Wired News

  • What’s at Stake in the Surveillance Debate in Congress

    Over the next few weeks and months, civil libertarians and consumer advocates will wage a battle against the telecommunications companies and the Bush administration to preserve some semblance of privacy rights in Americans’ communications.

    Congress will be considering several versions of bills that will, one way or another, expand government access to phone calls and e-mails. These legislative proposals are complex and in flux, but there are two main issues at the center of the debate that citizens can focus on. One is whether eavesdropping on millions of Americans simultaneously is acceptable. The second is whether communications companies should get a free pass for breaking the law by allowing illegal warrantless surveillance of all Americans’ communications.

    In the 1960s and ’70s, several Supreme Court cases held that citizens can reasonably expect that the government will not eavesdrop on their personal communications without first demonstrating to a court the need for this privacy invasion. Congress passed the Wiretap Act of 1968 to regulate eavesdropping for law enforcement purposes, and added the Foreign Intelligence Surveillance Act (FISA) of 1978 to establish procedures for the president to follow when conducting surveillance for national-security purposes. FISA established a “secret court” — the Foreign Intelligence Surveillance Court, or FISC — to review applications for national-security warrants. These could be obtained merely by showing that the target was an agent of a foreign power.

    Targeted surveillance was the order of the day for two primary reasons. First, the Fourth Amendment prohibits “general warrants,” those which do not specify the names of people to be observed, the inventory of things to be seized, or otherwise fail to narrow the discretion of the officer performing the search. Second — and it turns out, more importantly — it was prohibitively expensive to perform mass surveillance. Eavesdropping required paying someone to sit and listen to calls, because storage and voice-recognition technology were not available.

    By 2001, things had changed. Digital networks, vast storage and powerful computer processing meant that it was now economically feasible to monitor entire networks — including the phone network — using computers, voice recognition and other modern technologies. The government began pushing to use these new technologies for wide-scale mass surveillance.

    The Sept. 11 terrorist attacks also occurred in 2001. But while the attacks may have raised the American public’s tolerance for privacy invasions, it was not the sole impetus for mass spying. The National Security Agency (NSA) was pressuring telcos to give it unfettered access to customer calling records seven months before the attacks. Regardless, Sept. 11 inspired Congress to modify FISA to give national security officers more leeway in hunting down terrorists. The USA Patriot Act modified FISA in several important ways, but none of them would have allowed the wholesale surveillance of American communications networks the NSA was pushing for behind the scenes.

    Despite the missing legal authority, we now know that several telecommunications companies secretly cooperated in the mass diversion of phone calls and e-mails to the NSA. The New York Times revealed the existence of this warrantless surveillance program in December 2005. After this revelation, the Bush Administration admitted it was listening without warrants to known al-Qaida members who called, or were called by, people in the United States. However, the warrantless wiretapping went much further than that. A former AT&T engineer by the name of Mark Klein revealed that all internet traffic flowing through AT&T’s backbone was regularly diverted to the NSA.

    My employer, the Electronic Frontier Foundation, filed a class action lawsuit against AT&T on behalf of all its customers who had been intercepted without a warrant, as well as those who had had their phone records disclosed in a separate but apparently related program. A few months later, other class actions against the telcos were filed nationwide. The attorneys general of several states also began investigations to see whether the communications providers had violated their legal obligations as public utilities. The federal government has intervened in the litigation to kill all of these cases, alleging that telco cooperation is an official secret and that the lawsuits must be dismissed. That issue is currently on appeal to the 9th U.S. Circuit Court of Appeals, although at least one high-level administration official — Mike McConnell, the director of national intelligence — has since confirmed the phone company-government collaboration.

    Now the administration is bringing the battle for mass surveillance to Congress. Just before this summer’s recess, Congress passed the Protect America Act (PAA), which gave the U.S. attorney general and the director of national intelligence the power to authorize surveillance without a court order, so long as the target of that surveillance was reasonably believed to be overseas. This was a major expansion of executive power from what FISA had allowed. it also went well beyond what the Bush administration had said it needed: The president had claimed FISA needed some modest tweaking to allow for efficient eavesdropping on foreign-to-foreign communications that travel through the United States, while leaving the privacy of Americans intact.

    The PAA is due to expire in February of 2008, so Congress is now considering new proposals to replace it. An admirable goal of well-balanced legislation would be to enable us to detect and fight terrorism, without losing judicial and legislative oversight of the surveillance process.

    The Restore Act, which failed to pass the House last week, tried to strike this balance. It would have permitted warrantless surveillance of foreign-to-foreign communications and put surveillance review back in the hands of the FISC rather than administration officials. And it would not have immunized phone companies for their illegal behavior. However, it did allow for “blanket warrants” that would sanction mass, warrantless surveillance of Americans if the purported target was a foreign national.

    The problem with such blanket warrants is practical, legal and technical.

    On the technical side, the tactic produces far more false positives than we are capable of processing. Also, warrants for general surveillance are proven vehicles for abuse. Our Founding Fathers abhorred general warrants, which is why the Fourth Amendment specifically prohibits them, proscribing that “no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

    The potential for abuse is extreme in the case of telecommunications, because the government is capturing and has access to every one of our calls or e-mails as they flow through telco offices, even if it’s not supposed to look at most of it.

    The legislation that just cleared the Senate subcommittee and is currently under consideration makes a different mistake. It would allow the attorney general in a closed-door session to unilaterally absolve any telco accused of illegally intercepting communications.

    Communications carriers play an essential role in keeping the government honest about whether it’s eavesdropping on us. Any working law must provide incentives to these companies to reject requests for unlawful surveillance by imposing liability when they fail to do so, while protecting companies that comply in good faith with valid legal process, just as FISA and the Wiretap Act already do.

    It’s not clear why the Senate thinks encouraging secret collusion between a president and a major industry is a good idea. Telcos accused of violations will donate money to the campaigns of those officials most likely to absolve their bad behavior. The bill also abandons the substantial oversight role that either Congress or courts could play in ensuring that laws are followed and effective. My employer, EFF, also objects to telco immunity because it is intended to kill our pending class action lawsuit.

    Rather than offering a rational reason for the amnesty provision, the Senate seems to be acting out of confusion. Feeling left out, Congress said it would not consider amnesty unless the White House disclosed documents that would allow lawmakers to determine what exactly was going on with secret, warrantless surveillance in this country. Now that the Senate has received some documents, it is ready to pay off the administration for this small, belated courtesy of inclusion, while forgetting to exercise the oversight function that caused the legislators to ask for the information in the first place.

    Sen. Russ Feingold’s office says that the documents show that the surveillance was illegal, a very good reason to refuse any amnesty. Sen. Jay Rockefeller, who recently benefited from unusually large campaign contributions from the phone companies, supports amnesty.

    As the legislative process plays out, the issues of when to authorize mass surveillance, how to minimize abuses and how to deter unlawful behavior will continue to be major parts of the debate. The American Revolution was fought in part against the abuses practiced by an unchecked executive power. Terrorism and new technologies are novel challenges, but the legal techniques developed over the past 200 years — separation of powers, checks and balances, individualized suspicion and special warrants among them — have and will continue to serve us well, if we let them.

    – – –

    Jennifer Granick is civil liberties director at the Electronic Frontier Foundation.


  • Proposed Reporters’ Shield Law Overdue but Underpowered

    Newly proposed legislation that would protect the confidentiality of journalists’ sources under federal law could be a major step toward preserving a free press. But a loophole in the bill may result in less protection than Congress intends and reporters need.

    On Thursday, the Free Flow of Information Act, a bill to create a federal journalist-shield privilege, received approval from the Senate Judiciary Committee. This law would allow journalists to refuse to disclose their confidential sources without facing the threat of fines or jail time.

    Though most states have media-shield laws, recent developments gave new urgency to the passage of a federal law. In the Lewis Libby case, special counsel Patrick Fitzgerald jailed former New York Times reporter Judith Miller, and threatened to jail Time magazine reporter Matthew Cooper, after each refused to provide the name of the Bush administration official who told them that Valerie Plame Wilson was an undercover CIA agent.

    Similarly, San Francisco Chronicle reporters Mark Fainaru-Wada and Lance Williams faced prison time for their refusal to reveal who leaked grand jury testimony to them in their coverage of Balco professional sports and steroids scandal.

    Even though Fainaru-Wada’s and Williams’ home state of California has a media-shield law, it doesn’t apply when the feds are the investigating agency. That’s why video-blogger Josh Wolf went to jail — he had filmed protestors at a rally where a police officer was severely injured and a police car torched. State prosecutors faced an uphill legal battle to force him to turn over the video as potential evidence, but when the FBI got involved, purportedly to investigate the car arson, the federal law posed no such hurdle.

    These events, particularly the Libby case, gave journalists and Congress a chill. They set about (slowly) developing federal protection for journalists. Two main challenges to creating such a law are: 1) Who should enjoy the benefits of the privilege? 2) Under what circumstances? A closer look at the proposed FFIA provides an encouraging, but not totally reassuring, view.

    As revolutionary as the printing press was, it only opened up publishing to those wealthy enough to afford a press and a mode of distribution. Today, anyone with an internet connection and blogging software can disseminate news and opinions to the world. If we don’t want everyone in the world to have an excuse to refuse to answer a grand jury or prosecutor’s questions, the question is how to define the entities that are entitled to invoke the media-shield law.

    The best answer is that a shield law should protect the flow of news, rather than people we historically think of as news reporters. For example, in the Apple v. Does case decided by the California Court of Appeals in 2006, the computer manufacturer sued unknown parties who had leaked information about a soon-to-be-released product to several blogs devoted to scrutinizing the company. Then, Apple subpoenaed records from the blogs’ internet service providers to try to find out who the unknown defendants were. My current employer, the Electronic Frontier Foundation, represented the bloggers and moved to quash the subpoena under California’s media-shield law.

    Apple’s initial briefs suggested that they would be challenging whether bloggers were entitled to invoke the same rights as “real” journalists. My former employer, Stanford Law School’s Center for Internet and Society, under the auspices of attorney Lauren Gelman, filed an amicus brief on behalf of a number of prominent online journalists and writers arguing that the privilege should not depend on whether one publishes online or offline, or is employed by a media company, but on whether the writer communicated with the source for the purpose of collecting and reporting news.

    Rather than hinging the privilege on who had a source to protect, we argued the privilege should depend on why the individual was talking to the source in the first place. In short, we argued that bloggers are journalists, too. Apple did not pursue this issue in subsequent briefing and the court assumed that the bloggers were equally entitled to the protection of California law as any other journalist.

    The outcome of the Apple v. Does case then hinged on whether the fact that the source may have committed a crime (in that case, trade-secret theft) was cause to withhold a privilege that in effect would prevent that person from being brought to justice. While the California court ruled in favor of the bloggers and the shield law, the concern about protecting wrongdoers versus protecting the news remains a major issue under the federal proposal.

    Thursday’s version of the FFIA (S:2035, sponsored by Senator Arlen Spector (R-Pennsylvania) and others) provides a qualified right to refuse to testify, disclose documents or otherwise identify a source to whom a journalist promised confidentiality. This privilege can be overcome if “all reasonable alternative sources” of the testimony or documents have been exhausted, the information is essential to a case, and the “nondisclosure of the information would be contrary to the public interest.”

    Bloggers should be happy about the way the bill defines journalist. Anyone engaged in the regular gathering, writing or publishing of news or other matters of public interest for dissemination to the public can invoke the shield. Also, the bill prevents federal investigators from making a complete end run around the shield law by subpoenaing the reporter’s e-mail provider instead, as Apple tried to do in the California case.

    However, reporters of all stripes should continue to be concerned about how some of the exceptions to the shield might apply in practice.

    Critically, the protection does not apply if the very act of communicating the documents or information at issue is allegedly criminal or tortious conduct. At first blush this makes sense. Who wants to protect a disgruntled employee who divulges information to retaliate against his employer, an attacker who steals celebrities’ or politicians medical records, or a burglar who steals and sells behind-the-scene secrets about the next Indiana Jones movie?

    But on further consideration, it’s actually a loophole big enough to drive a truck through. So many laws protect information today — between copyright, trade secret, classification orders, data stored on computer systems and accessed without authorization, non-disclosure agreements and other legal claims — a party seeking to unmask a source doesn’t have far to look for a disclosure offense under which he can justify bursting the privilege.

    Consider the examples I gave above. Lewis Libby was convicted of lying, not leaking, but the leaking was arguably criminal conduct, so the proposed shield may not have applied to Miller and Cooper. Leaking grand jury testimony is illegal, so this law would probably not protect the Chronicle’s Balco reporters.

    Many times, the public needs information from whistleblowers who want to remain anonymous not out of cowardice, but out of legitimate fears of retaliation. Jeffrey Wigand, the tobacco-company whistleblower portrayed in the movie The Insider violated the confidentiality agreement he’d signed with his employer, and reporter Lowell Bergman arguably tortiously interfered with that contract by getting Wigand to talk. Daniel Ellsberg, the Department of Defense employee who leaked the Pentagon Papers, faced criminal charges for his conduct. Yet, the public needed, and probably would not have gotten, this information if it weren’t for the reporters’ credible promises of confidentiality.

    Despite this problem, lawmakers concerned about preserving the government’s ability to prosecute people who leak national security information want to further weaken the bill. The current version already states that the privilege must yield when a federal court finds that disclosure would prevent terrorism or significant harm to national security interests. Other objections to the bill come from the business community, which is less happy about the illegal conduct loophole than they should be.

    Congress should resist further efforts to weaken the bill, and consider ways to narrow or eliminate the criminal conduct loophole. One suggestion might be to limit the loophole to criminal, not tortious activity. Another might be to identify only the most serious crimes as bases for the exemption. Congress could also ask federal courts to balance the interest in identifying a wrongdoer in a particular case against the public’s right to know.

    Regardless, the FFIA is a major step forward for journalists, who clearly need a uniform federal law to protect their sources. And it’s a victory for the public, which benefits from the free flow of information from confidential sources.

    – – –

    Jennifer Granick is Civil Liberties Director at the Electronic Frontier Foundation.


  • Is That Big Brother in Your Pocket, or Are You Just Happy to See Me?

    This morning, you left the house tagged with a tracking device that the government can use to find out where you have been and where you are going.

    I’m talking, of course, about your cell phone. Mobile phones communicate continuously with cellular towers in order to receive calls, sending out a signal registering its existence and identity with the provider’s nearest towers. The provider stores this cell-site data, which can be triangulated to determine the customer’s physical location.

    While most courts considering the issue have held that police need “probable cause” to track your movements, a new decision (.pdf) last week out of the U.S. District Court of Massachusetts holds that law enforcement need show only “relevance to an ongoing investigation” to get a historical record of your past movement (something like the Jeffy trail in The Family Circus cartoon).

    Why are courts treating past and prospective tracking so differently, and should they?

    The problem starts with a basic congressional assumption that real-time information in transit is more private than stored information — a bias that is enshrined in various laws that protect wire and electronic communications. Congress has imposed stronger limits on how real-time information is accessed and used.

    The Pen Register statute grants the government access to real-time (in-transit) signaling (to/from) information upon an assertion that the information requested is “relevant to an ongoing criminal investigation.” While cell-site data could be considered signaling information, Congress protected location information further under the Communications Assistance for Law Enforcement Act (CALEA), which specifically prohibits using the Pen Register statute as the sole authority for obtaining physical-location information.

    So the government argues that the Stored Communications Act is additional authority for its obtaining cell-site information with a mere showing of relevance. The SCA gives the government access to stored records or other information pertaining to a subscriber of an electronic communications service (not including the contents of communications) if the government “offers specific and articulable facts showing that there are reasonable grounds to believe that … the records or other information sought are relevant and material to an ongoing criminal investigation.”

    This standard is very similar to the standard for government access under the Pen Register statute, although under the SCA the government must produce evidence, and not merely certify, that the information is relevant. Still, most courts have rejected this argument, because the SCA applies only to stored information, and utterly lacks the procedural safeguards (such as time limits and provisions for sealing, renewal and periodic reports) typical of prospective surveillance statutes.

    In the absence of a statute permitting government access, the majority of courts have ruled that law enforcement can only track your future cell-phone movements with a warrant based on probable cause. Some of these decisions have further suggested that a warrant is constitutionally required, regardless of what the statutes say, because you have a reasonable expectation of privacy — protected by the Fourth Amendment — for your location information.

    These constitutional privacy concerns were given short shrift earlier this month in the U.S. District of Massachusetts ruling. The new case considers when the government can track your historical, rather than current, movements. The judge held that cell information which reveals your past movements is squarely covered by the SCA, so the Pen Register statute and the additional CALEA limitations do not come into play.

    Further, the court rejected the idea that your past movements are protected by the Fourth Amendment. Its ruling was based on two Supreme Court cases involving tracking devices. In one, United States v. Knotts, police placed a tracking beeper in a can of chemicals to find out where the defendant was transporting it. The Supreme Court found no Fourth Amendment violation because the suspect’s car was visible on public highways, no more private than it would have been to an officer’s naked eye.

    In contrast, in United States v. Karo, the Supreme Court held that police violated the Fourth Amendment when the tracking beacon allowed police to monitor the suspect within the protected zone of a private home. With historical tracking by cell phone, the Massachusetts district court said the case was more like Knotts than like Karo, because there was no indication the information would give away anything that happened within a protected zone.

    Something is deeply screwy with this scheme. While police may be able to trail a suspect’s car with the naked eye, only psychics can track our past behavior without this cell-site data. There is also a difference of scale. Allowing police to place a tracking device on a suspect’s car is quite different from allowing them to track any innocent person who’s activities are merely “relevant” to an investigation.

    We will continue to see problems like this as courts try to apply existing privacy laws to new technologies. Congress has not proven itself to be much better at predicting technological changes and protecting privacy, either, but something should change. Otherwise, the phone in your pocket might as well be a trail of bread crumbs.

    – – –

    Jennifer Granick is Civil Liberties Director at the Electronic Frontier Foundation.


  • Free Speech Sometimes Trumps Copyright

    On my first day of my new position as civil liberties director at the Electronic Frontier Foundation, the U.S. 10th Circuit Court of Appeals dealt my previous employer, the Stanford Center for Internet and Society, a fantastic victory. The court’s ruling in Golan v. Gonzales is also a triumph for the First Amendment and for the overwhelming majority of creators.

    In Golan, we challenged section 514 of the Uruguay Round Agreements Act, or URAA, which removed thousands of books, films and musical compositions from the public domain. We argued that this violated the First Amendment because people could no longer use these works for their own creative expression. As an example, our community orchestra and conductor clients could no longer freely play compositions to which they had purchased the sheet music and learned, and our film collector and preservationist clients could no longer show or make restored copies of films in their archives.

    Our argument depended on the case of Eldred v. Ashcroft. In Eldred, the Supreme Court affirmed Congress’ 20-year extension of already-existing copyrights because it found a long history of copyright extensions. But not all copyright laws are immune from review. Copyright regulates speech by limiting what subsequent speakers can do with a creative work. If Congress changes copyright’s “traditional contours,” courts must conduct a more searching First Amendment review to ensure that those changes do not overly burden free expression in an unjustified manner.

    In Golan, we argued that removing works from the public domain, as the URAA did, was a change in the traditional contours of the law. The government defended the URAA arguing that copyright laws triggered First Amendment concerns only if Congress either limited fair use or began to regulate ideas rather than just modes of expressing those ideas. We successfully argued that those two limits on copyright protection were some but not the only ways in which traditional copyright law harmonizes with constitutional free-speech protections, and that other changes — including depredation of the public domain — were equally unacceptable.

    Having agreed with our position that there are more than two “traditional contours” and that an inviolate public domain is one of them, the 10th Circuit sent the Golan case back to the District Court to determine whether the URAA goes too far in burdening speech.

    Stanford CIS has another case about the constitutional limits of copyright protection, Kahle v. Gonzales, which we lost in the 9th Circuit and are now seeking a review of before the Supreme Court. Both Golan and Kahle seek to define what “traditional contours” means.

    In Kahle, the issue is Congress’ change from a self-selecting system of copyright, where people had to register and give notice to indicate that they wanted copyright protection, to an indiscriminate system where every napkin doodle is copyrighted and people are forced to license or dedicate their works to the public domain, or make some other indication that they do not want copyright protection. This change from an opt-in to an opt-out system has produced generations of “orphan works” — creative works that are still under copyright, but for which owners are absent or prohibitively expensive to find. People who want to make use of an orphan work cannot locate the copyright owner to obtain permission. These would-be creators’ fear that someone will appear years later alleging copyright infringement chills new creative uses.

    The 10th Circuit’s decision in Golan should make it more likely that the Supreme Court will grant a review and hear the Kahle case, because there is now a split between two federal circuit courts regarding the First Amendment’s application to Congress’ copyright lawmaking.

    The prospect of arguing this issue before the Supreme Court is both thrilling and an immense responsibility. Our hope is that the Supreme Court affirms its holding in Eldred that Congress, in considering copyright legislation, must take free speech concerns to heart, and that when copyright laws deviate from tradition, courts must actively ensure that these new laws do not overly burden free speech.

    Congress and creators also need guidance from the Supreme Court about how much breathing room we are entitled to in a digital world, where every transmission is a copy and yet everyone can be a speaker or an artist. For now, the First Amendment is alive and well in the 10th Circuit.

    – – –

    Jennifer Granick is Civil Liberties Director at the Electronic Frontier Foundation.


  • IPhone’s Most Revolutionary Feature: Unauthorized Hacks

    The iPhone’s fantastic user interface is inspiring another consumer-electronics revolution: making people care about cell-phone unlocking. After my clients’ long, successful battle before the U.S. Copyright Office to exempt phone unlocking from the anti-circumvention provisions of the Digital Millennium Copyright Act, have iPhone customers won the freedom to tinker with their cool new handsets? The answer, unfortunately, is that we still don’t know.

    In the past week, New Jersey teenager George Hotz published instructions for unlocking the iPhone. Meanwhile an anonymous group called iPhoneSimFree plans to sell its software-only solution, and a company called UniquePhones is set to sell a remote unlocking service. These offers generated buzz from iPhone owners, who are restricted — by technological locks built into the GSM-based handset — to using the AT&T wireless network. On Monday, some buzz circulated from AT&T lawyers trying to shut down the distribution of unlocking software. Does AT&T have a leg to stand on?

    The DMCA anti-circumvention provisions prohibit you from circumventing technological locks that control access to copyrighted works without the authority of the copyright owner. While the law was intended to protect music and movie owners who want to distribute their works digitally, but are afraid of infringement, wireless companies started using the law to sue people who purchased and unlocked cell phones.

    Since unlocking a cell phone has nothing to do with copyright infringement, I applied for an exemption from the DMCA on behalf of two clients: one a business traveler and the other a phone refurbisher, reseller and recycler.

    We won an exemption in November of 2006 that allows you to circumvent digital locks (.pdf) in order to access “computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.”

    Despite this success, the exemption does not offer blanket protection for phone unlocking, though the practice might be legal for other reasons. The problem is that the exemption protects unlockers, but it doesn’t apply to those entities that distribute unlocking tools or provide unlocking services to others. Even when the Copyright Office grants exemptions for non-infringing or fair uses, customers usually still suffer because in most cases, including unlocking, only the small number of persons who have the technical know-how to circumvent can do so.

    Individuals or companies that might help them are still prohibited from doing so. Thus, in many ways, the rule-making is an empty promise: giving a legal right to circumvent, without protecting access to the tools necessary to make that right a reality.

    So, post-exemption, it remains for tool distributors to argue that their product is not covered by the DMCA in the first place, and I don’t know how influential the existence of the exemption will be on a court considering this question. Probably the strongest argument for distributors of unlocking software is that the customer for whom they are unlocking the phone has the firmware owner’s permission to operate that software by virtue of purchasing the phone. This argument was successful in two previous DMCA cases, one involving garage-door openers, and the other aftermarket printer cartridges.

    A complicating factor is the terms of service that come with either the iPhone or the AT&T service. If the documents purport to limit the customer’s right to operate the phone on another network, the companies have two separate legal arguments.

    The first is that the customer’s authority to access the phone’s firmware is limited by the TOS. Customers who unlock their phones would still be in the clear, because the exemption protects them. But purveyors of unlocking services are not covered by the exemption, and may be violating the DMCA by distributing their unlocking tools or services. Another complicating factor is that a valid contract with AT&T not to unlock should not affect the consumers’ authority to access Apple’s iPhone firmware.

    Still, if the DMCA applies, it is a pretty serious deterrent, carrying heavy penalties including — in some cases — criminal sanctions. Of course, distributors could move overseas, and once the software is out there, it’s difficult to stem the tide.

    The second potential legal argument is that customers are breaching their contracts with AT&T. Even iPhone owners operating on their own could be subject to this claim — assuming they activated service. That’s because the exemption only protects circumventors from liability under the DMCA, not all legal claims across the board.

    However, defenses against terms-of-service enforceability could be brought to bear here, and penalties for terms-of-service violations are usually set forth in the document, and are far less than statutory damages. Additionally, the tool or service distributor would weather this claim well, because it did not enter into any contract at all.

    I have some hope that the iPhone is just one incentive for consumers to clarify and expand our rights in this legal morass. The legal interaction of the DMCA and end-user licensing agreements affects our freedom to tinker with the devices we own, our access to information, the availability of competitively priced goods and services, the security of our computer systems, and our ability to make fair use of copyright materials.

    History shows that, particularly where telephones are concerned, competition is good for consumers. Consumers used to be forced to obtain their phones from AT&T. In 1968, the Federal Communications Commission broke AT&T’s monopoly over which devices could be attached to the network, and as a result we have cheaper phones with more features, answering and fax machines, and modems.

    Today, cell-phone companies use the Bell System’s old arguments about quality of service and compatibility in order to lock customers to a particular network and ensure call and roaming fees. The same excuses justify disabling Bluetooth functionality, thus preventing customers from selecting their choice of ringtone or photo-service provider, as well as thwarting the development of Wi-Fi cell phones out of fear that people would make calls over the internet and avoid paying cellular fees.

    Perhaps the iPhone will awaken a consumer revolution, though not necessarily the one envisioned by Apple or AT&T.

    – – –

    Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic.