Thursday, September 04, 2014

Using GoFundMe for Litigation

Here is a creative way this local news anchor is trying to raise public awareness and money for defending his case against a non-compete he had signed with his former employer. Watch him and his litigation team explain their woes. 

 

Posted by Orly Lobel on September 4, 2014 at 08:59 PM in Information and Technology, Intellectual Property, Web/Tech, Workplace Law | Permalink | Comments (0)

Monday, June 16, 2014

Looks like President O got an early start on that coconut

After the next inauguration, quipped President Obama in a hipster Tumblr interview today, he says he'll "be on the beach somewhere, drinking out of a coconut . . ."  Maybe sooner than that, as the president proclaims at the beginning of the interview:  "We have enough lawyers, although it's a fine profession.  I can say that because I'm a lawyer."

So "don't go to law school" is the message he wants to get across.  Larger debate, of course.  But let's see what he says right afterward.  Study STEM fields, he insists, in order to get a job after graduation.  STEM study, yes indeed.  But STEM trained grads often look beyond an early career as a bench scientist or an IT staffer, or a mechanical career or . . . that is, STEM-trained young people look to leverage these skills to pursue significant positions in corporate or entrepreneurial settings.  Hence, they look for additional training in business school, in non-science master's programs, and, yes, even in law schools

Tumblr promises #realtalk, so here is some real talk:  Significant progress in developing innovative projects and bringing inventions to market require a complement of STEM, business, and legal skills.  These skills are necessary to negotiate and navigate an increasingly complex regulatory environment and to interacts with lawyers and C-suite executives as they develop and implement business strategy.   Perhaps too many lawyers, but not too many lawyers who are adept at the law-business-technology interface.  "Technology is going to continue to drive innovation," wisely insists President Obama.  But it is not only technology that is this driver, but work done by folks with a complement of interdisciplinary skills and ambition.

Posted by Dan Rodriguez on June 16, 2014 at 07:29 PM in Information and Technology, Science, Web/Tech | Permalink | Comments (11)

Thursday, May 01, 2014

UF Law's (and My) New MOOC: The Global Student's Introduction to US Law

I am now officially part of a MOOC, which went online today. It has been a learning experience (!!), with the biggest lesson being that it is nowhere as easy as you might think to put one of these courses together. I plan to blog about the experience at length when I get a chance. For now, though, you might be interested in viewing the University of Florida Law School's foray into the great MOOC experiment: The Global Student's Introduction to US Law

The course description is as follows: 

In this course, students will learn basic concepts and terminology about the U.S. legal system and about selected topics in the fields of constitutional law, criminal law, and contract law. A team of outstanding teachers and scholars from the University of Florida faculty introduces these subjects in an accessible and engaging format that incorporates examples from legal systems around the world, highlighting similarities to and differences from the U.S. system.  Students seeking an advanced certificate study additional topics and complete assignments involving legal research that are optional for basic level students. The course may be of interest both to U.S. students contemplating law school and to global students considering further study of the U.S. legal system.

My Senior Associate Dean Alyson Flournoy spearheaded the project, and we had excellent technical assistance, which was crucial, by Billly Wildberger. My colleagues Pedro Malavet, Jeff Harrison, Claire Germain, Loren Turner, Jennifer Wondracek, and Sharon Rush all provided lectures, and our research assistant Christy Lopez is providing support with the discussion forums. 

Posted by Lyrissa Lidsky on May 1, 2014 at 09:49 AM in Culture, Information and Technology, International Law, Life of Law Schools, Lyrissa Lidsky, Teaching Law, Web/Tech | Permalink | Comments (1)

Wednesday, April 30, 2014

Of (Courtney) Love and Malice

Today Seattle Police released a note found on Kurt Cobain at his death excoriating wife Courtney Love. Based on her subsequent behavior, Love cannot have been an easy person to be married to. I've been researching Love lately for an article on social media libel that I'm writing with RonNell Andersen Jones.  Love is not only the first person in the US to be sued for Twitter libel; she's also Twibel's only repeat player thus far. According to news reports, Love has been sued for Twitter libel twice , and recently she was sued for Pinterest libel as well. 

Love's Twitter libel trial raises interesting issues, one of which is how courts and juries should determine the existence of  "actual malice" in libel cases involving tweets or Facebook posts by "non-media" defendants. As you probably recall, the US Supreme Court has held that the First Amendment requires public figures and public officials to prove actual malice--i.e., knowledge or reckless disregard of falsity--before they can recover for defamation. And even private figure defamation plaintiffs involved in matters of public concern must prove actual malice if they wish to receive presumed or punitive damages.  However, US Supreme Court jurisprudence elucidating the concept of actual malice predominantly involves “media defendants”—members of the institutional press—and the Court’s examples of actual malice reflect the investigative practices of the institutional press. Thus, the Court has stated that in order for a plaintiff to establish actual malice, “[t]here must be sufficient evidence to permit the conclusion that the defendant in fact entertained serious doubts as to the truth of his publication." [St. Amant v. Thompson] Actual malice, for example, exists if a defendant invents a story, bases it on ‘an unverified anonymous telephone call,” publishes statements “so inherently improbable that only a reckless man would have put them in circulation,” or publishes despite “obvious reasons to doubt the veracity of [an] informant or the accuracy of his reports." Id.

These examples have little resonance for “publishers” in a social media context, many of whom, like Love, post information spontaneously with little verification other than perhaps a perusal of other social media sources. The typical social media libel defendant is less likely than her traditional media counterpart to rely on informants strategically placed within government or corporate hierarchies or to carefully analyze primary sources before publishing. Moreover, the typical social media defendants has no fact-checker, editor, or legal counsel and is less likely than institutional media publishers to have special training in gauging the credibility of sources or to profess to follow a code of ethics that prizes accuracy over speed. 

The issue Courtney Love's libel trial appears to have raised is whether it constitutes reckless disregard of falsity if a defendant irrationally believes her defamatory accusation to be true. I say "appears," because one can only glean the issue from media accounts of Love's libel trial--the first full jury trial for Twitter libel in the US. The jury found that Love lacked actual malice when she tweeted in 2010 that her former attorney had been "bought off." Specifically, Love tweeted: “I was f—— devestated when Rhonda J. Holmes esq. of san diego was bought off @FairNewsSpears perhaps you can get a quote[sic].” Holmes sued Love in California state court for $8 million, arguing that the tweet accused Holmes of bribery. Love contended that her tweet was merely hyperbole. News accounts of the jury verdict in Love’s favor, however, indicate that the jury found that Love did not post her tweet with “actual malice." The jury deliberated for three hours at the end of the seven-day trial before concluding that the plaintiff had not proved by clear and convincing evidence that Love knew her statements were false or doubted their truth.

The Love case doesn't set any precedents, but it raises interesting issues for future cases. According to court documents and news accounts, Love consulted a psychiatrist for an “addiction” to social media. Certainly Love’s actions in the series of defamation cases she has generated do not seem entirely rational, but there is no “insanity defense” to a libel claim. Yet the determination of whether a defendant had “actual malice” is a subjective one, meaning that it is relevant whether the defendant suffered from a mental illness that caused her to have irrational, or even delusional, beliefs about the truth of a statement she posted on social media. It seems problematic, however, for the law to give no recourse to the victims of mentally disordered defamers pursuing social media vendettas based on fantasies they have concocted. As a practical matter, this problem is likely to be solved by the skepticism of juries, who will rarely accept a defendant’s argument that she truly believed her delusional and defamatory statements. Or at least I hope so. 

And in case you wondered . . . Love's first social media libel case involved her postings on Twitter, MySpace and Etsy calling  a fashion designer known as the "Boudoir Queen" a "nasty lying hosebag thief" and alleging that the Queen dealt cocaine, lost custody of her child, and committed assault and burglary. Love apparently settled that case for $430,000. Love's third social media libel case involves further statements about the Queen that Love made on the Howard Stern show and posted on Pinterest. Some people, it seems, are slow learners.

Posted by Lyrissa Lidsky on April 30, 2014 at 06:30 PM in Blogging, Constitutional thoughts, Culture, Current Affairs, First Amendment, Information and Technology, Lyrissa Lidsky, Torts, Web/Tech, Weblogs | Permalink | Comments (0)

Sunday, November 03, 2013

NYT v. Sullivan Anniversary Symposium at U. of Georgia

 The University of Georgia Law Review is hosting an impressive and impressively well organized symposium honoring the fiftieth anniversary of the Supreme Court's decision in New York Times v. Sullivan. Justice John Paul Stevens is the keynote speaker,  and David Savage of the LA Times will be giving a lunchtime talk.  The panels of speakers discussing press issues old and new include Justice Steven's former clerk Sonja West, RonNell Andersen Jones, William Lee, Amy Gajda, Amy Kristin Sanders, Lili Levi, Paul Horwitz, and Rodney Smolla, and Hillel Levin will be moderating at least one of the panels.

I will be participating on the "new media" panel, discussing my paper-in-progress, "The Press and Constitutional Self-Help, Then and Now," a synopsis of which is below.

Once upon a time, the U.S. Supreme Court routinely decided press cases, but that period of time came to an end about twenty years ago. The Court’s disinclination to decide press cases kicked in just as the Internet began eroding the press’ traditional role as gatekeeper and translator of news and information and threatening the financial viability of traditional media. As we near the fiftieth anniversary of New York Times v. Sullivan, it is striking how few landmark press cases have been decided since the Internet, and now social media, have entered the scene.

The Supreme Court decided the vast majority of its landmark press cases between 1964 and 1984, in what we media lawyers might now look back on as the “Golden Age” of press cases.  These cases contain some of the Court’s loftiest rhetoric about the special role the press plays in our democracy. Yet these same cases recognize only negative press freedoms; they protect only freedom from government intrusions such as prior restraints or compelled publication but refuse to interpret the First Amendment to provide the press with “special” access to governmental information or institutions not available to other citizens or special exemptions from generally applicable laws that interfere with newsgathering.  The Court’s refusal to recognize affirmative press rights during this period arguably suggests that the Court was merely paying lip service to the notion that the press plays a special role in democracy, for it seems intuitive that a “special role” should come with “special rights.”

I contend, however, that the Supreme Court that decided the press cases of the Golden Age was committed to a special constitutional role for the press but envisioned the press (or, more aptly, the media) as a true Fourth Estate—an unofficial branch of government capable of checking the other three by using its own powerful resources to safeguard its ability to play its special role. The Court assumed  that, in most instances, the media could use its own political and economic power to gain access to government information, protect confidential source relationships, and fight overreaching by the executive or legislative branches. In other words, the Court assumed that the media could engage in “constitutional self-help” to play their role. But this theory of constitutional self-help depends on a number of assumptions about the media that were largely true in the 1970s but may not be today. Media that are economically and politically powerful, popular with the public, and united in pursuit of common goals may indeed be able to fight off threats to their ability to play a special role in our democracy, especially when government officials depend on the media to carry government messages to the public. In light of recent developments, however, it is fair to question the ability of new media to use constitutional self-help to access government information or protect confidential sources, for reasons I will explore further in my talk (and my paper). Fundamental shifts in the balance of power between today’s Fourth Estate and the three official branches may signal a need to reexamine the assumptions underlying the press cases of the Golden Age.



 

Posted by Lyrissa Lidsky on November 3, 2013 at 03:37 PM in Constitutional thoughts, First Amendment, Lyrissa Lidsky, Web/Tech | Permalink | Comments (0) | TrackBack

Tuesday, June 18, 2013

Libel Law, Linking, and "Scam"

Although I'm a little late to the party in writing about Redmond v. Gawker Media, I thought I'd highlight it here because, though lamentably unpublished , the decision has interesting implications for online libel cases, even though the court that decided it seems to have misunderstood the Supreme Court's decision in Milkovich v. Lorain Journal.

Redmond involved claims against "new media" company Gawker Media based on an article on its tech blog Gizmodo titled Smoke and Mirrors: The Greatest Scam in Tech. The article criticized a new tech "startup," calling it " just the latest in a string of seemingly failed tech startups that spans back about two decades, all conceived, helmed and seemingly driven into the ground by one man: Scott Redmond." The article further suggested that Redmond, the CEO of the new company, used “technobabble” to promote products that were not “technologically feasible”  and that his “ventures rarely—if ever—work.”  In other words, the article implied, and the title of the blog post stated explicitly, that Redmond’s business model was a “scam.” Redmond complained to Gizmodo in a lengthy and detailed email, and Gizmodo posted Redmond's email on the site. Regardless, Redmond sued Gawker and the authors of the post for libel and false light. Defendants filed a motion to strike under Califonia’s anti-SLAPP statute. The trial court granted the motion, and the California appellate court affirmed.

Unsurprisingly, the appellate court found that the Gizmodo article concerned an “issue of public interest,” as defined by the anti-SLAPP statute, because Redmond actively sought publicity for his company. The court described “the Gizmodo article [as] a warning to a segment of the public—consumers and investors in the tech company—that [Redmond's] claims about his latest technology were not credible.” This part of the decision is entirely non-controversial, and the court's interpretation of "public interest" is consistent with the goal of anti-SLAPP laws to prevent libel suits from being used to chill speech on matters of significant public interest.

More controversial is the court's determination that Gizmodo's use of the term “scam” was not defamatory (and thus Redmond could not show a probability of prevailing). The court noted that “’scam’ means different things to different people and is used to describe a wide range of conduct;” while the court's assertion is correct, surely at least one of the "different things" that "scam" can mean is defamatory. [For a similar statement, see McCabe v. Rattiner, 814 F.2d 839, 842 (1st Cir. 1987) ]. While the term "scam" is usually hyberbole or name-calling, in some contexts the term acts as an accusation of criminal fraud, especially when accompanied by assertions of deliberate deception for personal gain. However, the court found that "scam" was not defamatory as used in the Gizmodo article, relying heavily on the fact that the authors gave links to “evidence” about the fates of Redmond's prior companies and his method of marketing his new one.  The court concluded that the statement that Redmond's company was a “scam” was “incapable of being proven true or false.”

It is clear that the court's categorization of the statements about Redmond as “opinion rather than fact” relied on online context--both the conventions of the blog and its linguistic style. The court asserted that the article contained only statements of opinion because it was “completely transparent,” revealing all the “sources upon which the authors rel[ied] for their conclusions” and containing “active links to many of the original sources.” Technology-enabled transparency, according to the court,  “put [readers] in a position to draw their own conclusions about [the CEO] and his ventures.” The court also stressed the blog's  “casual first-person style." The authors of the article, according to the court, made “little pretense of objectivity,” thereby putting “reasonable reader[s]” on notice that they were reading “subjective opinions.”

As attractive as this reasoning is, especially to free speech advocates and technophiles, one should read the Redmond decision with caution because it almost certainly overgeneralizes about the types of "opinion" that are constitutionally protected. The Supreme Court's 1990 decision in Milkovich v. Lorain Journal clearly and forcefully indicates that a statement is not constitutionally protected simply because a reader would understand it to reflect the author's subjective point of view.  Instead, the Milkovich Court held that a purported "opinion"  can harm reputation just as much as explicit factual assertions, at least when it implies the existence of defamatory objective facts. Hence, the Court declared that the statement "In my opinion Jones is a liar" can be just as damaging to the reputation of Jones as the statement "Jones is a liar," because readers may assume unstated defamatory facts underlie the supposedly "subjective" opinion. Moreover, even if the author states the underlying facts on which the conclusion is based, the statement can still be defamatory  if the underlying facts are incorrect or incomplete, or if the author draws erroneous conclusions from them. The Court therefore rejected the proposition that defamatory statements should be protected as long as it is clear they reflect the authors' point of view, or as long as they accurately state the facts on which they are based.  [This analysis is freely borrowed from  this article at pp. 924-25, full citations are included there.]

 

Posted by Lyrissa Lidsky on June 18, 2013 at 03:24 PM in Blogging, Constitutional thoughts, First Amendment, Information and Technology, Lyrissa Lidsky, Torts, Web/Tech, Weblogs | Permalink | Comments (2) | TrackBack

Tuesday, May 14, 2013

Is a broadcast to everyone private under the Copyright Act?

For the final post in my extended visit here, I want to focus on another example in my series of discussions about formalism vs. policy in copyright. Today’s case is WNET v. Aereo, which allowed continued operation of a creative television streaming service. As I’ll discuss below, the case pretty clearly complies with the statutory scheme, much to the relief of those who believe content is overprotected and that new digital distribution methods should be allowed. This time, the policy opposition is best demonstrated by Judge Chin’s dissent in the case.

In the end, though, the case shows what all of the cases I’ve discussed show: copyright was not really developed with digital content storage and streaming in mind. While some rules fit nicely, others seem like creaky old constructs that can barely hold the weight of the future. The result is a set of highly formalistic rules that lead to services purposely designed inefficiently to either follow or avoid the letter of the law. This problem is not going to get any better with time, though my own guess hope is that the pressure will cause providers to create some better solutions that leave everyone better off.

Here are the basic facts.  Aereo runs a system with thousands of dime size antennas. Each of these antennas can capture over-the-air broadcast television, but not cable or satellite signals. OTA signals are “free” – viewers don’t have to pay for access to them the way they do for cable. 

Aereo then runs what is essentially a remote digital video recorder for each subscriber. That is, when a user wants to watch or record a program, the Aereo system tunes one of the antennas to the appropriate channel at the appropriate time, saves the resulting TV signal (a show) to disk, and then either streams it to the user over the internet or stores it for the user for later viewing.

Aereo does this for every single subscriber; if 10,000 people want to record a show, then 10,000 antennas store 10,000 copies of the program.  Why, you ask, would it do something so ridiculously costly and redundant? Because it’s the law, of course.  A prior case, called Cartoon Network stands for this proposition. Here’s the logic: a) a user can use DVRs to store recordings at home (relatively well settled law since the Supreme Court’s decision not to hold VCR makers liable back in 1984); b) a cable operator can store those DVRs at the cable site, because where a customer’s DVR is located does not change the nature of its use, but c) the cable operator must maintain each customer’s choices like a DVR, meaning that the customer chooses what to record, and that a separate copy must be maintained for each customer.

The question in Aereo, then, is whether this basic framework changes if the “cable provider” is now an “antenna farm” provider. There are some differences. The cable subscriber is paying a fee that allows for the rebroadcast of content from the cable operator to the subscriber. Without such a fee/license, such rebroadcast would be infringement. Aereo has no such license, and thus its service could be considered a rebroadcast, which is a no-no. Just ask the folks who tried to rebroadcast NFL games into Canada.

The Aereo Court agreed with the rationale in Cartoon Network, however; the license was not relevant.  Instead, the individualized copies were simply not “public” performances. They were private: selected by the user, recorded in the user’s disk quota, and shown in that form only to the user. As the court noted, it was as if the user had a private antenna, DVR, and Slingbox located at Aereo’s facility, and the fact that Aereo owned it and charged for the service was irrelevant.

Judge Chin dissented from the opinion, and took an opposite view, best described using the original dissent’s text:

Aereo's "technology platform" is, however, a sham. The system employs thousands of individual dime-sized antennas, but there is no technologically sound reason to use a multitude of tiny individual antennas rather than one central antenna; indeed, the system is a Rube Goldberg-like contrivance, over-engineered in an attempt to avoid the reach of the Copyright Act and to take advantage of a perceived loophole in the law.

Judge Chin’s dissent goes on to argue that the formalistic reading of the statute fails, and that we should see Aereo’s acts for what they are: a transmission of content to members of the public, which thus constitutes public performance.

This disagreement is a great ending illustration of the cases I’ve blogged about this month. The tension between formalistic statutory reading and policy based glosses is palpable.  In my last post, I made clear that I favor following the statute unless convinced otherwise.

But that doesn’t answer the fundamental question, which is: what do we make of all this? Sure, this case was rightly decided. Perhaps now this might lead to the formation of an efficient/licensed broadcast network streaming service that costs users less than Aereo because it is less resource intensive.

I’m not sure the Aereo ruling is the right one in the long run.  One of the thorny issues with broadcast television is range. Broadcasters in different markets are not supposed to overlap. Ordinarily, this is no issue because radio waves only travel so far.  When a provider sends the broadcast by other means, however, overlap is possible, and the provider keeps the overlap from happening. DirecTV, for example, only allows a broadcast package based on location.

Aereo is not so limited, however. Presumably, one can record broadcast shows from every market. Why should this matter? Imagine the Aereo “Sunday Ticket” package, whereby Aereo records local NFL games from every market and allows subscribers to stream them. Presumably this is completely legal, but something seems off about it. While Aereo’s operation seems fine for a single market, this use is a bit thornier. I’m reasonably certain that Congress will close that loophole if any service actually tries it.

Thus, dealing with what should be clearly legal under the statute is thornier than it appears at first.  While I believe that more and cheaper streaming options would be a good thing, I wonder whether the disruption to local broadcast markets is the right way to get there. One thing is clear: copyright law is ill equipped to answer the question.

Thanks again to Prawfs for having me, and I'll see you next time around (and in the meantime at madisonian.net).

Posted by Michael Risch on May 14, 2013 at 08:34 AM in Intellectual Property, Television, Web/Tech | Permalink | Comments (7) | TrackBack

Monday, April 29, 2013

Why I Decided to Construct a Free Online Casebook Available to Anyone for Civ Pro Using the H20 Platform

One of the nice things about tenure is that it frees you up to to do things you know are good for the world but may not be adequately valued in the tenure process. This summer I will embark on one such project, building a free online casebook for Civ Pro. I will be using the Harvard Berkman Center H20 "hack the casebook" platform. This great platform allows you to create "playlists" of cases and other materials that can be "remixed" by others, added to, etc. The initial goal of the project is to create a completely free H20 platform casebook for each of the firsy year classes, and I have stepped up to do Civ Pro.

Let me tell you a little bit about why I chose to do this because it may encourage others to join this great project or ones like it.

First, like others, I am shocked at how expensive textbooks have become for doctrinal 1L course. I realized that together my casebook and supplement (including the FRCP, major statutesm, etc) would cost my students $243 a piece and thus providing them with free materials would save at least $19,000 among my own students for next year. When multiplied over several years, as well as the possibility that other faculty would adopt this textbook and save their students money, this just seemed like a value creating proposition.In a time when students across the U.S. are struggling with the high price of legal education, I felt I should do what I could here.

Second, most of the materials I teach in my Civ Pro class are major Supreme Court cases (with a few Circuit and state court cases) that could be easily found and edited in public domain format, which the H20 platform makes easy. Just because of the way I teach my own course and the textbook I was using, I was already not assigning many of the notes that followed the cases and I was supplementing the book with additional materials (some written up by myself) so that the value the casebook was offering to my course that could not be found in the public domain was lessened. To be sure, I will still have to replace introductory sections of various parts of the book with my own write-ups as well as do editing of all the versions of the cases I will still use -- no small amount of effort -- but I might have felt differently about undertaking this if my casebook was doing more original work for me in the way I taught my course.

Third (and here I am purposefully not being specific and naming the casebook in question because, for all I know, all Casebooks in the field are similar in this regard): my casebook is more than 1200 pages long. I estimate that I use only about 300-450 of those pages in a 4 credit introductory course. It does have a compact addition for shorter courses, but unfortunately what it chooses to keep versus discard is not a good fit for what I use from the book. Before I decided to do the H20 version myself, I called the publisher of my casebook to see if I could "buy by the page" for the pages I actually use, a practice that some textbooks allow you to do. I was told I could not. Given that they have gone to the trouble of creating a "condensed" version I do not blame the authors/publishers, but this was the last straw for me in deciding to go it on my own.

This summer, along with my RAs, will be spent doing a beta version of the free H20 Casebook for Civ Pro that I will test out with my incoming 1Ls in the fall. I am incredibly grateful to Harvard Law School for allowing me to use my time (and RA time) for this project whose value will hopefully be externalized. I am particularly grateful to my dean, Martha Minow, since she is herself the co-author of a Civ Pro textbook (not the one I had been using), so she is basically authorizing the law school to fund a project that may cut into her own sales. She's just that kind of classy person! The beta version will be kept internal to my students for the fall, but if all goes well I hope to share it with the world in 2014 and perhaps others will want to adopt it.

- I. Glenn Cohen

 

Posted by Ivan Cohen on April 29, 2013 at 10:26 AM in Civil Procedure, Culture, Web/Tech | Permalink | Comments (6) | TrackBack

Wednesday, April 24, 2013

On Policy and Plain Meaning in Copyright Law

As noted in my last post, there have been several important copyright decisions in the last couple months. I want to focus on two of them here: Viacom v. YouTube and UMG v. Escape Media. Both relate to the DMCA safe harbors of online providers who receive copyrighted material from their users - Section 512 of the Copyright Act. Their opposing outcomes illustrate the key point I want to make: separating interpretation from policy is hard, and I tend to favor following the statute rather than rewriting it when I don't like the policy outcome. This is not an earthshattering observation - Solum and Chiang make a similar argument in their article on patent claim interpretation. Nevertheless, I think it bears some discussion with respect to the safe harbors.

For the uninitiated, 17 U.S.C. 512 states that "service providers" shall not be liable for "infringement of copyright" so long as they meet some hurdles. A primary safe harbor is in 512(c), which provides exempts providers from liability for "storage at the direction of a user of material that resides on a system" of the service provider. 

To qualify, the provider must not know that the material is infringing, must not be aware of facts and circumstances from which infringing activity is apparent, and must remove the material if it obtains this knowledge or becomes aware of the facts or circumstances. Further, if the copyright owner sends notice to the provider, the provider loses protection if it does not remove the material. Finally, the provider might be liable if it has the right and ability to control the user activity, and obtains a direct financial benefit from it.

But even if the provider fails to meet the safe harbor, it might still evade liability. The copyright owner must still prove contributory infringement, and the defendant might have defenses, such as fair use. Of course, all of that litigation is far more costly than a simple safe harbor, so there is a lot of positioning by parties about what does and does not constitute safe activity.

This brings us to our two cases:

Viacom v. YouTube

This is an old case, from back when YouTube was starting. The district court recently issued a ruling once again finding that YouTube is protected by the 512(c) safe harbor. A prior appellate ruling remanded for district court determination of whether Viacom had any evidence that YouTube knew or had reason to know that infringing clips had been posted on the site. Viacom admitted that it had no such evidence, but instead argued that YouTube was "willfully blind" to the fact of such infringement, because its emails talked about leaving other infringing clips on the site - just not any that Viacom was alleging. The court rejected this argument, saying that it was not enough to show willful blindness as to Viacom's particular clips.

The ruling is a sensible, straightforward reading of 512 that favors the service provider.

UMG v. Escape Media

We now turn to UMG v. Escape Media. In a shocking ruling yesterday, the appellate division of the NY Supreme Court (yeah, they kind of name things backward there) held that sound recordings made prior to 1972 were not part of the Section 512 safe harbors. Prior to 1972, such recordings were not protected by federal copyright. Thus, if one copies them, any liability falls under state statute or common law, often referred to as "common law copyright."  Thus, service providers could be sued under any applicable state law that protected such sound recordings.

Escape Media argued that immunity for "infringement of copyright" meant common law copyright as well, thus preempting any state law liability if the safe harbors were met.

The court disagreed, ruling that a) "copyright" meant copyright under the act, and b) reading the statute to provide safe harbors for common law copyright would negate Section 301(c), which states that "any rights or remedies under the common law or statutes of any State shall not be annulled or limited by this title until February 15, 2067." The court reasoned that the safe harbor is a limitation of the common law, and thus not allowed if not explicit.

If this ruling stands, then the entire notice and takedown scheme that everyone relies on will go away for pre-1972 sound recordings, and providers may potentially be liable under 50 different state laws. Of course, there are still potential defenses under the common law, but doing business just got a whole lot more expensive and risky to provide services. So, while the sky has not fallen, as a friend aptly commented about this case yesterday, it is definitely in a rapidly decaying orbit.

Policy and Plain Maining

This leads to the key point I want to make here, about how we read the copyright act and discuss it. Let's start with YouTube. The court faithfully applied the straightforward language of the safe harbors, and let YouTube off the hook. The statute is clear that there is no duty to monitor, and YouTube chose not to monitor, aggressively so.

And, yet, I can't help but think that YouTube did something wrong. Just reading the emails from that time period shows that the executives were playing fast and loose with copyright, leaving material up in order to get viewers. (By they way, maybe they had fair use arguments, but they don't really enter the mix). Indeed, they had a study done that showed a large amount of infringement on the site. I wonder whether anyone at YouTube asked to see the underlying data to see what was infringing so it could be taken down. I doubt it.

I would bet that 95% of my IP academic colleagues would say, so what? YouTube is a good thing, as are online services for user generated content. Thus, we read the statute strictly, and provide the safe harbor.

This brings us to UMG v. Escape Media. Here, there was a colossal  screw-up. It is quite likely that no one in Congress thought about pre-1972 sound recordings. As such, the statute was written with the copyright act in mind, and the only reasonable reading of the Section 512 is that it applies to "infringement of copyright" under the Act. I think the plain meaning of the section leads to this conclusion. First, Section 512 refers to many defined terms, such as "copyright owner" which is defined as an owner of one of the exclusive rights under the copyright act. Second, the copyright act never refers to "copyright" to refer to pre-1972 sound recordings that are protected by common law copyright. Third, expanding "copyright" elsewhere in the act to include "common law copyright" would be a disaster. Fourth, state statutes and common laws did not always refer to such protection as "common law copyright," instead covering protection under unfair competition laws. Should those be part of the safe harbor? How would we know if the only word used is copyright?

That said, I think the court's reliance on 301(c) is misplaced; I don't think that a reading of 512 that safe harbored pre-1972 recordings would limit state law. I just don't think that's what the statute says, unfortunately.

Just to be clear, this ruling is a bad thing, a disaster even. I am not convinced that it will increase any liability, but it will surely increase costs and uncertainty. If I had to write the statute differently, I would. I'm sure others would as well.

But the question of the day is whether policy should trump plain meaning when we apply a statute. The ReDigi case and the UMG case both seem to have been written to address statutes who did not foresee the policy implications downstream. Perhaps many might say yes, we should read the statute differently.

I'm pretty sure I disagree. For whatever reason - maybe the computer programmer in me - I have always favored reading the statute as it is and dealing with the bugs through fixes or workarounds. As I've argued with patentable subject matter, the law becomes a mess if you attempt to do otherwise.  ReDigi and UMG are examples of bugs. We need to fix or work around them. It irritates me to no end that Congress won't do so, but I have a hard time saying that the statutes should somehow mean something different than they say simply because it would be a better policy if they did. Perhaps that's why I prefer standards to rules - the rules are good, until they aren't. 

This is not to say I'm inflexible or unpragmatic. I'm happy to tweak a standard to meet policy needs. I've blogged before about how I think courts have misinterpreted the plain meaning of the CFAA, but I am nevertheless glad that they have done so to reign it in. I'm also often persuaded that my reading of a statute is wrong (or even crazy) even when I initially thought it was clear. I'd be happy for someone to find some argument that fixes the UMG case in a principled way. I know some of my colleagues look to the common law, for example, to solve the ReDigi problem. Maybe there is a common law solution to UMG. But until then, for me at least, plain meaning trumps policy.

 

Posted by Michael Risch on April 24, 2013 at 04:12 PM in Information and Technology, Intellectual Property, Web/Tech | Permalink | Comments (3) | TrackBack

Tuesday, April 23, 2013

Impact of the “Lander Brief” in the Myriad (Gene Patent) Case – and an answer to Justice Alito’s Question

The Supreme Court heard oral arguments on April 15 in Association of Molecular Pathology et al. v Myriad, concerning whether human genes are patent-eligible subject matter. The case focused on Myriad’s patents on two genes, BRCA1 and BRCA2, involved in early-onset breast cancer

Surprisingly, many of the Court’s questions for Myriad’s counsel focused on what Justice Breyer dubbed the “Lander Brief” – an amicus filed on behalf of neither party by one of the country’s leading scientists, Dr. Eric Lander. (Lander was one of the leaders of the Human Genome Project and co-chair’s the Presidents Council of Advisors on Science and Technology.) [Full Disclosure: I am one of the authors of this brief] Justices Breyer, Ginsburg and Alito referred to the brief by name, and several other Justices were clearly influenced by the information in the brief.

I believe that the “Lander brief” was a hot topic of conversation because the Justices realized that it was central to applying the Court’s product-of-nature doctrine to DNA. Importantly, the brief demolished the scientific foundation of the Federal Circuit decision on appeal. The Federal Circuit panel held that human chromosomes are not patent-eligible because they are products of nature, but a majority found that “isolated DNA” fragments of human chromosomes (such as pieces of the breast cancer genes) are patent-eligible. The Federal Circuit’s distinction rested on its assumption that (unlike whole chromosomes) isolated DNA fragments do not themselves occur in nature, but instead only exist by virtue of the hand of man.

The Federal Circuit cited no scientific support for its crucial assumption – neither in the record below, nor in any scientific literature. 

Embarrassingly, the Federal Circuit’s assumption turned out to be flat-out wrong. The Lander brief summarized 30 years of scientific literature showing that natural processes in the human body routinely cleave into isolated DNA fragments. Isolated DNA fragments turn out to be abundant outside of cells – including in cell-free blood, urine and stool. They are so common that they can be used for genetic diagnostics of inherited diseases and cancers. In fact, they are so prevalent that several scientific groups have shown that it is possible to determine the entire genome sequence of a fetus based on analyzing the isolated DNA fragments found in a teaspoons-worth of its mother’s blood. 

Justice Breyer relentlessly pushed Myriad’s counsel to declare whether he agreed or disagreed with the Lander Brief. When the counsel finally declared that he disagreed, Justice Breyer demanded:

JUSTICE BREYER: Okay. Very well. If you are saying it is wrong, as a matter of science, since neither of us are scientists, I would like you to tell me what I should read that will, from a scientist, tell me that it's wrong.

The only reply that Myriad’s counsel could muster was to point to a declaration that had been filed (by Dr. Mark Kay) in the District Court case in 2009. (In fact, Dr. Kay’s declaration said nothing whatsoever about whether isolated DNA fragments occur in Nature. It concerned how to construe terms in Myriad’s patent.)

A few minutes later, Justice Ginsburg returned to the point:

JUSTICE GINSBURG: Do you concede at least that the decision in the Federal Circuit, that Judge Lourie did make an incorrect assumption, or is the Lander brief inaccurate with respect to that, too? That is, Judge Lourie thought that isolated DNA fragments did not exist in the human body and Dr. Lander says that --

MR. CASTANIAS: No, what -- I think Justice -- Judge Lourie was exactly correct to say that there is nothing in this record that says that isolated DNA fragments of BRCA1 exist in the body. Neither does Dr. Lander's brief, for that matter. And for that matter, those isolated fragments that are discussed in Dr. Lander's brief again are -- are what are known not -- not in any way as isolated DNA, but as pseudogenes. They're typically things that have been killed off or mutated by a virus, but they do not –

Here, Myriad’s counsel proved to be confused. Contrary to Mr. Castanias’s statement, the Lander brief (on page 16) explicitly stated that isolated DNA fragments were found covering the entire BRCA1 and BRCA2 genes. Also, “pseudogenes” had nothing to do with Lander’s brief; they arose in the ACLU’s brief for Petitioners and in Myriad’s reply. (“Pseudogenes” are sequences in the human genome that occur when RNA is rarely reverse transcribed into DNA; they are relevant to the patentability of cDNA but are unrelated to the patentability of genomic DNA.)

Justice Alito then jumped in, offering the only glimmer of hope for Myriad’s counsel:

JUSTICE ALITO: But isn't this just a question of probability? To get back to your baseball bat example, which at least I -- I can understand better than perhaps some of this biochemistry, I suppose that in, you know, I don't know how many millions of years trees have been around, but in all of that time possibly someplace a branch has fallen off a tree and it's fallen into the ocean and it's been manipulated by the waves, and then something's been washed up on the shore, and what do you know, it's a baseball bat.

In other words, Justice Alito asked whether isolated DNA fragments of the BRCA genes might be freakishly rare. Neither opposing counsel nor the Solicitor General had an opportunity to address Justice Alito’s question, because they had already spoken.

The answer to Justice Alito’s questions turns out to be: VERY common. A typical person contains roughly one billion isolated DNA fragments of the BRCA genes circulating in his or her blood.

The Lander Brief (in footnote 23) cites several papers showing that, in 1 milliliter of blood (1/4000th of total circulation), each nucleotide in the human genome was covered by about 250 fragments on average. In total circulation, this corresponds to about 1 million fragments (= 4000 x 250) covering each individual base. Across the length of the BRCA genes, this translates to about 1 billion fragments.

 More explicitly, footnote 25 points to a web site published by Stanford Professor Stephen Quake (the author of one of the studies), in which he specifically reported the coverage of the BRCA genes in the blood stream. Dr. Quake’s data directly showed that a typical person carries roughly 945 million fragments of isolated DNA from the BRCA1 and BRCA2 genes.

I was very happy the Lander brief has got this much attention, since I think that once the Court understands the fundamental mistake made by the Federal Circuit (and apparently Myriad’s counsel), as several of the Justices questions suggested they did at oral argument, the outcome of the case becomes clear. The Court actually can sidestep a number of more difficult questions in patent law (about the precise meaning of the standard under Diamond v. Chakrabarty for when a molecule is “markedly different” than a product of nature), because isolated DNA fragments of the human genome are precisely products of nature themselves.

Posted by Ivan Cohen on April 23, 2013 at 02:28 PM in Intellectual Property, Web/Tech | Permalink | Comments (0) | TrackBack

Tuesday, April 16, 2013

Solving the Digital Resale Problem

As Bruce Willis's alleged complaints about not being able to leave his vast music collection to his children upon his death illustrate, modern digital media has created difficulties in secondary and resale markets. (I say alleged because the reports were denied. Side note: if news breaks on Daily Mail, be skeptical. And it's sad that Cracked had to inform Americans of this...).

 This post describes a recent attempt to create such a market, and proposes potential solutions.

In the good old days, when you wanted to sell your old music, books, or movies, you did just that. You sold your CD, your paperback, or your DVD. This was explicitly legalized in the Copyright Act: 17 USC Section 109 says that: “...the owner of a particular copy or phonorecord lawfully made under this title, or any person authorized by such owner, is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy or phonorecord.” As we'll see later, a phonorecord is the material object that holds a sound recording, like a CD or MP3 player.

But we don't live in the good old days. In many ways, we live in the better new days. We can buy music, books, and DVDs over the internet, delivered directly to a playback device, and often to multiple playback devices in the same household. While new format and delivery options are great, they create problems for content developers, because new media formats are easily copied. In the bad sort-of-old days, providers used digital rights management (or DRM) to control how content was distributed. DRM was so poorly implemented that it is now a dirty word, so much so that it was largely abandoned by Apple; it is, however, still used by other services, like Amazon Kindle eBooks. Providers also use contracts to limit distribution - much to Bruce Willis's chagrin. Indeed, Section 109(d) is clear that a contract can opt-out of the disposal right: “[Disposal rights] do not, unless authorized by the copyright owner, extend to any person who has acquired possession of the copy or phonorecord from the copyright owner, by rental, lease, loan, or otherwise, without acquiring ownership of it.”

But DRM is easily avoided if you simply transfer the entire device to the another party. And contracts are not necessarily as broad as people think. For example, I have scoured the iTunes terms of service and I cannot find any limitation on the transfer of a purchased song. There are limitations on apps that make software a license and limit transfers, but the music and video downloads are described as purchases unless they are "rentals," and all of the “use” limitations are actually improvements in that they allow for multiple copies rather than just one. Indeed, the contract makes clear that if Apple kills off cloud storage, you are stuck with your one copy, so you had better not lose it. If someone can point me to a contract term where Apple says you have not “purchased” the music and cannot sell it, I would like to see that.

Enter ReDigi and the lawsuit against it. ReDigi attempted to set up a secondary market for digital works. The plaintiff was Capitol Records, so there was no contract privity, so this is a pure “purchase and disposal” case. A description from the case explains how it worked (in edited form here):

To sell music on ReDigi's website, a user must first download ReDigi's “Media Manager” to his computer. Once installed, Media Manager analyzes the user's computer to build a list of digital music files eligible for sale. A file is eligible only if it was purchased on iTunes or from another ReDigi user; music downloaded from a CD or other file-sharing website is ineligible for sale. After this validation process, Media Manager continually runs on the user's computer and attached devices to ensure that the user has not retained music that has been sold or uploaded for sale. However, Media Manager cannot detect copies stored in other locations. If a copy is detected, Media Manager prompts the user to delete the file. The file is not deleted automatically or involuntarily, though ReDigi's policy is to suspend the accounts of users who refuse to comply.

After the list is built, a user may upload any of his eligible files to ReDigi's “Cloud Locker,” an ethereal moniker for what is, in fact, merely a remote server in Arizona. ReDigi's upload process is a source of contention between the parties. ReDigi asserts that the process involves “migrating” a user's file, packet by packet — “analogous to a train” — from the user's computer to the Cloud Locker so that data does not exist in two places at any one time. Capitol asserts that, semantics aside, ReDigi's upload process “necessarily involves copying” a file from the user's computer to the Cloud Locker. Regardless, at the end of the process, the digital music file is located in the Cloud Locker and not on the user's computer. Moreover, Media Manager deletes any additional copies of the file on the user's computer and connected devices.

Once uploaded, a digital music file undergoes a second analysis to verify eligibility. If ReDigi determines that the file has not been tampered with or offered for sale by another user, the file is stored in the Cloud Locker, and the user is given the option of simply storing and streaming the file for personal use or offering it for sale in ReDigi's marketplace. If a user chooses to sell his digital music file, his access to the file is terminated and transferred to the new owner at the time of purchase. Thereafter, the new owner can store the file in the Cloud Locker, stream it, sell it, or download it to her computer and other devices. No money changes hands in these transactions. Instead, users buy music with credits they either purchased from ReDigi or acquired from other sales. ReDigi credits, once acquired, cannot be exchanged for money. Instead, they can only be used to purchase additional music.

ReDigi claimed that it was protected by 17 USC 109. After all, according to the description, it was transferring the work (the song) from the owner to ReDigi, and then to the new owner. Not so, said the court. As the court notes, Section 109 protects only the disposition of particular copies (phonorecords, really) of the work. And uploading a file and deleting the original is not transferring a phonorecord, because the statute defines a “phonorecord” as the physical medium in which the work exists. Transfer from one phonorecord to another is not the same as transfering a particular phonorecord. So, ReDigi could be a secondary market for iPods filled with songs, but not the songs disembodied from the storage media.

As much as I want the court to be wrong, I think it is right here, at least on the narrow, literal statutory interpretation. The words say what they say. Even the court notes that this is an uncomfortable ruling: “[W]hile technological change may have rendered Section 109(a) unsatisfactory to many contemporary observers and consumers, it has not rendered it ambiguous.”

Once the court finds that transferring the song to ReDigi is an infringing reproduction, it's all downhill, and not in a good way. The court notably finds that there is no fair use. I think it is here that the court gets it wrong. Unlike the analysis of Section 109, the fair use analysis is short, unsophisticated, and devoid of any real factual analysis. I think this is ReDigi's best bet on appeal.

Even despite my misgivings, ReDigi's position is not a slam dunk. After all, how can it truly know that a backup copy has not been made? Or that the file has not been copied to other devices? Or that the file won't simply be downloaded from cloud storage or even iTunes after it has been uploaded to ReDigi. 

If ReDigi, which seemed to try to do a good job ensuring no residual copies, cannot form a secondary market, then what hope do we have? We certainly aren't going to get there with the statute we have, unless courts are much more willing to read a fair use into transfers. The real problem is that the statute works fine when the digital work (software, music, whatever) is stored in a single use digital product. When we start separating the “work” from the container, so that containers can hold many different works and one work might be shared on several containers all used by the same owner, all of the historical rules break down.

So, what do we do if we can't get the statute amended? I suspect people will hate my answer: a return to the dreaded DRM. A kinder, gentler, DRM. I think that DRM that allows content providers to recall content at will (or upon business closure) must go -- whether legislatively or regulatorily. It is possible, of course, for sophisticated parties to negtotiate for such use restrictions (for example, access to databases), and to set pricing for differing levels of use based on those negotiations. That's what iTunes does with its "rentals."

But companies should not be allowed to offer content "for sale" if delivery and use is tied to a contract or DRM that renders that content licensed and not in control of buyers. This is simply false advertising that takes advantage of settled expectations of users, and well within the powers of the FTC, I believe.

But DRM can and should be used to limit copying and transferrability. If transferability is allowed, then the DRM can ensure that the old user does not maintain copies. Indeed, if content outlets embraced this model, they might even create their own secondary markets to increase competition in the secondary market. In short, the solution to the problem, I believe, is going to be a technical one, and that might be a good thing for users who can no credibly show that they won't copy.

And DRM is what we are seeing right now. Apparently, ReDigi has reimplemented its service so that iTunes purchases are directly copied to a central location where they stay forever. From there, copies are downloaded to particular user devices pursuant to the iTunes agreement. This way, ReDigi acts as the digital rights manager. When a user sells a song, it ReDigi cuts off access to the song for the selling user, and allows the buying user access without making a new copy of the song on its server. I presume that its media manager also attempts to delete all copies from the sellers devices.

Of course, this might mean that content, or at least transferring it, is a little more expensive than before. But let's not kid ourselves - the good old days weren't that good. You had to buy the whole CD, or maybe a single if one was available, but you could not pick and choose any song on any album. Books are heavy and bulky; you couldn't carry thousands of them around. And DVDs require a DVD player, which has several limitations compared to video files.

DRM may just be the price we pay for convenience and choice. We don't have to pay that price. Indeed, I buy most of my music on CD. And I get to put the songs where I want, and I suppose sell the CD if I want, though I never do. As singles start costing $1.50, it may make sense to buy the whole CD. Alas, these pricing issues are incredibly complex, which may take another post in the future.

Posted by Michael Risch on April 16, 2013 at 07:00 AM in Information and Technology, Intellectual Property, Web/Tech | Permalink | Comments (5) | TrackBack

Tuesday, April 09, 2013

Academics Go To Jail – CFAA Edition

Though the Aaron Swartz tragedy has brought some much needed attention to the CFAA, I want to focus on a more recent CFAA event—one that has received much less attention but might actually touch many more people than the case against Swartz.

Andrew “Weev” Auernheimer (whom I will call AA for short) was recently convicted under the CFAA and sentenced to 41 months and $73K restitution. Orin Kerr is representing him before the Third Circuit. I am seriously considering filing an amicus brief on behalf of all academics. In short, this case scares me in a much more personal way than prior discussed in my prior CFAA posts. More after the jump.

Here’s the basic story, as described by Orin Kerr:

When iPads were first released, iPad owners could sign up for Internet access using AT&T. When they signed up, they gave AT&T their e-mail addresses. AT&T decided to configure their webservers to “pre load” those e-mail addresses when it recognized the registered iPads that visited its website. When an iPad owner would visit the AT&T website, the browser would automatically visit a specific URL associated with its own ID number; when that URL was visited, the webserver would open a pop-up window that was preloaded with the e-mail address associated with that iPad. The basic idea was to make it easier for users to log in to AT&T’s website: The user’s e-mail address would automatically appear in the pop-up window, so users only needed to enter in their passwords to access their account. But this practice effectively published the e-mail addresses on the web. You just needed to visit the right publicly-available URL to see a particular user’s e-mail address. Spitler [AA’s alleged co-conspirator] realized this, and he wrote a script to visit AT&T’s website with the different URLs and thereby collect lots of different e-mail addresses of iPad owners. And they ended up collecting a lot of e-mail addresses — around 114,000 different addresses — that they then disclosed to a reporter. Importantly, however, only e-mail addresses were obtained. No names or passwords were obtained, and no accounts were actually accessed.

Let me paraphrase this: AA went to a publicly accessible website, using publicly accessible URLs, and saved the results that AT&T sent back in response to that URL. In other words, AA did what you do every time you load up a web page. The only difference is that AA did it for multiple URLs, using sequential guesses at what those URLs would be.  There was no robot.txt file that I’m aware of (this file tells search engines which URLs should not be searched by spiders). There was no user notice or agreement that barred use of the web page in this manner. Note that I’m not saying such things should make the conduct illegal, but only that such things didn’t even exist here. It was just two people loading data from a website. Note that a commenter on my prior post asked this exact same question--whether "link guessing" was illegal--and I was noncommital. I guess now we have our answer.

The government’s indictment makes the activity sound far more nefarious, of course. It claims that AA “impersonated” an iPad. This allegation is a bit odd: the script impersonated an iPad in the same way that you might impersonate a cell phone by loading http://m.facebook.com to load the mobile version of Facebook. Go ahead, try it and you’ll see – Facebook will think you are a cell phone. Should you go to jail?

So, readers might say, what’s the problem here? AA should not have done what he did – he should have known that AT&T did not want him downloading those emails. Yeah, he probably did know that. But consider this: AA did not share the information with the world, as he could have. I am reasonably certain that if his intent was to harm users, we would never know that he did this – he would have obtained the addresses over an encrypted VPN and absconded. Instead, AA shared this flaw with the world. AT&T set up this ridiculously insecure system that allowed random web users to tie Apple IDs to email addresses through ignorance at best or hubris at worst. I don’t know if AA attempted to inform AT&T of the issue, but consider how far you got last time you contacted tech support with a problem on an ISP website. AA got AT&T’s attention, and the problem got fixed with no (known) divulgence of the records.

Before I get to academia, let me add one more point. To the extent that AA should have known AT&T didn’t desire this particular access, the issue is one of degree not of kind. And that is the real problem with the statute. There is nothing in the statute, absolutely nothing, that would help AA know whether he violated the law by testing this URL with one, five, ten, or ten thousand IDs.  Here’s one to try: click here for a link to a concert web page deep link using a URL with a numerical code. Surely Ticketmaster can’t object to such deep linking, right? Well, it did, and sued Tickets.com over such behavior. It claimed, among other things, that each and every URL was copyrighted and thus infringed if linked to by another. It lost that argument, but today it could just say that such access was unwanted.  For example, maybe Tickemaster doesn’t like me pointing out its ridiculous argument in the tickets.com case, making my link unauthorized. Or maybe I should have known because the Ticketmaster terms of service says that an express condition of my authorization to view the site is that I will not "Link to any portion of the Site other than the URL assigned to the home page of our site." That's right, TicketMaster still thinks deep linking is unauthorized, and I suppose that means I risk criminal prosecution for linking it. Imagine if I actually saved some of the data!

This is where academics come in. Many, many academics scrape. (Don’t stop reading here – I’ll get to non-scrapers below.) First, scraping is a key way to get data from online databases that are not easily downloadable. This includes, for example, scraping of the US Patent & Trademark Office site; although data is now available for mass download, that data is cumbersome, and scraper use is still common. That the PTO is public data does not help matters. In fact, it might make it worse, since “unauthorized” access to government servers might receive enhanced penalties!

Academics (and non-academics) in other disciplines scrape websites for research as well. How are these academics to know that such scraping is disallowed? What if there is no agreement barring them from doing so? What if there is a web-wrap notice as broad as Ticketmaster's, purporting to bar such activities but with no consent by the user? The CFAA could send any academic to jail for ignoring such warnings—or worse—not seeing them in the first place. Such a prosecution would be preposterous, skeptics might say. I hope the skeptics are right, but I'm not hopeful. Though I can't find the original source, I recall Orin Kerr recounting how his prosecutor colleagues said the same thing 10 years ago when he argued the CFAA might apply to those who breach contracts, and now such prosecutions are commonplace.

Finally, non-scrapers are surely safe, right? Maybe it depends on if they use Zotero. Thousands of people use it. How does Zotero get information about publications  when the web site does not provide standardized citation data? You guessed it: a scraper. Indeed, a primary reason I don’t use Zotero is that the Lexis and Westlaw scrapers don’t work. But the PubMed importer scrapes. What if PubMed decide that it considered scraping of information unauthorized? Surely people should know this, right? If it wanted people to have this data, they would provide it in Zotero readable format. The fact that the information on those pages is publicly available is irrelevant; the statute makes no distinction. And if one does a lot of research, for example, checking 20 documents, downloading each, and scraping each page, the difference from AA is in degree only, not in kind.

The irony of this case is that the core conviction is only tangentially a problem with the statute (there are some ancillary issues that are a problem with the statute). “Unauthorized access” and even “exceeds authorized access” should never have been interpreted to apply to publicly accessible data on publicly accessible web sites. Since they have, then I am convinced that the statute is impermissibly broad, and must be struck down. At the very least it must be rewritten. 

Posted by Michael Risch on April 9, 2013 at 10:21 PM in Information and Technology, Web/Tech | Permalink | Comments (15) | TrackBack

Tuesday, March 05, 2013

The iPhone, not the eye, is the window into the soul

 

It is great to be back at Prawfsblawg this year.  Thanks to Dan and the gang for having me back.  For my first post this month, I wanted to point everyone to the most important privacy research of 2012.  The same paper qualifies as the most ignored privacy research of 2012, at least within legal circles.  It is a short paper that everyone should read.

The paper in question,Mining Large Scale Smart-Phone Data for Personality Studies, is by Gokul Chittaranjan, Jan Blom, and Daniel Gatica-Perez. Chittaranjan and co-authors brilliantly show that it is straightforward to mine data from smart-phones in an automated way so as to identify particular "Five Factor" personality types in a large population of users.  They did so by administering personality tests to 117 smartphone users, and then following the smartphone activities of those users for seventeen months, identifying the patterns that emerged.  The result was that each of the "Big Five" personality dimensions was associated with particular patterns of phone usage.  For example, extraverts communicated with more people and spent more time on the phone, highly conscientious people sent more email messages from their smartphones, and users of non-standard ring-tones tended to be those who psychologists would categorize as open to new experiences.  

There is a voluminous psychology literature linking scores on particular Big Five factors to observed behavior in the real world, like voting, excelling in workplaces, and charitable giving.  Some of the literature is discussed in much more detail here.  But the Chittaranjan et al. study provides a powerful indication of precisely why data-mining can be so powerful.  Data mining concerning individuals' use of machines is picking up personality traits, and personality predicts future behavior.  

The regularities observed via the analysis of Big Data demonstrate that you can aggregate something seemingly banal like smartphone data to administer surreptitious personality tests to very large numbers of people.  Indeed, it is plausible that studying observed behavior from smartphones is a more reliable way of identifying particular personality traits than existing personality tests themselves.  After all, it is basically costless for an individual to give false answers to a personality questionnaire. It is costly for an extravert to stop calling friends.  

Privacy law has focused its attention on protecting the contents of communications or the identities of the people with whom an individual is communicating.  The new research suggests that -- to the extent that individuals have a privacy interest in the nature of their personalities -- an enormous gap exists in the present privacy framework, and cell phone providers and manufacturers are sitting on (or perhaps already using) an information gold mine.  

It's very unlikely that the phenomenon that Chittaranjan et al. identify is limited to phones.  I expect that similar patterns could be identified from analyzing peoples' use of their computers, their automobiles, and their television sets.  The Chittaranjan et al. study is a fascinating, tantalizing, and perhaps horrifying early peek at life in a Big Data world.

Posted by Lior Strahilevitz on March 5, 2013 at 09:03 AM in Article Spotlight, Information and Technology, Web/Tech | Permalink | Comments (0) | TrackBack

Thursday, November 15, 2012

Software Patents and the Smartphone

I will be speaking at Santa Clara Law School's outstanding conference about Solutions to the Software Problem tomorrow.  It promises to be a great event, with academics, public interest advocates, and government officials all weighing in. 

As a lead-in to the conference, I want to discuss an oft repeated statistic: that there are 250,000 patents that might be infringed by any given smartphone. I'm going to assume that number is accurate, and I have no reason to doubt its veracity. This number, many argue, is a key reason why we must have wholesale reform - no piecemeal action will solve the problem.

Here are my thoughts on the subject:

1. Not all of these patents are in force. Surely, many of them expired due to lack of maintenance fee payments.

2. Not all of the remaining patents are asserted. After all, we don't see every smartphone manufacturer being sued 250,000 times.

3. Many of these patents are related to each other or are otherwise aggregated together. Thus, there are opportunities for global settlements.

4. Even if you think that 250,000 is huge number of patents (and it is, really - there's not disputing that), it is unclear to me why anyone is surprised by the number when you consider what's in a smartphone. More specifically:

  • A general purpose computer and all that comes with it (CPU, RAM, I/O interface, operating system, etc.).
  • Active matrix display
  • Touch screen display
  • Cellular voice technology
  • 1x data networking
  • 3G data networking
  • 4G data networking
  • Wi-Fi data networking
  • Bluetooth data networking
  • GPS technology (and associated navigation)
  • Accelerometer technology
  • Digital camera (including lens and image processing)
  • Audio recording and playback
  • Battery technology
  • Force feedback technology (phone vibration and haptic feedback)
  • Design patents

The areas above are by and large "traditional" patent areas - they aren't software for the most part. And there are thousands of patents in each category, before we even get to the potential applications of the smartphone that might be patented (and these are of greater debate, of course).

So, yes, there are many, many patents associated with the smartphone, but what else would you expect when you cram all of these features into a single device? Perhaps smartphones are the focus of the software patent problem because, well, they do everything, and so they might infringe everything. I'm not convinced that this should drive a wholesale reform of the system. Maybe it just means that smartphones are underpriced given what they include. Not that I'm complaining.

Posted by Michael Risch on November 15, 2012 at 10:39 AM in Intellectual Property, Web/Tech | Permalink | Comments (7) | TrackBack

Thursday, November 08, 2012

Cease and Desist

For nearly 10 years, scholars, commentators, and disappointed downloaders have criticized the now-abandoned campaign of the Recording Industry Association of America (RIAA) to threaten litigation against, and in some cases, sue downloaders of unauthorized music. The criticisms follow two main themes. First, demand letters, which mention of statutory damages up to and including $150,000 per infringed work (if the infringement is willful), often lead to settlements of $2,000 - $3,000. A back of the envelope cost-benefit analysis would suggest this is a reasonable response from the receipient if $150,000 is a credible threat, but for those who conclude that information is free and someone must challenge these cases, the result is frustrating.

Second, it has been argued that the statutory damage itself is unconstitutional, at least as applied to downloaders, because it is completely divorced from any actual harm suffered by the record labels. The constitutional critique has been advanced by scholars like Pam Samuelson and Tara Wheatland, accepted by a district court judge in the Tenenbaum case, dodged on appeal by the First Circuit, but rejected outright by the Eighth Circuit. My intuition is that the Supreme Court would hold that Congress has the authority to craft statutory damages sufficiently high to deter infringement, and that there's sufficient evidence that Congress thought its last increase in statutory damages would accomplish that goal. 

We could debate that, but I have something much more controversial in mind. I hope to convince you that the typical $3,000 settlement is the right result, at least in file-sharing cases.

The Copy Culture survey indicates that the majority of respondents who support a penalty support fines for unauthorized downloading of a song or movie. Of those who support fines, 32% support a fine of $10 or less, 43% support fines of up to $100, 14% support fines of up to $1,000, 5% support higher fines, 3% think fines should be context sensitive, and 3% are unsure. The average max fine for the top three groups is $209. Let's cut it in half, to $100, because roughly half of survey respondents were opposed to any penalty.

How big is the typical library of "illegally" downloaded files? 10 songs? 100 songs? 1,000? The Copy Culture study reports the following from survey respondents who own digital files, by age group:

18-29: 406 files downloaded for free

30-49: 130 files downloaded for free

50-64: 60 files downloaded for free

65+: 51 files downloaded for free

In the two cases that the RIAA actually took to trial, the labels argued that the defendants had each downloaded over 1,000 songs, but sued over 30 downloads in one case, and 24 downloads in the other. As I see it, if you're downloading enough to catch a cease and desist letter, chances are good that you've got at least 30 "hot" files on your hard drive.

You can see where I'm going here. If the average target of a cease and desist letter has 30 unauthorized files, and public consensus centers around $100 per unauthorized file, then a settlement offer of $3,000 is just about right.

Four caveats. First, maybe the Copy Culture survey is not representative of public opinion and that number should be far lower than $100. Second, misfires happen with cease and desist letters: sometimes, individuals are mistargeted. One off-the-cuff response is to have the RIAA pay $3,000 to every non-computer user and the estate of every dead grandman who gets one of these letters.

Third, this doesn't take fair use into account, and thus might not be a fair proxy for many other cases. For example, the Righthaven litigation seems entirely different to me - reproducing a news story online seems different than illegally downloading a song instead of paying $1, in part because the news story is closer to copyright's idea line, where more of the content is likely unprotectable, and because the redistribution of news is more likely to be fair use.

Fourth, it doesn't really deal with the potentially unconstitutional / arguably stupid possibility that some college student could be ordered to pay $150,000 per download, if a jury determines he downloaded willfully. I'd actually be happy with a rule that tells the record labels they can only threaten a maximum damage award equal to the average from the four jury determinations in the Tenenbaum and Thomas-Rasset cases. That's still $43,562.50 per song. Round it down to the non-willful statutory cap, $30,000, and I still think that a $3,000 settlement is just about perfect.

Now tell me why I'm crazy. 

Posted by Jake Linford on November 8, 2012 at 09:30 AM in Information and Technology, Intellectual Property, Music, Web/Tech | Permalink | Comments (1) | TrackBack

Thursday, October 25, 2012

Copyright's Serenity Prayer

I recently discovered an article by Carissa Hessick, where she argues that the relative ease of tracking child pornography online may lead legislators and law enforcement to err in two ways. First, law enforcement may pursue the more easily detected possession of child pornography at the expense of pursuing actual abuse, which often happens in secret and is diffcult to detect. Second, legislators may be swayed to think that catching child porn possessors is as good as catching abusers, because the former either have abused, or will abuse in the future. Thus, sentences for possession often mirror sentences for abuse, and we see a potential perversion of the structure of enforcement that gives a false sense of security about how much we are doing to combat the problem.

With the caveat that I know preventing child abuse is muchmuch more important that preventing copyright infringement, I think the ease of detecting unauthorized Internet music traffic may also have troubling perverse effects.

When I was a young man, copying my uncle's LP collection so I could take home a library of David Bowie casette tapes, there was no way Bowie or his record label would ever know. The same is true today, even though they now make turntables that will plug right into my computer and give me digital files that any self-respecting hipster would still disdain, but at least require me to flip a vinyl disc as my cost of copying.

On the other hand, it's much easier to trace free-riding that occurs online. That was part of what lead to the record industry's highly unpopular campaign against individual infringers. Once you can locate the individual infringer, you can pursue infringment that used to be "under the radar." The centralized, searchable nature of the Internet also made plausible Righthaven's disastrous campaign against websites copying news stories, and the attempt by attorney Blake Field to catch Google infringing his copyright in posted material by crawling his website with automated data gathering programs.

What if copyright owners are chasing the wrong harm? For example, one leaked RIAA study suggests that while a noticeable chunk of copyright infringement occurs via p2p sharing, it's not the largest chunk. While the RIAA noted that in 2011, 6% of unauthorized sharing (4% of total consumption) happens in locker services like Megauploads, and 23% (15%) happens via p2p, 42% (27%) of unauthorized acquisition is done by burning and ripping CDs from others, and another 29% (19%) happens through face-to-face hard drive trading. Offline file sharing is apparently more prevalent than the online variety, but it is much more difficult to chase. So it may be that copyright holders chase the infringement they can find, rather than the infringement that most severely affects the bottom line.

In a way, leaning on the infringement they can detect is reminiscent of the oft-repeated "Serenity Prayer," modified here for your contemplation:

God, grant me the serenity to accept the infringement I cannot find,
The courage to crush the infringement I can,
And the wisdom to know the difference.

All this brings me back to the friends and family question. The study on Copy Culture in the U.S. reports that roughly 80% of the adults owning music files think it's okay to share with family, and 60% think it's okay to share with friends. In addition, the Copyright Act specifically insulates friends and family sharing in the context of performing or displaying copyrighted works to family and close friends in a private home (17 USC s. 101, "publicly"). Thus, there is some danger in going after that friends and family sharing. If the family and friends line is the right line, can we at least feel more comfortable that someone to whom I'm willing to grant physical access to my CD library is a "real" friend than my collection of Facebook friends and acquaintances, some of whom will never get their hands on my vinyl phonograph of Blues and Roots?

 

Posted by Jake Linford on October 25, 2012 at 10:30 AM in Information and Technology, Intellectual Property, Music, Web/Tech | Permalink | Comments (4) | TrackBack

Tuesday, October 23, 2012

The New Normal

Two news items from across the pond highlight the adaptability of musicians, but also a highlight a shift from music as a good to music as an experience, necessitated by the ubiquity of file sharing.

+, the debut album by British singer and producer Ed Sheeran, has apparently been downloaded illegally more than any album in the U.K this year. Sheeran is sanguine about the whole thing, gushing on Twitter about purchasers and free-riders alike, because he concludes that both types of fans are buying tickets, and as Sheeran puts it, "I'm still selling albums, but I'm selling tickets at the same time. My gig tickets are like £18, and my albums £8, so ... it's all relative."

Venerable British pop stars Squeeze are also moving to a more DIY, performance-based financial model this year. Fans who attend concerts can choose to purchase a download of the show at a "pop-up" shop after each performance, and meet the band as well. To date, this is the only way for fans to get their hands on Squeeze's first new songs in 14 years...at least until they are posted online. Squeeze founder Glenn Tillbrook is also excited about this brave new world. Tillbrook states, "I love the opportunities and surprises thrown up by the digital age and the fading away of the major labels. Being able to innovate and take control of our own destiny is something I could only have dreamt of back then." And for bands like Squeeze, the old label-centric business model may well have passed them by. As Tillbrook notes, “With the traditional record label no longer relevant for us, our relationship with the merchandisers is increasingly important in order to help us deliver quality products for our fans.” 

As I postulated a few months ago, with regard to comic books offered online, I can't help but wonder whether the end result will be less professionally crafted music because the system will support fewer professional craftspeople, or whether we'll just get more artists who are more comfortable with a DIY esthetic, and fewer that rely on big machinery or well-placed intermediaries to make things happen.

It may be that the most important thing a new artist can do is leverage networks and relationships. Here's an example: I'm a huge Josh Ritter fan. Chris Thile's band, Punch Brothers, recently covered a Ritter song, and offered a free download of it for fans that purchased the new Punch Brothers EP. How did I find out? I follow Ritter on Twitter, and he let me know. I wouldn't have otherwise purchased the Punch Brothers EP, but was excited about this opportunity. Once upon a time, you could rely on certain labels for a certain aesthetic in its recorded offerings. Relationships between artists might in the future do some of that same work.

Posted by Jake Linford on October 23, 2012 at 09:20 AM in Intellectual Property, Music, Web/Tech | Permalink | Comments (0) | TrackBack

Wednesday, August 29, 2012

A Reminder to Hiring Committees: Don't Google The Candidates?

Here's some advice to hiring committee members travelling to the AALS conference: While it may be natural to search the internet for additional information about candidates for faculty positions, how you use the information you find may subject your university to legal liability. Here are two cautionary tales involving university hiring to keep in mind.

Cautionary tale number one illustrates that the refusal to hire an employee based on information gleaned from social media can sometimes give rise to a discrimination claim under Title VII.  Two years ago, the University of Kentucky faced a Title VII lawsuit brought by a rejected job applicant who claimed that the University refused to hire him based on information about his religious views found by the hiring committee during an Internet search. Gaskell v. University of Ky., 2010 U.S. Dist. LEXIS 124572 (E.D. Ky. Nov. 23, 2010). Evidence in the case indicated that the chair of the department conducting the search asked the candidate about his religious beliefs, which the chairman had "personally" researched on the internet. In addition, an email from a staff member to hiring committee members during the process noted: "Clearly this man is complex and likely fascinating to talk with, but potentially evangelical."  The case settled for $125,000 after a judge denied cross-motions for summary judgment. 

Cautionary tale number two illustates that discrimination against hiring candidates on the basis of their political beliefs can subject state universities to liability for constitutional torts. This tale involves the University of Iowa's College of Law and the hiring of a legal writing instructor. In Wagner v. Jones, Teresa Wagner alleged that the College of Law refused to hire her because of her conservative political beliefs, and she sued under 42 U.S.C. § 1983. The trial court granted summary judgment to the college, but a panel of Eighth Circuit Court of Appeals reversed.

The Eighth Circuit determined that Wagner had made a sufficient claim of political discrimination to get to a jury. The court applied the following test (drawn from the Supreme Court's decision in Mt. Healthy City Sch. Dist. Bd. of Ed. v. Doyle):

A plaintiff alleging First Amendment retaliation must first make a prima facie showing that (1) she engaged in conduct protected by the First Amendment; (2) she suffered an adverse employment action; and (3) the protected activity was a substantial or motivating factor in theemployer’s decision to take the adverse employment action. If a plaintiff makes this prima facie showing, then “a presumption of retaliation arises and the burden shifts to the defendant to advance a legitimate reason for the employment action.                                 

The court found Wagner had presented evidence from which a jury could conclude that her polticial beliefs were a substantial or motivating factor not to hire her.  Specifically, a deposition in the case indicated that the candidate's conservative views may have been discussed at a faculty meeting on her candidacy; there was also evidence that she was advised to hide the fact she'd been offered a job at Ave Maria during the interview process at the College of Law, and a contemporaneous email from an associate dean expressed concern that Wagner's politics could have played a part in the faculty's decision not to hire her. In addition, the court noted (several times!) that only one of the fifty faculty members of the College was a registered Republican at the time Wagner interviewed. There's more to the decision, of course, including full discussion of why the court rejected the argument that the Dean was entitled to qualified immunity. Regardless, the decision should be a reminder to hiring committee members at state schools not to use information found on the internet or anywhere else to discriminate against potential hires in violation of their First Amendment rights.

 

Posted by Lyrissa Lidsky on August 29, 2012 at 02:17 PM in Constitutional thoughts, Employment and Labor Law, First Amendment, Getting a Job on the Law Teaching Market, Life of Law Schools, Lyrissa Lidsky, Web/Tech | Permalink | Comments (10) | TrackBack

Thursday, August 16, 2012

Sanchez on Broadband Deregulation and NSA Wiretapping

Thanks to round-the-clock efforts over the last two weeks to get a piece out the door this submission season, I have leaped into the running for the least-blogging-Prawfsblawg-guest-blogger ever.  Fortunately, the piece is out the door to journals as of today (into, um, the teeth of an unraveling market.)

So, to blogging… My one-time housemate Julian Sanchez has an interesting post over at Cato’s blog speculating on the back history of the NSA surveillance program. He writes:

One of the great mysteries of recent national security surveillance policy is exactly why the controversial FISA Amendments Act of 2008 was necessary . . . .  [I]n early 2007 . . . then–House Minority Leader John Boehner (R-Ohio) publicly declared that a secret ruling by the (normally highly deferential) Foreign Intelligence Surveillance Court had found a problem with a National Security Agency surveillance program . . . . Most of us at the time assumed that the issue had to do with the greatly increased breadth of the surveillance NSA was trying to conduct—but flipping through the latest edition of David Kris and Douglas Wilson’s invaluable National Security Investigations and Prosecutions, I’ve just realized there’s another possibility that fits the public facts extremely well.

The possibility, he explains in a detailed post, is broadband deregulation.   Interesting stuff!

Posted by Mark Moller on August 16, 2012 at 02:48 AM in Criminal Law, Web/Tech | Permalink | Comments (0) | TrackBack

Wednesday, August 15, 2012

Free Speech Rights in Social Media for College Students: Tatro v. U. of Minn.

I've been working on putting together a comprehensive list of social media cases with a First Amendment angle, and I recently came across the fascinating case of Tatro v. University of Minnesota, 816 N.W.2d 509 (Mn. 2012), which the Minnesota Suprem Court decided at the end of June.  In case you missed reading this case in June, as I did, here's a summary.

The University of Minnesota sanctioned Tatro, a junior in its mortuary science program, by giving her a failing grade in her anatomy lab and forcing her to undergo a psychiatric evaluation because she posted “violent fantasy” (pretty tame stuff, really) and “satiric” comments about her human cadaver on Facebook.  Posting or "blogging" about her cadaver violated the University’s “Anatomy Bequest Program” policies, the Mortuary Science Student Code of Professional Conduct, and the rules of her anatomy course. She appealed the University’s imposition of sanctions on her speech through a writ of certiorari. The Minnesota court of appeals affirmed the constitutionality of the sanctions, and the Minnesota Supreme Court granted further review and also affirmed, basing its decision on the unique nature of the professional program in which the student was enrolled. 

The Minnesota Supreme Court treated the case as one of first impression, noting that the constitutional standard governing “a university’s imposition of disciplinary sanctions for a student’s Facebook posts that violate[ ] academic program rules” is “unsettled.” Although the court of appeals had resolved the case by applying  Tinker v. Des Moines Inc. Comm. Sch.the Minnesota Supreme Court held this standard  to be inappropriate because Tatro was disciplined not for the disruptiveness of her post but for its lack of “respect, discretion, and confidentiality in connection with work on human cadavers.” The Court instead determined that the appropriate standard was whether the university had “impose[d] sanctions for Facebook posts that violate academic program rules that are narrowly tailored and directly related to established professional conduct standards.” (The Court did not cite any particular Supreme Court precedent as the basis for this standard).  Applying this new standard, the Court concluded “that dignity and respect for the human cadaver constitutes an established professional conduct standard for mortuary science professionals.”  Having previously noted that the asserted purpose of the University’s rules was to “educate students” about their ethical duties in the funeral service profession and “maintain the viability of the Anatomy Bequest Program,” the Court found the academic program rules to be narrowly tailored even though they completely barred (!) blogging about cadaver dissection or the anatomy lab.  Tatro clearly violated these rules by giving her a “cadaver a name derived from a comedy film” and engaging in “widespread dissemination” of her comments, first through Facebook and later through the news media.  Consequently, punishing her for violating them did not abridge her First Amendment rights. 

This case raises some interesting issues, which I'd explore in more detail if I weren't staring down the barrel of multiple deadlines.  Some obvious questions raised are as follows: Is a standard proscribing "disrespect" unconstitutionally vague? How can a complete ban be narrowly tailored?  (Can't help thinking of Atul Gawande's writing in this context.)  Why doesn't ordering a psychiatric evaluation for "unprofessional" speech violate the First Amendment? (The Court didn't address whether the speech constituted a "true threat.")

As a media law professor, I noted with interest that my fellow media law professor Raleigh H. Levine, from William Mitchell College of Law, was an amicus in the case for the ACLU, along with Teresa Nelson.

Posted by Lyrissa Lidsky on August 15, 2012 at 09:23 PM in Blogging, Constitutional thoughts, First Amendment, Lyrissa Lidsky, Web/Tech, Weblogs | Permalink | Comments (4) | TrackBack

Friday, August 03, 2012

The Ethics of Practice in the Cloud

Some helpful tips here from the ABA Annual Meeting on this cutting-edge practice issue. I had looked forward to improved mobile access to my work documents in Apple's iCloud service, including my federal appeals, after I upgraded to the Mountain Lion OS. But according to this piece, I may need to consider another cloud service option. Maybe I shouldn't uninstall Dropbox just yet.  Time to research the cloud a little more closely!

Posted by Brooks Holland on August 3, 2012 at 11:06 AM in Web/Tech | Permalink | Comments (0) | TrackBack

Wednesday, July 18, 2012

Legal Education in the Digital Age

Legal Education in the Digital Age

With the latest news of U-Va. joining a consortium of schools  promoting online education, it seems only a matter of time before law schools will have to confront the possibility of much larger chunks of the educational experience moving into the virtual world.  Along with Law 2.0 by David I.C. Thomson, there is now Legal Education in the Digital Age, edited by Ed Rubin at Vanderbilt.  The book is primarily about the development of digital course materials for law school classes, with chapters by Ed Rubin, John Palfrey, Peggy Cooper Davis, and Larry Cunningham, among others.  The book comes out of a conference hosted by Ron Collins and David Skover at Seattle U.  My contribution follows up on my thoughts about the open source production of course materials, which I have previously written about here and here.  You can get the book from Cambridge UP here, or at Amazon in hardcover or on Kindle.

One question from the conference was: innovation is coming, but where will it come from?  Some possibilities:

  • Law professors
  • Law schools and universities
  • Legal publishers
  • Outside publishers
  • Tech companies such as Amazon or Apple
  • SSRN and BePress
  • Some combination(s) of these

I think we all agree that significant change is coming down the pike.  But what it ultimately will look like is still very much up in the air.  What role will law professors play?

Posted by Matt Bodie on July 18, 2012 at 05:24 PM in Books, Information and Technology, Life of Law Schools, Web/Tech | Permalink | Comments (8) | TrackBack

Tuesday, July 03, 2012

How Not to Criminalize Cyberbullying

My co-author Andrea Pinzon Garcia and I just posted our essay, How Not to Criminalize Cyberbullying, on ssrn.  In our essay, we provide a sustained constitutional critique of the growing body of laws criminalizing cyberbullying. These laws typically proceed by either modernizing existing harassment and stalking laws or crafting new criminal offenses. Both paths are beset with First Amendment perils, which our essay illustrates through 'case studies' of selected legislative efforts. Though sympathetic to the aims of these new laws, we contend that reflexive criminalization in response to tragic cyberbullying incidents has led law-makers to conflate cyberbullying as a social problem with cyberbullying as a criminal problem, leading to pernicious consequences. The legislative zeal to eradicate cyberbullying potentially produces disproportionate punishment of common childhood wrongdoing. Furthermore, statutes criminalizing cyberbullying are especially prone to overreaching in ways that offend the First Amendment, resulting in suppression of constitutionally protected speech, misdirection of prosecutorial resources, misallocation of taxpayer funds to pass and defend such laws, and the blocking of more effective legal reforms. Our essay attempts to give legislators the First Amendment guidance they need to distinguish the types
of cyberbullying that must be addressed by education, socialization, and stigmatization from those that can be remedied with censorship and criminalization.
To see the abstract or paper, please click here or here

 

 

Posted by Lyrissa Lidsky on July 3, 2012 at 03:44 PM in Article Spotlight, Constitutional thoughts, Criminal Law, Current Affairs, First Amendment, Information and Technology, Lyrissa Lidsky, Web/Tech | Permalink | Comments (0) | TrackBack

Saturday, June 09, 2012

Cyberbullying News: Parts of Missouri's Cyberharassment Law Unconstitutional

In 2006, Missouri teen Megan Meier committed suicide after being "cyberbullied" on MySpace by Lori Drew, a former friend's 49-year-old mom. Megan's suicide in response to Drew's cruel online hoax galvanized national attention around the problem of cyberbullying and prompted widespread calls for legal reforms. Missouri, naturally, was one of the first states to respond.  There, state legislators modernized and updated their existing cyberharassment and cyberstalking laws in an attempt to cover conduct such as that that led to Megan's suicide.  A week and a half ago, the Missouri Supreme Court dealt a setback to Missouri's efforts to combat cyberbullying by striking down a portion of the amended harassment law , and its decision may contain lessons for those pushing new legislation to criminalize bullying.    

Notably, Missouri v. Vaughn, the Missouri Supreme Court's decision striking down portions of the law under the First Amendment, did not involve cyberharassment.  Instead, it involved a defendant who repeatedly telephoned his ex-wife, leading prosecutors to charge him under  subdivision (5) of Mo. Rev. State 565.090.1 for ""knowingly mak[ing] repeated unwanted communication to another person," and under subdivision (6) for "[w]ithout good cause engag[ing] in an[ ] act with the purpose to frighten, intimidate, or cause emotional distress to another person, [which does in fact] cause such person to be frightened, intimidated, or emtionally distressed, and such person's response to the act is one of a person of average sensibility considering the age of such person."    

The court held that section 565.090.1(5) was constitutionally overbroad, despite the State's proffer of a narrowing construction that would have made the statute applicable only when the defendant's communications were repeated, unwanted, and targeted at a "particularized person," whatever that means. The court held that "[e]ven with the State's suggested constructions, subdivision (5) still criminalizes any person who knowingly communicates more than once with another individual who does not want to receive the communications."  The court gave examples illustrating subdivision (5)'s overbreadth, noting that it would apply to peaceful picketers or teachers calling on students once asked to stop. The court also found that the statute stretched well beyond what might be justified by the protection of residential privacy or "captive audience" members. The court therefore "severed" and struck subdivision (5) from the statute.

The court, by contrast, upheld subdividision (6) by reading it narrowly to address only fighting words and finding that prohibition of speech made "without good cause" was not vague. Section 565.090.1(6) makes it a crime to "[w]ithout good cause engage[ ] in any other act with the purpose to frighten, intimidate, or cause emotional distress to another person, cause such person to be frightened, intimidated, or emotionally distressed, and such person's response to the act is one of a person of average sensibilities considering the age of the person."  The court found that the legislature's exclusion of "the sorts of acts for which there could be good cause" meant that it only applied to expressive conduct that was intended to and actually did provoke "immediate substantial fright, intimidation, or emotional distress." (emphasis in original)  Though the reasoning is opaque [I'm being generous], the court seemed to believe that the "legislature's intent" underlying the good cause requirement transformed the statutory provision into one that only addressed "unprotected fighting words." Specifically, the court stated: "because the exercise of constitutionally protected acts clearly constitutes 'good cause,' the restriction of the statute to unprotected fighting words comports with the legislature's intent."

Separately, the court found that subdivision (6) was not vague. According to the court, there is a "common understanding" regarding what would "frighten, intimidate, or cause emotional distress" to a reasonable person. More dubiously, the court asserted that the "good cause" language of the statute would give a citizen adequate notice of what expression was unprotected by the statute as well as adequately constrain law enforcement discretion.  Relying on prior case law, the court stated: "'Good cause' in subdivision (6) means 'a cause that would motivate a reasonable person of like age under the circumstances under which the act occurred." Although earlier in the opinion, the court seemed to equate "good cause" with "protected by the First Amendment," here the court seemed to be using a standard legal definition of good cause, meaning done with justifiable motive. Regardless, court's determination that the "good cause" language is not vague is certainly contestable. 

Although the court upheld subdivision (6), the victory is probably a pyrrhic one for advocates of broad laws to address bullying behaviors.  The court apparently saved the constitutionality of subdivision (6) by adopting a ridiculously strained interpretation of it; under this interpretation, it only covers fighting words--those "which by their very utterance inflict injury or tend to incite an immediate breach of peace"--as defined by the Supreme Court in its 1942 decision in Chaplinsky v. New Hampshire.  It is worth noting that the Supreme Court has not upheld a conviction for the utterance of fighting words in the seventy years since it decided Chaplinsky. Moreover, as Rodney Smolla has noted, there is a "strong body of law expressly limiting the fighting words doctrine to face-to-face confrontations likely to provoke immediate violence."  In other words, the Missouri Supreme Court's interpretation of subdivision (6) makes it difficult to use as a tool for addressing cyberharassment, since it is unlikely to trigger immediate violence in the manner envisioned by Chaplinsky.

There are no doubt more conclusions to be drawn from Missouri v. Vaughn, and I hope to draw them in an article that my co-author Andrea Pinzon Garcia and I are rushing to complete. That article is currently called Coming to Terms with Cyberbullying as Crime, though the title is subject to change. Look for a link to it here or on SSRN before the end of the month.

 

Posted by Lyrissa Lidsky on June 9, 2012 at 04:29 PM in Constitutional thoughts, Criminal Law, First Amendment, Lyrissa Lidsky, Web/Tech | Permalink | Comments (1) | TrackBack

Thursday, June 07, 2012

The Virtual Honesty Box

As a fan of comic book art, I'm often thrilled to encounter areas where copyright or trademark law and comic books intersect. As is the case in other media, the current business models of comic book publishers and creators has been threatened by the ability of consumers to access their work online without paying for it. Many comic publishers are worried about easy migration of content from paying digital consumers to non-paying digital consumers. Of course, scans of comics have been making their way around the internet on, or sometimes before, a given comic's onsale date for some time now. As in other industries, publishers have dabbled with DRM, and publishers have enbraced different (and somewhat incompatible) methods for providing consumers with authorized content. Publishers' choices sometimes lead to problems with vendors and customers, as I discuss a bit below.

While services like Comixology offer a wide selection of content from most major comics publishers, they are missing chunks of both the DC Comics and Marvel Comics catalogues. DC entered a deal to distribute 100 of its graphic novels (think multi-issue collections of comic books) exclusively via Kindle. Marvel Comics subsequently struck a deal to offer "the largest selection of Marvel graphic novels on any device" to users of the Nook. 

Sometimes exclusive deals leave a bad taste in the mouths of other intermediaries. DCs graphic novels were pulled from Barnes & Noble shelves because the purveyor of the Nook was miffed. Independent publisher Top Shelf is an outlier, offering its books through every interface and intermediary it can. But to date, most publishers are trying to make digital work as a complement to, and not a replacement for, print.

Consumers are sometimes frustrated by a content-owner's choice to restrict access, so much so that they feel justified engaging in "piracy." (Here I define "piracy" as acquiring content through unauthorized channels, which will almost always mean without paying the content owner.) Some comics providers respond with completely open access. Mark Waid, for example, started Thrillbent Comics with the idea of embracing digital as digital, and in a manner similar to Cory Doctorow, embracing "piracy" as something that could drive consumers back to his authorized site, even if they didn't pay for the content originally.

I recently ran across another approach from comic creators Leah Moore and John Reppion. Like Mark Waid, Moore and Reppion have accepted, if not embraced, the fact that they cannot control the flow of their work through unauthorized channels, but they still assert a hope, if not a right, that they can make money from the sales of their work. To that end, they introduced a virtual "honesty box," named after the clever means of collecting cash from customers without monitoring the transaction. In essence, Moore and Reppion invite fans who may have consumed their work without paying for it to even up the karmic scales. This response strikes me as both clever and disheartening.

I'll admit my attraction to perhaps outmoded content-delivery systems -- I also have unduly fond memories of the 8-track cassette -- but I'm disheartened to hear that Moore and Reppion could have made roughly $5,500 more working minimum wage jobs last year. Perhaps this means that they should be doing something else, if they can't figure out a better way to monetize their creativity in this new environment. Eric Johnson, for one, has argued that we likely don't need legal or technological interventions for authors like Moore and Reppion in part because there are enough creative amateurs to fill the gap. The money in comics today may not be in comics at all, but in licensing movies derived from those comics. See, e.g., Avengers, the.

I hope Mark Waid is right, and that "piracy" is simply another form of marketing that will eventually pay greater dividends for authors than fighting piracy. And perhaps Moore and Reppion should embrace "piracy" and hope that the popularity of their work leads to a development deal from a major film studio. Personally, I might miss the days when comics were something other than a transparent attempt to land a movie deal.

As for the honesty box itself? Radiohead abandoned the idea with its most recent release, King of Limbs, after the name-your-price model adopted for the release of In Rainbows had arguably disappointing results: according to one report, 60% of consumers paid nothing for the album. I can't seen Moore and Reppion doing much better, but maybe if 40% of "pirates" kick in a little something into the virtual honesty box, that will be enough to keep Moore and Reppion from taking some minimum wage job where their talents may go to waste.

Posted by Jake Linford on June 7, 2012 at 09:00 AM in Books, Film, First Amendment, Information and Technology, Intellectual Property, Music, Property, Web/Tech | Permalink | Comments (3) | TrackBack

Thursday, May 31, 2012

A Coasean Look at Commercial Skipping...

Readers may have seen that DISH has sued the networks for declaratory relief (and was promptly cross-sued) over some new digital video recorder (DVR) functionality. The full set of issues is complex, so I want to focus on a single issue: commercials skipping. The new DVR automatically removes commercials when playing back some recorded programs. Another company tried this many years ago, but was brow-beaten into submission by content owners. Not so for DISH. In this post, I will try to take a look at the dispute from a fresh angle.

Many think that commercial skipping implicates derivative work rights (that is, transformation of a copyrighted work). I don't think so. The content is created separately from the commercials, and different commercials are broadcast in different parts of the country. The whole package is probably a compiliation of several works, but that compilation is unlikely to be registered with the copyright office as a single work. Also, copying the work of only one author in the compilation is just copying of the subset, not creating a derivative work of the whole.

So, if it is not a derivative work, what rights are at stake? I believe that it is the right to copy in the first place in a stored DVR file. This activity is so ubiquitous that we might not think of it as copying, but it is. The Copyright Act says that the content author has the right to decide whether you store a copy on your disk drive, absent some exception.

And there is an exception - namely fair use. In the famous Sony v. Universal Studios case, the Court held that "time shifting" is a fair use by viewers, and thus sellers of the VCR were not helping users infringe. Had the Court held otherwise, the VCR would have been enjoined as an agent of infringement, just like Grokster was.

I realize that this result is hard to imagine, but Sony was 5-4, and the initial vote had been in favor of finding infringement. Folks can debate whether Sony intended to include commercial skipping or not. At the time, remote controls were rare, so skipping a recorded commercial meant getting off the couch. It wasn't much of an issue. Even now, advertisers tolerate the fact that people usually fast forward through commercials, and viewers have always left the TV to go to the bathroom or kitchen (hopefully not at the same time!). 

But commercial skipping is potentially different, because there is zero chance that someone will stop to watch a catchy commercial or see the name of a movie in the black bar above the trailer as it zooms by. I don't intend to resolve that debate here. A primary reason I am skipping the debate is that fair use tends to be a circular enterprise. Whether a use is fair depends on whether it reduces the market possibilities for the owner. The problem is, the owner only has market possibilities if we say they do. For some things, we may not want them to have a market because we want to preserve free use. Thus, we allow copying via a DVR and VCR, even if content owners say they would like to charge for that right.

Knowing when we should allow the content owner to exploit the market and when we should allow users to take away a market in the name of fair use is the hard part. For this reason, I want to look at the issue through the lens of the Coase Theorem. Coase's idea, at its simplest, is that if parties can bargain (which I'll discuss below), then it does not matter with whom we vest the initial rights. The parties will eventually get to the outcome that makes each person best off given the options, and the only difference is who pays.

One example is smoking in the dorm room. Let's say that one person smokes and the other does not. Regardless of which roommate you give the right to, you will get the same amount of smoking in the room. The only difference will be who pays. If the smoker has the right to smoke, then the non-smoker will either pay the smoker to stop or will leave during smoking (or will negotiate a schedule). If you give the non-smoker the right to a smoke-free room, then the smoker will pay to smoke in the room, will smoke elswhere, or the parties will negotiate a schedule. Assuming non-strategic bargaining (hold-ups) and adequate resources, the same result will ensue because the parties will get to the level where the combination of their activities and their money make them the happiest. The key is to separate the analysis from normative views about smoking to determine who pays.

Now, let's apply this to the DVR context. If we give the right to skip commercials to the user, then several things might happen. Advertisers will advertise less or pay less for advertising slots. Indeed, I suspect that one reason why ads for the Super Bowl are so expensive, even in a down economy, is that not only are there a lot of viewers, but that those viewers are watching live and not able to skip commercials. In response, broadcasters will create less content, create cheaper content, or figure out other ways to make money (e.g. charging more for view on demand or DVDs). Refusing to broadcast unless users pay a fee is unlikely based on current laws. In short, if users want more and better content, they will have to go elsewhere to get it - paying for more channels on cable or satellite, paying for video on demand, etc. Or, they will just have less to watch.

If we give the right to stop commercial skipping to the broadcaster, then we would expect broadcasters will broadcast the mix they have in the past. Viewers will pay for the right to commercial skip. This can be done as it is now, through video on demand services like Netflix, but that's not the only model. Many broadcasters allow for downloading via the satellite or cable provider, which allows the content owner to disable fast forwarding. Fewer commercials, but you have to watch them. Or, in the future, users could pay a higher fee to the broadcaster for the right to skip commercials, and this fee would be passed on to content owners.

These two scenarios illustrate a key limit to the Coase Theorem. To get to the single efficient solution, transactions costs must be low. This means that the parties must be able to bargain cheaply, and there must be no costs or benefits that are being left out of the transaction (what we call externalities). Transactions costs are why we have to be careful about allocating pollution rights. The factory could pay a neighborhood for the right to pollute, but there are costs imposed on those not party to the transaction. Similarly, a neighborhood could pay a factory not to pollute, but difficulty coordinating many people is a transaction cost that keeps such deals from happening.

I think that transactions costs are high in one direction in the commercial skipping scenario, but not as much in the other. If the network has the right to stop skipping, there are low cost ways that content aggregators (satellite and cable) can facilitate user rights to commercial skip - through video on demand, surcharges, and whatnot. This apparatus is already largely in place, and there is at least some competition among content owners (some get DVDs out soon, some don't for example).

If, on the other hand, we vest the skipping right with users, then the ability for content owners to pay (essentially share their advertising revenues) with users is lower if they want to enter into such a transaction. Such a payment could be achieved, though, through reduced user fees for those who disable channel skipping. Even there, though, dividing among all content owners might be difficult.

Normatively, this feels a bit yucky. It seems wrong that consumers should pay more to content providers for the right to automate something they already have the right to do - skip commercials. However, we have to separate the normative from the transactional analysis - for this mind experiment, at least.

Commercials are a key part of how shows get made, and good shows really do go away if there aren't enough eyeballs on the commercials. Thus, we want there to be an efficient transaction that allows for metered advertising and content in a way that both users and networks get the benefit of whatever bargain they are willing to make.

There are a couple of other relevant factors that imply to me that the most efficient allocation of this right is with the network:

1. DISH only allows skipping after 1AM on the day the show is recorded. This no doubt militates in favor of fair use, because most people watch shows on the day they are recorded (or so I've read, I could be wrong). However, it also shows that the time at which the function kicks in can be moved, and thus negotiated and even differentiated among customers that pay different amounts. Some might want free viewing with no skipping, some might pay a large premium for immediate skipping. If we give the user the right to skip whenever, it is unlikely that broadcasters can pay users not to skip, and this means they are stuck in a world with maximum skipping - which kills negotiation to an efficient middle.

2. The skipping is only available for broadcast tv primetime recordings - not for recordings on "cable" channels, where providers must pay for content.  Thus, there appears to already be a payment structure in practice - DISH is allowing for skipping on some networks and not others, which implies that the structure for efficient payments are already in place. If, for example, DISH skipped commercials on TNT, then TNT would charge DISH more to carry content. The networks may not have that option due to "must carry" rules. I suspect this is precisely why DISH skips for broadcasters - because it can without paying.  In order to allow for bargaining however, given that networks can't charge more for DISH to carry content is to vest the right with networks and let the market take over.

These are my gut thoughts from an efficiency standpoint. Others may think of ways to allow for bargaining to happen by vesting rights with users. As a user, I would be happy to hear such ideas.

This is my last post for the month - time flies! Thanks to Prawfs again for having me, and I look forward to guest blogging in the future. As a reminder, I regularly blog at Madisonian.

Posted by Michael Risch on May 31, 2012 at 08:05 PM in Information and Technology, Intellectual Property, Legal Theory, Television, Web/Tech | Permalink | Comments (7) | TrackBack

Friday, May 11, 2012

App Enables Users to File Complaints of Airport Profiling

Following the terrorist attacks of September 11, 2001, Muslims and those perceived to be Muslim in the United States have been subjected to public and private acts of discrimination and hate violence.  Sikhs -- members of a distinct monotheistic religion founded in 15th century India -- have suffered the "disproportionate brunt" of this post-9/11 backlash.  There generally are two reasons for this.  The first concerns appearance: Sikh males wear turbans and beards, and this visual similiarity to Osama bin Laden and his associates made Sikhs an accessible and superficial target for post-9/11 emotion and scrutiny.  The second relates to ignorance: many Americans are unaware of Sikhism and of Sikh identity in particular. 

Accordingly, after 9/11, Sikhs in the United States have been murdered, stabbed, assaulted, and harassed; they also have faced discrimination in various contexts, including airports, the physical space where post-9/11 sensitivities are likely and understandably most acute.  The Sikh Coalition, an organization founded in the hours after 9/11 to advocate on behalf of Sikh-Americans, reported that 64% of Sikh-Americans felt that they had been singled-out for additional screening in airports and, at one major airport (San Francisco International), nearly 100% of turbaned Sikhs received additional screening. (A t-shirt, modeled here by Sikh actor Waris Ahluwalia and created by a Sikh-owned company, makes light of this phenomenon.)

In response to such "airport profiling," the Sikh Coalition announced the launch of a new app (Apple, Android), which "allows users to report instances of airport profiling [to the Transportation Security Administration (TSA)] in real time."  The Coalition states that the app, called "FlyRights," is the "first mobile app to combat racial profiling."  The TSA has indicated that grievances sent to the agency by way of the app will be treated as official complaints

News of the app's release has generated significant press coverage.  For example, the New York Times, ABC, Washington Post, and CNN picked up the app's announcement.  (Unfortunately, multiple outlets could not resist the predictable line, 'Profiled at the airport? There’s an app for that.')  Wade Henderson, president and CEO of The Leadership Conference on Civil and Human Rights and The Leadership Conference Education Fund, tweeted, "#FlyRights is a vanguard in civil and human rights."

It will be interesting to see whether this app will increase TSA accountability, quell profiling in the airport setting, and, more broadly, trigger other technological advances in the civil rights arena.

 

Posted by Dawinder "Dave" S. Sidhu on May 11, 2012 at 08:32 AM in Information and Technology, Religion, Travel, Web/Tech | Permalink | Comments (0) | TrackBack

Monday, May 07, 2012

Oracle v. Google - Round I jury verdict (or not)

The jury came back today with its verdict in round one of the epic trial between two giants: Oracle v. Google. This first phase was for copyright infringement. In many ways, this was a run of the mill case, but the stakes are something we haven't seen in a technology copyright trial in quite some time.

Here's the short story of what happened, as far as I can gather.

1. Google needed an application platform for its Android phones. This platform allows software developers to write programs (or "apps" in mobile device lingo) that will run on the phone.

2. Google decided that Sun's (now Oracle's) Java was the best way to go.

3. Google didn't want to pay Sun for a license to a "virtual machine" that would run on Android phones.

4. Google developed its own virtual machine that is compatible with the Java programming language. To do so, Google had to make "APIs" that were compatible with Java. These APIs are essentially modules that provide functionality on the phone based on a keywords (instructions) from a Java language computer program. For example, if I want to display "Hello World" on the phone screen, I need only call print("Hello World"). The API module has a bunch of hidden functionality that takes "Hello World" and sends it out to the display on the screen - manipulating memory, manipulating the display, etc.

5. The key dispute is just how much of the Java source code was copied, if any to create the Google version. 

The jury today held the following:

1. One small routine (9 lines) was copied directly - line for line. The court said no damages for this, but this finding will be relevant later

2. Google copied the "structure, sequence, and organization" of 37 Java API modules. I'll discuss what this means later.

3. There was no finding on whether the copying was fair use - the jury deadlocked.

4. Google did not copy any "documentation" including comments in the source code.

5. Google was not fooled into thinking it had a license from Sun.

To understand any of this, one must understand the levels of abstraction in computer code. Some options are as follows:

A. Line by line copying of the entire source code. 

B. Line by line paraphrasing of the source code (changing variable names, for example, but otherwise idential lines).

C. Copying of the structure, sequence and organization of the source code - deciding what functions to include or not, creative ways to implement them, creative ways to solve problems, creative ways to name and structure variables, etc.  (The creativity can't be based on functionality)

D. Copying of the functionality, but not the stucture, sequence and organization - you usually find this with reverse engineering or independent development

E. Copying of just the names of functions with similar functionality - the structure and sequence is the same, but only as far as the names go (like print, save, etc.). The Court ruled already that this is not protected.

F. Completely different functionality, including different structure, sequence, organization, names, and functionality.

Obviously F was out if Google wanted to maintain compatibility with the Java programming language (which is not copyrightable). 

So, Google set up what is often called a "cleanroom." The idea is not new - AMD famously set up a cleanroom to develop copyrighted aspects of its x86 compatible microprocessors back in the early 1990's. Like Google now (according to the jury), AMD famously failed to keep its cleanroom clean.

Here's how a cleanroom works. One group develops a specification of functionality for each of the API function names (which are, remember, not protected - people are allowed to make compatible programs using the same names, like print and save). Ideally, you do this through reverse engineering, but arguably it can be done by reading copyrighted specifications/manuals, and extracting the functionality. Quite frankly, you could probably use the original documentation as well, but it does not appear as "clean" when you do so.

Then, a second group takes the "pure functionality" description, and writes its own implementation. If it is done properly, you find no overlapping source code or comments, and no overlapping structure, sequence and organization. If there happens to be similar structure, sequence and organization, then the cleanroom still wins, because that similarity must have been dictated by functionality. After all, the whole point of the cleanroom is that the people writing the software could not copy because they did not have the original to copy from.

So, where did it all go wrong? There were a few smoking guns that the jury might have latched on to:

1. Google had some emails early on that said there was no way to duplicate the functionality, and thus Google should just take a license.

2. Some of the code (specifically, the 9 lines) were copied directly. While not big in itself, it makes one wonder how clean the team was.

3. The head of development noted in an email that it was a problem for the cleanroom people to have had Sun experience, but some apparently did.

4.  Oracle's expert testified (I believe) that some of the similarities were not based on functionality, or were so close as to have been copied. Google's expert, of course, said the opposite, and the jury made its choice. It probably didn't help Google that Oracle's expert came from hometown Stanford, while Google's came from far-away Duke.

So, the jury may have just discounted the Google cleanroom story, and believed Oracle's. And that's what it found. As someone who litigated many copyight cases between competing companies, this is not a shocking outcome. This issue will not doubt bring the copyright v. functionality issue to the forefront (as it did in Lotus v. Borland and Intel v. AMD), this stuff is bread and butter for most technology copyright lawyers. It's almost always factually determined. Only the scope of this case is different in my book - everything else looks like many cases I've litigated (and a couple that I've tried).

So, what happens now in the copyright phase?  (A trial on patent infringement started today.) Judge Alsup has two important decisions to make.

First, the court has to decide what to do with the fair use ruling. Many say that a mistrial is warranted since fair use is a question of fact and the jury deadlocked. I'm not so sure. The facts on fair use are not really disputed here - only the legal interpretation of them; my experience is that courts are more than willing to make a ruling one way or the other when copying is clear (as the jury now says it is). I don't know what the court will do, but my gut says no fair use here.  My experience is that failed cleanrooms fail fair use - it means that what was copied was more than pure functionality, and it is for commercial use with market substitution. The only real basis for fair use is that the material copied was pure functionality, and that's the next inquiry.

Second, the court must determine whether the structure, sequence, and organization of these APIs can be copyrightable, or whether they are pure functionality. I don't know the answer to that question. It will depend in large part on:

a. whether the structure, etc., copied was at a high level (e.g. structure of functions) or at a low level (e.g. line by line and function by function);

b. the volume of copied (something like 11,000 lines is at issue);

c. the credibility of the experts in testifying to how much of structure that is similar is functionally based.  On a related note, the folks over at groklaw think for the most part think this is not copyrightable. They have had tremendous coverage of this case.

I've been on both sides of this argument, and I've seen it go both ways, so I don't have any predictions. I do look forward to seeing the outcome, though. It has been a while since I've written about copyright law and computer software; this case makes me want to rejoin the fray.

Posted by Michael Risch on May 7, 2012 at 08:07 PM in Information and Technology, Intellectual Property, Web/Tech | Permalink | Comments (1) | TrackBack

Thursday, March 22, 2012

Wired, and Threatened

I have a short op-ed on how technology provides both power and peril for journalists over at JURIST. Here's the lede:
Journalists have never been more empowered, or more threatened. Information technology offers journalists potent tools to gather, report and disseminate information — from satellite phones to pocket video cameras to social networks. Technological advances have democratized reporting... Technology creates risks along with capabilities however... [and] The arms race of information technology is not one-sided.

Posted by Derek Bambauer on March 22, 2012 at 02:11 PM in Current Affairs, First Amendment, Information and Technology, International Law, Web/Tech | Permalink | Comments (0) | TrackBack

Wednesday, February 08, 2012

Criminalizing Cyberbullying and the Problem of CyberOverbreadth

In the past few years, reports have attributed at least fourteen teen suicides to cyberbullying. Phoebe Prince of Massachusetts, Jamey Rodemeyer of New York, Megan Meier of Missouri, and Seth Walsh of California are just some of the children who have taken their own lives after being harassed online and off.

These tragic stories are a testament to the serious psychological harm that sometimes results from cyberbullying, defined by the National Conference of State Legislatures as the "willful and repeated use of cell phones, computers, and other electronic communications devices to harass and threaten others." Even when victims survive cyberbullying, they can suffer psychological harms that last a lifetime. Moreover, an emerging consensus suggests that cyberbullying is reaching epidemic proportions, though reliable statistics on the phenomenon are hard to come by. Who, then, could contest that the social problem of cyberbullying merits a legal response?

In fact, a majority of states already have legislation addressing electronic harassment in some form, and fourteen have legislation that explicitly uses the term cyberbullying. (Source: here.) What's more, cyber-bullying legislation has been introduced in six more states: Georgia, Illinois, Kentucky, Maine, Nebraska, and New York. A key problem with much of this legislation, however, is that legislators have often conflated the legal definition of cyberbullying with the social definition. Though understandable, this tendency may ultimately produce legislation that is unconstitutional and therefore ineffective at remedying the real harms of cyberbullying.

Consider, for instance, a new law proposed just last month by New York State Senator Jeff Klein (D- Bronx) and Congressman Bill Scarborough. Like previous cyberbullying proposals, the New York bill was triggered by tragedy. The proposed legislation cites its justification as the death of 14-year-old Jamey Rodemeyer, who committed suicide after being bullied about his sexuality. Newspaper accounts also attribute the impetus for the legislation to the death of Amanda Cummings, a 15 year old New York teen who committed suicide by stepping in front of a bus after she was allegedly bullied at school and online. In light of these terrible tragedies, it is easy to see why New York legislators would want to take a symbolic stand against cyberbullying and join the ranks of states taking action against it.

The proposed legislation (S6132-2011) begins modestly enough by "modernizing" pre-existing New York law criminalizing stalking and harassment. Specifically, the new law amends various statutes to make clear that harassment and stalking can be committed by electronic as well as physical means. More ambitiously, the new law increases penalties for cyberbullying of "children under the age of 21," and broadly defines the activity that qualifies for criminalization under the act. The law links cyberbullying with stalking, stating that "a person is guilty of stalking in the third degree when he or she intentionally, and for no legitimate purpose, engages in a course of conduct directing electronic communication at a child [ ], and knows or reasonably should know that such conduct: (a) causes reasonable fear of material harm to the physical health, safety or property of such child; or (b) causes material harm to the physical health, emotional health, safety or property of such child." (emphasis mine) Even a single communication to multiple recipients about (and not necessarily to) a child can constitute a "course of conduct" under the statute.

Like the sponsors of this legislation, I deplore cyber-viciousness of all varieties, but I also condemn the tendency of legislators to offer well intentioned but sloppily drafted and constitutionally suspect proposals to solve pressing social problems. In this instance, the legislation opts for a broad definition of cyberbullying based on legislators' desires to appear responsive to the cyberbullying problem. The broad statutory definition (and perhaps resorting to criminalization rather than other remedies) creates positive publicity for legislators, but broad legal definitions that encompass speech and expressive activities are almost always constitutionally overbroad under the First Amendment.

Again, consider the New York proposal. The mens rea element of the offensive requires only that a defendant "reasonably should know" that "material harm to the . . . emotional health" of his target will result, and it is not even clear what constitutes "material harm." Seemingly, therefore, the proposed statute could be used to prosecute teen girls gossiping electronically from their bedrooms about another teen's attire or appearance. Likewise, the statute could arguably criminalize a Facebook posting by a 20-year-old college student casting aspersions on his ex-girlfriend. In both instances, the target of the speech almost certainly would be "materially" hurt and offended upon learning of it, and the speakers likely should reasonably know such harm would occur. Just as clearly, however, criminal punishment of "adolescent cruelty," which was a stated justification of the legislation, is an unconstitutional infringement on freedom of expression.

Certainly the drafters of the legislation may be correct in asserting that "[w]ith the use of cell phones and social networking sites, adolescent cruelty has been amplified and shifted from school yards and hallways to the Internet, where a nasty, profanity-laced comment, complete with an embarrassing photo, can be viewed by a potentially limited [sic] number of people, both known and unknown." They may also be correct to assert that prosecutors need new tools to deal with a "new breed of bully." Neither assertion, however, justifies ignoring the constraints of First Amendment law in drafting a legislative response. To do so potentially misdirects prosecutorial resources, misallocates taxpayer money that must be devoted to passsing and later defending an unconstitutional law, and block the path toward legal reforms that would address cyberbullying more effectively.

With regard to criminal law, a meaningful response to cyberbullying--one that furthers the objectives of deterrence and punishment of wrongful behavior--would be precise and specific in defining the targeted conduct. A meaningful response would carefully navigate the shoals of the First Amendment's protection of speech, acknowledging that some terrible behavior committed through speech must be curtailed through educating, socializing, and stigmatizing perpetrators rather than criminalizing and censoring their speech.

Legislators may find it difficult to address all the First Amendment ramifications of criminalizing cyberbullying, partly because the term itself potentially obscures analysis. Cyberbullying is an umbrella term that covers a wide variety of behaviors, including threats, stalking, harassment, eavesdropping, spoofing (impersonation), libel, invasion of privacy, fighting words, rumor-mongering, name-calling, and social exclusion. The First Amendment constraints on criminalizing the speech behavior involved in cyberbullying depends on which category of speech behavior is involved. Some of these behaviors, such as issuing "true threats" to harm another person or taunting them with "fighting words," lie outside the protection of the First Amendment. (See Virginia v. Black and Chaplinsky v. New Hampshire; but see R.A.V and my extended analysis here.). Some other behaviors that may cause deep emotional harm, such as name-calling, are just as clearly protected by the First Amendment in most contexts. (Compare, e.g., Cohen v. California with FCC v. Pacifica).

But context matters profoundly in determining the scope of First Amendment protection of speech. Speech in schools and workplaces can be regulated in ways that speech in public spaces cannot (See, e.g., Bethel School Dist. No. 403 v. Fraser). Even within schools, the speech of younger minors can be regulated in ways that speech of older minors cannot (Cf. Hazelwood with Joyner v. Whiting (4th Cir)) , and speech that is part of the school curriculum can be regulated in ways that political speech cannot. (Compare, e.g., Tinker with Hazelwood). Outside the school setting, speech on matters of public concern receives far more First Amendment protection than speech dealing with other matters, even when such speech causes tremendous emotional upset. (See Snyder v. Phelps). But speech targeted at children likely can be regulated in ways that speech targeted at adults cannot, given the high and possibly compelling state interest in protecting the well-being of at least younger minors. (But see Brown v. Ent. Merchants Ass'n). Finally, even though a single instance of offensive speech may be protected by the First Amendment, the same speech repeated enough times might become conduct subject to criminalization without exceeding constitutional constraints. (See Pacifica and the lower court cases cited here).

Any attempt to use criminal law to address the social phenomenon should probably start with the jurisprudential question of which aspects of cyberbullying are best addressed by criminal law, which are best addressed by other bodies of law, and which are best left to non-legal control. Once that question is answered, criminalization of cyberbullying should proceed by identifying the various forms cyberbullying can take and then researching the specific First Amendment constraints, if any, on criminalizing that form of behavior or speech. This approach should lead legislators to criminalize only particularly problematic forms of narrowly defined cyberbullying, such as . While introducing narrow legislation of this sort may not be as satisfying as criminalizing "adolescent cruelty," it is far more likely to withstand constitutional scrutiny and become a meaningful tool to combat serious harms.

Proposals to criminalize cyberbullying often seem to proceed from the notion that we will know it when we see it. In fact, most of us probably will: we all recognize the social problem of cyberbullying, defined as engaging in electronic communication that transgresses social norms and inflicts emotional distress on its targets. But criminal law cannot be used to punish every social transgression, especially when many of those transgressions are committed through speech, a substantial portion of which may be protected by the First Amendment.

[FYI: This blog post is the underpinning of a talk I'm giving at the Missouri Law Review's Symposium on Cyberbullying later in the week, and a greatly expanded and probably significantly changed version will ultimately appear in the Missouri Law Review, so I'd particularly appreciate comments. In the article, I expect to create a more detailed First Amendment guide for conscientious lawmakers seeking to regulate cyberbullying. I am especially excited about the symposium because it includes mental health researchers and experts as well as law professors. Participants include Barry McDonald (Pepperdine), Ari Waldman (Cal. Western), John Palfrey (Berkman Center at HLS), Melissa Holt (B.U.), Mark Small (Clemson), Philip Rodkin (U. Ill.), Susan P. Limber (Clemson), Daniel Weddle (UMKC), and Joew Laramie (consultant/former direction of Missouri A.G. Internet Crimes Against Children Taskforce).]

Posted by Lyrissa Lidsky on February 8, 2012 at 08:37 AM in Constitutional thoughts, Criminal Law, Current Affairs, First Amendment, Information and Technology, Lyrissa Lidsky, Web/Tech | Permalink | Comments (8) | TrackBack

Monday, December 19, 2011

Breaking the Net

Mark Lemley, David Post, and Dave Levine have an excellent article in the Stanford Law Review Online, Don't Break the Internet. It explains why proposed legislation, such as SOPA and PROTECT IP, is so badly-designed and pernicious. It's not quite clear what is happening with SOPA, but it appears to be scheduled for mark-up this week. SOPA has, ironically, generated some highly thoughtful writing and commentary - I recently read pieces by Marvin Ammori, Zach Carter, Rebecca MacKinnon / Ivan Sigal, and Rob Fischer.

There are two additional, disturbing developments. First, the public choice problems that Jessica Litman identifies with copyright legislation more generally are manifestly evident in SOPA: Rep. Lamar Smith, the SOPA sponsor, gets more campaign donations from the TV / movie / music industries than any other source. He's not the only one. These bills are rent-seeking by politically powerful industries; those campaign donations are hardly altruistic. The 99% - the people who use the Internet - don't get a seat at the bargaining table when these bills are drafted, negotiated, and pushed forward. 

Second, representatives such as Mel Watt and Maxine Waters have not only admitted to ignorance about how the Internet works, but have been proud of that fact. They've been dismissive of technical experts such as Vint Cerf - he's only the father of TCP/IP - and folks such as Steve King of Iowa can't even be bothered to pay attention to debate over the bill. I don't mind that our Congresspeople are not knowledgeable about every subject they must consider - there are simply too many - but I am both concerned and offended that legislators like Watt and Waters are proud of being fools. This is what breeds inattention to serious cybersecurity problems while lawmakers freak out over terrorists on Twitter. (If I could have one wish for Christmas, it would be that every terrorist would use Twitter. The number of Navy SEALs following them would be... sizeable.) It is worrisome when our lawmakers not only don't know how their proposals will affect the most important communications platform in human history, but overtly don't care. Ignorance is not bliss, it is embarrassment.

Cross-posted at Info/Law.

Posted by Derek Bambauer on December 19, 2011 at 01:49 PM in Blogging, Constitutional thoughts, Corporate, Current Affairs, Film, First Amendment, Information and Technology, Intellectual Property, Law and Politics, Music, Property, Television, Web/Tech | Permalink | Comments (1) | TrackBack

Wednesday, December 14, 2011

Six Things Wrong with SOPA

America is moving to censor the Internet. The PROTECT IP and Stop Online Piracy Acts have received considerable attention in the legal and tech world; SOPA's markup in the House occurs tomorrow. I'm not opposed to blacklisting Internet sites on principle; however, I think that thoughtful procedural protections are vital to doing so in a legitimate way. Let me offer six things that are wrong with SOPA and PROTECT IP: they harm cybersecurity, are wildly overbroad and vague, enable unconstitutional prior restraint, undercut American credibility on Internet freedom, damage a well-working system for online infringement, and lack any empirical justification whatsoever. And, let me address briefly Floyd Abrams's letter in support of PROTECT IP, as it is frequently adverted to by supporters of the legislation. (The one-word summary: "sellout." The longer summary: The PROTECT IP letter will be to Abrams' career what the Transformersmovie was to that of Orson Welles.)

  1. Cybersecurity - the bills make cybersecurity worse. The most significant risk is that they impede - in fact, they'd prevent - the deployment of DNSSEC, which is vitally important to reducing phishing, man-in-the-middle attacks, and similar threats. Technical experts are unanimous on this - see, for example, Sandia National Laboratories, or Steve CrockerPaul Vixie / Dan Kaminsky et al. Idiots, like the MPAA's Michael O'Leary, disagree, and simply assert that "the codes change." (This is what I call "magic elf" thinking: we can just get magic elves to change the Internet to solve all of our problems. Congress does this, too, as when it includes imaginary age-verifying technologies in Internet legislation.) Both bills would mandate that ISPs redirect users away from targeted sites, to government warning notices such as those employed in domain name seizure cases. But, this is exactly what DNSSEC seeks to prevent - it ensures that the only content returned in response to a request for a Web site is that authorized by the site's owner. There are similar problems with IP-based redirection, as Pakistan's inadvertent hijacking of YouTube demonstrated. It is ironic that at a time when the Obama administration has designated cybersecurity as a major priority, Congress is prepared to adopt legislation that makes the Net markedly less secure.
  2. Wildly overbroad and vague- the legislation (particularly SOPA) is a blunderbuss, not a scalpel. Sites eligible for censoring include those:
    •  
      • primarily designed or operated for copyright infringement, trademark infringement, or DMCA § 1201 infringement
      • with a limited purpose or use other than such infringement
      • that facilitate or enable such infringement
      • that promote their use to engage in infringement
      • that take deliberate actions to avoid confirming high probability of such use

    If Flickr, Dropbox, and YouTube were located overseas, they would plainly qualify. Targeting sites that "facilitate or enable" infringement is particularly worrisome - this charge can be brought against a huge range of sites, such as proxy services or anonymizers. User-generated content sites are clearly dead. And the vagueness inherent in these terms means two things: a wave of litigation as courts try to sort out what the terminology means, and a chilling of innovation by tech startups.

  3. Unconstitutional prior restraint - the legislation engages in unconstitutional prior restraint. On filing an action, the Attorney General can obtain an injunction that mandates blocking of a site, or the cutoff of advertising and financial services to it - before the site's owner has had a chance to answer, or even appear. This is exactly backwards: the Constitution teaches that the government cannot censor speech until it has made the necessary showing, in an adversarial proceeding - typically under strict scrutiny. Even under the more relaxed, intermediate scrutiny that characterizes review of IP law, censorship based solely on the government's say-so is forbidden. The prior restraint problem is worsened as the bills target the entire site via its domain name, rather than focusing on individualized infringing content, as the DMCA does. Finally, SOPA's mandatory notice-and-takedown procedure is entirely one-sided: it requires intermediaries to cease doing business with alleged infringers, but does not create any counter-notification akin to Section 512(g) of the DMCA. The bills tilt the table towards censorship. They're unconstitutional, although it may well take long and expensive litigation to demonstrate that.
  4. Undercuts America's moral legitimacy - there is an irreconciliable tension between these bills and the position of the Obama administration - especially Secretary of State Hillary Clinton - on Internet freedom. States such as Iran also mandate blocking of unlawful content; that's why Iran blocked our "virtual embassy" there. America surrenders the rhetorical and moral advantage when it, too, censors on-line content with minimal process. SOPA goes one step farther: it permits injunctions against technologies that circumvent blocking - such as those funded by the State Department. This is fine with SOPA adherents; the MPAA's Chris Dodd is a fan of Chinese-style censorship. But it ought to worry the rest of us, who have a stake in uncensored Internet communication.
  5. Undercuts DMCA - the notice-and-takedown provisions of the DMCA are reasonably well-working. They're predictable, they scale for both discovering infringing content and removing it, and they enable innovation, such as both YouTube itself and YouTube's system of monetizing potentially infringing content. The bills shift the burden of enforcement from IP owners - which is where it has traditionally rested, and where it belongs - onto intermediaries. SOPA in particular increases the burden, since sites must respond within 5 days of a notification of claimed infringement, with no exception for holidays or weekends. The content industries do not like the DMCA. That is no evidence at all that it is not functioning well.
  6. No empirical evidence - put simply, there is no empirical data suggesting these bills are necessary. The content industries routinely throw around made-up numbers, but they have been frequently debunked. How important are losses from foreign sites that are beyond the reach of standard infringement litigation, versus losses from domestic P2P networks, physical infringement, and the like? Data from places like Switzerland suggests that losses are, at best, minimal. If Hollywood wants America to censor the Internet, it needs to make a convincing case based on actual data, and not moronic analogies to stealing things off trucks. The bills, at their core, are rent-seeking: they would rewrite the law and alter fundamentally Internet free expression to benefit relatively small yet politically powerful industries. (It's no shock two key Congressional aides who worked on the legislation have taken jobs in Hollywood - they're just following Mitch Glazier, Dan Glickman, and Chris Dodd through the revolving door.) The bills are likely to impede innovation by the far larger information technology industry, and indeed to drive some economic activity in IT offshore.

The bills are bad policy and bad law. And yet I expect one of them to pass and be signed into law. Lastly, the Abrams letter: Noted First Amendment attorney Floyd Abrams wrote a letter in favor of PROTECT IP. Abrams's letter is long, but surprisingly thin on substantive legal analysis of PROTECT IP's provisions. It looks like advocacy, but in reality, it is Abrams selling his (fading) reputation as a First Amendment defender to Hollywood. The letter rehearses standard copyright and First Amendment doctrine, and then tries to portray PROTECT IP as a bill firmly in line with First Amendment jurisprudence. It isn't, as Marvin Ammori and Larry Tribe note, and Abrams embarrasses himself by pretending otherwise. Having the government target Internet sites for pre-emptive censorship, and permitting them to do so before a hearing on the merits, is extraordinary. It is error-prone - look at Dajaz1 and mooo.com. And it runs afoul of not only traditional First Amendment doctrine, but in particular the current Court's heightened protection of speech in a wave of cases last term. Injunctions affecting speech are different in character than injunctions affecting other things, such as conduct, and even the cases that Abrams cites (such as Universal City Studios v. Corley) acknowledge this. According to Abrams, the constitutionality of PROTECT IP is an easy call. That's only true if you're Hollywood's sockpuppet. Thoughtful analysis is far harder.

Cross-posted at Info/Law.

Posted by Derek Bambauer on December 14, 2011 at 09:07 PM in Constitutional thoughts, Culture, Current Affairs, Film, First Amendment, Information and Technology, Intellectual Property, Law and Politics, Music, Property, Web/Tech | Permalink | Comments (1) | TrackBack

Tuesday, December 06, 2011

Revisiting the Scary CFAA

Last April, I blogged about the Nosal case, which led to the scary result that just about any breach of contract on the internet can potentially be a criminal access to a protected computer. I discuss the case in extensive detail in that post, so I won't repeat it here. The gist is that employees who had access to a server in their ordinary course of work were held to have exceeded their authorization when they accessed that same server with the intent of funneling information out to a competitive ex-employee. The scary extension is that anyone breaching a contract with a web provider might then be considered to be accessing the web server in excess of authorization, and therefore committing a crime.

I'm happy to report that Nosal is now being reheard in the Ninth Circuit. I'm hopeful that the court will do something to rein in the case.

I think most of my colleagues agree with me that the broad interpretation of the statute is a scary one. Where some depart, though, is on the interpretive question. As you'll see in the comments to my last post, there is some disagreement about how to interpret the statute and whether it is void for vagueness. I want to address some of the continuing disagreement after the jump.

I think there are three ways to look at Nosal:

    1. The ruling was right, and the extension to all web users is fine (ouch);

    2. The ruling was right as to the Nosal parties, but should not be extended to all web users; and

    3. The ruling was not right as to the Nosal parties, and also wrong as to all web users.

I believe where I diverge from many of my cyberlaw colleagues is that I fall into group two. I hope to explain why, and perhaps suggest a way forward. Note that I'm not a con law guy, and I'm not a crim law guy, but I am a internet statute guy, so I call the statutory interpretation like I see it.

I want to focus on the notion of authorization. The statute at issue, the Computer Fraud and Abuse Act (or CFAA)  outlaws obtaining information from networked computers if one "intentionally accesses a computer without authorization or exceeds authorized access."

Orin Kerr, a leader in this area, wrote a great post yesterday that did two things. First, it rejected tort based tresspass rules like implied consent as too vague for a criminal statute. On this, I agree. Second, it defined "authorization" with respect to other criminal law treatment of consent. In short, the idea is if you consent to access in the first place, then doing bad things in violation of the promises made is does not mean lack of consent to access. On this, I agree as well.

But here's the rub: the statute says "without authorization or exceeds authorized access." And this second phrase has to mean something. The goal, for me at least, is that it covers the Nosal case but not the broad range of activity on the internet. Professor Kerr, I suspect, would say that the only way to do that is for it to be vague, and if so, then the statute must be vague.

I'm OK with the court going that way, but here's my problem with the argument. The statute isn't necessarily vague. Let's say that the scary broad interpretation fron Nosal means that every breach of contract is now a criminal act on the web. That's not vague. Breach a contract, then you're liable; there's no wondering whether you have committed a crime or not. 

Of course, the contract might be vague, but that's a factual issue that can be litigated. It is not unheard of to have a crime based on failure to live up to an agreement to do something. A dispute about what the agreement was is not the same as being vague. Does that mean I like it? No. Does that mean it's crazy overbroad? Yes. Does that mean everyone's at risk and someone should do something about this nutty statute? Absolutely.

Now, here is where some vagueness comes in - only some breaches lead to exceeded access, and some don't. How are we to decide which is which? The argument Professor Kerr takes on is tying it to trespass, and I agree that doesn't work.

So, I return to my suggestion from several months ago - we should look to the terms of authorization of access to see whether they have been exceeded. This means that if you are an employee who accesses information for a purpose you know is not authorized, then you are exceeding authorization. It also means that if the terms of service on a website say explicitly that you must be truthful about your age or you are not authorized to access the site, then you are unauthorized. And that's not always an unreasonable access limitation.  If there were a kids only website that excluded adults, I might well want to criminalize access obtained by people lying about their age. That doesn't mean all access terms are reasonable, but I'm not troubled by that from a statutory interpretation standpoint.

I'm sure one can attack this as vague - it won't always be clear when a term is tied to authorization. But then again, if it is not a clear term of authorization, the state shouldn't be able to prove that authorization was exceeded. This does mean that snoops all over and people who don't read web site terms (me included) are at risk for violating terms of access we never saw or agreed to. I don't like that part of the law, and it should be changed. I'm fine with making it more limiting in ways that Professor Kerr and others have suggested.

But I don't know that it is invalid as vague - there are lots of things that may be illegal that people don't even know are on the books. Terms of service, at least, people have at least some chance of knowing and choose not to. That doesn't mean it isn't scary, because I don't see behavior (including my own) changing anytime soon.

Posted by Michael Risch on December 6, 2011 at 05:18 PM in Information and Technology, Web/Tech | Permalink | Comments (8) | TrackBack

Sunday, November 27, 2011

Threading the Needle

Imagine that Ron Wyden fails: either PROTECT IP or SoPA / E-PARASITE passes and is signed into law by President Obama. Advocacy groups such as the EFF would launch an immediate constitutional challenge to the bill’s censorship mandates. I believe the outcome of such litigation is far less certain than either side believes. American censorship legislation would keep lots of lawyers employed (always a good thing in a down economy), and might generate some useful First Amendment jurisprudence. Let me sketch three areas of uncertainty that the courts would have to resolve, and that improve the odds that such a bill would survive.

First, how high is the constitutional barrier to the legislation? Both bills look like systems of prior restraint, which loads the government with a “heavy presumption” against their constitutionality . The Supreme Court’s jurisprudence in the two most relevant prior cases, Reno v. ACLU and Ashcroft v. ACLU, applied strict scrutiny: laws must serve a compelling government interest, and be narrowly tailored to that interest. This looks bad for the state, but wait: we’re dealing with laws regulating intellectual property, and such laws draw intermediate scrutiny at most. This is what I call the IP loophole in the First Amendment. Copyright law, for example, enjoys more lenient treatment under free speech examination because the law has built-in safeguards such as fair use, the idea-expression dichotomy, and the (ever-lengthening) limited term of rights.

Moreover, it’s not certain that the bills even regulate speech. Here, I mean “speech” in its First Amendment sense, not the colloquial one. Burning one’s draft card at a protest seems like speech to most of us – the anti-war message is embodied within the act – but the Supreme Court views it as conduct. And conduct can be regulated so long as the government meets the minimal strictures of rational review. The two bills focus on domain name filtering – they impede users from reaching certain on-line material, but formally limit only the conversion of domain name to IP address by an Internet service provider. (I’m skipping over the requirement that search engines de-list such sites, which is a much clearer case of regulating speech.) DNS lookups seem akin to conduct, although the Court’s precedent in this area is hardly a model of lucidity. (Burning the American flag = speech; burning a draft card = conduct. QED.) Other courts have struggled, most notably in the context of the anti-circumvention provisions of the Digital Millennium Copyright Act, to categorize domain names as speech or not-speech, and thus far have found a kind of Hegelian duality to them. That suggests an intermediate level of scrutiny, which would resonate with the IP loophole analysis above.

Second, who has standing? It seems that our plaintiffs would need to find a site that conceded it met the definition of a site “dedicated to the theft of U.S. property.” That seems hard to do until filtering begins – at which point whatever ills the legislation creates will have materialized. (It might also expose the site to suits from affected IP owners.) Perhaps Internet service providers could bring a challenge based on either third-party standing (on behalf of their users, if we think users’ rights are implicated, or the foreign sites) or their own speech interests. However, I think it’s unlikely that users would have standing, particularly given the somewhat dilute harm of being unable to reach material on allegedly infringing sites. And, as described above, it’s not clear that ISPs have a speech interest at all: domain name services simply may be conduct. 

Finally, how can we distinguish E-PARASITE or PROTECT IP from similar legislation that passes constitutional muster? Section 1201 of the DMCA, for example, permits liability to be imposed not only on those who make tools for circumventing access controls available, but even on those who knowingly link to such tools on-line. The government can limit distribution of encryption technology – at least as object code – overseas, by treating it as a munition. And thus far, the federal government has been able to seize domain names under civil forfeiture provisions, with nary a quibble from the federal courts.

To be plain: I think both bills are terrible legislation. They’re certain to damage America’s technology innovation industries, which are the crown jewels of our economy and our future competitiveness. They turn over censorship decisions to private actors with no interest whatsoever in countervailing values such as free expression or, indeed, anything other than their own profit margins. And their procedural protections are utterly inadequate – in my view. But I think it is possible that these bills may thread the constitutional needle, particularly given the one-way ratchet of copyright protection before the federal courts. The decision in Ashcroft, for instance, found that end user filtering was a narrower alternative than the Children’s Online Protection Act. But end user filtering doesn’t work when the person installing the software is not a parent concerned about on-line filth, but one eager to download infringing movies. And that means that legislation may escape narrowness analysis as well. As I wrote in Orwell’s Armchair:

focusing only on content that is clearly unlawful – such as child pornography, obscenity, or intellectual property infringement – has constitutional benefits that can help a statute survive. These categories of material do not count as “speech” for First Amendment analysis, and hence the government need not satisfy strict scrutiny in attacking them. Recent bills seem to show that legislators have learned this lesson – the PROTECT IP Act, for example, targets only those Web sites with “no significant use other than engaging in, enabling, or facilitating” IP infringement. Banning only unprotected material could move censorial legislation past overbreadth objections.

So: the outcome of any litigation is not only highly uncertain, but more uncertain than free speech advocates believe. Please paint a more hopeful story for me, and tell me why I’m wrong.

Cross-posted at Info/Law.

 

Posted by Derek Bambauer on November 27, 2011 at 08:37 PM in Civil Procedure, Constitutional thoughts, Current Affairs, First Amendment, Information and Technology, Intellectual Property, Law and Politics, Web/Tech | Permalink | Comments (0) | TrackBack

Monday, November 21, 2011

How Not To Secure the Net

In the wake of credible allegations of hacking of a water utility, including physical damage, attention has turned to software security weaknesses. One might think that we'd want independent experts - call them whistleblowers, busticati, or hackers - out there testing, and reporting, important software bugs. But it turns out that overblown cease-and-desist letters still rule the day for software companies. Fortunately, when software vendor Carrier IQ attempted to misstate IP law to silence security researcher Trevor Eckhart, the EFF took up his cause. But this brings to mind three problems.

First, unfortunately, EFF doesn't scale. We need a larger-scale effort to represent threatened researchers. I've been thinking about how we might accomplish this, and would invite comments on the topic.

Second, IP law's strict liability, significant penalties, and increasing criminalization can create significant chilling effects for valuable security research. This is why Oliver Day and I propose a shield against IP claims for researchers who follow the responsible disclosure model.

Finally, vendors really need to have their general counsel run these efforts past outside counsel who know IP. Carrier IQ's C&D reads like a high school student did some basic Wikipedia research on copyright law and then ran the resulting letter through Google Translate (English to Lawyer). If this is the aptitude that Carrier IQ brings to IP, they'd better not be counting on their IP portfolio for their market cap.

When IP law suppresses valuable research, it demonstrates, in Oliver's words, that lawyers have hacked East Coast Code in a way it was not designed for. Props to EFF for hacking back.

Cross-posted at Info/Law.

Posted by Derek Bambauer on November 21, 2011 at 09:33 PM in Corporate, Current Affairs, First Amendment, Information and Technology, Intellectual Property, Science, Web/Tech | Permalink | Comments (2) | TrackBack

Friday, November 18, 2011

A Soap Impression of His Wife

As I previewed earlier this week, I want to talk about the copyright implications for 3D printers. A 3D printer is a device that can reproduce a 3-dimensional object by spraying layers of plastic, metal, or ceramic into a given shape. (I imagine the process smelling like those Mold-a-Rama plastic souvenir vending machines prevalent in many museums, a thought simultaneously nostalgic and sickening). Apparently, early adopters are already purchasing the first generation of 3D printers, and there are websites like Thingiverse where you can find plans for items you can print in your home, like these Tardis salt shakers.*

Tardis salt shakers

Perhaps unsurprisingly, there can be copyright implications. A recent NY Times blog post correctly notes that the 3D printer is primarily suited to reproduce what § 101 of the Copyright Act calls "useful articles," physical objects that have "an intrinsic utilitarian function," and which, by definition, receive no copyright protection...except when they do. 

 A useful article can include elements that are protectable as a "pictorial, graphic, [or] sculptural work." The elements are protectable to the extent "the pictorial, graphic, or sculptural features...can be identified separately from, and are capable of existing independently of, the utilitarian aspects of the article." There are half a dozen tests courts have employed to determine whether protectable features can be separated from utilitarian aspects. Courts have rejected copyright protection for mannequin torsos and the ubiquitous ribbon bike rack, but granted it for belt buckles with ornamental elements that were not a necessary part of a functioning belt.

Carol Vaquero 1


Print out a "functional" mannequin torso (or post your plans for it on the internet) and you should have no trouble. Post a schematic for the Vaquero belt buckle, and you may well be violating the copyright protection in the sculptural elements. But even that can be convoluted. The case law is mixed on how to think about 2D works derived from 3Dworks, and vice versa. A substantially similar 3D work can infringe a 2D graphic or pictorial work (Ideal Toy Corp. v. Kenner Prods. Div., 443 F. Supp. 291 (S.D.N.Y. 1977)), but constructing a building without permission from protectable architectural plans was not infringement, prior to a recent revision to the Copyright Act. Likewise, adrawing of a utilitarian item might be protectable as a drawing, but does not grant the copyright holder the right to control the manufacture of the item.

And if consumers are infringing, there is a significant risk that the manufacturer of the 3D printer could be vicariously or contributorily liable for that infringement. The famous Sony decision, which insulated the distribution of devices capable of commercially significant noninfringing uses, even if they could also be used for copyright infringement, has been narrowed both by recent Grokster filesharing decision and by the DMCA anticircumvention provisions. The easy, but unsatisfying takeaway is that 3D printers will keep copyright lawyers employed for years to come.

Back to the Tardis shakers, for a moment: the individual who posted them to the Thingiverse noted that the shaker "is derivative of thingiverse.com/thing:1528 and thingiverse.com/thing:12278", a Tardis sculpture and the lid of bottle, respectively. I found this striking for two reasons. First, it suggests a custom of attribution on thingiverse, but I don't yet have a sense for whether it's widespread. Second, if either of those first things are protectable as copyrighted works, (which seems more likely for the Tardis sculpture, and less so for the lid) then the Tardis salt shaker may be an unauthorized, and infringing, derivative work, and the decision to offer attribution perhaps unwise in retrospect.

* The TARDIS is the preferred means of locomotion of Doctor Who, the titular character of the long-running BBC science fiction program. It's a time machine / space ship disguised as a 1960s-era London police call box. The shape of the TARDIS, in its distinctive blue color, is protected by three registered trademarks in the UK.

 

Posted by Jake Linford on November 18, 2011 at 09:00 AM in Information and Technology, Intellectual Property, Television, Web/Tech | Permalink | Comments (0) | TrackBack

Thursday, November 17, 2011

Choosing Censorship

Yesterday, the House of Representatives held hearings on the Stop Online Piracy Act (it's being called SOPA, but I like E-PARASITE tons better). There's been a lot of good coverage in the media and on the blogs. Jason Mazzone had a great piece in TorrentFreak about SOPA, and see also stories about how the bill would re-write the DMCA, about Google's perspective, and about the Global Network Initiative's perspective.

My interest is in the public choice aspect of the hearings, and indeed the legislation. The tech sector dwarfs the movie and music industries economically - heck, the video game industry is bigger. Why, then, do we propose to censor the Internet to protect Hollywood's business model? I think there are two answers. First, these particular content industries are politically astute. They've effectively lobbied Congress for decades; Larry Lessig and Bill Patry among others have documented Jack Valenti's persuasive powers. They have more lobbyists and donate more money than companies like Google, Yahoo, and Facebook, which are neophytes at this game. 

Second, they have a simpler story: property rights good, theft bad. The AFL-CIO representative who testified said that "the First Amendment does not protect stealing goods off trucks." That is perfectly true, and of course perfectly irrelevant. (More accurately: it is idiotic, but the AFL-CIO is a useful idiot for pro-SOPA forces.) The anti-SOPA forces can wheel to a simple argument themselves - censorship is bad - but that's somewhat misleading, too. The more complicated, and accurate, arguments are that SOPA lacks sufficient procedural safeguards; that it will break DNSSEC, one of the most important cybersecurity moves in a decade; that it fatally undermines our ability to advocate credibly for Internet freedom in countries like China and Burma; and that IP infringement is not always harmful and not always undesirable. But those arguments don't fit on a bumper sticker or the lede in a news story.

I am interested in how we decide on censorship because I'm not an absolutist: I believe that censorship - prior restraint - can have a legitimate role in a democracy. But everything depends on the processes by which we arrive at decisions about what to censor, and how. Jessica Litman powerfully documents the tilted table of IP legislation in Digital Copyright. Her story is being replayed now with the debates over SOPA and PROTECT IP: we're rushing into decisions about censoring the most important and innovative medium in history to protect a few small, politically powerful interest groups. That's unwise. And the irony is that a completely undemocratic move - Ron Wyden's hold, and threatened filibuster, in the Senate - is the only thing that may force us into more fulsome consideration of this measure. I am having to think hard about my confidence in process as legitimating censorship.

Cross-posted at Info/Law.

Posted by Derek Bambauer on November 17, 2011 at 09:15 PM in Constitutional thoughts, Corporate, Culture, Current Affairs, Deliberation and voices, First Amendment, Information and Technology, Intellectual Property, Music, Property, Web/Tech | Permalink | Comments (9) | TrackBack

Tuesday, November 15, 2011

You Say You Want a Revolution

Two potentially revolutionary "disruptive technologies" were back in the news this week. The first is ReDigi, a marketplace for the sale of used "legally downloaded digital music." For over 100 years, copyright law has included a first sale doctrine, which says I can transfer "lawfully made" copy* (a material object in which a copyrighted work is fixed) by sale or other means, without permission of the copyright owner. The case law is codified at 17 U.S.C. § 109.

ReDigi says its marketplace falls squarely within the first sale limitation on the copyright owner's right to distribute, because it verifies that copies are "from a legitimate source," and it deletes the original from all the seller's devices. The Recording Industry Association of America has objected to ReDigi's characterization of the fair use claim on two primary grounds,** as seen in this cease and desist letter.

First, as ReDigi describes its technology, it makes a copy for the buyer, and deletes the original copy from the computer of the seller. The RIAA finds fault with the copying. Section 109 insulates against liability for unauthorized redistribution of a work, but not for making an unauthorized copy of a work. Second, the RIAA is unpersuaded there are ReDigi can guarantee that sellers are selling "lawfully made" digital files. ReDigi's initial response can be found here

At a first cut, ReDigi might find it difficult to ever satisfy the RIAA that it was only allowing the resale of lawfully made digital files. Whether it can satisfy a court is another matter. It might be easier for an authorized vendor, like iTunes or Kindle, to mark legitimate copies going forward, but probably not to detect prior infringement.

Still, verifying legitimate copies may be easier than shoehorning the "copy and delete" business model into the language of § 109. Deleting the original and moving a copy seems in line with the spirit of the law, but not its letter. Should that matter? ReDigi attempts to position itself as close as technologically possible to the framework spelled out in the statute, but that's a framework designed to handle the sale of physical objects that embody copyrightable works.

This is not the only area where complying with statutory requirements can tie businesses in knots. Courts have consistently struggled with how to think about digital files. In London-Sire Records v. Does, the court had to puzzle out whether a digital file can be a material object and thus a copy* distributed in violation of § 106(3). The policy question is easy to articulate, if reasonable minds still differ about the answer: is the sale and distribution of digital files something we want the copyright owner to control or not?

As a statutory matter, the court in London-Sire concluded that material didn't mean material in its sense as "a tangible object with a certain heft," but instead "as a medium in which a copyrighted work can be 'fixed.'" This definition is, of course, driven by the statute: copyright subsists once an original work of authorship is fixed in a tangible medium of expression from which it can be reproduced, and the Second Circuit has recently held in the Cablevision case that a work must also be fixed -- embodied in a copy or phonorecord for a period of more than transitory duration -- for infringement to occur. Policy intuitions may be clear, but fitting the solution in the statutory language sometimes is not. And a business model designed to fit existing statutory safe harbors might do things that appear otherwise nonsensical, like Cablevision's decision to keep individual copies of digital videos recorded by consumers on its servers, to avoid copyright liability.

Potentially even more disruptive is the 3D printer, prototypes of which already exist in the wild, and which I will talk more about tomorrow.

* Technically, a digital audio file is a phonorecord, and not a copy, but that's a distinction without a difference here.

** The RIAA also claims that ReDigi violates the exclusive right of public performance by playing 30 second samples of members' songs on its website, but that's not a first sale issue.

Posted by Jake Linford on November 15, 2011 at 04:22 PM in Information and Technology, Intellectual Property, Music, Web/Tech | Permalink | Comments (1) | TrackBack

Thursday, November 10, 2011

Cyber-Terror: Still Nothing to See Here

Cybersecurity is a hot policy / legal topic at the moment: the SEC recently issued guidance on cybersecurity reporting, defense contractors suffered a spear-phishing attack, the Office of the National Counterintelligence Executive issued a report on cyber-espionage, and Brazilian ISPs fell victim to DNS poisoning. (The last highlights a problem with E-PARASITE and PROTECT IP: if they inadvertently encourage Americans to use foreign DNS providers, they may worsen cybersecurity problems.) Cybersecurity is a moniker that covers a host of problems, from identity theft to denial of service attacks to theft of trade secrets. The challenges are real, and there are many of them. That's why it is disheartening to see otherwise knowledgeable experts focusing on chimerical targets.

For example, Eugene Kaspersky stated at the London Cyber Conference that "we are close, very close, to cyber terrorism. Perhaps already the criminals have sold their skills to the terrorists - and then...oh, God." FBI executive assistant director Shawn Henry said that attacks could "paralyze cities" and that "ultimately, people could die." Do these claims hold up? What, exactly, is it that cyber-terrorists are going to do? Engage in identity theft? Steal U.S. intellectual property? Those are somewhat worrisome, but where is the "terror" part? Terrorists support malevolent activities with all sorts of crimes. But that's "support," not "terror." Hysterics like Richard Clarke spout nonsense about shutting down air traffic control systems or blowing up power plants, but there is precisely zero evidence that even nation-states can do this sort of thing, let alone small, non-state actors. The "oh, God" part of Kaspersky's comment is a standard rhetorical trope in the apocalyptic discussions of cybersecurity. (I knock these down in Conundrum, coming out shortly in Minnesota Law Review.) And paralyzing a city isn't too hard: snowstorms do it routinely. The question is how likely such threats are to materialize, and whether the proposed answers (Henry thinks we should build a new, more secure Internet) make any sense.

There are at least two plausible reasons why otherwise rational people spout lurid doomsday scenarios instead of focusing on the mundane, technical, and challenging problems of networked information stores. First, and most cynically, they can make money from doing so. Kaspersky runs an Internet security company; Clarke is a cybersecurity consultant; former NSA director Mike McConnell works for a law firm that sells cybersecurity services to the government. I think there's something to this, but I'm not ready to accuse these people of being venal. I think a more likely explanation flows from Paul Ohm's Myth of the Superuser: many of these experts have seen what truly talented hackers can do, given sufficient time, resources, and information. They then extrapolate to a world where such skills are commonplace, and unrestrained by ethics, social pressures, or sheer rational actor deterrence. Combine that with the chance to peddle one's own wares, or books, to address the problems, and you get the sum of all fears. Cognitive bias matters.

The sky, though, is not falling. Melodrama won't help - in fact, it distracts us from the things we need to do: to create redundancy, to test recovery scenarios, to deploy more secure software, and to encourage a culture of testing (the classic "hacking"). We are not going to deploy a new Internet. We are not going to force everyone to get an Internet driver's license. Most cybersecurity improvements are going to be gradual and unremarkable, rather than involving Bruce Willis and an F-35. Or, to quote Frank Drebin, "Nothing to see here, please disperse!" Cross-posted at Info/Law.

Posted by Derek Bambauer on November 10, 2011 at 03:53 PM in Criminal Law, Current Affairs, Information and Technology, International Law, Web/Tech | Permalink | Comments (1) | TrackBack

Tuesday, November 08, 2011

Incendiary Speech and Social Media: An Essay

A draft of my essay, Incendiary Speech and Social Media, is now available on ssrn.  The abstract is below:

Incidents illustrating the incendiary capacity of social media have rekindled concerns about the "mismatch" between existing doctrinal categories and new types of dangerous speech. This Essay examines two such incidents, one in which an offensive tweet and YouTube video led a hostile audience to riot and murder, and the other in which a blogger urged his nameless, faceless audience to murder federal judges. One incident resulted in liability for the speaker, even though no violence occurred; the other did not lead to liability for the speaker even though at least thirty people died as a result of his words. An examination of both incidents reveals flaws in existing First Amendment doctrines. In particular, this examination raises questions about whether underlying assumptions made by current doctrine concerning how audiences respond to incitement, threats, or fighting words are confounded by the new reality social media create.

Posted by Lyrissa Lidsky on November 8, 2011 at 10:35 AM in Article Spotlight, Constitutional thoughts, Criminal Law, First Amendment, Lyrissa Lidsky, Web/Tech | Permalink | Comments (3) | TrackBack

Saturday, November 05, 2011

De-lousing E-PARASITE

The House of Representatives is considering the disturbingly-named E-PARASITE Act. The bill, which is intended to curb copyright infringment on-line, is similar to the Senate's PROTECT IP Act, but much much worse. It's as though George Lucas came out with the director's cut of "The Phantom Menace," but added in another half-hour of Jar Jar Binks

As with PROTECT IP, the provisions allowing the Attorney General to obtain a court order to block sites that engage in criminal copyright violations are, in theory, less objectionable. But they're quite problematic in their particulars. Let me give three examples.

First, the orders not only block access through ISPs, but also require search engines to de-list objectionable sites. That not only places a burden on Google, Bing, and other search sites, but it "vaporizes" (to use George Orwell's term) the targeted sites until they can prove they're licit. That has things exactly backwards: the government must prove that material is unlawful before restraining it. This aspect of the order is likely constitutionally infirm.

Second, the bill attacks circumvention as well: MAFIAAFire and its ilk become unlawful immediately. Filtering creep is inevitable: you have to target circumvention, and the scope of circumvention targeted widens with time. Proxy services like Anonymizer are likely next.

Finally, commentators have noted that the bill relies on DNS blocking, but they're actually underestimating its impact. The legislation says ISPs must take "technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States" to Web sites targeted under the bill, "including measures designed to prevent the domain name of the foreign infringing site (or portion thereof) from resolvingto that domain name's Internet protocol address." The definitional section of the bill says that "including" does not mean "limited to." In other words, if an ISP can engage in technically feasible, reasonable IP address blocking or URL blocking - which is increasingly possible with providers who employ deep packet inspection - it must do so. The bill, in other words, targets more than the DNS.

On the plus side, the bill does provide notice to users (the AG must specify text to display when users try to access the site), and it allows for amended orders to deal with the whack-a-mole problem of illegal content evading restrictions by changing domain names or Web hosting providers.

The private action section of the bill is extremely problematic. Under its provisions, YouTube is clearly unlawful, and neither advertising or payment providers would be able to transact business with it. The content industry doesn't like YouTube - see the Viacom litigation - but it's plainly a powerful and important innovation. This part of E-PARASITE targets sites "dedicated to the theft of U.S. property." (Side note: sorry, it's not theft. This is a rhetorical trope in the IP wars, but IP infringement simply is not the same as theft. Theft deals with rivalrous goods. In addition, physical property rights do not expire with time. If this is theft, why aren't copyright and patent expirations a regulatory taking? Why not just call it "property terrorism"?)

So, what defines such a site? It is:

  1. "primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates" violations of the Copyright Act, Title I of the Digital Millennium Copyright Act, or anti-counterfeiting laws; or,
  2. "is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out the acts that constitute a violation" of those laws; or, 
  3. the owner "operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation" of those laws.

That is an extraordinarily broad ambit. Would buying keywords, for example, that mention a popular brand constitute a violation? And how do we know what a site is "primarily designed for"? YouTube seems to have limited purpose or use other than facilitating copyright infringement. Heck, if the VCR were a Web site, it'd be unlawful, too. 

The bill purports to establish a DMCA-like regime for such sites: the IP owner provides notice, and the site's owner can challenge via counter-notification. But the defaults matter here, a lot: payment providers and advertisers must cease doing business with such sites unless the site owner counter-notifies, and even then, the IP owner can obtain an injunction to the same effect. Moreover, to counter-notify, a site owner must concede jurisdiction, which foreign sites will undoubtedly be reluctant to do. (Litigating in the U.S. is expensive, and the courts tend to be friendly towards local IP owners. See, for example, Judge Crotty's slipshod opinion in the Rojadirecta case.)

I've argued in a new paper that using direct, open, and transparent methods to censor the Internet is preferable to our current system of "soft" censorship via domain name seizures and backdoor arm-twisting of private firms, but E-PARASITE shows that it's entirely possible for hard censorship to be badly designed. The major problem is that it outsources censorship decisions to private companies. Prior restraint is an incredibly powerful tool, and we need the accountability that derives from having elected officials make these decisions. Private firms have one-sided incentives, as we've seen with DMCA take-downs

In short, the private action measures make it remarkably easy for IP owners to cut off funding for sites to which they object. These include Torrent tracker sites, on-line video sites, sites that host mash-ups, and so forth. The procedural provisions tilt the table strongly towards IP owners, including by establishing very short time periods by which advertisers and payment providers have to comply. Money matters: WikiLeaks is going under because of exactly these sort of tactics. 

America is getting into the Internet censorship business. We started down this path to deal with pornographic and obscene content; our focus has shifted to intellectual property. I've argued that this is because IP legislation draws lower First Amendment scrutiny than other speech restrictions, and interest groups are taking advantage of that loophole. It's strange to me that Congress would damage innovation on the Internet - only the most powerful communications medium since words on paper - to protect movies and music, which are relatively small-scale in the U.S. economy. But, as always with IP, the political economy matters. 

I predict that a bill like PROTECT IP or E-PARASITE will become law. Then, we'll fight out again what the First Amendment means on the Internet, and then the myth of America's free speech exceptionalism on-line will likely be dead.

Cross-posted at Info/Law.

Posted by Derek Bambauer on November 5, 2011 at 05:06 PM in Civil Procedure, Constitutional thoughts, Culture, Current Affairs, First Amendment, Information and Technology, Intellectual Property, Law and Politics, Music, Property, Web/Tech | Permalink | Comments (2) | TrackBack

Thursday, November 03, 2011

Why Don't We Do It In the Road?

In that White Album gem, "Why Don't We Do It In the Road?", Paul McCartney insinuated that whatever "it" was wouldn't matter because "no one will be watching us." The feeling of being watched can change the way in which one engages in an activity. Often, perceiving one's own behavior clearly is an essential step in changing that behavior.  

I've thought about this lately as I've tried to become more productive in my writing, and I'm drawn to resources that help me externalize my monitoring procress. There are various commitment mechanisms out there, which I've lumped roughly into three groups. Some are designed to make me more conscious of my own obligation to write. Other mechanisms are designed to bring outsiders on board, inviting /forcing me to give an account of my productivity or lack thereof to others. And some, like StickK, combine the second with the means to penalize me if I fail to perform.

Should I need tricks to write? Perhaps not, but even with the best of intentions, it's easy to get waylaid by the administrative and educational requirements of the job. Commitment mechanisms help me remember why I want to fill those precious moments of downtime with writing. Below the fold I'll discuss some methods I've tried in that first category, and problems that make them less than optimal for my purposes. Feel free to include your suggestions and experiences here, as well. Also note that over at Concurring Opinions, Kaimipono Wenger has started the first annual National Article Finishing Month, a commitment mechanism I have not yet tried (but just might). In subsequent posts, I'll tackle socializing techniques and my love / hate relationship with StickK.

Perhaps like many of you, I find the Internet to be a two-edged sword. While I can be more productive because so many resources are at my fingertips, I also waste too much time surfing the webs. I've tried commitment mechanisms that shut down the internet, but have so far found them lacking. I've tried Freedom, which kills the entire internet for a designated period of time. That's helpful to an extent, although I store my documents on Dropbox, so my work moves with me from home to office without the need to keep track of a usb drive. While Dropbox should automatically synch once Freedom stops running, I've found that hasn't been as smooth as I hoped. This in turn makes me hesitant to rely on Freedom.

What makes me even more hesitant to use Freedom is that I have to reboot my computer to get back to the internet every other time I use it. If you are not saving your work to the cloud, you may see that as a feature and not a bug.

I turned next to StayFocusd, a Chrome App that allows me to pick and choose websites to block. Stay Focusd reminds me when I'm out of free browsing time with a pop-up that dominates the screen, with a mild scold, like "Shouldn't you be working?" If you are the type to use multiple browsers for different purposes, however, Stay Focusd is only a Firefox window away from being relatively ineffectual.

The self-monitoring tool I've liked the best so far is Write or Die. You set the amount of time you want to write, the words you propose to generate, and you start writing. As I set it, if you stop typing for more than 10 seconds, the program makes irritating noises (babies crying, horns honking, etc.) until you start typing again. Write or Die is great for plowing through a first draft quickly, but is less effective if the goal is to refine text. This is part because the interface gives you bare bones text. I'm too cheap to download the product, which has more bells and whistles than the free online version (like the ability to italicize text). In addition, in the time it takes to think about the line I'm rewriting, the babies begin to howl again. 

So, what commitment mechanisms do you use when you don't feel like writing?

 

Posted by Jake Linford on November 3, 2011 at 09:00 AM in Information and Technology, Life of Law Schools, Web/Tech | Permalink | Comments (0) | TrackBack

Wednesday, October 26, 2011

How Baseball Made Me a Pirate

Major League Baseball has made me a pirate, with no regrets.

Nick Ross, on Australia's ABC, makes "The Case for Piracy." His article argues that piracy often results, essentially, from market failure: customers are willing to pay content owners for access to material, and the content owners refuse - because they can't be bothered to serve that market or geography, because they are trying to force consumers onto another platform, or because they are trying to leverage interest in, say, Premier League matches as a means of getting cable customers to buy the Golf Network. The music industry made exactly these mistakes before the combination of Napster and iTunes forced them into better behavior: MusicNow and Pressplay were expensive disasters, loaded with DRM restrictions and focused on preventing any possible re-use of content rather than delivering actual value. TV content owners are now making the same mistake.

Take, for example, MLB. I tried to purchase a plan to watch the baseball playoffs on mlb.com - I don't own a TV, and it's a bit awkward to hang out at the local pub for 3 hours. MLB didn't make it obvious how to do this. Eventually, I clicked a plan that indicated it would allow me to watch the entire postseason for $19.99, and gladly put in my credit card number.

My mistake. It turns out that option is apparently for non-U.S. customers. I learned this the hard way when I tried to watch an ALDS game, only to get... nothing. No content, except an ad that tried to get me to buy an additional plan. That's right, for my $19.99, I receive literally nothing of value. When I e-mailed MLB Customer Service to try to get a refund, here's the answer I received: "Dear Valued Subscriber: Your request for a refund in connection with your 2011 MLB.TV Postseason Package subscription has been denied in accordance with the terms of your purchase." Apparently the terms allow fraud.

Naturally, I'm going to dispute the charge with my credit card company. But here's the thing: I love baseball. I would gladly pay MLB to watch the postseason on-line. And yet there's no way to do so, legally. In fact, apparently the only people who can are folks outside the U.S. And if you try to give them your money anyway, they'll take it, and then tell you how valued you are. But you're not.

So, I'm finding ways to watch MLB anyway. If you have suggestions or tips, offer 'em in the comments - there must be a Rojadirecta for baseball. And next season, when I want to watch the Red Sox, that's the medium I'll use - not MLB's Extra Innings. MLB has turned me into a pirate, with no regrets.

Cross-posted at Info/Law.

Posted by Derek Bambauer on October 26, 2011 at 07:48 PM in Criminal Law, Culture, Information and Technology, Intellectual Property, International Law, Music, Odd World, Sports, Television, Web/Tech | Permalink | Comments (34) | TrackBack

Thursday, October 20, 2011

Policing Copyright Infringement on the Net

Mark Lemley has a smart editorial up at Law.com on the hearings at the Second Circuit Court of Appeals in Viacom v. YouTube. The question is, formally, one of interpreting Title II of the Digital Millennium Copyright Act (17 U.S.C. 512), and determining whether YouTube meets the statutory requirements for immunity from liability. But this is really a fight about how much on-line service providers must do to police, or protect against, copyright infringement. Mark, and the district court in the case, think that Congress answered this question rather clearly: services such as YouTube need to respond promptly to notifications of claimed infringement, and to avoid business models where they profit directly from infringement. The fact that a site attracts infringing content (which YouTube indubitably does) can't wipe out the safe harbor, because then the DMCA would be a nullity. It may be that the burden of policing copyrights should fall more heavily on services such as YouTube than it currently does. But, if that's the case, Viacom should be lobbying Congress, not the Second Circuit. I predict a clean win for YouTube.

Posted by Derek Bambauer on October 20, 2011 at 05:52 PM in Corporate, Current Affairs, Information and Technology, Intellectual Property, Music, Web/Tech | Permalink | Comments (0) | TrackBack

Monday, October 17, 2011

The Myth of Cyberterror

UPI's article on cyberterrorism helpfully states the obvious: there's no such thing. This is in sharp contrast to the rhetoric in cybersecurity discussions, which highlights purported threats from terrorists to the power grid, the transportation system, and even the ability to play Space Invaders using the lights of skyscrapers. It's all quite entertaining, except for 2 problems: 1) perception frequently drives policy, and 2) all of these risks are chimerical. Yes, non-state actors are capable of defacing Web sites and even launching denial of service attacks, but that's a far cry from train bombings or shootings in hotels

The response from some quarters is that, while terrorists do not currently have the capability to execute devastating cyberattacks, they will at some point, and so we should act now. I find this unsatisfying. Law rarely imposes large current costs, such as changing how the Internet's core protocols run, to address remote risks of uncertain (but low) incidence and uncertain magnitude. In 2009, nearly 31,000 people died in highway car crashes, but we don't require people to drive tanks. (And, few people choose to do so, except for Hummer employees.)

Why, then, the continued focus on cyberterror? I think there are four reasons. First, terror is the policy issue of the moment: connecting to it both focuses people's attention and draws funding. Second, we're in an age of rapid and constant technological change, which always produces some level of associated fear. Few of us understand how BGP works, or why its lack of built-in authentication creates risk, and we are afraid of the unknown. Third, terror attacks are like shark attacks. We are afraid of dying in highly gory or horrific fashion, rather than basing our worries on actual incidence of harm (compare our fear of terrorists versus our fear of bad drivers, and then look at the underlying number of fatalities in each category). Lastly, cybersecurity is a battleground not merely for machines but for money. Federal agencies, defense contractors, and software companies all hold a stake in concentrating attention on cyber-risks and offering their wares as a means of remediating them.

So what should we do at this point? For cyberterror, the answer is "nothing," or at least nothing that we wouldn't do anyway. Preventing cyberattacks by terrorists, nation states, and spies all involve the same things, as I argue in Conundrum. But: this approach gets called "naive" with some regularity, so I'd be interested in your take...

Posted by Derek Bambauer on October 17, 2011 at 04:43 PM in Criminal Law, Current Affairs, Information and Technology, International Law, Law and Politics, Science, Web/Tech | Permalink | Comments (7) | TrackBack

Friday, October 14, 2011

Behind the Scenes of Six Strikes

Wired has a story on the cozy relationship between content industries and the Obama administration, which resulted in the deployment of the new "six strikes" plan to combat on-line copyright infringement. Internet security and privacy researcher Chris Soghoian obtained e-mail communication between administration officials and industry via a Freedom of Information Act (FoIA) request. (Disclosure: Jonathan Askin and I represent Chris in his appeal regarding this FoIA request.) The e-mails demonstrate vividly what everyone suspected: Hollywood - in the form of the music and movie industries - has an administration eager to be helpful, including by pressuring ISPs. Stay tuned.

Posted by Derek Bambauer on October 14, 2011 at 11:10 AM in Blogging, Culture, Current Affairs, Film, Information and Technology, Intellectual Property, Judicial Process, Law and Politics, Music, Web/Tech | Permalink | Comments (0) | TrackBack

Thursday, October 13, 2011

The Pirates' Code

There have been a number of attempts to alter consumer norms about copyright infringement (especially those of teenagers). The MPAA has its campaigns; the BSA has its ferret; and now New York City has a crowdsourced initiative to design a new public service announcement. At first blush, the plan looks smart: rather than have studio executives try to figure out what will appeal to kids (Sorcerer's Apprentice, anyone?), leave it to the kids themselves.

On further inspection, though, the plan seems a bit shaky. First, it's not actually a NYC campaign: the Bloomberg administration is sockpuppeting for NBC Universal. Second, why is the City even spending scarce taxpayer funds on this? Copyright enforcement is primarily private, although the Obama administration is lending a helping hand. Third, is this the most effective tactic? It seems more efficient to go after the street vendors who sell bootleg DVDs, for example - I can buy a Blockbuster Video store's worth of movies just by walking out the front door of my office. 

Yogi Berra (or was it Niels Bohr?) said that the hardest thing to predict is the future. And the hardest thing about norms is changing them. Larry Lessig's New Chicago framework not only points to the power of norms regulation (along the lines of Bob Ellickson), but suggests that norms are effectively free - no one has to pay to enforce them. This makes them attractive as a means of regulation. The problem, though, is that norms tend to be resistant to overt efforts to shift them. Think of how long it took to change norms around smoking - a practice proven to kill you - and you'll appreciate the scope of the challenge. The Bloomberg administration should save its resources for moving snow this winter...

Posted by Derek Bambauer on October 13, 2011 at 06:52 PM in Film, Information and Technology, Intellectual Property, Music, Property, Television, Web/Tech | Permalink | Comments (5) | TrackBack

Monday, October 10, 2011

Spying, Skynet, and Cybersecurity

The drones used by the U.S. Air Force have been infected by malware - reportedly, a program that logs the commands transmitted from the pilots' computers at a base in Nevada to the drones flying over Iraq and Afghanistan. This has led to comparisons to Skynet, particularly since the Terminators' network was supposed to become self-aware in April. While I think we don't yet need to stock up on robot-sniffing dogs, the malware situation is worrisome, for three reasons.

First, the military is aware of the virus's presence, but is reportedly unable to prevent it from re-installing itself even after they clean off the computers' drives. Wired reports that re-building the computers is time-consuming. That's undoubtedly true, but cyber-threats are an increasing part of warfare, and they'll soon be ubiquitous. I've argued that resilience is a critical component of cybersecurity. The Department of Defense needs to assume that their systems will be compromised - because they will - and to plan for recovery. Prevention is impossible; remediation is vital.

Second, the malware took hold despite the air gap between the drones' network and the public Internet. The idea of separate, isolated networks is a very attractive one in security, but it's false comfort. In a world where flash drives are ubiquitous, where iPods can store files, and where one can download sensitive data onto a Lady Gaga CD, information will inevitably cross the gap. Separation may be sensible as one security measure, but it is not a panacea.

Lastly, the Air Force is the branch of the armed forces currently in the lead in terms of cyberspace and cybersecurity initiatives. If they can't solve this problem, do we want them taking the lead on this new dimension of the battlefield?

It's not clear how seriously the drones' network has been compromised - security breaches have occurred before. But cybersecurity is difficult. We saw the first true cyberweapon in Stuxnet, which damaged Iran's nuclear centrifuges and set back its uranium enrichment program. That program too looked benign, on first inspection. Let's hope the program here is closer to Kyle Reese than a T-1000.

Posted by Derek Bambauer on October 10, 2011 at 05:55 PM in Information and Technology, International Law, Web/Tech | Permalink | Comments (2) | TrackBack

Tuesday, October 04, 2011

America Censors the Internet

If you're an on-line poker player, a fan of the Premier League, or someone who'd like to visit Cuba, you probably already know this. Most people, though, aren't aware that America censors the Internet. Lawyers tend to believe that a pair of Supreme Court cases, Reno v. ACLU (1997) and Ashcroft v. ACLU (2004), permanently interred government censorship of the Net in the U.S. Not so.

In a new paper, Orwell's Armchair (forthcoming in the University of Chicago Law Review), I argue that government censors retain a potent set of tools to block disfavored on-line content, from using unrelated laws (like civil forfeiture statutes) as a pretext to paying intermediaries to filter to pressuring private actors into blocking. These methods are not only indirect, they are less legitimate than overt, transparent regulation of Internet content. In the piece, I analyze the constraints that exist to check such soft censorship, and find that they are weak at best. So, I argue, if we're going to censor the Internet, let's be clear about it: the paper concludes by proposing elements of a prior restraint statute for on-line content that could both operate legitimately and survive constitutional scrutiny. 

Jerry Brito of George Mason University's Mercatus Center kindly interviewed me about the issues the article raises for his Surprisingly Free podcast. It's worth a listen, even though my voice is surprisingly annoying.

Cross-posted at Info/Law.

Posted by Derek Bambauer on October 4, 2011 at 06:14 PM in Civil Procedure, Constitutional thoughts, Current Affairs, First Amendment, Information and Technology, Intellectual Property, Law and Politics, Web/Tech | Permalink | Comments (3) | TrackBack

Friday, July 29, 2011

A Plan for Forking Wikipedia to Provide a Reliable Secondary Source on Law

Wikipedia_rate_this_page

Recently Wikipedia rolled out a feedback feature (example at right) that allows readers to rate the page they are looking at. You can give the page a score from one to five in each of four categories: Trustworthy, Objective, Complete, and Well-written. Then, there's an optional box you can check that says "I am highly knowledgeable about this topic."

This may be good for flagging pages that need work. But, of course, Wikipedia's trustworthiness problem is not going to be solved by anonymous users, self-declared to be "highly knowledgeable," deeming articles to be trustworthy.

I do think, however, that if you forked Wikipedia to create a version with an authenticated expert editorship, then the ratings could evolve Wikipedia content into being a credible source. In fact, I think it could work well for articles on law.

"Forking," for software developers, means taking an open-source project and spliting off a version that is then developed separately. The open-source license specifically allows you to do this. Forking a project is not always productive, but I think it could be useful in creating an encyclopedia-type reference about the law that is both trustworthy and freely available.

There's a real need for such material in the legal sphere. Right now, there seems to be an accessibility/credibility trade off with secondary sources of legal information: Wikipedia is accessible, but not credible. Traditional binder sets are credible, but not very accessible – using them is generally either expensive (in terms of subscriptions fees) or burdensome (via a trip to the nearest law library).

If, however, you could take Wikipedia and apply credibility on top of it, you would have a secondary source that is both credible and accessible.

Imagine grabbing all the Wikipedia pages about law – which at this point are generally very well developed – and then, while continuing to make them viewable to the public, locking them so that only authenticated lawyers and law students could edit them. These expert editors could then correct errors where they find them. Where they don't find errors, they could click a box indicating trustworthiness. As time went on, pages would have errors weeded out, and trustworthiness scores would accumulate.

Trustworthiness ratings on pages editable only by experts would relieve the need for internal citations. Right now, the Wikipedia community pushes hard for citations in articles. Citations are important in the Wikipedia context because of the lack of credentials on the part of the writers. But if pages were only editable by authenticated lawyers, then cumulative positive ratings would make pages more reliable even without citations.

Admittedly, a forked version of Wikipedia edited by lawyers and law students would not replace the big binder sets. The depth of the material, at least as it stands now, is too limited. Wikipedia, even if reliable, wouldn't help a trust-and-estates lawyer with trust and estates. But if it were imbued with trustworthiness, Wikipedia content does have enough depth to be useful for lawyers orienting themselves to an unfamiliar field of law. Likewise, it has enough detail for non-lawyers who are looking to gain a general understanding of some specific doctrinal topic. 

So, what do you think? It would be fairly easy to put together from a technical perspective, but would it be worthwhile? Do you think people with legal knowledge would contribute by removing errors and scoring pages? Or would a forked law wiki sit fallow? (I do notice there are lots of lawyers participating actively on Quora, crafting very good answers to individual questions.)

Maybe it would work in other fields aside from law, as well. It does seem to me, though, that law is a particularly good subject for forking.

Posted by Eric E. Johnson on July 29, 2011 at 05:55 PM in Information and Technology, Intellectual Property, Web/Tech | Permalink | Comments (4) | TrackBack