Truth About Computer Security Hysteria
Ouch! Symantec violated a comedian's copyright
Saturday, 14 July 2001
RAY OWENS RUNS the popular "Joke A Day" website. He watched the recent sulfnbk.exe mass hysteria with amusement. The Internet comedian put keyboard to mouse ("put pen to paper," get it?) and came up with a joke now known as the "AOL.EXE virus alert." He declared a copyright, posted it on his website, and mailed the joke to 342,000 subscribers.
Some of Owens' subscribers twisted his work to their own ends for a hoax virus alert. These things happen, you know.
Owens earned his 15 nano-minutes of fame when Vmyths.com reported the incident. Our writeup spawned a small media circus, much to his delight. I half-expected to see Owens chat up Jay Leno on "The Tonight Show." (For the record: Vmyths.com jumped off Owens' coattails when the media circus erupted. Our fame will come because we deserve it, not because we exploited it.)
Many antivirus vendors reported the joke/hoax on their websites, and many of them included Owens' entire copyrighted material in their writeups. For, uh, "edification purposes," of course. Which brings us to Symantec — they, too, posted Owens' entire copyrighted joke on their website.
Ironically, two analysts at Symantec received full credit for their writeup of Owens' copyrighted work. Go figure.
Owens contacted Symantec on 10 July in an effort to correct the matter. He jokingly asked for "a million dollars" in compensation, but he really just wanted proper credit and a link back to "Joke A Day." I contacted him on 11 July after reading about it on his website. He returned my call on 12 July after talking to Sandy Erickson, a spokeswoman for Symantec's lawyers.
Owens claims Erickson said her firm would continue to republish his entire copyrighted work — without attribution — because they believed the Fair Use Doctrine gives them the right.
Say what?!? I know the Fair Use Doctrine. Fair Use is a friend of mine. You, Symantec, did not engage in Fair Use. [Credit where due: I stole this insult from Senator whats-his-face.]
Owens makes a living from humor just like Dennis Miller and Richard Pryor and George Carlin and Jay Leno. If you republish Owens' work, he expects you to compensate him for it.
YOU COULD CUT the irony with a knife at this point, folks. Symantec once sued Network Associates over thirty lines of copyrighted software code. (They also sued over a separate block of 101 lines of code.) The lawsuit ended only when Network Associates bought a company with its own copyright dispute against Symantec. Total cost to Network Associates: over $100 million.
For something legally equivalent to Owens' material.
Contrast Symantec with SecurityPortal.com. Their writeup of the hoax includes the entire joke, along with a link to "Joke A Day." Antivirus nerd Ken Dunham spoke to me by phone about it. He included the joke in order to accurately document the hoax's roots. He linked to "Joke A Day" to further document Owens' true role in the affair.
Dunham raised an interesting philosophical question. Symantec credited Washington Post columnist Bob Hirshfeld for writing the "Pluperfect virus alert." Subscribers twisted his joke into a hoax, too, yet Symantec didn't make Hirshfeld pay for sins committed by Washington Post readers. Dunham wondered why they turned the tables on Owens.
Now contrast Symantec with Antivirus.About.com. Guide Mary Landesman republished Owens' entire work in a column on her website. The joke itself takes up more space than her criticism about the joke ... yet I would defend Landesman under the Fair Use Doctrine. Her use of Owens' material falls under the doctrine's "criticism" clause in my (non-legal) opinion. She, too, included a link to "Joke A Day" for her readers' edification.
Symantec makes a living from copyrighted material just like Owens, yet their lawyers refused to obey Owens' copyright. They refused to even credit the man for his work. Mind you, Symantec's plagiarism lawsuit forced Network Associates to spend more than 100 times the amount Owens demanded from Symantec in jest.
I asked Owens if he felt angry. "No," he sighed. "I'm frustrated, I guess." Word to the wise: never frustrate a comedian! They can take it out on you in ways you won't like.
I called Erickson on 13 July to check her side of the story. She didn't take my call. (Hmmm.) I got bounced around from person to person until I grew bored. Then I contacted bigwig Vincent Weafer. Symantec's position changed the moment he got involved.
He quickly uncovered the obvious problem. Symantec's lawyers thought Owens orchestrated the hoax — and they didn't want to set a precedent for a hoaxster. (We'll talk about precedents in a minute.) My conclusion: someone who doesn't understand the nuances of virus hoaxes decided to knowingly violate an innocent man's copyright. "Ouch."
Suppose Jay Leno wrote this joke and told it on The Tonight Show. Would you refuse to credit him as the copyright owner? Would you refuse to compensate him if you republished it?
I KNOW WEAFER spoke to the legal team ... and I know the legal team didn't like the legal implications of their legal screwup ... but I don't know who wrote this addendum for Symantec's website:
A hoax virus alert amounts to fraud. It might set a precedent if we acknowledge a hoaxster's legal claims.
Symantec's lawyers erred because Owens committed no fraud. He didn't orchestrate a publicity stunt, either.
We have been informed that this message originated as a joke by Ray Owens of Joke A Day Inc. It has become a hoax message that is being distributed via email.
This addendum makes it sound like Symantec's analysts didn't research the hoax for their writeup. Bah: I think a legal beagle wrote it for them. (Couldn't leave well enough alone, eh?) And Symantec failed to include a link to "Joke A Day" when Weafer knew Owens wanted it. "Ouch2."
Word to the wise: must I repeat myself?
Owens noticed Symantec's page-change almost immediately. (How he noticed it so quickly, I don't yet know.) He fired off another email to Erickson — this time to demand a rewritten addendum and a link to his website. "Upon completion of this rewrite to my specifications, please inform me by email ... so I can then cancel litigation procedures with my attorney..."
Yes: Owens identified his lawyer in the email. Would you expect anything less from a paid comedian with an incorporated website?
"C'mon, Rob," you moan. "How can you call Owens 'an innocent man'? His joke launched a hoax!" Say what you will about Owens' sense of humor, but remember this: he wrote a joke. J-O-K-E. He makes a living from humor just like Dennis Miller and Richard Pryor and George Carlin and Jay Leno. All comedians explore controversial material; virus hoaxes are controversial. 'Nuff said.
Owens placed a copyright on his work just like every other professional comedian out there. He can demand compensation if you republish his material. Many comedians demand money, but Owens merely wants websites to credit him and provide a link to "Joke A Day." He could tell you to plant a tree in his name if the mood struck him. If you don't like Owens' demands, then you better not reprint his entire joke. He owns the copyright, not you.
Suppose Jay Leno wrote this joke and told it on "The Tonight Show." Would you accuse him of launching a virus hoax? Would you refuse to credit Leno as the copyright owner? Would you refuse to pay what he demands for republication of his copyrighted material?
If you don't like Owens' republication demands, then you can follow our lead — Vmyths.com excerpted Owens' joke under the Fair Use Doctrine. We didn't quote the whole thing in verbatim like everyone else did. As such, we don't need to compensate him. (We linked to his website solely for edification.)
We acknowledged Owens for his work, of course. We had to! It would violate "the historian's creed" if we didn't identify the hoax's roots.
OKAY, NOW LET'S talk about hoaxsters and precedents. I'll use the Good Times virus alert as a prime example.
Let's go back in time to February 1995. Suppose the author of Good Times revealed himself to the world and showed off a 1994 document issued by the U.S. copyright office. Suddenly he:
Vmyths.com excerpted Owens' joke under the Fair Use Doctrine. We didn't quote the whole thing in verbatim like everyone else did...
Would this man have a leg to stand on, legally speaking? Symantec's lawyers think not — and I agree with them. A hoax amounts to fraud. It might indeed set a precedent if we acknowledge a hoaxster's legal claims.
Symantec's lawyers erred because Owens committed no fraud. He didn't orchestrate a publicity stunt, either. He sent a joke to 342,000 subscribers on his "Joke A Day" mailing list. Nothing more, nothing less. Owens followed well-established norms for humorists.
Symantec's hoax non-experts will learn a valuable lesson the hard way — "never frustrate a comedian." (Ha! You thought I'd say "get your facts straight," didn't you?) You know Owens will take out his frustrations on the company no matter what they do. Say what you will about his sense of humor ... but I can't wait to see Owens' parody of Symantec's website.
- demands $3 from every duped user who forwarded the alert; and
- demands credit by name whenever a newspaper or magazine publishes the hoax; and
- files a Freedom of Information Act request to determine how many federal employees fell for his hoax (so he can bill the government appropriately).