Message-Id: Date: Tue, 6 May 1997 14:49:59 -0400 To: fight-censorship@vorlon.mit.edu From: Declan McCullagh Subject: Jim Tyre responds to CyberSitter's Brian Milburn Jim Tyre's response to Brian Milburn's letter is attached below. Milburn's "demand letter" sent on April 24 is at: http://www.peacefire.org/archives/SOS.letters/bm.2.bh.4.24.97.txt One of my articles about Milburn's earlier threats is at: http://cgi.pathfinder.com/netly/editorial/0,1012,453,00.html Netly's Censorware Search Engine is at: http://cgi.pathfinder.com/netly/spoofcentral/censored/ -Declan ************** May 5, 1997 Mr. Brian Milburn President, BY FAX TO Solid Oak Software, Inc. (805) 967-1614 P.O. Box 6826 AND BY CERTIFIED MAIL Santa Barbara, CA 93160 RETURN RECEIPT REQUESTED Re: April 24, 1997 Demand Letter to Bennett Haselton Dear Mr. Milburn: This law firm represents Bennett Haselton with respect to your April 24, 1997 demand letter to him, received on April 29, 1997. Any further communications concerning this matter should be directed to me, not to Mr. Haselton. It is not my custom to engage in lengthy discussions of the law with non-lawyers, and I shall not vary from that custom here. I would suggest that you have Solid Oak's attorneys contact me if there is reason to discuss this matter further. However, I will make the following remarks. ALLEGED COPYRIGHT INFRINGEMENT You write that: "You have posted a program on your web site called 'CYBERsitter filter file codebreaker'. This program illegally modifies and decodes data and source code protected by U.S. and International intellectual property laws. "This program performs this action without permission of the copyright owner. We demand that this program be removed immediately." You should be perfectly well aware that your assertion that Mr. Haselton's program modifies or decodes CYBERsitter source code is factually incorrect. Further, as you know, Mr. Haselton's program is not in any way a work-around of CYBERsitter, nor did Mr. Haselton hack into Solid Oak's computers in order to create the program. Mr. Haselton's program does indeed decode data from the CYBERsitter filter file. However, there is no basis in the law for your assertion that Mr. Haselton's program does so unlawfully. If Solid Oak's attorneys believe otherwise, I would be interested in their thoughts. In that regard, my personal observation is one of surprise at how basic was the encryption algorithm used for the CYBERsitter filter file. XORing each byte with a constant byte, such as Ox94, is a methodology which has been well known for many years, and which is detectable with great ease. Applied Cryptography (2nd edition) by Bruce Schneier is a standard reference. Mr. Schneier writes: "The simple-XOR algorithm is really an embarrassment; its nothing more than a Vigenere polyalphabetic cipher. Its here only because of its prevalence in commercial software packages, at least those in the MS-DOS and Macintosh worlds." He continues, commenting on a slightly more sophisticated variant than simple Ox94: "There's no real security here. This kind of encryption is trivial to break, even without computers. It will only take a few seconds with a computer." He concludes the discussion as follows: "An XOR might keep your kid sister from reading your files, but it won't stop a cryptanalyst for more than a few minutes." With XOR (Ox94) being the extent of the filter file encryption, it certainly should have been foreseeable to Solid Oak that the filter file would be decrypted into plaintext, and I am surprised that the algorithm was not publicized by people examining the program far earlier than was the case. Far more important, however, is that Mr. Haselton's program simply is not a violation of any copyright law or of any copyright which Solid Oak allegedly may have in the filter file. I suggest that Solid Oak's attorneys review and explain to you the following cases, among others: Vault Corp. v. Quaid Software Ltd., 847 F.2d 255 (5th Cir. 1988); Lewis Galoob Toys, Inc. v. Nintendo of America, Inc., 964 F.2d 965 (9th Cir. 1992); and Sega Enterprises Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1992). I would also commend that your attorneys explain to you the copyright doctrine of fair use, as set forth in 17 United States Code ("U.S.C.") =A7 107. One of the (nonexclusive) factors in determining whether the use of copyrighted material is fair concerns "the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes." Solid Oak cannot seriously assert that Mr. Haselton's program is of a commercial nature. On the other hand, Mr. Haselton can and will assert that his program is for a nonprofit educational purpose. Specifically, Solid Oak's stated blocking policy, at http://www.solidoak.com/cybpol.htm is as follows: CYBERsitter Site Filtering Policies CYBERsitter may filter web sites and/or news groups that contain information that meets any of the following criteria not deemed suitable for pre-teen aged children by a general consensus of reports and comments received from our registered users: - Adult and Mature subject matter of a sexual nature. - Homosexuality / Transgender sites. - Pornography or adult oriented graphics. - Drugs, Tobacco or alcohol. - Illegal activities. - Gross depictions or mayhem. - Violence or anarchy. - Hate groups. - Racist groups. - Anti-Semitic groups. - Sites advocating intolerance. - Computer hacking. - Advocating violation of copyright laws. - Displaying information in violation of intellectual property laws. - Information that may interfere with the legal rights and obligations of a parent or our customers. - Any site maintaining links to other sites containing any of the above content. - Any domain hosting more than one site containing any of the above content. - Any domain whose general policies allow any of the above content. The above criteria is subject to change without notice. Mr. Haselton has the right to test whether what CYBERsitter actually blocks comports with Solid Oak's stated criteria, particularly given some of the seemingly arbitrary decisions incorporated into CYBERsitter. Mr. Haselton has the First Amendment right to be critical of what CYBERsitter does and how it does it. Since the only way to fully test what CYBERsitter blocks and to comment critically on the functionality of CYBERsitter is to decrypt the filter file, Mr. Haselton's program falls squarely within the fair use doctrine of 17 U.S.C. =A7 107. Additional copyright arguments can be made, and, if necessary, will be made. However, I hope that this is enough to convince Solid Oak's attorneys that Solid Oak cannot prevail in an infringement action against Mr. Haselton. ALLEGED IMPERMISSIBLE LINKING You state that Mr. Haselton has placed links to various Solid Oak sites on the www.peacefire.org site. Of course you are correct, but your assertion that Mr. Haselton needed permission to do this is nonsense. A URL (the "U", of course, standing for "universal") is merely a machine readable encoding of a label identifying the work in the form how://where/what: It is no different than providing the card catalog number for a book already in the library. Solid Oak already is on the internet, where, by definition, its presence is public, regardless of whether Solid Oak is a public corporation or a private corporation. Mr. Haselton simply has told people where to find Solid Oak and given them the means to get there without having to type in a URL. Would you contend that Mr. Haselton needs your permission to write on the Peacefire site that "The URL for Solid Oak Software, Inc. is http://www.solidoak.com"? Would you contend that Mr. Haselton needs your permission to state that Solid Oak's address is P.O. Box 6826, Santa Barbara, CA 93160? That Solid Oak's telephone number is (805) 962-9853, or that its fax number is (805) 967-1614? Since you are in the business of making internet software products, no doubt you should appreciate that linking one web site to another, or to hundreds of others, which in turn could be linked to thousands of others, is the raison d'etre of the World Wide Web. If linking required permission (which it does not) or was unlawful (which it is not) then, as a practical matter, the web would die. Since Solid Oak's business depends on the web flourishing, I doubt that you would want to see that happen. However, regardless of what you might want, there is no law and there is no policy which prevents Mr. Haselton from including links to Solid Oak on the Peacefire site. The same is true for Solid Oak's email addresses, many of which are listed on Solid Oak's own web pages. Solid Oak's URLs are pure information, not protected under any intellectual property law of which I am aware. Disclosing and/or linking to them is neither trespass nor any other offense. Finally, although I consider the matter legally irrelevant, I note that Solid Oak's site includes links to each of: Parent Time http://pathfinder.com/ParentTime/Welcome/; Microsoft http://www.microsoft.com/; Quarterdeck http://www.quarterdeck.com/; Windows95.com http://www.windows95.com/; Berit's Best Sites for Children http://db.cochran.com/db_HTML:theopage.db; Discovery Channel http://www.discovery.com/; and Family.Com http://www.family.com/. If, prior to the date of your demand letter, you obtained written permission from each of these sites to link to them, I would be interested in seeing those writings. If, however, Solid Oak has not obtained written permission for those links, one might wonder as to your motivation in making your assertion that the links provided by Mr. Haselton are in any way improper. Perhaps I can understand your being upset with how easy it was for Mr. Haselton to lawfully decrypt the weakly encrypted CYBERsitter filter file. But being upset is one thing: accusing Mr. Haselton of criminal conduct and threatening him with legal action (as you have done publicly both recently and last December) is quite another. Mr. Haselton has no desire to institute legal proceedings against you or Solid Oak if this goes no further. Therefore, if you were just venting your frustration, say so now and we will be done with this. Otherwise, I am confident that Solid Oak's attorneys know where the proper court is, as do I. BIGELOW, MOORE & TYRE, LLP By: JAMES S. TYRE JST:hs cc: Mr. Bennett Haselton ------------------------- Declan McCullagh Time Inc. The Netly News Network Washington Correspondent http://netlynews.com/