Thursday, March 21, 2013

Code Is Speech

Code Is Speech:
Like many computer aficionados today, Seth Schoen writes all of
his software openly to ensure that the source code—the underlying
architecture of computer programs—will remain accessible for other
developers to use, modify, and redistribute. In so doing, Schoen is
not only creating technology but also participating in an effort
that is redefining the meaning of liberal freedom, property, and
software. How? By asserting, in new ways, that software code is
speech. A small portion of a 456-stanza poem that Schoen wrote
makes just this claim:
Programmers’ art as
that of natural scientists
is to be precise,
complete in every
detail of description, not
leaving things to chance.
Reader, see how yet
technical communicants
deserve free speech rights;
see how numbers, rules,
patterns, languages you don’t
yourself speak yet,
still should in law be
protected from suppression,
called valuable speech!
Schoen was not only arguing that source code is speech, his poem
was also demonstrating it. The lengthy verse was a transcoding of a
short piece of free software called DeCSS, which is used to decrypt
access controls on DVDs, in violation of current copyright
Schoen did not write his poem simply to be clever. His work was
part of a worldwide wave of protests against the prosecution of
open source developers, including the arrest of one of the initial
developers of the DeCSS software referenced in the verse.
Schoen’s poem captures the ethical spirit of the free and open
source software (F/OSS) movement, which is composed of individuals
who believe software should be free to be modified and
redistributed by anyone. The hackers and other geeks who identify
with this movement have managed to do something remarkable: In the
course of writing software, they have built an alternative theory
of intellectual production and property in opposition to current
copyright law, all while developing the tools to put that theory
into practice.
Free as in Beer
One of the best-known philosophical and legal distinctions in
the world of free software is the concept of free beer versus free
speech. Common among developers today, this notion was popularized
in the 1990s by developers of the open source operating system
called Debian.
“Free speech is the possibility of saying whatever one wants
to,” one Debian developer explained in an application required to
join the project at the time. “Software free as in beer can be
downloaded and used for free, but no more. Software free as in
speech can be fixed, improved, changed, be used as building block
for another software.”
Other open source practitioners placed their understanding of
free speech firmly within a broader meaning codified in the
constitutions of most liberal democracies: “Used in this context
the difference is this: ‘free speech’ represents the freedom to
use/modify/distribute the software as if the source code were
actual speech which is protected by law in the US by the First
Amendment,” one developer wrote. “ ‘Free beer’ represents something
that is without monetary cost.”
For open source developers, then, freedom means expression,
learning, and modification, not the mere absence of a price
Hackers first started talking about software as speech in
response to what they saw as excessive copyrighting and patenting
of computer software in the 1970s and ’80s. The first widely
circulated paper associating source code with free speech was
“Freedom of Speech in Software,” written by programmer Peter Salin
in 1991. Salin characterized computer programs as “writings,”
arguing that software was unfit for patents (intended for
inventions) but appropriate for copyrights and thus free speech
protections (which apply to expressive content).
The idea that coding was a variant of writing was gaining
traction, in part because of the popular writings of Stanford
computer science professor Donald Knuth on the art of programming.
During the early 1990s, a new ethical sentiment emerged among
participants of Usenet, a pre-Web online forum, that the Internet
should be a forum for unencumbered free speech. From this climate
emerged what have come to be known as the “encryption wars” of the
mid-1990s, when wary governments cracked down on developers of
cryptography software (for instance, programs that keep email and
other communications or data private) in the name of national
The most notable encryption court case was Bernstein v. U.S.
Department of Justice
. This battle started in 1995 after a
computer science student, Daniel J. Bernstein, sued the government
over the International Traffic in Arms Regulations, rules issued
under the Arms Export Control Act that classified certain types of
strong encryption as munitions and hence subjected them to export
controls. Bernstein could not legally publish or export the source
code of his encryption system, Snuffle, without registering as an
arms dealer.
In 1999, after years of litigation, U.S. District Judge Marilyn
Patel concluded that regulations of cryptographic “software and
related devices and technology are in violation of the First
Amendment on the grounds of prior restraint.” This decision not
only allowed developers to export cryptographic software; it also
deemed source code to be speech protected by the First
Bernstein and his lawyers used free speech to defend programming
against intrusive government controls but never questioned the
legitimacy of copyrights for software. Soon after, a large cadre of
developers began to launch a direct critique of the copyright
system. The legal regime to protect and reward copyrighted artistic
material, developers claimed, was butting up against their legal
rights to write software. At the dawn of the new millennium, this
fight was breaking out all over the international legal
Poetic Protest
On October 6, 1999, a 16-year-old Norwegian named Jon Johansen
used an online mailing list to release a short, simple software
program called DeCSS. Written by Johansen and two anonymous
developers, DeCSS unlocked a piece of encryption that scrambles the
content of a DVD when someone tries to play it on an unauthorized
machine. Prior to Johansen’s software, the international DVD Copy
Control Association (DVD CCA) was able to create geographical zones
across which discs could not be recognized; for instance, you could
not buy a DVD in the U.S. and play it in a French DVD player. The
discs also were unreadable on computers that did not use either
Microsoft’s Windows or Apple’s OS.
Released under a free software license, DeCSS was soon being
downloaded from hundreds, possibly thousands, of websites. While
many geeks used the technology to watch legitimately obtained DVDs
on their Linux-run machines, other users deployed the program to
copy and pirate DVDs. Various entertainment trade associations
quickly sought to ban the software and have the teenaged Johansen
arrested. In November 1999, the DVD CCA and the Motion Picture
Association of America (MPAA) sent cease-and-desist letters to more
than 50 website owners and Internet service providers, requiring
them to remove links to the DeCSS code because of its alleged
violation of trade secret and copyright laws, including (in the
U.S.) the Digital Millennium Copyright Act (DMCA).
Passed in 1998 to “modernize” copyright for digital content, the
DMCA included a controversial provision outlawing the manufacture
and trafficking of any technology (whether software or firmware)
capable of circumventing copy restrictions or access protections on
a copyrighted work in digital format. It did not matter if the
technology’s primary use was lawful (such as fair-use copying); as
long as the potential for copyright violation was there, the
software or hardware was considered illegal. Anything that monkeyed
around with existing code could be subject to the law, if the
existing code was written to protect copyright. “With the DMCA,”
media scholar Tartelton Gillespie notes, “circumvention is
prohibited, meaning that the technologies that automatically
enforce these licenses are further assured by the force of the
In December 1999, alleging trade-secret misappropriation, the
DVD CCA filed a lawsuit against hundreds of individuals for
publishing the unlocking software. Eventually two cases from this
batch moved forward through the court system. In 2000 the MPAA
(along with other trade associations) sued the well-known hacker
organization and publication 2600, along with its founder,
Eric Corley (more commonly known by his hacker handle, Emmanuel
Goldstein), claiming violation of the DMCA. Corley would fight the
lawsuits, asserting 2600’s journalistic free speech right
to publish DeCSS. As frequently happens with censored material, the
DeCSS code at this time was unstoppable; it had spread like
Simultaneously, the international arm of the MPAA urged
prosecution of Johansen under Norwegian law (the DMCA did not apply
in his home country). The Norwegian Economic and Environmental
Crime Unit took the MPAA’s informal legal advice and indicted
Johansen on January 24, 2000, for violating an obscure Norwegian
law that prohibits the opening of a closed document in a way that
gains access to its contents, or otherwise breaking into a locked
repository. Johansen (along with his father, since he was underage)
was arrested and released on the same day, and police confiscated
his computers. He was scheduled to face trial three years
Hackers Fight Back
Hackers saw Johansen’s indictment and the lawsuits as a
violation of not simply their right to use software but also their
more basic right to produce F/OSS. Many developers understood the
attempt to restrict DeCSS as an all-out assault: “Here’s why
they’re doing it,” wrote one commenter on the popular technology
site Slashdot after Johansen’s computer was confiscated on January
24, 2000. “Scare tactic…This is a full-fledged war now against the
Open Source movement.”
Hackers moved to organize politically, making forceful arguments
that computer code is expressive speech. Many websites began
providing highly detailed information about the DMCA, DeCSS, and
copyright history, and the Electronic Frontier Foundation, a San
Francisco–based organization dedicated to defending digital rights,
launched a “Free Jon Johansen” campaign. The impressive level of
legal sophistication on display was no accident.
Many open source developers are more than just geeks working
within a novel legal framework; they are active producers of legal
knowledge. That’s because developers have to learn basic legal
skills to participate effectively in technological production. They
must figure out, for instance, whether the software license on the
software application they maintain complies with licensing
standards. Developers also tend to closely track broader legal
developments, especially those seen as impinging on their
practices. Is the Unix company SCO suing IBM over Linux? Has the
patent directive passed the European Parliament? Information
regarding these and other relevant developments is posted widely on
Internet relay chat channels, mailing lists, and especially techie
websites such as Slashdot, BoingBoing, and Reddit.
There is also overlap between the skills, mental dispositions,
and forms of reasoning necessary to read and analyze a formal,
rule-based system such as the law and the operations necessary to
code software. Both are logic-oriented, internally consistent
textual practices that require great attention to detail. Small
mistakes in either law or software —a missing comma in a contract
or a missing semicolon in code—can jeopardize an entire system’s
integrity and compromise authorial intention. Lawyers and
programmers develop similar mental habits for making, reading, and
parsing what are primarily utilitarian texts.
Pranksterism—more indigenous to hacker culture than to law
firms—played a pivotal role in the open-source pushback as well.
Prodromou, a Debian developer and editor of one of the first
Internet zines, Pigdog, circulated a decoy program that
hijacked the name DeCSS, even though it performed an entirely
different operation from Johansen’s DeCSS. Unwilling to distribute
the legally controversial material, Prodromou did the next best
thing: “I think of this as kind of an ‘I am Spartacus’ type thing,”
he wrote. “If lots of people distribute DeCSS on their Web sites,
on Usenet newsgroups, by email, or whatever, it’ll provide a
convenient layer of fog over the OTHER DeCSS. I figure if we waste
just FIVE MINUTES of some DVD-CCA Web flunkey’s time looking for
DeCSS, we’ve done some small service for The Cause.”
Thousands of developers posted Pigdog’s DeCSS on their
websites as flak to confuse law enforcement officials and
entertainment industry executives, since they felt these people
were clueless about the nature of software technology. Dozens of
these developers (including Johansen) received cease-and-desist
letters demanding they take down a version of DeCSS that was
completely unrelated to the decryption DeCSS.
Clever recreations of the DeCSS source code (originally written
in the C programming language) using different programming
languages (such as Perl) also began to proliferate, as did
translations into poetry, music, and film. A site called the
Gallery of CSS DeScramblers showcased 24 of these artifacts to
demonstrate the difficulty of drawing a sharp line between software
functionality and expression.
Seth Schoen, after being inspired by the gallery, took up the
challenge of publishing a bona fide poem: 456 stanzas written over
the course of just a few days.
After opening with some general thoughts, Schoen launched into a
long mathematical description of the forbidden CSS code represented
in DeCSS. The expert explains the CSS’s “player key,” which is the
proprietary piece that enacts the access control measures:
So this number is
once again, the player key:
(trade secret haiku?)
Eighty-one; and then
one hundred three—two times; then
two hundred (less three)
Two hundred and twenty
four; and last (of course not least)
the humble zero
From these lines alone a proficient enough programmer could
deduce the encryption key. Thus the poem makes a point similar to
the one made in an amicus brief by Carnegie Mellon computer science
professor David Touretzky in Universal City Studios Inc. v.
. Touretzky argued that “at root, computer code is
nothing more than text, which, like any other text, is a form of
speech. The Court may not know the meaning of the Visual BASIC or
Perl texts but the Court can recognize that the code is text.”
Free Dmitry!
Another arrest strengthened the opposition. Around the time
Johansen was making headlines, programmer Dmitry Sklyarov was
nabbed in Las Vegas for a completely unrelated DMCA infraction:
writing a piece of software for his Russian employer, Elcomsoft,
that unlocked Adobe’s book access controls and subsequently
converted files into the PDF format. For this Sklyarov faced up to
25 years in jail.
Sklyarov was arrested in July 2001 while leaving Defcon, one of
the largest hacker conferences in the world. For the FBI to arrest
a programmer at the end of Defcon was a potent statement, showing
that the authorities would go on developers’ home turf to enforce
the DMCA at the behest of deep-pocketed copyright holders. This
first-ever hacker arrest at Defcon (which law enforcement officials
had been attending without incident since 1993) signaled a
one-sided renegotiation of the relationship between legal authority
and the hacker world.
Developers responded by organizing Free Dmitry protests in
Boston, New York, Chicago, and San Francisco, as well as in Europe
and Russia. Even though Sklyarov was not part of the world of F/OSS
development, local F/OSS developers were behind a slew of protest
activities, including a demonstration at Adobe’s San Jose
headquarters, a candlelight vigil at the San Jose public library,
and a march held after the Linux World convention in August 2001
that ended at the U.S. attorney’s office.
At a fundraiser following the march to the prosecutor’s office,
Lawrence Lessig, who had recently published Code and Other Laws
of Cyberspace
, a book that was changing the way F/OSS
developers understood the politics of technology, fired up the
already animated crowd: “This is America, right? It makes me sick
to think this is where we are. It makes me sick. Let them fight
their battles in Congress. These million-dollar lobbyists, let them
persuade congressmen about the sanctity of intellectual property
and all that bullshit. Let them have their battles, but why lock
this guy up for 25 years?”
The protests had an immediate effect. Adobe withdrew its support
for the case, and eventually the U.S. attorney dropped all charges
against Sklyarov on the condition that he testify in the subsequent
prosecution of his employers, which he did. In December 2002, the
jury in that case acquitted Elcomsoft.
Johansen was acquitted a bit more than a year later. A judge
concluded that the charges against him were inappropriate, since
the law under which he was arrested had nothing to do with digital
rights management. Johansen still writes free software, including
programs that subvert digital rights management technologies.
Although these prosecutions fizzled, that does not mean the
equation of software with free speech is widely accepted in the
legal system. Most of the other DeCSS lawsuits were decided between
2001 and 2004, and even though the courts were persuaded that DeCSS
was a form of speech, they consistently ruled that it nonetheless
violated the copyright protections of artistic material. In one of
the 2600 cases, Universal City Studios Inc. v.
U.S. District Judge Lewis A. Kaplan went so far as to
declare that he aimed to “contribute to a climate of appropriate
respect for intellectual property rights in an age in which the
excitement of ready access to untold quantities of information has
blurred in some minds the fact that taking what is not yours and
not freely offered to you is stealing.”
Developers and hackers were deeply disappointed by these
decisions, which essentially equated DeCSS with theft. But by
continuing to create a separate cultural reality, even a rival
liberal morality, in which expression and autonomy are elevated
above the potential for piracy, these outsiders are constructing a
broader legal regime that will eventually challenge the way we
interpret the Constitution.
Today new copyright legislation threatens online freedoms and
free expression. But while the Digital Millennium  Copyright
Act passed in 1998 with almost no public outcry, critics prevented
the Stop Online Piracy Act from passing in 2012. Legislative
support waned amid fierce opposition from the technology community,
which included open source developers, corporate giants such as
Google, protest groups such as Anonymous, and digital rights
organizations. Threats may loom larger today than they did a decade
ago, but advocates and institutions are better prepared to respond
more effectively and swiftly than before.