The Authors Guild v. Google, Inc.

Filing 46

JOINT APPENDIX, volume 6 of 6, (pp. 1501-1640), on behalf of Appellant Jim Bouton, Joseph Goulden, Betty Miles and The Authors Guild, FILED. Service date 04/07/2014 by CM/ECF.[1196285] [13-4829]

Download PDF
13-4829-cv United States Court of Appeals for the Second Circuit THE AUTHORS GUILD, BETTY MILES, JIM BOUTON, JOSEPH GOULDEN, individually and on behalf of all others similarly situated, Plaintiffs-Appellants, HERBERT MITGANG, DANIEL HOFFMAN, individually and on behalf of all others similarly situated, PAUL DICKSON, THE MCGRAW-HILL COMPANIES, INC., PEARSON EDUCATION, INC., SIMON & SCHUSTER, INC., ASSOCIATION OF AMERICAN PUBLISHERS, INC., CANADIAN STANDARD ASSOCIATION, JOHN WILEY & SONS, INC., individually and on behalf of all others similarly situated, Plaintiffs, v. GOOGLE, INC., Defendant-Appellee. –––––––––––––––––––––––––––––– ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF NEW YORK JOINT APPENDIX (UN-SEALED REDACTED VERSION) Volume 6 of 6 (Pages A-1501 to A-1640) DURIE TANGRI 217 Leidesdorff Street San Francisco, California 94111 (415) 362-6666 – and – WILMER CUTLER PICKERING HALE AND DORR LLP 1875 Pennsylvania Avenue, NW Washington, DC 20006 (202) 663-6600 Attorneys for Defendant-Appellee FRANKFURT KURNIT KLEIN & SELZ, P.C. 488 Madison Avenue, 10th Floor New York, New York 10022 (212) 980-0120 – and – JENNER & BLOCK 1099 New York Avenue, NW, Suite 900 Washington, DC 20001 (202) 639-6000 Attorneys for Plaintiffs-Appellants i TABLE OF CONTENTS Page District Court Docket Entries .................................... A-1 Excerpts from the Objection of Amazon.com, Inc. to Proposed Settlement, dated September 1, 2009 A-53 Excerpts from the Objections of Microsoft Corporation to Proposed Settlement and Certification of Proposed Settlement Class and Sub-Classes, dated September 8, 2009 .................. A-65 Excerpts from the Memorandum of Amicus Curiae Open Book Alliance in Opposition to the Proposed Settlement, filed September 8, 2009 ...... A-78 Excerpts from the Objection of Yahoo!Inc. to Final Approval of the Proposed Class Action Settlement, filed September 8, 2009 ...................... A-80 Declaration of Michael J. Boni in Support of Motion to Approve the Amended Settlement Agreement, dated November 13, 2009 (Omitted herein) Exhibit 2 to Boni Declaration – Amended Settlement Agreement, dated November 13, 2009 ............................................... A-83 Opinion of the Honorable Denny Chin, dated March 22, 2011 ...................................................... A-127 Fourth Amended Class Action Complaint, dated October 14, 2011.................................................... A-175 Defendant Google Inc.’s Answer to Plaintiffs’ Fourth Amended Complaint, dated June 14, 2012 A-191 ii Page Declaration of Judith A. Chevalier in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 18, 2012 .............................. A-201 Exhibit A to Chevalier Declaration – Expert Report of Judith A. Chevalier, dated May 4, 2012 ........................................................... A-203 Declaration of Dan Clancy in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 26, 2012 ................................................ A-222 Exhibit A to Clancy Declaration – Cooperative Agreement between Google Inc. and Regents of the University of Michigan/University Library, dated June 15, 2005.................................. A-228 Exhibit B to Clancy Declaration – Search Results Page for the Query “Steve Hovley” .................................................................. A-241 Exhibit C to Clancy Declaration – Portion of an About the Book Page that is Displayed when one clicks on Ball Four in the Search Results Pictured in Exhibit B ..................... A-243 Exhibit D to Clancy Declaration – Portion of the About the Book Page Depicted in Exhibit C Showing the Snippets Displayed ........... A-245 Exhibit E to Clancy Declaration – Excerpt from a Search Page for Black’s Law Dictionary .............................................................. A-247 Exhibit F to Clancy Declaration – Page Showing Foul Ball in Partner Program Preview .................................................................. A-249 iii Page Exhibit G to Clancy Declaration – Webpage at http://books.google.com/ googlebooks/testimonials.html Reflecting User Comments on Google Books ................................. A-251 Exhibit H to Clancy Declaration – Quantitative Analysis of Culture Using Millions of Digitized Books by Jean-Baptiste Michel ......... A-259 Declaration of Joseph C. Gratz in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 27, 2012 .............................. A-267 Exhibit 1 to Gratz Declaration – Excerpts of Deposition Transcript of Paul N. Courant, dated April 23, 2012................................ A-270 Exhibit 2 to Gratz Declaration – Excerpts of Deposition Transcript of Paul Aiken, dated April 19, 2012 .............................................. A-283 Exhibit 3 to Gratz Declaration – Excerpts of Plaintiffs’ Responses and Objections to Defendant Google Inc.’s First Set of Interrogatories, dated April 27, 2012 ..................... A-298 Exhibit 4 to Gratz Declaration – Excerpts of Deposition Transcript of Judith A. Chevalier, dated June 8, 2012 ................................ A-307 Exhibit 5 to Gratz Declaration – Letter from Pamela Samuelson to the Honorable Denny Chin, dated February 13, 2012 ................... A-310 Exhibit 6 to Gratz Declaration – Excerpts of Deposition Transcript of Eric Zohn, dated April 13, 2012 .............................................. A-316 iv Page Exhibit 7 to Gratz Declaration – Exhibit 2 to the Deposition Transcript of Eric Zohn ....................................................................... A-322 Declaration of Albert N. Greco in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 23, 2012 .............................. A-325 Exhibit A to Greco Declaration – Expert Report of Albert N. Greco, dated May 3, 2012 ........................................................... A-327 Declaration of Kurt Groetsch in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 25, 2012 .............................. A-335 Declaration of Bruce S. Harris in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 23, 2012 .............................. A-340 Exhibit A to Harris Declaration – Expert Report of Bruce S. Harris, dated May 3, 2012, with Exhibits D-H ........................... A-342 Declaration of Brad Hasegawain in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 25, 2012 .............................. A-392 Declaration of Stephane Jaskiewicz in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 25, 2012 .............................. A-395 Declaration of Gloriana St. Clair in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 18, 2012 .............................. A-398 Exhibit A to St. Clair Declaration – Expert Report of Gloriana St. Clair, dated May 3, 2012 ........................................................... A-400 v Page Local Rule 56.1 Statement in Support of Defendant Google Inc.’s Motion for Summary Judgment, dated July 27, 2012 ................................................ A-417 Declaration of Joanne Zack in Support of Plaintiffs’ Motion for Partial Summary Judgment, dated July 26, 2012 .......................................................... A-429 Exhibit 1 to Zack Declaration – U.S. Copyright Office Certificate of Registration No. A173097 .......................................................... A-435 Exhibit 2 to Zack Declaration – U.S. Copyright Office Certificate of Registration No. TX0000338841 ............................................... A-438 Exhibit 3 to Zack Declaration – U.S. Copyright Office Certificate of Registration No. A346254 .......................................................... A-441 Exhibit 4 to Zack Declaration – Printouts from Google’s Website displaying Search Results in Jim Bouton, Ball Four .............. A-444 Exhibit 5 to Zack Declaration – Printouts from Google’s Website displaying Search Results for the Term “pitch” in Jim Bouton, Ball Four .................................................. A-510 Exhibit 6 to Zack Declaration – Printouts from Google’s Website displaying Search Results for the Term “pitches” in Jim Bouton, Ball Four .................................................. A-516 Exhibit 7 to Zack Declaration – Printouts from Google’s Website displaying Search Results in Betty Miles, The Trouble with Thirteen .................................................................. A-522 vi Page Exhibit 8 to Zack Declaration – Printouts from Google’s Website displaying Search Results in Joseph Goulden, The Superlawyers: the Small and Powerful World of the Great Washington Law Firms .......................... A-532 Exhibit 9 to Zack Declaration – Excerpts from a Spreadsheet produced by Google identifying approximately 2.7 million scanned Books Google has distributed to Libraries ............ A-542 Exhibit 10 to Zack Declaration – Printout from http://www.authorsguild.org/about/ history. html ........................................................... A-546 Exhibit 11 to Zack Declaration – Printout from http://investor.google.com/ corporate/faq.html .................................................. A-549 Exhibit 12 to Zack Declaration – “Google Checks Out Library Books,” dated December 14, 2004 ................................................ A-555 Exhibit 13 to Zack Declaration – Pages 1, 2, 15, and 56 of Google Inc.’s 2011 Form 10-K ............................................................. A-559 Exhibit 14 to Zack Declaration – Pages 1, 3, and 50 of Google Inc.’s 2010 Form 10-K ....................................................................... A-564 Exhibit 15 to Zack Declaration – Google Print Partner Development: Global Sales Conference (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-1-CA-16) ......... A-568 vii Page Exhibit 16 to Zack Declaration – Deposition Transcript of Daniel Clancy (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-17-CA-83) ....... A-569 Exhibit 17 to Zack Declaration – Google Book Partner Program Standard Terms and Conditions ....................................................... A-570 Exhibit 18 to Zack Declaration – Deposition Transcript of Thomas Turvey (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-84-CA-115)...... A-579 Exhibit 19 to Zack Declaration – Printout from http://support.google.com/ books/bin/answer.py?hl=en&answer=43729I ....... A-580 Exhibit 20 to Zack Declaration – Announcement from Google, “Committee on Institutional Cooperation (CIC) Joins Google’s Library Project,” dated June 6, 2007 ..................... A-582 Exhibit 21 to Zack Declaration – Declaration of Daniel Clancy in Support of Google Inc.’s Opposition to Plaintiffs’ Motion for Class Certification, filed February 8, 2012 ............ A-586 Exhibit 22 to Zack Declaration – Printout from http://support.google.com/ books/bin/answer.py?hl=en&answer=43751. ........ A-591 Exhibit 23 to Zack Declaration – Compilation of Documents produced by Google (Portions of Exhibit 23 Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-116-CA-308) ......................................... A-593 viii Page Exhibit 24 to Zack Declaration – Deposition Transcript of Kurt Groetsch (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-309-CA-340) ... A-685 Exhibit 25 to Zack Declaration – Deposition Transcript of Stephane Jaskiewicz (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-341-CA-372) ... A-686 Exhibit 26 to Zack Declaration – Defendant Google Inc.’s Supplemental Narrative Responses and Objections to Plaintiffs’ Second Request for Production of Documents and Things (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-373-CA-388) ... A-687 Exhibit 27 to Zack Declaration – Excerpts from the Defendant Google Inc.’s Responses and Objections to Plaintiffs’ First Set of Requests for Admission ..................................... A-688 Exhibit 28 to Zack Declaration – Printout from http://www.google.com/ googlebooks/library.html ....................................... A-705 Exhibit 29 to Zack Declaration – QA Training Manual (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-389-CA-407) ... A-707 Exhibit 30 to Zack Declaration – Excerpts from a Spreadsheet produced by Google A-708 ix Page Exhibit 31 to Zack Declaration – E-mail from Joseph Gratz to Joanne Zack, dated December 9, 2011 (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-408-CA-409) ... A-712 Exhibit 32 to Zack Declaration – Library of Congress Trip Report (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-410-CA-422) ... A-713 Exhibit 33 to Zack Declaration – Deposition Transcript of Paul Courant (Redacted Version. Unredacted Version Reproduced in the Confidential Appendix at pp. CA-423-CA-437) ................................................... A-714 Exhibit 34 to Zack Declaration – “Google Print Full Text Book Mini-GPS,” dated December 10, 2003 (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-438-CA-454) ... A-748 Exhibit 35 to Zack Declaration – “Google Print: A Book Discovery Program,” dated October 15, 2004 (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-455-CA-478) ... A-749 Exhibit 36 to Zack Declaration – Deposition Transcript of Gloriana St. Clair ........... A-750 Exhibit 37 to Zack Declaration – Expert Report of Daniel Gervais ........................... A-782 x Page Exhibit 38 to Zack Declaration – Deposition Transcript of James Crawford (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-479-CA-497) ... A-797 Exhibit 39 to Zack Declaration – Expert Report of Benjamin Edelman ..................... A-798 Exhibit 40 to Zack Declaration – Deposition Transcript of Bruce Harris ................... A-808 Exhibit 41 to Zack Declaration – Deposition Transcript of Albert Greco .................. A-825 Exhibit 42 to Zack Declaration – Deposition Transcript of Judith Chevalier (Redacted Version. Confidential Pages Reproduced in the Confidential Appendix at pp. CA-498-CA-501) ............................................. A-852 Exhibit 43 to Zack Declaration – Defendant Google Inc.’s Responses and Objections to Plaintiffs’ First Set of Interrogatories ........................................................ A-909 Plaintiffs’ Statement of Undisputed Facts in Support of Their Motion for Partial Summary Judgment, dated July 26, 2012 (Public Redacted Version. Confidential Pages Reproduced in the Confidential Appendix at pp. CA-502-CA-508) ............................................. A-927 Plaintiffs’ Response to Defendant Google Inc.’s Local Rule 56.1 Statement, dated August 26, 2013 (Public Redacted Version. Confidential Pages Reproduced in the Confidential Appendix at pp. CA-509-CA-516) ............................................. A-949 xi Page Declaration of Michael J. Boni in Support of Plaintiffs’ Opposition to Defendant Google’s Motion for Summary Judgment, dated August 26, 2013 ..................................................... A-979 Exhibit 1 to Boni Declaration – Compilation of Google Snippet Displays from Jim Bouton’s Baseball Memoir Ball Four ............. A-982 Exhibit 2 to Boni Declaration – Google Snippet Displays from Joseph Goulden’s History Superlawyers............................................. A-1074 Exhibit 3 to Boni Declaration – Google Snippet Displays from Betty Miles’s Novel The Trouble with Thirteen ........................... A-1172 Exhibit 4 to Boni Declaration – Internal Memos produced by Google to The American Society of Media Photographers, Inc. (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-517-CA-521) ... A-1204 Exhibit 5 to Boni Declaration – Cover, Table of Contents, and Complete Chapter Two with Answer Key for The Seinfeld Aptitude Test by Beth Golub (Carol Publishing Group, 1994) ...................................................................... A-1205 Exhibit 6 to Boni Declaration – Cover, Table of Contents, and First Three Pages of each Chapter from Welcome to Twin Peaks (1990 Publications International Ltd.) ................... A-1244 xii Page Exhibit 7 to Boni Declaration – Excerpts from the Deposition of Bradley Hasegawa (Filed Under Seal. Reproduced in the Confidential Appendix at pp. CA-522-CA-538) ... A-1271 Exhibit 8 to Boni Declaration – Printout from a Webpage on Amazon.com, obtained by clicking on the “Amazon” Link on the Google Books Page for Joseph Goulden’s book Superlawyers................................................. A-1272 Exhibit 9 to Boni Declaration – Printout from a Webpage on Amazon.com, obtained by running a Search on Amazon.com for “Steve Hovley” ...................................................... A-1277 Exhibit 10 to Boni Declaration – Printout from a Webpage on Amazon.com, obtained by running a Search on Amazon.com for “Minoru Yasui” ...................................................... A-1287 Declaration of Paul Aiken in Support of Plaintiffs’ Opposition to Defendant Google’s Motion for Summary Judgment, dated August 26, 2013 ......... A-1290 Attachment A to Aiken Declaration – Amazon Press Release: “Amazon.com Launches “Search Inside the Book” Enabling Customers to Discover Books by Searching and Previewing the Text Inside” ............................................................ A-1302 Attachment B to Aiken Declaration – “The Great Library of Amazonia,” Wired Magazine, November 12, 2003 .............................. A-1305 xiii Page Attachment C to Aiken Declaration – “News: A9, Amazon’s Search Portal, Goes Live: Reverberations Felt in Valley,” John Battelle’s Search Blog, April 14, 2004................................... A-1314 Attachment D to Aiken Declaration – “Can Amazon Unplug Google?” Business 2.0, April 15, 2004 ........................................................ A-1319 Attachment E to Aiken Declaration – “Amazon to Take Searches on Web to a New Depth,” The New York Times, September 15, 2004 ............................................... A-1325 Attachment F to Aiken Declaration – “Amazon’s A9 Launches Visual Yellow Pages,” Search Engine Watch, January 26, 2005 ................ A-1329 Attachment G to Aiken Declaration – “Google Hires Amazon Search Chief,” Seattle Post-Intelligencer, February 7, 2006 ..................... A-1333 Attachment H to Aiken Declaration – “Google Announces New Mapping Innovations at Where 2.0 Conference,” News from Google, May 29, 2007 ......................................................... A-1337 Declaration of Joseph C. Gratz in Opposition to Plaintiffs’ Motion for Partial Summary Judgment, dated August 26, 2013 ........................................... A-1340 Exhibit 1 to Gratz Declaration – Portion of the Web Page resulting from a Search on the Library of Congress Catalog at http://catalog.loc.gov for the Query “500 Pearl Street” .................................................................... A-1344 xiv Page Exhibit 2 to Gratz Declaration – Portion of the Web Page resulting from a Search on https://books.google.com for the Query “500 Pearl Street” ........................................................... A-1346 Exhibit 3 to Gratz Declaration – Portion of the Web Page that results from clicking on the Result Alas! What Brought Thee Hither?: The Chinese in New York, 1800-1950 in Exhibit 2................................................................. A-1348 Exhibit 4 to Gratz Declaration – Portion of the Web Page resulting from a Search on https://books.google.com for the Query “Hong Kee Kang” ............................................................. A-1350 Exhibit 5 to Gratz Declaration – Portion of the Web Page that results from clicking on the Result Chinese America, History and Perspectives in Exhibit 4 ................................ A-1352 Exhibit 6 to Gratz Declaration – Printout from http://www.amazon.com/gp/offerlisting/B002H9DITW ............................................ A-1354 Exhibit 7 to Gratz Declaration – Marc Egnal, Evolution of the Novel in the United States: The Statistical Evidence, 37:2 Soc. Sci. Hist. 231 (2013) ..................................................... A-1356 Exhibit 8 to Gratz Declaration – Written Testimony submitted by Paul Aiken to the Committee on the Judiciary of the United States House of Representatives in connection with a September 10, 2009 Hearing titled “Competition and Commerce in Digital Books” ... A-1381 xv Page Exhibit 9 to Gratz Declaration – Excerpts of the Deposition Transcript of Paul Aiken...................................................................... A-1412 Exhibit 10 to Gratz Declaration – Excerpts of the Deposition Transcript of Betty Miles ...................................................................... A-1419 Exhibit 11 to Gratz Declaration – Excerpts of Plaintiffs’ Reponses and Objections to Defendant Google Inc.’s First Set of Interrogatories to Plaintiffs The Authors Guild, Inc., Jim Bouton, Joseph Goulden and Betty Miles herein, served on April 27, 2012.................. A-1425 Exhibit 12 to Gratz Declaration – Excerpts of the Deposition Transcript of Jim Bouton.................................................................... A-1432 Exhibit 13 to Gratz Declaration – Excerpts of the Deposition Transcript of Joseph Goulden.................................................................. A-1435 Exhibit 14 to Gratz Declaration – Exhibit 6 to the Deposition of Paul Aiken ............. A-1445 Exhibit 15 to Gratz Declaration – Deposition Transcript of Daniel Gervais ............... A-1448 Exhibit 16 to Gratz Declaration – Deposition Transcript of Benjamin G. Edelman .... A-1509 Exhibit 17 to Gratz Declaration – Exhibit 5 to the Deposition of Jim Bouton ............ A-1588 Exhibit 18 to Gratz Declaration – Exhibit 2 to the Deposition of Betty Miles ............ A-1590 xvi Page Exhibit 19 to Gratz Declaration – Exhibit 16 to the Deposition of Benjamin G. Edelman ................................................................. A-1592 Exhibit 20 to Gratz Declaration – Excerpts of the Deposition Transcript of Judith A. Chevalier ................................................................ A-1595 Declaration of Scott Dougall in Opposition to Plaintiffs’ Motion for Partial Summary Judgment, dated August 22, 2013 ........................................... A-1602 Google Inc.’s Responses and Objections to Plaintiffs’ Statement of Undisputed Facts in Support of Their Motion for Partial Summary Judgment, dated August 26, 2013 (Public Redacted Version. Confidential Pages Reproduced in the Confidential Appendix at pp. CA-539-CA-555) ............................................. A-1605 Notice of Appeal, dated December 23, 2013 ............. A-1639 A-1501 Case 1:05-cv-08136-DC Document 1075-15 Page 209 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 interest of all the parties I've already mentioned. Q How many similar licenses have you personally negotiated, similar to the ones that you're hypothesizing? A Personally negotiated? Q Yeah. A None. Q How many did you review in connection with your report? A I'm not sure what you mean, licenses of the typo that I -- there is no exact license that covers exactly what I have described. I'm just saying that the rights that would be covered by a such a license are already aggregated, to the most part, so it would be fairly easy to come up with a licensing arrangement to be negotiated. Q You said the probability was high, didn't you? A Yes. Q The probability is high, even though no such license exists now? A Yes. Q And you know that because it makes sense to you? A Because I believe -- my understanding is it makes sense for all the parties involved, and it is Page 211 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 210 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 consistent with behavior I have observed, including, for example, the proposed settlement, the fact that a lot of major users of digital content are licensing that content. Q How many are licensing search? A Alone? Search alone? Separate from other functions, I have not seen a license that applies strictly to search. Q How many are licensing the return of snippets in connection with search? MR. SNYDER: Objection to form. THE WITNESS: I don't -- I don't know beyond the example that you've mentioned that you called the Amazon search in the book. You described that as a snippet, so . . . Q So we've got one data point for display of snippets in connection with search? A Well, it's not an insignificant data point if it is Amazon, but okay. Q It's not one you looked at; correct? A Not to prepare this report. Q So we've got one data point of -- for a license in connection with a license -- strike that. One data point in which people opt-into a search program. Your testimony, as I understand it, is Filed 08/26/13 Page 54 of 61 that there's a high probability that that functionality would be included in a license that would include additional terms; is that your point? A Yes. Q What are those additional terms? A Other uses that would be licensed in the same contract would include, for example, making copies of entire books, allowing Google to profit from its scanning efforts in other ways. And I assume that this would not be restricted by the license. I don't know. Q Copies of entire books? A That's what Google is doing, according to the documents filed by Google in the case. Q Is it displaying targets? A Not in the snippet program, and what I described -- what you described in the partner program, I think they do that. But to my mind, that's not the -when I am talking Google Books, I'm talking snippets, right. So in the snippet program, I'm not aware that they display entire books. Q Is it your understanding that the partner program displays entire books? A I remember reading that it displays more than snippets. Whether it's entire books, I don't know. Q So when we go back to the royalty-free Page 212 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 question, which is where we began, your point was that even if search is royalty free, under the license authors who agreed might derive revenue from additional uses. Is that your point? A My point is that search might be free for now. I don't know it would be forever. And, yes, I think authors might sign that agreement if they saw value in allowing search, without compensation, because they were compensated in some other ways. That would be for them to make that determination. Q Does that compensation come from things that Google is not presently doing? A It may come from things that Google's not presently doing, but would have an interest in doing to exploit this database of millions of books that it has scanned. Q Have you asked anyone at Google whether they have such an interest? A No. My -- my understanding is based on what would have been allowed under the proposed settlement that I understand that Google had agreed to. Q Do you understand that the settlement was not accepted? A I do, but not by Google. As I understand it, it had been accepted by Google and other parties in the 53 (Pages 209 to 212) A-1502 Case 1:05-cv-08136-DC Document 1075-15 Page 213 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 case. Q And do you think that that is an important foundation for the inference you draw that there is a high probability? A No. It's one factor I -- I took into consideration. I'm much more basing my opinion on the fact that I believe it's in the interest of all parties involved to make this work. Q Okay. It can work as it is right now; right? MR. SNYDER: Objection to form. THE WITNESS: Technically or legally? BY MR. McGOWAN: Q Well, legally, you told me you -- you don't -A Exactly. Q -- take a position? A That's correct. Q Technically, obviously, it can? A Technically is a matter -- technology seem that it's working. But whether it's legal or not, I don't know. Q Let me take you to Paragraph 42. I want to make sure that we have this clear on the record. We began this line of inquiry when I asked you what practices were included in the first line of 42, and you said, as I recall, scanning and snippets. And I Page 215 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 214 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 asked if search were included. And you say practices like Google's -- "Allowing practices like Google's as fair use may be expected to thwart the development of collective management systems." What do you mean by collective management systems? Is that CCC? A That is one example of such a system. A collective management system is rights aggregated by the plurality of rightsholders typically for one type of content that is licensed to one or more users. And so I do believe that if a court finds that what Google is doing here is fair use, it will be harder, hence the word "thwart" here, to develop collective management systems for digital uses of books and specifically book excerpts. Q So would it be harder to develop systems for the display of full text if what Google is doing here is found to it be fair use? A It could. It might affect existing markets for digital uses of book experts as well. It's very hard to predict what would happen if there was a fair use determination. It would depend on how the court arrives at that determination, what conditions it imposes. It is very difficult to call the exact impact of that determination. Filed 08/26/13 Page 55 of 61 Q Why? A For the reason I just stated. Q So why would it affect the display of full text of books, which Google does not do? A I said it could. Q Okay. What is the probability? A That it would affect -- I just told you. It's very hard to call exactly what a fair use determination would have. If for example, a snippet is fair use and people will say, well, how about double snippet or triple snippet, and then we're going to get into arguments about how far the exception goes. And I don't know how that far it would be taken. It really depends on if and how a court would make that determination. Q So are those arguments that people do not have now? A They are not based on an actual determination by a court about whether snippets and reproduction of entire books by Google is, indeed, a fair use or not. If we have that case determination, I believe that the landscape changes very dramatically for authors. Q Because you now have an opinion pertaining to an eighth of a page snippet? A Because you have an opinion that would either Page 216 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 say that -- that would -- if it's said it's not a fair use, then it would need to be licensed. And I -- as I said in my report, I fully expect that there would be some collective management system that would emerge as a result of a determination that this is not fair use. Q Are you familiar with the Georgia State opinion? A I've heard about it; I have not read it. Q Has it had an effect on CCC? A I don't know. Q Has it had an effect on collective licensing? A I don't -- I'd have to check whether it's on appeal. I'd have to ask CCC. Q Well, you don't have appeal in here in Paragraph 42, do you? A Yes, of course, I do. I mean, determination is something that is fair use is a final determination in the case, that it is a fair use, which would presumably be made by the 2nd Circuit of the Supreme Court of the United States. Q I see. You are -A Assuming the final determination. Q So you don't know whether a decision that just came down in a case underwritten by the copyright clearance center suing one of its users that had an 54 (Pages 213 to 216) A-1503 Case 1:05-cv-08136-DC Document 1075-15 Page 217 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 influence similar to the one you hypothesize here; is that correct? A I have not read that opinion. I understand that a number of very important uses were determined not to be fair. But I don't -- that's -- I read that on blogs. I have not read the opinion. So I don't know more. Q Okay. Can you point me to an effect it's had? A I have not researched that, so I don't know. Q Do you have any reason to expect that the decision in that case would have a different effect than a decision in this case? A If in Georgia State -- well, Georgia State, I would have to check what exact uses were found not to be fair uses and whether a license was already available, whether there's been a change in the take-up rate for that license. Again, I don't even know if that case is a final determination. I seem to recall it's a district court opinion, not a circuit opinion, but I may be wrong. I have not read it, so . . . Q Well, let me ask you this. Google Books project started in 2004. Are you aware of that? THE REPORTER: I'm sorry? MR. McGOWAN: Started in 2004. BY MR. McGOWAN: Page 219 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 218 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q Are you aware of that? A I wasn't aware of the exact start date, but I have no reason to doubt that. Q Approximately, were you aware? A Approximately. Q Since its inception, has it had -- do you opine in this case that it has thwarted the development of markets? A Well, there's -- there is no licensing market for those type of uses. But I don't know that -- how many other players are in the -- in the process or are not getting in the process of offering similar services. There is -- you're asking a negative determination about nonfacts, which is very, very difficult. Are there other companies that would do this if there was clarity, if this was licensed. Amazon is doing it, but it apparently is doing it, from what you're saying, under license. It is very difficult to know alternative universes or futures based on the fact that Google has been doing this. I think everybody, or a lot of people, know there's pending litigation, and it may very well be that the outcome of this litigation will, in fact, lead to developments that are hard to predict. Q Well, you opine on a hypothetical universe in Filed 08/26/13 Page 56 of 61 Paragraph 42, don't you? A Yes. I'm saying that if there is a fair use determination, it will have a significant impact. I cannot quantify that impact. Q You also actually can't describe that impact in terms of contract terms; correct? A Well, I guess I could. You know, you have a license to perform certain uses of parts of books. And if, for example, they had been the fair use determination, I'm pretty sure that those uses would not be covered in the license. In addition, uses that are close to those, the so-called marginal uses I referred to earlier, would likely be fought over in terms of both licensing rate and possible additional litigation. So this would definitely impact the contract in that way. I can't point to specific words, but I can really see how it would affect the contract negotiation. Q I'm asking about terms. I'm trying to get an understanding of what terms would differ? A The uses that would be licensed would likely differ. Q Okay. So you said a moment ago that you don't know whether by virtue of Google undertaking the Google Books project, you don't know how that affected the Page 220 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 market? A It may have prevented certain developments. It may have interrupted chains of events. It is very difficult to make those calls. I also believe that the fact that there's pending litigation as to whether this is or isn't fair use may have impacted the development of licensing systems because people are not sure to the extent that this case is concerned. But even more broadly, what uses of book excerpts online are or aren't fair use. And so it's very hard to negotiate a license -- I'm talking about other players here -- with this uncertainty. You would have to basically be playing licensing poker by trying to figure out if this is fair use or not. Q Let's break this down. When you say "may," what steps have you taken in connection with your report to determine whether the project has, in fact, had an effect of altering licensing practices? A I have not made a determination in this specific case that something did not happen because of the case, if that's your question. Q You don't know? A I don't know. Q Whether something did not happen because of 55 (Pages 217 to 220) A-1504 Case 1:05-cv-08136-DC Document 1075-15 Page 221 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the project? A No. It's very hard to know something that did not happen. Q That's not opinion that you're expressing? A What is not an opinion that I'm not expressing? Q That there are licensing events that would have occurred had it not been for the Google Books project, but did not occur because of the project. A I said I'm not aware of specific examples of cases where this did not happen. It is entirely logical to think that when the scope of what needs to be licensed is unclear, people will hesitate to enter into licensing transactions. Q Well, the scope was unclear before the Google Books project, wasn't it? MR. SNYDER: Objection to form. THE WITNESS: I'm not sure what -- you know, you said 2004. So we're looking at 2004 and making available book excerpts online. Situation may have changed now. There may be companies that do not exist because they don't -- because there's no venture capital in this area. What I'm saying, is there may very well be interrupted chains of events. What I'm saying, though, Page 223 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 222 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 as a matter of my report is that the uncertainty, and specifically in my report, paragraph 42, I say, a fair use determination that scanning entire books, making snippets available as a fair use is likely to thwart -may be expected to thwart the development of collective management system for digital uses of book excerpts and books because there will be that determination and then there will be other determinations that people will try to make, based on whatever the determination is made in this case -- there will be a period of uncertainty. Uncertainty is unlikely to be conducive to these new systems emerging rapidly. If you're an investor, that, to me, is just -I'm using a simple determination here that to have a collective management system, you have to have rights to license. Q When you say "thwart," do you mean to imply that there are waiting in the wings services that would develop if Google does not succeed in its fair use defense? A Well -Q That are only not visible now because there is no decision yet? A If I return to the settlement for a second, there were uses there that were well beyond snippet that Filed 08/26/13 Page 57 of 61 Google was interested in performing. It may have changed it's mind, that's entirely possible, I don't know. But at the time, those uses were possible. It would have been possible under the settlement. So there would have been an interest, apparently, in making those additional uses. That's one example of something that did not happen. It's also the case that if other players were looking at the situation, saying, Hey, we would like to do this same type of thing, they're probably thinking we're not going to do it because of the pending indeterminacy on the scope of fair use. Q Who are those other players? A I don't know. Q How do you distinguish what you just said from pure speculation? A Well, there's a limit between speculation and educated guessing. What I am saying is, there is -- I expect that there is a broader market for digital books out there, broader than just snippets. And that market seems to be thwarted in -- in the same way that there's this indeterminacy on the production of snippets, there is an indeterminacy on these other markets that would develop if we had a license. Q Okay. You say authors and publishers would Page 224 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 likely development. "Likely develop" does not refer to the search only license? A "Likely" refers to the three verbs that follow, so develop, join, or license. I think it's likely that authors and publishers would do one of these three things. Q They likely would -A Either develop their own system, join an existing system, or license a third party to develop a system. I think that the online availability of books beyond snippets, so not just snippets, is a desirable outcome, but I believe it should be licensed and, in appropriate cases, paid for. Q Okay. So develop, join, or license, no one's going to join a search only license because we don't know of any; correct? A I don't know that no one would ever join one. I just said I can't identify one. Q Is it your opinion that there likely will be a search only license if the court does not accept Google's fair use defense? A I believe it's in everybody's interest to have a system that makes available books and book excerpts in a way that allows authors to be paid, Google to monetize its investment in digitizing these books, and allowing 56 (Pages 221 to 224) A-1505 Case 1:05-cv-08136-DC Document 1075-15 Page 225 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 users access to those book excerpts. And so based on that, my appreciation, which hasn't changed since 1998 of how the market has evolved online, I believe that these users are desirable, and that the market is likely to make them happen. Hence, the word likely in Paragraph 42. Q When you say "likely," are you talking about full text display and full text availability? A Not necessarily. Book and book excerpts. Q How long are these excerpts? A This is not something that can be uniformly answered. So it may very well be that it will depend on each book and each book or author or publisher. It may very well be a case-by-case determination by the rightsholder in that case. Or it may not be. It may be a standard licensing term you were referring to the CCC which had the 20 percent upper limit on electronic course backs I think the market should be allowed to develop. Q So the excerpts, you don't know how long it would be. It might be book to book, author to author? A It might be. Or it might be a standard solution. It depends on the companies offering the service, how many competitors Google ends up having if this sees the light of day, et cetera, et cetera. There Page 227 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 226 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 are, admittedly, a number of unknowns but what is a known quantity is, at least in my opinion, the desirability of making books available online legally and in a way that allows authors to get paid. Q Desirability is going to be a function of cost at some level, isn't it? A Yes. Q So the excerpts you're talking about here, are these larger than snippets, or do you mean to include snippets? A I -- I did not consider snippet when I said book excerpt, but to me a snippet is, technically, an excerpt from a book. Q The excerpts that you're talking about here, are these tied to search or not? A Not necessarily. Q So in Paragraph 42, your conclusion, the collective management systems, include excerpts that are not connected to a search function, but are just posted? A It would include that, but it would also include search. You could find a book excerpt -- if you know for a fact that you need Chapter 3 of a certain book, is that a search, if you know exactly what you want? I would -- I'm not sure I would qualify that as a search, but there might very well be a market for making Filed 08/26/13 Page 58 of 61 available chapter 3 of that book and I know I want that chapter. And I download or otherwise access that one chapter, and the author gets compensated for that access. Q All right. Suppose I find that I want Chapter 3 by picking the book up in a library and browsing through it. Does the author get royalty when I do that? A When you browse a book in the library? Well, the library had to buy the book, in the first place, so to that extent, the author got paid for that. Q For my browsing? A For your browsing, under U.S. law, no, they don't. In certain countries they do, but not in the United States. Q So in your excerpts example, where I know that I'm going to use a full chapter of a book -A Yes. Q -- my process of browsing in the library to find the book is not a royalty bearing process; correct? A The royalty -- no. In the United States, browsing in a library is not something that entails payment of a royalty. But if you download the book excerpt, then you can work with it. You can annotate it, you can print it, you can do a number of things with Page 228 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 it that have value to the user that you cannot do with the library copy. Q Sure. I just want to take this one step at a time. So the browsing in the library doesn't generate royalty to the author in the United States. Does browsing in a bookstore enter into the royalty in the United States? A Browsing in the bookstore, no. Q And the excerpts, which may not may not connected to search, you don't know how large they would be in that -A I'm saying that excerpts can it be licensed independently of how long the excerpt is. There's a possible licensing transaction. I'm also saying I believe there's a market for excerpts of various lengths. If snippets are not fair use, there is a market for that, I believe. And I believe there's a market for more than snippets -Q Okay. A -- as in the electronic course back example. Q Let's focus on snippet. You said earlier, and we read in one of your articles, that are you not in favor of fair use? A As I defined it earlier in my testimony. 57 (Pages 225 to 228) A-1506 Case 1:05-cv-08136-DC Document 1075-15 Page 229 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q Are you in favor of word-by-word licensing of quotations by books? A As a general principle, I can't answer that question. I actually think there are cases where that may be appropriate. Word-by-word licensing is not a very common practice. I have not seen a lot of licenses. I don't think I've ever seen a license that counted the exact number of words, although I've seen licenses that identified excerpts. Q Like the Chapter 3 example? A Or smaller excerpts. Q The -- have you considered in your report the likelihood that if Google does not prevail in its fair use defense, a license would be created limited to the actual uses in this case? A That is a possibility. Q Unaffiliated with any additional making available of chapters or whole texts? A My educated guess is that this is a suboptimal result of the parties involved, so it is not most likely outcome, but it is a possible outcome. Q What methodology did you employ in reaching that conclusion? A I have answered that question at least twice. Q It's an educated guess? Page 231 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 230 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A An educated guess based on the interest of the parties, existing practices, the existence of an agreed settlement, though rejected by the court, and the other factors that I mentioned earlier in my testimony. Q Okay. The settlement -- and the reason I'm framing the question to focus on the actual uses -- you said that the settlement went beyond what we're actually now discussing; correct? A A future settlement? What you do you mean? Q I thought in your testimony you were referring to the settlement that the court had not accepted? A Yes, I was. That's what he said, a settlement. Q That pertained to things in addition to what the case is currently about? A The proposed settlement that was not accepted by the court would have covered uses beyond snippets as I read it. Q Okay. And so -- I just want to make sure I understand where your probabilities are coming from and how they've been derived. Your probability with respect to scanning and indexing and search doesn't rest on an existing license because you don't know of an existing license limited to scanning, indexing, and search; correct? Filed 08/26/13 Page 59 of 61 MR. SNYDER: Objection to form. THE WITNESS: I do not know a license limited to scanning, indexing, and search. But the rights involved are already aggregated, the rights that are necessary to make those snippets, and more, available. Q I was setting snippets aside. A Well, the search function, you've been doing that for the entire afternoon, separating the search from the snippet. But the search has to return something, and if it returns a snippet, it's very hard, in my mind at least, to separate the two entirely. Q Okay. We went through that the things that could be separated. I will add snippet in a moment. The probability of a snippet licensing market, meaning one-eighth of a page, roughly three lines, what existing practices limited in length, two, three lines, 1/8th of a page, are you using as a foundation for your probabilistic assertion? A Well, this is, first of all, very common among publishers to license short excerpts among one another. I don't know if it's limited to three lines. I also know that, as I said earlier, CCC licenses fairly short excerpts for reuse in the commercial context. And again, I don't have an exact number of words that they would have licensed in this way. But I -- I know for a Page 232 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 fact that they've licensed short excerpts for things like corporate newsletters, websites, and other uses of that nature. I don't think they called them snippets, but they resemble what you define as a snippet. So these are fairly short excerpts, so these markets exist. The rights involved mostly the right of reproduction. This right is already aggregated in a CMO, which is, in my mind, evidence that this could apply to snippets or beyond. Q The right of reproduction is the same right, whether it's a paragraph or a whole book, isn't it? A That is my exact point. Q So you cannot, using the right of reproduction, distinguish between reproduction of one sentence in one book. It's the same right? A It's the same right -MR. SNYDER: Objection to form. THE WITNESS: -- as per the statute, it is not the same, necessarily, for a CMO perspective. The CMO may have limits in its authority to license on the amount of the book. I don't -- I don't know that CCC does, but I know of cases where, you know, a publisher will specifically limit the amount of a book that can be licensed in a single transaction. 58 (Pages 229 to 232) A-1507 Case 1:05-cv-08136-DC Document 1075-15 Page 233 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 You know, those are -- those -- those things are -- are possible. They were negotiated based on these existing services that I have described earlier. But the right involved is the same. The owner of the right is known. The rights are aggregated so that it's fairly easy to go from the existing situation to a situation where Google's current uses are licensed and other uses that the parties might, I believe, find desirable, would also be licensed. Q All right. You mentioned two sources of your probability. One was that you said it's common for people to license excerpts for use in business environments? A I didn't say -- I said I am aware that CCC does that on a regular basis. I did not use the work "common," I believe. Q Okay. It's regularly done. Is that done in conjunction with search? A I don't know how the people who want to license a short excerpt from -- whether it's a newspaper article, someone found that article. Were they reading it on the plane. Did they find it online. I don't know how they find it. But they find it, and they want to license it for their newsletter or their website, and they get the right to do that. Page 235 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 234 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q But their licensing is reproduction for purposes of display or distribution? A I assume depending on what's in the website or a newsletter that the license might read differently. Q Okay. The question I'm asking is the examples you're referring to, is CCC licensing the paragraph that you put in your newsletter, or is it licensing you to create a search engine and render text searchable? A I have not looked at the license recently. My understanding is what they allow you to do is make a reproduction of the excerpt and then display it or distribute it, depending on the medium. Q And you say fairly short excerpts? A I have seen one paragraph. Now, whether that would correspond to three lines in a book, four lines in a book. One newspaper paragraph. How is that? I remember seeing at least one example of that. So, is that three lines in the book? Q Who is the licensor? A I don't recall, plus I believe that would be confidential. If I did recall, which I don't, which the company was at the time. But it was for their newsletter and a website. I remember that transaction. But I don't recall who the licensor is. Q Why do you remember it? Filed 08/26/13 Page 60 of 61 A Why do I remember it? I think it may have been something that came up in a meeting where they wanted -- somebody wanted to show us an example of this new licensing system that they had made available at CCC that I described earlier that the user point licensing, where it's actually not on the website of CCC, on the website of user. I think it was an example in a management meeting, but I do not recall which company it was. Q Do you remember what kind of text -- it was a newspaper article? A Newspaper article. Q Do you remember what fraction of the article? A Paragraph. Q What fraction of the whole article? A I do not recall. Q And that was not in conjunction with search? A I do not know how they found the paragraph. Q Sorry. CCC did not license the paragraph to enable a search function; they licensed it for inclusion of a bulletin or something like that? A For reproduction display or distribution, yes. Q The probabilities that a market would likely develop, to the extent they incorporate search and do not extend beyond snippet display, are there any other Page 236 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 examples that you can think of in the current practices that inform your thinking, that inform your -A The company -Q -- probability? THE REPORTER: I'm sorry. What was the last word? MR. McGOWAN: Your thinking. THE WITNESS: The company I mentioned earlier, icopyright.com, at the time I checked which was a while back -- by this, I mean, it would have been over a year or two ago -- but was precisely in the business of licensing short excerpts of digital content for online uses. But I did not review their website for the preparation of this report. BY MR. McGOWAN: Q I understand that. What I'm trying to do is find out in connection with ascertaining the method by which you derived your probability, your educated guess. I'm trying to find out what the closest case to Google Books is, and I want to include the search component in the base case because search is a component of Google books. And I want to know what the closest case you have examined to Google Books, including search, is? MR. SNYDER: Objection to form. THE WITNESS: I did not opine about search. I 59 (Pages 233 to 236) A-1508 Case 1:05-cv-08136-DC Document 1075-15 Filed 08/26/13 Page 61 of 61 Page 237 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 opined about reproduction of whole books and making snippets available mostly. I did not opine specifically about search. And what I am saying is, if the reproduction and the display of snippets are not fair uses, they can be licensed because this very much resembles the reproduction of books and book excerpts that is currently licensed by CCC, probably by icopyright.com and by RROs in 30 countries, at least now, worldwide. MR. McGOWAN: Let's take a short break. VIDEOGRAPHER: Off the record at 4:14. (Recess taken.). VIDEOGRAPHER: On the record at 4:31. BY MR. McGOWAN: Q Professor Gervais, with respect to the licenses that the Copyright Clearance Center has entered into with universities, do you know whether, as part of those licenses, the Copyright Clearance Center sometimes allows universities to scan content and make it available digitally for students to use? A I believe they do in their electronic course back service. Q Do you know whether, in connection with those licenses the Copyright Clearance Center requires universities to adopt specified security protocols Page 239 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 STATE OF CALIFORNIA ) ss: COUNTY OF SAN FRANCISCO ) I, STACEY M. DIODATI, C.S.R. #11925, a Certified Shorthand Reporter in and for the State of California, do hereby certify: That prior to being examined, the witness named in the foregoing deposition was by me duly sworn to testify the truth, the whole truth, and nothing but the truth. That said deposition was taken before me at the time and place set forth and was taken down by me in shorthand and thereafter reduced to computerized transcription under my direction and supervision, and I hereby certify the foregoing deposition is a full, true and correct transcript of my shorthand notes so taken. I further certify that I am neither counsel for nor related to any party to said action nor in anywise interested in the outcome thereof. IN WITNESS WHEREOF, I have hereunto subscribed my name this 18th day of June, 2012. _________________ Stacey M. Diodati Certified Shorthand Reporter Page 238 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 pertaining to that content? A At the time I was there, I believe they did. I do not know if they do that now. Q Do you recall what they were? A I recall that they had conditions imposed, but as I said, I was on the rightsholders side and international side. I did not deal with individual users. So I had with limited contact with users and with the contracts with users. Q You don't remember any specific terms? A No. MR. McGOWAN: That is all I have. Thank you for your time. MR. SNYDER: I have no questions. Thank you. VIDEOGRAPHER: This the end of Disk 3 of Daniel Gervais. Off the record at 4:33. THE REPORTER: Would you like a copy? MR. SNYDER: Yes. (WHEREUPON, the deposition of DANIEL GERVAIS was concluded at 4:33 p.m.) 60 (Pages 237 to 239) A-1509 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 1 of 79                                                 EXHIBIT 16 A-1510 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 2 of 79 Page 1 Page 3 INDEX 1 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ------------------------THE AUTHORS GUILD, INC., ) ASSOCIATIONAL PLAINTIFF, ) BETTY MILES, JOSEPH ) GOULDEN, AND JIM BOUTON, ) INDIVIDUALLY AND ON ) BEHALF OF ALL OTHERS ) SIMILARLY SITUATED, ) C.A. 05 CV 8136-DC Plaintiffs ) Volume: I vs. ) GOOGLE, INC. ) Defendant ) ------------------------- WITNESS DIRECT CROSS REDIRECT RECROSS 3 BENJAMIN G. EDELMAN 4 BY MR. GRATZ 6 5 6 7 8 EXHIBITS NUMBER PAGE 9 Exhibit 1 Expert Report of Benjamin Edelman 17 Exhibit 2 Whenu.com Emergency Motion 98 10 11 12 13 14 15 DEPOSITION OF EXPERT WITNESS, BENJAMIN G. EDELMAN, before Avis P. Barber, a Notary Public and Registered Professional Reporter, in and for the Commonwealth of Massachusetts, at the Harvard Business School, Baker Library, 25 Harvard Way, Boston, Massachusetts, on Thursday, June 14, 2012, commencing at 10:03 a.m. 16 17 Exhibit 3 Initial Expert Report of Doctor Benjamin Edelman Concerning Industry Practices and Activities of Valueclick 101 Exhibit 4 Expert Report of Benjamin Edelman 112 Exhibit 5 Document entitled "Google Toolbar Tracks Browsing even after User Choose Disable" 129 Exhibit 6 Search Engine Land, Blog Post, 131 1/26/10 18 19 20 Exhibit 7 Document entitled "Privacy Lapse at Google JotSpot" 137 Exhibit 8 Document entitled "Google's JotSpot Exposes User Data" 139 21 Exhibit 9 Declaration of Benjamin Edelman 143 22 Job No. 148413 PAGES 1 - 312 23 24 25 Exhibit 10 Supplemental Declaration of Benjamin Edelman 143 Page 2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Page 4 1 2 APPEARANCES: On behalf of the Plaintiffs: BONI & ZACK, LLC 15 St. Asaphs Road Bala Cynwyd, Pennsylvania 19004 By: Michael J. Boni, Esquire Tel: 610-822-0201 Fax: 610-822-0206 mboni@bonizack.com On behalf of the Defendant DURIE TANGRI 217 Leidesdorff Street San Francisco, California 94111 By: Joseph C. Gratz, Esquire Tel: 415-362-6666 Fax: 415-236-6300 jgratz@durietangri.com ALSO PRESENT: Jody Urbati, Videographer NO. 3 4 5 6 7 E X H I B I T S (Continued) PAGE Exhibit 11 Document entitled "The Online Economy: Strategy and Entrepreneurship" 156 Exhibit 12 Declaration of Benjamin G. Edelman 161 Exhibit 13 Document entitled "Advertisers Using WhenU" 164 8 Exhibit 14 Exhibit 1 171 9 10 Exhibit 15 Document entitled "Google Books Partner Program Standard Terms and Conditions" 213 11 Exhibit 16 Search Inside, Publisher Sign-Up 221 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Exhibit 17 Participating Authors' Reprint Agreement v2.0 228 Exhibit 18 Cooperative Agreement 267 Exhibit 19 Document entitled "NDA Never Existed" 270 Exhibit 20 Benjamin Edelman's Thesis 306 EXHIBITS RETAINED BY THE COURT REPORTER 1 (Pages 1 to 4) Veritext National Deposition & Litigation Services 866 299-5127 A-1511 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 3 of 79 Page 5 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 PROCEEDINGS THE VIDEOGRAPHER: Good morning. We are on the record at 10:03 A.M. on June 14th, 2012. This is the videotaped deposition of Benjamin Edelman. My name is Jody Urbati, here with our court reporter Barbara Avis. We are here from Veritext National Deposition and Litigation Services at the request of counsel. This deposition is being held at Harvard Business School in the city of Boston, Massachusetts. The caption of this case is the Authors Guild versus Google, Inc. Please note that the audio and video recording will take place unless all parties agree to go off the record. Microphones are sensitive and may pick up whispers, private conversations and cellular interference. At this time will counsel and all present identify themselves for the record. MR. GRATZ: Joseph Gratz from Durie Tangri, LLP in San Francisco for defendant Google. MR. BONI: Michael Boni from Boni & Zach, Bala Cynwyd, Pennsylvania for plaintiffs. THE WITNESS: Benjamin -- Page 7 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. You have an undergraduate degree and a Ph.D. in economics; is that right? A. Yes. Q. Do any of the opinions stated in your report apply economic analysis? A. I think they do broadly understood, yes. Q. How so? A. The report considers the incentives of various parties, the factors motivating them to act or not to act and the likely consequences of those incentives. Q. Are there any specific economic methods that are applied in your report? MR. BONI: Object to form. A. I'm not sure I understand what you mean. Q. What economic methods are applied in your report? MR. BONI: Same objection. A. My training and economics teaches me to understand and analyze incentives in considering the actions of any rational actor. That method of analysis of considering and applying incentives is applied throughout the Page 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: I'm sorry, and here representing the witness. THE VIDEOGRAPHER: Thank you. The witness will be sworn in and we can proceed. BENJAMIN G. EDELMAN, A witness called for examination, having been duly sworn, testified as follows: DIRECT EXAMINATION BY MR. GRATZ: Q. Good morning. A. Good morning. Q. Could you state your name for the record, please. A. Benjamin Edelman. Q. And you're an assistant professor at Harvard Business School; is that right? A. Yes. Q. Do you have tenure? A. No. Q. You have a number of degrees from Harvard; is that right? A. Yes. Q. Are any of those degrees in computer science? A. No. Page 8 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 report. Q. Can you tell me more about that method? MR. BONI: Objection to form. A. Well, you know I think it's pretty intuitive. It can be structured in a formal algebraic model when a particular situation calls for that approach. It can be studied empirically through large sample or small sample data when the context calls for that approach. It can also inform understanding and analysis without specific application of modeling or of large sample data analysis. Q. Did you apply any algebraic modeling in preparing your report? A. No. Q. Did you apply any empirical large sample data analysis in preparing your report? A. I wouldn't call it large sample data analysis. There are sections that draw on specific examples considered individually which probably is a better example of small sample data analysis. Q. And those are the particular anecdotes that you set forth in your report? 2 (Pages 5 to 8) Veritext National Deposition & Litigation Services 866 299-5127 A-1512 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 4 of 79 Page 9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. A. The particular examples that are detailed in my report, yes. Q. And do you extrapolate from those examples to reach conclusions that are more general? A. I interpret those examples in order to reach conclusions that are more general, yes. Q. By what means do you interpret those examples to reach more general conclusions? A. I'm thinking in particular of a section of my report about defects in other Google offerings and the security and design thereof. And I examine a series of such defects and conclude that defects are possible, indeed even likely, even for products coming from a company as esteemed and trusted as Google. So an argument from analogy, I suppose it's an existence proof. If one exists, then others could also exist. Straightforward, logical reasoning to my eye. Q. And the proposition that if one exists than others could also exist is an application of your training in economics? MR. BONI: Object to form. Page 11 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 not whether there are necessarily other needles in the haystack; is that right? A. I'm not sure. Looking at the specific examples can be quite informative and understanding the kinds of problems that occur, the frequency with which they occur, the probability with which they occur. Q. How can you determine a probability by looking at a single example? MR. BONI: Object to form. Mischaracterizes the testimony. A. At first you can draw inferences about a probability from a single example. If we saw that it rained on one out of five days, we could draw inferences about the probability of rain, even if those were the only five days in which we had ever experienced a particular city. We could say the probability of rain probably isn't 90 percent and probably isn't one one-thousandth of a percent. It's probably something closer to 20 percent, and of course with more data points you could draw a better inference. Q. And those are the types of inferences that you draw in your report? Page 10 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. You know, I think it's a principle that comes from multiple disciplines, training and mathematics, statistics, economics, logic, all the areas in which I have some training. And all of which speak to the same underlying logical principle which I don't think really requires all that much specialized training. Q. And that principle is that the existence of one example suggests that such an example is, at least, not impossible and there might be others. A. Precisely. If one thought there were no needles in a haystack, finding the first needle suggests there might be more. Q. It doesn't make it certain that there are any others; is that right? A. That's right. Q. And the only thing it tells you about the probability of there being others is that -strike that. The only thing it tells you about the probability of there being any needles in the haystack -- strike that. The only thing it tells you is about the existence of any needles in the haystack, Page 12 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. That method of analysis consistent with my training and my research and my background informs the conclusions drawn in my report. Q. That if something happens with a certain frequency, it's likely to happen with that frequency in the future? A. I wouldn't have put it quite as simply as that, but that looking at the past can inform inferences about the future. That much, absolutely. Q. Does that require economic analysis? A. I think economic analysis is quite useful, particularly in understanding the incentives that make it more or less likely that a given problem will or won't occur. Q. Does the existence of the issue in the first place inform you about what the incentive structure is? MR. BONI: Object to form. A. Sometimes it does. Sometimes seeing a specific example helps crystalize understanding of the problem. Ah, I see because of this problem, well, that resulted because of this incentive, and so the specific example 3 (Pages 9 to 12) Veritext National Deposition & Litigation Services 866 299-5127 A-1513 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 5 of 79 Page 13 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 really can help inform understanding. Q. Can you give me an understanding of such an instance? A. Sure. Q. Please go ahead and do so. A. In January 2010 I uncovered the Google Toolbar continuing to track user behavior, what web pages users viewed even after users had specifically disabled the toolbar, even after the toolbar had confirmed that it was disabled and even after the toolbar had disappeared from view, seemingly further confirming that it had ceased operation, but, in fact, it continued operation. It continued to track users' most sensitive online activities. That example helped me understand Google's incentive to collect the data at issue, users browsing. Namely, it was always in Google's interests to collect more data, the more data the better for reasons that Google well knows. Users, meanwhile, were most concerned about the appearance of their data being collected. What bugged users wasn't the actual collection but the knowledge that the data was Page 15 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Had it failed to collect any data someone at Google would have noticed that in a hurry; whereas, when it collected too much, that was something that the Google engineers were much less likely to notice. Q. Your master's degree is in statistics; is that right? A. Yes. Q. Do any of the opinions stated in your report apply statistical methods? A. As in our prior discussion, I think the report is grounded in the approach of statistics, in the analytical structure of statistics, but doesn't apply the formal methods of statistics; for example, the algebraic method of statistics. Q. What methods of statistics does your report apply? A. Hereto drawing on information from a sample, history, in order to make inferences about a larger population, that is, the future. That's the essence of statistical inference, and that's something that my report does repeatedly. Q. Does your report draw on any statistical methods that are different from the Page 14 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 being collected. Users really had no way to tell one way or the other whether or not the data was being collected. All they could tell was whether they thought the data was being collected. So the understanding of the incentives on both ends helped me understand the cause of this problem, how it came to be that Google allowed this defect to occur in quite a widely used product and how it came to be that users had failed to notice this defect, even when it had been extant for several months at that point. Q. This led you to the conclusion that Google had an incentive to cause its software to operate in that manner? A. At the very least, Google had little incentive to check for this defect or to prevent this defect. One could consider the opposite defect. Suppose the toolbar had failed to collect any of the data that Google wanted to collect. Would anyone have noticed that? Absolutely. Because the whole purpose of this data collection system was, in fact, to collect data. Page 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 economic methods we've already discussed? A. I don't always draw a crisp distinction between statistical methods and economic methods, but I think we've discussed the relevant methods of both of those disciplines. Q. You have a law degree as well; is that right? A. Yes. Q. Do you express any legal opinions in your report? A. No. Q. In your course work, did you take any courses dedicated to how to secure networked computers from intrusion? A. I did not take any such courses as a student. Q. Are you familiar with the certification known as Certified Information Systems Security Professional or CISSP? A. Yes. Q. What is it? A. It's a certification consistent with the name, purporting to certify the skills and background of a certified person in the area of 4 (Pages 13 to 16) Veritext National Deposition & Litigation Services 866 299-5127 A-1514 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 6 of 79 Page 17 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 information security. Q. Are you certified as a CISSP? A. No. Q. Do you hold any other certifications related to information security? A. Nothing comes to mind. MR. GRATZ: I'd like to mark as Edelman Exhibit 1, this document. (Report marked as Exhibit No. 1 for identification.) Q. Do you recognize this document, Mr. Edelman? A. Yes. Q. What is it? A. It's my expert report on this matter. Q. Turning your attention to Paragraph 1, you say, "My research focuses on the design of electronic marketplaces, including Internet advertising, search engines, privacy and information security. Do you see that? A. Yes. Q. Turning first to advertising, what Internet advertising systems have you done research on? A. I've written about a variety of Page 19 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 them to be labeled in a way different from the way they are labeled. Whether consumers can distinguish between advertising content and non-advertising content. Q. Did your research into advertising relate to information security as it relates to those marketplaces? A. In some instances, yes. Q. What instances are those? A. My understanding of information security in the context of advertising would certainly need to include whether an advertiser charged the right amount, whether their ads are placed in the correct places, whether they are given truthful information about where and how their ads performed. And I've written about all of those questions, including defects and shortfalls in those areas. Q. Have you ever written about intrusions into advertising systems by hackers? A. I have. Q. In what instances? A. I've written about a series of hackers, fraudsters of multiple sorts who have taken money from advertisers, money that they Page 18 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Internet advertising systems, including search engines and their paper click advertising platforms, display advertising systems, and display advertising exchanges, affiliate marketing, listing services, for example, real estate listings, apartment rentals. There probably are some more online advertising that permeates my writing of the last decade. Q. What aspects of Internet advertising systems did you research? MR. BONI: Object to form. You can answer. A. My best known academic article explores the game theory of online advertising and search engines, how much to bid, assuming that the rules are structured in a particular way. I've written about fraud in advertising marketplaces, whereby advertisers are overcharged. I've written about fraud, whereby consumers are deceived, where an advertisement offers something other than what it purports to offer. I've written about advertisement labeling, whether advertisements are labeled as such, whether applicable legal doctrines require Page 20 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 were not entitled to according to any applicable contract. I've written about the methods whereby they did so, the computer code that allowed them to take the money, and the methods that I used in order to catch them, the proposed remediation of this problem, both in the short run, how to get the money back, and in the long run, how to make sure that it doesn't reoccur in the future. Q. The code that you spoke of in your previous answer, did it result in intrusion into any computer systems? A. Yes. Q. What computer systems are those? A. The advertising tracking systems of the victims of the respective frauds. Q. And how were those systems intruded upon? A. Well, it varies from example to example. In one example that I'm -- that I'm thinking of the intruder caused other people's computers to connect to the victim's computer in a way that caused false records to be created as to the supposed efficacy of an advertising system that, in fact, wasn't working at all, but 5 (Pages 17 to 20) Veritext National Deposition & Litigation Services 866 299-5127 A-1515 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 7 of 79 Page 21 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the intrusion caused records to indicate that the system was working quite well and caused the advertiser to pay actually in the millions of dollars of unearned commission payments. Q. Have they hacked into the tracking system itself or merely caused other computers to make false reports of ad impressions? MR. BONI: Object to form. A. I'm not sure I know what you mean by the word "hacked" in that context. Q. Had they gained access to the -strike that. In the instance you're discussing, had the fraudsters gained access to confidential information on the systems of the ad network, and by that I mean stored on the servers operated by the ad network? A. In the example that I described, no confidential information was involved one way or the other. Q. It was a situation in which the fraudsters were causing third-party computers to make false reports to that ad tracking system; is that right? A. That was one aspect of the problem. Page 23 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. No. Q. Were the fraudsters operating a server? A. Yes. Q. And that server communicated with third-party computers? A. Yes. Q. And the communication between the third-party computers and the server caused those third-party computers to make reports to the ad network; is that right? A. Yes. Q. And that was the method by which the fraud was achieved; is that right? A. That's the essence of it. Q. And it was because those false reports were made that the fraudsters were able to make millions of dollars; is that right? A. That was one of the necessary steps, multiple lines of causation, of course, necessary to get such a large check. Q. Sure. They had to actually write the check. They had to not have it caught by the fraud systems and so on? A. Among others, yes. Page 22 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. What were the other aspects? A. The fraudster was causing the ad tracking system to believe that the advertisements had been delivered and had caused purchases to occur, when, in fact, neither of those was the case. Q. How did they achieve that? MR. BONI: Object to form. A. That was achieved by a set of computer codes using multiple programming languages, at least one server, multiple client computers and the victim's server all operating in concert in a way directed by the perpetrator in order to cause the false records to be created. Q. Did the fraudsters have control of the ad networks server? A. I don't know what you mean by "control" in this circumstance. Q. Did the fraudsters gain information from the ad networks server? A. I don't think the fraudsters wanted information so much as millions of dollars which they did gain successfully. Q. Was this a Botnet? Page 24 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Any other instances in which your research on advertising has related to information security? A. So of course, there are other examples in the realm of advertising fraud of which I've just given you one. A big one with a large amount of money at issue and a criminal indictment and so forth, but there are others very much in the same vein. Q. In which the fraudsters are causing false reports to be made to advertisers or advertising networks; is that right? A. Broadly understood, yes. Q. What peer review publications resulted from your research on Internet advertising systems? A. The best known is my American Economic Review article as to the gain theory of sponsored search auctions. There are various others, I believe each of them listed on my CV. Q. Is your research on Internet advertising a basis for any of the opinions in your report? A. Not specifically. In some areas probably what I've learned about Internet 6 (Pages 21 to 24) Veritext National Deposition & Litigation Services 866 299-5127 A-1516 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 8 of 79 Page 25 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 advertising informs my understanding of other information security matters and other matters detailed in my report. Q. In what way? A. For example, information in electronic form can be copied, often quite easily and at minimal cost. A gives it to B, B gives it to C, and the chain can continue more quickly and more easily and more accurately in electronic form than, for example, on paper. I've seen that in spades in online advertising where the supply chain between an advertiser and a publisher can have literally a dozen intermediaries all made possible by the low cost of electronic copying. That's broadly at issue in this case also and comes up in my report in several areas. Q. Are there any other ways in which your research on Internet advertising systems forms a basis for any of the opinions in your report? A. I'm just not sure. I could reread the report with an eye to that question. I considered the totality of my experience and research, professional activities and so forth Page 27 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 engines was about certain results that were systematically missing in certain countries. So you'd go to the French version of Google, and there would be some sites that would never come up. Sometimes sites with terrible content that might even be unlawful in France and sometimes sites that seemed pretty unremarkable but strangely would be missing nonetheless. Other articles about quote unquote bias, that is, the systematic favorable treatment of some sources or some viewpoints relative to others, methods of evaluating whether such bias exists, preserving proof, drawing comparisons and drawing inferences between search engines on that question. Q. Anything else? A. I believe I've written about privacy on search engines, about privacy of records of users' activities. Q. Anything else? A. The size and prevalence of advertising on search engines, other changes to the layout, structure of visual presentation of search engine results, the interaction between Spyware and Adware on users' computers and Page 26 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 in drawing the conclusions that are in the report. Q. Nothing else, specifically, comes to mind right now? A. Not right now. Q. The second item you mentioned is search engines. What search engines have you done research on? A. I've looked at a variety of search engines. I spent most of my time looking at Google's practices, and Google is, of course, the largest and most popular search engine in most countries. I've also looked at Yahoo. I've looked at Bing and its predecessors. I've looked at Ask.com. I've looked at AOL. Various others whose names aren't familiar to the typical American consumer, but whose practices I've also examined. Q. What research did you do relating to search engines? A. I've written a variety of articles about search engines. I've written about the labeling of advertising on search engines. I've written about the patterns of which results appear where. My first article about search Page 28 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 search engines, search engine results. Q. Anything else? A. There probably are some more aspects of search engines that I've written about. Q. Do they come to mind? A. Not right now. Q. Did any of your research relate to the security of search engines against attacks from hackers? A. Some of it, yes. Q. What research is that? A. For example, the research on Spyware and Adware speaks to security issues on multiple levels, security of the users' computers as against the Spyware and Adware that have some effects, potentially harmful effects, and security and integrity of the search engine result page to present results in the order and format that the search engine intended, rather than in some modified presentation, modified in large part by the Spyware or Adware. Q. The security issues you described in your previous answer are security issues that relate to the security of an Internet user's computer rather than to a server; is that right? 7 (Pages 25 to 28) Veritext National Deposition & Litigation Services 866 299-5127 A-1517 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 9 of 79 Page 29 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. A. I guess I don't think of it quite that way. Q. Are you aware of any instance in which Spyware or Adware has been installed on a search engine's server? A. I guess I wouldn't use those terms to describe the kinds of problems that I've been looking at. Q. Are you aware of any situation in which the data being served by a search engine's servers has been affected by Spyware or Adware? A. I'm aware of many instances where the data served by a web server has been affected by software installed onto the web server. Whether that has occurred with search engines specifically, I'm not sure one way or the other. Q. You don't know of any such instance? A. I guess it wouldn't usually be via the mechanism of spyware or adware. If one wanted to influence the results shown by a search engine, there would be other ways to make that influence, but typically one wouldn't use the words Spyware or adware to describe those practices. Page 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 search for a map, if you typed in Boston map into Bing, I would expect that a map would appear, and that it would be a Bing map, and that there's a software program installed into the Bing server that causes that Bing map to appear. Q. And that software was installed with the authorization of the operator of that server; is that right? A. That's right. Q. Are you aware of any instance in which search rankings have been modified by software which was installed without the authorization of the operator of the search engine? A. I've perceived some ambiguity in your question which makes it hard for me to answer. Q. What's ambiguous about it? MR. BONI: Object to form. A. Why don't you just restate the question. Q. Sure. Are you aware of any instance in which someone other than the search engine has been successful in installing software on a search engine's server for some purpose that was Page 30 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Are you aware of any instance in which a party seeking a higher search engine ranking has been successful in installing software on a search engine's servers to achieve that goal? A. Yes. Q. What instance is that? A. Google, itself, in order to grant its own services preferred ranking installs software onto its own search engine in order to achieve that goal. Q. Are you aware of any other such instances? A. Yes. Q. What instances are you aware of? A. I think other search engines also typically do that to favor their own services and their partner services and their prospective partner services and others consistent with their business objectives. Q. Does Bing do that? A. In some areas they do. Q. What areas are those? A. Well, I need to look at specific searches, but, for example, if you were to Page 32 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 not authorized by the search engine? MR. BONI: Object to form. A. Well, the notion of installing software onto the server has multiple levels. Certainly, providing data to a server that the server then processes, it's quite routine for publishers to provide data to a search engine in hopes that the search engine process it in a way that provides the publisher with preferred listings. And it's quite routine to do that with predictable consequences; namely, obtaining the preferred placement that is sought. That happens, sadly, every day. Q. What is the nature of the data that you referred to that's sent to the server in your previous answer? A. Well, it's computer code. It's interpreted by the server. Is it executed by the server? I guess it depends. Some of the code actually does have to be executed in order to have meaning because it doesn't have any meaning until it is executed. It can't stand alone. Q. What programming language is that data written in? 8 (Pages 29 to 32) Veritext National Deposition & Litigation Services 866 299-5127 A-1518 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 10 of 79 Page 33 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. It can be written in multiple languages. Classically, it would be written simply in HTML. More recently it would often be written in JavaScript, in Flash. It could be written in a variety of other languages also. Typically, a modern search engine would nonetheless be able to receive that computer code, execute it, interpret it and draw conclusions about its implications. Q. And the code that you're talking about is code that someone would post on their website in order for the search engine to download and index or otherwise -- or otherwise use; is that right? A. That's one way it could happen. Q. What are the other ways? A. One could provide that code solely to the search engine and not to anyone other than the search engine, and indeed I've found examples of that and have written about that. In fact, was invited to the Google campus for the first time after I had found a particularly notable example of that. Q. And that is a situation in which a web server operator would give a different Page 35 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the search engine ranking for some other website or increase the search engine ranking for some other website; is that right? A. Those are other common objectives. Q. And the way that they're trying to do that is by providing input to the search engine that the search engine will interpret in a way that causes it to give that page a higher ranking, for example; is that right? A. That's one common strategy. Q. They're not changing the algorithm that's used to rank web pages; is that right? A. The examples we've been discussing so far don't change the algorithm. Q. Are you aware of any instance in which a hacker has been able to change the search engine's algorithm. A. Yes. Q. What instances are those? A. Google engineers last year fed systemically deceptive, maybe false data, to Microsoft's search engine in an attempt to sabotage Microsoft search engine and cause it to display results that were nonsensical and purportedly incriminating. Page 34 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 response to a request coming from a search engine than coming from some other user? A. That's right. Q. And that response would be in the form of sort of the elements that would otherwise make up a web page like HTML, JavaScript, CSS and so on? A. Yes. Q. Are you aware of any instance in which the way in which the search engine operates has been able -- has been able to be modified by code that was downloaded from a website that search engine was attempting to index? MR. BONI: Object to form. A. I perceive some ambiguity in the phrased way in which the search engine operates. Q. The point of these web pages that are served just to the search engine is to try and get a higher search engine ranking for that website, generally; is that right? A. That is a common objective. It's not the only objective, but it probably is the most common. Q. It might also be to try and reduce Page 36 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Could you tell me more about that? A. Google engineers believed correctly that Microsoft Internet Explorer and certain Microsoft toolbars when configured with certain optional advanced features would track users' clicking on results both at Microsoft's search engines and other search engines such as Google in order to draw inferences about developments of particular results to particular queries. Google engineers on multiple computers, all off of the Google campus, rather in the engineers' residences, intentionally provided false data to Microsoft in order to contaminate the data collected by Microsoft in order to demonstrate that this feature was working exactly as Microsoft had stated that it would work and exactly as Microsoft had intended it to work. But by providing false data, they were able to push the algorithm towards results that were, in fact, nonsensical, thereby in Google's view and the view of these staff persons in some way demonstrating the impropriety of Microsoft's activities in this regard. Q. Do you think that was wrong? 9 (Pages 33 to 36) Veritext National Deposition & Litigation Services 866 299-5127 A-1519 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 11 of 79 Page 37 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I'm not sure. Q. What factors go into that answer? MR. BONI: Object to form. A. Well, on one hand, it's fair game to do what you want on your own computer in general; to install software, run searches and click results. One wouldn't think that by taking those steps with nothing more one had done anything improper. All of these searches were actual searches run by people, not by robots or automation. The results were clicked again by people not by robots or automation. Where I thought Google went the most astray was in their interpretation of what occurred. Had Microsoft done anything wrong? Google says they had. Google says that Microsoft shouldn't have collected this data. That even when users granted permission for Microsoft to collect the data, the permission wasn't the users' permission to give. Only Google can grant the permission for this data to be collected or so Google would have us believe, according to Google's statements on the subject. And there I'm not so sure that's a notion of two-party consent that, I think, just isn't Page 39 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I'm not sure. Q. Are you aware of any instance in which the operation of a search engine has been modified by hackers other than the instance in which you just described? A. Yes. Q. What instance is that? A. I'm aware of a series of instances whereby hackers have intentionally sent clicks, either genuine clicks or fake clicks in order to inflate the apparent click-through rate of particular algorithmic results and particular advertisements in order to influence search engines' decisions about which algorithmic results and which advertisements to display and in what order to display them. Q. So by appearing to interact with the search engine as if they were search engine users, but, in fact, intending to manipulate the search engine itself, these hackers were able to change the internals of the search engine in that way? MR. BONI: Object to form. A. They were certainly able to change the order in which results appeared and which Page 38 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 grounded in any principle, regulation, law or other such authority in this area. Q. So the thing that Microsoft had done that Google said was inappropriate in your view, Google was not correct in their -- in their assessment? A. I'm sorry. I got a little bit muddled about who thought what. Q. Sorry. Do you think that Google was correct in their assessment of what Microsoft had done? A. I think they were correct on the facts of what data Microsoft had collected and how Microsoft had analyzed it. Q. Are you aware of any -- actually let me ask another question. Did the Bing search ranking algorithm change the result of Google's actions? A. I'm not sure. Q. Are you aware of any instance in which -- actually, strike that. Did any internal portion of the Bing search engine other than, of course, its index of all of the websites that it had indexed change as a result of Google's actions? Page 40 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 results appeared. You asked about the internals of the search engine. I'm not so sure about that, but it seems to me that the essence of the search engine is the output, and so if they were able to change the output, I think they were probably content with that. Q. But you don't know of any changes that have ever been made other than to the output as a result of hackers attempting to intrude upon search engines; is that right? A. As to hackers attempting to intrude on search engines, I know about some changes other than -- well, I know about some actions taken other than changes to the output. Q. Actions taken by whom? A. By the hackers. Q. What actions are those? A. It was reported in public news sources, I believe cited in my expert report that the Chinese hackers or suspected Chinese hackers who intruded into Google systems one to two years ago obtained access to source code, including obtaining the ability to change source code. Whether or not they used that ability, news coverage indicated that they obtained that 10 (Pages 37 to 40) Veritext National Deposition & Litigation Services 866 299-5127 A-1520 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 12 of 79 Page 41 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ability. And that would be an action taken other than the action of changing result ordering. Q. Do you know whether those news reports were accurate? A. I think there were multiple indicia of accuracy. Q. Do you know what source code was accessed? A. I don't recall specifically. Q. Do you know whether that source code had anything to do with books? A. I'm not sure. Q. Do you know one way or the other? A. I think the source cited in my expert report probably could tell us in short order, but I don't recall sitting here today. Q. What is the source cited in your expert report? A. Shall I flip to it? Q. Sure. I'll direct your attention to the top of page 8, the bottom of page 7. A. Great. So you've directed my attention correctly first as to the indicia of the liability. Footnote 18 cites the official Page 43 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you recall one way or the other whether that cited article discusses whether those responsible for the intrusion discussed in the blog post or the intrusion discussed in Paragraph 35 gained access to Google's source code? A. I don't recall. Q. Do you know whether the McAfee report mentions Google at all? A. I think it does, but I'd want to go and look at it again. It seems like the easier way to answer your questions would be to review the document itself. Q. So you don't have a recollection as to whether the document cited states that hackers had specifically sought access to the source code for Google systems and that hackers had obtained the ability to alter the source code for Google systems? A. That quoting verbatim from my expert report when I wrote that sentence of my report, I reviewed the McAfee document at issue and summarized it in that sentence, and I believe the summary is accurate as written. Q. But you don't remember whether that Page 42 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Google blog and a statement from none other than David Drummond. So if David says it is so, I think that's a good prima facia reason to think that it is. Secondly, the analysis by McAfee, one notch removed from Google to be sure, but with the defensible methodology grounded in data that they obtained from multiple sources, and McAfee's trustworthiness I think requires no further elaboration. Look, if McAfee says that this is what happened and no one rebuts it, I think that's a pretty good reason to believe that it is so. Q. Does the statement from David Drummond that you cite in this report discuss whether the hackers had access to source code? A. It does not. Q. Does the McAfee Labs blog post that you cite in your report discuss whether hackers had access to Google's source code? A. I think the report does discuss it. Footnote 19 gives you the URL to the full original report. I'd want to review it further before attempting to opine on exactly what it says. Page 44 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 document mentioned Google at all? MR. BONI: Object to form. A. I think it did. It's just that the fact that you ask about it in that way suggests maybe you think it didn't, and rather than speculate sitting here, I'd just take a moment to go back and read the document to find out one way or the other. Q. Maybe we'll do that later today. What peer review publications -- actually strike that. Other than the instances we've discussed, that is, attempting by interaction with the search engine by its ordinary interfaces to modify search engine rankings or by the intrusions described in Paragraph 35 of your report, are you aware of any other intrusions into search engines? A. Yes. Q. What intrusions are those? A. First, I'm not sure that I'd describe the actions of Google engineers using the toolbar manipulation as the ordinary interfaces. There's some of that that's ordinary, and there's some of that that's quite extraordinary. 11 (Pages 41 to 44) Veritext National Deposition & Litigation Services 866 299-5127 A-1521 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 13 of 79 Page 45 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Putting that aside, I'm aware of other instances in which website publishers have managed to modify the operation of search engines in ways not yet discussed. Q. And did they do that by manipulating the data that their own web pages sent to the search engine's crawler? A. In the example I'm thinking of right now, yes. Q. Do you know of any instances in which that -- a different method was used? A. Yes. Q. What instance is that? A. Some search engines including Google search engine obtain a portion of their data, not by a crawl but by a data feed, a particular document using a particular pre-agreed structure that provides particular information in a particular format. And through certain methods pertaining to the data feed, putting data in a particular format, it's possible to manipulate the results obtained by that data feed collector in order to alter both the substance of the results that are displayed and the format of the display. Page 47 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 intrusion that you're discussing right now; is that right? A. No. I had in mind a different kind of intrusion. Q. What did you have in mind? A. It's possible, at least historically has sometimes been possible, to produce an invalid syntax in your data feed such that the very attempts to process your invalid data feed can corrupt either the data stored in the search engine servers or the method whereby the search engine presents results to users causing something else altogether to appear when a user runs a search. Q. What search engines have been the victims of that type of attack? A. I think multiple search engines have been the victims of that kind of attack. Q. Can you list the ones that you know of? A. I can't recall specifically. They're not the big five U.S. search engines. Q. And by providing data in a corrupted form to these search engines, the fraudsters were able to manipulate the results or change Page 46 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Is that data feed known as a site map? A. A site map is an example of a data feed, but that's not what I was thinking of, specifically. Q. What were you thinking of? A. I was thinking of a product data feed. Q. What's a product data feed? A. Typically, it's a list of products usually accompanied by descriptions, pricing availability, perhaps images, other such details. Q. That's information that a search engine takes in in order to know what products are offered by a particular website; is that right? A. That's right. Q. And by manipulating the data that's given to the search engine you might be able to appear to have products you don't or appear to have products with different qualities than your actual products; is that right? A. Among other benefits. Q. And that's the -- that's the type of Page 48 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 them in some way? A. Yes. Q. Were they able to gain root access to the search engine's servers? A. I don't think they sought root access to the search engine's servers. I don't know whether they were able to obtain it. Q. Are you familiar with the term "root access"? A. Yes. Q. What does root access mean? A. Typically, the term "root access" is used to refer to an operation mode of a computer system where it's possible to change any aspect of the computer system without any limitation whatsoever. Q. Are you aware of any situation in which an outside intruder has been able to gain root access to a search engine's servers? A. I'm not aware one way or the other. Q. What peer review publications have resulted from your research on search engines? A. Can I flip through the CV? Q. Sure. A. Be quickest that way. So that papers 12 (Pages 45 to 48) Veritext National Deposition & Litigation Services 866 299-5127 A-1522 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 14 of 79 Page 49 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 previously discussed as to advertising, many of them are as to search engine advertising and thus fit dually. For example, the first three under the heading "Representative Research" all are as to search engine advertising. Others in this list also as to search engine advertising, the article about typo-squatting is about a particular place where advertisements can be placed via a search engine onto other sites. If there's an element of advertising, there's an element of search engines. The article titled "Adverse Selection" and "Online Trust Certifications" in search results contains quite an extended discussion of the trustworthiness of certain search results. The "Rustlers and Sheriff's" piece considers certain practices at search engines. Internet filtering in China discusses the filtering of certain search results, advertising disclosures, label search engines. It continues. There are quite a few. Q. Is your research on search engines a basis for any of the opinions in your report? A. I think it is generally, yes. Page 51 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 my writing in this area began with an instance in which Buy.com, a popular online retailer, was mistakenly publishing the names, street address and phone number of every customer who had ever made a product return to Buy.com. That was an error, a breach of their privacy policy, which to they credit, they corrected after I brought to their attention. I've uncovered other privacy errors, instances in which the Google JotSpot service was sharing documents specifically contrary to users' instructions to JotSpot. You tell it not to share your document with anyone, and they share it anyway. And a problem that was corrected by Google somewhat after I brought it to their attention. Q. Did any of your research on privacy relate to security against computer intrusion? A. I think of privacy and security as two sides of the same coin. Privacy is security of your private information, and so I would say that all of the privacy matters relate to security. Security from what? Security from viewing, security from intrusion, broadly understood. Page 50 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. How so? A. My work on search engines explores the operation and incentives of interconnected systems the way that the systems can be used and have been used and the consequences of that use. Q. What does that have to do with the opinions you set forth in your report? A. My report discusses the way that certain books search services can be used and what's likely to happen if they are used in that way, which is informed by the way other online systems that are already more broadly in use, the way that they have been used and what has happened there. Q. So they influence your opinions in that that which has happened already to search engines may happen to book search engines in the future? A. That's right. Q. The next area of interest or research that you mention is privacy. What research have you done on electronic privacy? A. I mentioned one article as to the Google Toolbar privacy problems. I've written a series of other pieces about privacy. I think Page 52 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you draw a distinction between unauthorized access to computer systems and malfunctioning computer systems that disclose private information? MR. BONI: Object to form. A. I certainly draw a distinction between systems that are malfunctioning versus systems that are functioning in the way that their designers intended. Though, of course, figuring out what their designers intended and whether a malfunction has actually occurred can sometimes be difficult. I'm not so sure about the specific distinction that you raise. Maybe you could rephrase it, and I could give you a better answer. MR. GRATZ: Let's change the tape. THE VIDEOGRAPHER: The end of Tape 1. Off the record 11:03 a.m. (Brief recess.) THE VIDEOGRAPHER: Here begins Tape No. 2 in today's deposition of Benjamin Edelman. Back on the record 11:09 a.m. Q. Mr. Edelman, when you refer to security, you're speaking broadly of everything from avoiding intrusions into computer systems 13 (Pages 49 to 52) Veritext National Deposition & Litigation Services 866 299-5127 A-1523 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 15 of 79 Page 53 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to steal confidential data to ensuring that the data collected by websites is fully disclosed to users; is that right? MR. BONI: Object to form. A. I wouldn't ordinarily say that disclosing information collection practices falls within security. I think it does on a broad understanding of security, but I probably wouldn't have used the term that way in the ordinary course. Q. In your report when you discuss security, are you applying the broad -- the broad view of security you mention in your last answer or some narrower view? A. In general, I think I'm applying a slightly narrower view than the -- than my last answer and then the question that preceded my last answer. Q. What scope of the term "security" do you apply in your report? A. When I use the term "security" in the report, I begin with notions that attach to changing the underlying code of the computer system; for example, obtaining root access and the benefits associated with that, but I Page 55 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 engineer intended, that the telephone rings when it is called, and yet in a way quite contrary to what the user intended, probably even contrary to what the phone company intended, at least in a marketing sense when they touted the benefits of obtaining a telephone to your residence. Q. And that is encompassed in the use of the term "security" as you use it in your report? A. The analog in an information system is encompassed. Q. What is the -- sorry, I don't mean to interrupt. What is the analog in an information system? MR. BONI: Why don't you ask the question and let him answer the question. You were in the middle of an answer, but let's make sure we're clear on what the question was. So that you can answer it. You want to read back the last question, please. (Last question read back.) Q. Are prank calls in the middle of the night encompassed within the term "security" as you use it in your report? A. I think prank calls may not be the Page 54 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 definitely also include taking advantage of the computer system working in exactly the way that it's installed or operator intended. So for example, Frank calls in the middle of the night calling your telephone over and over when you're trying to sleep. That's not a malfunction of the telephone. The telephone is working exactly as intended when someone calls you, the ringer activates and makes a sound. And yet from your perspective, your telephone is quite insecure because it keeps waking you up when you're trying to sleep. So too in the context of obtaining information online. If a large amount of information can be obtained perhaps piece by piece, that could be an example of a lack of security. Q. What security issue is presented by prank calls in the middle of the night? I'm asking in what sense is that a security issue? A. One wouldn't ordinarily use the word security to describe the freedom from being awoken by the telephone. The sense in which that example is helpful is that it gives an example of a system working exactly as the Page 56 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 most helpful example in understanding what I mean by the word "security." But a very similar example actually may be more helpful; Spam e-mail, unsolicited commercial e-mail, is an example of the e-mail system on one view working completely reliably. The Spamer sends you 4,000 e-mails, and your e-mail program displays to you 4,000 e-mails. It's working perfectly, a hundred percent, and yet from your perspective as a user, your e-mail is quite insecure. It has been clogged up by the Spamer, and then the important message from your friend or associate is buried under the mountain of Spam. So I would use the word "security" to describe that problem and that concern. Q. And that category of concern and that scope of security is -- strike that. That's the scope of the term "security" that you use in your report? A. That kind of problem, a system that works maybe too well, that works in a way different from what the marketing folks intended, yet consistent with what the engineering folks intended, that's an example of something that I believe does fall within the 14 (Pages 53 to 56) Veritext National Deposition & Litigation Services 866 299-5127 A-1524 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 16 of 79 Page 57 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 meaning of the word "security." Q. Is your research on electronic privacy a basis for any of the opinions in your report? A. It is. Q. What opinions are those? A. I have opinions on the difficulty of securing access to information, of limiting access so that particular users can obtain particular information in particular circumstances, but not other information in other circumstances. Those are questions and concerns that arise often in the context of privacy and also arise in the context of the book services here at issue. Q. What has your research into privacy shown you that you relied on in forming your opinions in your report? A. First, my research into privacy has shown me just how difficult these challenges are, that even excellent companies with capable engineers and diligent managers sometimes fail to achieve what they set out to achieve. They make mistakes, frankly. These are difficult areas where perfection is unlikely and not often Page 59 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 systems other than the example you gave of setting the information on fire and never looking at it again, what infor -- electronic information storage systems do not present that difficulty? A. For example, information that is freely available to the public in unlimited quantity and without restriction, the U.S. government printing office allows you to obtain the U.S. code in whatever quantity you want as often as you want, free of charge. They face minimal need to restrict access to the information that they provide. Even ordinary Google search, you can run as many searches as you want and no great harm results if you run too many searches. The operators of the search service might try to figure out if you're a robot, and if you are, they might try to stop you from running searches, but if they fail to stop some robots some of the time, no great harm results. So those are much lower stakes games. Q. Is there an index underlying the Google search service? MR. BONI: Object to form. Page 58 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 seen. Second, my work on privacy has distinctively shown the difficulty of securing information so that some people can get some of it some of the time, but not everyone can get everything all of the time. I suspect it wouldn't be hard to design an information system for which no one can get information ever. Step one, set the information on fire. Step two, wait for the fire to consume it completely. The end. That would be straightforward actually. I think we could run that system so reliably that it would operate with a very, very high level of performance. On the other hand, securing the information so that only some people can get it or people can only get part of it, requires engineering decisions that are actually quite a bit more difficult. Q. Is that a task that is undertaken by every electronic information storage system? MR. BONI: Object to form. A. I wouldn't say every electronic information storage system undertakes that task. Q. What electronic information storage Page 60 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. My understanding is that there is an index underlying the Google search service. Q. And one can by running searches query that index at least in part; is that right? A. Yes. Q. Are you aware of any instance in which the entire Google search index has been acquired by an outside party? A. I'm not aware of any instance in which an outside party has obtained the entire Google search index. Q. So in that sense, Google has been successful in permitting access to certain information under certain circumstances and not to a bulk download of the whole; is that right? A. I don't think that the facts just discussed supported the conclusion in your last question. Q. Why not? A. There have been instances in which users have used the Google search service to obtain more information than Google intended to provide and use that information even for harmful purposes. So the fact that Google managed to prevent any single person from 15 (Pages 57 to 60) Veritext National Deposition & Litigation Services 866 299-5127 A-1525 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 17 of 79 Page 61 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 obtaining all of the information doesn't mean that the system is working as well as your last question suggested. Q. Google has successfully permitted access to certain information and not other information with respect to its search service; is that right? A. You know the word "successful" is tricky. When an editor at CNET obtained the home address and charitable contributions of the then CEO of Google, Google, using the Google search tools, Google responded in quite a negative way, including banning that publication from interviewing any Google staff for a full year. So that seems to be an instance wherein Google thought that its own search service had either malfunctioned or had been abused by someone who had taken advantage of the search engine providing more information than it should have provided. Q. Did the search engine malfunction in that instance? A. In my view it did not. In my view it functioned exactly as the engineers intended. Page 63 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I probably wouldn't have used the phrase "security breach" to characterize that occurrence. Q. Are you aware of any instance in which Google's search ranking algorithm has been made public? A. I'm aware of some instances where a portion of -- portions of the algorithm, specific decisions and specific circumstances have been made public. Q. That's because they had been deduced by looking at the results of searches; is that right? A. That's one way, but it's not the only way. Q. Had they been acquired by intruding into Google's servers? A. I'm not sure. It's possible that some have, but I don't have any examples of that in mind. Q. You don't know that that's ever happened? A. I don't know that anyone has ever obtained information about algorithms by, for example, obtaining root level access as Page 62 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Did the search engine provide any information in that instance that its technical design indicated that it should not provide? A. I don't think so. Q. That was an instance in which the search engine provided information that had been indexed from a third-party website; is that right? A. At least in part. Q. And the information, the presence of the information on a third-party website was that which was objected to rather than the fact that Google search engine had made that information able to be found; is that right? A. I'm not quite sure what -MR. BONI: Object. A. -- Google objected to in that circumstance. Q. Do you think that that was a security breach -- strike that. Do you think that the instance in which a Google employee's home address was able to be found from a third-party website using the Google search engine was a security breach? MR. BONI: Object to form. Page 64 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 discussed. Q. Would you agree with me that the Google search engine is not -- strike that. Would you agree with me that the Google search engine is a way of allowing people to get access to some but not all of the information that Google stores? MR. BONI: Object to form. A. Certainly there's some information that Google stores that you can't access using the Google search engine. You can't access Google's internal payroll data using Google search engine, and yet that is data that Google stores. So does the Google search engine provide access to some but not all? Yes, it provides access to some but not all. Q. And there are some search results that would otherwise be displayed in Google's search results that have been removed for one reason or another; are you familiar with that? A. Yes. Q. And those search results are not displayed to users; is that right? A. In certain circumstances some of the results are not displayed to users. 16 (Pages 61 to 64) Veritext National Deposition & Litigation Services 866 299-5127 A-1526 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 18 of 79 Page 65 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Are you aware of any instance in which an intruder has been able to gain access to those search results which Google has removed? A. Yes, I think I've done that personally. Q. Could you tell me about that? A. So the project I described previously where certain sites were missing from Google.FR, the French version of Google, I ran a set of comparisons, and I recall tens of thousands of comparisons between Google.com and Google.FR. As an intruder I was able to nonetheless make that comparison between the two Google search services and determine which results were omitted. Q. In what sense were you an intruder? A. I was certainly an outsider to Google. I had no privileged access to their computer systems, no special account, no root access, and yet I was able to obtain this information which Google didn't otherwise make available to the public and use that information to demonstrate that Mr. Drummond himself had made false statements on an official written Page 67 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. One that I've been thinking about in some detail is the claim that results come from an algorithm, which I think is at the very least deceptive because it fails to give full credit to the significant control and judgment that staff exercised in configuring the algorithm and in otherwise overriding the algorithm, adjusting search results. I think that that false statement probably is material. It's quite a few users who care quite a bit about whether they're getting a computer's opinion or a person's opinion, and that's a subject on which Google has made very firm commitments over a period of years. Q. Do you think that Google was doing something bad by making those commitments? MR. BONI: Object to form. A. I think there were multiple forces within Google. Some staff wanted the service to work in one way. Some wanted it to work in a different way. And we see that internal tension borne out in inconsistent statements by various Google staff, as well as inconsistent practices, both inconsistent at a given moment in time and inconsistent over time. Page 66 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 statement of Google policy statements that turned out to be contrary to the facts as I demonstrated them. Q. Do you think that Mr. Drummond was lying? A. He wasn't telling the truth. Q. Do you think that that was wrong? A. I'm not sure if he knew subjectively, internally at the time when he made the false statement, I don't know whether he knew that it was false. Q. Do you think that Google should be punished for that? A. You know, the damage to the consumer public was that people thought Google was a little bit better as a search engine than it really was. Of all of the misrepresentations of product attributes or qualities, I don't think this is the most significant or the most material. Q. Of all of Google's misrepresentations? A. Yes. Q. Tell me about Google's other misrepresentations? Page 68 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you think that Google lied to the public? MR. BONI: Object to form. A. I think there are some subjects on which Google has been less than forthright. There probably are some areas where Google's staff simply didn't tell the truth. But sometimes, perhaps mistakenly, based on incomplete information available to the given person making the statement, there might be instances in which Google affirmatively made false statements. Just yesterday, I suppose the UK privacy commissioner announced their investigation alleging exactly that, and so I wouldn't be alone in thinking that some false statements may have been made. Q. Do you think that Google should be punished for making those statements? MR. BONI: Object to form. A. I guess you'd have to look at the specific statement, the specific statutory basis for any enforcement action, but I think all the laws should be enforced strictly as to all potential violators, and so I'd have to look one 17 (Pages 65 to 68) Veritext National Deposition & Litigation Services 866 299-5127 A-1527 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 19 of 79 Page 69 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 by one. Q. Have you ever created a data base-backed website? A. Yes. Q. Could you give me an example of such a site? A. Sure. I have a website that gives examples of false and deceptive advertisements that I saw at Google, and I stored those advertisements in a database and then displayed that database to interested viewers of that portion of my website. Q. What's the URL of that website? A. Ben Edelman.org/PPC-scams maybe slash list. I'm not sure about the slash list, but I think that's correct. Q. This is a website that you've created that includes a number of advertisements shown via Google's ad network; is that right? A. These are all advertisements that I personally saw on the Google search engine which is -- you could call it the Google ad network. I'd probably call it just the Google search engine, to be very clear about it. There might be a very few that were submitted by outsiders Page 71 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 portion of the Google results page where I saw that advertisement. Q. What sort of database is behind this page? A. I believe this one actually is a text file that is processed by text to database engine and then sorted and output into the HTML in the way that you may be viewing now. Q. Do any database queries occur at the time a user visits the web page? A. Yes. Q. Is there any information in the database that's not displayed? A. Yes. Q. What information is that? A. I think the exact date and time of submission, the IP address of submission, the e-mail address of the user who made the submission. There probably are some other fields. Q. And have you been successful in preventing that other information from being displayed? A. I've been successful in preventing that information from being displayed at the Page 70 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that I personally verified before adding them to this list. Q. Does this include ads from any other search engines? MR. BONI: I'm sorry, Joe, does what include? The list? Q. Does your PPC -- so this web page is about false or deceptive paper click ads; is that right? A. Yes. Q. Does it include false or deceptive paper click ads from anywhere but Google? A. I don't recall. Q. Can you think of any ads that it includes from places other than Google? A. I suspect that many of these advertisers were using other search engine advertising platforms, also. Q. But your website is just about the Google ads; is that right? A. I believe my website lists the search term that I entered into Google and the position and location on which I saw that ad at Google, and, in fact, in general provides an image screen shot, a partial image screen shot of the Page 72 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 specific URL that I dictated to you. Whether I've been successful in preventing that information from being obtained by others at other URLs, I'm not sure. Q. Could you explain your last answer. A. Maybe someone knows how to get that material from my web server even though I didn't intend to provide it. Q. Do you know whether anyone has? A. I don't know one way or the other. Q. Have you taken measures to prevent that? A. I've attempted to. Q. And as far as you know, you've been successful? MR. BONI: He just said he doesn't know one way or the other. A. I'm really not sure in that if I had been unsuccessful, I doubt anyone would tell me that I had been unsuccessful. Q. How many submissions on this page are from people other than you? A. I think not very many. It never really took off. I wouldn't be surprised if it was less than ten. 18 (Pages 69 to 72) Veritext National Deposition & Litigation Services 866 299-5127 A-1528 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 20 of 79 Page 73 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Joe, by "this page," could you just put into the record what you're referring to that you have up on your laptop, the website URL in question. MR. GRATA: Sure. MR. BONI: So the record's complete. MR. GRATZ: It was the URL -- I'm referring by "this page" to the URL that Mr. Edelman dictated to me; namely, www.BenEdelman.org/PPC-scams/list. MR. BONI: Thank you. Q. If you were unsuccessful in preventing that information in the database from being taken by an intruder, the private e-mail addresses of those who submitted advertisements to you for display on this page would be disclosed; is that right? A. Yes. Q. And their IP addresses would be disclosed; is that right? A. I believe it would be the IP address of the user at the time of submission, which might or might not be quote unquote their IP address in any lasting sense. Q. Do you consider that to be private Page 75 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Google offers vouchers and similar prepurchase discounts. And then in light of the user's concern, this tool will actually write a complaint letter grounded in applicable law at the user's direction customized in light of the user's concerns, the user's state of residence, the merchant's states of the residence, the voucher services state of residence, citing appropriate authority for the user then to submit if they so choose. Q. Does it store the submission in a database? A. It does. Q. And those submissions include the e-mail addresses of those who submit? A. Yes. Q. Are you aware of any intrusion into that database resulting in the -- resulting in the taking of those e-mail addresses? A. I am not. Q. What security measures do you have in place to prevent that sort of intrusion? A. One important security measure that my technician student installed at my direction was that the system never stores the voucher Page 74 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 information nonetheless? A. It depends, but sometimes it is. Q. And you consider this security of this website from intrusion good enough to include that private information in the database which lies behind it; is that right? MR. BONI: I'm sorry. Object to form. That characterizes the witness's testimony. A. I consider this approach suitable under the circumstances, primarily due to the nature and quantity of the information being secured. Q. And if there were higher value information, you would regard greater security measures as being necessary? A. Certainly appropriate and possibly necessary. Q. Have you -- do you operate any other database-backed website? A. Yes. Q. What websites are those? A. I have a website called Voucher Complaints.org whereby users can register their consumer law grievance as to Groupon vouchers, Page 76 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 number of a user's pre-purchased voucher. That means that the most important piece of information, the information that actually has cash redeemable value is not in our server ever, not even for instant. So if we got hacked, there wouldn't be any money to be taken, nor anything that's redeemable for goods or services. Q. Do you operate any other data based-back websites? A. Yes. Q. What websites are those? A. The website query.ipensatori.com. That's i-p-e-n-s-a-t-o-r-i.com. Q. What is ipensatori.com? A. That's a domain name registered by my friend, and for some purposes, business partner, Wesley Brandi. Q. For what purposes is Mr. Brandi your business partner? A. We have a collaboration in detecting certain online advertising fraud and certain other improprieties. Q. What other improprieties are those? A. We're still figuring it out. But we 19 (Pages 73 to 76) Veritext National Deposition & Litigation Services 866 299-5127 A-1529 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 21 of 79 Page 77 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 have a general purpose detection tool that can detect all manner of things happening on the Internet that shouldn't happen, and depending on client needs, I suppose we configure it appropriately. Q. The database that lies behind query.ipensatori.com, does it include any confidential information? A. It does. Q. What information is that? A. There are two separate data bases. There's a database of the users who have made requests to the query tool, and the query tool retains information about who used it, name, e-mail address, employer, what the search was. Some of those fields, of course, being optional. And secondly, there's a database of our research findings. The purpose of the tool is to allow users to view a portion of our research findings, and so our research findings are embodied in the database that the tool accesses as needed. Q. Do you make the entirety of your research findings available for bulk download? MR. BONI: Object to form. Page 79 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 because even a well-secured electronic system is not entirely foolproof in all circumstances? A. That's one of the reasons. Q. Why else? A. There are quite a few attack modes that would be unlikely to leave any records or fingerprints or other evidence that could be detected, or if it could be detected, then I would actually successfully detect personally, given my skills and capabilities, and given that I have other activities and don't spend that much time each day checking whether anyone has attacked this tool. Q. With additional skills and additional time to do so, would that it make it more likely that you would detect an attack? A. Sure. Putting more time into it would make it more likely that I would detect it. Conversely, if I put better data into the tool, that would make it more likely that someone would want to attack it and would redouble his efforts to attack it without being detected. So there are multiple factors that can make it both more and less likely that an attack would occur or would be detected if it Page 78 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. We do not make the entirety available for bulk download. Q. Why not? A. We prefer to obtain some records. I'll be it, limited and minimal, but still some of who accesses which portions of the database. Q. Would fraudsters be interested in the results of your research? A. I'm not sure. MR. BONI: Object to form. Go ahead, Ben. A. We thought about that at some length and concluded that we could publish this data such that even if a fraudster took the entirety of the data, it wouldn't really give them any significant advantage in perpetrating their fraud or in avoiding detection by us or anyone else. Q. Do you know whether the entirety of the data lying behind the query.ipensatori.com website that you operate has been taken by an intruder? A. I believe that it has not been, but it's hard to say for sure. Q. And you say it's hard to say for sure Page 80 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 did occur. Q. So you're not aware of any such attacks sitting here today? A. That's right. Q. Do you operate any other data based-backed websites? A. I do. Q. Could you list them for me? A. I think there are many of them. And even the tense of your question operate versus used to operate. Q. Just sticking with right now which of the data based-backed sites -- which of the data based-backed websites that you operate contains, in your estimation, the most high value data? MR. BONI: Object to form. Q. And by "high value," let me -- let me clarify that. The data most attractive to an intruder? MR. BONI: Same objection. Joe, do you mean relative to his universe of data based backed websites or more in the absolute. Q. Rank them in order in your head and give me the first one. A. Yes. The first one is the internal 20 (Pages 77 to 80) Veritext National Deposition & Litigation Services 866 299-5127 A-1530 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 22 of 79 Page 81 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 database that Wesley and I access internally that keeps records of all of the advertising fraud incidents that our tools have identified. Q. Is that database connected directly to any web server? A. No. Q. And it's a portion of that database that's extracted and then used to provide the query.ipensatori.com website; is that right? A. That's one use of a portion of the database. Q. That database, where is it stored? A. It's stored in Wesley's basement. Q. Is it stored in the same computer that runs the query.ipensatori.com website? A. No. Q. Why not? A. We believe that it is more likely to be secure if we store it on a separate computer. Well, really there are a variety of reasons of which that's just one. Q. Is the computer on which its stored connected to the Internet. A. It is. Q. Is it behind a firewall. Page 83 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 engine and advertising dominates my vitae. On the other hand, I'm proud of my work on information security. Some of it was original and important and set the stage for other's work that followed. And often information security work lays an important groundwork for some other activity such as understanding advertising fraud or understanding privacy problems. So they are definitely all interrelated. Q. When you say the "information security work," you're referring to the activities that we've discussed relating to security previously today? A. I think there also are quite a few that we haven't discussed. Q. Do any of them relate to gaining root access on a server connected to the Internet? A. I've largely been looking at aspects of information security other than gaining access at a root server level. Q. Has any of your research looked at gaining access to Internet connected servers on a root level? A. I certainly have written about gaining access to Internet connected devices on Page 82 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I think broadly understood, it's behind a fire wall. It's behind some security apparatus that would colloquially be called a firewall. Q. Are you aware of any intrusion that has allowed access to that database of all of your research results with respect to advertising fraud? A. No. Q. What's the next most valuable database among those that you operate? MR. BONI: Object to form. A. Next most is probably the query tool which we've already discussed. Q. Turning back to Paragraph 1 of your report, you list information security as one of the areas of your research focus. Is research on information security a more or a less significant focus of your research than research on Internet advertising, search engines or privacy? MR. BONI: Object to form. A. There are multiple ways of thinking about that. In terms of my academic vitae, I think most people would say my work on search Page 84 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 a root level. Much of the Spyware and adware work entails exactly that, and I had some important work in that vein that I could tell you about. But those are end users devices rather than servers. Q. And gaining root access to an end user device is a different enterprise than gaining root access to an Internet connected server; is that right? A. Sometimes it is, and sometimes it isn't. Q. But as we've discussed, you're not aware of any instances in which executable Spyware has been executed on Internet-connected servers; is that right? A. I think I'm aware of such instances. Q. Were those -- who operated those servers in those instances? A. There have been a set of instances in which the servers operated by both banks and retailers as to credit card processing have been infiltrated by a set of devices that obtained either root level access or other access sufficient to obtain user's credit card numbers, expiration dates, billing addresses and zip 21 (Pages 81 to 84) Veritext National Deposition & Litigation Services 866 299-5127 A-1531 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 23 of 79 Page 85 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 codes and so forth, the information that the attackers sought in any event. And those had been attacks perpetrated by obtaining access to servers with the required security levels. Q. So what you're saying is banks' servers had been hacked into, and root level access or similar access gained somehow passed? A. Both banks and merchants. Q. Can you recall an instance in which you described the areas on which your research focuses without including information security? A. Yes. Q. What instance is that? A. I suspect the bio on HBS website doesn't use the phrase "information security," although I'm confident that it discusses some of my work in the area of information security. Q. Why didn't it use the phrase "information security"? A. I'm not sure. I wrote it. So I could have used that phrase had I wanted to. I think I was attempting to fit more within the area of research of my colleagues of this hallway who are largely economists. And so I was there structuring my focus to emphasize the Page 87 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 research focuses without including information security? A. I was recently evaluated for a promotion by the Harvard Business School and had to prepare a personal statement. I know that the personal statement discussed my work in the area of information security, but I doubt that it used the phrase "information security." Q. And the work in information security that was discussed is the -- is the work on spyware, advertising, privacy and so on that we've discussed? A. I think it includes those. There's others also. Q. Is there any work that you've done that is more germane to Internet security -strike that. Is there any work that you've done that is more germane to information security than the work that we have discussed thus far today? A. I think there is actually. Q. What work is that? A. The first matter which I was retained as an expert was the matter captioned National Page 86 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 economics aspects of my research and to somewhat downplay the computer science aspects of the research. Q. Are you -- can you recall any other instance in which you describe the areas on which your research focuses without including information security? A. Sure. Q. What instance is that? A. I'm sure bios and converse description and description of the speaker and so forth, typically. Usually, any reference to any information security. Q. Why is that? A. Usually, I find myself speaking to advertisers or publishers or online business people more generally, and they usually would not be drawn to information security and such. Even though it's important to what they do, they wouldn't regard it as important or strategic, and so presenting other aspects of my work would be more likely to capture their interest and attention. Q. What other instances can you recall in which you describe these areas on which your Page 88 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Football League versus I Crave TV, and that was 1999 or 2000. In that matter a Canadian company was copying American network television to a video format, not unlike YouTube except live rather than recorded. My work in that case and subsequent publications, comments to regulators and so forth, were grounded in the remarkable difficulty of securing that video content against those who might further copy and wish to access it in violation of applicable law. Q. Anything else that is more germane to information security than that which we have discussed so far today? A. Yes. Q. What's that? A. I had a set of projects as to Internet filtering, attempting to determine what websites were blocked by what commercial filters, by what library filters, by what school filters, by what national filters. In some instances affecting entire countries. Well, in a portion of that project, I wished to take apart a series of commercial Internet filters in order to determine what websites those filters blocked. The list was installed on a server in 22 (Pages 85 to 88) Veritext National Deposition & Litigation Services 866 299-5127 A-1532 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 24 of 79 Page 89 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 m office, in my custody, and I needed to access this data secured within the server, although there were, in fact, some impediments to accessing the data. Q. And did you circumvent those impediments? A. I developed some methods to circumvent a portion of the impediments. Other impediments were more difficult, both for technical and for legal reasons. Q. Did this project result in litigation? A. One aspect of it did. Q. Were you the plaintiff in that litigation? A. Yes. Q. What was the claim that you made in that litigation, and actually -- sorry, let me ask. Was that the Edelman versus N2H2 litigation? A. Yes. Q. What was your claim as a plaintiff in that litigation? A. That was a declaratory judgment action seeking guidance from the court as to Page 91 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 particularly as to the significant security vulnerabilities that had given rise to the installation of spyware and adware and about which I have written in great detail. Q. Anything else? A. And my first publication on any subject was a manual on how to use software called Trumpet Winsock to connect to Net.com. Net.com, being an early unlimited Internet service provider, which I believe uniquely at that time would provide unlimited Internet access for $20 a month. This was in an era of monthly charges. I think I was about 15-years-old at the time and figured out how to use Trumpet to connect to Netcom, which was important at that point because Trumpet would allow you to use Netscape and Udora and other software that you might very much want to use. Well, this was an information security project because the Netcom service was bundled with software called Net Cruiser which was viewed as strategically significant from Netcom corporation. I think mistakenly viewed. They thought that it would be good for them to provide your e-mail program and your web browser Page 90 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 whether it would be lawful for me to circumvent an information system that constrained access to a list of websites being filtered. Q. What was the result of that litigation? A. The court refused to give any guidance one way or the other. Q. On what grounds did the court so refuse? A. I believe it was standing mootness. Something procedural and early in that vein. Q. Following the court's decision, did you proceed with the project? A. I abandoned the project, at least in that respect. Q. Who was your counsel in that litigation? A. The American Civil Liberties Union, national office. Q. Do you have any other areas of research that are more germane to information security than those we've already discussed? A. Well, we've discussed spyware and adware only to a limited extent, but that's clearly important to information security, Page 92 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 and your Internet access service. They were mistaken. They would have been better off providing only Internet access, but they didn't know that. So they wanted users to accept the entire bundle. I wanted to use only a portion of the bundle and to bring my own software at my own expense for other services, and I determined how to do that and wrote an article explaining how to do it which raised significant questions of security, frankly; namely, was their system secure against people like me, and it turned out that it was not. Q. Was that a peer-reviewed article? A. Well, it wasn't published in a traditional journal. On the other hand, I discussed it with genuine peers, people who really knew this material, including the software developers who wrote development software and later the engineers at the Netcom Corporation. So the relevant experts were absolutely consulted and offered feedback and opinions in great detail. Q. Of your research, can you recall any other research, other than that which we've 23 (Pages 89 to 92) Veritext National Deposition & Litigation Services 866 299-5127 A-1533 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 25 of 79 Page 93 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 discussed today, which is more germane to information security than that which we've discussed already? A. Yes. Here's another one that's more germane than much of what we've discussed. Yahoo operates an advertising service called Right Media which has a very, very large proportion of deceptive advertisements. Perhaps 30 percent or more of the Right Media advertisements are deceptive by Yahoo's own classification system, and here's how I know that: As a Right Media publisher, a person authorized to put Right Media advertisements onto my website, I logged into the Right Media interface and carefully excluded each of the various categories of deceptive ads, individually and in various combinations and noted the proportion of advertisements that were respectively excluded when I activated the various category exclusions. In that way, I was able to obtain from Yahoo's server the proportion of Yahoo's advertisement that according to Yahoo's own staff were deceptive and indeed unlawful. And to demonstrate that a very sizable fraction of Page 95 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. You nonetheless published it; is that right? A. Yes. Q. Had you entered into any agreements with Yahoo at the time that you published that information? A. There was a standard click-through agreement for which, frankly, I don't recall the terms one way or another. Q. Do you recall whether there were confidentiality terms? A. I don't recall one way or the other. Q. Did you check whether there were confidentiality terms before publishing this information? A. I think I thought about the legal questions posed, and I expect that I would have checked the confidentiality terms and resolved the question to my satisfaction before proceeding. Q. If there had been confidentiality terms, would you have proceeded? A. I might have. Q. Why? A. I might have concluded that the terms Page 94 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Yahoo's advertisements had this problem and then to post those screen shots to my website along with a discussion of the business, marketing and legal questions posed, which prompted an investigation by a state attorney general, compelling Yahoo to change some of those practices. Q. Do you consider your work on Right Media an intrusion into a computer system? A. I believe Yahoo considered it an intrusion into their computer system. Q. Do you consider it an intrusion into a computer system? A. I'm not sure. I see both sides of it. Q. Were you able through your intrusion to gain access to any confidential Yahoo or Right Media information? MR. BONI: Object to form. Mischaracterizes the testimony. A. Yahoo took the position that the information they provided to me in my capacity as publisher was confidential and should not have been presented on my website or disclosed to anyone else. Page 96 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 didn't apply to the information that I was publishing, didn't apply to this purpose, to demonstrate unlawful conduct and Yahoo's knowledge thereof, were contrary to public policy, and therefore, unenforceable or for some other reason were deficient or defective. Q. Do you remember what conclusion you came to on those questions? A. The bottom line was that I should publish the article, and I don't recall the specific intermediary steps that took me to that conclusion. Q. How is Right Media research germane to information security? A. There was a set of information that Yahoo wanted to keep away from public view and away from, for example, the attorneys general who ultimately investigated. They wanted their own employees to be able to classify advertisements, and they wanted publishers to make informed decisions about which categories of advertisements to accept. After all, accepting the deceptive advertisements was actually quite important to Yahoo's business because they could make significant money from 24 (Pages 93 to 96) Veritext National Deposition & Litigation Services 866 299-5127 A-1534 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 26 of 79 Page 97 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 their revenue share, their commission for putting the deceptive advertisements onto publishers' sites. So they wanted publishers to be able to accept the deceptive advertisements, but they didn't want it to be required. Good publishers would insist on excluding them. Well, Yahoo had this set of complicated business objectives. They wanted the ads classified in this way. They wanted these people to see this information, and these people not to see it. And unfortunately for them, it was difficult to thread the needle, that is, difficult to provide exactly that information only to the people that Yahoo wanted to provide it to because as I demonstrated, one of the people who received the information might elect to republish it to Yahoo's detriment. Q. Even in the face of a confidentiality agreement requiring to the contrary? A. Perhaps. MR. GRATZ: Let's change the tape. THE VIDEOGRAPHER: Here ends Tape 2. Off the record 12:09 p.m. (Brief recess.) Page 99 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. And it wasn't ruled upon because the case settled very shortly after it was filed; is that right? A. I don't think that's correct. Q. Why wasn't it ruled on? A. I think it wasn't ruled on because WhenU withdrew the motion. Q. Did WhenU withdraw the motion contemporaneously or roughly contemporaneously with a settlement of litigation? A. No. I think the litigation continued for more than a year thereafter, as I recall. Well, I'm not sure. But in any event, if there was a settlement, it was unrelated to the withdrawal of the motion, to the best of my knowledge. Q. What was the allegation in that contempt motion? A. The allegation was that I disclosed or otherwise used testimony that was given under seal in writing an article on my website. Q. In describing your expertise in previous expert reports, have you ever omitted to include any mention of information security? A. Usually, in an expert report, I Page 98 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 THE VIDEOGRAPHER: Here begins Tape No. 3 in today's deposition of Benjamin Edelman. Back on the record, 12:13 p.m. Q. Mr. Edelman, have you ever been the subject of a contempt motion? A. I have. Q. Could you tell me about that? A. This was a contempt motion brought by WhenU, a spyware or adware company, depending on who you ask, that alleged that I had violated a portion of a protective order. MR. GRATZ: We'll mark this as Edelman 2. (Document marked as Exhibit No. 2 for identification.) Q. You have before you what's been marked as Edelman 2. Do you recognize this document? A. Yes. Q. What is it? A. It's WhenU's motion. Q. Did WhenU settle -- excuse me. Do you know whether this motion was ruled upon? A. It was not. Page 100 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 discuss the experience that is relevant to that matter. Thinking about the most recent instances in which I've served as an expert, I don't think information security would have been particularly relevant, and therefore, I probably wouldn't have mentioned it. Q. Do you consider Internet advertising search engines and privacy particularly relevant to the issues in this case? A. Some more than others, but because those are so central to the overwhelming majority of my research, I mentioned them almost as a matter of course, whether or not they're relevant. Q. And information security falls into a different category? MR. BONI: Object to form. A. I think information security is somewhat less prominent in my research. It still permeates the research, but particularly given widespread view that information security is somehow less important or is best left to technicians and is not of general significance, it's something I'd be less likely to mention unless it was specifically at the core of the 25 (Pages 97 to 100) Veritext National Deposition & Litigation Services 866 299-5127 A-1535 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 27 of 79 Page 101 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 matter. MR. GRATZ: Let's mark this as Exhibit 3. (Document marked as Exhibit No. 3 for identification.) Q. Do you recognize this document? A. Yes. Q. Turning to -- actually what is this document? A. It begins with my expert report in a dispute between AOL, owner of Netscape, and Valueclick. It looks like it continues with a set of attachments. I'd need to flip through it all to be sure. Q. In your expert report in the Valueclick case, did you opine on issues of information security? A. I need to think back for a moment to remember what was at issue in that case. MR. BONI: Take your time and look at the report. A. I think Paragraph 11 purports to summarize my opinions, and as I recall, it does summarize my opinions. This is largely about the structure of online advertising markets and Page 103 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 information security in Paragraph 1. Q. Do you identify expertise and information security in any other portion of the description of your background and qualifications? A. I'm sure I attach my CV to the expert report as required by the applicable rules, and that does discuss information security via the various articles on that subject. The word secure, securing does appear in the title of an article in Paragraph 3. I think there's -there's discussion of information and security. Q. But it's not an important enough reason or interest to appear in the second sentence of Paragraph 1? A. I don't think that's the reason why it doesn't appear. It doesn't appear in the second sentence of Paragraph 1 because it's not as germane to the expert opinions presented in this expert report. Q. Whereas affiliate marketing is described there, but does not appear in Paragraph 1 of your report of this case; is that right? A. That's true. If we were to flip Page 102 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the import of cookies in online advertising markets. There's significant technical analysis of whether or not the cookies work as instructed, whether or not the cookies are defective in some way, whether browsers correctly process the cookies. All questions very much grounded in whether information systems work in the way that they might have been expected to or whether they malfunction in some way. Whether that's information security or not, that's diagnosis and analysis of the functioning of information systems. Q. Would you say that your opinions in the Valueclick case have more or less to do with information security than your opinions in this case? A. Less. Q. And in describing your background and qualifications in the Valueclick case, you don't identify any expertise in information security; is that right? A. Let me check. Well, in Paragraph 1, for example, I discuss various aspects of advertising which is what was at issue in the case here, the Valueclick case. I don't discuss Page 104 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 through a variety of my expert reports, I think we'd find that, first, they copied this paragraph, and second, the end of that sentence especially tends to be customized a bit according to the context in which that report is being prepared. Q. Turning to your CV in this case, attached to your report, under experience you identify certain research interests. Do you see that? A. Yes. Q. Is information security listed among those research interests? A. Automated data collection actually is quite closely related to information security, but -- and information security permeates the other listed research interests, but it's not listed specifically by that name. Q. Have you ever provided consulting services or expert witness services with respect to subject matter as to which you did not consider yourself an expert? A. No. Q. Do you consider yourself an expert on the subject matter of computer security? 26 (Pages 101 to 104) Veritext National Deposition & Litigation Services 866 299-5127 A-1536 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 28 of 79 Page 105 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. A. There are aspects of computer security on which I do consider myself an expert, and there are other aspects of computer security on which I don't consider myself an expert. Q. On which aspects of computer security do you consider yourself an expert? A. I consider myself an expert in areas of information security in a multiuser online information system, partial access to information, context in which some information is made available to some people but not others, information systems where some information is available to the general public without restriction or login. Conversely, at the other end of the spectrum, for example, as to the most technical aspects of hacking, finding the specific security defects that allowed an attacker to circumvent a security control, in general, that's something that I would have less to say about. Q. But you nonetheless consider yourself qualified to opine on the subject of computer Page 107 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 beyond what an ordinary computer professional would be likely to know. Q. Anything else? A. Sure. You know, there are many facets of information security. And we could go through the numerous specialized fields. Hardware security modules, specialized computer chips that provide security benefits, I'm familiar about them only incidentally from a particular single matter, but wouldn't consider myself an expert in hardware security modules in general. Q. How to conduct a penetration test of a system? A. Well, I wouldn't be so quick on that one. There are some systems for which I could appropriately design a penetration test. Some systems for which I have personally performed a penetration test and have achieved the penetration. So it all depends on the kind of system and the kind of testing that is under consideration. Q. Have you ever designed or performed a penetration test with respect to a system which stored digital books? Page 106 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 security generally? MR. BONI: Object to form. You can answer. A. I'm sure there are some questions of computer security that I wouldn't consider myself qualified to opine on, but as to the questions presented in this report, the questions on which I was asked to opine, I consider myself an expert for the purpose of those questions. Q. So you said you don't consider yourself an expert in sort of determining the means by which a particular intrusion occurred at the code level; is that right? MR. BONI: Object to form. A. I think that slightly mischaracterizes it, but it's probably satisfactory in many purposes. Q. In what other areas of computer security do you not consider yourself an expert? A. There are people with specialized expertise on physical security, vaults, tamper proof screws, tamper evidence seals. Some very important work, frankly. And I haven't written on that subject, haven't learned much about it Page 108 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. No. Q. Do you consider yourself an expert on the subject of online advertising? A. Yes. Q. Do you consider yourself an expert on the subject of advertising fraud? A. Yes. Q. Do you consider yourself an expert on the subject of spyware? A. Yes. Q. Do you consider yourself an expert on the subject of Spam? A. Some aspects of Spam more than others. I wouldn't be as unqualified with that one. Q. Do you consider yourself an expert on the subject of Internet filtering? A. Certainly there was a time when I was as close to that subject as anyone. Now I'm less sure, but there certainly are aspects of it where I put myself out as an expert. Q. Do you consider yourself an expert on the subject of geolocation? MR. BONI: Just to be fair, what it says in his CV is geolocation and targeting. 27 (Pages 105 to 108) Veritext National Deposition & Litigation Services 866 299-5127 A-1537 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 29 of 79 Page 109 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Mr. Edelman, do you consider yourself an expert on the subject of geolocation? MR. BONI: Object to form. A. There are aspects of geolocation on which I have offered expert opinions. And geolocation has changed somewhat since that time and has become more complicated in multiple respects, so there are portions of geolocation on which I would not put myself out as an expert. Q. Do you have greater or lesser degree of expertise in the area of geolocation than in information security? A. It's hard to make that comparison because the term "information security" is just such a broad term that encompasses so much. There are portions of information security where I have a much deeper understanding and a much more current understanding than I have today of geolocation. Q. Do you consider yourself an expert on the subject of privacy? A. On some aspects of privacy. Privacy also is quite broad. Probably even broader than information security. Page 111 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 design do you consider yourself an expert? A. I think my greatest expertise is at the intersection of user interface design and consumer law, disclosures. I would make myself less than expert on the ordinary questions of ease of use and user friendliness, intuitiveness and so forth. Q. Of the areas of expertise that we've just discussed, are there any in which you have a greater degree of expertise than in the area of information security? A. The thing about these areas is that they vary just dramatically in their breadth. So you see on the list that we just discussed, you see something like advertising fraud, where I might have coined the term "online advertising fraud." In any event, I think I have the single best website on that subject on the whole Internet. I'm the guy if you want to talk about online advertising fraud. In part because it's kind of a small subject, and at least in the sense that not that many people are interested. Maybe more people should be interested. Conversely, for a huge subject like privacy or information security, there are just Page 110 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you consider yourself an expert on the subject of online privacy? A. Even there the term is quite broad and comparable in breadth to information security. Q. What areas of online privacy do you consider yourself an expert in? A. I have expertise in data collection from personal computers, especially Windows computers, data collected by websites, data collected through mechanisms in websites such as HTML, JavaScript and Flash, methods of determining forensically what data is collected or has been collected, interpreting log files, forensically interpreting historic records. Those are the areas of privacy where I have done the most work. Q. Do you consider yourself an expert in the subject of automated data collection? A. Yes. Q. Do you consider yourself an expert on the subject of user interface design? A. Some aspects of user interface design. Q. On what aspects of user interface Page 112 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 many more subfields, and so it's like apples and oranges to try to compare those two. MR. GRATZ: Let's mark this as I guess, we're on Exhibit 4. (Document marked as Exhibit No. 4 for identification.) Q. We have before you what's been marked as Exhibit 4. Do you recognize this document? A. Yes. Q. Is this a true and correct copy of an expert report you submitted in Multnomah County Public Library versus United States on October 15, 2001? A. It seems to be. Q. Turning to page 2, you say, "My experience includes six years as an Internet web server administrator, including operation of a server ordinarily receiving more than 20,000 hits per day." Do you see that? A. Yes. Q. What server was that? A. I think I must have been referring to the main Berkman Center server as it stood at that time. Q. Were you the primary administrator of 28 (Pages 109 to 112) Veritext National Deposition & Litigation Services 866 299-5127 A-1538 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 30 of 79 Page 113 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that server as of October 15, 2001? MR. BONI: Object to form. A. I'm not sure if October 15th, 2001 is the date of this report. Just take a moment to check that. I certainly was during a period on or about that time. I think my time as the primary administrator might have ended shortly before then. Q. Are you aware of any intrusions -actually strike that. The primary Berkman web server, are you referring to the web server at Ciber.law.Harvard.edu? A. That was the domain name that associated with the server that I administered. Q. Was that a data based-backed website? A. It was in part. Q. Are you aware of any intrusions that resulted in the disclosure of confidential information from that server when you were its administrator? A. There were intrusions into that server. I don't know what information, if any, was obtained during those intrusions. Q. What intrusions were those? Page 115 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 servers improved since 1995? A. I think the security of the servers has improved, although some confounding factors have caused reductions in security at the same time, such that I'm not sure on the whole information is a whole lot more secure than it was in that time period. Perhaps, it's less security. Q. And what confounding factors are those? A. Attackers have become significantly more skillful. Automatic attacking tools have become more widely used. Information sharing among attackers has become more common through specialized information sharing websites such that one defect can readily be known to others. Economic incentives to monetize stolen information have become significantly more widespread such that there's a much improved business model to attacking servers. Servers have become much more complicated with more software installed, more interconnections and more exposure to possible attacks. Q. Turning back to Exhibit 1 of your report, in the second sentence of Paragraph 2, Page 114 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. That was a Windows server, and it was subject to the -- I believe it was called SQL slammer, was an early worm. There were some other worms. It's hard to recall a decade later which one specifically managed to infect that server and which ones I successfully blocked. Q. But you don't recall any that resulted in the disclosure of confidential information? A. Well, if they did result in that disclosure, I don't think I learned about it. I don't know one way or the other. One of our main protection strategies, of course, was to try not to keep sensitive, high-risk, confidential information on that server for a variety of reasons, including the perceived vulnerabilities of the server and the fact that it was connected to the Internet in quite an exposed way. Q. Did your work as an Internet web server administrator begin in about 1995? A. Yes. Q. How old were you in 1995? A. I was 15. Q. Has the security of Internet web Page 116 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 you say "My technical experience includes efforts to verify the security of other programmers' code, including uncovering shortfalls in others' security systems." Is there anything referred to in that sentence that we haven't yet discussed today? A. Yes. Q. What's that? A. There are several instances in which I found significant security defect in others' codes. I can tell you about all of them that I remember, and you can check my CV for more. One that's particularly vivid was the WhenU software that we discussed on a couple of occasions. The WhenU software had a remote execution vulnerability; namely, it was possible for anyone to send a purported update to the WhenU spyware, adware application, which the WhenU application would then install on the user's computer with full administrative privileges, allowing the attacker to obtain complete control over the user's computer. I uncovered that, brought it to the attention of both WhenU and the general public, and subsequent to my report, it was corrected. 29 (Pages 113 to 116) Veritext National Deposition & Litigation Services 866 299-5127 A-1539 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 31 of 79 Page 117 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 That's one. There are several other examples. Q. Do any of those examples relate to the security of code which is run on servers? A. Well, much of this code is right at the intersection of desktop computers and servers. This was a vulnerability relating to the way that the client connected to the server. For example, they failed to use any cryptographic verification, and so the correction to the problem that I just described required changes both to the client and to the server. Q. It wasn't a security defect in the server that you found though; isn't that right? A. It was a security defect in the overall architecture that encompassed both the server and the client. Q. Did the defect that you identified allow intrusion into the server? A. I'm not sure. Q. It did allow intrusion into the client, in that one could install any software one wanted and take complete control of the client; is that right? A. That much definitely could be done. Page 119 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 should -- would govern. It was complicated and confusing. I prefer to reread the underlying article which I think offers a precise description of what went wrong. Sitting here today, recalling an article of half a decade ago, it's difficult for me to summon the details with precision. Q. Was that a situation in which there was an intrusion that went past a designed security system or a situation in which the security settings through the security interface didn't end up doing sort of what the user intended? MR. BONI: Object to form. You can answer. A. I think there are other possibilities beyond the two in your question. I believe the system didn't operate in the way that the technical documentation said that it would operate. I believe it didn't operate in the way that a reasonable user would have expected it to operate in light of the technical documentation and the configuration screen. It's possible that there's an engineer who knew that it would operate this way because he designed it that Page 118 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you know of any other instances in which you have verified or uncovered shortfalls in the security of other security systems where the security was protecting a server from intrusion? A. Google acquired a service called JotSpot which suffered a defect that could be styled as either a privacy defect or a security defect. The result of the defect was that any user could view the documents, even when the author of those documents had instructed the documents were to be kept private and secure from other users. Q. And that's in a situation where the administrator of the particular wiki that was involved had set all pages to be public; is that right? MR. BONI: Object to form. A. As I recall, there were multiple inconsistent settings areas, so you might set it to be public in one place and private in another place, and it looked from the user interface like the private settings, the stricter of the two settings should govern, when the fact of the matter was that the looser of the two settings Page 120 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 way, and he knew that he designed it that way. Nonetheless, I would say there was a defect in the design, if that's how he designed it, particularly in light of the technical documentation. Q. Was there any security measure that needed to be circumvented in order to access the information in the JotSpot situation? A. I think the main tactic that an attacker would need to utilize was to ask. It's like the joke about God and the lottery ticket, meet me halfway. Buy a ticket. You have to ask for the private information in order to get it. The main thing, protecting the private information here was that no one would bother to ask, and, therefore, no one would get it. Q. And that was the security scheme that was circumvented in that circumstance? A. As I recall, the main request -- the main circumvention technique was to ask for it. To know of something obscure, to know of the possible existence of something obscure and to ask for it and receive the response. Q. Are there any other instances of uncovering shortfalls in server-based security 30 (Pages 117 to 120) Veritext National Deposition & Litigation Services 866 299-5127 A-1540 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 32 of 79 Page 121 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 systems -- strike that. Are there any other instances in which you have uncovered shortfalls in the security systems that allowed intrusions into servers other than those which we've discussed so far? A. Yes. Here's one actually not reflected in my CV because it didn't result in a published article. It did result in a New York Times article. American Airlines had an internal website whereby documents were provided to flight attendants and ground staff, maybe one or the other, maybe both. Training documents, policy documents and so forth. It turned out thereto that the method of securing documents was importantly defective. Documents provided as plain text were appropriately secured with a user name and password, and I guess you could guess someone's user name and password to access them, but I didn't do that. In contrast, documents provided as attachments were available to anyone who happened to guess the attachment number, and the numbers were sequential beginning with one and continuing to some maximum, such that it was Page 123 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you know of any techniques that can be used to avoid such an attack? A. Yes. Q. What techniques are those? A. One could avoid publishing these files with predictable file names. Instead of using numbers like 1.PDF, you could have a lengthy number too long to guess. You could restrict access to -- even to these raw binary files, restrict access to those users who have, in fact, entered a user name and password. That's a little bit more complicated but certainly doable for an engineer who needs to. Q. And those are two separate methods. One would be choosing file names that are predicable. Another would be sort of requiring a user name and password before providing access to the files? A. There are some other methods also. Certainly it could be done for someone who recognized the vulnerability and elected to take steps to defend against it. Q. Are there any other instances in which you have uncovered shortfalls in the security of servers against intrusion other than Page 122 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 quite straightforward to download all of them, which I did. And then I read the documents in sequence from one to the last and found some that were quite embarrassing to the company, in fact, which I provided to the New York Times which wrote an article about them. Q. Do you think that what you did was an intrusion into American Airlines systems? A. I'm not sure. Actually, I found the articles using Google. I found the first one using Google because Google had previously found the very same PDF attachments and directed me to one of them as I was attempting to find records of a relevant American Airlines policy. So if it was an intrusion, Google did it first, and then I identified the pattern and continued it from there. Q. That was because the files at issue were publicly available on the Internet. All one had to do was type in the URL, and they would come up; is that right? If one knew the URL? A. If one knew the URL, they were available upon request. Page 124 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 those we've discussed? A. We discussed Buy.com previously. Q. Yes. A. That was very much in the same vein as the American Airlines example just discussed. Namely, the name, address and phone number were provided on UPS prepaid shipping labels, which were posted in some binary format like a gift or a PDF or a PNG with sequential numbers, so that by guessing numbers, Buy.com/returns/17 dot, yes, you'd be able to see the seventeenth return and thereby obtain that information directly from the Buy.com server, again, without any defect in any client software. Q. That would be avoided by choosing unpredictable file names or the other methods which we've discussed? A. Yes. Q. Anything else? A. The I Crave TV case which we've discussed already. Q. And in what sense was that a -- why don't we discuss that in more detail. Anything else? A. I think there probably are more. I 31 (Pages 121 to 124) Veritext National Deposition & Litigation Services 866 299-5127 A-1541 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 33 of 79 Page 125 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 have never thought of myself as limited to client-side security. I've certainly always been interested in server security. It's just that there were other people doing server-side security, and so I was better able to distinguish myself in the realm client-side security which others weren't focused on. But I think there are other publications. I could flip through my whole CV line by line to try to identify some more for you. Q. Do any others come to mind? MR. BONI: Do you want him to look through his CV? Q. You're welcome to look through your CV? A. Sure, I'll take a minute and look. Okay, here we go, the second item under the heading "website writings" on page 3 of the CV is entitled "Hack-based Cookie-Stuffing by Bannertracker-script." Q. And what's that? A. So this is an article very much at the intersection of security and advertising, advertising fraud. Bannertracker-script is the controlling domain name used by a set of hackers Page 127 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to their own code and use their own code to create the invisible eye frame window that loads Amazon that makes the putative referral. Q. And this is through an exploit in software called vBulletin? A. That's my understanding. Q. Anything else? Actually let me ask this: Did you analyze that exploit in vBulletin? A. I didn't analyze the exploit. I was able to determine forensically from the location of the insertion and from others discussing this method of insertion that it had been perpetrated by exploit. It was clear from the circumstance, the same insertion on hundreds, even thousands of unrelated websites, that it had to be an exploit, and I quickly confirmed to my satisfaction that it was. Q. Do you know whether any confidential information from these bulletin board sites was compromised as a result of this exploit? A. There were some losses to the bulletin board sites. The bulletin board sites began to load more slowly for users. Users had to waste bandwidth, and Amazon, of course, pays Page 126 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 who attack discussion board sites, online bulletin boards, to insert their code into the bottom of the bulletin board site, and having inserted their code, they then perpetrate advertising fraud, primarily against Amazon, claiming to have referred users to Amazon, such that if users make a purchase from Amazon within the 24 hours after the putative referral, Amazon will pay a commission of as much as 8 percent to the putative referrer. Q. And this is a way in which sites which display advertisements from certain ad networks may result in the unintended data going to users? A. Not at all of. This is a genuine hack. The perpetrators of this hack identify a defect in the code that allows them to put their code onto the fixed-in websites without any permission whatsoever. It's not via an ad network. It's via a security exploit. I reserve the word "hack" typically for that kind of circumstance. So they exploit a defect in the victims's web server or application level server sitting on top of the web server and use that defect to install the JavaScript reference Page 128 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 significant funds. But the main losses here are not in user privacy. The losses here are measured in dollars actually, dollars taken out of the pockets of Amazon shareholders. Q. So the answer to that question is, no, you don't know of any confidential information having been taken as a result of this exploit? A. I think what was taken was money and bandwidth but not information. Q. In the next sentence of paragraph -little bit lower down in Paragraph 2, you say, "For example, I have personally uncovered multiple Google privacy flaws, including improper data collection by Google Toolbar as well as improper data distribution by Google JotSpot." Do you see that? A. Yes. Q. Do you claim to have uncovered any Google privacy flaws other than the two you claim to have uncovered in this sentence? A. It's possible that there are some more Google privacy flaws that I know about and could be taking credit for, but I can't remember any sitting here today. I don't think I've 32 (Pages 125 to 128) Veritext National Deposition & Litigation Services 866 299-5127 A-1542 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 34 of 79 Page 129 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 written about any others. I think there probably are some more. There probably are some that I know about that I haven't written about or have disclosed only peripherally in presentations or otherwise. Q. Do any come to mind? A. No. MR. GRATZ: We'll mark as Exhibit 5. (Document marked as Exhibit No. 5 for identification.) Q. Do you recognize Exhibit 5? A. Yes. Q. What is it? A. This is a article published on my website in January 2010. Q. Is this the research referred to by the phrase "improper data collection" by Google Toolbar in Paragraph 2 of your report? A. Yes. Q. What methodology did you use to reach these results? A. I tested Google Toolbar forensically using a virtual computer, using a set of virtual computers in my home office. Q. And your research found that Google Page 131 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 thing than disabling the Google Toolbar only for this window that you've been tracking? A. You're right, that's a different thing, and, in fact, there's yet another example on page 3 that's another different thing. Q. These -- and all of these settings properly take effect after the user restarts their browser; is that right? A. That's right. Q. But what you found was that these settings didn't properly take effect until the user restarted their browser; is that right? A. That's true, with the additional concern that as to the first example, the whole purpose was for it to take effect immediately for the current browsing session. By the terms of the user's instruction, it was to take effect only for that session and for no other, and so restarting your browser was supposed to terminate it, meaning the feature was completely defective in the mechanism presented in the first section. MR. GRATZ: We'll mark this document as Exhibit 6. (Document marked Exhibit No. 6 for Page 130 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Toolbar -- certain features of Google Toolbar continued to operate after the feature had been turned off and the toolbar had been hidden, at least until the user restarted the browser; is that right? A. That's right. Q. And if the user restarted their browser, than the settings would take effect; is that right? A. When the user restarted his or her web browser, the disabling which had always been described as only for this window would by its term expire, and, therefore, the feature would be re-enabled, the toolbar would reappear, and the user would rightly expect that the tracking would continue. Q. Does your research discuss only the disable only for this window feature? A. That's right. Q. Turning to the second page of Exhibit 5, it says, "Google Toolbar continues tracking browsing even when users disable the toolbar via manage add-ons." Do you see that? A. Yes. Q. Is that the same thing or a different Page 132 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 identification.) Q. Turning back to Exhibit 5 for a moment, this is a blog post from January 26, 2010; is that right? A. Yes. Q. Turning to Exhibit 6, this is also a blog post from January 26 of 2010 on a blog called Search Engine Land; is that right? A. Yes. Q. This includes a statement from Google responding to your blog post; is that right? A. Yes. Q. The last sentence of that statement is "A fix that doesn't require a browser restart is now available on www.Google.com/toolbar and in an automatic update to Google Toolbar that we are starting tomorrow." Is that right? A. That's what it says. Q. Do you know whether that was a true statement as of January 26, 2010? A. I agree that effective roughly 24 hours thereafter the Google Toolbar began to update itself to a version that no longer had the defects described in my article. Q. The next sentence, and this is not 33 (Pages 129 to 132) Veritext National Deposition & Litigation Services 866 299-5127 A-1543 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 35 of 79 Page 133 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 from Google's statement, but from the author of the blog post on Search Engine Land, says, "I wonder if Ben Edelman knew about restarting I.E. would fix the issue and left it out." When you wrote Exhibit 5, did you know that restarting Internet Explorer would cause the settings to take effect? A. I think this misunderstands -- the Barry Schwartz article misunderstands the scope of the problem, particularly as to the first section of my article. Q. Turning your attention to the sections of your article other than the first section, were you aware at the time you published Exhibit 5 that restarting the browser would cause the settings to take effect? A. Well, when I published the article, it included the first and second sections, and the third section, captioned, "Google Toolbar Continues Tracking Browsing When Users Disable the Toolbar Via Right Click," was added late on the night of January 26th, and it even includes a parenthetical and italics to that effect. So we should be limiting ourselves to the first two sections for purposes of discussing what I knew Page 135 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 data collection by Google Toolbar? A. Well, an interesting twist about Exhibit 5 is that I know Google knew about the problem for more than a month before I wrote it up on my website. Q. How do you know that? A. A state attorney general told me, staff of a state attorney general. Q. What's that person's name? A. I can't recall. Q. What state was it? A. I don't recall. Q. About when did they make that statement to you? A. I was at a meeting of staff of state attorneys general in Florida, somewhere in Miami vicinity, and someone told me that. Q. When was that roughly? A. It was in the same winter when I published this article, so it must have been February or March 2010. Q. Was it before or did -- so it was after the publication of this article? A. That's right. Q. And what basis did the person who Page 134 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 when I published the article. Q. Let me be -- let me be very precise as to the time. When you published the section of Exhibit 5 marked "Google Toolbar Continues Tracking Browsing Even When Users Disable the Toolbar Via Manage Add-Ons." Do you see that portion? A. Yes. Q. Did you know that that disabling setting took effect when the user restarted their browser? A. Well, the article right now as I'm looking at it, page 3, says -- not only says that I knew, but alerts readers to that very fact in the paragraph that begins "In my tests," towards the top of page 3. It says exactly that. Maybe Barry Schwartz didn't notice that paragraph of the article. Q. Are you aware of any intrusion to Google's servers related to the issue set forth in Exhibit 5? A. This problem isn't about intrusion into Google's servers. Q. Other than what's described in Exhibit 5, have you found any other improper Page 136 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 told you this have for making that statement? MR. BONI: Object to form. A. It purported to be personal knowledge. Q. Personal knowledge of that? MR. BONI: Object to form. A. Personal knowledge as conveyed to me of some sort of a dispute between Google and Microsoft pursuant to a Microsoft antitrust consent decree and the ongoing oversight therefrom; wherein, Google complained that Microsoft was doing this, and Microsoft complained that Google was doing that. And the state attorney general staff person was on a phone call where all of that was discussed and perhaps an e-mail exchange. In some other way it was all made known to this person. Q. Do you think that person was telling the truth? A. I do. I wish I knew the person's name. Unfortunately, it was all in, you know, a reception or other social function at that event. Q. Turning back to Paragraph 2 of your report, you mention improper data distribution 34 (Pages 133 to 136) Veritext National Deposition & Litigation Services 866 299-5127 A-1544 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 36 of 79 Page 137 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 by Google JotSpot. Do you see that? A. Yes. MR. GRATZ: I'd like to mark this as Exhibit 7. (Document marked as Exhibit No. 7 for identification.) Q. You have before you what's been marked as Exhibit 7. Do you recognize this as an October 30th, 2008 blog post by you? A. I don't recall the date, but maybe if -MR. BONI: There's a different -there's a different date on that. A. That's the date on the last page. I think that's probably correct. Q. Is this the research referred to by the phrase "improper data collection" by Google? Excuse me. Is this the research referred to by the phrase "improper data distribution" by Google JotSpot in your report? A. This is what I had in mind, yes. Q. What methodology did you use to reach the results set forth in Exhibit 7? A. Direct hands-on testing and screen Page 139 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 third grader could do it also. MR. GRATZ: Mark this as Exhibit 8. (Document marked as Exhibit No. 8 for identification.) Q. Do you recognize what's been placed before you as Exhibit 8? A. I don't really recall it one way or the other, but I can see what it must be. Q. What is it? A. It seems to be news coverage of the Google JotSpot article that I wrote. Q. Turning to the second page of Exhibit 8, under the screen shot, there's a statement from a Google spokesman; do you see that? A. Yes. Q. Could you read that statement, please. A. This is a statement from a Google spokesperson, giving his view of the issue. He says, "This is not a security issue. The information in these wikis is accessible because they have been set to public on the site permissions page. Users are always in control of the information they share. If wikis are set to private, no information will be publically Page 138 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 shot evidence. Q. You used a web browser; is that right? A. A web browser, a screen shot tool, potentially a packet sniffer. I don't recall. Q. What is a packet sniffer? A. A packet sniffer is a specialized tool for reviewing and confirming all data sent over a network connection. Q. Did you use a packet sniffer in conducting the research set forth in Exhibit 7? A. I often run one in the background while doing this kind of test. Let me skim through the article and see whether there's any discussion of the fruits of that methodology. Okay, there's no discussion of use a packet sniffer. I believe I probably ran one anyway, checked its output, found that there was nothing notable in the packet sniffer output, above and beyond what the screen shot showed, and, therefore, had no need to mention it. Q. Were there any other elements of your methodology? A. No. I think what's beautiful about this article is it's just so simple, a typical Page 140 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 accessible." Q. Was it true that the information in the wikis which were the subject of your article had been set to public in the site permissions page? A. I think it may not be as simple as that. I think there was an import from one JotSpot system to another as part of the acquisition, and something might have been changed during the import. I definitely think this engineer is only telling part of the story. Q. Do you know what the other parts of the story are? A. I think it's along the lines just described, that some options had been added, something had been converted, perhaps subsequent to the acquisition or in some other upgrade. And so things that had started out more private had become less private over time. Q. Were you aware that the wikis that were the subject of your blog post had been set to public on their site permissions page? MR. BONI: Object to form. A. First had been set is nicely in the passive voice. Who did the setting is exactly 35 (Pages 137 to 140) Veritext National Deposition & Litigation Services 866 299-5127 A-1545 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 37 of 79 Page 141 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the question. Whether it was the site administrator or Google who set it that way. But I think, yes, the article discusses that and discusses the contrary and inconsistent statements, inconsistencies between this screen and that screen and the help file all discussed in the body of Exhibit 7 as it is before us. Q. Google fixed this issue within 48 hours; is that right? A. That wasn't my recollection actually. Q. How long did it take for Google to fix this issue, in your recollection? A. I thought Google's initial position was that everything was working perfectly. Nothing at all was wrong, and that's consistent with the quote from the Google spokesman in the CNET article. I don't really recall specifically. Q. Turning to the last paragraph of Exhibit 7, does this refresh your recollection as to the time that it took to remedy this issue? A. That suggests it took about a week after I first notified Google. I had thought it took longer than that. But this paragraph seems Page 143 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Back on the record 2:13 p.m. Q. Turning your attention to the final paragraph of Paragraph -- strike that. Turning your attention to the final sentence in Paragraph 2 of Exhibit 1, it says, "I also found and demonstrated to a court's satisfaction that an early online video service, iCraveTV, had failed to secure video contents in the way that it had previously represented to that court." Do you see that? A. Yes. MR. GRATZ: I'd like to mark this as Exhibit 9. (Documents marked as Exhibit Nos. 9 and 10 for identification.) Q. You have before you what has been marked as Exhibit 9 and 10. Do you recognize these documents? A. Yes. Q. Is Exhibit 9 your initial declaration in a case titled "National Football League versus TVRadioNow Corporation"? A. Yes. Q. And is Exhibit 10 a supplemental declaration that you submitted in that case? Page 142 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to indicate that a week is about as long as it took. Q. This was a week after you sent notification to Google, but as of the same day you posted this publicly; is that right? MR. BONI: Object to form. A. That's what this says. It's possible that my last paragraph here is inaccurate, that in some sense the problem lingered. I just -I just don't know. But if the paragraph of my article is correct, then it was fixed the same day that I posted the article. Although it wasn't fixed during the intervening week when I hadn't posted the article. When Google was just on notice of the problem, but there was no public concern and no article neatly laying it out, Google dragged its feet a little bit. Then when I twisted their arm, they finally fixed it that same day. MR. GRATZ: We can change the tape. THE VIDEOGRAPHER: Here ends Tape No. 3. Off the record 1:15 p.m. (Recessed for lunch.) THE VIDEOGRAPHER: Here begins Tape No. 4 in today's deposition of Benjamin Edelman. Page 144 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Yes. Q. Are these expert declarations? A. Yes. Q. You are an expert retained by the plaintiffs in that case; is that right? A. Yes. Q. And these declarations were submitted in January and February of the year 2000 respectively; is that right? A. Yes. Q. What opinions did you render? A. I could take a moment to refresh my recollection of these documents of 12 years ago, but generally I offered the opinion that iCraveTV security systems were not properly designed to limit access to Canadian users only, and, that, in fact, significant American and other users could access and were accessing the video contents that was supposed to be limited to Canadians only. Q. So the system was designed based on the IP address of the user to either grant or deny access based on whether that user was coming from an IP address associated with the United States; is that right? 36 (Pages 141 to 144) Veritext National Deposition & Litigation Services 866 299-5127 A-1546 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 38 of 79 Page 145 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Well, there were a series of security systems. You described a portion of one of the security systems. Q. What were the other security systems about which you rendered opinions in Exhibits 9 and 10? A. Some of the security systems predated my opinions, and I believe are not discussed here. There was one that was grounded in typing in an area code. If you knew a Canadian area code, that would prove that you were Canadian. I don't know that I had to offer an opinion as to the defects of that security, but that was one that was also an issue. You describe restrictions based on the IP address which is true but only in part. That was a restriction on access to a portion of the web server; whereas, what was actually desired was the video which was provided by a different server; namely, a streaming video server from a company called Real Networks, which didn't have any such access restriction. And so it was possible completely to circumvent the IP address filter that you just described. Q. Did your opinions in the National Page 147 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 users who, in fact, have done so. There might have been students at Harvard College, and we could even identify them by name from information present within the defendant's log files. I don't recall whether we identified any of them by names in the context of the declaration. We might have thought that was a much notch too personal, but we could, and I think that might have come out in the oral testimony, if not in the deposition. Q. This was a system that had both a web server and a media server or a set of web servers instead of media servers; is that right? A. That's right. Q. And on the web servers, there was an attempt to restrict access to users outside the United States; is that right? A. That's right. Q. And on the media servers, there was no such attempt; is that right? A. That's true. Q. Were the log files you were looking at log files from the media servers? A. I believe I looked at both sets of log files. Page 146 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Football League case relate to the area code-based security system? MR. BONI: Object to form. A. I know that I formed opinions. Whether those opinions are expressed in this declaration, I'd need to read through both of the declarations to say for sure. My opinion was and is that the area code system didn't work very well for reasons that are probably apparent, and I might have mentioned that in a paragraph, or that might have gotten deleted when the defendants abandoned that system. Q. So the opinion that you were rendering in this case is that users from the United States were, in fact, able to access television programming where the system had been attempted to be designed to prevent users in the United States from accessing that program; is that right? A. I demonstrated both the users were able to and that they, in fact, and did so in significant quantities. Q. Did you demonstrate anything else in these reports? A. I gave specific examples of specific Page 148 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Did you find that the IP -- what is IP geolocation? A. IP geolocation is a set of systems that convert an IP address to a geographic location or a likely geographic location, an inference as to geographic location. Q. In your report did you find errors in the IP geolocation database used by the defendant in this case, in Exhibits 9 and 10? A. I believe I did find and discuss some errors. Q. Did you also find that users from the United States had, in fact, accessed the media server? A. I found that users from the United States could access the media server. I believe there was evidence that they actually had done so, including discussions on web pages directing users as to how to do so. Q. Were those people hackers? MR. BONI: Object to form. A. It depends on the definition of the word "hackers," but on some definitions including reasonable definitions, they were. Q. In that they were gaining access to a 37 (Pages 145 to 148) Veritext National Deposition & Litigation Services 866 299-5127 A-1547 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 39 of 79 Page 149 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 system when they knew that they weren't supposed to have access to it? A. Right. Q. They weren't -- they didn't have the root access to the system; is that right? A. They didn't even want root access. All they wanted was to watch the video content that was available via this much easier mechanism. Q. And this much easier mechanism more or less amounted to directing their software to a particular address which held the video content in an unprotected form; is that right? A. Yes. Q. Other than that, are you aware of any intrusion into iCraveTV's servers relating to the issues discussed in Exhibits 9 and 10? A. Immediately after that, they faced an injunction requiring them to shut down the servers, and at that point, I don't think it would have been possible to intrude because they were no longer operating. So that was the end of the line for them. Q. But you're not aware of any intrusion prior to the time the servers were shut down; is Page 151 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 knew their name and their home address. Q. And that was a designed feature of that website; is that right? A. I think it was, although some -subject to some caveats. Maybe it wasn't supposed to be quite so easy to put in someone else's name and address. I'd need to refresh my recollection by rereading that article. Q. Anything else? MR. BONI: Anything else what? Q. Any other relevant technical experience other than that which we've discussed on which you've relied in preparing your report? MR. BONI: Object to the form. Vague and ambiguous to the extent of what you mean by technical as opposed to any other kind of experience. A. There have been other defects in the privacy and security -- privacy and information security of software systems that I've examined. There was, I think, a compete toolbar that would send your credit card number in plain text, so that anyone in a nearby Internet cafe could see your credit card number. That sort of difficulty of properly securing information in a Page 150 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that right? A. I didn't really look at it one way or the other, but I'm not aware of any intrusion like that. Q. Other than that which we have discussed so far, do you have any other technical experience on which you rely in forming your opinions in this case? A. As I walked back in from lunch, I saw the related project as to the Sears' privacy violation linked at the top of Exhibit 7. It's not that I specifically relied on it, but it is yet another of these examples of a server side security defect that allows the access of information the users weren't intended to be able to access. Q. And was that through predictable URLs? A. No, it wasn't. Q. By what means were they able to access that information? A. I think last name, plus street address, plus zip code. You could see what anyone had bought from Sears, maybe what major appliances anyone had bought from Sears if you Page 152 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 multiuser information service is again on my mind when I evaluate the book service here at issue, but it's not that I specifically relied on it. It just informs the totality of my professional experience in this area. Q. Anything else? A. Nothing else comes to mind. Q. Turning to Paragraph 3, you highlight two publications as being particularly relevant to the opinions you render in your report, and the first of those is titled "Shortcomings and Challenges in the restriction of Internet Retransmissions of Over-the-Air Television Content to Canadian Internet Users." Do you see that? A. Yes. Q. Was that about largely the same subject matter as your expert reports in the NFL case? A. Well, it was related, but a little bit broader. Q. Broader in what way? A. The NFL case was limited to the specific facts at hand. One specific defendant with one specific set of security systems. In 38 (Pages 149 to 152) Veritext National Deposition & Litigation Services 866 299-5127 A-1548 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 40 of 79 Page 153 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 contrast, the submission to Industry Canada was about all the matters that could potentially arise if such retransmissions were to be permitted, all of the possible systems that future defendant infringers might design and the likely defects and consequences of those systems. Q. Is the thesis of that article that IP geolocation as a security mechanism is imperfect? A. That was one of the points raised and one of the bases for concern. Q. Were there any other bases for concern that were of the same level of importance? A. Well, it's not just that it's imperfect in the sense of one in a thousand times it makes an error or two in 10,000 times it makes an error. It's imperfect in the sense that once an error is identified, it can be systematically exploited such that 1,000 users drive through that one-in-a-thousand hole, and then it becomes a thousand in a thousand because everyone knows that's where the hole is. Just like a hole in a damn, you might say there's Page 155 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 mention "Securing Online Advertisers, Rustlers and Sheriffs in the New Wild West." What was that article about? A. That's a cross-cutting article really surveying a series of other articles, including problems affecting consumers; for example, deceptive advertising, as well as problems affecting advertisers, including overcharging in advertising fraud and presenting the relationship between those problems and the underlying computer security systems that are closer to the core of what the readers of this multiple author bound volume would be likely to be familiar with. Q. That relates primarily to the security of end user computers; is that right? A. A portion of it does, but not all. For example, the deceptive advertisements are equally deceptive no matter how well secured your end user device might be. Q. Does this article mention in Paragraph 3, securing online advertising, discuss intrusion to servers connected to the Internet? A. I don't recall one way or the other. Page 154 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 only one square inch of the damn that has a hole, but never mind, a lot of water can pour through that one hole. I also pointed out in that article the importance of user incentives, that users will jump through quite a few hoops to get the content that they want, particularly if they don't have another good way to get it. And so the users' willingness to find the hole and to exploit the hole is likely to be commensurate with the value of the content that they would receive. So one shouldn't assume that users won't do it because they haven't done it to get something they didn't want very much. The more they want it, the more they'll be willing to do to get it. Q. So the amount of effort that one needs to put into securing a system is commensurate with the level of demand for the material being protected? MR. BONI: Object to form. A. I think that's right, with the right understanding of demand, the level of user interest vis-a-vis possible alternatives. Q. In Paragraph 3 you also say -- Page 156 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 I can't think of a specific section in which it would be likely to do so. But it might. Q. Are there any other academic publications of yours which you consider more relevant to the questions at issue in this case than those identified at the end of Paragraph 3? A. I don't usually draw a distinction between academic publications and other publications. They're all important to me. Some are peer reviewed and some aren't. I think we've discussed all of the publications, be they peer reviewed or otherwise, that are most relevant to my opinions. Q. In Paragraph 4, it says that your teaching assignment currently consists of a Harvard Business School elective course called "The Online Economy" which analyzes strategies for all manner of online businesses, and that the course includes concerns arising out of information security. Do you see that? A. Yes. MR. GRATZ: Mark this as Exhibit 13 -- 11. (Document marked as Exhibit No. 11 for identification.) 39 (Pages 153 to 156) Veritext National Deposition & Litigation Services 866 299-5127 A-1549 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 41 of 79 Page 157 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Do you recognize this document? A. Yes. Q. What is it? A. This is the syllabus of the course as presented on the course website. Q. Could you identify for me the section of the course that deals with information security? A. Information security is a theme that arises in a variety of the cases taught in this course. I can go through the cases, the days of the course one by one and flag contents in which information security arises. In online apartment rentals as to Rent Jungle and its scrapers, there's quite a bit of discussion there, of whether scrapers are an appropriate technique, whether it's appropriate to scrape your competitors' sites in order to make your own site, how would your competitors feel about that, is there anything they can do to stop you, is there anything you can do to stop them from stopping you. Q. What do you mean by scraping? A. In this context the term "scraper" refers to a software system that collects Page 159 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Airlines PDF example I just discussed where to get the underlying text would require a user name and password, but to get the attachments mistakenly, no password was required. Q. Does any of the material in your online economy course relate to the intrusion into servers for the purpose of gaining root access? A. I don't think we discussed security in that context in this class. It comes up more in some of the executive education teaching that I've done, and other notions of security other than obtaining root access arise often in this class. Q. Do they include gaining access to information hosted on web servers which one is not permitted to access? A. Yes. Q. In any situations other than those which we've already discussed to today? A. No. I think we've discussed the examples that arise. Q. Turning to Paragraph 5, Paragraph 5 of your report, you discuss previous expert work. Was your first expert engagement the NFL Page 158 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 information from another website. Q. That's information that that other website makes available publicly; is that right? MR. BONI: Object to form. A. It makes it available on its website, perhaps to the general public, perhaps only to users who log in with a password, perhaps without restriction of any of kind, perhaps subject to a terms of use restriction imposed in some way. Q. And the same restrictions that would be imposed on an ordinary web browser are imposed on a scraper; is that right? For example, if an ordinary user would need to enter a user name and password, then the scraper would need to provide the same credentials; is that right? A. Often that's true, although I wouldn't want to be too sweeping about it. There might be ways to circumvent that sort of thing, and I've seen some of those ways from time to time. Q. Do you discuss any of those ways in your class? A. Sometimes we discuss that American Page 160 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 versus TVRadioNow case? A. Yes. Q. Was your second expert engagement the Multnomah County Libraries versus the United States case? A. I'm not sure that was second or if there was something else in between. That was surely the next significant engagement. Q. Was the next significant engagement Washington Post versus Gator Corporation? A. That was certainly shortly thereafter, and was one of the larger cases. There might have been something else in between. Whether that was significant or not... Q. In what area of expertise did you testify in the Washington Post case? A. My testimony there consisted solely of expert reports and deposition. The case settled before trial. Q. And what were your opinions in that case? A. That was a case about spyware and adware installed on users' computers. Initially replacing the ads on websites with other ads, later showing pop-up ads and pop-under ads. My 40 (Pages 157 to 160) Veritext National Deposition & Litigation Services 866 299-5127 A-1550 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 42 of 79 Page 161 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 opinions went to the methods of installation, the disclosures that were shown, the pop-ups themselves, the circumstances in which the pop-ups would appear, user perception of the pop-ups, perhaps other aspects of the pop-ups. Q. Did you render any opinions in that case? A. I think I did. Q. What opinions were those? A. It's a little bit difficult to recall based on the duration, since the case as well as the significant subsequent work in that area. MR. GRATZ: We'll mark this as Exhibit 12. (Document marked as Exhibit No. 12 for identification.) Q. Do you recognize this document? A. This is a declaration I wrote in the Gator matter. Q. Is it an expert declaration? A. I believe I was anticipating being designated as an expert, or maybe I had been designated as an expert, so yes, it is an expert declaration. Q. What opinions are contained in Page 163 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 right? MR. BONI: Object to form. A. Gator did not intrude onto the plaintiff's servers in that case. Q. In 2003 did you submit an expert report in connection with the case, Wells Fargo & Company and Quicken Loans Inc. versus WhenU.com? A. Yes. Q. What was the subject matter of your declaration in that case? A. It was generally similar to the Gator declaration just discussed. Namely, methods of installation, methods of operation and the advertisements that were displayed. Q. Did it involve any intrusions into servers? A. WhenU software also didn't intrude onto plaintiffs' servers. Q. Did it intrude onto anyone's servers? A. WhenU never needed to place code into the server in order to accomplish its business objectives. MR. GRATZ: I'd like to mark this as Exhibit 13. Page 162 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Exhibit 12? A. I discussed the Gator software generally, including its methods of installation and the advertisements that it displayed. Q. Are those facts or expert opinions? MR. BONI: Object to the form. A. Some of the contents of this declaration reflects my firsthand personal observation and would be appropriate for a fact witness. Other portions of the declaration reflect the judgment and experience of an expert and probably would require that. Q. Did any of your work in the Washington Post case relate to intrusions into servers? A. Significantly at issue was how exactly Gator managed to replace the ads on websites with Gator's own ads and later to show pop-ups and pop-unders. That was all done wholly on the client side, without making an intrusion onto web servers. Although users probably wouldn't understand that and would perceive it otherwise. Q. So no intrusion into servers was involved in the Washington Post case; is that Page 164 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (Document marked as Exhibit No. 13 for identification.) Q. Do you recognize this document? A. Yes. Q. Is this the blog post that gave rise to the motion for contempt in the WhenU case? A. It is. Q. At the time you wrote this blog post, were you in possession of confidential WhenU information? A. I believe I had been present in the courtroom at a time when confidential information was presented orally. I don't know whether I was in possession of any written confidential information. Q. Did you in -- strike that. Did you testify in a case called WhenU versus State of Utah? A. Yes. Q. Was the subject matter of your testimony in that case similar to that in the other WhenU case and in the Gator case? A. Similar, although with some different twists based on the procedural context in the specific substantive issues in dispute there. 41 (Pages 161 to 164) Veritext National Deposition & Litigation Services 866 299-5127 A-1551 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 43 of 79 Page 165 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. How was it different? A. WhenU argued that it would be difficult for WhenU to keep out of the state of Utah because their software operated the same on a nationwide or worldwide basis. I demonstrated that quite the contrary, WhenU's system utilized geolocation to identify the users' geographic location or apparent geographic location, that WhenU told advertisers that the system worked reliably, and that WhenU's system had an adequate geolocation system to substantially avoid showing certain ads or even all ads in Utah. Q. Was it your opinion that WhenU could effectively limit usage to users outside of Utah? A. It could certainly avoid showing ads to users in Utah and could otherwise allow usage of its software if they so chose. Q. That would be through -- by means of geolocation; is that right? A. The existing geolocation system that they had already installed for their own business purposes. Q. It was your opinion that that Page 167 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Casale Media produced a software program purporting to clean spyware off of a user's computer, and it was advertised as having that benefit, even when it didn't really do all that much, and furthermore, at least as important, the advertisements overstated the user's need for the software, in particular, the advertisements would make statements like, your computer is infected when the fact of the matter was Casale had no information one way or the other as to whether or not your computer was infected. Q. And what were the opinions to which you testified in that case? A. First, I needed to reconstruct historic records of what advertisements were shown and how they looked. The advertisements were no longer running as of the commencement of litigation, and I needed to reconstruct how the software worked, what the software said. The software also had been withdrawn from the market by the date of commencement of the litigation. So there was significant forensic work necessary to lay the groundwork. Then, for basically just fact witness Page 166 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 geolocation system was effective? A. That it was sufficiently effective for WhenU's own business purposes and sufficiently effective to comply with the statute in the state of Utah. Q. Is that consistent with your opinion in the National Football League case regarding the reliability of geolocation? A. It is. Q. How so? A. Users attempting to get copyrighted media content would be highly likely to find ways to circumvent any geolocation that was denying them access. You want to watch the video, you pretend you're in Chicago so you can watch the video. In contrast, it would be quite unusual for a user to pretend they were in a different state in order to receive extra pop-up ads which are widely regarded as unwanted rather than as desirable. Q. Did you testify in a case called South Carolina v. Casale Media? A. Yes. Q. What was the subject matter of your testimony in that case? Page 168 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 work to say what was on the screen after I got it to work again. I believe there was also discussion of user perceptions of these offers, how a user would respond upon receiving a particular message. Q. Did you do any forensic work as a basis for the opinions you expressed in your report in this case? MR. BONI: Object to form. A. I didn't examine any historic sources or any archives or anything of that sort. Q. Did you examine any computer systems? A. Yes. Q. What computer systems did you examine? A. Well, I reviewed the documents that are cited in the attachment to the report. I also wanted to check the availability of copyright infringing books right now online as it stands. If you wanted to find a copy of Malcolm Gladwell's new book, how easily could you do that. And if you wanted to find some other book, again in copyright, how easily could you do that, how easily could you get it for free via some unlawful copyright infringement 42 (Pages 165 to 168) Veritext National Deposition & Litigation Services 866 299-5127 A-1552 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 44 of 79 Page 169 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 website. Q. Did you examine the security of any computers in connection with this report? A. I wasn't checking for security. I was checking for the availability of the copyright infringement materials. Q. And it wasn't copyright infringement materials that were available by breaking through security but because the infringing materials were intended to be accessible by the operator of that website; is that right? A. That's right. Q. Did you testify in a case called Arista against Myxer? A. Yes. Q. In what area of expertise did you testify in that case? A. As I recall that, my expert work in that case was as to the financial benefit that the defendant there reaped by showing advertising on a website with copyright infringing material. Q. Did you render any opinions about copyright law? A. No, I didn't render any opinions Page 171 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 isn't publicly known. Q. What was the name of that case? A. I would have great difficulty summoning it for you from memory and I apologize. Q. In the UMG against Veoh case, in what area of expertise did you testify? A. I think it was the same as the Myxer case just described. Q. In the Lens against UMG case, in what area of expertise did you testify? A. I think it was the same as what was just discussed, but I prefer to check the expert report to confirm. Q. So it is before you as I believe -- I believe it's before you. It's not before you. MR. GRATZ: We'll mark this as Exhibit 14. (Document mark as Exhibit No. 14 for identification.) Q. So you have before you what's been marked as Exhibit 14. You recognize this as your expert report in the Lens against UMG case? A. Yes. Q. In what areas of expertise did you Page 170 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 about any law. Q. Did you render any opinions about security in the Myxer case? A. I don't recall. Q. You don't recall any such opinions? A. I don't recall one way or the other. There were a series of these cases. I get them confused to this day. I think there might have been three. There were the number that are listed in the attachment to my expert report. All of them are properly listed, and what was at issue in one versus what was at issue in another, I would be on very thin ice if I tried to recite that from memory. Q. The three cases you're talking about are Arista against Myxer in which Arista is a record Company on the one side; UMG against Veoh, which UMG is a record company on one side; and Lens verus UMG, which UMG is a record company. You're talking about the three record company cases? A. There are those three. There might have been another one that didn't make it to the point where I had my deposition taken, and, therefore, it isn't disclosed. It probably Page 172 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 testify in that case? A. I believe Paragraph 7 details the expert opinions as to the scope of copyright infringing material or in any event copyrighted material present without permission from the rights holders, the difficulty of applying fair use analysis, the information that the defendant in that case considered before sending his take-down request and the damage that results from a mistaken take-down request in light of the counter-notification provided by law. Q. Did you render any legal opinions in your report in the Lens case? A. My intension was not to render any legal opinions, and I believe I succeeded in not rendering any legal opinions. Q. When you say at the top of -- I want to direct your attention at the top of what's marked at the bottom as page 3 in Exhibit 14. Do you see that? A. Yes. Q. It says, "The type of fair use analysis that would be conducted in infringement litigation cannot readily be conducted using the information available to a rights-holder upon 43 (Pages 169 to 172) Veritext National Deposition & Litigation Services 866 299-5127 A-1553 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 45 of 79 Page 173 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 sending a takedown request." Do you see that? A. Yes. Q. Was that one of the opinions you expressed in the report in the Lens case? A. Yes. Q. Is that still your opinion today? A. It's my opinion as to the facts of this matter. There might be other contacts in which it would be possible to conduct that fair use analysis with the information available, but thinking about the context in which I offered this report, I think this opinion is correct, and it's still my view. Q. When you say the type of fair use analysis that would be conducted in infringement litigation, what do you mean by that? A. I believe the expert report details that further, for example, 13, and follows from there, listing the factors that need to be considered in order to apply a fair use analysis. Q. And that's set forth in Paragraph 14? A. Fourteen discusses the factors, and then 15 and 16 discussed the limited information available to rights-holder confronting an Page 175 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 offer an opinion. MR. BONI: Joe, we're not proffering him as a fair use expert at all. This has nothing to do with the report he's doing in this case. Q. Turning your attention to Paragraph 17, in the middle of the paragraph it says, "Even when all the facts are known, it is difficult to apply the required legal standards to those facts, which makes fair use particularly difficult to apply in any sort of perfunctory or quick look review." Do you see that? A. Yes. Q. Is that a statement that you can continue to consider true? MR. BONI: Object to form. A. I think it's true in context. Of course, there would be some sets of facts that are sufficiently clear-cut that one could make a fair use determination one way or the other. It's not that every case is a difficult case, but that there are some difficult cases. Q. Did you identify any of those difficult cases in your report in the Lens case? Page 174 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 unauthorized video at YouTube. Q. In Paragraph 14 you say, "Nor do the examples of Section 107 limit what may be fair use." What do you mean by that? A. I think the portion of the sentence after the colon is informative, quoting some authority from a case interpreting the Section 107, fair use defense. Q. It says that the examples in the preamble to Section 107 are illustrative and not limitative. You see that? A. Yes. Q. Do you agree with that today? A. I think I correctly characterized the holding of Campbell. Whether or not I would have decided it the same way had I been presiding in that matter, I guess I haven't really thought it through, but I don't hold that position. Q. You agree that that's currently the law? A. I don't know. I'm not enough of a scholar -MR. BONI: Objection. A. -- of fair use law to attempt to Page 176 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I guess I cited some cases that were reversed, including the three cases cited within Paragraph 17. So those must have been difficult facts if in each of those three instances the cases were twice reversed. Q. Do you know what the use at issue in the Lens case was? A. It was background music to a home video. Q. Do you think that the use in the Lens case was fair use? MR. BONI: Object to form. A. I'm not sure. MR. BONI: Joe, we're not proffering him as a fair use expert. This is improper questioning. Q. You weren't asked to opine on that matter in the Lens case? A. That's correct, I was not asked. Q. And you never, in fact, formed an opinion on the question? A. I didn't. It's a difficult question to me, and no one wanted to pay me to figure it out, so I spent my time on other matters instead. 44 (Pages 173 to 176) Veritext National Deposition & Litigation Services 866 299-5127 A-1554 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 46 of 79 Page 177 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. What makes it a difficult question? MR. BONI: Object to form. A. Well, some of the factors cut in one direction. Some of the factors cut in the other direction. And it leaves me uncertain about the correct way to apply the Section 107 factors. Q. Which factors cut against fair use in the Lens case? MR. BONI: Object to form. Joe, I'm going to stop the questioning. You keep going down this path that has nothing whatsoever to do with qualifying him for the report for which he proffered in this case. It has nothing to do with security or his report. Q. You can answer the question. A. For example, the Lens video used the most distinctive part of a song. I can't recall what song it was. But, you know, it has a chorus or something, the part that everyone hums, and wouldn't you know it, in her 30-second clip, she manages to get that part. The video was set to be viewable by the entire world. It wasn't limited just to her family and friends. It was accessible by everyone. Those are factors that would seem to cut against fair use. Page 179 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. In what cases have you practiced as an attorney? MR. BONI: Object to form. A. I brought a class action against Yahoo as to overcharging of certain advertisers. Q. Anything else? A. I was co-counsel in a class action against Google as to certain type of squatting practices. Q. Anything else? A. I am currently counsel in a case against Apple as to charges incurred by minors and charges without a user entering a password to authorize the charges. Q. Anything else? A. I'm currently counsel in a case against Facebook as to charges incurred by minors. Q. Who's your co-counsel in the Facebook case? A. I need to discuss with my attorney. Q. Do you need to discuss -A. Yeah. Q. Okay. THE VIDEOGRAPHER: You want to go Page 178 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. What factors weighed in favor of fair use in your view in the Lens case? A. It would be seem to be a noncommercial use, although to be sure, these days Google pays significant royalties to those who upload videos. So maybe not so noncommercial after all. The quality of the audio and video were consistent with a home recording which is to say not all that good, which maybe could cut either direction, in fact, depending on how you think about it. It's not much of a substitute, but then again, the artist would never have allowed his recorded music to be presented in this way. Q. And on balance, you don't have a view one way or the other as to how the fair use analysis comes out? MR. BONI: Asked and answered. A. I don't have a view one way or the other. Q. In addition to your expert work, have you practiced as an attorney? A. Yes. Q. In what cases? MR. BONI: In what cases? Page 180 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 off. MR. BONI: Go off. THE VIDEOGRAPHER: Off the record 3:02 p.m. (Brief recess.) THE VIDEOGRAPHER: Back on the record 3:07 p.m. Could we have the last question read back please. (Last question read back.) A. The firm is Kershaw, K-e-r-s-h-a-w. There are some more names after that. Q. Are there any other cases in which you are or have been counsel? A. There are. Q. How many? A. Some individual disputes, you know, airline overcharged money. There are some for which I have a confidential role, not on the paper as an advisor, co-counsel. I think I've listed all of the significant matters, all of the matters in which I appear on the papers, for example. Q. Turning to Paragraph 6 of your report it says, "I am being compensated for my work in this matter at the rate of $450 per hour"; is 45 (Pages 177 to 180) Veritext National Deposition & Litigation Services 866 299-5127 A-1555 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 47 of 79 Page 181 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that right? A. Yes. Q. Is payment contingent on the outcome of the litigation? A. No. Q. Is payment contingent on any opinions you render? A. No. Q. When were you first contacted by counsel for plaintiffs in this case? A. Several years ago counsel for plaintiffs asked me about a different aspect of this case. Q. What aspect was that? MR. BONI: I'm going to instruct the witness not to answer on the grounds of the attorney work product. Q. When did counsel for plaintiffs first contact you about putting forward subject matter set forth in Exhibit 1? A. That's sometime this winter to spring after the new year. Q. Who contacted you? A. Mr. Boni. Q. Have you spoken with any of Page 183 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Not really. Q. Before today, how many hours had you spent on this engagement? A. I'd estimate about 20. Q. Did anyone assist you? A. No. Q. Have you received payment for your work on this case? A. No. Q. Do you anticipate receiving payment for your work on this case? A. Yes. Q. Who is going to be paying you? A. I think the Boni & Zach firm will be paying me. Q. Turn to Paragraph 7 of your report. In the middle of that paragraph it says, in this report I address and opine on risks of a security breach exposing widely online the contents of in-copyright books from a number of sources. Do you see that? A. Yes. Q. Do you provide opinions in your report regarding any matters other than risks of a security breach exposing widely online the Page 182 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 plaintiffs' counsel other than Mr. Boni? A. Ms. Zack. Q. Anyone else? A. A fellow named Josh. Q. Anyone else? A. I think that's all. Q. Have you spoken with anyone regarding this engagement other than Mr. Boni, Ms. Zack and Josh? A. I discussed it with my father, spiritual guidance on all important questions. Q. What did you discuss with your father? A. The case generally, my role in it, the extent of my opinions, the substance of my opinions. Q. What did your father tell you? A. He supports my work and supportive of my work in this area. Q. Anything else? MR. BONI: Anything else that his father told him? MR. GRATZ: Correct. A. Nothing of any great significance. Q. Nothing that comes to mind? Page 184 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 contents of in-copyright books? A. I'm sure I do. Q. What opinions can you identify in your report where you express those opinions? A. Well, for example -MR. BONI: Go ahead. That's okay. A. The boldface heading midway through this page 2 that piracy of books is already real. I don't think that speaks to the risks of a security breach exposing in-copyright books. This is something that's already happening without any security breach above and beyond what has already happened. Q. Any other opinions that are not related to the risks of a security breach exposing widely online the contents of in-copyright books? MR. BONI: Let me object to the form, and say that the report speaks for itself. It is what it is. If you want a thorough, complete answer, then the witness should go through line by line and see what exactly there is other than what he saw on this page. Q. Mr. Edelman, you're welcome to take a look at any portions of the report you need to 46 (Pages 181 to 184) Veritext National Deposition & Litigation Services 866 299-5127 A-1556 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 48 of 79 Page 185 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to fully answer my question. The question is could you identify for me other than the portion you identified in your previous answer about present book piracy any opinions you expressed in your report other than opinions on the risks of a security breach exposing widely online the contents of in-copyright books? A. I think the rest of the declaration fits within that sentence, broadly understood. Q. Is it your opinion that the level of security afforded to the scanned books is relevant to the fair use analysis in this case? MR. BONI: Object to form. A. I think it could be. Q. How? A. In a couple of ways. One, the level of security that Google is providing, can provide, will provide speaks to the effect on the market for the books, a factor under Section 107. Second, the practices of other sites that might engage in book scanning of their own with quite different security practices potentially, could certainly affect those same Section 107 factors. Q. By those same Section 107 factors, do Page 187 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 factors. Subject to the proviso that, of course, we must consider all of the other sites, book scanning services that might seek to engage in similar conduct if this were ruled to be a fair use. Q. Is there any other way in which it's your opinion that the level of security afforded to the scanned books is relevant to the fair use analysis? MR. BONI: Object to form. A. I think it's mostly through the fourth factor, as I've already discussed. Q. In Paragraph 8 you say, "I conclude that unrestricted and widespread conduct of the sort engaged in by Google would result in a substantially adverse impact on the potential market for books." A. Yeah. Q. Do you see that? A. Yes. Q. Is that the conclusion of your report? MR. BONI: Object to form. A. That is a conclusion of my report. Q. Is that the most important conclusion Page 186 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 you mean the fourth factor, the effect on the market? A. That one in particular, yes. Q. Is there any other way in which the level of security afforded to the scanned books is relative to the fair use analysis? A. The level of security is certainly related to the character of the use. If the level of security was to store them on a hard drive, put the hard drive-in a vault, put the vault at the bottom of the ocean, that would be one character of use. And a different character of use is to connect the hard drive to a set of servers and display the contents in some form for all the world to see, but I think it could go to the first factor also. Q. So a site with better security would have a purpose or character of use that is more likely to favor fair use? MR. BONI: Object to form. He's not here as a fair use expert, Joe. And he's not offering an opinion for that reason. Q. You can answer. A. I think all else equal, that's the way I've been taught to apply the fair use Page 188 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 of your report? MR. BONI: Object to form. A. I guess I hadn't ranked the conclusions in order of importance. MR. BONI: Important to whom? Important in what way? It's too vague and ambiguous a question. MR. GRATZ: Please let the witness finish. MR. BONI: I'm sorry. MR. GRATZ: I'll ask it again. Could we have the question read back. Q. Is the statement in Paragraph 8 the most important conclusion in your report? MR. BONI: Object to form. Vague and ambiguous as to the term "important." A. I hadn't ranked the conclusions by importance, so I'm not sure. Q. Referring to Paragraph 8, what do you mean by unrestricted? A. There are several kinds of restrictions that could in principle attach to anyone engaged in the kind of conduct Google has been engaged in. By unrestricted I meant to convey that perhaps few to none of those 47 (Pages 185 to 188) Veritext National Deposition & Litigation Services 866 299-5127 A-1557 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 49 of 79 Page 189 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 restrictions would, in fact, be in place. Q. What are those restrictions? A. For example, there could be restrictions as to the length of each snippet, the number of snippets per page, the number of times a user can view snippets from a single work, the systems to keep out automated crawling software, the systems to prevent users from pooling their snippets in order to slowly piece back together the entire work, a variety of restrictions in that vein. Q. And your conclusion is that without those restrictions, the use would result in a substantially adverse impact on the potential market for books? A. That's certainly true. MR. BONI: Object to form. Doesn't limit it to unrestricted. You're not reading it accurately, Joe. You left out unrestricted and widespread conduct of the sort engaged in by Google. Q. So I just want to make sure I understand what you mean by unrestricted, and by unrestricted in your previous answer I understand you to mean that it's not -- it Page 191 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 sort engaged in by Google? A. I mean the large-scale scanning of a large number of in-copyright books, the digital archival of those scans, and the presentation of, at least, portions of those works through an interactive website. THE VIDEOGRAPHER: Here ends Tape 4. Off the report, 3:21 p.m. (Brief recess.) THE VIDEOGRAPHER: We're back on the record. It's 3:24 p.m. Q. Mr. Edelman, I understand that following our break and your discussion with Mr. Boni, you have a clarification for one of your previous responses. A. Yes. Q. Go ahead. A. The word "unrestricted" in Paragraph 8, what I meant to convey when I wrote this paragraph was that the word "unrestricted" refers to the sort of conduct that might be permitted if the court were to rule that Google's conduct was a fair use, and, therefore, that other sites and services could engage in the same conduct, consistent with that ruling. Page 190 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 wouldn't be subject to restrictions such as restricting the length of the snippet, restricting the number of snippets per page and so on; is that right? A. That's what I have in mind sitting here today rereading the sentence. There may be other restrictions that could reasonably be read into that word. Q. The next word is -- it says unrestricted and widespread. What do you mean by widespread? A. Affecting a large number of works, a large number of books, accessible to a large number of users, unreasonable price. If you told me that, you know, the subscription would be $1 million a year to be able to search the books, that wouldn't be widespread. Few people would be willing to pay it. It would be less likely to have an adverse impact on the potential market for books. Q. In Paragraph 8 you referred to unrestricted and widespread conduct of the sort engaged in by Google. Do you see that? A. Yes. Q. What do you mean by conduct of the Page 192 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. What restrictions would not be in place in such a circumstance making it unrestricted? A. The restrictions of the copyright act, I suppose, would not be in place if this were deemed to be a fair use, and, therefore, permissible notwithstanding restrictions of the copyright act. Q. So do I understand you to be testifying that what unrestricted means is permissible under the Fair Use Doctrine? A. What I intended to convey in Paragraph 8 was that if the fair use ruling were in Google's favor and if other sites arose on a widespread basis with conduct similar to Google's, then there would be a substantially adverse impact on the potential market for books. Q. Does the word "unrestricted" in Paragraph 8 refer to restrictions on the length of a snippet? A. The length of a snippet is surely a factor that would be considered for purposes of a finding of fair use, but the word "unrestricted" there was intended, perhaps 48 (Pages 189 to 192) Veritext National Deposition & Litigation Services 866 299-5127 A-1558 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 50 of 79 Page 193 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 somewhat unclearly, but intended to capture all that would follow if a fair use ruling were to find that the Google conduct in this area is a fair use. Q. When you refer in this sentence to conduct of the sort engaged in by Google, are you including or excluding from what you mean by that phrase the security measures put in place by Google? MR. BONI: Object to form. You can answer. A. Well, the security measures encompasses certainly multiple aspects; for example, one could think of the duration, the length in words of a snippet as a security measure, the number of snippets per page as a security measure, the way Google secures its network and secures its server is surely a security measure. What I envision here is the state of affairs in which a court offers a fair use finding in Google's favor, and then others begin to install similar services in their own way. They probably do it somewhat differently than Google. They might have 20 percent more words Page 195 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 doing, I bet you could add 20 percent to it, and if Google's use is a fair use, that plus 20 percent version might also be a fair use, and how about plus 40 percent. One gets into some interesting questions of the gray area. Q. Is it your view that if what Google is doing is found to be a fair use, then showing 20 percent larger snippets is necessarily also a fair use? A. Not necessarily. There has to be a line somewhere. But, surely, there will be some difficult line-drawing exercises in that event. Q. Who would be the arbitrator in those line-drawing exercises? MR. BONI: Object to form. A. I think it's beyond the scope of my report, but I'm happy to try to answer. I think it would have to be a judge when the case was brought, if such a case was brought. Q. And that judge could decide whether these different circumstances were, likewise, fair use or whether the differences meant that the later user was not engaged in fair use; is that right? A. I think that would be the question Page 194 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 in their snippet. Their servers might be a little bit less secure because they're not quite as clever as Google in securing them. Exactly which things they do differently and how they do them differently is hard to predict sitting here today, but in Paragraph 8, I intended to contemplate the state of affairs where they begin to head down that road. Q. Could those differences between those later users and Google affect whether the use by the later user you're hypothesizing is, in fact, a fair use? A. Yes, they could. Q. So a ruling that what Google is doing is fair use doesn't necessarily mean that what someone else would be doing, to the extent it was different from what Google was doing, would, likewise, be a fair use; is that right? A. I think that's true. At least when taken to the extreme. If there was a site whose idea of a snippet was up to 500 words, one would scoff at the idea that a snippet could have 500 words, and it's possible that Google's use is a fair use, and that site's use is not a fair use. On the other hand, whatever Google is Page 196 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 posed, yes. Q. What does "substantially adverse impact" mean in Paragraph 8? A. I was thinking about the word substantial with its meaning in multiple contexts, material, substantial, that is, something that an author or publisher would need to consider when deciding whether or not to engage in the economic enterprise of writing or publishing a book. Q. And you use the word "would" in Paragraph 8. Do you see that? A. Yes. Q. Does that indicate that it is your view that the probability of such a substantially adverse impact is 100 percent? A. In this state of affairs discussed here, I think the probability is very, very high. I wouldn't call it 100 percent. Nothing is certain. But it's sufficiently likely that the word "would" is an appropriate word to use. Q. You've referred in your previous answer "the state of affairs discussed here." What did you mean by that? A. The hypothesis of Paragraph 8. 49 (Pages 193 to 196) Veritext National Deposition & Litigation Services 866 299-5127 A-1559 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 51 of 79 Page 197 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. The hypothesis is that if unrestricted and widespread conduct of the sort engaged in by Google, that is, widespread scanning, archiving and presentation of portions through web services without necessarily the limitations and security measures put in place by Google were to occur, then that would result in a substantially adverse impact on the potential market for books; is that right? A. I was with you except for the clause that began "without." Q. Did you not understand it or not agree with it? A. I thought that when you said it it differed from what I intended to convey. The meaning of the word "unrestricted," as I intended to use it here, is not restricted by the Copyright Act because the fair use defense offers that exception of the Copyright Act. Q. So if that conduct, that is, scanning, archiving, and presentation of portions of works was found to be fair use, regardless of security measures, it's your view that that would result in a substantially adverse impact on the potential market for Page 199 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that would result in a substantially adverse impact on the potential market for books? A. If they were doing it exactly the same as Google, that is not my view. But I didn't intend to address that situation either. I intended to address the situation where they're doing it like Google except, except that they're doing it themselves, and they're not quite as diligent, or they're cutting some corners, but nonetheless, they manage to fall within the Google fair use ruling. Q. You say it would result in a substantially adverse impact on the potential market for books. Do you mean that on balance the effect would be negative? A. We haven't discussed any positive effects. MR. BONI: Object to form. Q. Does Google's current conduct with respect to in-copyright books have any positive effects on copyright-holders? A. It could in some situations. Q. Would the conduct you hypothesize in Paragraph 8 have any positive impact on copyright-holders? Page 198 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 books? MR. BONI: Object to form. Joe, that's mischaracterizing the nature of our claims by leaving out the fact that we also allege that the conduct engaged in by Google includes distribution of the scans back to the libraries. Q. You can answer the question, Mr. Edelman. A. Again, you've inserted into the question the hypothesis that the other sites have no restriction as to snippet length or quantity or what have you, and that certainly makes the conclusions of Paragraph 8 even more certain. If the other sites are offering snippets of exceptional length, then I definitely stand by the conclusion of Paragraph 8. But even if we don't add that additional hypothesis, I still stand by Paragraph 8 as written. Q. So is it your view, as expressed in Paragraph 8, that if there were a dozen or 100 other enterprises doing in every respect exactly what Google does with all of Google's security measures and all of Google's resources, that Page 200 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. It might. We'd need to look at the sites and their specific practices to see. Q. By the "sites," you mean the future sites that could come into being? A. Precisely. Q. Is the effect you hypothesize on books in general or on particular books? A. I meant to cover the full universe of books that are subject to the scanning. Q. The scanning by the future users? A. Right. Although to be sure, in principle, there might be some effect even on books that were never scanned. The book that I declined to write because I anticipated that it would be scanned, not knowing that every single one of the scanners would hate my book so much that they wouldn't bother to scan it. It's the threat of scanning and the threat of distribution that has the preclusive effect, discouraging the production of the book, for example. Q. Would the effect be the same for all authors? MR. BONI: Object to form. A. I think there are some important 50 (Pages 197 to 200) Veritext National Deposition & Litigation Services 866 299-5127 A-1560 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 52 of 79 Page 201 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 effects that would be the same, substantially the same for all authors. There might be some others that would differ in idiosyncratic ways. Q. How would those differ? A. There might be some authors for whom the snippet better captures the essence of the work than others, where the work must be read as a whole. There might be some authors who are so well known that they've already sold every possible copy they could sell, others who could benefit from visibility links to Google, others who would suffer because the online copy of their book would be a realistic substitute for purchasing the book. Q. Any other way? MR. BONI: Again, this is not what the witness is here to testify about. He's here to testify about security. MR. GRATZ: Well, I'm asking about his opinion that something would result in a substantially adverse impact on the potential market for books, and I want to figure out what he means by that. Q. So is there any other way that books -- that the conduct you hypothesize would Page 203 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 an expert about. He's not here to tell you whether in print or out of print differs. That's a legal question, and he is not here to opine about that area of this case. You really ought to stick to what he's proffered for. Q. Referring to Paragraph 8 of your report, Mr. Edelman, the last word in that paragraph is "books." Do you see that? A. Yes. Q. And I want to ask you a question about what books you are referring to by that reference in Paragraph 8 of your report. The substantially adverse impact you referred to in Paragraph 8 of your report on the potential market for books, does that substantially adverse impact, will it vary, depending whether the book is in print or out of print? MR. BONI: Object to form. A. It's not a question I thought about when drafting the report. Q. The substantially adverse -actually. Let me ask this: Do you have a view about it? A. Every book is in print when it's Page 202 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 differ in its effect from book to book? MR. BONI: Object to form. A. There probably are some books that are more amenable to being used in snippets. Others for which having the entire work is particularly important. Probably some you need in your bag, and some where you can accept an online substitute. There could be differences of this sort. I think these differences in general are smaller than the overall effect. Q. Would it matter to the amount of the adverse impact on the potential market for a book in the situation you hypothesized if that book was in print or out of print? MR. BONI: Object to form. He's not here as a fair use expert, Joe. MR. GRATZ: I'm not asking about fair use. MR. BONI: You are. That's a --that's a legal -- you're calling for a legal conclusion there, and you know you are. Q. You can answer the question. MR. BONI: No, at this point, I'm going to cut it off. That's not what he's here to -- that's not what he's proffered himself as Page 204 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 published. The day I publish it, it's in print. The day I consider writing it, I'm planning for it to be in print for a while, so that I can sell some copies and be paid for my efforts in writing it. No one expects their book to be in print forever. You do expect it to be in print for a while. If digital copies reduced your ability to sell it when it's in print for a while, then you'll enjoy lesser revenue and lesser profit from selling it. So I would think it would affect all books. As to the guys who are dead, we can't motivate Ben Franklin to write any more books. No matter what we do with the Copyright Act, he's still dead, and he's not going to write any more books for us, be that as it may. Q. That means that with respect to books that are already out of print, there wouldn't be an impact one way or the other, as long as they were out of print at the time the scanning took place; is that right? MR. BONI: Object to form. A. That's beyond what I've thought about previously. There might be some factors I'm not considering. 51 (Pages 201 to 204) Veritext National Deposition & Litigation Services 866 299-5127 A-1561 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 53 of 79 Page 205 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: You should stick to what you were -MR. GRATZ: Please don't interrupt the witness. MR. BONI: He was finished -- he was finished, and I'm cautioning the witness to testify about the subject matter of the expert report and your qualifications. Q. So, Mr. Edelman, that means that with respect to books that are already out of print at the time the hypothesized scanning took place, the substantially adverse impact on the potential market for those books couldn't occur because they're already exited from the market; is that right? MR. BONI: Object to form. You can answer. A. I'm not sure. There could be -there could be effects that I haven't considered. It's just so far outside of what the expert report is about that I shouldn't speculate. Q. So you didn't consider the effect on in-print versus out-of-print books in forming the opinions set forth in your expert report? Page 207 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Yes. Q. If -- if the Google Library Project is found to be a fair use, then books could, likewise, in your view, be digitally copied, distributed and displayed in their entirety through licenses that include secured protocols and a damages structure for breaches of those protocols; is that also true? A. Thanks to the breadth of the word "could," it's true, but the reality is that the Google Library Project would have no reason to enter into a license that includes security protocols, nor would any other site have reason to enter into a license that includes security protocols because they can instead take the material without license and without security protocols. Q. What security terms do you hypothesize? A. My thinking here is guided by approaches used in other sectors. For example, the credit card network has quite well-developed security rules as to what a merchant or bank must do to secure this valuable material in order to avoid causing harm to others in that Page 206 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I considered all books taken as a whole, taken collectively. Q. Did you take any steps to quantify the effect referred to in Paragraph 8? A. I did not. Q. The effect referred to in Paragraph 8, is it an effect that would result -- it's an effect that would result from follow-on behavior by third parties in the event of a ruling of a certain sort in your view, not as a result of Google's current actions; is that right? In other words, you aren't opining here about the effects of what Google has done to date? A. I'm not opining on the effects of what Google has done to date. It's about something else, either what Google might do in the future or what others might do in the future. Q. Turning to Paragraph 9 of your report, you say "If the Google Library Project is found not to be a fair use, then books could be digitally copied, distributed and displayed through licenses that include security protocols and a damages structure for breaches of those protocols." Do you see that? Page 208 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ecosystem. So there are specific actions that must be taken, specific audits, specific technologies that must be used, and then there are a set of damages, both actual damages and liquidated damages in the event of breach, compensation to be paid to those who suffer harm as a result of a breach. Q. And those damages are -- in your previous answer are you referring to something called PCI? A. PCI is one of the requirements of that web of contract, although there are others beyond PCI. PCI largely refers to the technical standards, but then there's a set of contracts. If you fail your PCI, if you had a breach during a period where you hadn't complied with your PCI, then you must pay this much money to these victims. Q. Are you aware of any such agreements in The Book Space? A. My understanding is that the proposed, now defunct settlement agreement in this case had provisions in that vein. Q. Are you aware of any others? A. In the related context of digital 52 (Pages 205 to 208) Veritext National Deposition & Litigation Services 866 299-5127 A-1562 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 54 of 79 Page 209 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 music and digital movies, my understanding is that there are confidential contracts typically between the right-holders and the technology providers offering certain compensation in the event of certain breaches. Q. Do you know the terms of those contracts? A. Some of them may be publicly available. My understanding was that most of them are confidential and not readily available. Q. I'm not asking whether they are available. I'm asking whether you know the terms of any of those contracts governing the storage of digital music or movies? A. I haven't had the opportunity to read the contract. I know about them only secondhand. Q. And what you know secondhand is that they include liquidated damages for security breaches? A. They include the kinds of methods just discussed, some combination of liquidated damages, perhaps actual damages, perhaps specific actions to be taken, specific technologies to be implemented. Page 211 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 opinions set forth in the first sentence of Paragraph 9 of your report? A. The first sentence there discusses what could be done, and to see what could be done, I need look no further than the proposed settlement agreement in this case and consider what I as an attorney or a business person might do if I were trying to solve this problem. Q. Did you do a survey of contracts governing the digital storage of books in connection with forming the opinions you expressed in your report? A. I did not do such a survey. Q. Have you ever seen such a contract, setting aside the settlement agreement in this case that was rejected by the court? A. I'm not sure. Q. Do any come to mind? A. Nothing comes to mind. Q. Were there any on which you relied in forming the opinions set forth in your report? A. No. Q. Do you know whether any such contracts include the security term which you hypothesize in the first sentence of Page 210 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. And how do you know that? A. I'm not sure. I've a few possibilities in mind. People who might have told me this previously. Q. What are those people? A. My contact at Universal Music Group pursuant to the cases previously discussed is the general counsel at Universal Music Group, and I think his name is a Mr. Geller. Q. Is that Harvey Geller? A. That's right. It might be from him. It might be from someone else. It might be from discussions at an executive education program here on the HBS campus where I spent some time with music industry participants. Q. Did you rely on your conversations with Harvey Geller in forming your opinions set forth in Paragraph 9 of your report? A. No. Q. Did you rely on any discussions with any content industry participant in forming the opinions set forth in Paragraph 9 of your report? A. No. Q. On what did you rely in forming the Page 212 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Paragraph 9? A. I guess I don't know for sure. Q. Do you know whether any include the damages term which you hypothesize in the first sentence of Paragraph 9? A. I don't know for sure. Q. Are you aware of something called the Google Books Partner Program? A. Yes. Q. What is it? A. That's a program whereby publishers can provide copies of their books to Google for display in any of several versions to users who enter relevant searches. Q. Is it your understanding that there are more than 45,000 publishers participating in that program? A. I'm not sure. Q. Do you know the terms of any of the Google Books Partner Program agreement? A. I'm not sure. If the contract is posted. I might have read it, but I don't recall one way or the other. MR. GRATZ: I'd like that marked as Exhibit 19, this document. 53 (Pages 209 to 212) Veritext National Deposition & Litigation Services 866 299-5127 A-1563 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 55 of 79 Page 213 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (Document marked as Exhibit No. 15 for identification.) Q. Have you seen this document before, Mr. Edelman? A. I think I've seen this at least once, yes. Q. What is it? A. It says it's the "Google Books Partner Program standard terms and conditions." Q. Does Exhibit 15 include the security and damages terms that you hypothesize in Paragraph 9 of your report? A. It includes at least some, for example, Paragraph 4. Q. In Paragraph 4 says that, "Google will use commercially reasonable efforts to limit the number of pages viewed and to disable right-click cut, copy and paste functions, provided that Google does not guarantee that its efforts to prevent or limit the actions stated above will in every instance be effective." Is that right? A. Yes. Q. Does that differ from the terms you have hypothesized would be negotiated in Page 215 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 contract. Q. So when you say in Paragraph 9 that books could be copied through licenses that include a damages structure for breaches of those protocols, do you mean anything other than include promises not to breach those protocols which could then result in contract expectation damages in a breach of contract suit? MR. BONI: Object to form. Mischaracterizes his testimony. A. I did envision something other than expectation damages. I envisioned something that would look more like liquidated damages due to the significant difficulty of proving out one's expectation damages, but in principle, the parties could agree to do it either way. It would be a negotiation between them, and I'm not going to tell them where they have to end up in that negotiation. Q. Do you have a view as to what the probability would be that the parties to a license of the -- the license -- strike that. Do you have a view as to what the probability would be that the parties to the license you identify in Paragraph 9 of your Page 214 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Paragraph 9 of your report? A. Well, this is an agreement negotiated between Google and a publisher. The publisher gives up some rights. On the other hand, they stand to gain advertisement revenue from Google pursuant to Section 8 and perhaps visibility, perhaps some other benefits. So it's a contract negotiated between two parties. This is a fine example of the kind of outcome that might result. Q. So in your view -- actually let me ask this. Does Exhibit 15 include the damages terms that you hypothesize in Paragraph 9 of your report? A. It doesn't include explicit terms to that effect. On the other hand, it includes a specific commitment, commercially reasonable efforts, words that have meaning. If it should turn out that Google used less than commercially reasonable efforts, and if damages ensued, you'd expect the relying party to be able to bring suit for the damages that resulted from that breach, subject to any exclusions or waivers that might be provided elsewhere in the Page 216 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 report would, in fact, negotiate inclusion of liquidated damages as a term of the contract? A. Well, I think they just might because Google is so confident in its excellent security that they would view that kind of promise as cost free. If we are invaded by martians or someone hacks our server, we'll give you a million dollars, and neither of those things is going to happen. We're so confident in our engineers, that we're willing to put a million dollars behind it. Q. Is Exhibit 15 a counter example to that hypothesis, in that it does not include provision for liquidated damages? A. You know, this is the standard terms and conditions. Whether every publisher gets this, I'm not sure. I wouldn't be surprised if a big publisher, a publisher with works that Google particularly wanted, a publisher that possessed some market power, frankly, was able to insist on terms superior to these standard terms. Q. But it's not your view that every copyright-holder would have the power to insist on such terms in the negotiation you hypothesize 54 (Pages 213 to 216) Veritext National Deposition & Litigation Services 866 299-5127 A-1564 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 56 of 79 Page 217 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 in Paragraph 9 of your report? MR. BONI: You mean with Google or with anybody? It's a very vague question, unless you limit it. Q. With anybody? A. Yeah, if there were a marketplace of many companies all needing permission to scan books or digitally post books, some of whom had great difficulty getting traction, I wouldn't be surprised if the ones having the most difficulty were willing to put their money behind it, some kind of a performance bond or what have you. There have been sectors in which this sort of thing has occurred where performance bonds actually are quite routine for folks to demonstrate their capability and the adequacy of their systems. Q. Has it occurred with respect to books to date? A. There haven't been that many different companies wanting to license book content to date, so that sort of competition hasn't occurred with books to date. I was thinking of construction project performance bonds and real estate agent performance bonds Page 219 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 each one wanted and was willing to give up; is that right? MR. BONI: Object to form. A. It might. It might be that if Google needs to enter into these contracts with thousands of publishers, Google's standard offer, their stock offer, their opening offer and the standard terms and conditions would actually become more generous because they warned a large number of publishers to accept. Q. Do you know what proportion of the publishers in the Google Books Partner Program are participating pursuant to the terms in Exhibit 15 as opposed to other terms? A. I don't know. Q. Would that fact affect your last answer or rather the answer before the answer -let me ask a slightly better question. Would that fact affect your view of the extent to which publishers would in the situation you hypothesize in Paragraph 9 of your report negotiate for and receive security terms? A. It might. But one shouldn't read too much into the past because publishers' decision to accept the standard terms document in the Page 218 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 and the myriad of other contexts in which service providers actually do put liquidated damages in their contract in order to prove their seriousness about providing the required performance. Q. So it's your view that in the event of competition between multiple service providers, a market might result in which liquidated damages clauses were included in the licenses you discussed in Paragraph 9, but they might or might not, depending on the market dynamics? A. I think that's largely consistent with my views. To what extent it requires competition and many services scanning or digitally producing books, I'm not so sure, but I do think that if a license were required, if agreement from the publisher and/or author was required, it would be more likely that the terms would end up including provisions favorable to the publisher and/or author, and the provisions could well include these sorts of security benefits. Q. But that outcome would depend on the particular parties to that negotiation and what Page 220 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 past could reflect a variety of factors, causing them to accept it even when in reality they would have preferred a document rather different. Q. Does the acceptance of Exhibit 15 by many publishers suggest to you that the publishers regard the bargain set forth in Exhibit 15 as one that is satisfactory? MR. BONI: Objection to form. There's no foundation for that question, Joe. A. That's not the conclusion that I would draw from that fact. Q. Would you draw any conclusion from that fact? A. No, I wouldn't -- I would draw a different conclusion from that fact. Q. What conclusion would you draw? A. I would find it evidence of Google's market power. MR. GRATZ: I'd like to mark as Exhibit 16 this document. Actually before I mark this as Exhibit 16. Q. Are you familiar with something called Amazon Search Inside the Book? A. Yes. 55 (Pages 217 to 220) Veritext National Deposition & Litigation Services 866 299-5127 A-1565 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 57 of 79 Page 221 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. What is it? A. It's a program whereby publishers can provide copies of their book contents to be presented on the Amazon website for users to browse or search. Q. Have you ever seen the agreement governing the terms under which Amazon may use the books which are submitted through Search Inside the Book? A. I think I looked at it once. MR. GRATZ: Mark this as Exhibit 16. (Document marked as Exhibit No. 16 for identification.) Q. Is this the agreement governing Amazon's use of books submitted through Search Inside the Book? A. It seems to be. It seems to be at least the standard version, and what variance might exist, I don't know. Q. Does it include the security terms that you hypothesize in Paragraph 9 of your report? A. It includes a portion of them. Q. How do the terms of Exhibit 16 differ from the agreement that you hypothesize in Page 223 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Do you know how many books are in Search Inside the Book by Amazon? A. Quite a lot. But I don't know specifically. Q. Does the existence of Exhibit 16 as the terms by which those books are digitized, stored and shown to the public change any of the views expressed in your report? A. No. Q. Is Exhibit 16 the sort of agreement that you are referring to in the first sentence of Paragraph 9 of your report? A. It's the sort of agreement; albeit, not with the substantive terms that I was anticipating. It's a contract between the right parties. It has the right kind of title on it. Q. What reason do you have to think that in the future parties would bargain for different terms than they have in Exhibits 15 and 16? A. In the context of Exhibits 15 and 16, these are books in print for which the publisher might reasonably expect to sell more if they go along with the contracts provided in 15 and 16. The publisher at least gets something; namely, Page 222 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Paragraph 9 of your report? A. Certainly the substantive commitment is rather narrow here in Exhibit 16. Amazon will employ available technologies to hinder downloading. But it's something. It says they'll do something, and if they don't, you could try to sue them for your actual damages that resulted from that breach. Q. Does it include liquidated damages for breach? A. I don't see any liquidated damages. I do see the remedy that at least an author or publisher can take their books out which is a benefit. Better than nothing, from their perspective. Q. Do you consider that an important remedy for an author or publisher? A. It's a limited remedy. You know, one shouldn't be too effusive in the praise, but the alternative is even worse. Q. The alternative being the provider being deaf to requests for removal? A. Correct. Q. Does the existence of Exhibit 16 as an -- actually strike that. Page 224 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 they get the possibility of more sales, thanks to these examples being available. In contrast, as to older books for which there is less likelihood of additional sales, maybe books out of print, it's harder to see what the publisher's upside is. Furthermore here, the publisher gets to choose which specific books they want to do it for one by one, opting in; whereas, in other contexts, the books are chosen by someone else, not by the publisher. Q. In your previous answer, are you distinguishing between a program like Amazon Search Inside the Book and unrestricted fair use of books or between a program like Amazon Search Inside the Book and a future in which the Google Library Project is found not to be a fair use? MR. BONI: Object to form. A. I'm getting a little bit muddled here. I think maybe both of those, but there might be some part of it that only makes sense in one or the other. Q. Let me ask this: In the first sentence of Paragraph 9 of your report, you're discussing the situation in which the Google 56 (Pages 221 to 224) Veritext National Deposition & Litigation Services 866 299-5127 A-1566 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 58 of 79 Page 225 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Library Project is found not to be a fair use; is that right? A. Yes. Q. And you're hypothesizing certain terms that would be bargained for as between parties who wanted to make use of the books and copyright-holders of those books in that circumstance; is that right? A. Yes. Q. The terms that you hypothesize in that hypothetical negotiation, in the event the Google Library Project is found not to be a fair use, do they differ from the terms set forth in Exhibit 16? MR. BONI: Object to form. A. Who's to say what the parties might come up with, but the most pro-publisher, pro-author of those terms would certainly differ significantly. Q. And the most pro -- the most pro-user or most pro-Amazon version of those terms would differ from these terms as well? A. I suppose there's a spectrum, and you could go either way on the spectrum. Q. Do you know what the probability -- Page 227 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the first sentence of Paragraph 9 of your report would result in precisely the terms set forth in Exhibit 15 or precisely the terms set forth in Exhibit 16? A. That could happen. Q. Indeed, the terms could be worse for the copyright-holders than these or they could be better? A. They could be worse or they could be better. Q. In your view, is one of the factors that would make them better for copyright-holders having an organization making the use that was more sensitive to copyright-holder concerns? Would that make it more likely that the damages and security terms would be in the agreement? A. If the service provider needed this agreement, because absent the agreement they couldn't provide the service they aspire to provide, then they would be more likely to come with hat in hand, willing to bend over backwards in order to make sure that they got the contract that they needed. Conversely, if they thought we don't Page 226 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 so it could be -- it could be -- the negotiation could end up anywhere on the spectrum, is that right, between the most anti-copyright-holder terms and the most pro-copyright-holder terms; is that right? A. It could end up along the spectrum, I suppose, anywhere, although there are factors that might make it more likely to end up on one end or the other end. Q. What is the probability of it ending up on the most anti-copyright-holder end? A. The spectrum doesn't even necessarily have an end. You can always go further, but I think the likelihood is that it would end up somewhere in the middle; whereas, when I look at 15 and 16, they look like unilateral contracts drafted by the service providers. They seem to have an awful lot of disclaimers of liability and disclaimers of warranty. They look like they were drafted by Google's lawyers and Amazon's lawyers. I think they look like that because they were, and those lawyers did a good job of representing their clients' interest. Q. So you can't rule out the possibility that the hypothetical negotiation set forth in Page 228 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 really need this because it's just fair use anyway, we can do what we want; if we get a contract, that's great, if not, that's okay too, well, then they'd be less likely to agree to contract terms that were on the side of the publishers. Q. Do you think the identity of the service provider matters in that a service provider that was affiliated with copyright-holders, for example, would be more likely to include a security term in liquidated damages? MR. BONI: Object to form. A. I think it's probably true that a company that comes from the world of copyright, and has as its constituents its management team, its attorneys, folks who come from that world and that view, would be more likely to be sensitive of the concerns of those constituents. MR. GRATZ: Mark this as Exhibit 17. (Document marked as Exhibit No. 17 for identification.) MR. BONI: Seventeen? MR. GRATZ: Yes, 17. Q. Do you recognize what's been marked 57 (Pages 225 to 228) Veritext National Deposition & Litigation Services 866 299-5127 A-1567 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 59 of 79 Page 229 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 as Exhibit 17? A. I don't. Q. Do you know -- are you aware of something called Back In Print? A. I think so. But I'm not sure specifically. It's well beyond anything I opined on in this report. Q. Are you aware that the Authors Guild is a party to this lawsuit? A. Yes. Q. And that's the party for which you -in favor of whom you submitted your expert report; is that right? MR. BONI: Object to form. A. Yes. MR. BONI: On its face for all plaintiffs, not one as opposed to any other, but if that's the import of your question, Joe. MR. GRATZ: No. MR. BONI: You said "the party," on whose behalf. MR. GRATZ: Sorry. One of the parties on whose behalf. MR. BONI: Right, I understand. I just want it to be clear. Page 231 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 contemplating in Paragraph 9 or what we've been discussing in Exhibits 15 and 16. Q. In that this is a service to sell eBooks rather than a service to help people find books? MR. BONI: Object to form. That wholly mischaracterizes the contract which says both print copies and eBook copies. This is not an exclusively eBook program. I mean, let's be accurate here. Q. Let me ask some foundational questions. eBooks are electronic books; is that right? A. Yes. Q. And eBooks are sold through electronic means, at least today; is that right? A. Yes. Q. Through -- through computer networks of one kind or another? A. Yes. Q. And eBook purchases take place frequently through eCommerce websites; is that right? A. Yes. Q. And eBooks are stored on those Page 230 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. The author -- that same Authors Guild is one of the parties to the Exhibit 17; is that right? A. Yes. Q. Exhibit 17 is an agreement by which an entity called iUniverse, along with the Authors Guild, can, among other things, make certain books of signatories to this agreement available as eBooks; is that right? A. So it seems. Q. Does Exhibit 17 include any security terms? MR. BONI: When you say -MR. GRATZ: There's a new question pending. A. I don't see any security terms. Q. Are there any liquidated damages terms in exhibit -- are there any liquidated damages terms in Exhibit 17? A. I don't see any. Q. Do the terms of Exhibit 17 differ from the terms you hypothesize in Paragraph 9 of your report? A. As I understand it, so far this is quite a different service than what I was Page 232 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 websites, and access is given to those eBooks only after payment is made; is that right? A. Yes. Q. Thus eBooks present a similar security concern as any other service that makes available portions of books under certain circumstances to certain people; is that right? A. Now I'm no longer with you. Q. So do eBooks -- does the offering of eBooks bring with it security concerns? A. It does, but they're different security concerns than the security concerns associated with snippets. Q. They relate to making sure that only the people who should have access to a given work or portion thereof have access to a given work or portion thereof; is that right? A. In the eBooks that I'm familiar with, there's much less of a notion of portion. A user who buys an eBook has access to the entirety of the eBook. Typically, the eBook is a single encrypted file which is provided in its totality to the user for deployment to an eBook reader, and that's the end of that. That security is pretty well understood at this point 58 (Pages 229 to 232) Veritext National Deposition & Litigation Services 866 299-5127 A-1568 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 60 of 79 Page 233 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 thanks to experience with similar technologies in music and movies. Q. The provider of eBooks needs to store the entire book on its servers; is that right? A. Yes. Q. It's at least possible that the book could be stolen from the servers by one who intrudes upon those servers; is that right? A. It could happen. Q. Do you consider that more or less likely than the taking of books from one who stores those books who is not an eBook provider? A. I think the snippet provider is more vulnerable than the seller of eBooks. Q. Why? A. The snippet provider is offering in all likelihood orders of magnitude more transactions, giving away a very, very large number of free snippets, versus selling a more modest number of eBooks. Furthermore, giving things away at a cost of zero, the structure of the web services that provide that tool uses ordinary HTML images, JavaScript, maybe Flash, probably not, uses the most standard and insecure of web-based systems; whereas, the Page 235 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 installed. MR. GRATZ: We can change the tape. THE VIDEOGRAPHER: Here ends Tape 5. Off the record at 4:24 p.m. (Brief recess.) THE VIDEOGRAPHER: Here begins Tape No. 6 in today's deposition of Benjamin Edelman. Back on the record. It's 4:31 p.m. Q. Turning to Paragraph 11 of your report, Paragraphs 11 and 12 discuss the current state of book -- eBook piracy; is that right? A. Yes. Q. This eBook piracy discussed in Paragraphs 11 and 12 isn't piracy that's occurring via Google Books; is that right? A. That's true. Q. And it isn't a risk that Google Books created; is that right? A. That's true. Q. And the contents of Paragraph 11 and 12 would be true whether or not Google Books existed; is that right? A. That's true, although it's possible that Google Books will make the problem worse. Q. The files you're referring to, the Page 234 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 provision of an encrypted eBook uses highly specialized secure file formats designed specifically for that purpose. Q. Do any popular eBook formats not use encryption? A. There are some that don't use encryption. Q. Can one buy unencrypted eBooks from Barnes & Noble? A. I don't recall one way or the other. Q. Can one buy unencrypted eBooks from the Google eBooks store? A. I'm sure there are some. Q. And with respect to those, do the risks associated with running that sort of service similarly -- are they comparable to running a snippet-based or indexing service? A. Even then, notwithstanding that the file itself is unencrypted, the tasks are just rather different to provide a single, large file for deployment to the user's reader versus providing a snippet in the browser, providing, to be sure, orders of magnitude more snippets on a per-second basis, just a voluminous task, limiting the kinds of security that can be Page 236 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 .mobi files, those are files that did not come from Google Books; is that right? A. That's true. Q. Do the pirate sites referred to in Paragraphs 11 and 12 offer snippets or whole books? A. Whole books. Q. Why whole books instead of just snippets? A. Once you're a pirate, there's no need to use snippets. Q. Is it because the snippets aren't a substitute for the whole books? MR. BONI: Object to form. A. In some circumstances I'm sure the snippets are. In others, they might not be. Q. In what circumstances would they be? A. When one just needs a quote, needs to find the book that has a certain distinctive phrase, in certain reference contexts, of course, whether or not those reference contexts would be included in the Google program as currently envisioned. There are other contexts in which snippets could be sufficient. Q. Do you know whether any pirated books 59 (Pages 233 to 236) Veritext National Deposition & Litigation Services 866 299-5127 A-1569 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 61 of 79 Page 237 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 have ever come from Google's scans? A. I don't know. Q. Turning to Paragraph 13 of your report, it says, "If Google's conduct is found to be a fair use and others engage in similar conduct, the risk is created of book redistribution through piracy." By "similar conduct" do you mean scanning, archiving and the presentation of the portions of books through a web service? A. Yes. Q. Turning to Paragraph 14, you discuss the risk that pirates could extract book copies through defects in the security of a provider's systems; is that right? A. Yes. Q. Is that a risk that, likewise, applies to Amazon's Search Inside the Book service? A. It does. Q. Is it inherent in any sort of digital storage of a digitized book that makes portions of that book available, either sort of -- or makes the whole book available to those who have purchased it? Page 239 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that would be negotiated is a subject that we discussed previously, right? A. Right. Q. Turning to Paragraph 16, you discussed the risk that someone could use a staff member's user name and password to access books; is that right? A. Yes. Q. And that would happen by stealing the service provider's staff member's user name and password and then using it, right? A. That's right. Q. Is the risk you discussed in Paragraph 16 a risk which could be mitigated by two-factor authentication? A. That would mitigate the risk. It wouldn't eliminate it, but it would make some progress. Q. What is two-factor authentication? A. Two-factor authentication is a security practice whereby a user is verified using two distinct, distinctive characteristics, a password perhaps being one, but another also being required. Q. An example of one of those would be a Page 238 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. With the others that we're discussing, for example, Amazon Search Inside the Book or those that sell books reflect a contract, an agreement between the rights-holder that owns rights in the books and the service providers that's distributing it. In contrast, this section contemplates a finding of fair use and others beginning to engage in similar conduct without needing to get that permission, and so the quality and caliber and capability of the folks engaged in this task could be quite different. Q. Does the risk of extraction through defects in the security of a provider's system necessarily depend on whether or not there is an agreement in place regarding security? MR. BONI: Object to form. A. It's not that the agreement itself changes the risks, but that agreements might be entered into only with those whose risks are appropriate, for example, because of their higher level of capability or their higher level of care that they promised to exercise. Q. And the circumstances in which those agreements would be entered into and the terms Page 240 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 one-time code number that appears on a key chain sized screen and changes every once in a while; is that right? A. That's an example. Q. And so the risk hypothesized in Paragraph 16 would be one that service providers who did not use two-factor authentication properly could be subject to; is that right? A. Even two-factor authentication, depending on how it's implemented, could still be subject to this risk, but the risk is more severe when a vendor uses only one-factor authentication. Q. And two-factor authentication would still be subject to this risk because somebody could steal an employee's physical key chain as well as stealing their user name and password; is that right? A. If the second factor was, in fact, a physical key chain, if it was something easier to steal or easier to impersonate, tell me the name of your first pet, something like that, or you're logging in from a computer I recognize, but maybe the attacker can impersonate that computer, it might still be possible. 60 (Pages 237 to 240) Veritext National Deposition & Litigation Services 866 299-5127 A-1570 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 62 of 79 Page 241 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Turning to Paragraph 17, it says, "Fourth, a rogue employee could intentionally redistribute book copies." Is that true of any electronic system to which employees of an organization have access? MR. BONI: Object to form. A. It's true that any employee with access to digital works could potentially distribute them. However, in general, employees only have access to the works licensed by their employer for their distribution or resale; whereas, this section as detailed in Paragraph 13 is about companies that might begin to redistribute books pursuant to a finding of fair use and without permission from the rights-holders, an important difference that would greatly expand the number of employees who might potentially have access. Q. Are you aware of any circumstance in which a rogue employee has distributed copies of books from a book-service provider? A. I'm not aware of anything responsive to that specific request. Q. How can that risk be mitigated? A. One way to mitigate is to allow Page 243 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 were to exist, but you're right that it's not there. Q. Where would we look for it? A. We're talking about a class of hundreds of thousands of works of market value, God knows how much. I'd want to know how Steven Spielberg secures the pre-release copies of his next big movie, and there, I bet the contract between Spielberg and his movie company and the guy who drives the truck with the master print actually does say something about the way that truck has to be locked and the GPS to be installed on the roof of the truck and the background check required for the driver. I would expect that all of those sorts of things would be discussed in that contract. Q. What's the basis for your previous answer? A. I've read a little bit about that actually during the transition to digital movie distribution, rather than movies being loaded onto trucks. A lot of these questions were reopened and were the subject even of the Wall Street Journal style news coverage. Q. What did you read? Page 242 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 rights-holders in books to approve the specific vendors who are holding and distributing their works. Q. How is that -- sorry. A. For example, pursuant to a contract, and the contract could, if the parties so chose, specify background checks or three-factor authentication or authentication by two different people, you need the guy and his manager in order to get the digital file out of repository, or you can only do it during business hours. There are lots of internal controls that could be required through contract if this were pursuant to the contract. Q. Do you know of any book-related contracts that includes those terms? A. I don't know of that in the context of books. Q. And in fact, the three book-related contracts that we've looked at today all do not include those terms; is that right? A. I'm not sure that those contracts each to be exercised by -- to be entered into by an individual publisher, those aren't necessarily where we would look for it if it Page 244 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I don't recall specifically. Q. Did you rely on the articles that you referred to in your previous answer in forming the opinions set forth in your report? A. No. Q. Turning to Paragraph 18, in the first sentence you say, "Fifth, when books are scanned by a smaller and less sophisticated provider, there is a particular acute risk of book contents being accessed and redistributed." What do you mean by smaller and less sophisticated? A. Google is fortunate to have ample resources and top-notch technical talents. Not everyone will enjoy those benefits. The discussion in Paragraph 13 at the top of the page contemplates others entering into the book provider sector and potentially doing that without the significant resources that Google is able to bring to bear. Q. What's your basis for saying that smaller companies do not have the capabilities necessary to secure books adequately? A. I'm not sure that those are my exact words, for example, "adequately." But I think 61 (Pages 241 to 244) Veritext National Deposition & Litigation Services 866 299-5127 A-1571 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 63 of 79 Page 245 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 it's pretty straightforward that if you have more limited resources, your ability to expand those resources on any given project is going to be correspondently limited. Q. In your view is it necessarily the case that smaller and less sophisticated entities have worse security than larger and more sophisticated entities? MR. BONI: Object to form. A. Not always. Sometimes with simpler systems or with less valuable contents to safeguard, the security of a smaller entity can be more than satisfactory. On the other hand, when one flips around those conditions, a small entity guarding a very large gem, one could quickly get into trouble. Q. Are your statements in Paragraph 18 of your report based on a survey of companies of various sizes considering their security measures? A. No. Q. Can you provide an example of one of the smaller and less sophisticated companies to which you refer? A. For example, in the context of domain Page 247 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 report, you say that attackers can take advantage of even a brief period when a single book provider is insecure. You see that? A. Yes. Q. Is that true today? A. Today there aren't so many book providers. We've discussed only two today. Both of them large, sophisticated companies with impressive information security defenses; whereas, the premise of this section, Paragraph 13, is that there might be significantly more in the future, and they might look quite different. Q. In the event of a fair use ruling? A. Correct, which has been the premise of the entire section where we've been here. Q. Have you -- so it's your view that today's book providers like Google and Amazon have a different and higher level of security than tomorrow's book providers might in event of a fair use ruling, such that smaller entities would enter the market and present the risks discussed in this section; is that right? A. That's right. Q. Turning to Paragraph 20, you say, "I Page 246 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 names, there used to be one company, VeriSign Network Solutions that was the sole vendor of .com domain names. When that market was opened up to competition, there were a variety of benefits, but there have also been some downsides, including that some of the smaller guys have been hacked in various ways, have allowed their servers to be taken down by something as routine as a power outage and have otherwise failed to lived up to their contractual commitments. In contrast, the larger vendors in that space have largely succeeded in living up to their contractual commitments. Q. Are you aware of any in The Book Space? MR. BONI: Do you understand the question? A. I do, but I think it's a little bit speculative at this point that there aren't that many smaller sites holding digital copies of books and presenting them in snippet form. If there are any small such companies, I guess I don't know about them. Q. Turning to Paragraph 19 of your Page 248 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 understand that the Google Library Project includes providing to the library partners a full digital copy of the books the libraries allowed Google to scan. Breaches at the security systems at these libraries" -- excuse me -- "breaches in the security systems at these libraries, could facilitate book piracy." Do you know what security systems the libraries who store books such as the University of Michigan have in place? A. I don't know about all of the security systems that they have. Q. How do they compare to the security systems that, for example, iUniverse which is the party to the agreement in Exhibit 17 has in place? MR. BONI: Object to form. He just said he's not sure what the security systems are in the libraries. A. I'm also not sure what the security systems are at iUniverse, so I really don't think I can make a comparison. Q. You, likewise, couldn't make a comparison to the security systems that Google or Amazon has in place? 62 (Pages 245 to 248) Veritext National Deposition & Litigation Services 866 299-5127 A-1572 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 64 of 79 Page 249 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I don't know everything that I'd want to know in order to make that comparison. In general, I think there's good reason to suspect that the libraries will have significantly lower levels of security. Q. But you don't know one way or the other? A. I don't know one way or the other, and furthermore, I'm not sure the answer is knowable just yet. We need to think about what level of security libraries will have several years from now. It's hard to say, sitting here today what they'll do in several years. Q. Are you aware of any books being pirated or stolen from a research library archived with scans made by Google? A. No. Q. Turning to Paragraph 21, you say, "I've not been informed of all the ways that libraries intend to use the book contents data they receive from Google, nor have I been informed how libraries intend to secure that data. But the information currently available indicates that libraries' actions present a risk of book piracy." You see that? Page 251 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Did any of your work on the Multnomah County case or the interviews with librarians and other librarian staff members in that case form a basis for any of the opinions you render in your report in this case? A. It's not a basis. It's part of my overall professional background consistent with expert service. Q. Do you know whether the University of Michigan is storing book scans in its normal library information systems or in a separate system? MR. BONI: Object to form. A. I don't know one way or the other. Q. What information, additional to the information you have about the library's security measures, would permit you to better assess the risks? MR. BONI: What risks? Q. The risks you discussed in Paragraphs 20 and 21. A. Understanding both what they do now and what they will do in the future, what they commit in some sort of a binding contractual sense to do or not to do. I need to understand Page 250 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Yes. Q. You don't know what security measures the libraries have in place today; is that right? A. I don't know all of what they have in place. Q. What do you mean by "information currently available" as you use it in Paragraph 21? A. Yes, in Exhibit C, I cite the Hathitrust materials which I did review. That gives some information about some of the libraries' security systems. I actually have quite a bit of experience with library information systems from the Multnomah County Public Library case that we discussed previously. I've spent time interviewing librarians. I've spent time with the CIOs of libraries. I've spent time in the library computer systems, understanding how they work and how they interoperate and have come to have a general understanding of the overall culture and approach to information sharing that's common in libraries. Page 252 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the servers on which the data is to be stored, the physical security, the network security, the logical security, software level, user accounts, credentialing. This sounds like a full security audit. I'm not sure I'm the best person to do it, but in any event, it requires understanding quite a bit about their practices, both in the present and their future practices, which is a little bit harder to investigate in anticipation. Q. Turning to Paragraph 22, you refer to a student who used MIT library access to download 4.8 million articles and other documents. You see that? A. Yes. Q. Is that man named Aaron Swartz? A. Yes. Q. Aaron Swartz is being charged criminally for that activity; is that right? A. Yes. Q. And those charges are currently pending; is that right? A. That's my understanding. Q. What was the effect on the value of 63 (Pages 249 to 252) Veritext National Deposition & Litigation Services 866 299-5127 A-1573 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 65 of 79 Page 253 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 the articles from Mr. Swartz' actions? A. As I understand it, Mr. Swartz copied the articles but didn't redistribute them at all. I'm not sure he even got around to analyzing them. The effect from those actions is probably minimal. It's probably zero. On the other hand, had Mr. Swartz sent them all to WikiLeaks or put them all on BitTorrent, the consequences could have been absolutely devastating, and I don't think it would have been very hard for him to do that, once he got the 4.8 million files sitting on his hard drive. I think it would have been less than an hour of additional work for him. Q. Do you know Aaron Swartz? A. I've met him. Q. Do you charge for access to your blog? A. No. Q. Why not? A. I'm happy to give it away. Anyone who wants to read my blog is welcome to do so. Q. Would the distribution of articles from your blog on BitTorrent harm the market for those posts? Page 255 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I think some of my articles are in JSTOR. Q. Have you done anything to insure the security of JSTOR's systems? A. I have not. I leave that to JSTOR. Q. Do you know whether JSTOR's systems are more or less secure than Google's? A. I think there are some respects in which they are more secure and some respects in which they are less secure. Q. What are the respects in which they are less secure? Let me ask a slightly better question. What are the respects in which, in your view, JSTOR systems are less secure than Google's? A. I would expect that Google has more staff dedicated to security, to making sure that all of their servers are patched with the latest security updates, generally to treating security as the high priority that it should be. JSTOR, in contrast, I would think, has fewer resources to have a dedicated security team to have round-the-clock monitoring and so forth. Q. Do you know of any instances in which Page 254 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. A. I would be disappointed and unhappy if someone put my articles on BitTorrent. As to the market for it, I'm not sure, because I don't sell these materials. It's hard to think about what the concept of the market even means here. Q. Would the answer be the same with respect to your published journal articles? A. Well, there, I don't sell them, although the journal publisher does, which is sometimes a source of some contention. I might prefer that they gave it away, in fact, and they might prefer to charge for it. So it's kind of a messy one. If I found those on BitTorrent -- I'm fortunate in that all of my articles actually can be obtained for free from my website because I've arranged that -- so it wouldn't make a whole lot of difference to me, but again, I'm in a very special situation, thanks to other sources of revenue. Q. Turning to Paragraph 23, you refer to JSTOR; do you see that? A. Yes. Q. Do you have articles posted on JSTOR? Page 256 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 content providers allow their licensed content to be placed on university servers? A. Yes. Q. What instances are you aware of? A. Typically, in exchange for payment of a fee. Q. What types of content are involved in those transactions that you're aware of? A. Journal articles, groups of journal articles, books, groups of books, periodicals, almost any sort of printed media or electronic media could be subject to such a license. Q. Do all content providers who allow such content to be placed on university servers require oversight of the university's information security implementation? A. Do you all of them require it? I'm sure there are some who don't require it, particularly for the right price. If you pay enough, they won't necessarily ask any more questions. Q. Do you know whether any content providers who allow content to be placed on university servers require oversight of the university's information security 64 (Pages 253 to 256) Veritext National Deposition & Litigation Services 866 299-5127 A-1574 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 66 of 79 Page 257 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 implementation? A. I know that some of them do. For example, the one where we're sitting right now does have exactly that requirement. Q. By "the one where we're sitting right now," what do you mean? A. I mean Harvard Business School Publishing provides information products on a licensed basis, but oversees some aspect of the security of the licensees' servers. Q. What aspect of security of the licensees' servers does it oversee? A. It oversees the requirement that a user name and password are provided before access is available and specifically searches for and affirmatively pursued anyone who posts files in a way that's available to the general public. Q. Anything else? A. I think there are some additional requirements. There's a team of multiple, full-time employees who do nothing but this all day. Actually I do know of some additional requirements that they impose. Q. What are those? Page 259 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. It's a good case. Q. Is it posted on your website? A. It is not. Q. Have you done anything to insure the information security of Harvard Business School Press? A. I've offered them some advice on various aspects of their information, security and their user interface and multiple other facets of their business. Acting more as a friend and colleague than as an author wanting to protect my interests. It doesn't really matter to me how many copies they sell. My royalties are pretty small either way. So I'm not thinking about it from that purpose. Q. Turning to Paragraph 24 of your report, you discuss libraries permitting researchers to copy books in their entirety under the researcher's systems; is that right? A. Yes. Q. Do you know whether any of the libraries to whom Google has -- with whom Google has cooperated in the Library Project have permitted researchers to store digital copies of books on their own computers rather than on Page 258 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. They disallow libraries from collecting our case materials. A library can't buy these. If a library did buy them, they would be subject to for-sale rights, but a library is ineligible to purchase. And in order to make a purchase, you must certify that you're not a library, which offers additional protection to prevent this valuable, intellectual property from being distributed in a way that they prefer to prevent. Q. You wrote a case study on Google; is that right? A. The -- I would present it in the following way: I updated someone else's case study to a sufficient extent, changing enough of the sentences and enough of the paragraphs that it was deemed a new document and given a new document number. I would still characterize it as an update and a revision. Q. Do you know how much it cost to purchase a PDF of that case study from Harvard Business School Press website? A. I think it's 4 and $6. There are some discounts available. Q. I think it's six ninety-five. Page 260 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 secured servers? A. I don't know. Q. The type of research that you describe in Paragraph 24, analyzing patterns in book text, can you name any researchers who are engaged in that type of research? A. I know that there are some. I've read some of the papers, but I don't have their names on the tip of my tongue. Q. Have you ever engaged in such research yourself? A. I haven't analyzed patterns in book texts. I certainly have used large data sets obtained from library-based data set archives. I've had to learn the processes for obtaining that and analyzing that. Q. Have you ever spoken with a researcher doing analysis of book text? A. I think so. We've had at least one come to campus for a seminar, and I spoke to him pursuant to that. Q. When was that? A. Within the last two years. Q. Did you talk to any in connection with this report? 65 (Pages 257 to 260) Veritext National Deposition & Litigation Services 866 299-5127 A-1575 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 67 of 79 Page 261 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. No. Q. Did you do a survey of book text analysis researchers to find out how they would want to use book text in their research? A. No. Q. What is your view as to the probability that the library would permit a book text analysis researcher to copy the entire text of a large corpus of books onto their own computers in terms of a percentage? A. I think it would be unlikely that any library would allow that right now during the pendency of this litigation, given the significant concerns that are extant right now. On the other hand, my experience with other aspects of information security and library information security is that there tends to be a decrease over time where folks become more liberal as they become more confident, and sometimes that confidence turns out to be misplaced confidence. I have some specific examples in mind. Q. What examples are those? A. For example, sticking with the Harvard Business School, it used to be that when Page 263 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 research on the text of books? A. Amazon has limited automated analysis of specific fixed factors that are embodied in known proven code designed by professional full-time Amazon engineers who did this once and then leave it running. I'm thinking about, for example, the statistically improbable phrases analysis that Amazon at least previously ran on most books. In contrast, what we were discussing in Paragraph 24 is ad hoc analysis by professors who come and go, students who come and go, visiting researchers who really come and go all in the context of a library relationship where there's much less of a culture of supervision, management and oversight when compared to professional engineers designing software. Q. That's not a necessary but instead only a potential result of a fair use finding in this case; is that right? A. I didn't mean Paragraph 24 to be limited to a fair use finding. Right now the data sitting in libraries could already be analyzed in this way and could give rise to the sorts of problems discussed in Paragraph 24, Page 262 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 we sold an electronic copy of a case, we sold it in a special encrypted format that required that you install a reader, not the PDF reader. You had to get from us a special reader, and that reader had a variety of special purpose functions that would prevent you from printing it, prevent you from showing it on a computer connected to a projector, prevent you from taking a screen capture image. It had a number of security features. Later, we decided to abandon that software because it was unpleasant for users to install a special purpose program and have subsequently found that while our new replacement is much more convenient to users, it has created a certain amount of piracy, which is a source of some concern. Q. Does the risk set forth in Paragraph 24 of your report exist at Amazon today? MR. BONI: At Amazon? MR. GRATZ: Yes. A. Gee, I really don't think so. I hadn't been thinking of that as a risk that would occur with Amazon today. Q. Does Amazon engage in analysis or Page 264 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 even prior to a court's fair use finding one way or the other. Q. Do you know whether problems of this type have occurred? A. I don't. Q. Have you done anything to try and find out? A. I asked Mr. Boni. Q. What did he tell you? A. I think he told me he didn't know of any specifically. Q. Turning to Paragraph 25, have you ever heard of a prank involving book piracy? A. I've heard of a prank involving other kinds of piracy. Q. What other kinds of piracy? A. For example, when I went to the MIT Hack Gallery, I found quite a few that involved use of other company's trademarks which might or might not be trademark infringement, depending on whether or not a fair use defense would apply. Q. Can you tell me about the Apple -- so in Paragraph 25 you refer to an Apple -- the Apple -- a prank involving the Apple logo? 66 (Pages 261 to 264) Veritext National Deposition & Litigation Services 866 299-5127 A-1576 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 68 of 79 Page 265 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Yes. Q. Do you consider that to be in violation of intellectual property rights? A. I think it's an infringement of the trademark, and the question is whether a fair use defense applies. There is a doctrine of fair use for trademarks and stylized images. I think it's a plausible fair use defense. There, I'd really have to apply the factors and read the cases. I'm much less familiar with the Fair Use Doctrine as it applies to stylized images and logos. Q. The Apple prank which you refer occurred in October of 2011; is that right? A. I don't recall. Q. Did it occur shortly after the death of Steve Jobs? A. If you say so. Q. Did students display the Apple logo in the clock tower of Maseeh Hall at MIT in honor of Steve Jobs in the prank you referred to in Paragraph 25? A. Now, that could be. I don't recall. Q. Do you think that that prank is relevant to the issues in this case? Page 267 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 of 2004? A. I don't know. Q. Did it occur when the Red Sox made it to the World Series? A. I don't know. Q. Were the -- do you think that the students celebrating the Red Sox making it to the World Series by displaying the logo on the dome of the university building was intellectual property infringement? A. The law is what it is, and it's not for me to rewrite trademark law. I wouldn't be surprised if that is infringement as a matter of law, and fair use defense might or might not apply. It wouldn't shock me if you said that to do that a license must be paid to the Red Sox, and if you don't pay it, then you're in violation of the law. MR. GRATZ: Mark as Exhibit 19, this document. I want to note for the record before I hand it to the witness that despite the confidential legend at the bottom of this document, this is not a confidential document. (Document marked as Exhibit No. 18 for identification.) Page 266 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I can certainly see how it would seem peripheral. On the other hand, the fact that students are well known to disregard intellectual property is anything but peripheral. It's well known that Napster was most used on college campuses. There were distinctive trends. You could see the number of users signed into Napster decrease when major schools went onto spring break. So the relationship between students, university libraries and piracy is not peripheral. Q. Could you tell me about the Red Sox logo prank you referred to in Paragraph 25? A. I don't recall. I went through the site, looked at the distinctive images memorializing the pranks, but I didn't note them in great specificity. Q. Do you consider that an instance of piracy? A. I'm not sure. I do think it's probably an instance of trademark infringement, and it might be subject to a fair use defense. Q. The prank you referred to in Paragraph 25 with respect to the logo of the Boston Red Sox, did that prank occur in October Page 268 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. You have before you what's been marked as Exhibit 18. Do you recognize this document? A. Yes. Q. Is this the document to which you refer in Paragraph 26 of your report? A. I think so. Q. Do you know what security measures the University of Michigan has in place? A. That's discussed in part in this document. Q. Aside from this document, do you have any knowledge other than what is in this document of security measures that the University of Michigan has in place? A. Aside from what's discussed in this document, I don't think I have knowledge of their current security. Q. Is it your opinion that an author would not agree to have his work stored by the University of Michigan without greater security terms than those set forth in Exhibit 18? MR. BONI: Object to form. A. I'm not sure. It all depends on what the author gets in exchange. If they get zero, 67 (Pages 265 to 268) Veritext National Deposition & Litigation Services 866 299-5127 A-1577 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 69 of 79 Page 269 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 it might be a pretty tough sell. If you give them some money, that could be quite different. Q. Can you -- do you have an assessment of the probability that an author without further payment would agree to the terms in Exhibit 18? A. I don't know. I'm sure some would and some wouldn't. Q. Referring to the terms of Exhibit 18 at the end of Paragraph 26 of your report, you say that, "These vague provisions offer significantly lower protection than Google provides for even its routine business confidences." Do you see that? A. Yes. Q. Do you mean that in terms of the security required for the protection of the information? A. I meant to reference the comparisons cited in Footnote 9 for which I note differences in the circumstances in which information can be shared, restrictions on recipients and requirements as to security. I believe that the Google NDA cited in Footnote 9 actually offers greater protections, at least greater Page 271 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. All right, I'll need just a moment. I've done half of it. I need to find two different provisions, and I'm working on the second. So we are comparing Provision 3 of Exhibit 19 with Provision 4.4.1 of Exhibit 18. Q. Okay. And how are those -- what's the difference that you intended to identify? A. Well, I said there are greater restrictions on the circumstances in which information can be shared; to wit, I think the Exhibit 19 NDA doesn't allow information to be shared, and the Exhibit 18 provision does allow information to be shared. Q. Within the confines of copyright law; is that right? A. Well, I'm not sure. Perhaps even beyond the confines of copyright law. Q. I direct your attention to Part 4.1 of Exhibit 18. A. Fair enough. That section says at least that this will be within the confines of copyright law. Q. So that takes care of sharing. Certainly a nondisclosure agreement requires no Page 270 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 specificity than what we see in Exhibit 18. MR. GRATZ: I'd like to mark as Exhibit 19 this document. (Document marked as Exhibit No. 19 for identification.) Q. Do you recognize what's been marked as Exhibit 19? A. Yes. Q. What is it? A. It's the document cited in the Footnote 9. Q. Do you know whether this is a nondisclosure agreement which has been entered into by Google and various parties? A. It purports to be. Q. Do you know whether it, in fact, is? A. I know that when I visited the Google campus twice at the invitation of Google staff, I was presented with a similar NDA, which in at least one instance I refused to sign, perhaps in both instances. Q. Could you identify for me the more precise requirements as to how information must be secured in Exhibit 19 as compared to Exhibit 18? Page 272 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 sharing, and Exhibit 18 permits sharing under certain circumstances. The question I asked is with respect to precise requirements as to how information must be secured. A. Yes. So in the NDA, Exhibit 19, the second sentence of Provision 3 calls for the same degree of care, no less than a reasonable degree of care as used with respect to the participants' own similar information, and it continues, they must prevent, they must try to prevent, they must actually do it. Sounds like strict liability. MR. BONI: Say where you are. A. Within Clause 3, somewhere around there. Must actually succeed in doing the tasks detailed within A and B of that second sentence. Q. I'm not seeing the words "must prevent." I'm sorry. A. The word "prevent" is on the fifth line of -Q. And followed with a colon? A. Yes. Q. So "Participant will use the same degree of care, but no less than a reasonable degree of care, as participant uses with respect 68 (Pages 269 to 272) Veritext National Deposition & Litigation Services 866 299-5127 A-1578 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 70 of 79 Page 273 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to its own similar information to protect the confidential information and to protect -prevent." So you understand "prevent" in Exhibit 19, the "prevent" immediately before that colon to be an absolute requirement, not a requirement subject to the degree of care previous -- previously in that sentence? A. You know, when I first read this, I thought it was subject to the degree of care previously in the sentence. When I just characterized it orally a moment ago, I thought it was strict liability. Now I'm back to the first interpretation which I think may have been right all along. So -Q. At any rate, you're saying that this requires the same degree of care as the participant used with respect to its own similar information and that Exhibit 18 does not; is that right? A. That's my recollection, and now we can go back to 4.4.1. The 4.4 -Q. So and 4.4.1 says U of M shall also make reasonable efforts to prevent third parties from downloading or otherwise obtaining any Page 275 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 withstanding the very, very limited commitments in the second sentence. Q. I want to turn to Paragraphs 27 through 32 of your report. MR. BONI: Done with these for now, Joe? MR. GRATZ: Yes, you can set those aside. Q. In Paragraphs 27 through 32, you describe a number of flaws in Google's systems which were identified. Did any result in piracy? A. I didn't choose any of the flaws that resulted in piracy. Q. Are there other flaws of which you're aware that did result in piracy? A. Yes. Q. Which flaws are those? A. The Google YouTube service, by Google's own evaluation prior to acquiring YouTube, was a massive source of privacy. MR. BONI: Piracy. A. Of piracy, excuse me. Q. Was that as the result of security breaches or because people were uploading Page 274 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 portion of the U of M digital copy for commercial purposes, redistributing, etcetera. So you're drawing the distinction between taking reasonable measures and using no less than a reasonable degree of care as participant uses with respect to its own similar information? A. It's the -- it's that last part, what they do for their own similar information that first seems stricter. Secondly, a preceding sentence in 4.4.1, implementing technological measures, e.g. robots.txt -- technological measures, e.g. robots.txt, to restrict automated access seemed sort of laughable to me because that's a known defective measure, and if one were serious about blocking automated access, Google is probably the world expert on having to do that properly, and it's not via robots.txt. Q. You're referring to the second sentence of 4.4.1? A. That's right. Q. Does the second sentence of 4.4.1 limit the commitment made in the third sentence of 4.4.1? A. No. There are additional commitments, so the third sentence stands, not Page 276 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 infringing videos to YouTube? A. It was a result of a design flaw. Q. What was the design flaw? A. The design flaw had several manifestations, but it included the absence of a report piracy button, a button that was tested temporarily until it was removed in haste by YouTube managers who realized that too many users were reporting piracy. Q. How do you know that? A. That was all in Google documents provided in the Viacom litigation and then unsealed and made available for public review. Q. Are those documents -- do those documents form the basis for any of the material in your report? A. No. I relied on other Google design flaws and security breaches to form the conclusion in my report. Q. And the design flaws that you're alleging with respect to YouTube are not design flaws that resulted in the unauthorized breach of security measures which permitted piracy, but instead, in your view, were measures that were designed to -- strike that. 69 (Pages 273 to 276) Veritext National Deposition & Litigation Services 866 299-5127 A-1579 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 71 of 79 Page 277 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Good idea. Q. Start that question over. The design flaws that you referred to with respect to YouTube, were they, in your view, design flaws that resulted in the breach of security measures? A. These were not design flaws that resulted in the breach of security measures. Instead these design flaws resulted in the massive and unprecedented copyright infringement of a large number of copyrighted video and audio recordings. Q. Do you know of any instance in which third-party copyrighted material has been stolen from Google servers? A. I'm not sure what you mean by "stolen from Google servers." Q. I mean taken from Google servers without Google's authorization? MR. BONI: Object to form. Same ambiguity. A. There are multiple tools for, quote unquote, YouTube stealing. Often they have names like "YouTube stealer." These are programs that allow a user to take the video and Page 279 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 report, you say that outside hackers could access or redistribute book contents. Do you know of any instances in which hackers have accessed or redistributed books from Amazon? A. I have heard of that happening. Q. Was that following the download of a Kindle eBook file? A. That's one mechanism by which it can happen, but not the only mechanism. Q. What other mechanisms are you familiar with? A. I understand that it is possible to use Search Inside the Book to browse selected pages later or another user or another computer to browse other pages and for the book to be stitched together, and I have found programs that purport to do that all, although I wasn't able to verify the efficacy of those programs. Q. Not withstanding the existence of those programs, publishers keep their books in Search Inside the Book, to your knowledge; is that right? A. Yes. MR. GRATZ: Let's change the tape. THE VIDEOGRAPHER: Here ends Tape Page 278 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 audio of a recording on YouTube and save it to a file on their hard drive, so that, for example, they can watch it on airline, or they can continue to watch it, even if the file is removed from YouTube, and they can watch it without advertisements. Those programs exist. Google seems to have a bit of a cat and mouse program with them, where Google is the cat, but it doesn't always catch the mouse. I've confirmed repeatedly that they work, and that Google has been less than effective in stomping them out. Q. How have you confirmed that they work? A. I've attempted to use them from time to time. Q. Do you know of any such tools with respect to books? A. I've looked for such tools and couldn't find them in the first few minutes of searching. Q. Did you continue past the first few minutes of searching? A. Not really. Q. Turning to Paragraph 34 of your Page 280 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 No. 6. Off the record 5:33 p.m. (Brief recess.) THE VIDEOGRAPHER: Here begins Tape No. 7 in today's deposition of Benjamin Edelman. Back on the record, 5:41 p.m. Q. Turning to Paragraph 36 of your report, you say, "A single breach of the systems that store book contents could allow book contents to become ubiquitous online." What is the basis for your statement? A. There's an expression about putting the genie back in the bottle. I think that applies in spades here. I give two examples in the paragraph: AOL search data that should never have been put on the Internet and U.S. State Department wires that again should never have seen the light of day. Once those materials make it onto the Internet, as we all well know, there's no taking them off the Internet and so too here. Q. What's your basis for thinking that the AOL search data is the still available on BitTorrent? A. I checked. Q. Do you possess a copy of that file? 70 (Pages 277 to 280) Veritext National Deposition & Litigation Services 866 299-5127 A-1580 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 72 of 79 Page 281 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I've downloaded it maybe more than once. I wouldn't be surprised if I still have a copy floating around. Q. With respect to WikiLeaks, what's your basis for saying the information is available? A. I've read other sources indicating that it's available, although I actually haven't checked personally in any great detail. Q. Have you downloaded any of the WikiLeaks cables yourself? A. I should be clear, I've read it at the New York Times site, for example. So to the extent that you can read the primary sources there, as you can often, and in significant quantities, I've read some of them there. Q. Have you read them anywhere else? A. Maybe other mainstream major media publications. Q. How large is the AOL search data in megabytes approximately? A. Approximately one gigabyte. Q. How large do you estimate that scanned images of 20 million books would be? A. Scanned images would be much larger, Page 283 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 book contents being available, the likelihood rather than the magnitude of the harm larger if there were a proliferation of book scanners? MR. BONI: Object to form. You can answer. A. It makes the probability larger. Q. Does it affect the magnitude of the harm? A. The magnitude also, I would expect, to be larger in this context. In the context of Search Inside the Book, only a portion of books are available. I understand that the number of books there available is smaller than the number of books here at issue, and those, of course, are publishers and authors who made the considered decision to go down that route; whereas, here no one was asked. Q. Does Amazon store the entirety of books in Search Inside the Book? MR. BONI: Object to form. A. I don't know. I would think they'd need to store either all of it or most of it. Q. And if Amazon's entire corpus of digitized books, including, for example, their eBooks were taken and distributed in the manner Page 282 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 although after OCR, they might become much smaller. I would think a few gigabytes of text after OCR would probably be about right. MR. BONI: I just want to place an objection on the record that it's a slightly misleading question. We're not talking about 20 million in-copyright books or books that fall under the class definition. That's a much lower number. Q. Is the risk associated with a single breach of all books resulting in the genie coming out of the bottle, as you say, a risk that also exists with any other digitized corpus of a large number of books? MR. BONI: Object to form. A. The risk differs in some important respects from the other corpuses we've talked about, such as Amazon Search Inside the Book. Q. How does it differ? A. First, it differs because here we must consider the effect of a possible fair use ruling and the other travelers coming along and storing the data in ways that might be somewhat less secure than Google. Q. That makes, in your view, the risk of Page 284 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 discussed in Paragraph 36 of your report, would the magnitude of that be similar to the magnitude of a breach at a library? MR. BONI: Object to form. A. Paragraph 36 isn't about libraries. I can consider the question nonetheless. Shall I consider the question? MR. BONI: Why don't you -Q. If Paragraph 36 isn't about libraries, that clears it up for me. In Paragraph 38 you say, "However remote one may consider the risk of book contents becoming available, that risk must be considered in light of the devastating impact to the class if book contents become available." Here you're comparing the probability of an event to the magnitude of harm in case -- in the case where that event occurs; is that right? A. The sentence discusses both the probability and the magnitude and suggests that in light of the large magnitude, even a small probability should be significant cause for concern. Q. What is the probability of the events discussed in Paragraphs -- Paragraph 37 coming 71 (Pages 281 to 284) Veritext National Deposition & Litigation Services 866 299-5127 A-1581 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 73 of 79 Page 285 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 to pass in the event of a fair use ruling in favor of Google? MR. BONI: Object to form. You want a mathematical response to that question? MR. GRATZ: Whatever the response the witness has for me. MR. BONI: Object to form. A. I don't know. It would be easier to say once that fair ruling resulted, if it did result, once we see who comes along and scans which books and stores them in what ways, until then, it's just a little bit too speculative for me to want to put a number on it, but it certainly is a serious concern. Q. What's the magnitude of the harm in dollars? The harm here, I mean the harm that you were discussing in Paragraph 38. MR. BONI: Object to form. A. I'm not sure. It's difficult to put a dollar value on it, but I do think it's significant. If you asked a publisher what would they be willing to pay to have a complete protection against piracy, to be able to print their books on uncopyable paper or with magical ink, I think you'd find publishers would be Page 287 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Objection. You know he's not a damages expert, Joe. Q. You can answer. A. I have not. I'm not a damages expert. Q. Has a company ever come to you and asked you to evaluate the risk of intrusion into their computer systems which protects books? A. No. Q. Has a company ever come to you and asked you to evaluate the risk of intrusion into their computer systems at all? A. That seems like the kind of thing someone would have asked me to do at some point. I just need to take a moment to think about it. Certainly I've thought about that question for the organizations which -- with which I've had long-term relationships. So, for example, when I was running the Berkman Center server, that was a question I thought about. I thought about it with ICANN. I've thought about it as to portions of Harvard Business School. I've thought about it with Wesley as to the servers that we operate together, as to paying clients that come specifically for that. Page 286 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 willing to pay a significant portion of their enterprise values in order to get that magical technology. Q. And you consider that to be the measure of the magnitude of the harm set forth in Exhibit -- in Paragraph 38? MR. BONI: Object to form. A. It's not that that's how you'd measure it, but that's the sort of thought experiment one would do. Q. How would you measure it? A. On thinking about the way that other large harms are measured, how do we assess the value of a life when a life is taken away from a person? How do we assess the value of a plane crash or a nuclear disaster? It's really not my area of expertise. It's not something I've opined on here. But here I consider the totality of future lost profits. So I do my best to figure out what profits would have been and then what they will be as a result of the loss, and I subtract those two numbers, and that would be the starting point for the harm. Q. Have you done that in preparing your report? Page 288 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 I think it would be unusual for anyone to seek my assistance for that solely and specifically, but if they already knew me from something else, I can think of a couple of clients who have sought assistance with problems generally in that vein based on prior relationships. Q. If a company came to you and asked you to evaluate the risk of intrusion into its computer systems which protect books, would you accept the assignment? MR. BONI: Object to form. That's the entire hypothetical? MR. GRATZ: That's the question. A. I don't think I would be the best person to evaluate their security systems, but I think I would be able to assist them in selecting an appropriate person. I would be able to guide that person towards the areas of greatest concern, perhaps review their initial report, and suggest areas for extension and further inquiry. Q. What process would you recommend be undertaken to evaluate the risk of intrusion into those computer systems that protect books? 72 (Pages 285 to 288) Veritext National Deposition & Litigation Services 866 299-5127 A-1582 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 74 of 79 Page 289 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I suppose it would all depend on what books I was trying to protect, what I was trying to protect them from, what access I needed to allow. The easiest thing to do to prevent unauthorized access is to prevent all access by destroying the digital records, but I imagine that wouldn't be what someone hired me to tell them. They'd want some way to use it for some purposes while disallowing use for other purposes. Q. If a company came to you and asked you to evaluate the risk of an intrusion into their computer systems which protect books and which host books for the purpose of making snippets available in response to searches, what process would you take to under -- to make that evaluation? A. Well, I think I would -- I would consider the sorts of security systems that we've discussed a couple times today in different parts of our time together as to physical security, network security, software security, application level security, human resources and internal controls. I'd consider each of those. Each would be significant. Each Page 291 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 at Google. I'd look at my organizations's experience or the client's organization's experience with rogue employees. When we have a thousand engineers, how many of them turn out to be bad apples, how many bad ones do you get out of a thousand? Is there any way to prevent two of them from acting together in concert? Could we have an audit trail that prevents this kind of copying and that kind of copying? Is it possible to make an audit trail that's so robust that even a senior engineer can't turn it off? Because we know some of the problems occur from senior engineers who can bypass the ordinary control. So that's the kind of question I'd be asking as to that facet, but to be sure, each of the facets would require a different type of analysis. Q. Did you do any of that in preparing your report in this case? A. I considered those kinds of approaches. The data and information required aren't available to me and weren't necessary in order to reach the conclusions set out in my report. Page 290 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 would have multiple facets within it. And then my analysis would be informed, importantly, by the material that I was holding. If it was unique and one of a kind and highly sought after, then I would be particularly concerned about the skills of my intruders. And if I needed to allow massive, high-volume access by a large number of different users, potentially some of them fake or automated or robotic, I would be even more concerned, and I would need to be open to the possibility, the very real possibility that I couldn't do this with the required level of quality and would need to revisit my plans. Q. What information would you need to evaluate the risk of intrusion into such a system which stores books for the purpose of making snippets available in response to searches, for example? A. One would need to think about each of the aspects of security just discussed. So for example, as to human resources security, making sure that there isn't a rogue employee who takes the data in the way that other rogue employees have done other untoward things, including even Page 292 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Why weren't they necessary? Would having them have aided you in reaching your conclusions? A. Perhaps I could have reached additional conclusions. I imagine that with enough study, I might get to the point where I was prepared to put a number on some of the probabilities. There's this probability per year of this kind of bad thing happening if you use these controls. I think that is an estimatable number. One can estimate even these very small probabilities with enough analysis and enough review, but it's quite difficult, and I didn't consider it necessary or appropriate, given what I was asked to do in this report at this time. Q. Did you run any bargaining experiments in connection with your report? A. No. Q. Did you perform any statistical analysis in connection with your report? A. No. Q. In signing your own consulting agreements, have you performed market checks regarding terms? 73 (Pages 289 to 292) Veritext National Deposition & Litigation Services 866 299-5127 A-1583 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 75 of 79 Page 293 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. I don't know what that means. Can you explain that. Q. Mr. Edelman, are you familiar with the term "market checks"? A. I've a general understanding. Q. What is it? A. A market check would be a comparison of a price term or some other term with possible alternatives, benchmarks, competitors, in order to see whether that term is consistent with others that are in other respects similar. Q. Have you done that with respect to your own consulting agreements and your consulting rates? A. In some instances I have. Q. Did you do that in connection with any of the facts or opinions you set forth in your report? A. I'm sorry, I don't understand. MR. BONI: I don't understand it either. Q. Did you review the terms of any agreements -- strike that. In reaching the conclusions set forth in your report, did you perform any market Page 295 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I didn't approach it that way. Q. Did you determine the probabilities for either of those terms, that the parties would reach those terms in a negotiation? MR. BONI: What parties? Object to form. Q. The parties to the hypothetical agreement that you hypothesize in Paragraph 9 of your report. A. One thing that I did put a probability on was the chance of any liquidated damages clause becoming available without a contract, and that was zero. So it can only go up from there, and that much was clear to me. As to whether or not it would go up, it seems to me that -- that publishers, if acting together in some way, bargaining collectively, bargaining with Google, with Google in a position of weakness for whatever legal or business reason, it's possible that the publishers would be able to get quite a bit of the ground, particularly if they could use Google's confidence as to the efficacy of its security systems, frankly, to use that against Google. Page 294 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 checks? MR. BONI: I object to form. I just don't understand the line of questioning. A. I didn't see a basis for comparison to compare the contents of my expert report with three similar expert reports written by others. I didn't see the comparison group. MR. BONI: Not what you're asking. MR. GRATZ: Not what I -Q. Did you do a market check of -- so some of the -- some of the opinions you state, one of the opinions you state in your report is it that certain hypothetical contracts would have certain terms; is that right? A. At least they could if they were subject to negotiation. Q. Or that -- right. Or that certain hypothetical contracts could at least -- at least potentially have certain terms? A. Yes. Q. In determining -- did you form an opinion as to what the likelihood is that either the security term or the liquidated damages term would, in fact, end up being an element of a bargained-for agreement? Page 296 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 If Google is so sure that its security is robust, then it shouldn't have any problem making a guarantee of a thousand dollars per work in the event of a defect, since Google says that will absolutely never happen. Q. Did you assign a probability to the likelihood that that would occur? A. I didn't assign a probability to it. Q. Did you talk to any authors in preparing your report? A. No. Q. Did you talk to any publishers in preparing your report? A. No. Q. Did you talk to any staff members of the Authors Guild in preparing your report? A. No. Q. Did you review the contract governing the Back In Print program in preparing your report? A. No. Q. Did you review any other publishing agreements in preparing your report? MR. BONI: He listed what he reviewed, Joe, Exhibit C. 74 (Pages 293 to 296) Veritext National Deposition & Litigation Services 866 299-5127 A-1584 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 76 of 79 Page 297 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. You can answer the question. A. No. Q. Have you ever talked to anyone at Microsoft about its book program? A. Not recently. It would have been a couple of years ago. If I did, I don't really recall it specifically. Q. In preparing your report, did you investigate Google's security for books? A. I don't know what you mean by "investigate" in this context. Q. Did you seek to determine the strength of Google's security for books? A. I checked for secondary sources indicating that others had already bypassed the security. I didn't find sources to that effect. Q. You didn't find any sources indicating that others had bypassed Google's security for books? A. That's right, and that's something I would have wanted to know about, if such sources existed already. Q. Do you possess any Google confidential information regarding its book project? Page 299 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. In short, my advice to him -- well, he came to me as an attorney. MR. BONI: I was going to ask you that. Were you rendering legal advice? THE WITNESS: I wasn't retained. Nonetheless -MR. BONI: Doesn't matter. THE WITNESS: -- I think we should stop right here. MR. BONI: Yeah, I agree. Q. So it's your testimony that in your discussion with Deepak Malhotra regarding piracy, you were having attorney/client communications with Mr. Malhotra? A. I think I was, yes. Q. Other than Mr. Malhotra, have you discussed piracy with any other authors? A. I know that I have. But I'm having trouble recalling specifically who. Q. Do you remember what you said to them? A. Generally, my advice to individual authors is that it's hard for any individual author to do much about it, so they're probably better off individually focusing their efforts Page 298 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. I have specifically indicated that I don't want any such information, and I believe I don't have any. Q. Have you ever tried to pirate a book from Google Book Search? A. I have not. Q. Have you ever advised a -- strike that. Have you ever advised an author regarding piracy? A. I've discussed it with some authors. Q. What was the -- what authors were those? A. Most recently I discussed it with my colleague, Deepak Malhotra. Q. Any others? A. I have discussed it with others. I'm having trouble recalling specifically. Q. What did you discuss with Deepak Malhotra? A. The likelihood of piracy, the extent to which a pirated copy might detract from a ordinary purchased copy, his remedies, if any, as against piracy and those who profit from it. Q. What did you say to him? Page 300 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 on writing a great book and selling as many copies as they can to whoever is willing to pay for it. Q. Have you ever advised an author not to post digital contents for fear of piracy? A. In fact, I reached that own -- that conclusion for myself as to the Google case. I declined to post it on my website, even though I have the right to do that. So I advised myself not to do it. Q. And by the "Google case," you mean the case study regarding Google that you wrote for Harvard Business School Press? A. That's what I meant, yes. Q. Why didn't you -- why did you decide not to post it? A. The school would prefer that those cases be purchased directly from the school at the per copy price that you saw. And so even though it is an author's right to post it if the author so chooses, I decided not to for that case. Q. Do you understand the Authors Guild to be advising authors not to post digital content for fear of piracy? 75 (Pages 297 to 300) Veritext National Deposition & Litigation Services 866 299-5127 A-1585 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 77 of 79 Page 301 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: Object to form. A. I'm not sure. Q. Are any of your articles available for licensing by the Copyright Clearance Center? A. I expect that they are. Q. Have you ever negotiated with the Copyright Clearance Center regarding those issues? MR. BONI: Regarding? Q. Those issues? MR. BONI: What issues? Q. Regarding the availability of your articles for licensing through the Copyright Clearance Center? A. I believe there's a standard form that I filled out when I submitted by Ph.D. to the Harvard Library system, my Ph.D. dissertation. That is a Copyright Clearance Center form, as I call it. Q. Was it a UMI microfilms form? A. This was seven years ago. Perhaps I should refresh my recollection in some other way. It seems perfunctory, and I signed it, although if there were choices to be made, I can't tell you what choice I made. Page 303 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: If there's any confidential relationship or privileged relationship, then you shouldn't answer. A. There are both confidential and privileged issues raised by that question. MR. BONI: If there's anything you can say outside the confines of the privilege, to be fair, you should say that. A. What I've said publicly and what Microsoft has authorized me to say publicly is that I've offered them guidance on a variety of questions. Most of the work focused on things other than Google, actually. Integrity and auditing and advertising fraud and so forth. Routine business matters, from my perspective. Q. But some of the work focused on Google? A. I think I can give you a yes to that without implicating the confidentiality or the privilege, but beyond that, I feel I'm obliged to tread lightly. Q. How much money has Microsoft paid you for your work related to Google? A. I think that's confidential. Q. You were opposing counsel -- strike Page 302 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 MR. BONI: You want to show him something or are you just fishing? MR. GRATZ: Neither. Q. Does the CCC, the Copyright Clearance Center, negotiate security protocols with those who license content from the CCC for posting on the web, for example? A. I don't know. Q. Does the CCC negotiate liquidated damages terms with its licensees? A. I don't know. Q. You've done consulting work apart from your -- the expert engagements that we've discussed; is that right? A. Yes. Q. And some of that consulting work has been for Microsoft; is that right? A. Yes. Q. Overall how much money has Microsoft paid you? A. That's confidential information. Q. Have you ever spoken with anyone at Microsoft about Google? A. Yes. Q. What was said? Page 304 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 that. You were counsel for the plaintiff's in the Vulcan Gulf case in which the plaintiffs were suing Google; is that right? A. Yes. Q. Did you receive a fee in connection with that litigation? A. I did not. Q. Was that a contingent fee arrangement? A. The agreement with the class representative, the putative class representative, was that the fees would be paid only upon the successful conclusion of the litigation. Q. Did the litigation conclude successful or successfully enough to result in the payment of any money to you? A. Not successfully enough to result in the payment of any money to me. Q. How many blog posts have you written which were critical of Google? A. I'm not sure. I think more than 20. Q. How many blog posts have you written which were supportive of Google? 76 (Pages 301 to 304) Veritext National Deposition & Litigation Services 866 299-5127 A-1586 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 78 of 79 Page 305 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. More than five. Q. Fewer than 20? A. I think it's fair to say fewer than 20. Q. Are you familiar with an economist named Judith Chevalier? A. Yes. Q. Who is Judith Chevalier? A. She was at the Yale School of Management. She's an excellent economist. Q. Have you ever cited Judith Chevalier's work regarding the economics of the market for books? A. I have in at least two instances that I'm aware. Q. In what instances were those? A. My undergraduate thesis used a method that Ms. Chevalier and Austan Goolsbee developed to convert an Amazon sales rank into an estimated sales quantity. And so I cited their work in the context of that in the graduate thesis. Then I recently published an article about collecting data from the Internet and using that data for economic research, and I Page 307 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Goolsbee, the first author on that paper. Q. Turning to page 3 of the thesis, you cite the Goolsbee and Chevalier paper in the center of that page; is that right? A. Yes. Q. Turning to page 8 of the thesis, you cite the Goolsbee and Chevalier paper in the last line of that page; is that right? A. Yes. Q. And it's also cited on the following page in the second to last line; is that right? A. Yes. Q. As well as in the middle of the page? A. So it is. Q. Turning to page 31, you cite the Goolsbee and Chevalier paper at the beginning of the page? A. I do. Q. And then turning to page 70, you cite the Goolsbee and Chevalier paper in the center of the page in the middle of the line; is that right? A. Yes. Q. What is your opinion of Judith Chevalier's expertise regarding economics? Page 306 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 cited that same article again for substantially the same purpose. Q. And you cited Ms. Chevalier's work multiple times in your thesis; is that right? A. I should think I cited it multiple times, yes. Q. How about six times; is that right? MR. BONI: But who's counting? A. I don't know. I haven't read that often, recently. MR. GRATZ: Let's mark as Exhibit 20 this document. (Document marked as Exhibit No. 20 for identification.) Q. Mr. Edelman, is this your undergraduate senior thesis? A. Well, it seems to be. It's not so easy to get. Usually, people have to ask me for it, so I'm intrigued you managed to find it without asking me for it. But it seems to be what it purports to be. Q. This is the document in which you cited Ms. Chevalier's work? A. I think so. Let's check the references section. Cited under "G" for Page 308 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A. Well, I just loved this paper and found it very clever. She's been quite prolific, and I really haven't read the majority of her work. I look forward to taking the time to do that sometime soon I hope. But beyond that, she's very well-published in top journals, which means that the prevailing view among her peer reviewers is that her work is quite good. Q. What is your opinion of Judith Chevalier's expertise regarding the economics of the market for books? MR. BONI: Object to form. Q. What is your opinion of Judith Chevalier's expertise regarding the economics of the market for books? MR. BONI: Object to form. A. I'm not sure. I haven't read her opinions on that in general. I know the findings that are in the Goolsbee and Chevalier 2001 paper. As to her other conclusions, I'd need to review both the conclusions and the methodologies to see what I think. Q. Are you familiar with a man by the name of Albert Greco? A. I don't think so. 77 (Pages 305 to 308) Veritext National Deposition & Litigation Services 866 299-5127 A-1587 Case 1:05-cv-08136-DC Document 1075-16 Filed 08/26/13 Page 79 of 79 Page 309 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Q. Turning to the references cited page of your senior thesis on page 77, under G, do you see a citation to a book by A. Greco called The Book Publishing Industry? A. Yes. Q. And turning to page 33 of your senior thesis, you see the bottom of page 33 it says, "I further add two promotion-specific variables to investigate market trends noted by Greco (1997) in discussing clumping of book sales over time"? A. Yes. Q. Is that a citation to the Greco work titled The Book Publishing Industry cited in your references cited section? A. Seems to be. Q. Do you have an opinion as to Albert Greco's expertise regarding The Book Publishing Industry? A. Not really. MR. BONI: Are you done with this, Joe? MR. GRATZ: Yes. Nothing further. MR. BONI: I have nothing. THE VIDEOGRAPHER: Here ends this Page 311 1 2 CERTIFICATE COMMONWEALTH OF MASSACHUSETTS. MIDDLESEX, SS. 3 4 5 6 7 8 9 I, Avis Barber, Registered Professional Reporter and Notary Public, in and for the Commonwealth of Massachusetts, do hereby certify that: BENJAMIN G. EDELMAN, the witness whose deposition is hereinbefore set forth, was duly sworn by me, that I saw a picture identification for him in the form of his Harvard College Identification card, and that the foregoing transcript is a true and accurate transcription of my stenotype notes to the best of my knowledge, skill and ability. 10 11 12 13 14 15 16 I further certify that I am not related to any of the parties in this matter by blood or marriage and that I am in no way interested in the outcome of this matter. IN WITNESS WHEREOF, I have hereunto set my hand and notarial seal this 20th day of June 2012. --------------------------Avis Barber, RPR Notary Public My commission expires: July 30, 2015 17 18 19 20 21 22 23 24 25 Page 310 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 deposition. Off the record, 6:18 p.m. (Whereupon, the deposition was concluded at 6:18 p.m.) Page 312 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 I declare under penalty of perjury under the laws that the foregoing is true and correct. Executed on _________________ , 20___, at _____________, ___________________________. __________________________ BENJAMIN G. EDELMAN 78 (Pages 309 to 312) Veritext National Deposition & Litigation Services 866 299-5127 A-1588                                                 EXHIBIT 17 A-1589 boy Jim BOli to" « Kind le Book S .. U Fou, IP"p.rtilck) LOOK INSIDE! ]l!!lJ;f.I M ...... -Irlrirlrl, I.w.) J ~ sto.a5 ( AddtOCilIl Book secti ons 123 1I"g' 8. n.w from 50.to q COpyright Front Cove r Table of Contents First p.,ges Back Cover Ind ex Surprise Me l I:'" Searc h rnsldc This Do ok IW Sa mple seercMU in this book: ba ll four baseb"l t commi SSioner bull pen toMltJ nt Print Ouok l Zoom - I Zoom + ) ................................. .. " ...., ........ 10 the mkldle of Aup$! J went 10 see Marvill Milkes, the general manager of the Seattle An~ ls. 1 lold him thllt I wanted Jam, kind of guarantee from him about next year. There were some businesses whh "What [ would like," I lold him, "is an understanding thot no long-range potenlial I (ouki go into over the winter and J 'WOuld if I was cc:rtain I W4!sn', going to be pl8)'ing bDII. mllUer wh~1 kind of contract ),ou gi\lc me, major Icacu( or mmor league, lhat it will ~ for !l « rUlin minimum am()um. Now, l realize you do n't k.J1ow how much value I will be rOt yo u since yo u haven't gone th rough the expansion drllft and d On ' ~ knOW the kind of player' YOIl '1 1 have. So I'm not a$kiflg for a majOr-league contract, bllt just a certain minimum amount of money." !'How much money :ue you talking about'?" Milk~ srud shrewdly. "I t,lked il Olitr with. my wl1e and we arrilied 4( a figure 01 S15 Or SI6,000. That', the minimum I could alford to pia)' (or, majors or minors. Otherwise ] got to go to work," To this Milkes uid simply. "No." I couldn't say I blamed him, h was righl nbou! then, though, thai the knuckleball rd been experimenling with for a couple o( months begin to do things. 1 won two Eomes in five dayl. going all the way , giving up only lWO or three hiu. I was really doing a good job and tweryone was kind or shoc::bd. As the ~ason drew 10 a close 1 did bener and beller. The last th'e days of the season t fil'l~hed with a flurry, and my earned-run average throwing the knuckleball WaJ 1.90. which do very good. The la!.1 day of the seMOn I wa.~ in the clubhowe and Milkeli said he wanted 10 see me (or a minute. I went up to his office, and he said. "We're goint: to give you the same contract (or next year_ We'll guarantee you $22.000." This means if 1 didn't 8;tt released I'd be getting it even if I was sent down to the minors. I fell like kwing him on bott! cheek$. I 01$(1 felc like I IU'Id :I new lease on Iile. A knuckleball l'I:ld co be pretty improsive to imprt'5!o a general manager $1.000 worth. Don'l evcr Think $7,000 isn'l • lot of money in baseball. I've had hugt arguments over a lot Icn . Feeclb"ek. 1 ~ Expended V ICW I Close Books eLt l tomers .ts o boug ht could no r b.. rew.",.d ":-1 Cust omers Al so Do ught bu rn mor. re~rI .\I .. d Y(l lI r boo k h iStory .;ould n ot be r::. Your Orowsl n g liist o rv Hell) I » .l2 c ~ ~ W ~ ~ @» ® A-1590                                                 EXHIBIT 18 A-1591 ~w. t~) by Be.try Mile.! « Kindle Book The Rell Me (Plperb,c:kl '( ~ 19 .94 ( Add 10 cort ) Book s ecti ons: 2 & U!UN t. "'~w Fro m ,0 .10 8 Copyrioht Front Cover First Pages Back Cover S urprise Mel ~ Sea rc h Inside Th is Book '---_ _-----'I Sample seardu!s in this book: flit circulation man ager chicken /l1f~5 &~6,-Y07 1-~dj12.2la Print Book tide-this onc a his and hers pants show, wi th poem s for a ll the models. Onc of the poems said : classes aut! parties i n tl, eir .~ tril1C(l jea ns. Pal and Paul to.qcl.IIer make m OllY scenes IJ t How can people wrile things like that! Ma said she was afraid someone would see her by-line and think slle wrote the poem s. All Itel' articles were printed In the "Food and Family" section of the paper. But she sald, 'Tm heading for the fron t page. \Vait and sec. Before the yea r is over." Meanwhile. J WaS delivering papers every day as thollgh ) really had the rOllte. M. had taken my recommendations to the ci rculation m anager . She says she told him : "This is about Barbara Fisher , my daugh ter . But rm not asking you to change your ru les because she's my daughler. I'm asking you to change them because Ihey arc d iscri mi natory and wrong," I bet she really m ade an impression on him. I know I couldn't talk li ke tha i. Bllt all tI,e circulation m anager said was. '']'m SOffy. Marian, bu t a rule's a ru le . Tell your liLLie giTI not 10 take it personally." ~ El » ~ ~ o o ~ ~ ~ '" ~ {:. "C I ,. R Custonl c rs Also Bought r.\ You r Browsing History Baoks c usto me/'S ahic bought !:ould not be re trieved A-1592 Case 1:05-cv-08136-DC Document 1075-19 Filed 08/26/13 Page 1 of 3                                                 EXHIBIT 19 A-1593 Case 1:05-cv-08136-DC Document 1075-19 6/11/12 6/11/12 Filed 08/26/13 Page 2 of 3 Amazon.com L e Add to Widtet Add I.e VJidge( ,s\dd to aStiJre Add to a5tore JOSEPHs Amazon.com JOSEPH's /tmazon.com by Shop by Department Today's Deals TodaVs Cards Gift Cards Help Search Search Go Hello, JOSEPH Hello. JOSEPI-1 Accou nt Your Account () Q Cart IJ\ilsh Vtish List Search Insides Publisher Signup To get started in the Search Inside the Book program, you must be the exclusive rights holder (including copyright and marketing/promotion started in the Search Inside the Book program, be the exclusive holder (including copyright and marketing/promotion To of the titles you wish to submit to our Search Inside the Book program. rights) of the titles you wish to submit to our Search Inside the Book program. Once is you will see complete submission instructions. Once this form is submitted, you will see complete submission instnuctions. Search Inside the Book Participation Agreement Welcome to Search Inside the Book program "Program"), which enables visitors to any Amazon Property (as defined below) to view, Welcome to the Search Inside the Book program (the 'Program'), which enables visitors to any Amazon Property (as defined below) to view, "page browse" through your Books. Before you may participate in the Program, you must review and agree to this agreement. Please search, and 'page browse through your Books. Before you may participate in the Program, you must review and agree to this agreement. Please indicate your acceptance by checking the "I Agree" on on online sign-up form page. BY BY REGISTERING FOR OR OTHERWISE USING THE indicate your acceptance by checking the 'I Agree" boxbox the the online sign-up form page.REGISTERING FOR Oft OTHERWISE USING THE PROGRAM, YOU, ON BEHALF OF YOURSELF AND ANY ENTITY REPRESENT, AGREE TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS PROGRAM, YOU, ON BEHALF OF YOURSELF AND ANY ENTITY YOU REPRESENT, AGREE TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS AGREEMENT, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO EXECUTE THIS AGREEMENT ON BEHALF OF THE ENTITY AGREEMENT, AND YOU REPRESENTAND WARRANT THAT YOU HAVE THE AUTHORITY TO EXECUTE THIS AGREEMENTON BEHALF OF THE ENTITY YOU REPRESENT AND BIND THE ENTITY TO THE TERMS OF THIS AGREEMENT. REPRESENT AND BIND THE TO THE TERMS OF THIS AGREEMENT. You agree that Amazon Services LLC and its Affiliates (meaning those entities that are controlled by, in control of, or under common control with You agree that Amazon Services LLC and its Affiliates (meaning those entities that are controlled by, in control of, common control with Amazon Services LLC) (collectively, "Amazon.com", ''we'' or us') may include your books offered through the Amazon Properties ("Books") in the Amazon Services LLC) (collectively, 'Amazon.com', we' or "us") may include your books offered through the Amazon Properties ("Books") in Program. Accordingly, you hereby permission to Amazon.com, on a nonexciusive basis, for each of your Books, to undertake the limited Program. Accordingly, you hereby grant pennission to Amazon.com, on a nonexclusive basis, for each of your Books, to undertake the limited promotional activities described below: promotional activities described below: We may reproduce the entirety of each Book in digital farm on one or more corrputer facilities of or under the leased or Similar control 1. We may reproduce the entirety of each Book in digital form on one or more computer facilities of or under the leased or similar control of Amazon.com or its independent Amazon.com or its independent contractors. 2. We may allow visitors to any Amazon Property to view, search and "page browse" such digital reproductions of the Books. We may also display any Amazon Property search and "page reproductions Books. We also display We may allow visitors from the Books Amazon Properties, and a visitor the Amazon Properties will be able to excerpts from the Books on the Amazon Properties, and a visitor to the Amazon Properties will be able to use queries to locate, select, and display queries to locate, select, and short excerpts that include the search terms. The queries would locate, select and display such excerpts for every occurrence of the search excerpts that include the search terms. The queries would locate, select and display such excerpts for every occurrence of the search terms. A visitor will be able to view aalimited number of pages within aaBook during any single session. A visitor will be able to view limited number of pages within Book during any single session. 3. We may use digital copies of your Books to extract factual information from your Books, such as character names, and display such information Books to factual infonmation from your Books, such as character names, and display such information We may use digital copies to visitors to any Amazon Property. visitors to any Amazon Property. An "Amazon Property" means any of the following websites: the web site whose primary home Is at www.amazon.com (and any An "Amazon Property" means any of the following websites: (a) the web site whose primary home page is located at www.amazon.com (and any (b) any successor or replacement web site) and any "mirrored" version of the Site which substantially replicates the site or a portion thereof, (b) any replacement web site) and any "mirrored" version of the site which substantially replicates the site a portion web sites maintained us (including, nat limited to, www.amazon.ca, www.amazon.co.uk, www.shelfarLcom and other web sites maintained by or for us (including, but not limited to, www.arnazon.ca, www.amazon.co.uk, www.shelfari.com and www.abebooks.com) and any co-branded web site thereof, that are targeted at countries for which you have appropriate publishing and www.abebooks.com) and any co-branded web site thereof, that are targeted at countries for which you have appropriate publishing and as indicated to us by you in accordance with our program procedures, any other web site or online point of presence on distribution rights, as indicated to us by you in accordance with our program procedures, (c) any other web site or online point of presence on Amazon.com makes products or services available for discovery, (d) any site with web page widget or other web any platform through which Amazon.com makes products or services available for discovery, (d) any site with aaweb page widget or other web page real estate, any application for use on mcbile devices, or online point of presence maintained by or for us that enables the Program page real estate, any application for use on mobile devices, or online point of presence maintained by or for us that enables the Program and allows for the discovery and purchase products from (e) any other online point of presence or web site that you functionality and allows for the discovery and purchase of products from us, and (e) any other online point of presence or web site that you approve treatment as an Amazon Property at our request, such approval not to be unreasonably withheld. approve for treatment as an Amazon Property at our request, such approval not to be unreasonably withheld. We may cause such transmission, reproduction, and other use Books as mere technological incidents to and limited purpose of We may cause such transmission, reproduction, and other use of the Books as mere technological incidents to and for the limited purpose of technically enabling the foregoing (such as caching to enable display). enabling foregoing (such as caching to enable display). each Book. Amazon.com will employ available technologies to hinder downloading of the Amazon.com will errploy available technologies to hinder downloading of the displayed portions of each Book. us permission to reproduce, display, transmit, and use the Books as outlined in this Agreement, we are not obligated to Although Although you grant us permission to reproduce, store, display, transmit, and use the Books as outlined in this Agreement, we are not obligated to exercise this make no prorrise or representation that we exercise this right respect to any particular Book every portion of exercise this right and make no prorrlse or representation that we will exercise this right with respect to any particular Book or every portion of each Book. Book. You represent and warrant that you have the right to grant the pernission set forth in in this agreement, and you will indemnify andhold us you have the right to grant the perrrlssion set forth this agreement, and you will indemnify and hold us You represent and warrant arising of this representation harmless from all claims, damages, and expenses (including, without limitation, attomeys'; harmless from all claims, damages, and expenses (including, without limitation, attomeys'; fees) arising from your breach of this representation and and warranty. The permission granted by this agreement will continue for a period of three (3) years from the date of your acceptance of this agreement (which The permission granted by this agreement will continue for a period of three (3) years from the of this agreement (which "I Agree" box on the online sign-up form page) renew automatically for periods from each indicate by checking you indicate by checking the 'I Agree" box on the online sign-up form page) and will renew automatically for one-year periods from each given by in writing more ninety (90) business such expiration In the anniversary unless anniversary thereof, unless notice is given by either party in writing more than ninety (90) business days prior to such expiration date. In the event that either party delivers such notice, you may provide Amazon.com with a list of the Books you wish Amazon.com to remove from the that either party delivers such notice, you may provide Amazon.com of the Books wish Amazon.com to remove from the Program (which list will include, but not be limited to, title, author, ISBN, and binding of each Book). Upon yoUr delivery of this list, we will use each Book). Upon your delivery of this list, we use Program (which list will include, but not be limited to, title, author, ISBN, and binding commercially reasonable efforts remove Books list from the Program. commercially reasonable efforts to remove the Books on such list from the Program. limits Amazon.com may have to reproduce, display, distribute, and use Books Nothing herein restricts Nothing herein restricts or otherwise limits any rights Arnazon.com may have to reproduce, display, distribute, and otherwise use the Books as provided under applicable law or any other permission from you. You agree that all nonpublic information you receive from us regarding the provided under applicable law or any other permission from you. You agree that all nonpublic information you receive from us regarding the Program is confidential, and you will not disclose such confidential information to party. Your sole and exclusive remedy a breach of Programis confidential, and you will not disclose such confidential information to any third party. Your sole and exclusive remedy for a breach of agreement is to discontinue the Program respect to your Books. This agreement is the entire agreement between you and Amazon with this agreement is to discontinue the Program with respect to your Books, This agreement is the entire agreement between you and Amazon with to the Program, and supersedes all prior agreements and discussions respect to the Program. respect to the Program, and supersedes all prior agreements and discussions with respect to the Program. We may amend this agreement at any time and solely at our discretion. Any changes to this agreement will be effective upon posting of the We may amend this agreement at any time and solely at our discretion. Any changes to this agreement will be effective upon posting of the revisions on the Amazon Property where it was originally posted, www.amazon.com/searchinside. All notice of changes to this Agreement will be revisions on the Amazon Property where it was originally posted, www.amazon.com/searchinside. All notice of changes to this Agreement will be for thirty (30) days. You are responsible for reviewing the notice and any applicable changes. YOUR CONTINUED PARTICIPATION posted for thirty (30) days. You are responsible for reviewing the notice and any applicable changes. YOUR CONTINUED PARTICIPATION IN THE THE PROGRAMAFTER AMAZON.COM'S POSTING OF ANY CHANGES WILL CONSTITUTE YOUR ACCEPTANCE OF SUCH CHANGES OR MODIFICATIONS. PROGRAM AFTER AMAZON.COM'S POSTING OF ANY CHANGES WILL CONSTITUTE YOUR ACCEPTANCE OF SUCH CHANGES OR MODIFICATIONS. You agree to the terms of the Participation Agreement:'" agree to the terms the Agreement:* I1J I agree agree You are the rights holder of the titles you plan to submit:* are the rights of the titles to submit:* https://www.amazon.com/gp/html_forms_controller/SITB_Pub_Signup_Form?ie=UTF8&*Version*1 &*en... hUps:/Iwww.amazon.com/g p/html-forms-controlierISITB_Pub_ Signup_Form?ie=UTF8&*Version*=1 &*en." 1/2 1/2 A-1594 Case 1:05-cv-08136-DC Document 1075-19 6/11/12 6/11/12 Filed 08/26/13 Page 3 of 3 Amazon.com EJ Yes Nanle* Name* Professional Title Publishing Company Name* Address Line 1* Line 1* line 2 Address line 2 City * City* State/Province/Region* State/Province/Region* Zip/Postal Code* Zip/Postal Code" Country * Country" Email Address* Email Address" Professional Email Address Cif different) Email Address (if different) Telephone Number (including area code)" Number (including area code)* Book Distributor (optional) * indicates required field " indicates required field ubmi k~i_ https://www.amazon.com/gp/html_forms_controller/SITB_Pub_Signup_Form?ie=UTF8&*Version*=1 &*en... hUps:/Iwww.amazon.com/gp/html-forms-controlierISITB_Pub_Signup_Form?ie=UTF8&*Version*=1 &*en .. 2/2 A-1595 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 1 of 7                                                 EXHIBIT 20 A-1596 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 2 of 7 Page 1 1 **C 0 N F l DEN T I A L** 2 UNITED STATES DISTRI CT COURT 3 SOUTHERN DISTRICT OF NEW YORK 4 --------------------------------------X 5 THE AUTHORS GUILD , et al. , 6 Plaintiffs, 7 - 8 aqainst- Master File No. 05 CV 8136-DC 9 10 11 GOOGLE, INC., 12 13 Defendant. --------------------------------------X 14 15 June 8, 20 1 2 16 9:30 a . m. 17 18 Deposition of JUDITH A. CHEVALIER, 19 held at the offices of Milberg, LLP, 20 Penn Plaza, pursuant to 21 Agreement, 22 Public of the State of New York. New York , New York, before NANCY SORENSEN, One a Notary 23 24 25 VERl TEXT REPORTING CO MPAKY 2 12-279-9424 www.veritext.com 212-490-3430 A-1597 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 3 of 7 Page 125 Cheval:ier 1 J.A. 2 new go o ds ; C ON F I D E N T I A L is that right? 3 A. Correct. 4 Q. So this :is, aga:in, your analysis here 5 is part of the economic theory involving the 6 development of new goods? 7 A. We can take a break for MS. ZACK , MR. 8 9 Correct . McGOWAN : lunch. 10 Before we do that, 11 me note for the record, 12 let y o u asked for is Google 05004751. 13 14 MS . that ' s 15 ZACK: I the document number know what that is , so the big long list . (Luncheon recess: 12,26 p . m . ) 16 17 18 19 20 21 22 23 24 25 VERl TEXT REPORTING CO MPAKY 2 12-279-9424 www.veritext.com 212-490-3430 A-1598 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 4 of 7 Page 126 J.A. 1 Cheval:i.er C ON F IDE N T I AFT ERN 0 0 N 2 (Time noted : 3 U D I T H A. ION S E S S 1 : 15 p.m.) C H E V A L I E R, 4 J 5 CONTINUED EXAMINATION 7 BY resumed and testified as follows: 6 A L ZAeK: 8 Q. 9 report, Referring you to page 9 of your please? You have discussion throughout 10 this section ab o ut Go ogle Books as a 11 complement, not substitute? 12 A. Correct. 13 Q. And which y o u talk about the fact 14 that books get noticed, etcetera -- 15 A. Correct . 16 Q. -- through Google Books , 11 that's a benef:i.t. 18 and that You conclude that's a benef:i.t to authors ; right? 19 A. Correct . 20 Q. That benefit is virtually exclusive 21 22 to in-print authors ; A. correct? I wouldn't say that. I think 23 in-print authors will benefit more , but 24 out-af-print authors may benefit under certain 25 circumstances. VERl TEXT REPORTING CO MPAKY 2 12-279·9424 www.veritext.com 212-490·3430 A-1599 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 5 of 7 Page 127 1 J.A. 2 Cheval:i.er Q. CON F IDE N T I A L Can you tell me those circumstances 3 in which you think they'll benefit, 4 way Google Books works? A. 5 Yes. So I given the think they will benefit in number of circumstances. One would be if , 6 a 7 even thouqh some of the authors' 8 of print and some of the books -- if in 9 circumstances where some of the authors' books are out hooks 10 are out of print and other of the authors' 11 are in print, 12 discover a 13 Books , 14 those authors . consumers may, you know, books if they book they're interested in via Google that might lead them to other books by It may lead them to other books on 15 16 the same topic, probably benefitting different 11 authors. think a1so, 18 mechanisms and those mechanisms, 19 becoming more relevant in the marketplace, where 20 if consumers, 21 you know , there are used hooks on Amazon that 22 are selling for very high prices because there's 23 a demand for the hook to come back into print . there are some I think, are say , buy used books on Amazon and, There may be circumstances i n wh i ch, 24 25 But I y o u kn o w , a book could be driven back into print VERl TEXT REPORTING CO MPAKY 2 12-279·9424 www.veritext.com 212-490·3430 A-1600 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 6 of 7 Page 128 1 2 3 4 5 J.A . Cheval:i.er C ON F I D E N T I A L by consumer demand. Q. That's true whether there is or isn't Google Books ; A. isn ' t it? That's true whether there is or there 6 isn't Google Books, but i t ' s my testimony that 7 Google Books helps drive consumer demand for 8 books. 9 Q. So if consumers are buying used books 10 on Amazon, 11 new books by those authors? 12 A. that helps drive consumer books for I ' m saying that -- I 13 two distinct things. 14 said, I think, other books by the same author . And, 15 The consumer may look f o r you know , when consumers buy 16 used books on Amazon, 11 when i t becomes apparent that there's a 18 demand for a used book, 19 bringing the book back into print . 20 21 22 Q. you know, lot of that may assist in How does the author know if there's a lot of demand for a A. when used books, Well, used book on Amazon? for example, the price at which 23 the book is selling in the Amazon Marketplace, 24 reflects the, 25 the bo o k. ref l ects the supply and demand o f VERl TEXT REPORTING CO MPAKY 2 12-279·9424 www.veritext.com 212-490·3430 A-1601 Case 1:05-cv-08136-DC Document 1075-20 Filed 08/26/13 Page 7 of 7 Page 129 1 J.A. Cheval:i.er 2 Q. Right, CON F I D E N T I so i t could have a 3 because i t ' s in rare supply, 4 mean there's a A. 5 A L high price but that doesn ' t lot of demand; does it? If there's a high price for the book, 6 and, 7 seller posted a high price for the b o ok and 8 never sells it, but if transactions are taking 9 place at a high price, 10 you know , I suppose i t ' s possible that a that means that there's high demand relative t o supply. 11 Q. 12 publishers? 13 A. An author c o uld easily lo o k 14 Q. Could easily look i t up where? 15 Is that reported to authors or that up. Have you looked i t uP? A. 16 Yes, so i f you go to Amazon and you 11 look at Amazon Marketplace, 18 I 19 author doing this for other book sellers too, 20 would look at the copies of my used book, 21 the prices that they're selling for. 22 23 24 25 would do this, Q. I you would see -- and would advise, ff I were an I and Does that functionality tell you the prices that -- the actual sales prices? A. So i t tells you the prices that sellers have posted. If you , if you were t o, VERl TEXT REPORTING CO MPAKY 2 12-279·9424 www.veritext.com 212-490·3430 A-1602 Case 1:05-cv-08136-DC Document 1076 Filed 08/26/13 Page 1 of 3 A-1603 Case 1:05-cv-08136-DC Document 1076 Filed 08/26/13 Page 2 of 3 A-1604 Case 1:05-cv-08136-DC Document 1076 Filed 08/26/13 Page 3 of 3 A-1605 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 1 of 34 DURIE TANGRI LLP DARALYN J. DURIE (Pro Hac Vice) ddurie@durietangri.com JOSEPH C. GRATZ (Pro Hac Vice) jgratz@durietangri.com DAVID McGOWAN (Pro Hac Vice) dmcgowan@durietangri.com GENEVIEVE P. ROSLOFF (Pro Hac Vice) grosloff@durietangri.com 217 Leidesdorff Street San Francisco, CA 94111 Telephone: 415-362-6666 Facsimile: 415-236-6300 Attorneys for Defendant Google Inc. IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF NEW YORK THE AUTHORS GUILD, INC., Associational Plaintiff, BETTY MILES, JOSEPH GOULDEN, and JIM BOUTON, on behalf of themselves and all other similarly situated, Plaintiffs, Civil Action No. 05 CV 8136 (DC) v. GOOGLE INC., Defendant. GOOGLE INC.’S RESPONSES AND OBJECTIONS TO PLAINTIFFS’ STATEMENT OF UNDISPUTED FACTS IN SUPPORT OF THEIR MOTION FOR PARTIAL SUMMARY JUDGMENT A-1606 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 2 of 34 Defendant Google Inc. (“Google”), by its attorneys, and pursuant to Local Rule 56.1, respectfully submits the following Response to Plaintiffs’ Statement of Material Facts. Facts designated “Undisputed” are facts Google has elected not to dispute for purposes of Plaintiffs’ Motion for Partial Summary Judgment in this matter, and do not constitute admissions. 1. Representative plaintiff Jim Bouton holds the United States copyright in BALL FOUR (registration number A173097). See Copy of U.S. Copyright Registration No. A173097 for JIM BOUTON, BALL FOUR (Declaration of Joanne Zack in Support of Plaintiffs’ Motion for Partial Summary Judgment (hereinafter “Zack SJ Decl.”) Ex. 1). Response: Undisputed that Bouton is the legal or beneficial owner of the identified copyright. 2. Representative plaintiff Betty Miles holds the United States copyright in THE TROUBLE WITH THIRTEEN (registration number TX0000338841). See Copy of U.S. Copyright Registration No. TX0000338841 for BETTY MILES, THE TROUBLE WITH THIRTEEN (Zack SJ Decl. Ex. 2). Response: Undisputed that Miles is the legal or beneficial owner of the identified copyright. 3. Representative plaintiff Joseph Goulden holds the United States copyright in THE SUPERLAWYERS: THE SMALL AND POWERFUL WORLD OF THE GREAT WASHINGTON LAW FIRMS (registration number A346254). See Copy of U.S. Copyright Registration No. A346254 for JOSEPH GOULDEN, THE SUPERLAWYERS: THE SMALL AND POWERFUL WORLD OF THE GREAT WASHINGTON LAW FIRMS (Zack SJ Decl. Ex. 3). Response: Undisputed that Goulden is the legal or beneficial owner of the identified copyright. 2 A-1607 Case 1:05-cv-08136-DC Document 1077 4. Filed 08/26/13 Page 3 of 34 Each of the books identified in Nos. 1-3 above has been copied and displayed by Google in its Library Project without plaintiffs’ permission. See Print-outs from Google’s website displaying search results in JIM BOUTON, BALL FOUR (Zack SJ Decl. Ex. 4); Print-outs from Google’s website displaying search results for the term “pitch” in JIM BOUTON, BALL FOUR (Zack SJ Decl. Ex. 5); Print-outs from Google’s website displaying search results for the term “pitches” in JIM BOUTON, BALL FOUR (Zack SJ Decl. Ex. 6); Print-outs from Google’s website displaying search results in BETTY MILES, THE TROUBLE WITH THIRTEEN (Zack SJ Decl. Ex. 7); Print-outs from Google’s website displaying search results in JOSEPH GOULDEN, THE SUPERLAWYERS: THE SMALL AND POWERFUL WORLD OF THE GREAT WASHINGTON LAW FIRMS (Zack SJ Decl. Ex. 8); Defendant Google Inc.’s Responses and Objections to Plaintiffs First Set of Requests for Admission (hereinafter “Google Admissions”) at 11 (Zack SJ Decl. Ex. 27). Response: Undisputed that each of the books identified in Nos. 1-3 above has been scanned by Google in its Library Project without plaintiffs’ permission, and that the cited printouts reflect the display of snippets from the identified books. 5. Google had distributed approximately - scanned books to the partnering libraries, as of March 26, 2012. See Zack SJ Decl. Ex. 9 (excerpts from spreadsheet produced by Google to plaintiffs on March 26, 2012). Response: Undisputed that libraries chose to download approximately - scanned books as of March, 26, 2012 using the GRIN system. Disputed that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Decl. Stephane Jaskiewicz Supp. Def. Google Inc.’s Mot. Summ. J., ECF No. 1041 (“Jaskiewicz Decl.”) ¶¶ 6-9. 3 A-1608 Case 1:05-cv-08136-DC Document 1077 6. Filed 08/26/13 Page 4 of 34 Digital copies of BALL FOUR and SUPERLAWYERS have been distributed to the library: BALL FOUR on July 20, 2010, and SUPERLAWYERS twice, on July 29, 2009, and November 16, 2010. See id. Response: Undisputed that the chose to download BALL FOUR and SUPERLAWYERS using the GRIN system. Disputed that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. 7. The Authors Guild, Inc. is the nation’s largest organization of published authors. Print-out from http://www.authorsguild.org/about/history.html (Zack SJ Decl. Ex. 10). Response: 8. Undisputed. The Authors Guild advocates for and supports the copyright and contractual interests of published writers. Id. Response: 9. Undisputed. Defendant Google Inc. (“Google”) owns and operates the largest Internet search engine in the world. See Print-out from http://investor.google.com/corporate/faq.html (“Google is now widely recognized as the world’s largest search engine.”) (Zack SJ Decl. Ex. 11, p.1). Response: 10. Undisputed. Each day, millions of people use Google’s search engine free of charge, while commercial and other entities pay to display ads to visitors to Google’s websites and other websites that contain Google ads. See Google Dec. 14, 2004 press release, “Google Checks Out Library Books,” p.2 (Zack SJ Decl. Ex. 12). Response: Undisputed. 4 A-1609 Case 1:05-cv-08136-DC Document 1077 11. Filed 08/26/13 Page 5 of 34 For the year ended December 31, 2011, Google reported over $36.5 billion in “advertising revenues.” 2011 Google Form 10-K, p.56 (Zack SJ Decl. Ex. 13). Response: 12. Undisputed. For the year ended December 31, 2010, Google reported over $29 billion in revenue generated “primarily by delivering relevant, cost-effective online advertising.” See 2010 Google Form 10-K, p.3 (Zack SJ Decl. Ex. 14). Response: 13. Undisputed. In October 2004, Google first announced its digital books program, calling it Google Print. See GOOG000101103 (noting that Google Print was launched on October 6, 2004) (Zack SJ Decl. Ex. 15); see also Transcript of deposition of Daniel Clancy taken February 10, 2012 (hereinafter “Clancy Dep.”) at 93-94 (Zack SJ Decl. Ex. 16). Response: Undisputed that Google announced a digital books program called “Google Print" involving the hosting and display of material provided by book publishers or other rightsholders in October 2004. As outlined in the cited document, however, “Google Print” involved only the hosting and display of material provided by book publishers or other rightsholders, not the scanning of books from the collections of libraries. See Zack SJ Decl. Ex. 15 at GOOG000101103 (discussing deals with publishers, not libraries). 14. Google Print later became Google Books. Clancy Dep. at 94 (Zack SJ Decl. Ex. 16). Response: Undisputed that Google Print, which involved the hosting and display of material provided by book publishers or other rightsholders, became the “Partner Program” portion of Google Books. However, “Google Print” involved only the hosting and display of material provided by book publishers or other rightsholders, not the scanning of books from the 5 A-1610 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 6 of 34 collections of libraries. See Zack SJ Decl. Ex. 15 at GOOG000101103 (discussing deals with publishers, not libraries). 15. Google’s Partner Program together with Google’s Library Project comprise the Google Books program. Id. Response: 16. Undisputed. Works in the Partner Program are displayed with permission of the rightsholder. Clancy Dep. at 215 (Zack SJ Decl. Ex. 16); Google Books Partner Program Standard Terms and Conditions (hereinafter “Terms and Conditions”) 2-3 (Zack SJ Decl. Ex. 17). Response: 17. Undisputed. Since 2004, the Partner Program has allowed publishers and other rightsholders to permit Google to display their works in exchange for a split of ad revenue. GOOG000101103 (Zack SJ Decl. Ex. 15); Clancy Dep. at 93 (Zack SJ Decl. Ex. 16). Response: Undisputed that Google shared revenue from ads shown next to full pages of books with the publishers or other rightsholders who asked that Google host the books for them. However, not all publishers chose to display ads in connection with their books, and Google has stopped displaying ads next to full pages of books in the Partner Program. Decl. Scott Dougall Opp’n Plas.’ Mot. Partial Summ. J. (“Dougall Opp’n Decl.”) ¶¶ 5-8. 18. The Partner Program is aimed at “help[ing] publishers sell books” and “help[ing] books become discovered,” while “adding authoritative content” to Google’s website. Transcript of the deposition of Thomas Turvey taken February 17, 2012 (hereinafter “Turvey Dep.”) at 1819 (Zack SJ Decl. Ex. 18). 6 A-1611 Case 1:05-cv-08136-DC Document 1077 Response: Filed 08/26/13 Page 7 of 34 Undisputed, except that the cited passage indicates that the purpose was “[a]dding authoritative content” to “Google’s search results,” not to “Google’s website” in general. Zack SJ Decl. Ex. 18 (Turvey Dep.) at 19:7-17. 19. To participate in the program, rightsholders enter into a contract with Google and send a printed copy of their books to Google for scanning (or provide Google with an existing digital copy). Clancy Dep. at 215 (Zack SJ Decl. Ex. 16); Terms and Conditions 2-3 (Zack SJ Decl. Ex. 17). Response: 20. Undisputed. Partners decide “how much of the book is browsable” on Google, “anywhere from a few sample pages to the whole book.” See Print-out from http://support.google.com/books/bin/answer.py?hl=en&answer=43729/ (Zack SJ Decl. Ex. 19). Response: 21. Undisputed. Google agrees to share with its partners a portion of the revenue it earns from ads shown next to pages of books searched in the Partner Program. Turvey Dep. at 31 (Zack SJ Decl. Ex. 18); Terms and Conditions 8 (Zack SJ Decl. Ex. 17). Response: Undisputed that Google shared revenue from ads shown next to full pages of books with the publishers or other rightsholders who asked that Google host the books for them. However, not all publishers chose to display ads in connection with their books, and Google stopped displaying ads in connection with any books in 2011. Dougall Opp’n Decl. ¶¶ 5-8. 22. During 2004, Google entered into dozens of contracts with publishers covering tens of thousands of books. GOOG000101103 (Zack SJ Decl. Ex. 15). Response: Undisputed. 7 A-1612 Case 1:05-cv-08136-DC Document 1077 23. Filed 08/26/13 Page 8 of 34 By 2004 year end, Google had received nearly - books for the Partner Program, even though Google’s extensive outreach efforts focused almost exclusively on publishers, with little or no attempt to sign up authors. Id.; Turvey Dep. at 76-80 (Zack SJ Decl. Ex. 18); Clancy Dep. at 93 (Zack SJ Decl. Ex. 16). Response: 24. Undisputed. As of early 2012, the Partner Program included approximately 2.5 million books, by permission of approximately 45,000 rightsholders, with the number of partners continuing to grow. Turvey Dep. at 32 [sic] (Zack SJ Decl. Ex. 18). Response: 25. Undisputed. Google publicly announced a new program in December 2004, stating that it had entered into agreements with four university libraries (Harvard, Stanford, the University of Michigan, and Oxford) and the New York Public Library to “digitally scan books from their collections so that users worldwide can search them in Google.” Dec. 14, 2004 Google press release, “Google Checks Out Library Books” (Zack SJ Decl. Ex. 12, p.l). Response: 26. Undisputed. Google refers to the endeavor identified above in No. 25 as its Library Project. Clancy Dep. at 33-34 (Zack SJ Decl. Ex. 16); June 6, 2007 Google press release, “Committee on Institutional Cooperation (CIC) Joins Google’s Library Project” (Zack SJ Decl. Ex. 20). Response: 27. Undisputed. Since its December 2004 announcement, Google has entered into agreements with additional libraries (such as the Library of Congress, University of Texas at Austin, University of Virginia, University of Wisconsin-Madison, Columbia University, Cornell University, Princeton University, University of California, and the Committee on Institutional Cooperation (a 8 A-1613 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 9 of 34 consortium of twelve research universities)). June 6, 2007 Google press release, “Committee on Institutional Cooperation (CIC) Joins Google’s Library Project” (Zack SJ Decl. Ex. 20); Zack SJ Decl. Ex. 23 (compilation of agreements between Google and the various libraries, hereinafter “Library Agreements”). Response: 28. Undisputed. Google has also developed and patented scanning technology that allows library books to be copied. Clancy Dep. at 14, 211 (Zack SJ Decl. Ex. 16). Response: 29. Undisputed. Google has used this technology to copy the entirety of over twenty million books. See id. at 30; Declaration of Daniel Clancy in Support of Google Inc.’s Opposition to Plaintiffs’ Motion for Class Certification (hereinafter “Clancy Decl.”) 4 (Zack SJ Decl. Ex. 21). Response: 30. Undisputed. In exchange for access to a library’s print books, Google distributes digital copies of the scanned books to the contributing library. See Print-out from http://support.google.com/books/bin/answer.py?hl=en&answer=43751 (“Each library will receive a digital copy of every book we scan ... from their respective collections.”) (Zack SJ Decl. Ex. 22); Clancy Dep. at 44-45 (Zack SJ Decl. Ex. 16). Response: Undisputed that a library can download a digital copy of each book Google scanned from its collection using the GRIN system. Disputed that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. 9 A-1614 Case 1:05-cv-08136-DC Document 1077 31. Filed 08/26/13 Page 10 of 34 -- To carry out its scanning en masse, Google set up scanning facilities , as well as in Clancy Dep. at 180-81 (Zack SJ Decl. Ex. 16). Response: and . Undisputed. 32. . Response: Undisputed. 33. Response: 34. Undisputed. Google engaged in “bulk scanning,” with libraries providing “carts of books” for Google to scan. Id. at 15, 103. Response: Undisputed, except that Google also refrains from scanning books as to which a rightsholder has requested that Google exclude the book from the program. Clancy Decl. ¶ 11. 35. Google’s scanning operations involved approximately machines, and reached an annual budget of -- for the scanning alone. Id. at 84- 85, 179. Response: - 36. scanning Undisputed. Some libraries (e.g., ) allowed Google to scan only public domain works, while others (e.g., 10 A-1615 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 11 of 34 ) allowed Google to scan in-copyright works as well. See generally Library Agreements (Zack SJ Decl. Ex. 23); Clancy Dep. at 19 (“ ”). Response: Undisputed. 37. Response: Undisputed. 38. Response: Undisputed that . However, human operators do examine the contents of books to determine whether the book should be placed in “snippet view.” Clancy Decl. ¶ 11. 39. . See Transcript of the deposition of Kurt Groetsch (hereinafter “Groetsch Dep.”) at 27-31 (Zack SJ Decl. Ex. 24); Transcript of the deposition of Stephane Jaskiewicz (hereinafter “Jaskiewicz Dep.”) at 16-17 (Zack SJ Decl. Ex. 25); Clancy Dep. at 182-87 (Zack SJ Decl. Ex. 16). Response: Undisputed. 11 A-1616 Case 1:05-cv-08136-DC Document 1077 40. Filed 08/26/13 Page 12 of 34 Each book copied by Google as part of its Library Project was copied by Google in its entirety multiple times. Jaskiewicz Dep. at 22-29 (Zack SJ Decl. Ex. 25); Defendant Google Inc.’s Supplemental Narrative Responses and Objections to Plaintiffs’ Second Request for Production of Documents and Things (hereinafter “Supplemental Narrative”) at 5-6 (Zack SJ Decl. Ex. 26); Google Admissions at 8 (Zack SJ Decl. Ex. 27). Response: Undisputed that Google “creates and maintains, as necessary for its fair uses, more than one copy of the books it scans from library collections.” Google Admissions, Response No. 10 (Zack SJ Decl. Ex. 27). 41. Google maintains digital copies of each book it copied as part of its Library Project on its servers and on back-up tapes. Jaskiewicz Dep. at 22-29, 69 (Zack SJ Decl. Ex. 25). Response: 42. Undisputed. In response to search inquiries by users of its search engine, Google searches the complete text of books copied in its Library Project. Id. at 45-46; Supplemental Narrative at 8 (Zack SJ Decl. Ex. 26); Google Admissions at 11 (Zack SJ Decl. Ex. 27). Response: Undisputed, except that Google does not search the text of books scanned but later excluded by request of a rightsholder. Clancy Decl. ¶ 11. 43. Since 2005, pursuant to uniform rules of its own devising, Google has displayed verbatim expression from these books on the Internet in response to search requests by users of its search engine. See Google Admissions at 10 (Zack SJ Decl. Ex. 27); Supplemental Narrative at 11-12 (Zack SJ Decl. Ex. 26). Response: Undisputed that, as stated in the cited documents, Google has displayed “snippets” from millions of books in response to queries entered by users, but has not displayed snippets from books which are not in “snippet view” or “full view.” 12 A-1617 Case 1:05-cv-08136-DC Document 1077 44. Filed 08/26/13 Page 13 of 34 Google generally divides each page into eighths, each of which Google calls a snippet. Supplemental Narrative at 11-12 (Zack SJ Decl. Ex. 26); Print-out from http://www.google.com/googlebooks/library.html (Zack SJ Decl. Ex. 28); see also Print-out from http://support.google.com/books/binlanswer.py?hl=en&answer=43729/ (Zack SJ Decl. Ex. 19). Response: 45. Undisputed as to books in “snippet view.” By performing multiple searches using different search terms (including multiple search terms suggested by Google), a single user can view far more than three snippets from a Library Project book. See Print-outs from Google’s website displaying search results in JIM BOUTON, BALL FOUR (Zack SJ Decl. Ex. 4); Clancy Dep. at 43-45 (Zack SJ Decl. Ex. 16). Response: Undisputed that different searches sometimes return different snippets, subject to the security limitations set forth in Zack Decl. Ex. 26 (Supplemental Narrative) at 913. 46. Zack SJ Decl. Ex. 4 demonstrates that Google displayed to one user- making a series of consecutive searches within BALL FOUR - about 37 different snippets, consisting of over 1900 words of verbatim expression. Response: 47. Undisputed. Even minor variations in search terms will result in different displays of text. Compare snippet results for search term “pitch” in BALL FOUR (Zack SJ Decl. Ex. 5) with snippet results for search term “pitches” in BALL FOUR (Zack SJ Decl. Ex. 6); see also Clancy Dep. at 44 (Zack SJ Decl. Ex. 16) (“[F]or a given query, we might display up to three snippets, but then if you entered a different query, you might see different snippets.”). 13 A-1618 Case 1:05-cv-08136-DC Document 1077 Response: Filed 08/26/13 Page 14 of 34 Undisputed that minor variations in search terms, as in the case of the cited search queries, will sometimes result in the display of different snippets, subject to the security limitations set forth in Zack Decl. Ex. 26 (Supplemental Narrative) at 9-13. 48. Google shows its users snippets from all portions of the books displayed in its Library Project, except for the small proportion of each book that it “blacklists.” Supplemental Narrative at 11 (Zack SJ Decl. Ex. 26); Clancy Decl.10 (Zack SJ Decl. Ex. 21). Response: Undisputed that, in response to a search query from a user, if a book is in “snippet view,” any portion of the book can be displayed if the user searches for text appearing in that portion, subject to the security limitations set forth in the cited documents, including “blacklisting” of portions of books so that they are never displayed in snippets. See Zack Decl. Ex. 26 (Supplemental Narrative) at 9-13 49. For those books in snippet view, Google blacklists 10% of the pages of books and one snippet per page. See Supplemental Narrative at 11 (Zack SJ Decl. Ex. 26); Clancy Decl. 10 (Zack SJ Decl. Ex. 21). Response: Undisputed, except that Google sometimes blacklists more than 10% of the pages in a book, as noted in the above-cited Supplemental Narrative at 11. See also Decl. Brad Hasegawa Supp. Def. Google Inc.’s Mot. Summ. J., ECF No. 1040, ¶ 4. 50. For those books in snippet view, Google makes the vast majority of the text available for verbatim display to its users collectively. See Supplemental Narrative at 6-7 (Zack SJ Decl. Ex. 26); see also Zack SJ Decl. Ex. 4. Response: Undisputed that the text in each non-blacklisted snippet of each book in “snippet view” could be displayed if a user entered a search query seeking text in that snippet, and that Google does not blacklist the “vast majority” of snippets. Disputed to the extent this 14 I A-1619 I Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 15 of 34 paragraph is intended to mean that Google makes the “vast majority” of any book available to any user, an assertion which would be contradicted by the cited documents. Supplemental Narrative at 6-13 (Zack SJ Decl. Ex. 26). 51. Some of the books copied in the Library Project are placed by Google into metadata only view, where no text is displayed. See Supplemental Narrative at 6-7 (Zack SJ Decl. Ex. 26). Response: 52. Undisputed. In general, reference works , and works for which the rightsholder has instructed Google not to display the work are placed in metadata only view. Id; “QA Training Manual,” at GOOG05002440 (Zack SJ Decl. Ex. 29). Response: 53. Undisputed. To date, in its Library Project, Google has digitally copied over - in- copyright English language books (Clancy Decl. ¶ 4) (Zack SJ Decl. Ex. 21); see also Zack SJ Decl. Exs. 30-31 (spreadsheet and accompanying email from Google identifying a list of over - English language books copied and that Google has determined not to be in the public domain); distributed complete digital copies of over - of in-copyright books to libraries (see Zack SJ Decl. Ex. 9) (spreadsheet from Google identifying the scanned books which have been distributed to the partnering libraries, including certain books distributed more than once); and displayed verbatim expression as snippets from millions of in-copyright books 15 A-1620 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 16 of 34 over the Internet in response to search requests from its users. Google Admissions at 10 (Zack SJ Decl. Ex. 27). Response: copied over - Undisputed that “To date, in its Library Project, Google has digitally in- copyright English language books” and “displayed verbatim expression as snippets from millions of in-copyright books over the Internet in response to search requests from its users[,]” as the paragraph states. Undisputed that libraries have chosen to download, using the GRIN system, digital copies of more than - books not known to be in the public domain, each library able to download only books scanned from the collection of that library. Disputed that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. Disputed that Exhibits 30-31 of the Zack Declaration list books “that Google has determined not to be in the public domain.” Instead, as noted in Exhibit 31, list books “which are not known to be in the public domain[]” and which Google conservatively treats as though they are not in the public domain, but which may be revealed to be in the public domain through further investigation. 54. Google did not seek or obtain permission from copyright owners before it made the uses described in No. 53 above. Google Admissions at 12-14 (Zack SJ Decl. Ex. 27). Response: Undisputed, except as to the disputes identified in connection with No. 53 above. 55. Google has not compensated copyright owners for its copying, distribution to libraries, or display of verbatim expression from these books. Id. at 13. Response: Undisputed, assuming that “these books” refers to those referred to in No. 53 above, except as to the disputes identified in connection with No. 53 above. 16 A-1621 Case 1:05-cv-08136-DC Document 1077 56. Filed 08/26/13 Page 17 of 34 Google has admitted in its responses to Plaintiffs’ Requests for Admissions that it digitally copies books in their entirety- including in-print and out-of-print books, fiction and nonfiction books, reference books, anthologies, educational books, textbooks, dissertations, monographs, journals, government publications, and other types of works; provides entire digital copies of books to libraries, and displays snippets from books in response to user requests, all without copyright owner permission. Id. at 5-12; see also Supplemental Narrative at 5-9 (Zack SJ Decl. Ex. 26). Response: 57. Undisputed. Pursuant to their cooperative agreements with Google, each library provides books to Google, Google scans the books, makes a digital file of the books for Google’s use, and distributes digital copies of scanned books to the providing library. Clancy Dep. at 44-45 (Zack SJ Decl. Ex. 16); Library Agreements (Zack SJ Decl. Ex. 23). Response: Undisputed that “[p]ursuant to their cooperative agreements with Google, each library provides books to Google, Google scans the books, [and] makes a digital file of the books for Google’s use[.]” Undisputed that the providing library can make its own copy from Google’s digital files using the GRIN system. Disputed that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. 58. One of Google’s earliest library agreements, its digitization agreement with Stanford University, summarizes their agreement as follows: 17 A-1622 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 18 of 34 See Digitization Agreement with Leland Stanford Junior University, p.1 (Zack SJ Decl. Ex. 23 at GOOG05002264). Response: Undisputed. 59. See, e.g., Cooperative Agreement with the University of California, p.1 (Zack SJ Decl. Ex. 23 at GOOG05000306). Response: 60. Undisputed. Google’s agreements with each of the libraries have many of the same or similar terms. See Library Agreements (Zack SJ Decl. Ex. 23). Response: Undisputed. 61. Response: 62. Undisputed. Google executed the digitization by scanning the covers and every page of in- copyright books, performing optical character recognition on the scanned images to obtain machine-readable text, and then, through an “automated process compil[ing] a digital copy of the book.” Supplemental Narrative at 5-6 (Zack SJ Decl. Ex. 26); see also Jaskiewicz Dep. 25-30 (Zack SJ Decl. Ex. 25). Response: Undisputed. 18 A-1623 Case 1:05-cv-08136-DC Document 1077 63. Filed 08/26/13 Page 19 of 34 To facilitate the mutual interest in making information available to the public (see No. 59 above), Google will “digitize” mass quantities of books, with “digitize” defined as “to convert content from a tangible, analog form into a digital representation of that content.” Cooperative Agreement with the University of Michigan, p.1 (Zack SJ Decl. Ex. 23 at 00000500355). Response: Undisputed. 64. Response: Disputed to the extent this paragraph suggests that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. 65. Google itself explained that after the library requests a copy of a particular book that Google has scanned, Google provides its digital copy by placing the file of the book on a server that the requesting library can access to download the file over the Internet. See 19 A-1624 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 20 of 34 Supplemental Narrative at 8 (Zack SJ Decl. Ex. 26); see also Jaskiewicz Dep. at 65 (Zack SJ Decl. Ex. 25); Clancy Dep. at 217-19 (Zack SJ Decl. Ex. 16). Response: Undisputed that the automated GRIN system creates encrypted copies of books that libraries can download in response to requests made by libraries. Disputed to the extent this paragraph suggests that the creation and maintenance of the GRIN system by Google constitutes distribution on the part of Google, since Google does not create or distribute the electronic copies that libraries make. Jaskiewicz Decl. ¶¶ 6-9. 66. The distribution of the digital copies to the libraries was an important component of the Library Project. See Clancy Dep. at 44 (Zack SJ Decl. Ex. 16); Zack SJ Decl. Ex. 23. Response: 67. Undisputed. Dan Clancy stated at his deposition, “it is part of the Library Project that- as I stated- that we provide a copy, the ability to get a copy, for our library partners of the books we scan, in addition to any other uses.” Clancy Dep. at 45 (Zack SJ Decl. Ex. 16). Response: 68. Undisputed. Google also transfers ownership of the distributed copies to the libraries, Response: - Disputed. Google does not create or distribute the electronic copies that libraries make using the GRIN system. Jaskiewicz Decl. ¶¶ 6-9. Thus, the libraries own their copies from the time they are created. 20 A-1625 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 21 of 34 69. Response: - Undisputed. 70. See, e.g., Cooperative Agreement with the University of Michigan, p.5 (Zack SJ Decl. Ex. 23 at GOOG05000359) (“As between Google and U of M ... U of M shall own all rights, title, and interest to the U of M Digital Copy.”); Response: Disputed. Google does not create or distribute the electronic copies that libraries make using the GRIN system. Jaskiewicz Decl. ¶¶ 6-9. 71. 21 A-1626 Case 1:05-cv-08136-DC Document 1077 Response: 72. Filed 08/26/13 Page 22 of 34 Undisputed. For example, Google’s agreement with the University of Michigan specifically allows for the use of Michigan’s copies for “inclusion in Michigan’s search services.” Cooperative Agreement with the University of Michigan, p.1 (Zack SJ Decl. Ex. 23 at GOOG0500355); see also Clancy Dep. at 35 (Zack SJ Decl. Ex. 16) (“In addition, libraries receive a copy, and with that copy, they may use it for similar search and indexing or other nondisplay uses, various different research initiatives and, also, archiving it for posterity.”) Response: 73. Undisputed. The University of Michigan has included the books that Google copied for it in its own digital library, HathiTrust. Transcript of the deposition of Paul Courant taken April 23, 2012 (hereinafter “Courant Dep.”) at 15, 20-21 (Zack SJ Decl. Ex. 33). Response: 74. Undisputed. Michigan’s Dean of Libraries, Dr. Paul Courant, testified that “Google did scan works from the University of Michigan libraries, and Google- and we did indeed receive copies of those scans”; that the University of Michigan made backup copies of the files it received; and that it included those files, including of works that are in-copyright, in its HathiTrust database index, which is accessible to “essentially everyone in the United States with an Internet connection.” Courant Dep. at 15, 20-21, 43-45 (Zack SJ Decl. Ex. 33). Response: Undisputed, except to the extent that the quoted language is interpreted to mean that the Univeristy of Michigan made any content from any books in the HathiTrust database available to the general public, which the cited passage does not support. 22 A-1627 Case 1:05-cv-08136-DC Document 1077 75. Filed 08/26/13 Page 23 of 34 Google undertook the Library Project for commercial reasons. GOOG05004756 (Zack SJ Decl. Ex. 34); GOOG000645741 (Zack SJ Decl. Ex. 35); Supplemental Narrative at 9 (Zack SJ Decl. Ex. 26); Clancy Dep. at 84-85, 117, 120, 141, 198-203 (Zack SJ Decl. Ex. 16) Response: Undisputed that Google undertook the Library Project in part for commercial reasons. The cited documents do not support the proposition that Google undertook the Library Project entirely for commercial reasons. Clancy Decl. ¶¶ 3-4. 76. A Google internal presentation in 2003 states that Response: Disputed. 77. Response: 23 A-1628 Case 1:05-cv-08136-DC Document 1077 78. Dan Clancy testified that, Response: 79. Filed 08/26/13 Page 24 of 34 Undisputed. Google monetizes its search product by running advertisements in response to search queries. Id. at 117. Response: Undisputed that advertisements appear on Google pages containing a list of search results. 80. Response: 81. Undisputed. Clancy testified that during the six years he was chief engineer for Google Books, Google invested Response: Undisputed. 82. Response: Undisputed in that facts 83 and 84 below are Undisputed. 24 A-1629 Case 1:05-cv-08136-DC Document 1077 83. As Clancy testified, Response: 84. Undisputed. Clancy testified that Response: 85. Filed 08/26/13 Page 25 of 34 Undisputed. Google has stated: “Google admits that it has entered into agreements with certain libraries, pursuant to which those libraries have requested that Google scan books, including incopyright works, provided to Google by the library, and Google has provided digital copies of millions of those books to the libraries....” Google Admissions at 7 (Zack SJ Decl. Ex. 27). Response: 86. Undisputed. Google also makes a number of non-display uses of Books it copies in its Library Project. Supplemental Narrative at 9 (Zack SJ Decl. Ex. 26). Response: 87. Undisputed. The non-display uses identified in No. 86 above have commercial benefits to Google. Id. Response: Undisputed that some of the non-display uses Google makes of the books have some indirect commercial benefit to Google, in addition to their benefits to scholarship and the public interest. Clancy Decl. ¶¶ 3-4, 15. 88. Google makes available over See Zack SJ Decl. Exs. 30-31. Response: - Undisputed that more than 25 books on the Internet in snippet display. books are in snippet view. A-1630 Case 1:05-cv-08136-DC Document 1077 89. Filed 08/26/13 Page 26 of 34 An “index” of books’ metadata already exists. Transcript of the deposition of Gloriana St. Clair taken May 31, 2012 (hereinafter “St. Clair Dep.”) at 46-48 (Zack SJ Decl. Ex. 36). Response: Undisputed that electronic card catalogs, which allow searching only by metadata (rather than searching the text of the book), existed before Google Books was created. 90. Libraries use what is known as MARC records to catalog books. Id. at 48. Response: 91. Undisputed. “MARC records are essentially the electronic version of a card catalog record,” and contain the book’s metadata, such as author, title, publishing information. Id. at 46, 48. Response: Undisputed that MARC records contain the same information as a traditional paper card catalog. 92. To create MARC records, the book does not need to be scanned or copied. Clancy Dep. at 25-26 (Zack SJ Decl. Ex. 16); Groetsch Dep. at 21-25 (Zack SJ Decl. Ex. 24). Response: 93. Undisputed. The cataloging of metadata through MARC records is done by hand with the cataloger reviewing the physical book and identifying enumerated fields of information. See Groetsch Dep. at 21-25 (Zack SJ Decl. Ex. 24). Response: 94. Undisputed. The Copyright Clearance Center presently licenses “essentially printed content, much of the same nature as the material scanned by Google.” See Report of Daniel Gervais ¶ 11 (Zack SJ Decl. Ex. 37). Response: Undisputed that the Copyright Clearance Center licenses uses of printed content, albeit for different uses than the conduct at issue in this litigation. See Decl. Joseph 26 A-1631 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 27 of 34 Gratz Opp’n Plas.’ Mot. Summ. J. (“Gratz Opp’n Decl.”) Ex. 15 (“Gervais Dep. Tr.”) 119:7-22; 169:14-176:2; 209:8-9, 11-12; 235:19-22. 95. If Google’s uses are found to be fair, this will legitimize widespread digital copying without permission, thereby impeding the development of collective license for digital uses of books and excerpts from books by search engines, libraries, and others. Id. ¶¶ 17, 42. Response: This paragraph recites conclusions based on an incomplete hypothetical involving parties other than Google. To the extent this paragraph recites any material facts, they are not supported by any competent evidence because Mr. Gervais has no basis for the conclusions he recites in the cited paragraphs. See Gervais Dep. Tr. 138:21-140:2; 192:14196:16; 207:1-7; 210:5-15; 214:16-25; 199:16-23; 217:21-218:24. See also id. at 159:22-25; 164:7-17; 167:4-9; 167:25-168:5. 96. Collective management of copyright provides important advantages in licensing uses of copyrighted works, as it reduces transaction costs, benefitting authors and users. Id. ¶ 19. Response: 97. Undisputed. Collective management of copyright has existed for more than two centuries and is indispensable for many types of copyright uses. Id. ¶¶ 12, 15. Response: 98. Undisputed. For example, in the United States, ASCAP, BMI and SESAC are well-known organizations that license the use of music. See id. ¶ 18. Response: 99. Undisputed. The Copyright Clearance Center (“CCC”) is another well-known collective management organization (“CMO”). Id. ¶ 28. Response: Undisputed. 27 A-1632 Case 1:05-cv-08136-DC Document 1077 100. Filed 08/26/13 Page 28 of 34 If they wish to participate, authors or publishers register their works with the CCC, which offers per-use and annual repertory licenses. Id. Response: 101. Undisputed. A business or academic institution can enter into an agreement with the CCC that permits it to, for instance, photocopy a periodical article or create an electronic coursepack. Id. Response: 102. Undisputed. CMOs typically pay authors and other rightsholders based on actual usage of their works, id. ¶ 5, which can result in substantial revenue to rightsholders. Response: 103. Undisputed. In its 2011 fiscal year, CCC reported revenues in excess of $238 million, with payments to rightsholders exceeding $171 million. Id. ¶ 28. The difference between the two numbers includes but is not all a service charge. Due to the time period required to process usage data, the 2011 distributions were mostly of 2010 collections which were significantly lower than 2011 collections. Id. at 9 n.15. Response: 104. Undisputed. Collective licensing markets have often developed in response to new technologies: “Often, after a new form of use has emerged collective management systems are established to license uses that have been found to be desirable but unauthorized.” Id. ¶ 41. Response: 105. Undisputed. A collective management system “would develop here if some or all of Google’s uses are found not to be fair.” Id. ¶ 17. Response: This paragraph recites a conclusion based on an incomplete hypothetical, not a fact. To the extent this paragraph recites a fact, it is not supported by any competent 28 A-1633 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 29 of 34 evidence because Mr. Gervais has no basis for the conclusion he recites in the cited paragraphs. See Gervais Dep. Tr. 138:21-140:2; 192:14-196:16; 207:1-7; 210:5-15; 214:16-25; 199:16-23; 217:21-218:24. See also id. at 159:22-25; 164:7-17; 167:4-9; 167:25-168:5. 106. If Google’s conduct is permitted as fair use and becomes widespread, such an outcome can be expected to thwart the development of collective management systems for the digital uses of books (and book excerpts) that would otherwise likely develop. Id. ¶ 42; see also id. ¶ 17. Response: This paragraph recites a conclusion based on an incomplete hypothetical, not a fact. To the extent this paragraph recites a fact, it is not supported by any competent evidence because Mr. Gervais has no basis for the conclusion he recites in the cited paragraphs. See Gervais Dep. Tr. 138:21-140:2; 192:14-196:16; 207:1-7; 210:5-15; 214:16-25; 199:16-23; 217:21-218:24. See also id. at 159:22-25; 164:7-17; 167:4-9; 167:25-168:5. 107. Google admits in its Form 10-K that its “security measures may be breached due to the actions of outside parties, employee error, malfeasance, or otherwise, and, as a result, an unauthorized party may obtain access to our data or our users’ or customers’ data. Additionally outside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users’ or customers’ data. Any such breach or unauthorized access could result in significant legal and financial exposure, damage to our reputation, and a loss of confidence in the security of our products and services that could potentially have an adverse effect on our business. Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these 29 A-1634 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 30 of 34 techniques or to implement adequate preventative measures.” Google 2011 Form 10-K, at 15 (Zack SJ Decl. Ex. 13). Response: 108. Undisputed. Google does not in practice, monitor or control the security of the digital copies of books provided by it to libraries in its Library Project, and the security measures of libraries who receive digital copies of books from Google are subject to similar breaches. Clancy Dep. at 195-202 (Zack SJ Decl. Ex. 16); Courant Dep. at 5253 (Zack SJ Decl. Ex. 33); Transcript of the deposition of James Crawford taken April 10, 2012 (hereinafter “Crawford Dep.”) at 56 (Zack SJ Decl. Ex. 38); see generally Expert Report of Benjamin Edelman (hereinafter, “Edelman Report”) (Zack SJ Decl. Ex. 39). Response: Undisputed that Google is not obligated to, and does not in practice, monitor or control libraries’ security measures. Disputed that libraries are subject to security breaches, for the reasons discussed with respect to paragraph 109 below. 109. Subsequent copying by the libraries of the digital files received by them from Google, see Courant Dep. at 22-27 (Zack SJ Decl. Ex. 33), risks further security breaches. Edelman Report ¶¶ 20-26 (Zack SJ Decl. Ex. 39). Response: Disputed. Mr. Edelman admits he has no knowledge of the security measures put in place by the libraries, and thus has no basis to opine regarding whether their activities create security risks. See Edelman Report ¶ 21 (Zack SJ Decl. Ex. 39) (“I have not been informed of all the ways that libraries intend to use the book contents data they receive from Google, nor have I been informed how libraries intend to secure that data.”); Gratz Opp’n Decl. Ex. 16 (“Edelman Dep. Tr.”) 247:25-252:11. See also Decl. Joseph C. Gratz Supp. Def. 30 A-1635 Case 1:05-cv-08136-DC Document 1077 Filed 08/26/13 Page 31 of 34 Google Inc.’s Mot. Summ. J., ECF No. 1036 (“Gratz SJ Decl.”) Ex. 1 (“Courant Dep. Tr.”) 106:23-107:9. 110. As the number of unlawful copies of an in copyright book increases, so does the risk of further infringement and/or piracy of the work. Id. ¶¶ 14-19. Response: This paragraph recites a conclusion based on an incomplete hypothetical, not a fact. To the extent this paragraph purports to recite a fact, it is not supported by any competent evidence because Mr. Edelman has no basis for the conclusions he recites in the cited paragraphs. See Edelman Dep. Tr. 237:12-240:25. See also id. at 244:6-20; 245:17-246:24; 246:25-247:24; 296:9-298:6; 290:15-292:22. 111. The copyright holder’s control over the distribution and publication of his or her work becomes increasingly threatened when multiple unauthorized digital copies are created, and even more so when they are placed on and/or distributed over the Internet. Id. ¶¶ 34, 36. Response: This paragraph recites a conclusion based on an incomplete hypothetical, not a fact. To the extent this paragraph recites a fact, it is not supported by any competent evidence because Mr. Edelman has no basis for the conclusion he recites in the cited paragraphs. See Edelman Dep. Tr. 280:6-20. See also id. at 244:6-20; 245:17-246:24; 246:25-247:24; 296:9298:6; 290:15-292:22. 112. If Google’s bulk and indiscriminate copying is found to be “fair,” other website operators, no matter how small, will also be given sanction to create online databases of books and other works. Id. ¶¶ 9, 13, 18. Response: This paragraph recites a legal conclusion, not a fact. To the extent this paragraph recites a fact, disputed; Mr. Edelman testified to the contrary. Edelman Dep. Tr. 193:20-196:1. 31 A-1636 Case 1:05-cv-08136-DC Document 1077 113. Filed 08/26/13 Page 32 of 34 These website operators may have insufficient security to prevent widespread piracy of such works. Id. ¶¶ 18-19. Response: This paragraph recites conclusions based on an incomplete hypothetical involving parties other than Google. To the extent this paragraph recites any material facts, they are not supported by any competent evidence because Mr. Edelman has no basis for the conclusions he recites in the cited paragraphs. See Edelman Dep. Tr. 244:6-246:24; 246:25247:24. See also id. at 210:16-212:23; 212:24-217:23. 114. In particular, less sophisticated operators have a reduced capability to design, install, and maintain systems to secure books, as well as a lesser ability to screen their internal staff to prevent data theft by rogue employees or to adapt their systems to prevent hacking by outsiders. Id. ¶ 18. Response: This paragraph recites conclusions based on an incomplete hypothetical involving parties other than Google. To the extent this paragraph recites any material facts, they are not supported by any competent evidence because Mr. Edelman has no basis for the conclusions he recites in the cited paragraph. See Edelman Dep. Tr. 244:6-246:24. 115. These concerns will only be amplified if “numerous companies and organizations scan books,” because “attackers can focus their efforts on whichever installs the weakest security. Similarly, attackers can take advantage of even a brief period when a single book provider is insecure....” Id. ¶ 19. Response: This paragraph recites conclusions based on an incomplete hypothetical involving parties other than Google. To the extent this paragraph recites any material facts, they are not supported by any competent evidence because Mr. Edelman has no basis for the conclusions he recites in the cited paragraph. See Edelman Dep. Tr. 246:25-247:24. 32 A-1637 Case 1:05-cv-08136-DC Document 1077 116. Filed 08/26/13 Page 33 of 34 These are not merely hypothetical risks, but reveal a real danger to authors, as book piracy is already occurring. Id. ¶¶ 11-12; see also id. ¶¶ 13-17 (discussing multiple ways in which books may be redistributed through piracy). Response: Undisputed that unauthorized copies of some books, taken from sources other than Google Books, are available on the Internet. To the extent this paragraph recites any other facts, they are not supported by any competent evidence because Mr. Edelman has no basis for the conclusion he recites in the cited and referenced paragraphs of his report, as described in connection with the above paragraphs. See Edelman Dep. Tr. 235:9-19; 236:4-7; 236:25-237:2; 241:19-242:18; 249:14-17. 117. A security breach could have a “devastating impact” on the Class. Id. ¶ 38; see also id. ¶ 36 (describing how information may remain widely available, even after measures are taken to correct the breach, as information cannot be “unpublished” once it becomes publicly available on the Internet). Response: This paragraph recites conclusion based on an incomplete hypothetical, not a fact. To the extent this paragraph recites a fact, it is not supported by any competent evidence because Mr. Edelman has no basis for the conclusion he recites in the cited paragraphs. See Edelman Dep. Tr. 284:24-287:9. See also id. at 244:6-20; 245:17-246:24; 246:25-247:24; 296:9-298:6; 290:15-292:22. 118. If Google’s unauthorized reproduction, distribution and display is found not to be fair, licenses will be required for such uses, and copyright owners can require in such licenses that financial responsibility for the risks of unauthorized uses of the copies be fairly allocated between the parties to the license. Id. ¶¶ 9, 39. 33 A-1638 Case 1:05-cv-08136-DC Document 1077 Response: Filed 08/26/13 Page 34 of 34 This paragraph recites a legal conclusion, not a fact. To the extent this paragraph recites a fact, it is not supported by any competent evidence because Mr. Edelman has no basis for the conclusion he recites in the cited paragraphs. See Edelman Dep. Tr. 206:6208:7; 210:16-212:23; 212:24-217:23; 218:17-219:10; 221:6-23; 224:23-225:24; 226:24-227:10; 302:4-11. See also id. at 244:6-20; 245:17-246:24; 246:25-247:24; 296:9-298:6; 290:15-292:22. Dated: August 26, 2013 Respectfully submitted, By: Joseph C. Gratz Daralyn J. Durie (pro hac vice) ddurie@durietangri.com Joseph C. Gratz (pro hac vice) jgratz@durietangri.com DURIE TANGRI LLP 217 Leidesdorff Street San Francisco, CA 94111 Telephone: 415-362-6666 Facsimile: 415-236-6300 Attorneys for Defendant Google Inc. 34 A-1639 Case 1:05-cv-08136-DC Document 1092 Filed 12/23/13 Page 1 of 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ------------------------------------- x The Authors Guild, Inc., Associational Plaintiff, Betty Miles, Joseph Goulden, and Jim Bouton, individually and on behalf of all others similarly situated, Plaintiffs, v. Google Inc., Defendant. : : : : : : : : : : : : Case No. 05 CV 8136-DC ------------------------------------- x NOTICE OF APPEAL NOTICE IS HEREBY GIVEN that Plaintiffs The Authors Guild, Inc., Associational Plaintiff, Betty Miles, Joseph Goulden and Jim Bouton, individually and on behalf of all others similarly situated (“Plaintiffs”) in the above-captioned action hereby appeal to the United States Court of Appeals for the Second Circuit from the Judgment entered on November 27, 2013 and the Amended Judgment entered on December 11, 2013 granting Defendant’s motion for summary judgment, denying Plaintiffs’ motion for partial summary judgment, and dismissing Plaintiffs’ claims with prejudice. Respectfully submitted on this 23rd day of December, 2013. FRANKFURT KURNIT KLEIN & SELZ, P.C. By: /s/ Edward H. Rosenthal Edward H. Rosenthal, Esq. Jeremy S. Goldman, Esq. 488 Madison Avenue, 10th Floor New York, New York 10022 Phone (212) 980-0120 Fax: (212) 593-9175 A-1640 Case 1:05-cv-08136-DC Document 1092 Filed 12/23/13 Page 2 of 2 Michael J. Boni (pro hac vice) Joshua D. Snyder John E. Sindoni BONI & ZACK LLC 15 St. Asaphs Rd. Bala Cynwyd, PA 19004 Tel: (610) 822-0200 Fax: (610) 822-0206 mboni@bonizack.com jsnyder@bonizack.com jsindoni@bonizack.com Robert J. LaRocca (pro hac vice) KOHN SWIFT & GRAF, P.C. One South Broad Street, Suite 2100 Philadelphia, PA 19107 Tel: (215) 238-1700 Fax: (215) 238-1968 rlarocca@kohnswift.com Sanford P. Dumain MILBERG LLP One Pennsylvania Plaza New York, NY 10119 Tel: (212) 594-5300 Fax: (212) 868-1229 sdumain@milberg.com Attorneys for Plaintiffs 2

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?