May 11, 2000 12:35 PM PDT
Microsoft wants to censor some open-source postings
- Related Stories
DVD cracking case heats upSeptember 21, 2000
Microsoft, Xerox team to protect copyrighted worksApril 27, 2000
Napster suit tests new copyright lawApril 11, 2000
Filtering firm employs copyright law against WebmastersMarch 23, 2000
Andover.Net scoops up seminal Slashdot siteJune 29, 1999
The software giant sent Slashdot's parent company, Andover.Net, a "notice of copyright infringement" invoking the protections of the Digital Millennium Copyright Act (DMCA). Under the federal law, Internet service providers are required to take down material posted by others if notified by a copyright holder that the material is an infringement.
Microsoft says Slashdot readers improperly posted specifications for the Windows 2000 operating system and its use of Kerberos Web security technology. The software giant recently made that information available for download on its Web site, but it requires people to agree that such material is "confidential" and a "trade secret."
Regardless of whether Microsoft is successful in getting the information removed from Slashdot, legal analysts say material that found its way on to the Internet may no longer be entitled to trade secret protections. It likely would be protected by less restrictive copyright protections, however.
"Most likely it's going to lose its trade secret status," said Ron Lemieux, a partner at Graham & James in Palo Alto, Calif. "It doesn't mean that Microsoft should try to do what its doing and get it pulled off."
Kerberos is authentication and encryption software developed by the Massachusetts Institute of Technology. It's available from MIT in an open-source format for Windows, Unix and Macintosh, and it is used in commercial software from Microsoft, Oracle, Qualcomm and others. Unlike other software companies, though, Microsoft adds proprietary extensions to the publicly available Kerberos format.
To download the extensions from Microsoft's Web site, people must first agree to a disclaimer that states in part, "The specification is confidential information and a trade secret of Microsoft. Therefore, you may not disclose the specification to anyone else..."
"Under the provisions of the DMCA, we expect that having been duly notified of this case of blatant copyright violation, Andover will remove the above referenced comments from its servers," Microsoft representative J.K. Weston said in the letter to Andover.Net.
Microsoft spokesman Adam Sohn confirmed the letter was from Microsoft. "We sent a letter to Slashdot to alert them to potential illegal activity on their Web site," he said.
In a response to Microsoft posted on the Slashdot site, Slashdot editor Robin Miller said the organization is seeking advice from its readers and lawyers on what he said is a "request to censor our readers' comments."
"I'm sure you will agree that freedom of speech is at least as important a principle under American law as the freedom to innovate, so I'm sure that you personally, and Microsoft corporately, will understand our hesitation to engage in censorship," he said. "Indeed, after reflecting on the nature of freedom for a little while, you may wish to withdraw your request."
Miller added that removing the postings "may set an unhealthy precedent for other online news outlets and online service providers, including those owned in whole or in part by Microsoft itself."
Sohn said Microsoft's only intent is to ensure that specifications are retrieved and distributed under its terms.
"All we are asking for is that anybody who wants to download or review Microsoft's Kerberos specifications should do it in a way in accordance with copyright law and the DMCA," Sohn said.
"We have no intent on stopping people on Slashdot or anywhere else in providing comment," he added. "This is not about free speech."
David Sobel, general counsel for the Electronic Privacy Information Center, said the precise application of copyright law in this case is unclear, but the immediate effect is predictable.
"Copyright law can be cited for purposes of intimidating smaller Web sites without resource to defend against the legal challenge that is being threatened," he said. "That is a serious problem with the copyright regime today, that it can easily be abused.
"There are many unsettled legal questions, and when a small site receives a letter from Microsoft's lawyers, in most cases that site is not going to want to become the test case."
While lawyers say Microsoft may be able to get the material removed, it may well have lost the valuable protections it sought by claiming the Kerberos code as a trade secret.
Graham & James' Lemieux noted a mid-1990s case involving the Church of Scientology, in which a federal judge held that once information is on the Internet, it cannot be a trade secret.
Lemieux said Microsoft's main recourse based on that ruling would be to go after the people who posted the information, claiming misappropriation of trade secrets, breach of contract or conversion, "a fancy word for stealing someone else's property."
However, another court issued an injunction against several people for distributing via the Internet software that allows DVDs to be run on unauthorized players, such as computers using the Linux operating system. Still, intellectual property lawyer Daniel R. Harris of Brobeck Phlegr & Harrison said that Microsoft would have a tough time getting trade secret protection for material it made available to anyone who anonymously agreed to treat it as confidential.
"Posting it in such a manner is not a reasonable means of protecting its confidentiality," Harris said. "If in fact it was a real trade secret, they should have taken better precautions. If you think of it another way, Microsoft would never publish their Windows source code in the same way."
And as for the software maker's ability to control use of its Kerberos code, Harris said there are T-shirts that contain the DVD source code despite the court's ruling.
"Effectively, once something goes on to the Internet, the genie is out of the bottle, and stuffing (it) back in is next to impossible," he said.
Gary McGraw, a vice president at security software firm Reliable Software Technologies, said Microsoft has been under pressure to release the details of its implementation of Kerberos.
"The cryptography community thinks that its very smart to publish your codes and your algorithms to make sure that you got them right," he said. "It's very hard to get everything right in cryptogrpahy."
McGraw said Microsoft appears to be trying an "embrace and extend" strategy where it takes an open standard and adds features to make it proprietary.
"The good news is more people will be using Kerberos," McGraw said. "The bad news is its not really Kerberos."