Our Attorney's Response To Microsoft

Click below to read our lawyer's formal response to Microsoft's request that we remove readers' comments about their version of Kerberos from Slashdot.

To: J.K. Weston, Designated Agent, Microsoft Corporation

This firm represents Andover.Net, Inc. ("Andover.Net") which operates the Slashdot service. Andover.Net has asked us to investigate your e-mail message regarding certain postings by users of Slashdot relating to a Microsoft Kerberos specification.

As a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users. Andover.Net is particularly concerned about censoring the user postings on which you have focused given their apparent relevance to issues in the current antitrust litigation between the Microsoft and the government.

In our review of this matter, it would be helpful if you could provide certain information:

1. How can Microsoft claim proprietary protections for enhancement to an open standard protocol?

2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?

3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet?

4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?

5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?

6. How could posting of the Microsoft Kerberos specification on Slashdot have any detrimental impact on the market for authorized distribution of Microsoft's version of Kerberos?

7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?

8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?

Any information you could provide in response to these questions and any other information that you believe we should consider would be helpful.

Very truly yours,

- Mark D. Robins

______________________________
Mark D. Robins
Hutchins, Wheeler & Dittmar
A Professional Corporation

If There's Hot Grits You Must Acquit!

[Anonymous Coward]

If There's Hot Grits You Must Acquit!

is it me...

[Anonymous Coward]

or does it seem that Slashdot is evading the issue? I don't see how it can be argued that those posts that copied the protocol verbatim (not the links to a copy) shouldn't be removed. Slashdot is after all operating within a jurisdiction where the EULA is enforcable. The rest was just filler wondering why Microsoft has embraced and extended kerberos(which last time I checked they had the right to do) and not really addressing the charge that they were in violation of the DMCA. which they are.

Devil's Advocate

[Anonymous Coward]

"Can't wait to see the reply"

Okay, I'll play the Devil's Advocate:

1. How can Microsoft claim proprietary protections for
enhancement to an open standard protocol?

We claim proprietary protections only for our enhancements. No such claims
have been made for the standard Kerberos protocol.

2. How can Microsoft use the Kerberos name, which signifies
an open standard protocol, in connection with a proprietary
protocol?

Our implementation of the Kerberos protocol meets all standards of the
protocol, thus preserving our right to use the name. Our extensions to
the protocol do not interfere in any way with the standard Kerberos
protocol.

3. How can Microsoft claim trade secrecy for a protocol that
is distributed over the Internet?

4. What measures has Microsoft taken to protect the trade
secrecy of its Kerberos specification beyond the use of a
click-wrap license agreement?

Answers to #3 and #4:
The use of click-wrap non-disclosure agreements to protect trade secrets
have been upheld as legally binding in numerous court cases. The advent
of the internet as a means to widely and quickly distribute restricted
information does not change the fact that it is a violation of a legally
binding agreement to do so.

5. What measures has Microsoft taken to ensure that its
Kerberos specification is only distributed to persons who are
capable of entering into a binding contract in jurisdictions
where such an agreement would be enforceable?

The Microsoft Kerberos specification non-disclosure agreement is enforcable
under the laws of the state of Washington in all United States jurisdictions
where Microsoft does business, and in most foreign nations by virtue of
their own laws, and various treaties and trade agreements they might have
with the United States.
By it's very nature a raw software listing of this type is only of interest
to professional IT personnel. Microsoft therefore has a reasonable
expectation that:
A. Only professional IT personnel would be interested in obtaining
the specification, and
B. Anyone qualified to be an IT professional is also qualified
to enter into a binding contract.

6. How could posting of the Microsoft Kerberos specification
on Slashdot have any detrimental impact on the market for
authorized distribution of Microsoft's version of Kerberos?

The Microsoft Kerberos specification is a trade secret in order to
protect our investment, and protect our ability to profit from that
investment. We are in a highly competitive market and must take measures
to ensure that our innovations do not help our competitors at our expense.

7. Why wouldn't prospective purchasers of Windows 2000
need to know the contents of Microsoft's Kerberos
specification in order to make informed judgments regarding
interoperability in connection with their purchasing decisions?

Microsoft agrees that prospective purchasers of Windows 2000 should be
aware of our Kerberos specification. That is the reason we made it
conveniently available over internet. Microsoft customers are able to
to easily review the contents of the specification as long as they agree
to protect our trade secrets.

8. Why shouldn't Slashdot users and the general public be
able to view this protocol for purposes of commentary and
criticism in light of its apparent relevance to issues in the
government's antitrust litigation?

Firstly, Microsoft's Kerberos specification is a copyrighted trade secret.
The laws of the United States do not require the public release of trade
secrets simply due to their relevence to on-going legal action. In fact,
the law specifically protects trade secrets in those instances. We are
sure that you would agree that it would be undesirable for any entity
(including Microsoft) to be capable of discovering trade secrets by
merely bringing an "apparently relevant" lawsuit.
Secondly, our copyrighted Kerberos specification has been posted on
Slashdot for 16 days now, for as you put it, "commentary and criticism",
yet there has been no discussion whatsoever of its technical merits. The
only commentary and criticism we are aware of relate to the user license
itself, not the specification.

- just another AC

What smokescreen?

[Gleef]

Reality Master 101 wrote:

Unfortunately, none of those question have anything to do with the matter at hand.

Considering Microsoft invoked the DMCA's anti-circumvention provisions, they are quite pertinent.

The fact of the matter is that Slashdot's servers contain copyrighted material. The copyright holder asked that it be removed. Your response seems to be, "well, you suck, and should never have copyrighted it in the first place. Nyahh!"

I am not a lawyer, but under the "fair use" provisions affimred by the Supreme Court, it is perfectly legal to copy copyrighted works if the copy qualifies as fair use. Some of these questions (specifically 1, 2, 7 and 8) seem to be geared towards developing a fair use defense in the event that this goes far enough to require the courts get involved.

The things you are interpreting as "you never should have copyrighted it in the first place", I interpret quite differently. The DMCA doesn't give just anyone the right to demand that anything be taken down just on their say-so. It requires that certain things be true, and the questions are demanding that Microsoft show some evidence that their invocation of the DMCA is valid here.

Microsoft is on very shaky ground here, and these questions address that shakiness.

The point is that they did copyright it. Slashdot is in the wrong.

Again, Slashdot is only in the wrong if the use was not fair use. If Slashdot decides to take this defense it would be a long and costly issue for the courts to decide. I would assume Microsoft was banking on Andover.Net not being willing to put up with such a battle. I hope this letter means that they're wrong.


----

Trade Secrets

[Gleef]

Again, I am not a lawyer, but as I understand IP law, Trade Secrets are perfectly copyrightable, but since they're protected by Trade Secret law, which is stronger than copyright law, you seldom see copyright infringement suits for copying trade secrets.

Trade Secrets are mutually exclusive with Patents. You cannot patent a trade secret. To patent something, you need to publish the details of the thing, this would remove the trade secret status.

You can still question Microsoft's copyright of this, since it can be argued that their document is a derivative work, and therefore Microsoft cannot control the copyrights.

----

Re:Fair Use!

[Alex Belits]

Can I reproduce the entire novel as an appendix to my book? Of course not. Whether or not you're discussing the entirety of a work, fair use only allows for limited reproduction.

If the novel is freely distributed, and adding it as an appendix to the book does not interfere with author's ability to profit from its sales, and the book is a work of literary criticism that is supposed to be used for education and research, you can. In the case of Microsoft document it will be that, plus if the novel was reproduced to demonstrate that it describes author's plans to throw stones into every window on the second floor of the local mall while playing guitar and yelling "Bald people are inferior!".

Its just lawyers, pissing at each other.

[torpor]

Microsoft won't answer those questions.

This is just laywerease for "fuck off, we're not going to do what you asked us to do".

Re:The response is irrelevant

[phil reed]

Did you read any of the other messages, particularly about fair use? Under terms of fair use, it may be permissible to quote the entire text, for purposes of criticism and analysis. The posting on Slashdot may qualify. The whole thing is certainly not a black-and-white issue.


...phil

Pack up and leave

[The Man]

Instead of paying lawyers tons of cash and standing the very real possibility of losing, wouldn't it just be a whole lot easier to spin off Slashdot, {SA, Inc,...} as a [insert name of freedom-friendly nation here] wholly owned subsidiary of Andover and move the servers to [freedom-friendly nation]? Fuck the US. If the US only wants $100 billion and larger corporations, then that can be arranged. "We'll take our business elsewhere, thanks. I'm afraid you're just not willing or able to meet our needs."

Yes, BUT...

[The Man]

...the DMCA is blatantly unconstitutional, and this is the perfect way to prove it. Constitutionality can only be decided in the courts, and Andover's arrogant and unreasonable response will help generate bad blood, hopefully enough for this whole thing to go to court. Then this illegal piece of legislation gets tossed out and the US is safe for another year at least. There are times when being obnoxious and unreasonable is an advantage; this is one such.

Re:slashdot is a criminal organization

[The Man]

Right now they are breaking every copyright law in the book by allowing those posts to stay up

No. They may be in violation of one law, which is new and has never been tested in court. Therefore even if they are in violation, it does not necessarily mean they would lose in court.

This is NOT a free speech issue.

Yes, it is. It is about whether common carriers (ISPs, community sites like Slashdot, etc) can be held responsible for the content in their media. Ask yourself this: if you call a friend and read him the contents of the posts in question, can Microsoft sue the telco for failing to terminate your call?

What is someone posted an entire novel? It would be removed in a second.

A novel is an original work, and distributing it causes possible loss of revenue to the copyright holder. A technical specification derived from a freely distributable work which has already been published publically may or may not be copyrightable, but it surely cannot be held as a trade secret.

but these laws are what America was built upon.

Nope. For 200+ years, all we had were the USPTO and a set of laws that included provisions like "fair use" to protect the rights of everyone, not just megacorporations. The law in question here is brand new, and is very much in contrast with American history.

Without them, many great products would never have been created such as the car, light bulb, telephone

The light bulb, maybe - though we would certainly have fluorescent lighting anyway. The telephone was an obvious extension of the telegraph and would undoubtedly have existed anyway. The same arguments apply to the car. One might argue that the prospect of wealth derived from IP sped up development of some things, but by and large they would exist anyway for much the same reason that Linux exists. The protections afforded physical property are sufficient to foster development and I challenge you to prove otherwise.

That's right, Windows 98 is a great product.

Depends on the perspective. From Microsoft's perspective, it is. W98, like all of Microsoft's products, is designed with the single goal of making money for Bill Gates, which it achieves admirably. From the perspective of a potential customer, however, W98 is a terrible product, unless the potential customer's goal is also to increase Bill Gates's wealth. If his goal is to get anything useful done with a computer, then it is in fact a terrible product.

Anyone who says otherwise is a pro-Linux zelot or a fool.

Not bloody likely. It all depends on whose perspective you consider.

Re:The open source community just does not get thi

[Tony]

8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?

It is completely irrelevant to the antitrust case. That notwithstanding, Slashdot users DO have the right to view the specification, and to comment on it, provided that it is obtained lawfully.

These questions lead through a minefield. First, they try to establish that the click-through is neither effective, nor legally binding. So that leaves the document as a standard copyrighted document published on the internet. Under copyright law, there is a thing called "Fair Use." Is is *legal* to publish portions of a document for criticism.

This is why ESR was able to publish the Halloween Documents as he did; they contained the full text of copyrighted documents (because *all* documents are copyrighted as soon as written under current copyright law).

By stripping the click-through agreement of any meaning, we expose the document itself to fair use. It's that simple, and that is *exactly* what the /. questions do, while putting Microsoft in the worst possible light.

Absolutely Not.

[Danse]

I can slap a copyright statement on damn near anything. It doesn't mean I really own the copyright to that work. I thought this question was quite relevant:

2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?

They're taking an open protocol, adding a bit to it, and trying to call the whole thing their property. I don't think that's going to work.

Another good question was this:

8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?

Given the fact that Microsoft is a known monopolist, people have a right to be concerned about what Microsoft is attempting to do with an open protocol. Posting the information so that we can all discuss it should be considered fair use, even if Microsoft does somehow own the copyright for the document. They probably wouldn't even try to stand on just the copyright issue. They seem to be playing up the trade secret part more than the copyright part. This is why most of the other questions were quite good.

Re:Where did trade secret enter this?

[Danse]

Bypassing the software that has the license agreement dialog violates the DMCA.

I still fail to see how using WinZip or some such program that is specifically designed to open compressed files constitutes bypassing a content protection mechanism. These files are created with such a program, and such a program is routinely used to open them. I don't make a habit of running executables on my system if I don't have to. I almost always open self-extracting compressed files with a compression program rather than just running them. I think that their content protection mechanism isn't really a protective measure since it doesn't even occur in many instances when a person opens the file in a perfectly legitimate fashion.

That has the potential to be illegal under long established (and enforced by the court system) copyright law.

Given the nature of the document, i.e. a technical specification, posting the entire document could probably be justified. You can't really understand the spec without seeing the whole thing. That, combined with interoperability concerns (which was supposedly why Microsoft was releasing this doc in the first place), leads me to think that /. has a good chance of succeeding with a fair use argument.

Re:is it me...

[Danse]

Not non-issues in the case, but not really the point of it either.

While it may not be the point of Microsoft's accusation, Slashdot's lawyers are definitely correct to seek as much information as possible before deciding on a course of action. Not to mention that, as someone else here said, it makes a good delaying tactic to allow the posts to fall off of the /. servers and therefore not risk /. having to censor the posts, thereby setting a bad precedent that could require them to censor any post that someone complains about.

Re:is it me...

[Danse]

I don't think this is either letter. They probably sent the first letter acknowledging receipt, and this is a second letter asking for more information and clarification. Presumably they will use this information to write yet another letter addressing the issues.

Re:trade_secret != copyright

[Danse]

1. Microsoft is claiming copyright on the document describing their extensions, not the extensions themselves.

Actually, they're claiming copyright on the entire specification, i.e. "Microsoft's copyrighted work entitled 'Microsoft Authorization Data Specification v. 1.0 for Microsoft Windows 2000 Operating Systems.'" That's beside the point though. They would have a much better case if they were claiming copyright of the extensions themselves rather than the document describing the extensions. The specification is necessary information for anyone attempting to achieve interoperability, something that seems to even be protected under the DMCA, although with a major loophole or three for the corps to exploit.

8. Microsoft respects the right of the users of Slashdot to view the specifications for the purpose of comment.

No they don't, they even want posts that quote only a portion of the specification to be removed, as well as those that link to it, or describe how to open it with Winzip.

Why is everyone talking about trade secrets?

The EULA for the specification claims that it is a trade secret of Microsoft. Then, in the letter, Microsoft references "examples of the misuse of Microsoft's proprietary information." Granted, the main issue appears to be the copyright issue, but since Microsoft is trying to claim trade secret status for the spec as well, that's being discussed here too.

Basically, Microsoft is really overreaching on this one. Perhaps if they had just stuck to trying to get the one or two posts that actually posted the entire document removed, they might have met with a more favorable reception. But since they're also trying to remove posts that only quote a portion of the spec, posts that explain that you can open the compressed file with Winzip or a similar program, and posts that contain a link to a copy of the spec somewhere, nobody has much sympathy for their situation. Then there's the point that while the posting of an entire document is rarely considered fair use, it may actually be fair use in the case of a technical specification, most of which is public information, simply because you can't really have an informed discussion of a specification without knowing what the whole specification says. In the absence of trade secret status, this might hold up. Slashdot has a strong incentive not to back down on this one too, because if they do censor any comments on this site, they may lose any chance of claiming "common carrier" status. That could oblige them to censor any comment that someone has a gripe about. Not a good precedent to set.

I'm glad to see that their lawyers are taking this approach. They most certainly should get as much information from Microsoft as possible in order to determine the course of action they should take. Most of those questions were quite valid and relevant.

Re:Nice smokescreen

[Danse]

I've got news for you... people have been put in jail for passing around trade secrets. It's called "theft".

This just in! If it's not really a trade secret, then there's no crime in reavealing it. Microsoft has made no real effort to keep the document secret. They let anybody anywhere have access to it. Even minors who aren't legally bound by the EULA, and people living in places where the EULA has no legal merit. Therefore this specification can no longer be considered a trade secret. It's out there. It's publicly available and you don't have to even read, much less agree to the EULA.

They may even argue that it's not "secure enough". But stealing from my car when the window is open or stealing by breaking the window is still stealing.

You're comparing apples and oranges. Trade secret laws are not the same as regular property laws, and for good reason. In order for something to qualify as a trade secret, one of the criteria that must be met is that the trade secret holder must use "reasonable measures under the circumstances to protect" the secrecy of the information. Microsoft certainly did not do this, as evidenced by the fact that anybody could download the information and legitimately open it using the same or quite similar program as was used to compress the file, without ever agreeing to a EULA.

But the point is that everyone who posted it knew that it was copyrighted material.

Now you've jumped from trade secrets to copyrights. Sure. Anyway, the copyright issue is a whole other can of worms. I think that it could be argued that this is a technical specification that Microsoft has made public, and as such it should be considered fair use to post the document in its entirety for the purpose of commentary and criticism due to the fact that it must be taken as a whole to be fully understood and for an informed, rational discussion to take place.

Lawyer: But that can be productive from a lawyer

[hawk]

I am a lawyer, but this is not legal advice on this or any other matter. If you need legal advice, contact an attorney licensed in your jurisdiction.

That's a reasonably accurate description of the legalese--I'd really have tagged this informative, not funny.

Sometimes this is *exactly* what you need your lawyer to do. Sometimes I've even advised clients to flat-out ignore the first letter received--with experience, you get a handle for which ones should be taken seriously, and which ones will go away if ignored. The latter category frequently includes letters from out of state attorneys that are really looking to see if you'll quickly connect them to an insurance company for a quick buck.

An attorney unzipping and taking aim is also frequently what you need in a consumer matter, with a rogue government agency, or when the IRS just plain screws up. FOr $50-$100 (depending upon where you are and local rates), there is a broad class of problems that are solved well over half the time by a simple letter. Yes, the other side *should* have backed down without the letter, and there frequently is no information inside the letter that wasn't already given, but it's an "attention-getter."

Basically, you hire the attorney in this case to menace with an iron fist in a velvet glove. Leave the other side a way to back down and save face (and save themselves from their boss finding out :)

The time it took for the consultation and letter really didn't make them worthwhile for me at $100, but they tend to give you very happy clients who might come back with someone else, or tell their friends about you (My overhead was over $100k/year at one point . . .). It also feels good :)

There's also the issue of showing the other side that you have the resolve to fight it, and it isn't worth your time. Andover is large enough that they can afford the fight, and they're showing that they're serious here.

hawk, esq.

Re:A great response!

[Zachary Kessin]

Not only that, that firm also supports WBUR, the local NPR station here. Go /., go Hutchens Wheeler and Dittmar.

The Cure of the ills of Democracy is more Democracy.

Re:How binding is all this?

[Boomhauer]

(apart from the antitrust references, which I think are kind of weak)

Actually, I think the anti-trust references are right on target. Isn't yhe whole Kerberos situation is similar to what M$, in it's recent proposal, agreed not to do anymore? Also, this is another example of their "innovation". (when you redefine innovation as "Leverage our control of the desktop to make sure that while we can talk to other systems, they can't talk to us.")

IMHO, Cal

Re:How binding is all this?

[Thomas Charron]

Actually, I think that there is a clause along the same line as Patents that says you *HAVE* to defend and protect your trade secrets in order for them to be legally enforceable. Hence, is a simple zip file deemed enough protection..

A great response!

[jd]

I don't know where Slashdot gets its lawyers, but you might want to consider cloning them. I'm sure people would pay a lot of money for intelligent, intelligable attorneys.

Seriously, Microsoft will have every reason to fear Slashdot and Andover, if this is the standard of response they get. These are exactly the sort of questions they won't want to answer, especially with the knowledge that tens of thousands of people will know their replies.

You're right...ish...

[jd]

It's not a court of law. This has become a media trial, which is potentially far more devastating to Microsoft. A court of law can always be ignored, but the public are the people who fill the coffers.

Re:More Importantly...

[Jason Earl]

Of course nowadays most media companies actually see Microsoft as competition. They don't call it MSNBC for nothing, you know.

Not to mention the fact that even the computer rags have a vested interest in maintaining customer choice. Sure, just about every magazine outside of the Linux Journal has a substantial amount of advertisements for Microsoft products, but they also have ads from Microsoft's competitors. If Microsoft were to drive everyone else out of business then the computer magazines would be out of a job as well.

There will always be pro-Microsoft media outlets, but I think that it is also safe to say that there will also always be anti-Microsoft outlets. What's more, even the most pro-Microsoft outlets will carry anti-Microsoft news if they think that it will help them sell more papers (or get more hits). And anti-Microsoft news has been pretty popular lately.

Slashdot Preventing Historical Tampering

[Brian Ristuccia]

The point is that they did copyright it. Slashdot is in the wrong.

Why do you think that it is wrong of Slashdot to deny Microsoft's request for Slashdot to tamper its own news archive? If a large paper like the New York Times had printed an editorial containing copyrighted information, Microsoft would not even think of asking them remove it from their archives. And no doubt, any paper with the slightest shred of journalistic integrity would decline such a request.

But what Microsoft is asking Slashdot to do goes even further: It's akin to asking a newspaper to go around and ink out the potentially infringing text in every copy of the newspaper distributed, including those in libraries, archives, bird cages, etc. For people who've bookmarked those posts in the hope of returning to them (similarly to how they might dogear the edge of a newspaper or clip out an article and put it aside) posts that are removed from Slashdot simply disappear. Someone who goes to their local public library to get the May 2 edition of Slashdot after such a removal will find a version that differs from what Slashdot actually published on May 2! How would you feel if a newspaper clipping in your scrapbook suddenly disappeared because the newspaper that printed it was threatened with a copyright infringement lawsuit?

Why should Slashdot be any different from the New York Times simply because it's printed with bits instead of on paper? Why should a corporation like Microsoft be able to retroactively alter or delete the historical record provided by a news outlet, effectively rewriting the past?

Remember, rewriting history has been used as a tool to justify all sorts of evil things: holocaust denial, racial prejudice, etc. History changing was a large source of the government's power in Orwell's 1984. We don't want to give a power as dangerous as this to anyone, especially not Microsoft.

Read all of the demands

[David Jao]

I think most people here agree that posting the full text of Microsoft's specification is a copyright violation. If Microsoft was demanding only the removal of posts containing the full text of their specification, their reception would be a lot friendlier, and their chances of succeeding in court would be a lot higher.

The problem is that Microsoft is demanding the removal of posts that

• contain excerpts of the specification,
• contain links to other servers, or
• point out that you can open the file with WinZip without running the self-extracting .exe code.

The latter three demands have no legal justification in either copyright law, contract law, or the DMCA. Slashdot is right to oppose these demands.

eerily Quake-like

[Chris Siegler]

Replace Carmack with Microsoft, and /. with that guy who used a click-through agreement with modified QuakeWorld source, and it seems awfully familiar [planetquake.com]

The tactics used by the offending party seem the same. Carmack said "cease and desist", and so did Microsoft. And the perpetrator in both cases obfuscated the matter by replying with unrelated matters.

I don't think that /. should remove the comments either. Especially the ones detailing how to avoid the agreement (winzip--wow, what details), and the comments including links.

I just wanted to point out that it's interesting how different the argument is depending on what side you sit.

A simple question about the MicroSoft document

[spitzak]

Why wasn't that license/copyright information in the .pdf portion of the file?

Whether or not you try to force somebody to click a button, it just seems stupid that they would not also put the legalese in a place where it will be preserved if the file is printed or if the user only keeps the interesting part on their disk.

In my own OSS code I slavisly put the GNU comment block at the top of every single file so that nobody can make the excuse that they did not see it. This is an obvious precaution and I don't see why they did not do it.

Re:Damage control at MS.

[PhilHibbs]

On one hand, they have woven kerberos so tightly in with Active Directory that it would take a major overhaul to make it compatible with other versions of kerberos,

Is this true? Is it really incompatible? What are the issues here?

Re:So what if they do?

[Darchmare]

Agreed. If Microsoft owned Slashdot, how many people would come here?

My guess - within 7 days the entire population of Slashdot will have created new accounts on Rob's new project, and that'd be that.


- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:So what if they do?

[Darchmare]

Well, maybe not. I think Rob would have come up with something else very similar for whatever his interest may have been.

Remember, he's got some interest in animation as well. The site could have been like that.

Of course, a geek is a geek. If he didn't get into Linux, he could very well have gotten into BSD or BeOS instead (even, god forbid, HURD). Slashdot has grown with the open-source community - if Linux weren't around it's possible that Slashdot would be smaller, but I bet something like it would still be here.

- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:MS reply: "We have $50e6 to spend on lawsuits..

[Darchmare]

Sometimes... Sometimes not [cnet.com].

- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:Where did trade secret enter this?

[acroyear]

The "Trade Secret" factor is an unofficial interpretation of the words of the license agreement. Trade secrets are not protected in and of themselves by the DMCA. In fact, the fact that it's a trade secret is mostly irrelevant, save that it is what triggered the license agreement in the first place.

Bypassing the software that has the license agreement dialog violates the DMCA. Posting instructions to do so violate the DMCA (publishing on the web instructions for an illegal activity). Posting links to such violates the DMCA (publishing links to illegal pages).

Those items are worth fighting. The DMCA is excessive in its restrictions to the point that free speech is restricted, violating the constitution.

Slashdot carrying the full text of the document protected by copyright (regardless of either license or "trade secret" status). That has the potential to be illegal under long established (and enforced by the court system) copyright law. That part is where slashdot might not have a leg to stand on.

The compromise will end up being where slashdot removes the verbatim copies of the document, but leaves the "links and instructions" comment postings alone. Besides, by the time a decision is made, MS Kerberos will have gone through its requesite 2 versions, and the working version 3 will be up. This is only "1.0" -- no MS 1.0 works, and we know this.

Huh?

[Booker]

/undo_prior_moderation

Not true. The fact is that the material is allegedly copyrighted. The law may be unclear in this case, and is anyway certainly open to interpretation.

Uh? If I write a little Perl script and put "Copyright 2000, Eric Sandeen" on it, is that not copyrighted? There's no central copyright office, like there is for patents and trademarks.

If MS writes a document, stamps "copyright" on it, it's copyrighted (unless it was stolen from some other copyrighted material, of course.)

Which brings me to... just because Kerberos is an open standard, MS can still write a 10 page document describing it, and copyright that document.

If you subsequently retransmit it in full, you are guilty of copyright violation, AFAIK.

Right?

---

whew

[craw]

Whew. Given the past history of /. I was scared that the reply was going to start out something like this.

To: J.K. Weston, Designated Agent, Microsoft Corporation

IANAL but, ...

BTW, you should cc: Joel Klein, Washington, DC

I think you have a shot at winning this

[hatless]

In my experience, documentation released under a restrictive NDA is distributed via physical media (CD, print, fax) after a signed NDA has been submitted. An anonymous clickwrap agreement, followed by a non-watermarked, unencrypted, unprotected PDF shows not even a cursory effort to protect the document from casual redistribution.

From a "real security" standpoint, there's not much of a practical difference between what they did and, say, distributing it on CD to a signer of an NDA. But this is almost as if they left the barn door open and then put a neon sign on the barn roof saying "OPEN BARN! TAKE OUR COWS!"

Re:Good/tough questions. Too bad they're irrelevan

[rthille]

The doctrine of Fair Use can be applied to the presence of copyrighted material here on Slashdot:

From http://fairuse.stanford.edu/rice.html

I. Fair Use for Teaching and Research

The "fair use" doctrine allows limited reproduction of copyrighted works for educational and research purposes. The relevant portion of
the copyright statue provides that the "fair use" of a copyrighted work, including reproduction "for purposes such as criticism, news
reporting, teaching (including multiple copies for classroom use), scholarship, or research" is not an infringement of copyright. The law lists
the following factors as the ones to be evaluated in determining whether a particular use of a copyrighted work is a permitted "fair use,"
rather than an infringement of the copyright:

the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational
purposes;

the nature of the copyrighted work;

the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and

the effect of the use upon the potential market for or value of the copyrighted work.

Although all of these factors will be considered, the last factor is the most important in determining whether a particular use is "fair." Where
a work is available for purchase or license from the copyright owner in the medium or format desired, copying of all or a significant portion
of the work in lieu of purchasing or licensing a sufficient number of "authorized" copies would be presumptively unfair. Where only a small
portion of a work is to be copied and the work would not be used if purchase or licensing of a sufficient number of authorized copies
were required, the intended use is more likely to be found to be fair.

-- End Quote --

Since Microsoft is giving the information away for free on the internet to anyone (including those who due to their age are unable to enter into a binding contract) it's obvious that the presence on Slashdot isn't affecting their ability to make money off the material.

Why are any of these questions relevant?

[xyzzy]

I'm honestly surprised that the response would consist of so many questions. Yes, these are good ones to ask, but hardly points of law (I mean, if you can point to a law that says that protocols used on the internet can be freely copied, I would like to see it). Rather, I would have said either that slashdot is a journalistic enterprise and that articles are protected under the first amendment, and postings are akin to letters to the editor. This seems to be much more direct and to the point, and sets a VERY high bar for Microsoft to cross. They would have to prove that a) slashdot is NOT a journalistic enterprise, and therefore not entitled to first amendment protection, or b) that if slashdot IS a journalistic enterprise, that they (MSFT) have an overriding concern in having the first amendment rights abrogated. Keep in mind that the U.S. government was unable to do this with the New York Times when the Pentagon Papers were published. This is what I mean when I say "a high bar to cross". The letter written by the editor seemed to just be beating around the bush.

Comment removed

[account_deleted]

Comment removed based on user account deletion

How can slashdot tell this is copyright work?

[Bronster]

There's no way that slashdot can veryify the validity of Microsoft's claim without opening the "click-through" licence.

Because of this, I don't see any reason why slashdot should accept the claim that the material held on their servers is indeed copyrighted by Microsoft until they are provided with evidence of this claim (e.g. a copy of the document without the licence).

It is certainly unreasonable to remove a posting just because somebody claims that they own copyright on it without providing evidence. If this was the case, I could have any posting removed just by emailing rob and saying it was mine and I wanted it taken down!

IANAL and all that

Andover has some hot lawyers

[Silver A]

This is just the sort of thing lawyers are for: Telling some bully to put up or shut up.

3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet?
4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?
5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?
6. How could posting of the Microsoft Kerberos specification on Slashdot have any detrimental impact on the market for authorized distribution of Microsoft's version of Kerberos?

These are the crucial questions that a judge will have to decide in this sort of a case, and they all reflect precedents that other corporations have set, even if not tried in court. (Remember the Corel beta license flap about prohibiting minors? Microsoft didn't even bother to specify no minors.) And they're all framed in a way to put Microsoft on the defensive. Cool.

I do wish that something had been said about fair use, but IANAL, and wouldn't know how to frame that question, nor whether it's useable.

It's real good to see that Andover has lawyers who earn their pay, since so many don't.

Re:slashdot is a criminal organization

[Silver A]

Right now they are breaking every copyright law in the book by allowing those posts to stay up. This is NOT a free speech issue. The content of many of those posts is copyrighted. What is someone posted an entire novel? It would be removed in a second. These posts aren't being removed because slashdot wants to drag this out and throw some mud on Microsoft. All MS is asking is for you guys to respect their copyrights. Is that so hard?

I know copyright laws go against your Linux/communist agenda, but these laws are what America was built upon. Without them, many great products would never have been created such as the car, light bulb, telephone...and Windows 98. That's right, Windows 98 is a great product. Anyone who says otherwise is a pro-Linux zealot or a fool.

You obviously are unfamiliar with how copyright (or most other law) actually works. Microsoft has informed Andover that MS believes Andover to be infringing its copyright. The response by Andover's lawyers is requesting clarification of MS's claims, while challenging MS's assertions. Just because a lawyer (MS's) says something, doesn't mean it is true. So Andover asks questions about the finer points of copyright law in an attempt to determine if the posts really are copyright material, and whether the posts actually infringe copyright law. Yes and No is a possible combination of answers to those two questions.

Part of what you don't understand is that Intellectual Property has limits, just as real property does. Andover is asserting (in the subtext of its questions) that the posts fall outside those limits, and are not subject to action.

Anthony Argyriou

Capitalist for Linux

ps: I quoted the entire post, because it isn't really a troll

has anyone noticed..

[geekd]

has anyone noticed that the guys who wrote Kerberos in the first place are really pissed at MS? And they work for VA Linux, who owns Andover, who owns Slashdot.

So MS is, in effect, adding insult to injury by taking legal action against the company that employs the creators of an open protocol that MS is subverting.

"We will take your work, make it proprietary, then threaten legal action when you complain!"

VA Linux/Andover/Slashdot should sue MS! I'm sure they can find the grounds for it somewhere.

-geekd

Re:Good/tough questions. Too bad they're irrelevan

[seebs]

While I tend to agree that the DMCA is probably not constitutional, it has *nothing* to do with free speech.

The ability to reproduce someone else's work has never been a kind of free speech. Same for the press.

Copyright *DOES*, in fact, trump free speech. You're allowed to say what you want, but you aren't allowed to stea someone else's words.

Good/tough questions. Too bad they're irrelevant.

[seebs]

The question is this:

1. Do slashdot's servers currently contain copyrighted material which they do not have appropriate permission to distribute?

That's it. Now, you can argue the *trade secret* part separately, but the fact is, the text of the spec *is* copyrighted, and entitled to protection, just as slashdot's code is copyrighted, and entitled to protection.

How would you feel if Microsoft went and ran a closed, proprietary, message system based on slashcode, and when asked, found some side issue to the question of ownership and licensing and hammered on that instead?

If there are copies of the spec, they should be removed. Instructions on bypassing the "copy protection" are much more difficult to discuss; after all, that's the DMCA, which is new law, and not very well understood.

All that said... I agree, I'd love to see Microsoft explain this one to Judge Jackson.

Re:Good/tough questions. Too bad they're irrelevan

[seebs]

"fair use" is a term of art, it doesn't just mean "reasonable".

1. Fair use is what's called an "affirmative defense". You say "yes, your work is under copyright, and I did indeed copy it without your permission, but that's okay because...", and as such, you *NEVER* argue it until you lose every other point, because claiming fair use voids most of the other defenses. You admit that you did it to claim fair use.

2. How is this "fair use"? Fair use allows for, as an example, quotes to support a point. It very rarely allows for a wholesale copying of protected material.

I would not think this would be a good case to take a "fair use" angle. Slashdot's primary defense, IMHO (and I am not any kind of lawyer), should be:

1. The "trade secret" stuff is intrinsically meaningless to many members of the community. Some of them may, indeed, have protected MS's trade secret as well as they protect their own. MS should not publish trade secrets on the internet and expect to be taken seriously.

2. Slashdot did not post the material intentionally; users chose to use slashdot to post it. This is the "sort-of-like-a-common-carrier" defense.

3. Removing the material, at this point, changes nothing. Microsoft botched, Microsoft lost control of a proprietary hack, Microsoft is now trying to regain face by making someone suffer. Let's run this by Judge Jackson.

I dunno. I think slashdot is probably close to technically in the wrong... That said, I guess they could also try:

4. The specification, while it may be copyrighted, is covered by the merger doctrine; the idea itself of the spec extension cannot be protected by copyright. The text could be, but it is hard in this case to distinguish the extension from the text describing it, and thus, protection may not apply to the work.

5. Even if we grant, for the sake of argument, that unauthorized copying has occurred, such copying is clearly in the spirit of the fair use clause, because it is necessary for people to see this material to manage compatability. Microsoft released this material after people complained about interoperability. They should cope.

Cocky

[weston]

It's true that the points raised by the questions are points to be reckoned with. It seems to this non-lawyer that Andover has a strong legal position. I expect that's the message that they were trying to send.

However, the letter is extremely cocky, and I have to say I was put off by that. Yes, to those of us who agree with Slashdot's position, it seems like a stinging rebuke. But their legal position isn't perfect, and even if it seemed that way, we all know that legal decisions don't always turn out reasonably.

I would have been happier if the cockiness of the letter was matched with a more explicit strength of exposition (No, I'm not talking about legalese or weasel words). I would be even happier still if Slashdot would actually remove the one post that they probably can still lose on (the direct posting of the spec). Even if it's LEGAL to keep that post up (and that really is the one area of this whole brouhuaha that I doubt), is it really ethical? Microsoft asked that people take steps to protect it. Everyone here knew that. Go ahead. Use any method you want to circumvent agreeing to the license. But redistributing the info is still a questionable action. If nothing else, trying to keep above reasonable reproach is good PR (ethics aside), even when up against an unscrupulous enemy. Slashdot could gain a lot of points by taking it down, and even avoid their biggest headache.

I do understand that this is being used as a battlefield for principles, and I uphold those principles. I'm very worried about our freedoms. But we need to fight wisely and make our cases tight. In the legal world, losing a battle doesn't just mean you don't gain the field, you also lose ground. I've noticed that in the computer industry, we almost seem to share certain battle chutzpah with Microsoft. Look at MP3.com throwing themselves into battle with the RIAA. It wasn't all that hard to predict that they might get caught on redistributing recordings they didn't hold the copyright too, even if they did have a fairly reasonable argument. The RecordTV.com people are doomed. Napster users who are redistributing music that they don't hold copyright on and don't have permission to redistribute don't have a legal leg to stand on, regardless of whether or not it benefits the bands (and let me insert here that I'm a musician and have freely released some of my music to be indiscriminatly copied because I beleive in the benefit). They're hurting the cause of freedom because of their irresponsible actions. If it seems to people that we are irresponsible, then the bad guys have that much more of a case for regulation. Unethical, irresponsible, and just plain bad-PR behavior provide a (not altogether) phantom menace for our greedy opposition to play with.

Bruce Perens has some insightful comments [technocrat.net] about this on technocrat.net. I highly recommend them. Open Source/Free software isn't about freedom to do anything you like without consequence. It's not about disrespecting for others, even when they're wrong. Let's make sure we are the good guys as well as fighting the bad.

(That said, I hope Andover knocks Microsoft on their unethical behind).

You missed a question guys

[Shoeboy]

Most of the posts microsoft referenced in their original complaint did not actually contain the content they alleged it did. Ask them what the #$%^ they were smoking.
I am so glad I quit my job at microsoft. I can have self respect again.
--Shoeboy
(former microserf)

Re:Nice smokescreen

[YoJ]

Let's look at a food analogy. Suppose a Cola manufacturer refused to include the list of ingredients on their cans. They claimed that their list of ingredients was "copyright", "proprietary", and a "trade secret". Would the government turn a blind eye, and even start putting people in jail who passed around the ingredient list? Of course not. The exact formula might be a trade secret. But the list of ingredients (with terms like "spices", "other artificial flavor") is not a trade secret, or even copyrightable.

This was a specification of a product that was supposedly "infringing". If people posted the source code that Microsoft wrote, that is like posting the secret formula. If people post the Microsoft Kerberos specification, they are passing around the ingredient list. Some people are allergic to nuts and need to check the ingredients; others are allergic to vendor lock-in and incompatibility.

-Nathan Whitehead

That's right. Turn it around

[Chewie]

Microsoft: "Hi, question for Mrs. Bellamy. In Episode 2F09, when Itchy plays Scratchy's skeleton like a xylophone, he strikes the same rib twice in succession, yet he produces two clearly different tones. I mean, what are we supposed to believe, that this is some sort of a, a magic xylophone or something?"

"Boy, I really hope somebody got fired for that one."

Mark Robins: "Let me ask you a question. Why would a man whose shirt says 'Genius at Work' spend all of his time watching a children's cartoon?"

Microsoft: "I withdraw my question."

Yep, you're wrong

[TFloore]

If protection of a copyright is not attempted, a copyright holder may lose the copyright to the material in question.

Sorry, that's wrong. This is true for trademarks, and I believe true for patents (not sure about that one). But for copyrights, you have no legal requirement to pursue all violators. You can be as selective in enforcing your copyright as you like, and you won't lose your copyright.

The response.

[Matt2000]

For some reason I've managed to get an advance copy of Microsoft's responses to the questions:

To Mark D. Robins,

Thank you for your interest in our proprietary protocols products. The answers to your inquiries are as follows:

1. We claimed protections mostly because we didn't think you'd notice. It pains us to realize that you were one of the few people who actually took the time to read the license agreement before clicking.

2. If you notice, our product is in fact entitled Kerberoos, which is almost completely different from the product you refer to as Kerberos. Our product is in reality a tasty, but proprietary children's cereal. Maybe you've seen our mascot Kangy the Kerberoo?

3. We deny the existence of the internet.

4. Microsoft has taken measures such as writing you this letter and threatening other people. One time on the street a guy from our marketing department made fun of a kid whom he suspected of distributing our Kerberoos brand cereal, the child began crying.

5. We have a "rewards" program that pays any person who turns in a friend for unauthorized use of Kerberoos. So far, we have paid out over $73 in rewards.

6. Most of the detrimental impact is to our already fragile emotions. The justice department has been very mean to us and we're in a pretty rough place right now. You guys showing up and just spilling all our secrets isn't helping.

7. We've found the prospective purchasers of Microsoft products like to know as little as possible before making a purchase. Did you know that we're friends with Jay Leno? Yup, now here's your copy of Office.

8. You guys suck and we hate you. Stop bringing up the damn lawsuit 'cause it sucks to. You guys are just the suckiest sucks ever.

I hope this clarifies the situation and are position. Don't hesitate to contact us by telegram or pigeon if you have any more questions.


Hotnutz.com [hotnutz.com] - Funny

Re:A Lot of Puffing, Little Wind

[halbritt]

It may very well be considered fair use. I was speaking with one of the attorneys from the copyright office at Stanford today and asked her this specific question, whether the document posted in whole would be considered a violation of copyright. She explained that it would be for a court to decide, but that it could be considered fair use.

US Code: Title 17, Section 107
Limitations on exclusive rights: Fair use

Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include -

(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the copyrighted work. The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon consideration of all the above factors.

Thus the nature of the question:
8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?

I think that in this particular case that it might fall under the "criticism and commentary" definition of fair use.

Here's their reply

[schuster]

Ladies and gentelman of this supposed jury, this is chewbaca....

Re:Just because it annoys me

[MadAhab]

He also went the extra mile when he could have advised Andover.Net to simply avoid the hassle and overule the Slasdot Editors, and gotten paid the same amount.

While I agree with your sentiment, ./'s lawyer has a very strong obligation to defend their interests, which in this case means refusing to allow censorship, especially that which might compel prior restraint on speech. I'm kind of surprised not to see more legalese, and while IANAL, my lawyer is, and it's pretty obvious in this letter that he is soliciting information on some legally relevant points: how a trade secrets can market themselves as a public protocol (if they'd even called it "Microsoft Kerberos" they'd be on firmer ground), what efforts they have taken to keep their secrets a trade secret, etc.

Frankly, on that last point, Microsoft doesn't have a good answer. The information that they are claiming is a trade secret is being freely shared; the fact that the clickshit agreement claims to keep it a trade secret isn't legally binding for those in certain jurisdictions or who are under 18, so in fact, they have not made a reasonable effort to protect their trade secret. They will probably be laughed out of court by ajudge for this reason, if (s)he doesn't kick their asses for wasting the court's time.

"What's that? You mean, it's a secret, but you put in a public place where everyone can see it? Oh, they have to agree to keep it secret? What if they aren't legally able to enter into that contract? What about the people who reposted the info on that web site? Are they 18? US citizens? Did you even check? Did you try to check at any time before they downloaded the information from your site? No? Thank you, I'll render my decision on the injunction in 5 seconds... one, two, three, four, five... NO!"

Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

Re:At issue is _copyright_

[divec]

If you go and copy it and post it in full somewhere else, you are committing copyright violation.

Actually, that's not true if what you are doing counts as fair use, e.g. for commenting on the document. E.g. the Daily Mail (in Britain) recently reprinted an entire full-page Guardian article verbatim, with a small box next to it saying how this article proves that the Daily Mail has been right all along. If that can count as fair use then surely so can quoting a spec document to show that the spec is proprietory. (Of course, the newspapers mentioned are in Britain so the case law is probably all different).

Re:Yep, you're wrong

[GnrcMan]

This is true for trademarks, and I believe true for patents

Nope, not true for patents. Trademarks are the only thing with that requirement.

Example: Unisys didn't start enforcing the patent on the compression algorithm used in GIFs until the GIF was an entrenched standard graphics format.

--GnrcMan--

Re:Yep, you're wrong

[GnrcMan]

Well, you can find the DMCA here [hrrc.org], but it won't help in finding this particular aspect of copyright law. The DMCA doesn't really deal with it. Dilution is a thing which exists solely in Trademark law.

--GnrcMan--

The open source community just does not get this.

[ericfitz]

OK everyone. Step back and take a breath. It's obvious that in everyone's righteous indignation about Microsoft's proprietary extensions (PAC) to the Kerberos protocol, that very few people here have actually analyzed this with a critical eye.

First, Microsoft did NOT violate the Kerberos standard. Proprietary or not, secret or not, open source or not, they're using (according to one of the designers of Kerberos) the PAC field EXACTLY as it was intended to be used.

We can debate the morality of proprietary extensions until we're blue in the face, but it DOES NOT break interoperability, because the standard explicitly states that any Kerberos app may ignore the PAC field since it is optional.

Microsoft's implementation does intero perate [microsoft.com] with other implementations. You just can only get the PAC data from a Windows 2000 KDC, which requires you to have a Windows 2000 KDC in addition to your non-Windows TGS and AS if you want Windows 2000 clients to be able to access Windows 2000 resources such as shares in a Kerberos fashion.

As far as these questions go, most of them are not relevant:

1. How can Microsoft claim proprietary protections for enhancement to an open standard protocol?
Microsoft is claiming protection for its own work, not for the Kerberos protocol. The Kerberos standard defines the PAC field but intentionally leaves it's implementation to vendors at this time

2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?

Very easily. Microsoft is not claiming any rights to the Kerberos name, and is fully complying with the specification. They are not requesting the PAC document be removed for any reason related to copyright of the Kerberos name.

3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet
At last, a relevant question.

4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?
There is a long legal history of using licensing and contracts to protect trade secrets, and like it or not, it may be a DMCA violation to try to circumvent this license.

5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?
This is another relevant question, but maybe less so than it initially appears, because there may be a copyright infringement issue here.

6. How could posting of the Microsoft Kerberos specification on Slashdot have any detrimental impact on the market for authorized distribution of Microsoft's version of Kerberos?
Irrelevant- you allowed to be posted (and have so far failed to remove) information that you did not have the legal right to post.

7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?
This is exactly why the specification was published

8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?
It is completely irrelevant to the antitrust case. That notwithstanding, Slashdot users DO have the right to view the specification, and to comment on it, provided that it is obtained lawfully

kerberos first, Microsoft second

[heiho1]

For anybody who hasn't had the chance to check it out, here are some links I found interesting:

ftp://ftp.isi.edu/in-notes/rfc1510.txt
http://web.mit.edu/kerberos/www/
http://www.isi.edu/gost/info/kerberos/open_issue s.html
http://www.isi.edu/gost/publications/kerberos-ne uman-tso.html

Further, here is an earlier page on the prospect of an upcoming NT 5 [yeah, you read it right, NT 5] Kerberos "enhancement":

http://www.nrl.navy.mil/CCS/people/kenh/kerberos -faq.html#ntbroken

My question is [ostensibly] very simple and it is really a question about the copyrighting of addendums to material which is already within the public domain. Kerberos is an open Internet protocol that has been widely published, analysed and freed by its creators and maintainers for general public use. Unknown numbers of users make use of this protocol daily. Microsoft has published a copyrighted extension that purports to be a "trade secret"... There are a number of relevant issues with this:

1) Microsoft has indeed created an addition to the Kerberos protocol by making use of a currently unused data field within Kerberos packets to inject OS specific data into what network systems will identify as Kerberos authentication packets. If Kerberos is an open protocol and the net effect of the Microsoft extension is to effectively nullify the inter-operability of non-Microsoft Kerberos clients which access the Microsoft specific pseudo-Kerberos servers, then the additional data field could constitute an attempt by Microsoft to deny users the free use of a previously open protocol.

2) How can a document which is not encrypted and yet publicly traded over an inherently insecure network [which is the Internet] be considered to be a trade secret? If the trade secret nature of the document is inapplicable [because only a token effort at security was established] and the intention of the copyright was to enforce the trade secret nature of the document, then is the copyright itself valid? Put another way, is there not a requirement on the part of the corporate entity to ensure proper security measures in order to claim the establishment of a trade secret and the related copyright of that trade secret?

3) The specification which Microsoft has published is an addition to the Kerberos specification. The Kerberos specification is within the public domain and any modifications to that specification affect current users within the public domain. What are the issues with copyrighting [and attempting to hold secret] an addition to a public specification? Are there any fair knowledge restraints upon such modifications to an open protocol?

I am not an expert in copyright law and only have a basic understanding of Kerberos, however the issues involved with this seem understandable and the above questions are based on an "a priori" understanding on my part which I am attempting to validate.

I do not think that blatant disregard for a copyright is a good thing, however I do not support the restriction or intentional damaging of an open protocol through questionable corporate actions. The copyright itself is present in the posting on Slashdot and my question is if the copyright itself is viable given what it is attempting to copyright. If the copyright is valid, then the posting of copyrighted material was the action of a single user, not that of Slashdot and hence at most a single post is affected under any legal resolutions. Further, Microsoft states clearly that their posting is an attempt to enable assessment of the level of security which their proposed specification represents. This is an accepted practice among the cryptographic community for engendering higher levels of security through public scrutiny. The attempt to restrict the propagation of knowledge gained through that scrutiny has a number of ramifications which separate it from the accepted practice:

1) the knowledge of any flaws in the specification cannot be made public

2) the knowledge of genuine enhancements represented by the specification cannot be made public

3) the public nature of the Kerberos specification is inherently affected by additions to it which are not public

Again, while I am not a lawyer and not a Kerberos guru:

1)I am certainly capable of using Kerberos for authentication needs

2) I can read a specification pretty well

3) I fully support the *right* of users to have a *freely* secure and *consistent* means for navigating the Internet and establishing their identities. Kerberos represents such a means and I therefore consider it to be a public property which may not be crippled or damaged without such damage constituting an attack upon the rights of the public as a whole.

I am very interested in any expert opinions upon this issue...

How binding is all this?

[konstant]

This is exciting. It's like watching the future of MS Kerberos unfold before our very eyes. Many of the "questions" (apart from the antitrust references, which I think are kind of weak) are excellent, probing challenges to the MS claim of proprietary rights. I can't wait to see how Microsoft responds.

But I have a question for the legally inclined. How binding are all of these thinly-veiled hostilities? For example, what would have happened if Andover hadn't replied to Microsoft's letter? Were they obligated to under law? And similarly, is Microsoft required to respond in kind?

I'm curious because it seems that, if the conspiracy theories about MS Kerberos were true (not that I would know) then wouldn't Microsoft be reluctant to address these thorny points? Can they drop this all and go home now, or are they formally bound to answer?

-konstant
Yes! We are all individuals! I'm not!

Yeah.

[cdlu]

Well said, Mr. Robins.

The message gets right to the point of the matter, but does it really get to the legal issues. Whether or not it makes any -sense- for Microsoft to do what it is doing, does it not still have the legal -right- if not a legal obligation to protect its copyrights, or face an inability to enforce its position at a later date?

Re:Not to me, not to me.

[dbrutus]

Perhaps you didn't see it but what struck me as most clever in his response is what he did not say.

He did not make any refusals to do anything about Microsoft's demands at all. He did not say that Slashdot would comply or not comply. You cannot be in serious defiance of the law when you are making good faith efforts to separate out true, lawful claims from the false ones. IMO Microsoft made both and probably hoped that a panicked slashdot crew would just fold entirely.

Beyond the wise use of silence on matters that aren't ripe, he also asked several important questions to determine the legality of some of MS's demands, specifically, the demands to take down links and instructions on getting around the clickwrap license. There currently isn't any injunction filed, time is on the side of right and light for now so the more questions asked the better. The answers are mostly known from external observation but to bring them up now is going to aid in creating useful stipulations of fact later (i.e. when MS does get a friendly judge to slap an injunction on) when time is not on our side. Stipulations of fact take away territory that MS can use to delay when they have the upper hand and wish to drag things out.

All in all a good effort. Bravo

DB

Re:Nice smokescreen

[wass]

The fact of the matter is that Slashdot's servers contain copyrighted material. The copyright holder asked that it be removed. Your response seems to be, "well, you suck, and should never have copyrighted it in the first place. Nyahh!"

While ./'s servers may contain copyrighted material, I believe Andover's lawyers are entitled to obtain as much information as possible about that accusation before blindly following the suggested actions of MSFT's attorneys. If they followed up immediately on MSFT's lawyers' suggestions, and removed all the posts (or even some of the posts) there may be unforeseen consequences that they'd like to avoid. Notably, the prospect that by censoring material on /., they then become liable for all material subsequently stored here.

Just because they haven't removed one or more of the offending posts now doesn't mean that they don't intend to eventually do it should they find they are in copyright violation.

Perhaps they're thinking of taking it this the max, and seeing if there is such a thing as full unbridled freedom of speech, with regards to services provided by a US company. That being, is it possible for a US entity to provide services that allow posters to write anything in an unmoderated forum open to public viewing? Or will all 'open' US forums in the future eventually need to be moderated to some extent.

Re:A Lot of Puffing, Little Wind

[wass]

Trade secrets are only trade secrets if the company tries to keep them secret. Microsoft didn't try very hard here... silly clickwrap agreement, Kerebros is for everyone.

I've heard a viewpoint previously mentioned (maybe on linuxtoday instead of /.??) but it's a very interesting notion. At the risk of being redundant, I'll reiterate it. Perhaps, they (ie, MSFT) wanted the standards to be downloaded/publically posted/pirated/etc.

MSFT knows it cannot prevent the inevitable reverse-engineering of their proprietary protocols. So how do they combat such reverse-engineering? Do the unthinkable. Publish the trade secret, under some form of clickwrap EULA. Thus, when the reverse-engineering finally happens, they can point to the online document, and show that information on their webpage was used in the reverse-engineer. Thus, their EULA was violated, and hence SAMBA et al are in violation of the DCMA.

I really like Andovers' lawyers' responses to MSFT, though. Instead of showing why they feel Andover is operating legally, they seek specific information from MSFT's team of sharks^H^H^H^H^H^Hlawyers, to show why they may be violating the law in the first place. At least Andover is making MSFT's lawyers get their money's worth, instead of eagerly submitting to their legal might. This is getting very interesting indeed.

About the Lawyer

[Tax Boy]

From the firm's website: http://www.hutchinswheelerdittmar.com

Mark D. Robins

Mark is an Associate of Hutchins, Wheeler
& Dittmar and a member of the firm's
Litigation Practice. Mark's practice is
concentrated in the areas of commercial
litigation, intellectual property and insurance.

Mark received his B.A. from Trinity
College and his J.D., cum laude, from
Boston College Law School. He was Law
Clerk to the Honorable Joyce London
Alexander, U.S. District Court, District of
Massachusetts.

Mark has written the following articles:
Computers and the Discovery of
Evidence: A New Dimension to Civil
Procedure, 17 J. Marshall J. Computer &
Info. L. (forthcoming 1999); Electronic
Trespass: An Old Theory in a New
Context, 15 Computer Law. 1 (July 1998);
The Reformation Defense to Motions for
Preliminary Injunctive Relief in
Trademark Litigation, 16 IPL Newsletter
10 (Spring 1998); Intellectual Property:
The Path to Preliminary Injunctive
Relief, 24 Massachusetts Lawyers Weekly
2180 (July 1, 1996); The Resurgence and
Limits of the Demurrer, 27 Suffolk U.L.
Rev. 637 (1993).

Re:A Lot of Puffing, Little Wind

[rich_e_larson]

As such, as much as I hate to say it, if any comments quoted more than a reasonable fair use section of the document, Slashdot doesn't have a legal leg to stand on and this is just a bit of grandstanding.

Actually quoting an entire document can fall within the fair use doctrines. For example if I had quoted your entire comment. But don't just trust me, trust a harvard law professor:
See the amusing link [harvard.edu]of Harvard law professor William W. Fisher, III where he copies a suck.com [suck.com] article, presumably for a class. He also mentions a recent case [harvard.edu] which states:

The Fair Use Doctrine allows certain use of copyrighted material under special circumstances. Four factors weigh for or against fair use: (1) purpose and character of the use, (2) the nature of the copyrighted work, (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and (4) the effect of the use upon the potential market for or value of the copyrighted work. (Click here [cornell.edu]to see the complete "fair use" doctrine)
I would argue that it is hard to comment or report upon something without actually viewing what it is that is to be commented on. So even those posters who merely posted the entire document could be said to be furthering disscussion on the document. Especially since Slashdot is a disscussion forum where posts are not to be read in an individual way but rather as an ongoing corespondence between posters.

Quoting selectively from the fair use section of the us code 17 section 107 [cornell.edu]
the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. Plainly Microsoft doesn't have a leg to stand on. But we all knew that didn't we?
-Rich

Well thought out

[Crowdpleazr1]

A very direct, to the point, and well thought out response. I think we can all agree though that Microsoft isn't about logic, and is all about stampeding anyone in their way. I doubt they will even bat an eyelash at your letter, and instead take it right to court. If they can tell Judge Jackson to his face he's wrong and an idiot, they won't even think twice about doing it to you.

However, I very much wish you the best of luck, and I agree exactly with your letter. Just another case of a corp trying to turn might into right.

Praise for Slashdot's stance in _Boston Globe_

[Seth Finkelstein]

More good press for Slashdot's actions, from a column in today's Boston Globe [boston.com] :

Self-inflicted wounds [boston.com]

Last week, when the popular Slashdot Web site published the Microsoft document with the copyright warning removed, Microsoft e-mailed Slashdot and threatened to sue. So far, Slashdot has refused to change its ways.

Perhaps it's eager to see whether Microsoft, a company on the verge of being ripped apart for antitrust violations, would be stupid enough to pick a fight over Kerberos.

Response is *excellent* and *relevant*

[Seth Finkelstein]

Several people have said that the reply is irrevelant. But the points in the response are deceptively simple. They actually go to the heart of Microsoft's claims. For example:

3. How can Microsoft claim trade secrecy ...
4. What measures has Microsoft taken to protect the trade secrecy ...
5. ... only distributed to persons who are capable of entering into a binding contract ...

These are aimed at attacking Microsoft's claim of trade secret status.

For how this works, see the material at TRADE SECRET FAQs (Answers to Frequently Asked Questions) [patentcafe.com]

and

7. ... informed judgments regarding interoperability ...
8. ... for purposes of commentary and criticism ...

(emphasis added)
These are trying to establish fair use defenses against the copyright claims.

The lawyer is so good he can actually make his points in English!

Re:Yeah.

[blakestah]

Whether or not it makes any -sense- for Microsoft to do what it is doing, does it not still have the legal -right- if not a legal obligation to protect its copyrights, or face an inability to enforce its position at a later date?

With respect to copyright, there are a few critical issues. Fair use dictates what rights the consumer, in this case anyone who downloaded the specs, has. Part of fair use dictates that due consideration be given to
1) potential impact on the market of the copyright
2) potential impact on the reputation of the author.

Now, in this case, /.'s attorney chooses to focus on the market for the protocol, not the market for the document itself. This relates to the issue of the document being a trade secret.

However, no one violated any binding trade secret agreements to reproduce the document. Let's not forget, this document was freely distributed worldwide by Microsoft.

There are no issues with respect to copyright value (it is free as in beer) or reputation of the authors.

Other aspects of fair use involve the portion of the copyright used, and the commercial or non-profit use of the copyright. All of it was used, with no money being made by anyone.

But the attorney does, in a sense, get to the point by asking about potential damages. The real threat is that Microsoft could sue over damages. But it is hard to imagine that any damages exist. So it could be a legal argument like
Well, you are technically correct, but enforcement of legal copyright only allows damages, which would be rated at exactly zero dollars, so go home and think about all the publicity we will be able to pump out of this while you think about suing us for zero dollars and wasting the courts time (judges really like that, you know).

Re:How binding is all this?

[blakestah]

But I have a question for the legally inclined. How binding are all of these thinly-veiled hostilities? For example, what would have happened if Andover hadn't replied to Microsoft's letter? Were they obligated to under law? And similarly, is Microsoft required to respond in kind?

Copyright violations are civil matters in which damages can be awarded. Both parties have an obligation to try to resolve the matter amongst themselves before heading for a courtroom. Failure to do so will not be taken lightly by the judge.

The issues here, though, relate to damages. If it is considered a trade secret, how does exposure of the secret damage the value of the protocol more than it would be damaged without the exposure of the secret? The answer is clearly none since the secret was posted on the Internet.

How does posting the copyrighted material devalue the copyright or the reputation of the author ? The answer, once again, is not at all. This copyright was free.

Since there are no damages, the copyright issue is substantially weakened. Basically, I don't think M$ has a prayer.

For some reason, people seem to think that you can never post copyrighted material without permission. However, you can. It is called fair use [loc.gov] .

That being said, I don't think Microsoft has any reason to answer questions unrelated to trade secret exposure or copyright violation and damages. Those questions are sort of included to improve the public's perception of /. Such irrelevant questions would include


1. How can Microsoft claim proprietary protections for enhancement to an open standard protocol?

2. How can Microsoft use the Kerberos name, which signifies an open standard protocol, in connection with a proprietary protocol?

7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?

8. Why shouldn't Slashdot users and the general public be able to view this protocol for purposes of commentary and criticism in light of its apparent relevance to issues in the government's antitrust litigation?

Another standard, SOAP(Simple Object Access Protoc

[deadl0ck]

Looks like MS was at it again. And they complain about the AIM standard.

An excerpt from the article

But here's the rub: According to the Seajug poster, Microsoft got wind of a SOAP presentation to be given by a former Microsoft tools developer to the Java user group and sent in the troops (including a number of former Microsoft colleagues) to make sure the former employee didn't break any NDAs. .

Another story [yahoo.com] on MS and standards.
--

It could use a better ending...

[TopShelf]

Something like "I fart in your general direction, you silly, proprietary kniggits!"

You fought back! egad!

[JohnG]

To be honest I don't think that Microsoft really expects most people to fire back with comments like that. They like to think of themselves as the bully and think that everyone will just fold over. It is especially arogant of them in light of recent and pending court cases against them however they haven't stopped trying to bully people (remember the gernman linux site having to take down "where do you want to go tommorow") or using dirty tactics.
I would think that if they wanted a softer punishment from the governemt the least they could do is prove that they could be good on their own for at least a little while.
Anyhow I am very interested in their response to this (although I doubt that there will be one)

Re:A Lot of Puffing, Little Wind

[bakreule]

Very, very true. The law does cover Andover's liability concerning this, unless Andover took it completely to court to challenge the law.

The next step is to see if M$ even decides to respond, or even if they care. I think it's very possible that M$ started preparing their lawsuit even before they got a response from Andover. It wouldn't surprise me if they just ignore the questions and just went ahead with attempting to legally get the posts off /. If that's the case then they intend to use /. as a guinea pig, one that needs to be squished harshly. There were a bunch of comments on the original M$ article that said that M$ is looking way into the future and using this (if successful) as a means of control over releasing code and still having power. I'm starting to see the merits in this conspiracy theory. I don't think much of M$'s response to this will surprise me, whatever it might be (it wouldn't even surprise me if they just drop it, though that seems unlikely).

It was a very well thought out response, but I'm not cheering yet. Many a web site has originally given the finger to big corporations only to turn around and comply when the screws were tightened. I must give credit where credit is due though, they didn't skirt around the issue. They said exactly what needed to be said to M$ to challenge these inane policies and requests.

Well done, but the storm is just coming.

Re:A great response!

[TheCarp]

Well the feild that Microsoft used was "reserved"
that means "If you use this slot, you are
violating the protocol - it is reserved. The next
version of the protocol may use this"

If you use a reserved slot, in any protocol, then
you are violating the protocol. Kerberos is
Kerberos because ANY server that impliments the
protocol can talk to ANY client that also does.

Mickeysoft has made a client that does NOT speak
the protocol properly. It is NOT compatible with
protocol complient servers. Therefore it is NOT
kerberos, it is a broken Kerberos-like protocol
that they are using.

Calling it Kerberos is a lie. Saying that a system
uses "Kerberos" means that it will work with any
server that impliments Kerberos. That is NOT true.

A suit should be brought against them for "False
Advertising" for saying that Microsoft Windows2000
uses Kerberos.

Re:How binding is all this?

[davejenkins]

I agree that certain questions do not relate directly to the issue of percieved damages or the amount of exposure, but those questions DO work toward the larger argument that no proprietary property exists in the first place (because Kerebos began as an open standard).

If I were working on Slashdot's defense, I would quickly muddy the waters about who owns what and what is open source. By so doing, M$ would then be burdened with showing proof of what exactly it claims to be proprietary, and slashdot could counter each point with the open standard roots.

M$ lawyers would anticipate this (because the questions are here in front of us), and would sense the risk of opening an even bigger can of worms: just how much code does M$ 'embrace and extend' from the open source community? The answer isn't important-- the question is too damn close to the gov't claim. In the end, the risk is too great, and M$ would back away slowly.

Talk about skirting the issue

[GhostCoder]

Good points, but what's the point? Here is Microsoft's key complaint:

Included on http://www.slashdot.org are comments that now appear in your Archives, which include unauthorized reproductions of Microsoft's copyrighted work entitled "Microsoft Authorization Data Specification v.1.0 for Microsoft Windows 2000 Operating Systems" (hereafter "Specification"). (Bold added for emphasis)

Regardless of whether or not Microsoft is allowed to attach the Kerberos name to their protocol, or whether or not it's technically still a Trade Secret, Microsoft still owns EXCLUSIVE copyrights to said work, and if someone is redistributing that work, then there are laws being broken.

In some ways I'm surprised that you actually paid your lawyers for this (or should I say "lawyers"), on the other hand, it is a good deflection tactic (one that the hyper-aggressive Linux/OSS advocates (fanatics) in the IRC channels I frequent use to derail perfectly valid points) so maybe it is worth the money.

1) They never did in the e-mail they sent to you.
2) Not once do they mention "Kerberos" in their request.
3) They don't mention "trade secret" either. The closest they come is proprietary, which can also mean exclusive rights.
4) Again, not relevant to the request.
5) Not relevant to the copyright infringement alleged.
6) Lack of harm does not make copyright infringement legal.
7) Irrelevant to copyright infringement allegation.
8) There's no reason why they shouldn't be able to, but it's up to Microsoft to let that happen. They own the copyright on the work so they can do whatever they want.

On another note, I notice that Microsoft recognizes who owns comments:

Under the provisions of the DMCA, we expect that having been duly notified of this case of blatant copyright violation, Andover will remove the above referenced comments from its servers and forward our complaint to the owner of the referenced comments. (Bold added for emphasis)

In short: You might want to address the claims that Microsoft has laid forth in its letter. The other questions are great, yes, but is not going to get you very far in stating your case as for why unauthorized reprodctions of copyrighted work appear on your site. Even if Microsoft relinquished all rights that they have to the specification, the infringement still occurred in the past and is punishable.

Re:Devil's Advocate: Pt 5

[heikkile]

Shooting the points down:
Microsoft therefore has a reasonable expectation that:
A. Only professional IT personnel would be interested in obtaining the specification, and
B. Anyone qualified to be an IT professional is also qualified to enter into a binding contract.

A: many amateurs have shown interest. This argument is anlogous to claiming that a truck is of use only to professional truckers, therefore anyone owning a truck, or reading about one, must be professional trucker, and thus aware of the various rules and regulations concerning transportation of dnagerous materials.

B: There are many examples of people under the legal age writing and selling software. I have done it myself. None of those contracts would have been valid (in Finland, where it happened, and presumably also in the US) without my fathers written consent on them.

Re:Yeah.

[kspencer]

CDLU said, "...but does it really get to the legal issues[?]"

And the answer is yes. Look at the questions again, and do so with a copy of the DMCA in hand. See, there are little loopholes in the DMCA which are being opened by this article. Let me point you to one - not all, but one.

See section 1302 of the DMCA. It's the section which lists what CANNOT be covered by the DMCA. Item 5 is of particular note. Paraphrased, it says that the DMCA can't be used to protect something which is merely an extension of something else which is public property. Such as (I imagine) a proprietary extension of a widely established open source service - say, Kerberos?

Each of the points in the letter have similar critical points. As another poster noted, what this letter is doing is challenging the claim of copyright or trade secret (interesting how Microsoft is claiming both here) which gives them the right to conduct the exercise in the first place.

Isn't This Hypocritical of Slashdot/Andover?

[sigwinch]

<rant color="flaming crimson">

While Robins' letter to Microsoft thoroughly adressed the trade secret issue, the copyright issue is painfully conspicuous by its absence. One of Microsoft's complaints is the posting, without permission, and contrary to copyright law, of a document authored by Microsoft. I am interested to learn Andover/Slashdot's opinion on this issue, which they have so far ignored.

Unfettered speech with no responsibility is an attractive concept, but Andover and Slashdot are based on restricting other people's speech, through the mechanism of copyright. Just look at many of Andover's properties and associates: Slashdot, ibooks.com, Andover News, Manager's Journal, Internet Traffic Report, and Techsightings, to name a few. All of them base their profitibility (or hope thereof) on copyright law. How happy would Andover management be if someone started duplicating Andover sites, but pointing the banner ads to their own clients?

Even the GPL, the holy document of the free software movement, gets its teeth from copyright law. (You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License.)

This is a serious matter: copyright law allows you to maintain your monopoly using the minimum amount of force necessary to compel others not to violate your license. It starts with cease-and-desist letters, proceeds to court orders, and can end up involving physical force -- even deadly force, to maintain the copyright holder's government-protected monopoly.

So, Andover.net, what's your defense? How come you can have copyright, but Microsoft can't? Perhaps free speech? Or is it gonna be Maintaining the Freedom To Innovate(tm)? (Hah!) "We have to protect our Way of Life, and you have to break a few eggs to make an omelette"? Or is the Kerberos extension a domino, and "we have to stand firm to keep all the dominoes from falling and crushing the Free Software World"?

What's the answer, Andover.net? We're waiting, and some of us don't like the hypocrisy we are seeing.

</rant>

Re:How binding is all this?

[Andrew Cady]

if the conspiracy theories about MS Kerberos were true

Oh yeah, "conspiracy theories". Microsoft was just found guilty of such a "conspiracy" in a US court of law. And the Halloween documents indicate that such "conspiracy" is a common and intentional MS strategy.

It's not a "conspiracy theory", but an extrapolation of their past behavior, to say that MS's ultimate strategy is that a person will have to choose between an entirely non-MS setup and an entirely-MS setup, rather than have any application compete on its individual merit. "De-commoditize protocols & applications", eh?

Microsoft's response

[neildogg]

1. Simple. We are better than you and will crush you if you try to come in our way.

2. We thought Kerberos sounded cool, that's what we've always called the fat guy in tech support. We didn't really care if we were using it properly or not. Remember that we use the term "innovation". LOL, as if that had anything to do with our products.

3. We have absolutely no idea what a trade secret is. We have this one programmer who actually knows what he's doing (he's the one who wrote notepad and internet connection sharing) and he said trade secret before, so we used it.

4. Microsoft is slowly killing those that use this top secret information outside of the program that protects this top secret information.

5. We hadn't thought of that. That's a pretty good question.

6. People that use Linux are bad. Do you know how much time we had to waste on actually advancing our software because of stupid Linus Torvalds. Ooh, I'm going to write a revolutionary OS shell and distribute it freely to the world. So, pretty much, we don't really know. We just know that you guys like Linux and Linux is bad.

7. HAHA. Incompatibility. What do you think the point of our software is?! Haven't you read some of our marketing. It's a bunch of crap. We trick stupid people into buying the software by creating really neat names for our new stuff then pretending that it's revolutionary. Hence "innovation". All we do is turn "Make new connection" into "Dial-up Wizard" and BAM, we have more money.

8. Because, frankly, Bill's at a hard time in his life. Have you ever seen the hate sites about him? He lost like 17 billion dollars for crying out loud. Can't you just be nice to him and not criticize his precious software. Innovation is Bill's life, it's not the money, it's making users happy. Sorry, I'm going to cry.

Re:A Lot of Puffing, Little Wind

[TheLaser]

This whole thing sinks or swims on the trade secret argument.

Well... there is a little more to it than that... Microsoft is pulling this thing under the DMCA, and that deals more with the copyright on the document, rather than it's trade secrectness. The posting of a copywritten Microsoft document, regardless of it's availability, is still a violation of copyright.

Re:Nice smokescreen

[susano_otter]

The fact of the matter is that Slashdot's servers contain copyrighted material.

#disclaimer=IANAL
Not true. The fact is that the material is allegedly copyrighted. The law may be unclear in this case, and is anyway certainly open to interpretation. Ultimately, the arguments for and against M$ claim would be heard in a court of law, and judged by legal experts according to their merits.

Your response seems to be, "well, you suck, and should never have copyrighted it in the first place. Nyahh!"

Again, not true. The response has been to challenge M$'s claim of trade secrecy, which I understand to be a condition mutually exclusive of copyright. And keep in mind that this response doens't preclude Andover from arguing against the copyright claim at a later date.

The point is that they did copyright it. Slashdot is in the wrong.

Well, they claimed they had copyrighted it. Slashdot may be in the wrong. Then again, maybe not. If neither side backs down, then the courts will decide whether or not this is in fact the case.

Here's my question: Is this going to be Slashdot's official policy? That you will never remove copyrighted material if the copyright holder asks you to? Or is this a special rule only for Microsoft?

I think this has always been Slashdot's policy, whether "official" or not. As implied in Roblimo's initial reply, and at the top of this legal response, and in the ongoing discussion in this and other forums, Slashdot may in fact have no duty under the law to remove any copyrighted material posted by users.

A Lot of Puffing, Little Wind

[__aapbgd5977]

This whole thing sinks or swims on the trade secret argument. Can a trade secret be widely distributed and protected with a clickwrap agreement? The law covering Andover's liability for postings is pretty settled.

Trade secrets are only trade secrets if the company tries to keep them secret. Microsoft didn't try very hard here... silly clickwrap agreement, Kerebros is for everyone.
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."

Re:Yeah.

[M. Silver]

a legal obligation to protect its copyrights, or face an inability to enforce its position at a later date

Nope. Trademarks work that way, but copyrights don't. (They used to, many many years ago, but they don't nowadays.)

Always fight back!!!

[www.sorehands.com]

If you don't fight back, then the corporations that abuse people (smaller companies) like that would not only get away with it, but scare others from standing up for their rights.

Re:Excellent

[Geo++]

Ya, Slashdot doesn't really have a traditional legal team. They just post a few relevant articles and use the top 10 moderated comments as legal defence (AKA open source litigation).

Wow, they're professionals!

[dmccarty]

Very truly yours,
- Mark D. Robins

______________________________
Mark D. Robins
Hutchins, Wheeler & Dittmar
A Professional Corporation

Boy, it sure is good to see you guys picked a professional corporation! (You never know when you might get hoodwinked by some "amateurs.")

--

Just because it annoys me

[pugugly]

[soapbox]
To sit there and use the term 'albeit a filthy lawyer', when the man is bailing out your (and mine, and every other /.'r) ass is just plain rude.

The man is a professional. He also went the extra mile when he could have advised Andover.Net to simply avoid the hassle and overule the Slasdot Editors, and gotten paid the same amount.

Next time insert your brain into the loop between spinal reflex and larnyx.
[/soapbox]

Pug - the Rude crude and socially unacceptable

This has been a test of the Slashdot Broadcast Network . . .

Re:You fought back! *but with the wrong letter!*

[Lord Ender]

because what they should have said is

"By reading this letter, you hearby agree to drop any legal action against andover.net and agree not to ever sue anybody again."

heh. clickwrap my ass.

The nerd that roared (/. cant lose)

[daninja]

Fighting back is a win/win course of action for Slashdot. Any losses due to lawyer fees and court awarded damages (to MS) will be more than made for by a tremendous amount of very positive publicity.

Look at the many intertwined issues and conflicting forces:

• freedom of press vs. corporate bullying
• freedom of speech vs. censorship
• open standards vs. proprietary extensions
• open source vs. kludges hidden behind "trade secret"
• interoperability vs. lock-out by design
• David vs. Goliath
• Good vs. Evil

It's not only a great time to be sued by Microsoft, it's a great set of issues to be sued over! It's really too perfect to have not been carefully orchestrated. My hat's off to whoever engineered this. It is a Beauty. I can see how Microsoft, being such an incredibly predictable and narrow minded beast, (and being somewhat preoccupied with other matters) could be led through a few hoops, but the one thing I can't figure out is how you got them to publish their Kerberos extensions on the internet and claim that it's a trade secret. That part must have been an "inside job". I'm sure /. will deny that any part of this was planned in any way. Of course, it couldn't have been (wink, nudge).

Congrats, /., on a job well done.

Damage control at MS.

[Pinball Wizard]

Not only does MIT hold the copyright to the name kerberos(which should preclude any legal action by MS) but...

They have also given themselves a way to ensure interoperability among all versions of kerberos!

From RFC 1510:

In order to ensure the interoperability of realms, it is necessary to define a minimal configuration which must be supported by all implementations. This minimal configuration is subject to change as technology does. For example, if at some later date it is discovered that one of the required encryption or checksum algorithms is not secure, it will be replaced.

Microsoft seems to really have worked itself into a pickle. On one hand, they have woven kerberos so tightly in with Active Directory that it would take a major overhaul to make it compatible with other versions of kerberos, even if they decided that was the smart(customer-saving) thing to do. On the other hand, according to their technet page [microsoft.com] interoperability is their top IT goal. MIT could press them on this, take away their right to call the software kerberos, or insist that MS publish the extension to qualify for the interoperability rule.

I'm starting to wonder what the people at Microsoft in charge of this stuff are thinking. Clearly they have a weak legal case, at best. They have got to be in damage control mode right now, both on the public image front, and for the folks at MIT and the IETF who are undoubtedly pissed at MS.

In fact, it wouldn't surprise me that this letter was a result of someone on the legal team seeing the post and acting on it without consulting management. I bet Microsoft would love to just drop this and hope everyone forgets about it.

Re:A Lot of Puffing, Little Wind

[muldrake]

I would argue that it is hard to comment or report upon something without actually viewing what it is that is to be commented on. So even those posters who merely posted the entire document could be said to be furthering disscussion on the document.

At least one 9th Circuit judge disagrees with you. Judge Ronald M. Whyte, who is also the judge in the Sun v. Microsoft [techweb.com] case, ruled against H. Keith Henson for doing precisely this--posting the entirety of a short document on a Usenet newsgroup to discuss its ramifications. A Wired article [wired.com] discusses this. It was Henson's contention that the document, NOTS 34, demonstrated illegal practice of medicine by the Scientology cult [xenu.net].

Judge Whyte was roundly criticized in a Wall Street Journal [rickross.com] article for "Pecksniffian literalness" and for having "turned copyright law on its head."

The document, NOTS 34, is discussed, along with many other such documents, at Dave Touretzky's NOTS Scholars Page [cmu.edu], and a description of the earlier parts of the trial is at Ron Newman's old page [thecia.net] while the jury trial for damages is transcribed at Sten-Arne Zerpe's page [wineasy.se]. Incidentally, Judge Whyte dismissed trade secret claims in this litigation based on Internet distribution, as well as similar claims in other cases [xenu.net].

More Importantly...

[LaNMaN2000]

It is far more important to conjure up bad publicity for Microsoft. The fact is that Andover.net has far fewer legal resources and would want to avoid a prolonged legal battle if at all possible. At the same time, Microsoft is probably unwilling to risk even more bad publicity (Wired has already ran a story about Microsoft's letter) while they are running an expensive PR campaign to bolster support for them in the anti-trust trial.

If other media outlets begin to carry the story, and portray Microsoft as heavy-handed, then we will have succeeded in diminishing the effect of MS's brainwashing. Write letters to media companies with links to the articles on Wired and Slashdot.

Nice smokescreen

[Reality Master 101]

Unfortunately, none of those question have anything to do with the matter at hand.

The fact of the matter is that Slashdot's servers contain copyrighted material. The copyright holder asked that it be removed. Your response seems to be, "well, you suck, and should never have copyrighted it in the first place. Nyahh!"

The point is that they did copyright it. Slashdot is in the wrong.

Here's my question: Is this going to be Slashdot's official policy? That you will never remove copyrighted material if the copyright holder asks you to? Or is this a special rule only for Microsoft?

--

Re:Response is *excellent* and *relevant*

[jestapher]

Several people have said that the reply is irrevelant. But the points in the response are deceptively simple. ... These are trying to establish fair use defenses against the copyright claims.

Agreed. US Code Title 17, Section 107 states:

"Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright."

They are arguing that the posts are for purposes of "commentary and criticism" and thus are protected by the "fair use" clause of Title 17 Section 107. I doubt "fair use" applies to trade secrets, however, so they've got to argue that it's not a trade secret, which shouldn't be too hard since Microsoft released it to the public.

The rest of the questions were probably the result of a "what do you want to ask Microsoft's lawyers?" auction over at the VA Linux offices.