the Massachusetts Bay Transportation Authority (“MBTA”) a temporary restraining order against Zack Anderson, RJ Ryan, and Alessandro Chiesa, undergraduates at the Massachusetts Institute of Technology (“MIT”). The order “enjoined and restrained” the undergraduates from “providing program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security” of the MBTA fare system’s CharlieCard and CharlieTicket.  CharlieCards are reusable stored-value cards, which allow Boston subway riders access at ticket terminals by waiving the card over a designated reader. The system operates wirelessly, and allows riders to add money to their cards both at subway terminals and through online accounts. 

Anderson, Ryan and Chiesa reportedly uncovered several vulnerabilities with the MTBA’s CharlieTicket system while doing research for a Computer and Network Security class. Using this research, the students devised a way in which the CharlieCards can be reprogrammed using $200 worth of equipment; theoretically, this method could increase the stored-value on a card   to more than $600.  The students also discovered that the CharlieCards, which store balance and other information internally, can be read using non-MTBA wireless equipment. Furthermore, according to documents on their research, the three had written software capable of generating and analyzing CharlieCards in order to crack the card’s encryption. 

The MIT students were scheduled to present their research at DEFCON, “one of the oldest running hacker conventions around.” It was this presentation which prompted the August 8th complaint filed by the MBTA against Anderson, Ryan and Chiesa and MIT. The complaint alleges that the students

“(i) claim to have circumvented the security features of the MBTA’s computerized CharlieTicket and CharlieCard fare media systems; (ii) publicly offered ‘free subway rides for life‘ to interested parties over the Internet; and (iii) plan to allow others to duplicate their claimed ‘breaking’ of the Fare Media’s security systems by presenting a paper, releasing software tools, and giving demonstrations at the DEFCON hackers convention this Sunday, August 10, in Las Vegas.”

The complaint further alleges that the students did not provide information regarding how they circumvented the security system to the MBTA and that public dissemination of the information before the MBTA has had an opportunity to correct the flaws will cause “significant damage to the MBTA’s transit system.”  

The MIT Tech covers the story, noting that while  the presentation at DEFCON was cancelled, the presentation slides and confidential vulnerability report the students wrote for the MBTA “are widely available online.” The Tech further reports that the students are being represented by the Electronic Frontier Foundation (EFF) and not by MIT’s lawyers.

(more…)

Second Circuit: Cablevision DVR Does Not Directly Infringe Copyright
By Stephanie Weiner — Edited by Andrew Ungberg

The Cartoon Network LP v. CSC Holdings, Inc.
Second Circuit, August 4, 2008, 07-1480-cv(L) & 07-1511-cv(CON)
Slip Opinion (also hosted at the EFF)

On August 4, the Second Circuit reversed the District Court for the Southern District of New York, ruling that Cablevision’s “Remote Storage” Digital Video Recorder system (RS-DVR) does not infringe the copyrights of the various broadcast and cable channels that produce or provide individual programs.

First presented by Cablevision in March 2006, the RS-DVR allows customers who do not have a stand-alone DVR device to record cable programming on central hard drives housed and maintained by Cablevision at a remote location.

RS-DVR customers may then receive playback of those programs through their home television sets using a remote control and a standard cable box equipped with the appropriate software. This is different from a traditional DVR in that instead of sending signals from the remote to an on-set box, the viewer sends signals from the remote, through the cable, to a server at Cablevision’s central facility.

The plaintiffs, several networks and studios that hold the copyrights to numerous movies and television programs, sought declaratory and injunctive relief. They claimed that Cablevision’s operation of the RS-DVR would directly infringe their exclusive rights to both reproduce and publicly perform their copyrighted works. The District Court for the Southern District of New York awarded the plaintiffs summary judgment, and enjoined Cablevision from operating the RS-DVR without licenses from its content providers. On appeal, the Second Circuit reversed and remanded.

ipFrontline carries a thorough summary of the case, including a technical breakdown of Cablevision’s RS-DVR system.

Law.com also provides coverage.

Eric Goldman suggests that the opinion leaves open more questions than it resolves.
(more…)

Sixth Circuit Affirms Conviction of Counterfeit DVD Importer 
By Dmitriy Tishyevich – Edited by Nicola Carah 

United States v. Teh
Sixth Circuit, July 31, 2008, No. 06-2371 
Slip Opinion 

On July 31, the 6th Circuit affirmed the conviction of Thiah Teh, who was indicted after airport officials searched his luggage and found what appeared to be 756 counterfeited DVDs and 284 counterfeited DVD sleeve packages.  Teh was found guilty and sentenced to one year of probation under 18 U.S.C. § 545, which imposes fines and up to twenty years imprisonment for “knowingly import[ing] . . . merchandise contrary to law.”  Although the government did not indicate at trial what statutory provision provided the basis for the “contrary to law” element of the § 545 violation, it asserted on appeal that Teh’s actions violated 18 U.S.C. § 2318, which provides felony  penalties for up to 5 years for importing counterfeit labels, documentation, or packaging. 

Teh argued on appeal, inter alia, that a copyright violation could not serve as the basis for a § 545 offense under Dowling v. United States, 473 U.S. 207 (1985), which held that distribution of bootleg sound recordings could not be prosecuted under the National Stolen Property Act (“NSPA”).  The Supreme Court reasoned that, by enacting the Copyright Act, Congress intended to address copyright violations with more precision than the NSPA would allow.  In addition, the Court also expressed concern that civil copyright violations might otherwise come within the ambit of the criminal trafficking statute, which carries significantly more serious penalties. 

(more…)