[This is a letter provided by a congressional source on condition of anonymity. It's a little hard to parse, but Anonymous' comments have ">>" prepended to them. I invite RIAA to reply. --Declan]
Some background: http://www.politechbot.com/cgi-bin/politech.cgi?name=riaa --- Response to Billboard Article on Anti-Terrorism Bill Billboard's issue of October 27 contained an article, "RIAA Criticized Over Effort to Change Anti-Terrorism Bill," that is so patently false that we are driven to respond immediately. Dear Editor: It is hard to believe that Billboard would print stories as offensive and irresponsible as your recent articles attacking RIAA's work on the anti-terrorism bill. The baseless rumors that we took advantage of this important piece of legislation to gain rights to hack into personal computers were debunked before the article was even written; yet Billboard perpetuates the malicious myths without regard for even the most basic of journalistic standards. Let's be clear: RIAA never lobbied Congress to give us the ability to hack into PCs, plant viruses, destroy MP3 files on people's computers, or anything resembling such actions. These assertions are not only completely false, but also incredibly offensive and extremely irresponsible. >> The RIAA does not assert that the language they provided staff would not have permitted this sort of conduct. Had your reporter bothered to call even one of the Senate staffers involved in the legislation, or consulted with even one lawyer who could explain the meaning of the proposed amendments, he would have learned that he was unfairly maligning the RIAA and our industry. >> What they may have "meant" to do does not explain their "extremely irresponsible" (at best) drafting. The true story here is that the Senate drafted its anti-terrorism bill privately. When it was made public on October 5th it was discovered that one of the provisions would have had an unintended effect on anti-piracy measures that are lawful under current law. This inadvertent mistake would have negatively impacted not just copyright owners, but also ISPs, telecom providers and many other high-tech businesses, such as the companies of the NetCoalition. As written, the measure would unintentionally have subjected such businesses to lawsuits for activities that should be and are currently allowed under law to protect the integrity of their products and networks. >>According to the RIAA, the drafting of the Senate bill was done "privately" and would have had "unintended effects" on the law. But what Hillary Rosen fails to note is that their solution -- offered in the vacuum of private negotiations -- would have done what EFF and other copyright scholars NOT on the RIAA payroll say it would have done: it wouldve created a license to hack. I suppose the RIAA position must be that private negotiations involving the RIAA cannot possibly result in similarly "unintended effects." When we became aware of this inadvertent consequence in the draft legislation, we notified the Department of Justice, the Senate, and other industry groups; the proponents of the bill acknowledged that the draft legislation created an unintended, negative side effect. We were asked to propose language to avoid the unintended effects on our industry. We did so - based on suggestions from the Department of Justice and Senate staff. >> Perhaps the RIAA will tell us who they met with at DOJ about this amendment? Did they show their proposed language to anyone from the Executive Branch negotiating the bill? If so, whom? And none of those drafts - we repeat, none - would have permitted the use of viruses or anything else that could damage a user's computer or data in any way. Contrary to the assertions in Billboard, measures that cause damage to a computer or anyone's data would be actionable. Nor did the article mention that the language provided no immunity from criminal investigation or prosecution. Thus a copyright holder using any technical measures to protect its works could do so only at risk of criminal liability, a substantial guarantee that any such actions would be conducted responsibly. >> This is simply false! The bill itself defines damage as "any impairment to the integrity or availability of data, a program, a system or information" The The RIAA proposed 2 versions of a proposed amendment and asked that it be added to the end of the civil cause of action section (section 1030(g)): "No action may be brought under this subsection arising out of any impairment of the availability of data, a program, a system or information, resulting from measures taken by an owner of copyright in a work of authorship, or a person authorized by such owner to act on its behalf, that are reasonably intended to impede or prevent the infringement of copyright in such work by wire or electronic communication; provided that the use of the work that the owner is intending to impede or prevent is an infringing use." OR "No action may be brought under this subsection arising out of any impairment of the availability of data, a program. a system, or information, resulting from measures taken by an owner of copyright in a work or authorship, or any person authorized by such owner to act on it behalf, that are reasonably intended to impede or prevent the unauthorized transmission of such work by wire or electronic communication if such transmission would infringe the rights of the copyright owner." Both proposals would have prohibited any civil cause of action for actions by a copyright owners for the "impairment of the availability of data, a program, a system or information" [ which the LAW and the terrorism bill define as "damage"] for actions they take that are 'reasonably intended' to impede or prevent infringement of copyright or an unauthorized copy. Yes, the RIAA could still have been prosecuted - which one must assume is how they are able to argue that their conduct resulting in damage would be "actionable". But no civil actions could have been brought! So victims could not have sued. Period. This is the sort of verbal parsing and misleading statement that the heads of the major record labels should instruct their staff at the RIAA to put a stop to once and for all. A person unfamiliar with the complex terminology of the Computer Fraud and Abuse Act might not grasp these points from a quick reading of the proposed amendments, which is why it is all the more important that anyone writing on this subject check the facts and consult with informed sources. But the writer of the article apparently made no efforts to contact the Senate staff who actually handled this issue or to consult with anyone knowledgeable about the facts or the law. >> No, the folks who are concerned about this mess grasped the points. The entire focus of the original section of the bill that amended section 1030 was hackers. Previously, the definition of "damage" under the act required that there be $5,000 in damages or loss to a victim. Accordingly, absent some narrow exceptions, if a person hacked into a private network or computer and caused less than $5,000 in damage, he or she would not have broken the law. The law also provides victims of section 1030 with the right to bring a civil cause of action - a lawsuit - against the hacker. But the $5,000 damage threshold also applied to these victim lawsuits. Hence, the problem that others but the recording industry (NetCoalition, eBay, AOL, e.g.) was trying to solve was: if you change to law to make it easier to for the government to prosecute hackers by dropping the $5,000 threshold then you are also making it easier for victims of hackers to bring a private civil lawsuit. The RIAA's proposed solution - above - would have given them a complete carve out from the civil actions - Not just acts those resulting in less than $5000 in damage but any amount of damage so long as they were trying to stop "unauthorized" (note, not necessarily illegal) copying. Incredibly, the only person cited in the article is a lawyer for the Electronic Frontier Foundation in San Francisco, who had nothing to do with the legislation and knew nothing about what happened. But she was more than happy to criticize RIAA for actions that the reporter described to her. And Billboard was delighted to highlight her unfounded criticisms in large, bold type. The article also failed to mention that multiple industry groups and companies likewise saw the need to fix the inadvertent error in the Senate provision. Ultimately, the Senate staff decided to re-draft their original amendment to avoid the problems it had caused, thus obviating the need for an industry-specific solution. As finally drafted, the new provision is supported by eBay, the NetCoalition, MPAA, RIAA and SIIA, among others. >> Yes there were a myriad of organizations concerned about the effects of the change on current law, but the RIAA's proposed amendment was not supported by those groups, was it? Did eBay, the Net Coaltion, SIAA support their draft. No. Not even AOL -- a member of RIAA -- was happy withthe original amendment offered by Mr. Glazier. Yes, they all supported the final version - the version that was worked out AFTER the RIAA was caught. The damage done by these irresponsible acts continues to spread. On October 24, the Billboard Bulletin featured a story that a Member of Congress "decries RIAA's tactics on legislation." The quotations attributed to the Congressman make it clear that he had no idea what had actually transpired - but having read Billboard's article, it's only natural that he would be critical. Let's be honest: the not-so-subtle message implicit in Billboard's articles is that we were trying to "slip" something into the legislation, an act that would be downright unpatriotic at this time of national crisis. And that's what makes Billboard's articles so incredibly insulting - manufacturing a story that makes us look underhanded and impugns our patriotism at the same time. In fact, we became involved in the anti-terrorism bill only because an inadvertent error in its drafting would have negatively impacted legitimate businesses engaged in legitimate means of protecting their products and networks; we proposed amendments only because we were specifically asked to do so by Senate staff; and the proposals we made were in fact narrow and responsible. It's time for Billboard to start honoring some editorial standards. It's not responsible to write articles without researching any facts, consulting with any informed sources, or checking with the staffers actually involved. It's time to start printing stories that are factually accurate, not malicious gossip masquerading as news. Billboard owes their readers, and the RIAA, an apology. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
