So today we're posting the "iPhone Developer Program License Agreement"—the contract that every developer who writes software for the iTunes App Store must "sign." Though more than 100,000 app developers have clicked "I agree," public copies of the agreement are scarce, perhaps thanks to the prohibition on making any "public statements regarding this Agreement, its terms and conditions, or the relationship of the parties without Apple's express prior written approval." But when we saw the NASA App for iPhone, we used the Freedom of Information Act (FOIA) to ask NASA for a copy, so that the general public could see what rules controlled the technology they could use with their phones. NASA responded with the Rev. 3-17-09 version of the agreement.

UPDATED: we are now also posting the most recent version of the agreement, dated January 2010.

This "license agreement" is particularly relevant right now, given the imminent launch of the iPad and anytime-now issuance of the U.S. Copyright Office's ruling regarding jailbreaking of the iPhone.

So what's in the Agreement? Here are a few troubling highlights:

Ban on Public Statements: As mentioned above, Section 10.4 prohibits developers, including government agencies such as NASA, from making any "public statements" about the terms of the Agreement. This is particularly strange, since the Agreement itself is not "Apple Confidential Information" as defined in Section 10.1. So the terms are not confidential, but developers are contractually forbidden from speaking "publicly" about them.

App Store Only: Section 7.2 makes it clear that any applications developed using Apple's SDK may only be publicly distributed through the App Store, and that Apple can reject an app for any reason, even if it meets all the formal requirements disclosed by Apple. So if you use the SDK and your app is rejected by Apple, you're prohibited from distributing it through competing app stores like Cydia or Rock Your Phone.

Ban on Reverse Engineering: Section 2.6 prohibits any reverse engineering (including the kinds of reverse engineering for interoperability that courts have recognized as a fair use under copyright law), as well as anything that would "enable others" to reverse engineer, the SDK or iPhone OS.

No Tinkering with Any Apple Products: Section 3.2(e) is the "ban on jailbreaking" provision that received some attention when it was introduced last year. Surprisingly, however, it appears to prohibit developers from tinkering with any Apple software or technology, not just the iPhone, or "enabling others to do so." For example, this could mean that iPhone app developers are forbidden from making iPods interoperate with open source software, for example.

You will not, through use of the Apple Software, services or otherwise create any Application or other program that would disable, hack, or otherwise interfere with the Security Solution, or any security, digital signing, digital rights management, verification or authentication mechanisms implemented in or by the iPhone operating system software, iPod Touch operating system software, this Apple Software, any services or other Apple software or technology, or enable others to do so

Kill Your App Any Time: Section 8 makes it clear that Apple can "revoke the digital certificate of any of Your Applications at any time." Steve Jobs has confirmed that Apple can remotely disable apps, even after they have been installed by users. This contract provision would appear to allow that.

We Never Owe You More than Fifty Bucks: Section 14 states that, no matter what, Apple will never be liable to any developer for more than $50 in damages. That's pretty remarkable, considering that Apple holds a developer's reputational and commercial value in its hands—it's not as though the developer can reach its existing customers anywhere else. So if Apple botches an update, accidentally kills your app, or leaks your entire customer list to a competitor, the Agreement tries to cap you at the cost of a nice dinner for one in Cupertino.

Overall, the Agreement is a very one-sided contract, favoring Apple at every turn. That's not unusual where end-user license agreements are concerned (and not all the terms may ultimately be enforceable), but it's a bit of a surprise as applied to the more than 100,000 developers for the iPhone, including many large public companies. How can Apple get away with it? Because it is the sole gateway to the more than 40 million iPhones that have been sold. In other words, it's only because Apple still "owns" the customer, long after each iPhone (and soon, iPad) is sold, that it is able to push these contractual terms on the entire universe of software developers for the platform.

In short, no competition among app stores means no competition for the license terms that apply to iPhone developers.

If Apple's mobile devices are the future of computing, you can expect that future to be one with more limits on innovation and competition (or "generativity," in the words of Prof. Jonathan Zittrain) than the PC era that came before. It's frustrating to see Apple, the original pioneer in generative computing, putting shackles on the market it (for now) leads. If Apple wants to be a real leader, it should be fostering innovation and competition, rather than acting as a jealous and arbitrary feudal lord. Developers should demand better terms and customers who love their iPhones should back them.

At issue are provisions of federal law that require anyone who produces a visual depiction of sexually explicit expression to maintain extensive records -- including copies of drivers' licenses, the dates and times images were taken, and all URLs where images were posted -- and often force public disclosure of a creator's home address. Even more troubling, the regulations allow law enforcement warrantless entry into homes or offices in order to inspect the records that are supposed to be kept. While these statutes regulate the commercial pornography industry, they also likely apply to a staggering number of Americans who create and share images of themselves over social networks, online dating services, personal erotic websites, and text messaging.

"The plain language of the statute subjects ordinary Americans, who are using emerging communications technologies at an ever-increasing rate, to onerous record-keeping and inspection requirements for lawful speech. They could face up to five years in prison if they don't follow the statutory requirements to the letter," said EFF Senior Staff Attorney Matt Zimmerman. "Speakers who engage in private, expressive activity protected by the First Amendment should not be at risk of criminal sanctions for violating an overbroad statute that they likely know nothing about."

A coalition of artists, producers, distributors, and educators filed suit against the provisions last year, arguing that the law censored their artistic and educational work. In its amicus brief in support of the coalition filed today, EFF asked the judge to throw out the record-keeping regulations as an unconstitutional chill on adult free expression in the digital age.

"Digital cameras, camcorders, and the Internet make it easy to create and share lawful adult material in a wide variety of ways. Thousands of ordinary Americans are doing just that, only to find themselves subject to these record-keeping and inspection requirements," said EFF Civil Liberties Director Jennifer Granick. "This just doesn't square with the Constitution."

For the full amicus brief:
http://www.eff.org/files/filenode/fsc_v_holder/EFF%20Amicus%20Brief.pdf

For more on Free Speech Coalition v. Holder:
http://www.eff.org/cases/free-speech-coalition-v-holder

Contacts:

Matt Zimmerman
Senior Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Jennifer Stisa Granick
Civil Liberties Director
Electronic Frontier Foundation
jennifer@eff.org

Unfortunately, many signs suggest that the administration is paying far more attention to the interests of the entertainment industry than to the public good. At the same time, there are a few positive efforts and indications, so we're holding out hope that things could improve.

The first bad omen came last December, when Vice President Biden invited the RIAA, MPAA and other representatives of the mainstream entertainment industry to a closed-door "Piracy Summit" at the White House. Although Biden's office sold the summit as "bringing together all the stakeholders" in the piracy debate, it failed to invite a single representative of the public interest or the technology industry.

One outcome previewed at the summit was the formation of a new Department Of Justice "Intellectual Property Task Force", which was formally announced in February. Unfortunately, the Department of Justice already has a history of coming down disproportionately hard on victims of the copyright conflict. And while the task force's announcement stressed that IP crime "threatens not only our public safety but also our economic wellbeing," it didn't even pay lip-service to the harms to privacy, free speech, and innovation in the industry's long war on piracy.

Later in February, the government's new IP Enforcement Coordinator (IPEC), Victoria Espinel, announced that "the Federal Government is currently undertaking a landmark effort to develop an intellectual property enforcement strategy" and asked for public input into what this strategy should look like. A major component of the request seeks information about "the costs to the
U.S. economy resulting from intellectual property violations," which in the past has mainly been expressed through skewed, erroneous accounts of the supposed effects of piracy from entertainment industry lobbyists. However, the IPEC is also demanding an unprecedented level of rigor from these studies:

Submissions directed to the economic costs of violations of intellectual property rights must clearly identify the methodology used in calculating the estimated costs and any critical assumptions relied upon, identify the source of the data on which the cost estimates are based, and provide a copy of or a citation to each such source. [Emphasis mine.]

Since some of these poorly executed studies have appeared to successfully persuade members of Congress to change copyright law only in ways that favor the entertainment industry, it's refreshing to see the IPEC pushing for greater validity. To that end, we look forward to seeing the Obama Administration publicly debunk the empty rhetoric that circulates around questions of unauthorized file sharing and its economic effects.

There are other bright points. Late last year, the Administration supported looser international copyright protections for reading materials for the blind. Limitations and exceptions to copyright are a critical "safety valve" in copyright that helps preserve free expression, access to knowledge, and other human rights, and we hope to see them defended by the Administration in other contexts as well.

While IP enforcement appears to have center stage, there are other double-standards and unintended consequences in copyright and trademark law, all of which could benefit from some attention from the White House. The orphan works conundrum remains unsolved. Copyright term and licensing issues stymie creators and archivists. The anti-circumvention provisions of the DMCA still obstruct innovators.

But will the Obama Administration and Congress choose to face these tough, important issues? At the next IP summit, will advocates for questions like these have a seat at the table? Or will the public interest side of intellectual property law and policy continue to languish unaddressed? Time will tell.

Don't forget to check out EFF's 20th Anniversary commemorative t-shirt and poster designed by EFF senior designer Hugh D'Andrade! These are still available in our shop and through our donation page. You can also download hi-res versions and wallpaper from our flickr page here.

(photo by John Adams)

(photo by Johnny Grace)

(photo by John Adams)

(Photo by John Adams)

(Photo by Johnny Grace)

Thanks to everyone who joined us or donated — and here's to another 20 years!

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.

This illustrates a basic problem built into the DMCA safe harbors. Microsoft’s notice targeted just one document. Network Solutions, however, couldn’t take down that single document, so opted to take down the entire site. Thus, although Cryptome's beef was with Microsoft, Cryptome also had to persuade Network Solutions to take a chance of losing safe harbor protection (although not much of a chance, because Cryptome’s posting was protected by the fair use doctrine). Because Network Solutions wasn't willing to take that small risk, a whole lot of speech was temporarily disappeared.

We’ve recently seen the same scenario with music bloggers, who may have their entire sites taken down as a result of complaints about a few links to music they’re reviewing.

And sometimes it's not even enough to find a courageous hosting provider. Last year a takedown notice targeting a single site parodying the U.S. Chamber of Commerce resulted in a takedown of the websites of over 300 activist organizations hosted by MayFirst/PeopleLink. The Chamber of Commerce went "upstream," targeting one of MayFirst's upstream service providers, Hurricane Electric. When MayFirst pushed back, Hurricane shut off service, thus pulling the plug on unrelated websites, email and other online tools.

In all of these cases, copyright owners reach out to a "weak link," the service provider with the least incentive to resist the takedown notice. Unless it has a free lawyer, the cost of doing a fair use analysis and defending a lawsuit—even if the service provider knows it will win—is almost certainly more than a service provider is charging any individual customer, or even a whole bunch of "innocent bystander" customers.

This unfortunate outcome is particularly ironic because Congress gave service providers protections in the DMCA. Service providers who care about free speech have better options:

• Remember, if your only relationship to the material targeted is that you provide connectivity to a downstream service, you should qualify for the 512(a) safe harbor, and, therefore don’t have an obligation to take the material down.
• Remember also that you don’t need the safe harbor if the material is a non-infringing fair use. In clear cases, you can bypass DMCA procedures.
• If thinking about fair use doesn’t make business sense, or you’re not sure, keep in mind that the DMCA requires only that you act “expeditiously” to respond to a takedown notice. Courts have found that providers should take down material within a few days of receiving a notice. So if you realize complying with a takedown notice will result in taking down much more material than the notice identifies, take the time to notify the person who sent the notice about the collateral damage it may cause. They may elect to withdraw it, especially where they are likely to face public criticism for causing an overbroad takedown.
• Give your customer a chance to re-jigger their service to avoid such collateral damage.
• Be sure to offer customers a clear counter-notice procedure—the DMCA provides protection for service providers that restore content in response to counter-notices.

Customers who also care about free speech should vote with their wallets and look for providers who will commit to following these suggestions. The safe harbors were supposed to help protect free speech, and they often do—but only if copyright owners, service providers, and internet users follow their common sense as well their business sense.

The petition is part of EFF's reply comments in the FCC's net neutrality rulemaking. The FCC's proposed rules generally prohibit ISPs from discriminating or blocking lawful content, but include a loophole for 'reasonable network management' by ISPs. The proposed rules then define 'reasonable network management" to include measures taken by ISPs to block unlawful content or transmissions. This exception would effectively permit ISPs to violate net neutrality rules and block lawful activities in the name of copyright enforcement.

"We can't afford to let lawful speech become collateral damage in Hollywood's war on copyright infringement," said EFF Senior Staff Attorney Fred von Lohmann. "Net neutrality regulations should not excuse ISPs that interfere with lawful content just because they claim they were acting as copyright cops."

EFF's original comments to the FCC, submitted in January, also question whether the FCC has the legal authority or political independence necessary to properly regulate the Internet. Additionally, EFF has called on the FCC to protect the interests of individuals who offer open WiFi Internet access to their neighbors or local communities.

"Before the ink is dry on net neutrality regulations, we already see corporate lobbyists and 'public decency' advocates pushing for loopholes," said EFF Civil Liberties Director Jennifer Granick. "A loophole like this could swallow network neutrality, with ISPs claiming copyright enforcement as a pretext for all sorts of discriminatory behavior."

For EFF's full reply comments to the FCC:
http://www.eff.org/files/filenode/nn/EFF%20NN%20reply%20comments2b.pdf

For more on net neutrality:
http://www.eff.org/issues/net-neutrality

Contacts:

Jennifer Stisa Granick
Civil Liberties Director
Electronic Frontier Foundation
jennifer@eff.org

Fred von Lohmann
Senior Staff Attorney
Electronic Frontier Foundation
fred@eff.org

Congress enacted the DMCA's ban on bypassing DRM at the urging of entertainment industry lobbyists who argued that DRM backed by law would quell digital copyright infringement. Of course, 12 years later, that exactly hasn't worked out. Nor is it likely to ever work out. But lots of industries have recognized that these provisions of the DMCA are good for other things—like impeding scientific research and legitimate competition. The Unintended Consequences report collects these stories, including oldies like Lexmark's effort to block toner cartridge refilling and new cases like the lawsuit against RealDVD.

Other new additions to the report include Apple's use of the DMCA to lock iPhone owners to Apple's own App Store for software, Apple's DMCA threats against Bluwiki for hosting discussions about iPod interoperability, and Texas Instruments' use of the DMCA to threaten calculator hobbyists trying to write their own operating systems.

Although in many cases the DMCA abuser backs down or is beaten in court, the abuses and resulting chilling effect on legitimate activities continues. And even though the U.S. Copyright Office is considering proposed exemptions to the DMCA, that proceeding won't prevent more abuses in the future.

The U.S. Copyright Office is currently mulling proposed exemptions to the DMCA's ban on "circumventing" digital rights management (DRM) and "other technical protection measures" used to restrict access to copyrighted works. The Copyright Office is empowered to grant exemptions to the law every three years to mitigate the harms that DRM otherwise would impose on legitimate, non-infringing uses of copyrighted materials.

The triennial Copyright Office rulemaking, however, has not been enough to prevent abuses of the DMCA. EFF's report details the numerous harms stemming from the DMCA's ban on circumventing DRM, including Apple's attempts to lock down the iPhone and force users into its App Store. Also new in this year's report is the account of hobbyists threatened by Texas Instruments for blogging about potential modifications to the company's programmable graphing calculators as well as the story behind the legal attacks on Real DVD and other products that create innovative new ways for consumers to enjoy DVD content they have legitimately purchased.

"The DMCA's ban on tampering with digital locks on content is a dangerous anachronism, a holdover from a time when people thought DRM could solve all of Hollywood's problems," said EFF Senior Staff Attorney Fred von Lohmann. "The DMCA's ban on bypassing DRM has failed to stem digital copyright infringement, but it has unfortunately been repurposed as a cudgel to threaten legitimate research and competitors."

Among the DMCA exemption requests currently before the Copyright Office are three from EFF. One asks for an exemption for amateur creators who use excerpts from DVDs in order to create new, noncommercial remix videos. Another would explicitly exempt cell phone "jailbreaking," allowing iPhones and other handsets to run applications from any source. EFF's third proposal asks for a renewal of an exemption previously granted for unlocking cells phones so they can be used with any mobile carrier. A final decision on these and other requests is expected from the Copyright Office within the next few weeks.

For "Unintended Consequences: Twelve Years Under the DMCA":
http://www.eff.org/wp/unintended-consequences-under-dmca

For more on EFF's exemption requests:
http://www.eff.org/cases/2009-dmca-rulemaking

Contact:

Fred von Lohmann
Senior Staff Attorney
Electronic Frontier Foundation
fred@eff.org

Technology design can maximize or decimate our basic rights to free speech, privacy, property ownership, and creative thought. The panel will discuss some good and bad design decisions through the years and the ramifications of those decisions.

Monday's panel is free and open to the public.

WHAT:
Architecture Is Policy: The Legal and Social Impact of Technical Design Decisions

WHEN:
4 p.m.
Monday, March 8

WHERE:
Newell-Simon Hall, Room 3305
Carnegie Mellon University
Pittsburgh, PA 15213

WHO:
Ed Felten (Professor of Computer Science and Public Affairs and Director of the Center for Information Technology Policy, Princeton University)
Dave Farber (Distinguished Career Professor of Computer Science and Public Policy in the School of Computer Science, Carnegie Mellon University)
Lorrie Cranor (Associate Professor of Computer Science and of Engineering and Public Policy, Director of the CyLab Usable Privacy and Security Laboratory [CUPS], Carnegie Mellon University)
John Buckman (EFF Board Chair, Serial Entrepreneur)
Cindy Cohn (EFF Legal Director, Moderator)

Contact:

Rebecca Jeschke
Media Relations Director
Electronic Frontier Foundation
press@eff.org