Last week Sparkfun ran a piece on their blog called “FaKey Makey” taking a deep dive into what appears to be an unauthorized derivative of the popular MaKey MaKey hardware accessory.  Briefly - and I commend the entire thing to you - it concludes that a product called the MC2 Circuit Beats manufactured by MGA Entertainment is a derivative of the MaKey MaKey that fails to give MaKey MaKey credit as the source of the idea.  

In addition to the really impressive forensics work in the post, the incident serves as a nice opportunity to reflect on the limits of open source hardware licensing.  It may also help highlight why the Open Source Hardware Association is moving towards a certification model and not an approved license model.

But first…

Some quick background may be helpful.  The MaKey MaKey is a clever bit of hardware that lets you use all sorts of physical objects as input for your computer.  If you are itching to turn those bananas in your kitchen into a piano or use the walls of your living room to control a video game character, the MaKey MaKey is a good place to start.  

It is also open source hardware, which means MaKey MaKey makes things like their schematics available under a CC (in this case attribution, share-alike) license.  

For the purposes of this post I’m going to assume that everything in the Sparkfun article is true and that MGA 1) made something that can trace its lineage back to the MaKey MaKey, and 2) failed to give MaKey MaKey attribution for that history.  Keep in mind that either of those could be incorrect.  I’ll do my best to update this post if I become aware of evidence to the contrary.

Moral/Social Issues

The moral and social issues surrounding open source hardware, derivatives, and attribution can be complex, so I’m going to skip over them here.  Instead, I’m going to focus on the legal and licensing aspects of what happened here. Specifically, did MGA - the company that made the derivative product - violate any licenses?

Does the New Board Violate MaKey MaKey’s License?

Spoiler: I don’t think so.  But I’ll go deeper than that.

MaKey MaKey puts out its schematics under a CC license.  It is important to understand what that really means.  A CC license is a copyright license and can only control the use of works that are protected by copyright.  In this case, the schematics are covered by copyright.  However, this does not mean that the MaKey MaKey itself is covered by copyright. In fact, as a functional object, it is not protected by copyright (there are some clever lawyer arguments that one could use to chip away at this simple statement, but in the interest of clarity I’m just going to work under that assumption).  That means that the license on the schematics are irrelevant to the object itself.

What does that mean?  If you copy MaKey MaKey’s schematics without giving MaKey MaKey attribution, you have infringed on their copyright.  However, if you just decide to copy the MaKey MaKey itself, the license they attached to their schematics requiring attribution doesn’t matter.  You have no legal obligation to give MaKey MaKey anything.

Even if MGA copied MaKey MaKey’s schematics, as long as they kept the attribution on the schematics they probably did not have any obligation to give attribution on the product itself.

Is it Bad that MGA Can Copy MaKey MaKey?

I don’t think that it is.  The fact that hardware can be copied is a feature, not a bug, of IP law.  

Unless MaKey MaKey had a patent on its core functionality, the fact that MaKey MaKey is open source hardware doesn’t really have an impact on MGA’s ability to copy it.  While the schematics  may have made it easier, the Sparkfun post suggests that a determined copier probably could have figured out what was going on without them.

On the flip side, I’d be willing to bet that MaKey MaKey’s openness has helped it grow a community and a market.  I also suspect that this benefit outweighs whatever “cost” making it easier for copiers to access schematics imposed on them.

This incident also serves as a reminder that hardware is open by default.  If you’ve even been frustrated with copyright restrictions, this world of open by default can feel liberating and loaded with possibilities.  If you have ever reverse engineered a piece of hardware without asking permission from the manufacturer first, you understand what that openness means.

Finally, remember that openness goes both ways.  The same legal structures that make it hard for MaKey Makey to protect its core functionality with IP makes it hard for MGA to protect whatever improvements they have come up with.  Even if MGA does not release the schematics, it is likely that MaKey MaKey can reverse engineer them and incorporate them into a future version of MaKey MaKey. (note: maybe do not do this without first talking to a lawyer).  To me, that’s an example of how the openness ecosystem in hardware can extend well beyond a core group of open source hardware devotees.  

Would A Different License Change This Analysis?

I don’t believe so. The core challenge remains that you need a work protected by copyright as a “hook” for any restrictive copyright license.  Even a non-commercial restriction on the schematics probably would not stand in MGA’s way.  (side note: would downloading a copy of the schematics in order to make a commercial product based on those schematics - as opposed to commercially selling the schematics themselves - violate a non-commercial CC restriction?  I don’t know but I’d argue against it).

Would an Open Source Hardware Certification Help in this Situation?

Yes and no.  As I hope this post makes clear, one of the reasons that the Open Source Hardware Association is looking towards certification is because copyright-based hardware licenses can leave a lot out.  Those exclusions can come as a surprise to the people who are using the license.

A certification will not directly prevent someone from making an unattributed derivative of a piece of hardware.  Of course, in many cases, neither would a license. The open by default nature of hardware makes that sort of condition very hard to enforce without patents.

However, to the extent that people see a Open Source Hardware Association certification as valuable, it can help distinguish the MaKey Makeys of the world from the MGAs of the world.  People value openness - and value it more every day.  If a product like MaKey MaKey can stand up and say that they truly are open, it can - I hope - help expand their market reach.

For now, it seems like MaKey MaKey and the MGA board can coexist.  That’s a good outcome too.  My real interest in this incident is that it gives another excuse to do concrete thinking about how open source hardware and licensing can really work.

Let’s start this post with a lawyerly caveat. Everything on this site is my own personal opinion and should not be attributed to my employer or anyone else.   While that’s always true, this post is super thinking-in-progress-y so it seemed wise to repeat that.  Plus I’m not even a pretend product liability lawyer so keep that in mind.

For many people, IP is the first thing that comes to mind when they imagine ways for 3D printing to get into legal trouble.  It certainly was for me, and I think that’s more or less right.  IP issues are coming first in the 3D printing world.

However, if you give people a few more minutes, the second thing that comes to mind is often product liability.  And rightly so - product liability is a big area of law and 3D printed things can hurt people (because, you know, “things” as a product class can hurt people).

However, thinking about 3D printing and product liability isn’t easy.  Modern product liability law developed along with mass manufacturing and the structure of mass manufacturing is build into its underlying assumptions that ground modern product liability law.  A technology that reintroduces variability, customization, and distributed manufacturing into product design and manufacture runs counter to much of product liability’s worldview. Before you even get to the rules, 3D printing just doesn’t fit into how product liability law sees the world.

Furthermore, product liability is not necessarily prepared for a big shift.  Everyone involved in copyright law has experienced (is experiencing?) a fundamental shift in its practice in the last twenty years.  While that shift has not been as extensive in patent and trademark law, those legal worlds are close to copyright.  At a minimum, that gave them a front row seat to the change.  Like it or not, IP lawyers, policymakers, and advocates are emotionally prepared for seismic change.

In contrast, product liability has been on a relatively stable trajectory for decades. This isn’t to suggest that it has been unchanged - there have been plenty of important shifts and big decisions.  But when compared to an area like copyright its basic assumptions and ordering principles have been remarkably static.  That may mean that the people who make up the product liability policy world are less prepared for a big change.

One way to think about the forces driving these changes is to lay out the contrasting world views of traditional product liability and the new model exemplified by companies like Shapeways.

Traditional Model

• Professional Designers. With modern mass manufacturing, products are designed by individuals or teams with a deep understanding of material properties, tolerances, and  other relevant considerations.  They are trained to anticipate potential use problems and incorporate solutions into the design.
  
• B2B Manufacturing Relationship. Once those designers finish the design, they contract directly with a manufacturer.  The manufacturer understands what they are manufacturing and establishes manufacturing and monitoring processes oriented towards the purpose of the object.
• QA Testing Fit for Purpose.  Because both the designer and manufacturer understand what they are manufacturing and how it will be done, they can collaborate on a testing regime oriented towards the anticipated use of the object.
• Mature Insurance and Contract Umbrella.  Each party is insured and risk is contractually allocated in line with well established industry norms.

New Model

• Designers of Mixed Backgrounds.  While some designers in this new model are trained engineers, plenty of them are not.  Their skill set may have blind spots and shortcomings that they are not aware of and that do not immediately and obviously manifest themselves in their work.
  
• Arms-Length Manufacturing Relationship.  The designs can be printed by a service bureau, but the service bureau does not necessarily appreciate the actual purpose of the object.  The manufacturer uses generic 3D printing processes that are not tailored to the object.
• Lack of QA Testing.  Since the manufacturer does not know what they are printing, they do not create tests to make sure that the finished object is fit for purpose.  Repeatability in 3D printing is not up to the standards of traditional mass manufacturing, so the designer may have a limited understanding of the characteristics of a specific model shipped directly to a customer.
• Immature Insurance and Contract Umbrella.  The process is full of players who may not be insured with an eye towards product liability.  Contracts do not necessarily allocate risk along well established industry norms.

This does not mean that the 3D printing-enabled ability for an individual in their basement to sell physical products to the world is doomed.  Nor does it mean that we should scrap the existing product liability regime because this new model isn’t a perfect fit out of the box.

Instead, as I tried to outline in my response to Adam Thierer’s proposal for maker immunity, it means that we are at a moment where it may make sense to rethink parts of the existing product liability regime.  It is worth trying to understand if the goals of product liability  - to create incentives for people responsible for goods to make their goods safer and to compensate people who are injured by goods - can be advanced in a way that does not require every player in the design-build-distribute chain to be a commercially and legally sophisticated entity.  

Obviously it is way to early to know. Hopefully we are in the beginning of that discussion.

By the way, the Minnesota Journal of Law, Science, and Technology had a really great symposium on 3D printing and law in March.  I’d recommend the entire thing if you are interested, but they did an entire panel on product liability where people who actually know product liability work through some of these issues.

This post is mostly a reaction to Adam Thierer’s recent article titled “A Section 230 for the ‘Makers Movement,” although in the grand tradition of reaction pieces it also uses the article as an excuse to write about a few things I’ve been thinking about lately.  It will probably make a bit more sense (or at least be easier to point out what I’m missing) if you read his piece first, although I’ll do my best to summarize it along the way.

The “230″ in his title is Section 230 of the Communications Decency Act, which gives online platforms wide ranging immunity from responsibility for the things their users post on said platforms.  Many people consider it one of, if not the, most important foundational laws for the growth of the internet.  Essentially, this is because it allowed online platforms to let crazy people they don’t know post things for the entire internet to read.  It is the reason, for example, that tumblr isn’t going to do a legal review before letting me use tumblr to post this blog post.  They don’t care what I write because no one can sue them for my degenerate libelous crackpottery.

What Does This Have To Do With “Makers”?

Before Section 230, traditional law treated publishers as responsible for the things that they published.  This made sense when your mental image of a publisher is the New York Times.  The New York Times is exerting a lot of control and review over what gets published in its pages, so it is reasonable to hold them accountable if one of their writers does something crazy.  However, tumblr (or twitter, or facebook, or whatever) doesn’t have the same relationship with its “writers.”  It does not make sense to hold them responsible for what people publish on their platform because they do not exercise any control over that content.  The internet meant that a lot more people were writing for the public and that the old mental model for dealing with that broke down.

You can draw a fairly convincing parallel to the maker movement.  A collection of technologies is allowing more and more people to not only make physical things, but distribute those physical things around the world.  Regulatory models relating to physical things that assume that there are a limited number of people or companies manufacturing and distributing physical objects don’t necessarily apply.  The nature of the new players involved means that traditional legal assumptions may not apply.  That can result in unjust law and crippling (unintentional) inefficiencies.

If that thesis is correct, it is very tempting to look to the internet model - and Section 230 in particular - for the best ways to address this disruption.

Extending Immunity - The Uber Model vs. the Collaborative Model

Obviously talk of immunity for the technologies and platforms that make the maker movement work is highly interesting to me professionally.  After all, my day job is at just one of those platforms.  Similarly, my not-day job is on the board of the Open Source Hardware Association and there are some people who worry about the legal ramifications of releasing a swarm of open source physical objects out into the world.

However, I do have a reflexive concern about any call for blanket immunities for new technologies.  It may not be fair, but some of those are grounded in what might be thought of as the Uber approach to policy.

Uber was faced with a thicket of taxi regulation that threatened their business model. Their initial response was essentially to dismiss those regulations and bulldoze their way through to the market.

For many people this was a highly popular approach, made all the more popular because many of the regulations that were being bulldozed were imposed by government agencies that were captured by the taxi industry they regulated.  The regulations appeared to benefit the taxi industry much more than taxi customers, so many Uber customers quickly sided with Uber over the regulators and did not shed a tear for the lost regulations.

This approach has its appeal.  It can work quickly and radically transform a ossified industry in pro-consumer ways.  But it can also create problems.  One of those problems is that it can alienate potential partners.  But the bigger problem is that the process of bulldozing “bad” regulations can also result in destroying legitimate regulations that have to do with things like encouraging accessibility and protecting users.  This collateral damage isn’t necessarily the intent, but can be very real for users who rely on the regulatory safety net.

There are, of course, alternative models. 

The most obvious is to go back to the concerns that (at least nominally) motivated the regulation in the first place.  Instead of simply saying “this regulation should not apply,” propose an alternative regulatory scheme that achieves the same end goal without whatever negative barriers the existing scheme is creating.  Naturally this assumes that the original goals still make sense, that there is a way to address them without skunking the entire operation, and that someone on the regulator side is interested in having the conversation.  Admittedly, this can also be an excruciatingly slow process.  If it is done well it can leave everyone better off - but that “if” is a big one.

The point of this diversion is mostly to say that I’m a bit wary of simply exempting wide swaths of society from generally applicable rules without some fairly substantial evidence that doing so is necessary and one of the few real options to achieve some legitimate goal.  That’s not to say that it can never make sense - I think Section 230 worked out pretty well - but rather that doing so should usually require a fairly serious consideration of what is lost when granting such an exemption.  

It also means that when thinking about Adam’s proposal the details matter. So let’s get to them.

Models of Immunity

Adam proposes three potential models for immunity: Section 230, firearm manufacturer immunity, and immunity for vaccine manufacturers.

I won’t spend any more time on the 230 stuff.  The firearm manufacturer immunity is interesting.  I’ll be the first to admit that I don’t know a lot about it beyond the fact that Congress passed a law making it hard/impossible to sue firearm manufacturers for tort liability on the theory that they make inherently unsafe products.

Gun politics aside (which is basically impossible in the context of a law involving guns in the US Congress), I’m a bit skeptical that this is a great model for guns or for makers.  One way to think of the purpose of tort liability is to find a way to push an industry towards creating safer products without strangling the industry with regulation.  In that context, I worry that a blanket exception makes it too easy to not move towards safer products in the long run - and “safer products” does not have to mean ‘no more guns’. This is not to say that all tort liability is good.  But I do recognize that it can have a useful role in accelerating the spread of safer products.  The drag that creates for manufacturers can be worthwhile.

The vaccine fund is another interesting example, but one that Adam admits is hard to apply directly here.  The idea is that some sort of government pool of money stands in the place of vaccine manufacturers in cases where vaccines hurt people.  Because everyone benefits from vaccines, in the rare cases when someone is injured by a vaccine it makes sense for everyone to help compensate them.  Removing liability also makes it more likely that companies will step in to manufacture the vaccines and sell them at affordable prices.  The problem when transposing the model to making is that can be quite hard to calibrate the size of the fund or who should be able to hide behind it without more information about the real types of lawsuit threats maker companies are facing.  For better or worse, we just don’t have the data yet.

Areas of Coverage

“Maker stuff” is a crazily broad category, and it would probably be a horrible idea to create some sort of blanket immunity that covers all of it.  Different technologies are different, and the challenges they may or may not present should be dealt with on a more granular level than “it allows people to make and distribute things.”  Easily recognizing this, Adam breaks it down into three categories.

Robots

The proposed immunity is for open robot creators if the robot is under the control of the user or software written by a third party.  The idea is that putting a robot out into the world should not make you liable for every crazy thing that someone might do with the robot.

While I like this theory, I’m not convinced (yet) that existing tort liability is inadequate in this situation.  In at least some cases tort can take into account things like third party or user modifications.  Blanket liability exemptions are a big deal and I’d need a lot of convincing that they are really necessary here.  Imposing liability in nonprofessional makers creates a problem, but it can also bring some benefits.

3D Printing

I obviously have a lot of conflicts on this one.  There would be a clear short term (at least) professional benefit to me if all 3D printing platforms were categorically immune from any claim related to what users do on the site.

That being said, I worry about this sort of exemption as well.  “Many people can use this to make stuff” isn’t necessarily a power specific to 3D printing.  When I think about 3D printing policy, one of my first points is usually to avoid treating 3D printing differently unless you have to.  The fear that 3D printing will be implicated because a user does something stupid or illegal is real, but the answer in those cases is probably to treat it like any other technology.  Creating a special 3D printing carveout should only happen when there is real evidence that there is a 3D printing specific problem that needs addressing.  I’m not sure there is one yet.

Virtual Reality

This section of the post feels more like flag planted than anything else.  It is too early in the history of applied VR to know what may or may not be needed.  Adam seems to view it the same way. I’m glad he raises it, and also glad to see that he doesn’t propose anything specific.

Main Takeaways

I found that this piece made me think a lot about the nature of regulation and liability in the maker context, which is fantastic.  When I approach these questions, I try and start by understanding why the existing rules are there in the first place.  Then I try and formulate an explanation for why a specific technology or application changes the assumptions underlying the regulatory regime.  Only at that point would I start to put forward alternative ways to address the underlying concerns of the motivation (or explain why those concerns are no longer valid) that do not unnecessarily hamper the growth of the new technology.  I’m looking forward to the full length treatment of this issue that Adam promises at the end to see how he approaches it.

This post originally appeared on the Shapeways blog.  And yes, I know that this story was on hyperallergic well before it made it to the New York Times.  I wrote this as they started boarding my flight to Tokyo for the International Conference on Digital Fabrication and didn’t have time to do as much hyperlink due diligence as I would have liked.  That’s also why the questions that open it don’t have reference links.  But enough meta-post, let’s get on to the post.

There is a lot to discuss following The New York Times’ Swiping a Priceless Antiquity…with a Scanner and a 3-D Printer about the Bust of Nefertiti in the Neues Museum that was surreptitiously 3D scanned by two German artists: Is their story of how they obtained the scan true? What does it mean for the ongoing dispute about the appropriateness of such an artifact residing in a German museum? Should more museums be releasing high quality 3D scans of their collection? Where can I get a copy of the file?

Some people also eventually start to wonder about copyright. Are the artists infringing on any rights by creating the scan? Do the artists have any new copyright in their scan? If the museum wanted to control scanning of objects, can they use copyright? If you are one of those people, this post is an attempt to give you some answers.

Is Scanning the Bust Copyright Infringement?

No. The bust itself is more than 3,000 years old. There was no concept of copyright when it was created (as far as I can tell—legal scholars of ancient Egypt, prove me wrong!), and we are well beyond the current life plus 70 years term of copyright protection today. The bust is firmly in the public domain and, at least from a copyright perspective, available for anyone to copy, remix, and build upon without permission.

Do the Artists Who Created the Scan Have Rights in Their Scan?

Most likely not. In the United States the creator of a digital scan does not get a copyright on the scan file independent of the object being scanned. The situation is a bit less clear in the EU, but there are strong arguments [outlined here] to come to the same conclusion.

Note that this is different than how photographs are treated. Why the difference? The short version is that copyright is designed to reward creativity. These types of digital scans may take a lot of work to be accurate, but they are designed to avoid introducing creative variation into the file. The goal of the scan is to copy the object as perfectly as possible – integrating creative interpretation would be counter to that purpose. (If this explanation feels incomplete to you, keep watching this space. We’re working on a whitepaper that takes a bit of a deeper dive into the issue.)

Can Museums Stop This Sort of Scanning?

Not with copyright. However, there are potentially other ways. Museums control access to the artifacts and can condition that access on all sorts of rules. Just as they can require you to pay a fee or leave your bags at the door in order to see an artifact, they can say that in return for access to the artifact you agree to not take a scan.

However, that sort of restriction has at least two shortcomings. First, enforcement is restricted to people who agree to the terms. That means that they can punish the person who physically accessed the object for violating the terms. But a person who just downloaded the scan never agreed to those terms – and therefore shouldn’t be held responsible for violating them.

Second, as this incident vividly illustrates, trying to prevent scanning may be a fool’s errand. While museums may be able to impose these sorts of rules, it may be better in the long run to create their own high-quality scans and release them instead of waiting for bootleg versions to leak out.

This post originally appeared on the Shapeways blog.

Today we are happy to announce the Shapeways transparency report for 2015.  This report is designed to give everyone in the Shapeways community insight into how our systems governing intellectual property disputes and third party access to Shapeways user information work.

What is a transparency report, and why publish it?

A transparency report is a public document that sheds light on how internal processes here at Shapeways work in practice.  While the entire Shapeways community is impacted by our policies covering things like copyright disputes and privacy, in most cases individual disputes over those issues happen behind closed doors.  This is a good thing in specific cases – community members should be able to resolve their differences outside of the spotlight.  However, it can also make it hard for people who are not directly involved in a dispute to understand how the process works, or how those processes are working in aggregate.

The transparency report helps to summarize how our processes work and to give the entire community a better understanding of the trends emerging from them.  It also helps the larger public and policymakers understand how systems grounded in law play out in reality.  As we note in the report, it is impossible to evaluate the laws that control how Shapeways operates without understanding how those laws impact Shapeways and the Shapeways community.

What’s in this report?

I encourage you to check out the report itself, but some high level points are worth mentioning.  The most striking is how trademark takedown requests are interacting with traditional copyright takedown requests.  Last fall we, along with a number of similarly situated companies, raised concerns to the White House about a trend in takedown requests.  We noticed that rightsholders were combining trademark claims with copyright claims.  A side effect of this combination – intended or not – is to remove the dispute from the notice and takedown process that provides protections for users accused of copyright infringement.

This report puts some numbers behind that concern.  Of the 761 copyright-related takedown requests we received in 2015, 582 (that’s 76%) also included trademark requests.  As a result, 76% of the copyright takedown requests were outside of the notice and counternotice process established by the Digital Millennium Copyright Act (DMCA).  That means that only about a quarter of the copyright takedown requests we get are actually covered by the DMCA process created by the U.S. Congress to govern such requests.

The report also contains some spaces without numbers.  The report contains sections for requests for user information by governments and by third parties with court orders.  Shapeways did not receive any such requests in 2015. However, we included these sections in the report so community members could be confident that the absence was because we did not receive them, not that we were avoiding talking about them.  Along those lines, we have also registered our warrant canary with CanaryWatch.org.

We hope that this report is helpful to our community. If you have any ideas of how to make it better, feel free to hit me up via email at mweinberg@shapeways.com or in the comments below.