Like many computer aficionados today, Seth Schoen writes all of his software openly to ensure that the source code—the underlying architecture of computer programs—will remain accessible for other developers to use, modify, and redistribute. In so doing, Schoen is not only creating technology but also participating in an effort that is redefining the meaning of liberal freedom, property, and software. How? By asserting, in new ways, that software code is speech. A small portion of a 456-stanza poem that Schoen wrote makes just this claim:
Programmers' art as
that of natural scientists
is to be precise,
complete in every
detail of description, not
leaving things to chance.
Reader, see how yet
deserve free speech rights;
see how numbers, rules,
patterns, languages you don't
yourself speak yet,
still should in law be
protected from suppression,
called valuable speech!
Schoen was not only arguing that source code is speech, his poem was also demonstrating it. The lengthy verse was a transcoding of a short piece of free software called DeCSS, which is used to decrypt access controls on DVDs, in violation of current copyright laws.
Schoen did not write his poem simply to be clever. His work was part of a worldwide wave of protests against the prosecution of open source developers, including the arrest of one of the initial developers of the DeCSS software referenced in the verse.
Schoen's poem captures the ethical spirit of the free and open source software (F/OSS) movement, which is composed of individuals who believe software should be free to be modified and redistributed by anyone. The hackers and other geeks who identify with this movement have managed to do something remarkable: In the course of writing software, they have built an alternative theory of intellectual production and property in opposition to current copyright law, all while developing the tools to put that theory into practice.
Free as in Beer
One of the best-known philosophical and legal distinctions in the world of free software is the concept of free beer versus free speech. Common among developers today, this notion was popularized in the 1990s by developers of the open source operating system called Debian.
"Free speech is the possibility of saying whatever one wants to," one Debian developer explained in an application required to join the project at the time. "Software free as in beer can be downloaded and used for free, but no more. Software free as in speech can be fixed, improved, changed, be used as building block for another software."
Other open source practitioners placed their understanding of free speech firmly within a broader meaning codified in the constitutions of most liberal democracies: "Used in this context the difference is this: 'free speech' represents the freedom to use/modify/distribute the software as if the source code were actual speech which is protected by law in the US by the First Amendment," one developer wrote. "?'Free beer' represents something that is without monetary cost."
For open source developers, then, freedom means expression, learning, and modification, not the mere absence of a price tag.
Hackers first started talking about software as speech in response to what they saw as excessive copyrighting and patenting of computer software in the 1970s and '80s. The first widely circulated paper associating source code with free speech was "Freedom of Speech in Software," written by programmer Peter Salin in 1991. Salin characterized computer programs as "writings," arguing that software was unfit for patents (intended for inventions) but appropriate for copyrights and thus free speech protections (which apply to expressive content).
The idea that coding was a variant of writing was gaining traction, in part because of the popular writings of Stanford computer science professor Donald Knuth on the art of programming. During the early 1990s, a new ethical sentiment emerged among participants of Usenet, a pre-Web online forum, that the Internet should be a forum for unencumbered free speech. From this climate emerged what have come to be known as the "encryption wars" of the mid-1990s, when wary governments cracked down on developers of cryptography software (for instance, programs that keep email and other communications or data private) in the name of national security.
The most notable encryption court case was Bernstein v. U.S. Department of Justice. This battle started in 1995 after a computer science student, Daniel J. Bernstein, sued the government over the International Traffic in Arms Regulations, rules issued under the Arms Export Control Act that classified certain types of strong encryption as munitions and hence subjected them to export controls. Bernstein could not legally publish or export the source code of his encryption system, Snuffle, without registering as an arms dealer.
In 1999, after years of litigation, U.S. District Judge Marilyn Patel concluded that regulations of cryptographic "software and related devices and technology are in violation of the First Amendment on the grounds of prior restraint." This decision not only allowed developers to export cryptographic software; it also deemed source code to be speech protected by the First Amendment.
Bernstein and his lawyers used free speech to defend programming against intrusive government controls but never questioned the legitimacy of copyrights for software. Soon after, a large cadre of developers began to launch a direct critique of the copyright system. The legal regime to protect and reward copyrighted artistic material, developers claimed, was butting up against their legal rights to write software. At the dawn of the new millennium, this fight was breaking out all over the international legal system.
On October 6, 1999, a 16-year-old Norwegian named Jon Johansen used an online mailing list to release a short, simple software program called DeCSS. Written by Johansen and two anonymous developers, DeCSS unlocked a piece of encryption that scrambles the content of a DVD when someone tries to play it on an unauthorized machine. Prior to Johansen's software, the international DVD Copy Control Association (DVD CCA) was able to create geographical zones across which discs could not be recognized; for instance, you could not buy a DVD in the U.S. and play it in a French DVD player. The discs also were unreadable on computers that did not use either Microsoft's Windows or Apple's OS.
Released under a free software license, DeCSS was soon being downloaded from hundreds, possibly thousands, of websites. While many geeks used the technology to watch legitimately obtained DVDs on their Linux-run machines, other users deployed the program to copy and pirate DVDs. Various entertainment trade associations quickly sought to ban the software and have the teenaged Johansen arrested. In November 1999, the DVD CCA and the Motion Picture Association of America (MPAA) sent cease-and-desist letters to more than 50 website owners and Internet service providers, requiring them to remove links to the DeCSS code because of its alleged violation of trade secret and copyright laws, including (in the U.S.) the Digital Millennium Copyright Act (DMCA).
Passed in 1998 to "modernize" copyright for digital content, the DMCA included a controversial provision outlawing the manufacture and trafficking of any technology (whether software or firmware) capable of circumventing copy restrictions or access protections on a copyrighted work in digital format. It did not matter if the technology's primary use was lawful (such as fair-use copying); as long as the potential for copyright violation was there, the software or hardware was considered illegal. Anything that monkeyed around with existing code could be subject to the law, if the existing code was written to protect copyright. "With the DMCA," media scholar Tartelton Gillespie notes, "circumvention is prohibited, meaning that the technologies that automatically enforce these licenses are further assured by the force of the law."
In December 1999, alleging trade-secret misappropriation, the DVD CCA filed a lawsuit against hundreds of individuals for publishing the unlocking software. Eventually two cases from this batch moved forward through the court system. In 2000 the MPAA (along with other trade associations) sued the well-known hacker organization and publication 2600, along with its founder, Eric Corley (more commonly known by his hacker handle, Emmanuel Goldstein), claiming violation of the DMCA. Corley would fight the lawsuits, asserting 2600's journalistic free speech right to publish DeCSS. As frequently happens with censored material, the DeCSS code at this time was unstoppable; it had spread like wildfire.
Simultaneously, the international arm of the MPAA urged prosecution of Johansen under Norwegian law (the DMCA did not apply in his home country). The Norwegian Economic and Environmental Crime Unit took the MPAA's informal legal advice and indicted Johansen on January 24, 2000, for violating an obscure Norwegian law that prohibits the opening of a closed document in a way that gains access to its contents, or otherwise breaking into a locked repository. Johansen (along with his father, since he was underage) was arrested and released on the same day, and police confiscated his computers. He was scheduled to face trial three years later.
Hackers Fight Back
Hackers saw Johansen's indictment and the lawsuits as a violation of not simply their right to use software but also their more basic right to produce F/OSS. Many developers understood the attempt to restrict DeCSS as an all-out assault: "Here's why they're doing it," wrote one commenter on the popular technology site Slashdot after Johansen's computer was confiscated on January 24, 2000. "Scare tactic…This is a full-fledged war now against the Open Source movement."
Hackers moved to organize politically, making forceful arguments that computer code is expressive speech. Many websites began providing highly detailed information about the DMCA, DeCSS, and copyright history, and the Electronic Frontier Foundation, a San Francisco–based organization dedicated to defending digital rights, launched a "Free Jon Johansen" campaign. The impressive level of legal sophistication on display was no accident.
Many open source developers are more than just geeks working within a novel legal framework; they are active producers of legal knowledge. That's because developers have to learn basic legal skills to participate effectively in technological production. They must figure out, for instance, whether the software license on the software application they maintain complies with licensing standards. Developers also tend to closely track broader legal developments, especially those seen as impinging on their practices. Is the Unix company SCO suing IBM over Linux? Has the patent directive passed the European Parliament? Information regarding these and other relevant developments is posted widely on Internet relay chat channels, mailing lists, and especially techie websites such as Slashdot, BoingBoing, and Reddit.
There is also overlap between the skills, mental dispositions, and forms of reasoning necessary to read and analyze a formal, rule-based system such as the law and the operations necessary to code software. Both are logic-oriented, internally consistent textual practices that require great attention to detail. Small mistakes in either law or software —a missing comma in a contract or a missing semicolon in code—can jeopardize an entire system's integrity and compromise authorial intention. Lawyers and programmers develop similar mental habits for making, reading, and parsing what are primarily utilitarian texts.
Pranksterism—more indigenous to hacker culture than to law firms—played a pivotal role in the open-source pushback as well. Prodromou, a Debian developer and editor of one of the first Internet zines, Pigdog, circulated a decoy program that hijacked the name DeCSS, even though it performed an entirely different operation from Johansen's DeCSS. Unwilling to distribute the legally controversial material, Prodromou did the next best thing: "I think of this as kind of an 'I am Spartacus' type thing," he wrote. "If lots of people distribute DeCSS on their Web sites, on Usenet newsgroups, by email, or whatever, it'll provide a convenient layer of fog over the OTHER DeCSS. I figure if we waste just FIVE MINUTES of some DVD-CCA Web flunkey's time looking for DeCSS, we've done some small service for The Cause."
Thousands of developers posted Pigdog's DeCSS on their websites as flak to confuse law enforcement officials and entertainment industry executives, since they felt these people were clueless about the nature of software technology. Dozens of these developers (including Johansen) received cease-and-desist letters demanding they take down a version of DeCSS that was completely unrelated to the decryption DeCSS.
Clever recreations of the DeCSS source code (originally written in the C programming language) using different programming languages (such as Perl) also began to proliferate, as did translations into poetry, music, and film. A site called the Gallery of CSS DeScramblers showcased 24 of these artifacts to demonstrate the difficulty of drawing a sharp line between software functionality and expression.
Seth Schoen, after being inspired by the gallery, took up the challenge of publishing a bona fide poem: 456 stanzas written over the course of just a few days.
After opening with some general thoughts, Schoen launched into a long mathematical description of the forbidden CSS code represented in DeCSS. The expert explains the CSS's "player key," which is the proprietary piece that enacts the access control measures:
So this number is
once again, the player key:
(trade secret haiku?)
Eighty-one; and then
one hundred three—two times; then
two hundred (less three)
Two hundred and twenty
four; and last (of course not least)
the humble zero
From these lines alone a proficient enough programmer could deduce the encryption key. Thus the poem makes a point similar to the one made in an amicus brief by Carnegie Mellon computer science professor David Touretzky in Universal City Studios Inc. v. Corley. Touretzky argued that "at root, computer code is nothing more than text, which, like any other text, is a form of speech. The Court may not know the meaning of the Visual BASIC or Perl texts but the Court can recognize that the code is text."
Another arrest strengthened the opposition. Around the time Johansen was making headlines, programmer Dmitry Sklyarov was nabbed in Las Vegas for a completely unrelated DMCA infraction: writing a piece of software for his Russian employer, Elcomsoft, that unlocked Adobe's book access controls and subsequently converted files into the PDF format. For this Sklyarov faced up to 25 years in jail.
Sklyarov was arrested in July 2001 while leaving Defcon, one of the largest hacker conferences in the world. For the FBI to arrest a programmer at the end of Defcon was a potent statement, showing that the authorities would go on developers' home turf to enforce the DMCA at the behest of deep-pocketed copyright holders. This first-ever hacker arrest at Defcon (which law enforcement officials had been attending without incident since 1993) signaled a one-sided renegotiation of the relationship between legal authority and the hacker world.
Developers responded by organizing Free Dmitry protests in Boston, New York, Chicago, and San Francisco, as well as in Europe and Russia. Even though Sklyarov was not part of the world of F/OSS development, local F/OSS developers were behind a slew of protest activities, including a demonstration at Adobe's San Jose headquarters, a candlelight vigil at the San Jose public library, and a march held after the Linux World convention in August 2001 that ended at the U.S. attorney's office.
At a fundraiser following the march to the prosecutor's office, Lawrence Lessig, who had recently published Code and Other Laws of Cyberspace, a book that was changing the way F/OSS developers understood the politics of technology, fired up the already animated crowd: "This is America, right? It makes me sick to think this is where we are. It makes me sick. Let them fight their battles in Congress. These million-dollar lobbyists, let them persuade congressmen about the sanctity of intellectual property and all that bullshit. Let them have their battles, but why lock this guy up for 25 years?"
The protests had an immediate effect. Adobe withdrew its support for the case, and eventually the U.S. attorney dropped all charges against Sklyarov on the condition that he testify in the subsequent prosecution of his employers, which he did. In December 2002, the jury in that case acquitted Elcomsoft.
Johansen was acquitted a bit more than a year later. A judge concluded that the charges against him were inappropriate, since the law under which he was arrested had nothing to do with digital rights management. Johansen still writes free software, including programs that subvert digital rights management technologies.
Although these prosecutions fizzled, that does not mean the equation of software with free speech is widely accepted in the legal system. Most of the other DeCSS lawsuits were decided between 2001 and 2004, and even though the courts were persuaded that DeCSS was a form of speech, they consistently ruled that it nonetheless violated the copyright protections of artistic material. In one of the 2600 cases, Universal City Studios Inc. v. Corley, U.S. District Judge Lewis A. Kaplan went so far as to declare that he aimed to "contribute to a climate of appropriate respect for intellectual property rights in an age in which the excitement of ready access to untold quantities of information has blurred in some minds the fact that taking what is not yours and not freely offered to you is stealing."
Developers and hackers were deeply disappointed by these decisions, which essentially equated DeCSS with theft. But by continuing to create a separate cultural reality, even a rival liberal morality, in which expression and autonomy are elevated above the potential for piracy, these outsiders are constructing a broader legal regime that will eventually challenge the way we interpret the Constitution.
Today new copyright legislation threatens online freedoms and free expression. But while the Digital Millennium Copyright Act passed in 1998 with almost no public outcry, critics prevented the Stop Online Piracy Act from passing in 2012. Legislative support waned amid fierce opposition from the technology community, which included open source developers, corporate giants such as Google, protest groups such as Anonymous, and digital rights organizations. Threats may loom larger today than they did a decade ago, but advocates and institutions are better prepared to respond more effectively and swiftly than before.