Last week, a federal court in New York ruled against Cablevision’s plan to provide digital video recorder (DVR) capability that would store recorded TV programs on a central server instead of on a device (think TiVo) in a user’s home. The decision could have implications beyond Cablevision’s specific proposed offering — though the risk could be reduced if, as one part of the decision hints, future courts hold that its reasoning isn’t applicable in the context of Internet-based services.

Cablevision’s “remote storage DVR” would have provided users with the same functionality - no more, no less - as the DVRs incorporated into many set-top boxes today. But the court stressed the differences between the two types of DVRs “under the hood.” In other words, the court seemed to attach greater legal significance to the architecture of the technology than to its function. As a general matter, that kind of approach departs from the principle of technological neutrality and can be harmful to innovation.

In terms of legal precedent, though, it seems to me that the main risk is that the decision could be read to narrow significantly the applicability of the pro-innovation rule announced in the 1984 Sony case regarding the VCR. That case held that, so long as a product is capable of substantial lawful uses, the distributor of the product isn’t liable for copyright infringement committed by some users. (The 2005 Grokster case added the caveat that the distributor must not take active steps to promote the product’s infringing use.) The bottom line is, innocent innovators can devise products without being liable for how users may eventually use or misuse them.

But the Sony rule applies to products that enable users to make copies. The Cablevision court took a different tack. It said that, in the case of the remote storage DVR, Cablevision would be engaging in unlawful copying itself, not merely providing the means by which users might do so. The court drew a distinction between “devices” and “services.” It said the VCR is a device because it is a “single piece of equipment” - meaning, I suppose, that all its circuitry is contained in a tidy black box. The remote storage DVR, in contrast, consists of a variety components not so neatly contained. In my favorite line from the opinion, the court points out that a Cablevision customer “would not be able to walk into Cablevision’s facilities and touch the [remote DVR] system.”

The possible implication is that the Sony rule about products with lawful uses applies only to devices that fit inside a compact casing and are housed in locations where users can touch them and the distributor cannot. Internet-based services that involve remote storage or processing and require some ongoing actions by the provider could be excluded. Needless to say, this would be a very narrow interpretation of the Sony rule.

It also would be a serious threat to innovation. Many valuable innovations today and in the future would fail a “touch test.” One of the great benefits of the Internet is that it enables users to overcome geography. The location of storage space or processing power is losing its relevance; capabilities can be provided remotely via the network, and used on an “as needed” basis. Often these types of Web-based services are more efficient than having a black box in each user’s home. And even where capabilities rely on devices, those devices will tend to be connected to the network, so that the provider can upgrade software, add new capabilities, or interact with the user in other useful ways. They will share many characteristics of services.

When these types of new services have the potential for both lawful and infringing uses, they should be eligible for the protection of the Sony rule. The Cablevision decision has the potential to call that into question.

On the other hand, it’s important to note that the decision also contains some language suggesting that its reasoning should not be applied to Internet-based services, which handle information flowing in from many sources rather than just from the service provider itself. If future courts focus on aspect of the opinion, the risks of the decision could be reduced.

In addition, lack of Sony-based protection doesn’t translate into automatic liability. Many services involving remote storage of user-provided content should be eligible for the safe harbor provided in section 512(c) of the DMCA.

But that safe harbor itself faces an important test, and is at some risk of being pared back, in Viacom’s recently filed lawsuit against YouTube. In suing YouTube for hosting infringing videos posted by users, Viacom will need to argue that YouTube is not eligible for the safe harbor. To do so, it may seek to establish new precedent concerning when a service provider’s level of knowledge, financial interest, or degree of control concerning infringement makes safe harbor treatment unavailable. If it succeeds, the result could be narrowed applicability for the 512(c) safe harbor.

All of which means, the legal framework for innovation is in flux in some potentially dangerous ways in the courts. It’s a battle that will likely go on for some time; the Cablevision decision is likely to be appealed, and the Viacom/YouTube suit is only just beginning.

The more time we spend with last week’s federal court ruling rejecting the Child Online Protection Act (COPA), the more nice things we have to say about it. Five prior decisions have upheld injunctions against COPA (the original preliminary injunction decision, and two decisions each by the Court of Appeals and the Supreme Court upholding that injunction), but this is the first opinion entered after a full trial on the merits.

Judge Lowell Reed’s decision provides some of the clearest arguments we’ve seen — both for why COPA is unconstitutional, and for why it would be ineffective in protecting children. Reed also endorses the analysis long advocated by CDT: that voluntary Internet filtering tools provide a far more effective, and less restrictive, means for protecting kids online than do hamfisted attempts to censor broad swaths of online content.

This decision should withstand scrutiny on appeal. The Third Circuit Court of Appeals has previously been strongly skeptical of COPA. In the Supreme Court, the vote counting is a closer call, but all five Justices who upheld the preliminary injunction in 2004 are still on the Court, and more critically, the decision issued by Judge Reed strongly reinforces the factual conclusions on which the five Justices acted in 2004. The new guys on the block — Chief Justice Roberts and Justice Alito — replaced Rehnquist and O’Conner, both of whom dissented on COPA in 2004, and tea leaf reading suggests that Roberts and Alito may well end up being more supportive of free speech than their predecessors (or at least not worse).

One key question now of course is how Congress will take the decision. After the Supreme Court rejected the Communications Decency Act, we had hoped Congress would take the kind of action that could actually help kids, without violating the constitution. Instead, lawmakers passed COPA and triggered nine more years — so far — of legal wrangling.

Congress may well let the COPA appellate process play out (through, probably, 2008 or 2009). But if Congress does decide to revisit the issue before then, we hope that it gets the message this time. Rather than try to make another fruitless run at censoring an international medium with an unconstitutional and ineffective U.S. law, we will urge lawmakers to consider an approach that increases investment in education and law enforcement, and that promotes the availability of filtering tools that can help parents protect their kids in the way that they see fit. This is the approach repeatedly endorsed by experts and blue ribbon panels — from former Attorney General Richard Thornburgh in the National Academy of Sciences report to the COPA Commission to Judge Reed in the COPA decision last week. Congress should stop wasting taxpayer money trying to defend unconstitutional laws, and should put that money toward educating kids about how to stay safe online, and educating parents about how best to protect their kids.

How to create and manage individual identity is becoming a central challenge of the digital age. As identity-related initiatives are implemented in both the public and private sectors, individuals are being asked to identify themselves in some way with increasing frequency.

Obviously, identity, privacy and security are intimately related, yet the relationship among the three is often not well understood. It is worthwhile, therefore, to develop technology-neutral principles expressing how identity can be created and managed in ways that enhance privacy and security, while also facilitating services and respecting the other needs for which identification is appropriate. Private sector developers of ID technology, government officials, and public interest groups could all benefit from a guiding set of privacy principles or best practices in this area.

In order to begin the process of developing such principles, we are releasing a draft of Privacy Principles for Identity in the Digital Age. It is based on two earlier efforts CDT coordinated: the 2003 Authentication Privacy Principles and the 2006 Privacy Best Practices for RFID Technology.

The FTC is holding an identity authentication workshop on April 23 and 24. CDT hopes to testify, and we would like to use the workshop as an opportunity to expose the concepts in the draft principles for comment and reaction. If you have comments or questions about these principles, please let us know.

Today CDT submitted comments to the Federal Trade Commission (FTC) regarding the agency’s proposed settlement with adware distributor DirectRevenue LLC. Although we are pleased with the injunctive relief obtained by the Commission, the monetary relief leaves something to be desired.

In terms of injunctive relief, CDT once again commended the FTC for obtaining a strong, precedent-setting settlement from a spyware company that has burdened millions of consumers with unwanted software. As in the Commission’s settlement with Zango Inc., several of the requirements in the DirectRevenue settlement set impressive standards. These include requiring DirectRevenue to take responsibility for its affiliates’ actions, to cease advertising to legacy users, and to obtain “express consent” prior to installing software on consumers’ computers.

Although CDT appreciates the value of the settlement’s injunctive relief, we find that the settlement’s monetary relief is substantially inadequate. Last year, BusinessWeek reported that DirectRevenue’s owners personally earned over $20 million by surreptitiously infecting consumers’ computers and bombarding them with advertisements. Internal DirectRevenue documents also reveal the company’s endeavors to aggravate consumers in its quest for profits such as sending “torpedoes” to remove anti-spyware software, popping one ad every minute, and forming a department of “Dark Arts” are just a few examples. CDT understands that litigation is risky, but with behaviors so extreme and profits so extensive, we believe that seeking greater monetary relief is worth the risk.

As FTC Commissioner Jon Leibowitz said in his statement dissenting from the proposed settlement, we cannot let FTC actions become “just a cost of doing business.” It appears as if Direct Revenue may be exiting the adware business altogether, and if that is the case, the owners may essentially be off the hook after paying just a small fraction of what they earned by deceiving and frustrating millions of consumers.

CDT and the FTC both understand that pursuing spyware cases would be easier if the Commission had greater civil penalty authority in this realm. We know this is something that the FTC has been pushing for and CDT continues to be supportive of that effort. But the lack of civil penalty authority should not deter the Commission from seeking maximum damages in a case where such egregious behavior is so well documented.

We were extremely troubled by revelations of widespread violations in the FBI’s issuance of so-called “national security letters” to obtain reams of sensitive information about Americans.

Our memo on the NSL abuse and the appropriate course for reform is here.

National security letters are not new, but their use has skyrocketed since 2001, when the PATRIOT Act dramatically weakened the standards under which investigators can issue them. According to DOJ records the FBI issued 47,000 requests in 2005, compared with 8,500 in 2000, the year before the standards for issuing the letters were lowered. Investigators can issue the letters to obtain a wide range of telephone, e-mail and financial records without prior judicial approval.

Investigators are supposed to certify that the letters are being issued to obtain information “relevant” to a current terrorism investigation. Additionally, there are supposed to be limits on the nature and amount of information that agents can demand using the letters. But the Inspector General report demonstrates the dangers of simply assuming that those guidelines are being followed absent any meaningful oversight.

If any good is to come out of this latest round of privacy abuses, Congress must take them as a wake up call and act decisively to re-establish meaningful judicial oversight over the FBI’s requests for Americans sensitive personal data.

CDT last night gathered friends and colleagues throughout the technology and policy communities for a Gala dinner here in Washington. We were honored to have Senate Judiciary Chairman Patrick Leahy (D-Vt.) and Microsoft Chairman Bill Gates give keynotes to mark the occasion. Full text of Gates’ speech is here.

Other good news accounts of the event are here and here.

For more than a decade, CDT has borne witness to one of the most phenomenal periods of technological advancement in human history. Even more exciting, we’ve had the opportunity to play a modest but important role in shaping the political and regulatory climate that has fostered that development. Starting with our successful Supreme Court challenge of the Communications Decency Act in 1996, all the way up to our recent efforts to root out the sources and financial motivations behind spyware, CDT has made it its business to ensure that the Internet’s fundamentally democratic nature remain intact.

As Leahy and Gates mentioned last night, we still have a great deal of work ahead of us. Sadly, the Internet’s global success has not slowed efforts by governments at all levels to limit its functionality by exerting greater control over content. If anything those efforts have increased as the Internet occupies an increasingly central role in all aspects of public and private life.

Similarly, as more and more users go online — to do everything from sending e-mail to conducting major financial transactions — the number and sophistication of scams intended to bilk those users continues to mount. These are at least as grave a threat to the Internet’s openness and accessibility as are poorly conceived legal and regulatory efforts.

The good news is that there are many, many people committed to preserving the Internet’s unique openness. This was never clearer to us than it was last night as hundreds of our friends and colleagues turned out in support of our ongoing mission. We thank them all as we look forward to the next 12 years.

CDT has previously noted that the effort at the World Intellectual Property Organization (WIPO) to create new, I.P.-like rights for broadcast and cable companies — a project that raises serious concerns — has received little attention to date from U.S. lawmakers. In a very welcome development, Senators Leahy and Specter, the Chairman and Ranking Member of the Senate Judiciary Committee, on Thursday added their voices to the debate in a letter to the Copyright Office and Patent and Trademark Office.

The letter hits the nail on the head. It notes that the draft treaty goes beyond the narrow purpose of protecting against signal theft and instead creates copyright-like rights that “could limit legitimate, fair use of the content and add an unnecessary layer of uncertainty in consumer use” and that “appear to be inconsistent with United States law.” It is great to see that the two leaders of the relevant Senate committee are on top of this issue and are weighing in with a united bipartisan voice.