Three Years Later And The Copyright Office Still Can't Build A Functioning Website For DMCA Agents, But Demands Everyone Re-Register
Furnished content.
In early 2016, we wrote about an absolutely ridiculous plan by the Copyright Office to -- without any basis in the law -- strip every site of its registered DMCA agent. In case you're not aware, one of the conditions to get the DMCA's Section 512 safe harbors as a platform for user content, is that you need to have a "Designated Agent." As per 512(c)(2), it says:Designated agent.The limitations on liability established in this subsection apply to a service provider only if the service provider has designated an agent to receive notifications of claimed infringement described in paragraph (3), by making available through its service, including on its website in a location accessible to the public, and by providing to the Copyright Office, substantially the following information:(A) the name, address, phone number, and electronic mail address of the agent.(B) other contact information which the Register of Copyrights may deem appropriate. The Register of Copyrights shall maintain a current directory of agents available to the public for inspection, including through the Internet, and may require payment of a fee by service providers to cover the costs of maintaining the directory. Note that this says that Register of Copyrights shall maintain such a list. However, the Copyright Office, decided back around 2016 that there were too many "old" registrations in the database, and decided to literally dump every single registration, despite the law not allowing it to do so. It then instituted a new plan that said -- again, without any legal basis -- that every site not only needed to register, but it would need to re-register every three years or it would lose the safe harbor protections, which could expose sites to massive liability.In late 2016, this plan went into effect, and I detailed the incredibly bad computer system that the Office had put in place to handle such registrations, starting with the fact that the password requirements literally violate the federal government's own rules for passwords. Back in 2016, NIST told government agencies, among other things, to stop requiring random characters, upper and lower case, etc. and to stop expiring passwords with no reason.Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. So we were, well, not surprised back in 2016, that the Copyright Office's system ignored that rule not to include composition rules, and highlighted how they stupidly said:Passwords must have at least 12 characters, with at least one lower case letter, upper case letter, number, and special character "!@#$%^&*()", and must not have any repeated letters, numbers, or special characters. Not only did this violate NIST's guidelines, but it actually makes passwords significantly less secure by reducing the randomness of passwords, making them less secure.Anyway, three years have almost passed, and as per the new rules, the Copyright Office is about to kick everyone off again. For no good reason at all. Even better, they sent an email over the Labor Day weekend to alert people that they're at risk of losing their registrations if they don't re-register -- because it's not like people miss random, poorly formatted emails that literally come from "donotreply@loc.gov" when going through emails coming back from a long weekend. Thankfully, I also saw Eric Goldman's blog post about this, though I'm guessing not everyone who owns a website that needs 512 safe harbors protection reads his blog (unfortunately).Incredibly, it looks like the Copyright Office has done literally nothing to fix the problems of the system. Indeed, it turns out that things are even worse than before. Not only does the system still require "composition rules" that violate NIST's guidelines, it also expired everyone's passwords (which also violates the guidelines).It actually proved significantly more difficult than expected to create a new password. Like everyone in the world should, I use a password manager to generate and store my passwords. But because of the Copyright Office's dumb rules, none of the passwords my password manager generated would work. I kept getting error message after error message, just telling me the same dumb, pointless, rules over and over again:Even though it's literally bad practice to make your own passwords, I even tried to "edit" some of the auto-generated passwords to meet the rules, but it still didn't work, though I'm not sure why. One thing I discovered, while it says you have to use "special character" the list shown in that image is the entire set of allowed special characters. So, passwords using other special characters don't work, even though the Copyright Office's system doesn't bother to explain why it rejected your password. But special characters like "\>{]" and such don't work, even though there's no reason why they shouldn't, and most password generators will (smartly!) include them. Oh yeah, also this one stymied me for a really long time. The " mark is not allowed in a password, even though it sorta looks like it's included in that list. But it's not. It's just a pointless set of "quote marks" around the allowed symbols. This is not an intuitive system. It is not user friendly. It's is dumb, insecure, and violates NIST's rules -- as it did three years ago when I complained about it.Then you log in... and the information given to you is sorely lacking. First, at the very top, you get a message saying that the entire website may be offline for three whole days... a month ago. What? What the hell are they doing that they need to take a site offline for three whole days? And if they had to do system upgrades for that long, how the hell have they not made anything actually work right? And, most importantly, if that shutdown happened a month ago, why are they still showing the damn warning message?From there, you are shown a weird chart with a lot of useless information -- but it is not at all clear how you re-register. There is no indication that you need to re-register. There is just your "service provider name," "registration number," "status," "last updated" and the ever useless "Action" box.It turns out, to re-register, you have to click that little pencil, which the tooltip tells me is to "Edit." But I'm not "editing" anything. I just want to renew so I still am protected by the DMCA's safe harbors. It then makes me review everything multiple times, before telling me I need to pay $6, and sending me to a sketchy looking payment site (which I get is not run by the Copyright Office itself, but still).I was almost afraid to give it my credit card.Either way, eventually it "worked," but in the most fucked up of ways. The website itself is then not exactly clear if this renewal adds on to my existing -- meaning do I get three more years from the date of my original three year registration in 2016 (which would be December 1), or if it simply starts the clock anew, as of the date I paid. It sure looks like they just started a new three year clock yesterday -- meaning they cheated me out of 3 months of coverage because I dared to renew promptly. So by being good and renewing in their stupid system nearly 3 months before I need to, they just chop off 3 months of the "service" they're providing me? How the fuck is that allowed? If you look at my original listing -- even though I'd paid up for 3 full years, they now show it as "inactive" and list the new one as "active."And that's kinda fucked up. The current listing says "Active" for "September 3, 2019 to Present" which almost certainly means this one will expire September 3, 2022, even though it should go until December 1, 2022.All of this is a complete mess. It's entirely unnecessary, and as Eric Goldman notes in his piece, when the Copyright Office rolled this out it "promised a smooth renewal process." This was anything but smooth -- and it's likely that plenty of sites may miss the fact that they have to do this, or get caught up in trying to get the damn system to work. While, thankfully, this hasn't impacted any sites directly that I'm aware of, it's only a matter of time until a site that thought it had a successful DMCA agent finds out it no longer does because the Copyright Office decided to change the entire process, and apparently can't build a freaking website that works or is even up to basic federal website standards.And, sure, $6 is cheap, but it's still pretty messed up that the Copyright Office simply lopped off three months of service they owed me because their own system is too poorly implemented to know to add on another three years at the end of my existing "subscription." It seems like something that shouldn't happen -- and one hopes that someone at the Copyright Office or the Library of Congress figures their shit out before September of 2022. But I have my doubts.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 05-Sep-2019
path: /Policy | permalink | edit (requires password)
Even Kirk Herbstreit Thinks THE Ohio State Is Being THE Silliest With Its 'THE' Trademark Application
Furnished content.
A few weeks back, we talked about the dumbest trademark application I've ever seen, with the Ohio State University deciding to try to get a trademark on one of the most commonly used determiners in the English language: "The." Honestly, the whole thing is painfully stupid, as trademarking such a common word cannot possibly be worked into the original purpose of trademark law, but here we are. The only good thing thus far to come out of all of this was the University of Michigan's playful suggestion that maybe it should trademark the word "Of."Fortunately, it wasn't just us IP nerds who found all of this so silly. The public reaction writ large was fairly negative, with plenty of fun being had at the temerity of OSU. But what about OSU fans themselves? How would they react, given that all of this is built on the haughty insistence of NFL players emphasizing the "the" when announcing what school they attended?Well, Kirk Herbstreit is a useful thermometer for this, given that he is both probably college football's most recognized analyst and a former OSU football player. And, man, does he not have kind words for his alma mater.College GameDay analyst Kirk Herbstreit, who played quarterback for the Buckeyes in the 1990s, was the subject of an interview with For The Win this week. He was asked about the whole trademark situation. He did not hold back."I've never really bought into that. My dad played at Ohio State, my dad coached with Woody Hayes. Ohio State’s always been Ohio State. I have a diploma that I’m looking at right now, and it says, “The” — T-H-E — Ohio State University, and nobody’s called it “The” Ohio State University, ever, as I grew up in the ‘70s, ‘80s and ‘90s. And then one night on Monday Night Football — I don’t remember who the player was but he said, “The Ohio State University,” and it stuck. And from that point on, all the fans and everybody started saying “The,” “The,” “The.” To me, it’s Ohio State — always has been, always will be. I think it’s kind of ridiculous, the whole “The” thing.It comes across to me as very arrogant. I’m just not a fan of it. I didn’t grow up with it. Nobody’s more Ohio State than me, and I never heard it. I never heard “The” in my life until maybe about 15 years ago." Yeah, all of that. But when this move is getting this kind of reaction from someone like Herbstreit, you really have to start to wonder just what OSU is doing in keeping any of this up. It's a trademark that should, and probably will, be rejected for lacking originality and being too generic. It's a trademark that, by its nature, can't possibly be all that valuable even if granted. And it's apparently at best making the school look quite arrogant, if not creating outright anger, even among Ohio State fans.It's time to realize this play isn't working and abandon it. It's the smart thing to do.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 05-Sep-2019
path: /Policy | permalink | edit (requires password)
|
|
