The Story of CPHack

CPHack is a program to load and browse the contents of a blacklist file used by the censorware program Cyber Patrol 4. (Later versions of Cyber Patrol changed to a different blacklist format.)

The program and its source code are part of a report, The Breaking of Cyber Patrol® 4, published in March 2000 by Eddy Jansson (of Sweden) and Matthew Skala (of Canada). In the report, they describe what techniques they used to decrypt the blacklist, and criticize the list of sites Cyber Patrol blocks. Their stated purpose was to expose any hidden agenda that might be lurking behind [Cyber Patrol] and to fuel the discussion around it, in this case the discussion around censorware.

In addition to stale URLs, wrongly blocked sites, and questionable blockings, Cyber Patrol's encrypted blacklist conceals some dirty laundry. While I doubt Cyber Patrol intentionally has a hidden political agenda, deliberate dishonesty is evident in Cyber Patrol's history of censoring criticism of their product, and of censoring sites of competing products. Cyber Patrol falsely labels sites containing this report as containing Satanism, full nudity, explicit sex, alcohol use, gambling, and everything else their software may be set to filter out.

Mattel SLAPPs its critics

To ban the blacklist decryption programs, Mattel and its subsidiary Microsystems filed lawsuits in Canada and Sweden. They also had apparently corrupt federal judge Edward Harrington issue a temporary restraining order in Boston. Corporate counsel Irwin Schwartz warned the court that Microsystems -- as well as the public -- will continue to suffer irreparable harm unless the defendants are prohibited from distributing the Bypass Code. His claim seems exaggerated, since the day after an injunction was granted (according to Schwartz's Boston Globe editorial about two months later), a new version of Cyber Patrol was released that rendered CPHack ineffective.

When Scandinavia Online took down the original report (along with the rest of Eddy Jansson's website), additional mirror sites sprang up like mushrooms, just as attempts to censor DeCSS prompted it to be mirrored in all corners of the globe.

Mattel often uses lawsuits to bully critics into silence. Take William Silverstein, a former employee fired for going to a doctor to treat the tendinitis he contracted on the job. He posted the ongoing story of his legal battle to, despite pressure from Mattel to take his website down. Though Mattel settled his discrimination lawsuit for almost $140,000 in September 1999, Mattel continues to SLAPP William with nuisance counterclaims. They've offered to stop legally harassing him if he signs an agreement to pay them $50,000 every time he speaks about his case or criticizes Mattel.

Or take Mattel's long history of suing anyone who parodies Barbie, makes Barbie art, or even including a Barbie joke in a joke archive.

In April 1997, Mattel filed a lawsuit against Barb and Dan Miller, publishers of a glossy fashion magazine for serious Barbie collectors called Miller's. Miller's occasionally stepped on toes with barbed product reviews and editorials on the pricing of limited edition Barbie dolls (like the $70 Star Trek Barbie, which flopped and was soon being sold for $30). But when they published a picture satirically portraying Barbie with alcohol and pills, this was unpardonable. Mattel didn't just want them to stop criticizing the doll, they told the Miller's counsel, We want the Millers' house.

Eddy and Matthew settle

Mattel dropped the lawsuits in return for the defendants' copyrights to the report and programs and their promise not to reverse engineer any Mattel products in the future. Matthew received one Canadian dollar, to make the transfer more enforcable under Canadian law. Eddy signed over all rights, if any in return for nothing.

The final injunction enjoins Eddy and Matthew from publishing the source code and binaries:

Defendants Jansson and Skala, their agents, employees, and all persons in active concert or participation with Defendant Jansson and/or Defendant Skala, shall discontinue and be permanently enjoined from publishing the software source code and binaries known as or cphack.exe or any derivative thereof.

Judged enemies of society

Judge Harrington's injunction goes on to bloviate about pornographers, death merchants, and the Holocaust:

Yet this case involves more than a complex and significant legal issue relating to copyright law. It raises a most profound societal issue, namely, who is to control the educational and intellectual nourishment of young children -- the parents or the purveyors of pornography and the merchants of death and violence.

Ideas bear consequences, fruitful and also destructive. The pernicious idea that all men are not created equal is the philosophic bias which incited the degradations of slavery and the genocidal slaughter of the Holocaust.

Awesome consequences for a program to list the URLs blocked by Cyber Patrol. (As The Register ridiculed him, Excuse us? Making it possible to decrypt a file of banned URLs puts the merchants of death in control of the intellectual nourishment of children?) How ironic that his propaganda invokes the Holocaust, since the Third Reich is a prime example of the evils of censorship.

Such ranting seems to be in character for Judge Harrington. The Massachusetts Bar Association staunchly opposed Edward Harrington's nomination as a federal judge, recounting examples of his volatile and abusive behavior on the bench. At the judge's Senate confirmation hearings, Attorney Earle Cooley testified:

I have been a trial lawyer in Massachusetts for more than thirty years and I have seldom encountered a person less temperamentally suited to be a United States District Court Judge. It has been my experience that one disagrees with Mr. Harrington at the risk of being labeled an enemy of society.

Injunction doesn't apply to mirrors

Schwartz and Nystrom, Mattel's attorneys, wanted to mass e-mail copies of the injunction to mirror site operators (as they did with the temporary restraining order, a bulk e-mail which critics called a spampoena). Judge Harrington informed Schwartz and Nystrom that such notices of injunction must be served by certified mail.

Three mirror site operators who were properly served such notices tried to appeal the injunction. On 27 September 2000, The First Circuit Court of Appeals ruled that nonparties have no standing to appeal it, and the injunction doesn't apply to them:

The coin, however, has a flip side. A nonparty who has acted independently of the enjoined defendant will not be bound by the injunction, and, if she has had no opportunity to contest its validity, cannot be found in contempt without a separate adjudication. See id.; see also Alemite, 42 F.2d at 832 (declaring that a decree which purports to enjoin nonparties who are neither abettors nor legally identified with the defendant is pro tanto brutum fulmen, and may safely be ignored). This tried and true dichotomy safeguards the rights of those who truly are strangers to an injunctive decree. It does not offend due process.

Mattel has not tried to threaten mirror sites with copyright infringement lawsuits. The report itself gives the reader written permission to mirror the files in general (You are allowed to mirror this document and the related files anywhere you see fit.) and the source code in particular (The source is included, and you can do whatever you want with it.). It's doubtful whether Mattel could prevent distribution of a document that gives written permission to distribute it, or revoke permission explicitly given to readers who obtained it before the reassignment of copyright.

Since the blacklist encryption has been changed so that the decryption program no longer works, perhaps they no longer consider the issue worth pursuing.

Buying the copyright to free software?

CPHack starts up with a prominent message reading Released under the GNU Public License, and a comment at the beginning of the source code reads Released under the GPL. The terms of the GNU General Public License specifically grant every recipient of the program an automatic license to copy it, with no provision for revoking or altering the license. This could effectively make Mattel's settlement worthless.

Under the terms of the GPL, users may distribute exact copies if they include a warranty disclaimer and a copy of the license. Original distributions normally include both, but CPHack did not. According to Matthew, Eddy wrote the code planning to release it under free distribution terms, but they never got around to discussing it. In their haste to release their report, Eddy's fragmentary GPL notices were left in. Whether these notices constitute a license remains for a court to decide.


  1. In July 1996, CyberWire Dispatch published Keys to the Kingdom, an article that analyzed blacklists cracked by Seth Finkelstein to criticize Cyber Patrol and other censorware. Cyber Patrol banned the Dispatch until editors discovered the ban and spoke out about it. The anti-censorware site Peacefire appears to have been banned under almost every category for years.

    In March 2001, Cyber Patrol banned The Register, an online news site, for publishing a December 2000 article about Peacefire's Cyber Patrol disabling software, until The Register spoke out about it. Days later, the ban was removed to stop the bad press.

  2. Judge Edward Harrington seems to have a history of bribery and bias, acccording to an affidavit by attorney Linda Thompson in US v. Sweeney.
  3. In March 1997, Boston mayor Thomas Merino caused a controversy by ordering the Boston city library to install Cyber Patrol on its Internet terminals. Peacefire has links to other articles about this issue.
  4. DeCSS is a program to descramble DVDs for playback on home computers. The MPAA attempted to suppress it. In that case too, a restraining order shut down the original site, and mirror sites appeared all over the Internet. The MPAA tried to shut many mirror sites down as well, only to have even more mirror sites appear. It was described as the world's biggest game of Whac-a-Mole. Ironically, as a result of their court filings, DeCSS source code is now in the public record.
  5. As defined by Judge Harrington's conclusions of law, a person who knowingly aids or abets a party to violate an injunction is acting in 'active concert or participation'. Since Eddy and Matthew aren't out to violate the order, clearly no one is aiding or abetting them to do so.

    The law reference Words & Phrases cites cases defining legal terms in U.S. law. For active concert or participation, it cites C.A.5 (Tex.) 1999:

    Under Texas law, person is in active concert or participation with named party, so as to be bound by injunction entered against it, if he participated in original proceeding and was real party in interest when decree was rendered.

  6. Alemite Mfg. Corp. v. Staff, 42 F.2d 832 (2d Cir. 1930). In this case, the court held that an injunction against an employer could not legally restrict independent acts of a former employee. Judge Learned Hand explained:

    [N]o court can make a decree which will bind any one but a party; a court of equity is as much so limited as a court of law; it cannot lawfully enjoin the world at large, no matter how broadly it words its decree. If it assumes to do so, the decree is pro tanto brutum fulmen, and the persons enjoined are free to ignore it. It is not vested with sovereign powers to declare conduct unlawful; its jurisdiction is limited to those over whom it gets personal service, and who therefore can have their day in court.


A brand of plastic doll introduced in 1959, modeled on Lilli, a German doll of a cartoon streetwalker. Enormous sales of fashion accessories and other merchandise for the doll have made Barbie a multibillion dollar per year industry and a cultural icon for a certain type of ideal woman. Barbie has often been criticized for indoctrinating girls with an unrealistic body image and restrictive gender roles.
Internet filtering software, especially programs intended to prevent access to content that some consider immoral. They invariably block access to many sites inappropriately. Necessarily, they also block useful services that display content from other sites, such as language translators, image search engines, and the Wayback Machine.
pro tanto brutum fulmen
Latin for just so much heavy thunder.
Strategic Lawsuits Against Public Participation. Lawyer jargon for the tactic of suing people into silence. SLAPP Happy: Corporations that Sue to Shut You Up is a good article on the subject.
Overbroad subpoenas of dubious validity served by e-mail to unnamed recipients throughout the Internet.
A carnival game where mechanical moles briefly raise their heads through holes in a table. The player scores points by bopping them back down with a hammer.

Additional resources

Sites related to this report

Other sites of interest