CPHack is a program to load and browse the contents of a blacklist file used by the censorware program Cyber Patrol 4. (Later versions of Cyber Patrol changed to a different blacklist format.)
The program and its source code are part of a report, The Breaking of Cyber Patrol® 4, published in March 2000 by Eddy Jansson (of Sweden) and Matthew Skala (of Canada). In the report, they describe what techniques they used to decrypt the blacklist, and criticize the list of sites Cyber Patrol blocks. Their stated purpose was to expose any hidden agenda that might be lurking behind [Cyber Patrol] and to fuel the discussion around it, in this case the discussion around censorware
.
In addition to stale URLs, wrongly blocked sites, and questionable blockings, Cyber Patrol's encrypted blacklist conceals some dirty laundry. While I doubt Cyber Patrol intentionally has a hidden political agenda, deliberate dishonesty is evident in Cyber Patrol's history of censoring criticism of their product, and of censoring sites of competing products. Cyber Patrol falsely labels sites containing this report as containing Satanism, full nudity, explicit sex, alcohol use, gambling, and everything else their software may be set to filter out.
To ban the blacklist decryption programs, Mattel and its subsidiary Microsystems filed lawsuits in Canada and Sweden. They also had apparently corrupt federal judge Edward Harrington issue a temporary restraining order in Boston. Corporate counsel Irwin Schwartz warned the court that Microsystems -- as well as the public -- will continue to suffer irreparable harm unless the defendants are prohibited from distributing the Bypass Code.
His claim seems exaggerated, since the day after an injunction was granted (according to Schwartz's Boston Globe editorial about two months later), a new version of Cyber Patrol was released that rendered CPHack ineffective.
When Scandinavia Online took down the original report (along with the rest of Eddy Jansson's website), additional mirror sites sprang up like mushrooms, just as attempts to censor DeCSS prompted it to be mirrored in all corners of the globe.
Mattel often uses lawsuits to bully critics into silence. Take William Silverstein, a former employee fired for going to a doctor to treat the tendinitis he contracted on the job. He posted the ongoing story of his legal battle to Sorehands.com, despite pressure from Mattel to take his website down. Though Mattel settled his discrimination lawsuit for almost $140,000 in September 1999, Mattel continues to SLAPP William with nuisance counterclaims. They've offered to stop legally harassing him if he signs an agreement to pay them $50,000 every time he speaks about his case or criticizes Mattel.
Or take Mattel's long history of suing anyone who parodies Barbie, makes Barbie art, or even including a Barbie joke in a joke archive.
In April 1997, Mattel filed a lawsuit against Barb and Dan Miller, publishers of a glossy fashion magazine for serious Barbie collectors called Miller's. Miller's occasionally stepped on toes with barbed product reviews and editorials on the pricing of limited edition Barbie dolls (like the $70 Star Trek Barbie, which flopped and was soon being sold for $30). But when they published a picture satirically portraying Barbie with alcohol and pills, this was unpardonable. Mattel didn't just want them to stop criticizing the doll, they told the Miller's counsel, We want the Millers' house.
Mattel dropped the lawsuits in return for the defendants' copyrights to the report and programs and their promise not to reverse engineer any Mattel products in the future. Matthew received one Canadian dollar, to make the transfer more enforcable under Canadian law. Eddy signed over all rights, if any
in return for nothing.
The final injunction enjoins Eddy and Matthew from publishing the source code and binaries:
Defendants Jansson and Skala, their agents, employees, and all persons in active concert or participation with Defendant Jansson and/or Defendant Skala, shall discontinue and be permanently enjoined from publishing the software source code and binaries known as
CP4break.ziporcphack.exeor any derivative thereof.
Judge Harrington's injunction goes on to bloviate about pornographers, death merchants, and the Holocaust:
Yet this case involves more than a complex and significant legal issue relating to copyright law. It raises a most profound societal issue, namely, who is to control the educational and intellectual nourishment of young children -- the parents or the purveyors of pornography and the merchants of death and violence.
Ideas bear consequences, fruitful and also destructive. The pernicious idea that all men are not created equal is the philosophic bias which incited the degradations of slavery and the genocidal slaughter of the Holocaust.
Awesome consequences for a program to list the URLs blocked by Cyber Patrol. (As The Register ridiculed him, Excuse us? Making it possible to decrypt a file of banned URLs puts the merchants of death in control of the intellectual nourishment of children?
) How ironic that his propaganda invokes the Holocaust, since the Third Reich is a prime example of the evils of censorship.
Such ranting seems to be in character for Judge Harrington. The Massachusetts Bar Association staunchly opposed Edward Harrington's nomination as a federal judge, recounting examples of his volatile and abusive behavior on the bench. At the judge's Senate confirmation hearings, Attorney Earle Cooley testified:
I have been a trial lawyer in Massachusetts for more than thirty years and I have seldom encountered a person less temperamentally suited to be a United States District Court Judge. It has been my experience that one disagrees with Mr. Harrington at the risk of being labeled an enemy of society.
Schwartz and Nystrom, Mattel's attorneys, wanted to mass e-mail copies of the injunction to mirror site operators (as they did with the temporary restraining order, a bulk e-mail which critics called a spampoena). Judge Harrington informed Schwartz and Nystrom that such notices of injunction must be served by certified mail.
Three mirror site operators who were properly served such notices tried to appeal the injunction. On 27 September 2000, The First Circuit Court of Appeals ruled that nonparties have no standing to appeal it, and the injunction doesn't apply to them:
The coin, however, has a flip side. A nonparty who has acted independently of the enjoined defendant will not be bound by the injunction, and, if she has had no opportunity to contest its validity, cannot be found in contempt without a separate adjudication. See id.; see also Alemite, 42 F.2d at 832 (declaring that a decree which purports to enjoin nonparties who are neither abettors nor legally identified with the defendant
is pro tanto brutum fulmen,and may safely be ignored). This tried and true dichotomy safeguards the rights of those who truly are strangers to an injunctive decree. It does not offend due process.
Mattel has not tried to threaten mirror sites with copyright infringement lawsuits. The report itself gives the reader written permission to mirror the files in general (You are allowed to mirror this document and the related files anywhere you see fit.
) and the source code in particular (The source is included, and you can do whatever you want with it.
). It's doubtful whether Mattel could prevent distribution of a document that gives written permission to distribute it, or revoke permission explicitly given to readers who obtained it before the reassignment of copyright.
Since the blacklist encryption has been changed so that the decryption program no longer works, perhaps they no longer consider the issue worth pursuing.
CPHack starts up with a prominent message reading Released under the GNU Public License
, and a comment at the beginning of the source code reads Released under the GPL
. The terms of the GNU General Public License specifically grant every recipient of the program an automatic license to copy it, with no provision for revoking or altering the license. This could effectively make Mattel's settlement worthless.
Under the terms of the GPL, users may distribute exact copies if they include a warranty disclaimer and a copy of the license. Original distributions normally include both, but CPHack did not. According to Matthew, Eddy wrote the code planning to release it under free distribution terms, but they never got around to discussing it. In their haste to release their report, Eddy's fragmentary GPL notices were left in. Whether these notices constitute a license remains for a court to decide.
In July 1996, CyberWire Dispatch published Keys to the Kingdom
, an article that analyzed blacklists cracked by Seth Finkelstein to criticize Cyber Patrol and other censorware. Cyber Patrol banned the Dispatch until editors discovered the ban and spoke out about it. The anti-censorware site Peacefire appears to have been banned under almost every category for years.
In March 2001, Cyber Patrol banned The Register, an online news site, for publishing a December 2000 article about Peacefire's Cyber Patrol disabling software, until The Register spoke out about it. Days later, the ban was removed to stop the bad press.
As defined by Judge Harrington's conclusions of law, a person who knowingly aids or abets a party to violate an injunction is acting in 'active concert or participation'
. Since Eddy and Matthew aren't out to violate the order, clearly no one is aiding or abetting them to do so.
The law reference Words & Phrases cites cases defining legal terms in U.S. law. For active concert or participation
, it cites C.A.5 (Tex.) 1999:
Under Texas law, person is in
active concert or participationwith named party, so as to be bound by injunction entered against it, if he participated in original proceeding and was real party in interest when decree was rendered.
Alemite Mfg. Corp. v. Staff, 42 F.2d 832 (2d Cir. 1930). In this case, the court held that an injunction against an employer could not legally restrict independent acts of a former employee. Judge Learned Hand explained:
[N]o court can make a decree which will bind any one but a party; a court of equity is as much so limited as a court of law; it cannot lawfully enjoin the world at large, no matter how broadly it words its decree. If it assumes to do so, the decree is pro tanto brutum fulmen, and the persons enjoined are free to ignore it. It is not vested with sovereign powers to declare conduct unlawful; its jurisdiction is limited to those over whom it gets personal service, and who therefore can have their day in court.
just so much heavy thunder.
SLAPP Happy: Corporations that Sue to Shut You Upis a good article on the subject.
servedby e-mail to unnamed recipients throughout the Internet.
Peacefire is an anti-censorware site, which has long been blocked by Cyber Patrol and other programs. Their January 2002 article More sites blocked by Cyber Patrol
reaffirms the unreliability of the software's blacklist.
Since well before CPHack existed, Peacefire has distributed CPCrack, a program for cracking Cyber Patrol passwords. (It is available from their page on how to disable Cyber Patrol.) Peacefire have never been sued over CPCrack. Perhaps CPHack is a bigger threat to Mattel because CPCrack can only defeat Cyber Patrol after they've already made a sale, but CPHack exposes it as bad software to people who might consider buying it, and legislators who might consider mandating it.
Peacefire also links to many older news articles about Cyber Patrol.
The Censorware Project released a report, Blacklisted by Cyber Patrol: From Ada to Yoyo, listing over 100 wrongly blocked sites. It concluded, Our conclusion is that Cyber Patrol blocks a great many sites which do not deserve to be, and that furthermore, looking at past reports of the product's accuracy, fixing these errors is a low priority.
Michael Sims spitefully destroyed the original report in 2000, so I mirrored it here. The Censorware Project has since recreated it at their new website.
The ACLU represented the three mirror site operators who appealed the injunction. Their site contains their press releases on the case, including links to legal documents: