Friday, April 4, 2014

Guide to Email Production From Gmail

After spending about six hours (and losing several pounds due to fever-level frustration) working on this problem, I believe I have finally figured out how to perform something resembling methodical eDiscovery for Gmail emails if you, like me, work on a Mac. You will need the following:

1. Gmail
2. Google Vault (this software, truly, is spectacularly bad)
3. Stuffit Expander (yes, seriously, like that one from 1997)
4. Mac Mail
5. Acrobat Pro XI


1. Enable Google Vault for whatever email accounts in which you need to perform your production queries.

2. Perform your queries.

3. Use Google Vault's incredibly ham-fisted "export" function for each of your queries.

4. Serially download each of the multiple files that result from your exports.

6. Unzip them with Stuffit Expander (for some unholy reason surely only known to Cthulu and other eldritch gods, Google has chosen to use pkzip, instead of you know, just freaking zip, so your OS will think the files are corrupt unless you download Stuffit Expander, a piece of software old enough it can vote).

6. Serially import each of the mbox files in Mac Mail.

7. Select all the contents of each mbox import folder, one at a time, in Mac Mail, and print them to .pdfs. Note: while you have your emails loaded up in Mac mail, this is the time to remove or un-select emails that you do not wish to produce, i.e., for privilege or for relevance. Google Vault simply does not have anything remotely resembling this function. You either export the entire results of a query, or nothing at all. Thanks, Google Vault.

8. When you have all your .pdfs collected in a folder, open up Acrobat and use the "Bates Numbering" function in View -> Tools -> Pages (intuitive, right?) and assign Bates numbers.

9. Drag the files to a thumb drive.

10. Send the thumb drive to opposing counsel.

11. Curse every piece of software you had to use in this process for being ungainly, cumbersome, semi-functional and poorly designed for this purpose (note: except Stuffit Expander. It had one job and did it without any fuss, complaints or troubleshooting).

And people wonder why lawyers are always angry.

Thursday, February 20, 2014

No, Killing Net Neutrality Does Not Help the Underdog

Killing Net Neutrality Helps Underdogs Succeed

Go ahead and read it - but suffice it to say that I'm not going to engage with the majority of what is said there - I just don't have time.

I'd just like to address one point that is made therein:

Net neutrality activists often fear that because small content creators couldn’t compete in such a market, it would in turn reduce the diversity of internet content. (For example, some argue that users would “naturally gravitate” to the big brands who can afford to pay the bill if Comcast and Verizon do decide to charge them more for streaming video over their pipes.) 
But the video market is already very different from the rest of the web. Because it doesn’t make sense to build one’s own streaming infrastructure when you can embed a YouTube player that better delivers streaming capacity anyway, the “small guys” creating video content already work through large platforms such as Netflix and YouTube. In short, these intermediaries help to solve the capacity problem, countering whatever market power broadband providers might have.
Do you see the switch that has occurred there? Simply because right now many people are just becoming aware of the net neutrality debate because of what is happening with Netflix throttling does not mean net neutrality is about video†.

It's about developers.

Let me explain, because this is what net neutrality is about:

If you were to make a new awesome site, lets say, twitter for cats, lets call it kitter, and you were to put it on the web, you may wonder why no one is getting to your site, and why they all complain of a truly horrible user experience. Then, because the average bounce time of 15 seconds is less than your average load times of 30 seconds, you simply get no traction, despite the fact that we know there are literally billions - billions - of cats that want on to your site. Then you figure out why, when suddenly -as your blood runs cold - you get an email from Verizon demanding 50 cents per user to ensure load times of less than one second. Well, you sigh then take down your service, because you are working out of your garage while holding down a steady job as a graphic designer and cannot afford to pay several million dollars to get your first few hundred repeat users. That is the story of a world without net neutrality: killing ultralight, hugely innovative products before they can ever leave the garage or dorm room because they will have to pay ridiculous access fees to the networks before they can ever leave the starting gate. You know, just like little known services like such as Twitter and Facebook - both invented in dorm rooms, and both of which got huge traction long, long before making anything remotely resembling real money. If either had to pay huge up-front service fees to ISPs just to get their message out, they would have been dead in the water.

Also, please note that one of the authors writes from George Mason's Mercatus Center, which apparently is funded by Koch money. That may or may not matter, but from what I've seen they are pretty committed to letting markets regulate everything - and that stance alone makes their commentary on regulation more suspect than wherever their money may come from. Either way, take it with a grain of salt. As you should the entire op-ed.

Further note that the other author is from the Tech Freedom center, which, from my reading, is not about the freedom of tech, but of the freedom of tech from regulation. The list of goals on their own site:
  • 1. To make the case for pragmatic optimism by highlighting the benefits of technological change and bottom-up solutions to concerns raised by change.
  • 2. To highlight the costs to consumers of regulatory overreach.
  • 3. To develop and defend the most effective means for government to remedy real harms—focusing on increased education, innovation in consumer empowerment tools, and better enforcement of existing laws. 
  • 4. To facilitate constructive, serious dialogue on technology policy through regular events.
It's convenient that they managed to come up with an argument that supports one of their preconceived notions.

Reading more about them, I actually find this position somewhat strange, as I actually do (for the most part) agree with their stances on CDA § 230 and the CFAA - but they seemed to have really missed the boat on net neutrality. It is just irksome to see such poor arguments as the ones advanced in the Wired op-ed come from a source that seems to have a lot of good stuff to say. I think it clouds their overall message.

Luckily, however, and in conclusion the White House and the FCC both seem to disagree with these guys. That is at least somewhat promising. Let's hope the next draft of FCC rules stand up to court scrutiny.

Update: Just wanted to post this to give a final bit of color to the absurdity of the whole debate we are having now: American internet is vastly overpriced.

† Note, however, their argument about video is poor. It is simply that because small content creators can leverage Netflix's massive infrastructure and deep pockets doesn't mean there is a problem is nonsense. They even point out a flaw in their own argument - that Netflix acts as a gatekeeper. Well, what if you create video and want to self distribute? Because, you know, Netflix is totally opaque about viewership stats and not everyone is thrilled about Google? If you find yourself an amateur artist and want to post video on your own site, hosted on your own server, without net neutrality enforced, expect your viewership experience to be totally unusable.

Wednesday, December 11, 2013

Raise the Small Claims Court Limit

Today the NYTimes ran an article, entitled Rule Change Could Ease ‘Justice Gap’ for the Poor,
with the lede:
Lawyers who work for big corporations in New York but are not licensed to practice law in the state will be allowed to do pro bono work under a new rule meant to ease an acute shortage of legal representation for the poor, the state’s chief judge, Jonathan Lippman, announced on Monday.
It followed:
Providing help to the indigent in civil cases has become Judge Lippman’s signature issue, and will likely underpin his legacy after he retires in 2015. He set aside $55 million in the current budget for such services, and has taken steps to encourage lawyers to take on more civil pro bono cases, requiring law students to put in 50 hours of volunteer work before taking the bar exam and making law firms file biannual reports showing how much charitable work they have done.
I will not in any way disagree that this is a very serious need, nor that these are not extremely laudable accomplishments and initiatives. However, I'd like to point out that there is also a tremendous problem of access to the courts for the middle class here in New York State, and it can be traced almost directly to one, single factor here in New York State:

The maximum claim in small claims court is $5,000, except in Town and Village Courts, where it is $3,000. For claims above that amount, the New York Courts page offers the following friendly advice:
Q. Do I need a lawyer for these types of cases?
A. You are allowed to handle a case without a lawyer, although these kinds of cases are often complicated. It's up to you to decide. A person going to court without a lawyer is called "self-represented" or "pro se."
In other words, you're pretty much on your own. Additionally, according to, here are some of the average costs of civil litigation taken to verdict:
  • Automobile: $43,000
  • Premises Liability (slip and fall, injuries in offices, etc.): $54,000
  • Real Property: $66,000
  • Employment: $88,000
  • Contract: $91,000
  • Malpractice: $122,000
Let's compare this to the historical limits of Small Claims court here in New York City†, adjusted for inflation to 2013 dollars using the Inflation Calculator from the BLS:
YearAmount2013 Dollars
At this point it should be patently obvious that there is a huge, huge problem of access to the legal system for anyone but the wealthy. Simply raising the small claims limit to something more sensible, say, $25,000, as it is in Tennessee, or maybe even $50,000, would greatly increase access to the civil court system for many tens of thousands. Small claims court is highly informal and very forgiving to pro se litigants. Supreme Court, however, is not.

Quite simply, the problem is this: If you have a legal claim that is more than $5,000, but less than $100,000, it may be all but impossible to find a lawyer to take your case.

If we want to increase access to the legal system, rather than simply throwing more lawyers at the problem, how about we lower the cost of entry instead?

† From the Supplementary Practice Comments to McKinney's, NY City Civ. Ct. Act § 1801. Small Claims Defined

Sunday, November 24, 2013

GoldieBlox Sues Beastie Boys for Declaratory Judgment of Non-Infringement

Earlier this week, a new product out on Kickstarter called GoldieBlox - a toy aimed at engaging young girls in engineering - made a pretty brilliant music video as an advertisement. The video features a parody of the song "Girls" by the Beastie Boys:

As reported by TechDirt:
The whole point is to mock the message of the original song, with its famous refrain: "Girls - to do the dishes; Girls - to clean up my room; Girls - to do the laundry; Girls - and in the bathroom; Girls - that's all I really want is girls." The new one switches it to: Girls - to build the spaceship; Girls - to code the new app; Girls - to grow up knowing; That they can engineer that; Girls - That’s all we really need is Girls." The point is pretty clear. Parody the original song to highlight how ridiculous that stereotypical image of girls is -- and, of course, highlight how the kinds of toys that GoldieBlox makes can be useful in learning. 
I'd like to reference, once again, what is likely one of the controlling case in this instance - the famous Campbell v. Acuff-Rose. Centrally, in that case, 2 Live Crew sampled Roy Orbison's "Pretty Woman" in a highly parodic fashion. The Supreme Court performed a fair use analysis, which has the following four factors:

(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work.

The Court relied heavily on factor four in remanding the case to a lower court to make a better fair use determination. Specifically, the Court determined that a hip-hop parody of a country song would likely have negligible effect on the market for the original song. The lower court, however, basically glossed this analysis in finding for infringement. The case was sent back down, and it was settled, likely because Orbison knew he was fighting a losing battle.

I genuinely cannot conceive of a negative market influence on the original Beastie Boys song as a result of the GoldieBlox remake. That, in addition to the fact that this GoldieBlox is explicitly an educational toy should weigh very heavily in favor of GoldieBlox.

The Beastie Boys' lawyers would be wise to very, very quickly issue a sincere apology, withdraw their threat, offer a zero cost royalty, and make a contribution to the GoldieBlox kickstarter. Either that or come off looking like a bunch of misogynist bullies - and hypocrites, as they are still defending a copyright infringment lawsuit over that same album. I very, very sincerely hope that the original threat letter sent to GoldieBlox was the result of an overzealous (and clueless) lawyer acting without approval from the band members - because if the band members were involved, well, that could conceivably have a market impact on the Beastie Boys, and a very negative one at that.

You can read the complaint here. Note that GoldieBlox is represented by Orrick, who are not to be trifled with, and they have requested a jury trial. I cannot imagine trying to argue to a jury that GoldieBlox was not a fair use of Girls, and I would certainly have a panic attack when the lyrics comparison charts came out:

Friday, November 8, 2013

Artist Suing Jay-z Over Sample - I Hope it Goes to Trial

The long-short of it is that some artist is suing Jay-z over a sample included in Blueprint III. The details are almost irrelevant, because I cannot fathom how this falls outside of the scope of fair use. From what I've seen, and correct me if I'm wrong, the only reason people get away with suing in nonsense cases like this is because it is easier and cheaper to settle than to actually litigate to verdict.

HOV has the resources to litigate, however, and it would be nice to see copyright sample trolling of this sort simply put to bed altogether. It's a nonsense claim and very frustrating to see it reported on as if Jay-z was somehow a bad actor. It would be great if Campbell v. Acuff-Rose was unambiguously expanded to samples of all sorts, not merely parodic samples.

Tuesday, November 5, 2013

3D Printing 'Encryption' to Hide Contraband Objects Seems Really Overhyped

Tl;dr Yesterday, on, this article ran about using 'encryption' to hide contraband objects in 3D printer blueprints. I think this claim is designed to incite moral panic, and is also an incorrect one. Centrally, distribution channels for contraband already exist online, and this so-called 'encryption' will add no value to that ecosystem.

The central claim of the Forbes article:
If 3D printing companies and government agencies hope to police the spread of dangerous or pirated digital shapes, their task is about to get much more complicated. 
Late last month Matthew Plummer-Fernandez, the 31-year-old creative technologist for Goldsmith College’s Interaction Research Studio at the University of London, released what he’s calling ‘Disarming Corruptor,’ a piece of free software designed to distort 3D-printable blueprints such that only another user with the app and the knowledge of a certain key combination can reverse the distortion and print the object. That means any controversial file–say, a figurine based on Mickey Mouse or another copyrighted or patented shape, or the 3D-printable gun created earlier this year known as the Liberator–could be ‘encrypted’ and made available on a public repository for 3D-printing blueprints like the popular site Thingiverse without tipping off those who would try to remove the file.

On the left are the blueprints for the now-notorious "Liberator," the first 3D printable gun. (Note: it is a really crappy gun.) On the right is the 'encrypted' version of those blueprints. Using the software created by Plummer-Ferndandez, if you have the correct decryption key, you can turn the blobby thing on the right into the gun on the left. And, because the blobby thing on the right is visually meaningless, MakerBot would never ever realize it was a gun, so they would never take it down from ThingiVerse.

However, if MakerBot doesn't recognize that the thing on the right is a Liberator... then how are other users, who want to find the Liberator, going to realize this either?

They are already going to have to know, somehow, that this particular file is the Liberator. Which means they will already have to have been given this information, and, supposedly, the decryption key from a third party. Likely on an online forum of some sort. Where people can post files.

So why not just post the Liberator blueprints to that forum in the first place? There are already myriad places on the internet where people can and do post contraband material that are well beyond the reach of US corporations and law enforcement. So encrypting the file is a wholly unnecessary step.

Here's an analogy: I would never go to the iTunes store to download 35 minutes of static that becomes an episode of VEEP with a magic key. So why would I go to Thingiverse to do the same? And why would someone who knows they are selling illegal goods would want to do it in someone else's store - a store with security? No one is selling knockoff iPhones at the Apple store. And it is not like this filetype can only be posted to Thingiverse - it can be posted anywhere. So there is actually a disincentive to post known contraband to Thingiverse - even if encrypted.

Distribution channels for contraband material already exist. They are called black markets - or, in internet parlance, pirate sites. Adding this 'encryption' is a completely redundant step. When you go up to an unlabeled white van and buy a pair of speakers you aren't handed a mess of shattered plastic and a glue gun with the instructions "some assembly required." Rather, they take your money, hand you a pair of Harmon Kardons, and drive off. Similarly, try searching for your favorite show online: I bet you can find it and no encryption will be involved. Accordingly, encryption is not necessary for sharing .stl files, the filetype used for 3D meshes. There is no reason that .stl should be unique as compared with literally every other file type currently being illegally distributed.

Additionally, it is not the mission of 3D printing companies to police the actions of all of their end-users. Though they have a strong policy goal and public interest in trying to prevent the spread of contraband 3D blueprints over the internet, it is their primary legal goal not to become suppliers of infringing or illegal material themselves. If MakerBot discovers that a particular weird blob looking thing is getting downloaded with alarming regularity, or based on a user report, my suspicion is that MakerBot has the capacity to perform an investigation and remove the questionable material from Thingiverse.

This 'encryption' adds absolutely nothing novel to the ecosystem of transporting contraband across the internet. Forbes may, in fact, be right that it will be increasingly difficult for law enforcement to police the production of contraband with 3D printers in the near future. However, this 'encryption' will have probably have played no role. Rather, as 3D printers spread, so will 3D printing.

Monday, November 4, 2013

Third Party IP Infringement Liability & You: What You, as a Contract Developer, Should Know

A while back I had a post on Contract Drafting for Software Development Agreements. Today's post is a followup, specifically about the issue of Third Party IP Infringement Liability.

If you are someone who offers engineering or design services on a contractor basis, or work for a firm that does, there will almost certainly be a series of clauses in your contract regarding third party IP infringement indemnification. That's a big legalese mouthful, but it is potentially the most expensive part of your agreement, so it should be negotiated carefully.

Essentially, when a service provider indemnifies a client over third party IP infringement claims, the provider is stating that the work-product it delivers doesn't infringe anyone else's copyright, trademarks or patents. Copyright and trademark is pretty easy to cover, as long as you are not using uncredited stock photos or rival company's logos.

Patent infringement is much trickier. There are millions upon millions of patents issued, and as we learned from This American Life, a patent from 1999, predating the first podcast by several years, actually apparently does cover podcasts themselves. As a result, it is very, very hard to know if one is infringing third party patents.

And patent damages can be extraordinary. Many, many multiple times the value of an underlying services contract. This is why you need to be particularly careful when making representations about third party IP infringement. So, from the point of view of a service provider, here are a few ways to limit your exposure (if you are a client, then you will be coming at this from roughly the opposite perspective):

1. Disclaim all third-party IP infringement warranties. If you can get this provision, you probably don't need any further advice, because you are well known in your field and have substantial bargaining power. However, sometimes a client will be willing to accept this condition, so if the initial contract is silent on this issue, this may be the place to start negotiation.

2. Offer third-party IP infringement indemnification only over knowing or negligent violations. Basically, this means that you will not be on the hook for "strict liability" infringement. This is essentially the situation in the podcast story above, where no one had any idea that their techniques fell into the scope of the patent until they were hit with a demand letter. You'll only be on the hook for infringing patents you know about or should have known about. That latter part can get tricky, because then the question is "well should you have known about that?" This inquiry will get into how much of an expert you are in your particular field, how much a particular patent or lawsuit has been in the news, etc. However, it is still a pretty strong standard.

3. Limit your total indemnification liability. This is often the easiest solution. Typically damages under an agreement, no matter what form in which they occur, should have a cap. Often times, however, indemnification liability is specifically exempted from this cap. So, for instance, if there is an liability cap of $1,000,000.00 on an agreement, and you show up to your client's office and blow up a $2,000,000.00 piece of machinery, you are only on the hook for the initial $1M. If, however, indemnification liability is exempted, and it turns out you deliver work that infringes a third party patent, your liability could be limitless. Liability caps commonly used in developer agreements range from a negotiated, fixed price, to the fees paid to the consultant over a given period of time (trailing twelve months, trailing two years), the total fees paid to the consultant, or a multiple of any one of those. Additionally, there should be a sunset provision on this indemnification liability, meaning you will no longer be on the hook for these types of claims two, three, five, etc., years out.

4. Negotiate at what point indemnification liability obligations become active. Some clients will want you to indemnify them for claims as they arise, which means you will be on the hook for every crank and potentially baseless infringement claim your client receives. Other possible solutions include having indemnification obligations become active upon the breach of an IP warranty, i.e., proof that you knowingly delivered infringing IP, after a claim has survived a motion to dismiss, or upon adjudication that IP was actually infringing.

It is very, very important to pay close attention to these provisions when you agree to develop software on a subcontracting basis. More than any other clause, this one can come back to bite you, years later, for enormous sums of money. To put it another way, if you give a client unlimited, strict liability third party IP infringement indemnification, your contract with them is no longer so much of a services contract as it is an insurance contract. Keep in mind, that as a developer makes more and more representations, the developer can argue it is entitled to higher fees, as it is bearing higher risk. The counterpoint is true from the point of view of the client. In any event, it is essential that before the commencement of services both client and service providers have negotiated this issue explicitly, so they understand their mutual responsibilities and obligations to each other.