FRAMINGHAM (03/31/2000) - A federal ruling on the use of Internet blocking software is raising questions about the power of U.S. courts to force the removal of information from Web sites. The case, which involves Cyber Patrol, could also have implications for the reverse engineering of commercial software and attempts by companies to halt the practice, which they say damages the marketability of their products.
Abner Germanow, research director for the Internet security program at International Data Corp. in Framingham, Massachusetts, predicted that the Internet community will find itself increasingly confronted by untested court rulings governing reverse engineering and the freedom to post contested programs on the Web.
"This is the beginning of many similar issues that businesses will face - it sets a precedent," said Germanow. The legal proceedings began last month when Mattel Inc. of El Segundo, California, which sells Cyber Patrol, filed a lawsuit in U.S. District Court in Massachusetts against the authors of the cphack.exe and CP4BREAK.zip programs. Those programs enable the recreation of Cyber Patrol's list of blocked Web sites and newsgroups.
The suit claimed that authors Eddy Jansson of Sweden and Matthew Skala of Canada violated U.S. copyright laws.
"Our issue is not the list; the issue was the reverse engineering and decompiling of software in violation of copyright and the posting (of) large sections of original source code and two executables derived from source code," said Sydney Rubin, a spokesperson for Cyber Patrol.
On March 24, the company reached a settlement agreement with Jansson and Skala in which the authors agreed to turn over all rights to the software, along with an explanatory essay. Mattel then used its copyright to seek a court order against an estimated 50 mirror sites that linked to the contested software.
A week earlier, on March 17, U.S. District Judge Edward Harrington had granted Mattel a temporary restraining order against Jansson and Skala. Mattel sent notices of the restraining order to the mirror sites and requested that they remove the programs and turn over logs of people who had downloaded the banned software.
The American Civil Liberties Union, which represents three of the targeted Web site operators, fired back with a motion to suppress what it said were improper subpoenas. The ACLU argued that the software and links to the mirror sites represented constitutionally protected speech and that the "anonymity of persons accessing Internet Web sites should not be breached."
The conflict escalated on March 28 when Judge Harrington released a permanent injunction stating that any Web site operator who is "in active concert" with the cphack authors must remove the programs or face contempt charges and possible jail time.
"We argued that the U.S. court doesn't have any authority to enter injunctions because the U.S. copyright laws don't apply overseas," said Chris Hansen, an ACLU staff attorney. "The only way my clients can find out if they are bound by the order is to put up the code, let Cyber Patrol file a motion for contempt, and then the judge decides whether my clients are in contempt and has the authority to send them to jail."
"We don't think it's unclear at all," said Cyber Patrol's Rubin, who maintained that the injunction applies to mirror sites that post the program, but not those that post links to the mirror sites. Rubin said the court has jurisdiction because the contested software was transmitted by U.S.-based servers and the Berne agreement extends U.S. copyright laws to Sweden and Canada.
Hansen argued that the injunction prevents the public and potential Cyber Patrol users from evaluating the list of blocked sites.
IDC's Germanow said a ban on reverse engineering would damage attempts to evaluate software for security holes and interoperability.
"If you restrict software to only being used in a way that the vendor intended, you risk stifling a lot of innovation," he said.
Cphack appeared to be released under the GNU General Public License, which could allow unlimited distribution of the program even if Mattel owns the copyright.
Jansson had attached the statement, "Released under the GPL," to the cphack program because he wanted it freely available. But he said he never discussed releasing the entire package under GPL with Skala. "Mattel got my rights to it," said Jansson in a statement.
A GPL is designed to preserve freedom of distribution even if the copyright holder changes his mind. But Eben Moglen, general counsel of the Free Software Foundation, which offers the GPL, says it's unclear whether Jansson made a GPL agreement.
In the meantime, some Web sites, such as The Anonymizer, which posted the banned software, have removed the programs but retained links to other mirror sites.