Blog post by Mishi Choudhary. Please email any comments on this entry to <Mishi@softwarefreedom.org>.

According to the Government of India, private service providers like AirTel and Vodafone are failing in their legal obligations under the Information Technology Act, hastily amended in the days immediately following the Mumbai 7/11 attacks, by not providing access to the content of emails and texts sent to or from BlackBerry users. As a lawyer, I have some doubt about this legal position, no doubt under discussion between GoI and the service providers. But there is no doubt that the Government has failed to make clear the context of this dispute, or the real consequences of the demands it is making.

BlackBerry devices use the wireless networks of the local service providers to deliver email and texts through servers operated by Research in Motion located outside India. If you or I as individuals buy a BlackBerry through one of the offering service providers, our email and text traffic will not be encrypted, and GoI will have whatever access to our communications the law requires. If, however, your BlackBerry was given to you as an employee of an MNC or a large local enterprise, for work use, those emails and texts will be encrypted so that only the sender and receiver, but not Research in Motion (RIM) and not the local Indian wireless service provider, will be able to read them. Since these parties do not have access to the content of encrypted messages, and therefore cannot provide what Government says the Act requires, the Government now threatens to force a halt to their services as of August 31.

Unless a ring of terrorists is embedded entirely within some MNC, and is using its email and messaging system to plan terrorist attacks or other crimes using corporate BlackBerries, such a service cut would not be likely to prevent the planning or execution of any attacks. What it would do, however, is effectively cut off India from the global financial system. The ability of banks, insurance companies, law firms, consultancies and other professional service enterprises to operate around the globe depends entirely on the flow of confidential intra-firm communications. People cannot do business anywhere unless they can be sure that their firm's business communications are not being overheard by competitors or other parties using breaches in communications networks. So every such enterprise relies upon mechanisms that ensure complete confidentiality on which the movement of trillions of crores every day in the world economy depend. BlackBerry provides one portion of that network to a large subset of that market. Any country which shuts off encrypted BlackBerry communications has shut down its place in the global economy.

Government knows, what the extent of its threat implies if our connection with the global economy is temporarily lost. But if the Government were clear with the public now about the small security benefit to gain and the magnitude of the harm it will cause if its threat is carried out, its dis-proportionality would raise questions in the mind of the public. Apparently GoI believes that such a threat can, from its very desperate dramatic quality, induce a useful result. Unfortunately, this too is wrong. Because nobody but the enterprises themselves have an access to the decrypted information, Government must get inside the BlackBerry itself if it is to read the messages.

GoI is making threats that could only be fulfilled at cataclysmic cost to the economy. It will in effect result in causing immense harm to India's telecommunications sector and our reputation in the global financial services economy, where so many of our jobs are being created. In the end, it would inflict immense damage, much greater than any terrorist could ever cause scarcely achieving any additional security.

Blog post by Michael A. Spiegel. Please email any comments on this entry to <mspiegel@softwarefreedom.org>.

In the haze of confusion surrounding the Supreme Court’s recent decision in Bilski v. Kappos, the appeals board of the United States Patent and Trademark Office issued a ruling last week that takes a definitive stand against the worst kinds of patents that threaten software developers every day.

Despite the Court's failure to provide much guidance or adopt a bright-line test for patentable subject matter in Bilski, the appeals board ruling in Ex parte Proudler is a sign of the growing skepticism towards software patents that continually test the boundary between acceptable technological innovation and impermissible abstraction. In Proudler, the Board rejected a number of claims to a software invention, citing Bilski in its reasoning.

This rejection is particularly noteworthy as it dispenses with a number of fig leaves that patent attorneys have been using for years to make software inventions seem less like abstract ideas, and therefore patentable. While the USPTO has always held that software is unpatentable, patent attorneys were usually able to get software patents granted by adding such seemingly magical phrases as “a computer readable medium containing computer executable instructions” to a series of data processing steps, thus transforming software into a patentable physical component of a computer.

Taking a page from the same playbook, the Proudler application claims a “method of controlling processing of data in a computer apparatus” and a “computer program stored on computer readable media for instructing a programmable computer to implement a method of controlling the processing of data.” Since the Federal Circuit’s infamous 1998 State Street decision which opened the floodgates to software and business method patents, such claims have been deemed patentable without question. Although the Board could have justified the July 7th decision on other grounds, it took particular pains to reject the Proudler application for claiming unpatentable software. “A claim that recites no more than software, logic or a data structure (i.e., an abstraction) does not fall within any statutory category,” the Board said in its rejection. In its rejection, the Board cited both recent Supreme Court cases (including Bilski) as well as pre-State Street decisions from the Federal Circuit.

I believe the Board correctly deduced two notable things from Bilski, in an interpretation which hopefully will take root in the courts as well.

First, the “machine-or-transformation test”, in which a patentable process must either be closely tied to a particular machine or transform a particular article into a different state of thing, survives as a primary test for routine use. Although the Supreme Court held that “the machine-or-transformation test is not the sole test for deciding whether an invention is a patent-eligible ‘process’,” it did characterize the test as “a useful and important clue.” Without any hint of what processes, if any, may fail this test while still being eligible for a patent, the burden will lie with software patent applicants to prove that their processes are patentable after failing the machine-or-transformation test.

Blog post by Laura Moy. Please email any comments on this entry to <Laura Moy@softwarefreedom.org>.

This weekend marks the 300th anniversary of the Statute of Anne, widely considered to be the foundation of modern copyright law. The Statute, formally titled “An Act for the Encouragement of Learning," is often praised for placing intellectual property rights in the hands of individual authors and ushering in the era of public interest copyright law. In reality, however, the law's most lasting legacy has been the misguided proposition that “the Encouragement of Learned Men to Compose and Write useful Books" cannot be accomplished without copyright: a system which restricts the flow and use of information, chills collaboration, and presupposes that property rights are necessary to encourage innovation.

The passage of the Statute represents the culmination of a centuries-long partnership between the monarchy and publishers, the effects of which continue to be felt today. In 16th century England, religious and political unrest, coupled with the proliferation of printed media, threatened to compromise the crown's ability to control the masses. Queen Mary and King Philip engineered a clever media censorship scheme in response. In 1556 they struck a Machiavellian deal with the guild of London publishers: the publishers would cooperate with the crown to prevent the publication of undesirable works, and in exchange, the crown would grant them a monopoly over intellectual property rights and the power to destroy unlawful books and presses.

With this goal in mind, the publishers convinced Parliament that the creation of strong intellectual property rights was essential to encourage the advancement of learning.

So the Statute of Anne was born, and on April 10, 1710, became law. The Statute of Anne, which, like modern copyright, granted exclusive rights directly to authors for limited terms, was intended by Parliament to promote “the Encouragement of Learned Men to Compose and Write useful Books.” Intellectual property, which restricts individuals' use of each other's ideas, had formerly always been conceived as a tool of censorship. That it was now suddenly championed as a tool to encourage information sharing denotes nothing less than a radical shift and is testament to the success of the publishers in convincing Parliament that no one does anything for free.

Blog post by Eben Moglen. Please email any comments on this entry to <eben@softwarefreedom.org>.

[Crossposted from Opensource.com].

Last week, to the surprise of patent lawyers and the biotechnology industry, advocates for technological freedom won an enormous victory against socially harmful distortions of patent law. The Federal District Court for the Southern District of New York held invalid patents owned by Myriad Genetics on diagnostic testing for genetic susceptibility to the most common hereditary forms of breast and ovarian cancer. By "patenting" the right to determine whether the BRCA1 and BRCA2 genes are present in the relevant mutated form in a women's genome, Myriad Genetics has been able to exclude all other laboratories from conducting the test. Patients and their insurers have paid much more, and women and their families have waited crucial weeks longer than necessary for information relevant to treatment and potentially affecting survival.

The Public Patent Foundation and the American Civil Liberties Union challenged the patent on the ground that the Act does not permit the patenting of "facts of nature." In a lengthy and carefully argued opinion granting summary judgment, Judge Robert Sweet agreed. Judge Sweet rejected the basic premise on which gene testing patents such as the one granted to Myriad have been justified: that the amplification of naturally-occurring DNA sequences is a patentable transformation of the DNA molecule. Instead, Judge Sweet adopted the view put forward by Myriad's own expert witnesses, that DNA is a special molecule, "a physical carrier of information," and therefore held that the reading of such naturally-occurring information is not patentable subject matter. Whether posed as a new composition of matter, or as a method for "analyzing" or "comparing" DNA sequences, Judge Sweet held, Myriad's attempt to gain a monopoly on looking at a particular DNA sequence to find out what it says falls outside the permissible scope of patent law.

In reaching his legal conclusions, Judge Sweet relied significantly on the recent opinion of the Court of Appeals for the Federal Circuit, which has primary responsibility for interpreting the nation's patent law, In re Bilski, 535 F.3d 943 (2008), now pending in the Supreme Court. Bilski, as readers here will know, raises issues concerning the patentability of business methods and computer software, on essentially the same basic ground: that, as the Supreme Court has said, "phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work." Gottschalk v. Benson, 409 U.S. 63, 67 (1972). Judge Sweet's opinion may be said to raise the stakes on Bilski slightly, but the parts of the Federal Circuit opinion on which Judge Sweet relies are not about the "specialized machine or transformation of matter" test adopted by the Federal Circuit to distinguish patentable from unpatentable inventions involving computer software and methods of doing business. Judge Sweet followed the Federal Circuit closely in its expression of the settled law of patent scope, making it more unlikely that the Federal Circuit, which will hear the inevitable appeal from Judge Sweet's judgment, will be inclined to disturb the conclusion.

Americans have begun to understand a little bit about how, in the last two decades, corporations and their servants turned more and more of our society's opportunities into property for themselves. The sorrow and anger that is entering our politics, as honorable working people realize how badly they were had, will not soon abate. That the patent system too was gamed by the powerful at the expense of everybody else has not been fully grasped yet. But it will be. Time will show that Judge Sweet was more than courageous in his ruling, that he was also speaking with the voice of America behind him, as all great judges do.

Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.

Free software is ubiquitous. It runs everywhere on (almost) everything. The question that dominated most of the discussions at the Libre Planet Conference in Boston about a week ago is what now? How can the community capitalize on its achievements to make the movement more inclusive and reconceive the relationship between free software and privacy?

Most attendees seem to agree that it's time to proselytize to the non-hacker masses and get them to care about the privacy, freedom, and control they sacrifice when buying proprietary technology. At John Gilmore's group discussion on the future of free software Saturday morning, people proposed making the user interface more friendly; addressing freedom in the browser space; developing a solid gaming platform for free software. "My experience is that if you give people who play games the option to improve them they will," one attendee said. "I know people who became programmers so they could improve the games they played."

The SFLC's founding director, Eben Moglen, said in his talk that the movement has reached "a point of inflection." The challenge it will face in "Free Software: Phase Two" is to explain the relationship between privacy, the integrity of human personality, and free software. The movement will have to figure out how to convince people they need a solution to a problem they don't know exists, he said. "It's not about we're done. The war is over. It's about, what's next."

I think ordinary people who don't write computer code or think about the consequences of proprietary technology are aware that there is a problem; that they are forfeiting too much control over the tasks and relationships that make-up daily life to unknown forces in the digital world. The cyber security threats, malicious hacker attacks in China, car malfunctions, and voting booth problems that dominate the news cycle can all be traced back to potential software glitches. People know about these problems. They just don't know how the problems are connected or how to fix them.

The challenge facing the free software community is to explain how the Toyota recall and Google's withdrawal from China can be traced to one cause: namely giving for-profit companies monopolistic access to the source code of the thousands of software programs that we are increasingly reliant upon. What's lost in the mainstream media coverage of these seemingly unrelated events is an explanation of a solution that already exists: open, auditable source code that anyone can view and detect flaws in.

The first step for the SFLC and attendees of Libre Planet is to connect the various news headlines to a central problem: restricted access to source code. Then explain that it doesn't have to be this way. The technology wasn't designed to infantilize users. It was designed to give users a set of tools to collaborate and communicate in a digital world.

Blog post by James Vasile. Please email any comments on this entry to <vasile@softwarefreedom.org>.

Earlier this week, the Office of Foreign Assets Control announced the relaxation of rules prohibiting export of software to Iran and Sudan. The new exemptions build on a recent easing of some rules governing exporting telecommunications technology to Cuba. These moves are surely an attempt to capitalize on the Iranian election demonstrations last summer that some called the "Twitter Revolution". They are also a sign that the Obama Administration is carrying out its plans to make internet freedom a pillar of US diplomacy.

I hope the revised OFAC rules are the beginning of a broad and nuanced re-examination of US technology export policy. They are certainly good news for Free Software developers who are currently prohibited from distributing their software in embargoed countries.

Generally speaking, US companies have been prohibited from trading with Iran and Sudan, despite some exemptions for humanitarian and medical reasons. To my knowledge, those exemptions have never been applied to Free Software. Against that backdrop of general prohibition, OFAC promulgated new exceptions allowing the exportation of "certain services and software incident to the exchange of personal communications over the Internet." As examples, OFAC lists "instant messaging, chat and e-mail, social networking, sharing of photos and movies, web browsing and blogging."

That list, however, is not exhaustive. The exemption is broad and applies to a wide range of technology. I asked an OFAC representative how broadly to interpret "incident to," and he confirmed that the exemption includes such software as web servers, content management systems or operating systems on which one could run an IM client. If those are incident to personal communication, presumably much other Free Software is too.

Though the decision to loosen export regulations is a step in the right direction, it falls far short of what the Free Software world really needs: permission to publicly distribute Free Software everywhere on the planet without jumping through invisible and innumerable hoops. First, the new rules are limited to Iran and Sudan. Other embargoed countries are still off limits. Second, while "incident to personal communication" applies to a lot of software, it does not describe everything, and its limits are unclear. Third, the exception is limited to software that is publicly available at no cost to the user.

This last point deserves some extra attention. If you charge for Free Software, the exemption does not apply. Also, other export controls are still in effect. This is true no matter how you structure it. A download fee to recoup the cost of distribution would be a problem. A paid service agreement to support the software would be a problem. Accepting donations from embargoed countries could be problematic. In other words, if your project gives away software but raises money by accepting money for ancillary goods or services, those ancillary charges can run afoul of the embargo rules.

Other caveats exist (especially regarding software that does encryption), and this post isn't meant to be legal advice on how to comply. My objective is to shed light on a decision that could signal the beginning of a gradual shift in US technology policy and a shift in the Free Software development landscape. If your project is trying to comply with export regulation, you should seek legal advice.

Export regulation is a patchwork quilt of mystifying rules. Most projects are wholly unaware that putting their code on the web might put them at risk of violating export laws they've never heard of. Those that try to comply face many difficulties. It's heartening to see inter-agency cooperation aimed at simplifying the legal environment for Free Software developers. By broadening exemptions to include certain communication technologies, the government acknowledges that internet access is a fundamental human right. These are welcome signs for the SFLC and the free software community overall. I hope the Commerce Department joins in and extends the personal communication technology exemption to include trade with Cuba and Syria as well.

Blog post by Michael A. Spiegel. Please email any comments on this entry to <mspiegel@softwarefreedom.org>.

Public Safety is not a matter of Private Concern

In a recent article, Slate's Farhad Manjoo attempts to play down fears of faulty software in car braking systems as a potential cause of traffic accidents. Citing numerous studies which conclude that “the overwhelming reason we get in crashes is driver error,” Manjoo reasons that “the less driving people do, the fewer people will die on the roads.”

While it may certainly be true that most crashes occur because of intoxication, distraction, or driver fatigue, and that computer controlled cars may decrease driver error, Manjoo doesn't seem to see the obvious implication of his own assumptions -- “opaque” and “inherently buggy” software which could endanger public safety should be subject to review.

If Toyota truly wanted to repair its public image and reputation for quality, it would make its source code available to anyone interested, not just a single government regulator. The public is far more likely to discover bugs and suggest improvements than a relatively small number of overworked and potentially inexperienced government employees. As a former patent examiner at the US Patent and Trademark Office, I have seen the problems that arise when the amount of information and technical expertise available to the government is far outstripped by that of the private firms seeking government approval. Currently, the USPTO is attempting to deal with this imbalance of information by publishing patent applications before they are granted and by considering various proposals to incorporate public feedback as a means to improve patent quality. The National Highway Traffic Safety Administration should consider similar measures to allow the public to assist in its work.

Toyota should take their cue from another industry recently wracked by a loss of confidence in the integrity of their product -- the voting machine industry. Looking back on the controversies that surrounded voting irregularities in the past few elections, it seems like the public cares a great deal about the integrity of the voting process. A seemingly endless amount of ink was spilled by the press and blogosphere expressing outrage over the various security flaws found in Diebold voting machines, especially after the CEO of Diebold Inc. wrote that he is “committed to helping Ohio deliver its electoral votes to the president next year.” The media attention surrounding this issue culminated in the HBO documentary “Hacking Democracy”, in which filmmakers Simon Ardizzone & Russell Michaels chronicled the efforts of activists who exposed and attempted to fight the proliferation of insecure voting machines.

Finally, in response to the controversy, Sequoia Voting Systems announced last October that their new voting machines would be based on publicly available source code and open architectures, noting that “[s]ecurity through obfuscation and secrecy is not security” and that “[f]ully disclosed source code is the path to true transparency and confidence in the voting process for all involved.”

I find it curious how proprietary software became a major concern to the media as well as various state legislatures when our democratic process was threatened, but when at least 37 lives have been lost due to malfunctioning Toyota vehicles, there is no similar outcry for greater transparency in the proprietary braking and accelerating software that is crucial to keeping people safe on the road.

Given the cost of its 8.5 million car recall and the potentially irrecoverable damage to its brand, Toyota should seriously reconsider the value of maintaining a business based on trade secrets and realize that ensuring public safety should not be purely a matter of private concern.

Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.

New York Times reporters John Markoff and Ashlee Vance correctly pointed out that nations, private corporations, and even bands of rogue programmers are capable of covertly tunneling into information systems, by exploiting bugs in a program's source code in their January 20th story, "Fearing Hackers Who Leave no Trace."

Unfortunately, this paragraph appears more than half way through the story. Rather than address the real reasons that proprietary systems are so vulnerable to security breaches or the comparative protections afforded by free software, Vance and Markoff stuck to the usual formula of the Times' technology stories: the "intellectual property" parable. The good guys ("innovative," commercial technology companies like Google and Cisco) struggle to protect the integrity of their source code--their "crown jewels"--from the nefarious designs of the bad guys (hackers).

"If hackers could steal those key instructions and copy them, they could easily dull the company's competitive edge in the marketplace," Vance and Markoff write. "More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with that software.”

The ability to make "subtle, undetected changes" to a system's source code is indeed the cause of frequent security breaches, but it is much harder for ill-intentioned hackers to "leave no trace" in free software. The solution is not to block access to source code, as the authors imply, but keep it open so that anyone can detect modifications, see who made them, and why. The reason closed, proprietary systems have proven to be less secure than free software alternatives over the years is more to do with the absence of a third-party audit function and accountability trail, than threats from "hackers."

I can only assume the confusing tangle of inaccuracies, contradictory conclusions, and false assumptions Markoff and Vance reported were fed to them by a PR agent or cobbled together after a day-long conference hosted by the Homeland Security Council. Vance quotes a member of the Council's advisory board, Jeff Moss, in the article he co-wrote with Markoff and in a separate story published under his own byline on January 21, "If your Password is 123456, Just Make It HackMe." Vance describes him as a security expert in the first story and the founder of a popular hackers conference in the second.

As a non-profit law firm for Free and Open Source Software programmers, the SFLC admittedly has a stake in promoting the projects developed by its clients. So rather than take my word for it, listen to the comments of readers like Wai Yip Tung from San Francisco. "This article have a very confused idea around source code and security," Tung writes in a comment. "Have you ever heard of Open Source software? (e.g. Firefox) Everyone has access to its source code but it does not make it any less secure. In fact security expert have an opposite opinion. It is critical that source code is available for audit by a wide range of people before we can have confidence of its security. This is a worthless article in my opinion. It stroke fear in the wrong places and shed little light on where the vulnerability really is.

I have to disagree that their effort was entirely worthless. Markoff and Vance inadvertently ended up writing an unqualified endorsement of free software in The New York Times.

Clarification: The "hackers" who break into computers with the intent to cause harm are distinct from from the community of programmers who create clever solutions to bugs in source code. A more accurate label for the activity in this story is malicious hacking or cracking.

Blog post by Lysandra Ohrstrom. Please email any comments on this entry to <Lohrstrom@softwarefreedom.org>.

The 2010 Consumer Electronics Show (CES) was the best of times and the worst of times for the free software movement.

It proved that the first stage of the revolution that the SFLC, and many others, have long predicted, is complete: free software has been embraced by commercial developers and is now powering a much wider range of embedded devices than any single proprietary program. Behind any one of the smartphones, eBook Readers, netbooks and LCD-televisions that debuted last week at CES is almost certainly a Free and Open Source Software (FOSS) application or platform.

But it also highlighted the extent to which proprietary software developers have taken advantage of the ability to adapt, improve, and customize free software in embedded devices that deny customers these very same freedoms. This is the paradox of free software's growing popularity: anyone can view, modify, and distribute source code, whatever their intentions.

Now that free software is inside almost everything, it is time for users to learn about their rights under free software licenses to protect their freedom to share, tinker, and adapt the devices they buy.

These values, ingrained into our consciousness in kindergarten, are the ones that drive free software innovation and that many of the commercial developers at CES have benefited from, yet hope their customers will forget.

Most of the eBook Readers at CES use free software in locked-down devices that restrict customers' access to certain publications, prevent them from sharing, and violate their privacy. Telecommunications companies have harnessed Android in the battle for a larger share of the smartphone market and collaborated on applications with FOSS programmers while preventing customers the right to chose between carriers. These companies have a vested interest in limiting the functionality of the devices they sell so consumers buy the next model in a couple of years, rather than improve the one they already own.

Individuals can reclaim the rights they take for granted in other commodities by educating themselves and choosing to buy the most free devices whenever possible.

While none of the smartphones or e-readers on the market is perfect, there are options that allow users to retain more choice and control of how a device functions and what content they can access. Choosing a Nokia N900 or a free Android phone over a carrier-subsidized, locked-down model gives customers the option of running any application and making modifications so it is more useful. Readers can chose an open-format e-reader over an alternative that only allows them to download books in proprietary format.

Owners of open-format e-readers can download public-domain content, such as "A Tale of Two Cities," for free from a variety of sources and be able to read and re-read it whenever they want, on multiple devices, forever. Amazon, on the other hand, charges Kindle-owners a license fee for the privilege of reading the free Dickens' classic on their e-readers. Amazon also reserves the right to revoke this license at any time and yank the free book from Kindle-customers who already paid to download it.

At CES 2011, the SFLC predicts that commercial software developers will continue to distract users from these basic rights with sleeker, smaller, and smarter devices that run on free software. The SFLC will continue to fight against people who violate the terms of the GPL by using FOSS in locked-down devices that restrict, rather than empower users. But the second stage of the revolution will be won by individuals who educate themselves about their rights in order to realize the full benefit of free software.

Blog post by Eben Moglen. Please email any comments on this entry to <eben@softwarefreedom.org>.

I spent last Thursday and Friday in Brussels, attending the European Commission’s Oral Hearing in the competition investigation of the acquisition of Sun Microsystems by Oracle. The proceedings at the Oral Hearing were confidential; I cannot write about the presentations made there by others. I can, however, summarize the three points I made during my brief presentation on Friday; my previous written submission to the commission is already available. I want to explain what I said and where I think we stand now that the Oral Hearing is over.