Information Technology and the Law

In Wednesday’s class’s discussion, we talked briefly about the Internet as a public forum. While we agreed (for the most part) that the Internet as accessed from a library was not protected by public forum principles, it may deserve such protection under other circumstances. According to US v. American Library Association, Inc., a traditional public forum is a resource which has

… immemorially been held in trust for the use of the public and, time out of mind, … been used for purposes of assembly, communication of thoughts between citizens, and discussing public questions.

where a designated public forum requires that

the government … make an affirmative choice to open up its property for use as a public forum … The government does not create a public forum by inaction or by permitting limited discourse, but only by intentionally opening a nontraditional form for public discourse.

Since our discussions on trespass to chattels in regard to Internet servers, we have been plagued by the question of whether a website is a chattel or a piece of real property. While we never completely settled this dichotomy, the fact that the servers on which sites are hosted are physical objects seemed to override any claims to trespassing in cyberspace (a term which seems to carry little legal credence). It seems obvious that a chattel cannot serve as a forum, as a chattel offers no location at which to carry out actions appropriate for a forum. However, while the servers which comprise the Internet may be insufficient to be considered a forum, the Internet as a whole may be considered greater than the sum of its parts by virtue of its ability to act as an publicly accessible means of communication.

Before considering this application of the term forum to the Internet, several issues need to be resolved. First, one must consider that the Internet is highly commercialized, and a large portion of Internet servers and service providers are privately owned, thus making them unsuitable as elements of a public forum; however, the information distributed by those servers (if not restricted by some affirmative means of entry control) is publicly available, and thus expression by way of the Internet becomes a public resource. Additionally, the Internet has not necessarily … immemorially been held in trust for the use of the public (US v. ALA). This requirement for classification as a public forum may be inappropriate when applied to the Internet, as the sheer number of individuals who are able to make their voices heard via the Internet seems to outweigh the need for a longstanding tradition of forum-specific activity. I feel quite confident in presuming that the Internet has been more …used for purposes of assembly, communication of thoughts between citizens, and discussing public questions… (US v. ALA) than some real public forums. Finally, the fact that the Internet is not government property may make it difficult for it to attain forum status. But while the government may not own the Internet as a whole, it has displayed a significant interest in the Internet’s continuation (such as in the continuing contract between ICANN and the D.o.C.) and is directly involved with the Internet in its maintenance of government administered web servers. The Internet may not be government property, but the government’s contributions to the Internet may suffice to allow the application of forum status.

The growing number of blogs and ease by which users may host websites through which they express (and discuss) their opinions on public questions seems to make the Internet an ideal public forum. Take as an example of forum-like activity occurring currently the Frist Filibuster - this protest has been accompanied by a live web cast, and, by publicizing information on the demonstration through the Internet, has been able to gain attention in other forms of media. The Internet has provided a means by which members of the Princeton community can draw attention to this particular question of public interest (i.e. the filibuster preventing certain republican judicial nominations from being approved) so it can be widely can be widely heard and discussed. As such, should free speech on the Internet not be protected as if it were a public forum?

While it is understandable that the locality of an Internet access point (i.e. a library) and the interests pertaining thereto may override protection of free speech (it may be best that rights of a forum accessed from a place which is explicitly not a forum give way to the welfare of the non-forum), it is important to recognize that the Internet has, in an incredibly short period of time, taken on this role, and deserves all possible protection for free speech.

In our discussions of alternative solutions to the problem of Internet domain naming, we considered possible restructuring of authority in the administration of domain name allocation. While we seemed to agree that the monopoly (in a non-commercial context) enjoyed by ICANN over gTLD allocation might be unfair, we were unable to devise a distribution of DNS regulatory power which maintains the responsiveness of a private corporation while simultaneously taking into account the best interests of the international community of DNS registrants. Several options and opinions on this matter were put forward (including my own, which I have since reevaluated) - I think, however, there are several factors relating to this issue which we did not address on Wednesday, but which are quite important in considering how this situation should be resolved.

First, regardless of how authority over gTLDs is distributed, the current organizations providing DNS service must be retained as clients of the agency in power. The root servers comprise one of the most valuable resources on the Internet, without which web traffic would undoubtedly come to a standstill. Currently, the authoritative DNS root servers are maintained by a combination of commercial, educational, and governmental interests. These groups are sufficiently flexible to allow for high-speed responses to problems with the DNS system, and are entrusted with protecting the root servers against both electronic and physical attack. (A year ago, I read an article [which I can’t seem to find now] about the physical security of VeriSign’s A-Root server: think Mission Impossible, only the security measures are toned down a bit no one is trying to steal the data because it’s publicly available.) Because a transaction with this system is made for almost every website visited, and because it has been proven to work correctly and reliably, there is insufficient justification for eliminating these privately held DNS servers in any restructuring of domain name governance.

Second, while we may disapprove of ICANN’s apparent role as a policy maker (in addition to the technical role they were originally intended to fill), the experience and expertise in the area of Internet technology possessed by its board members may still be valuable in any reorganization of DNS authority. While the opacity with which ICANN conducts its business seems to be a frequent cause of complaint, the manner in which it performs its services could be regulated if its function in domain name management was itself governed by an organization whose sole responsibility was to handle the matters of policy that ICANN appears in some cases to have taken upon itself. If the responsibilities for which ICANN was not charged were actively taken on by a international governmental agency whose sole purpose was to oversee the DNS system and resolve any disputes arising there from, ICANN’s place in the domain name hierarchy could be tightly controlled, and its conduct could be regulated under threat of revocation of their DoC contact and perhaps even criminal penalties set by that group.

Consider, then, a UN-elected committee of Internet regulators, who are charged with the establishment of policies for determining gTLD registrar/root-server candidacy requirements, thoroughly overseeing the actions of ICANN in its role as technical consultant and manager of the DNS registrars and root-servers, and proper arbitration of international trademark disputes stemming from gTLD names. In this way, non-governmental groups can run the DNS system itself in a responsive fashion, ICANN can be actively restricted to the duties which the DoC originally delegated to them, and the current DNS configuration can continue to operate without interruption. Less urgent domain name issues can be deliberated over by an international panel, while the more immediate problems can be handled in a timely manner.

Does anyone see a major flaw in this redistribution of power over DNS?

During the first few weeks of class, we discussed a differentiation between active and passive websites, i.e. sites that perform some sort of service or carry out a task for the user as opposed to sites which simply display data. In our discussions on Register.com v. Verio, we considered Verio’s consent to the contractual terms set out by Register.com for users of its WHOIS database search. In this case, Verio made repeated requests to Register.com’s database to find potential marketing targets for its web-related services; Register.com’s terms prohibited any use of its WHOIS database for purposes related to advertising, which Verio clearly violated. While some dispute has been raised over the legitimacy of Register.com’s terms as they relate to the ICANN agreement for Internet registrars, there is little doubt that Verio, by way of its interaction with the WHOIS search system in sending queries to Register.com’s systems, agreed to the terms of Register.com’s agreement, which it violated when it attempted to market its services to Register.com’s customers.

The many instances of Clickwrap agreements we’ve seen involve (for the most part) some significant degree of user participation – there is almost always a button, link, icon, and/or scrollbar with which the user is required to interact before the agreement is made and the process which is restricted by the terms of the agreement begins. This minimal degree of active user participation appears to have proven a sufficient indication of a meeting of the minds between the proprietor of the software or website, as was demonstrated by Register.com v. Verio and in Davidson & Associates, Inc. v. Internet Gateway (the bnetd case). However, not all sites that have terms of use agreements require this level of interaction to enable use of the site.

Consider as an example abcnews.go.com. This site has terms of use that users of the site enter into merely by making use of the site. However, this arrangement generates potential complications: 1) the user is not required to show any active sign of consent to the terms of use of the site, and 2) the site must be used (at least the front page must be loaded) before the user even becomes aware of the terms and has an opportunity to read them. It is presumable that the latter issue would be resolved by judicial rationality, as a prescient ability to know the terms of use before loading the site for which they apply (if the terms are not displayed as an entrance to the site) is unreasonable. The former, however, could cause a problem: if terms of use are set by the site’s owner, but are presented in such a way that the action acknowledging agreement to those terms in no way demands the user’s understanding of the agreement, is the contract valid? Is there truly a meeting of the minds if there is no action on the part of the user to indicate an awareness of the conditions set by the site’s owner?

While all the website terms of use which I have read seem reasonable and relatively standard, imagine a site which required that users compensate the site’s owner for all costs incurred in use of the site. While we have debated quite a bit on whether websites are private property, there is little question that the servers on which websites reside are indeed private property, and servers have a significant cost associated with their operation - a transfer of this financial burden to all who use the site does not seem entirely unreasonable. In such a case, could the frequently employed policy of posting terms of use on passive informational websites (or merely posting terms in a passive manner on any site) effectively impose an obligation on the user despite the lack of an active sign of agreement? Should passively accepted terms of use have any effect at all? If not, why are they used so commonly?

As many, if not all, of you may have heard, a North Carolina spammer was sentenced to 9 years in prison by a Virginia court for violating its anti-spam laws. Just as we discussed in the first few weeks of class, this out-of-state spammer was convicted, under Virginia jurisdiction, on the grounds that he transmitted millions of junk emails to AOL’s servers located in Virginia. I did some checking into the statute under which this case was bought, and found these sections of the Code of Virginia (§ 18.2-152-2 and § 18.2-152.3:1) dealing with Transmission of unsolicited bulk electronic mail, which explicitly prohibit sending more than a specified volume of spam in a given time period. The restrictions placed on spamming in the code seem reasonable considering what we’ve read of CompuServe v. Cyber Promotions and the Hamidi/Intel case in Dan Burk’s The Trouble with Trespass; the limits which qualify the sending of unsolicited bulk email as illegal activity appear to depend on the falsification of email headers, the number to time ratio of the emails sent, and the income gained by the sender as a result of spamming – they are not explicitly based on the content of the messages in question (thereby avoiding ramifications on free speech).

More interestingly than the anti-spam code, however, is the section immediately following (§ 18.2-152.4), which is simply titled Computer trespass. (Note that on the Virginia Legislature’s information site’s version, the code shows that some part of this statue has been in effect since 1984, well before the tenets of trespass were applied to computer-related cases [i.e. Thrifty-Tel v. Bezenek, 1996].) Basically, this section seems to state specific types of prohibited types of computer interference, specifies a minimum cost of damages done to the offended party that increases the penalty for such a crime, and adds a clause excluding EULAs and ISPs trying to combat spam from these restrictions. In my opinion, this sort of legislation is exactly what is needed to resolve the issue of applying trespass to chattels and/or trespass to real property to computer systems. Here, the concept of trespass has been taken out of the contextual ambiguity of common law, and set down clearly, needing neither to reference dust or electrons as sources of property damage nor to claim damages based on unquantifiable measures (such as employee wages or goodwill). In our discussions of server space as real property and our consideration of whether the notions of a home pages, a web sites, or visiting a site imply a general understanding of the Internet as a place, rather than a collection of devices, we deliberated on ways by which to fit common law to this particular situation; however, the best option could be to forgo considerations of common trespass law when dealing with Internet-related law suits, and (as at least one student suggested) rely instead on a bright line test to help untangle the amalgamation of physical, informational, and financial damages made possible by the digital world.

While appeals for the particular anti-spam suit linked above have not yet been heard, the severity of the initial sentence indicates the efficacy of this law in fighting the same unwanted (and potentially, if not actually, damaging) behavior dealt with in CompuServe v. Cyber Promotions. Instead of trying to fit law designed for physical property to information systems, perhaps it is time to adapt and extend the ideals of trespass in common law to federal anti-spam and unauthorized use legislation that is as succinct and direct as Virginia’s. As was stated so eloquently on page 5 of the Amici brief presented by ISPs and cellular providers in the Grokster case, Congress works with a scalpel; the common law is a blunderbuss. In cases where server operators apparently have rights to determine the extent of how and by whom their property may be used, would a clear test not be the best way by which to define crimes of information, which do not have necessarily obvious ramifications?

Has Virginia law found a solution in legislation, or is it better to rely on common law for cases dealing with misused Internet services?

After reading the three court opinions assigned for Monday, I started thinking about how the concept of trespass to chattels would apply to other information services. In eBay v. BE, BE was ruled against (roughly) on the grounds that it did harm to eBay through its unauthorized collection of auction data from eBay servers. This case was made somewhat cut-and-dry by virtue of the fact that BE continued to use data from eBay’s site despite the fact that eBay had explicitly prohibited them from doing so; one must wonder, though, how would the case have gone had eBay and BE not had a history of antagonism prior to the filing of the suit? More importantly, with the significant increase in number of aggregation services such as BE since the late nineties, has trespassing become an integral function of Internet data and search services, and how do copyright laws apply to such services?

Search engines, due to their significant utility if nothing else, comprise one class of informational services that deserves consideration. My search engine of choice is, not surprisingly, Google™. Google’s search provides nearly instantaneous access to an unbelievable volume of information on almost any topic imaginable; additionally, they provide services which allow one to search not just textual data, but photographs, news reports, scholarly publications, maps, online stores, and more. However, a large amount of the material they dispense is almost certainly copyrighted. In doing some research on this topic, despite the initial appearance of unauthorized duplication, I found mention of only a small number of lawsuits filed against Google, of which only a few seem to be related directly to copyright (such as this one, which originates in France). However, there have been a large number of complaints targeted at Google™ (they can be searched for at chillingeffects.org); if you search for Google in the database of the site linked above, you’ll notice that almost all of the orders received by Google Inc. are associated with chillingeffects.org’s DMCA Safe Harbor Provisions topic. The DMCA includes provisions to protect service providers (see §512(k)(1)(A) and (B)) from claims of copyright infringement made on their caches of data obtained by crawling the web (§512(b)). Every time a user opens a search engine’s cached copy, he/she may be accessing copyrighted work, but does so legally under the provisions of the DMCA.

But what of the image search engines that have become so popular? In addition to limitations on duplication, the author of a copyrighted work retains the right to display the work publicly (see the first paragraph of the copyright office’s circular 40), which is exactly what image searches appear to do. This issue was dealt with by the ninth circuit in Kelly v. Arriba Soft, in which a photographer, claiming that a search engine violated his copyrights by providing links to full-sized copies of his images which were frame[d] … within [the search engine’s] own website(1974), won on the grounds that full size images specifically constitute unauthorized display and are not protected by the doctrine of fair use (see also this article, which is also linked above). However, the court did not rule that thumbnail images (small versions of reduced quality) violated the author’s copyright, thereby permitting the manner of use currently enjoyed by so many today (thumbnail links from image searches can link directly to the page from which an image originates, but not to the image itself).

It seems as if Internet search engines must walk a very fine line in order to stay within the limits of the law. As stated in eBay v. BE, administrators of web servers can limit the scope of robots, which are used by search engines to gather information from the Internet, within their websites by specifying access rules in a file named ROBOTS.TXT, which search bots are expected to obey, thereby limiting demand placed on a site by bots to a level permitted by the site’s owner. By abiding by this restrictive mechanism, being circumspect about how they present their information, and clinging to the protections offered by the DMCA, search engines appear to be able to collect, store, and redistribute content created by other authors without violating those authors’ copyrights or interfering with to their ability to publicize their work.

However, returning to the context of trespass to chattels, is it legal for search engines to find/cache/display information which authors, who do not necessarily realize their content is being searched, probably do not want displayed? Recently, works have been published (not linked) that explain ways of hacking Google™; specifically, they have provided examples of how users of the Google™ search can find obscure files on remote systems. Users do not necessarily realize these files are readily accessible, though the users would almost undoubtedly prefer these files to be private (this includes everything from personal documents to password files). As an analogy, consider the computer on which a user stores personal information as his/her house. If the house of a user is unlocked, is it proper for visitors to enter the user’s house without the user’s knowledge, carefully inspect its contents, and make publicly available reports of the location of everything in the house? Is the cataloging and publication of confidential, potentially damaging information legal on the grounds that automated web caching systems don’t know any better, or should the onus for the nature of the content of cached data be placed upon the proprietors of search engines?

Google™ is a trademark of Google Inc.

Near the end of class on Wednesday, several students expressed their concern over how the seemingly legitimate, voluntary concession of rights required by EULAs has the serious potential to chill innovation: by providing a legal precedent under which contract law may supercede the previously determined precedent of fair use protection for reverse engineering, hardware and software developers may be deprived of this extremely useful (and, as was pointed out in a previous post, historically significant) technique. There is, however, a larger issue at stake, one that in part rests upon the outcome of this case - the appearance of legal authority over small, independent development teams gained by corporate software studios in cases such as Davidson & Associates v. Internet Gateway may indirectly discourage the type of grassroots efforts from which many original works spring.

The bnetd team is not the only group of developers to be targeted by Blizzard’s legal department. In 2003, the Freecraft project was issued a cease and desist order by Blizzard (presumably on claims of Trademark infringement and certain concepts contained in the game being too similar to those in Blizzard’s software - the original order does not seem to be available, so there is no way to be sure). According to a Wikipedia article, Freecraft was distributed with its own media (music, graphics, etc.) with which users could play the game, but it also allowed owners of one of Blizzard’s games to play a nearly identical version using the media from their legally obtained Blizzard CD. The article also states that Freecraft …was written from scratch and no Blizzard code was used. However, when Blizzard issued their cease and desist order to the Freecraft group, Freecraft folded without going to court. Regardless whether the name Freecraft did or did not in fact infringe on Blizzard’s trademarks, the Freecraft group complied with the order, forgoing a trial in favor of acquiescing to the demands of a company to whose product their software potentially added value (the Freecraft engine apparently ran on more platforms than did the Blizzard games which were playable using Freecraft). Fortunately, the Freecraft developers picked up what pieces they could from the project, renamed and relocated their project, and started working again, though this time with what seems to be a much lower profile; nevertheless, a large software company was able to close an independent project (thereby precluding any innovation that might have come from the project as it was), with the mere threat of legal action.

I don’t dispute that the outcome of a case arising from Blizzard’s claims is not immediately evident. The similarity between the function of the Freecraft engine and some of Blizzard’s games is somewhat striking, and the name Freecraft can be considered a reference to the titles of several of Blizzard’s programs. However, Freecraft is not listed as a registered trademark on Blizzard’s copyright web page (not linked), and the goal of the Freecraft group was not likely to have been the generation of confusion among consumers; in these respects, Freecraft does not appear to have posed a threat to Blizzard’s reputation, either in a positive (offering services not provided by Blizzard) or negative (attributing inferior products to Blizzard) sense. Beyond the issue of trademark, Freecraft might have been faced with a case similar to that of bnetd, which, had the suit been filed, would have undoubtedly placed a financial burden on the Freecraft team.

This is not the only situation in which this has happened - there have been other (in some cases very promising) projects that have halted development (whether in whole or in part) because of similar cease and desist orders (more can be found at chillingeffects.org). By giving an apparent legal prerogative to these companies through cases such as Davidson & Associates v. Internet Gateway, are such corporations gaining control over more than just their own products? Does the protection given to copyright holders, which has been written to directly prevent the restriction of other authors’ creative efforts, indirectly chill innovation when applied to parties on substantially unequal financial footing?

More concerning is the lack of an obvious solution to this problem. If participating in a lawsuit to protect one’s rights to (or against) a copyright or trademark claim would cause one to go bankrupt, then how can we state with any confidence that copyright law does indeed functionally protect the rights of authors? (If you lose in court, you lose; if you don’t take legal action, you lose; if you run out of money while trying to protect your rights, is that not also a loss?) Davidson & Associates v. Internet Gateway and cases like it may, through indirect dissuasion, end up having even more damaging ramifications on innovation than we originally thought.

It is quite possible that this analysis is greatly exaggerating the situation due to the lack of information about the circumstances surrounding Freecraft at the time the order was served. What do the readers think about this issue? Do you believe that cases such as Davidson & Associates v. Internet Gateway will indirectly chill innovation, or will it make little difference in this respect if any?

In our discussions on copyright law, we have repeatedly denounced copyright infringement by means of p2p file sharing as a detriment to the creativity of the artists against whom infringement is committed. The rationale underlying this argument is that the unlawful distribution of copyrighted material circumvents the normal methods of providing financial compensation to artists for their works, thereby eliminating the incentive for artists to create. However, this seemingly logical analysis of the potential for harm possessed by p2p software may be greatly exaggerated by those who might wish to maintain the status quo in the entertainment industry.

On pages 21-22 of Grokster’s respondent brief to the Supreme Court, Grokster puts forth the argument that

The capability of respondents’ software for still further legitimate uses as a communication tool, helping creators as well as consumers, is clear from its inherent economic and other benefits… Even focusing just on musical performers today, those benefits offer otherwise-unavailable opportunities for reaching an audience. Many, perhaps the great majority of, artists receive no royalties from CD sales under major-label record-company contracts¹¹, which serve instead chiefly to attract audiences for concerts or other activities. (emphasis added) ( brief of the respondents 21-22)

More interesting is footnote 11, which contains a link to the testimony of Ann Chaitovitz, the Director of Sound Recordings for the American Federation of Television and Radio Artists, from a hearing in front of the California State Senate Select Committee on the Entertainment Industry on contract limitation restrictions for musicians (link from the brief of the respondents 21-22).
In her testimony Director Chaitovitz states that many royalty artists must pay their record labels (in large part) for the production costs of the records which will be distributed by the record; artists can take loans from their record labels to defray these costs, but

…artists must pay back their advances before they receive any royalty shares earned by their albums. This is called recoupment. Taking into account all the deductions, royalty artists generally receive between $0.80 and $2.40 for each recording sold, depending on the level of success of the artists when the royalty contract is signed. What often is not understood is that the artist does not receive any of this royalty money until the recording company has recouped these costs. (emphasis added) (Testimony of Ann Chaitovitz, Director of Sound Recordings, AFTRA part 4: SINGER COMPENSATION and CONTRACTS)

Director Chaitovitz goes on to clarify that, according to the testimony of one artist, a recording must sell several million copies before the artist profits from it; only a fraction of a percent of all recordings ever sell in this quantity (according to 1999 statistics), and, as a result, …The vast majority of royalty artists never receive a royalty payment(Testimony of Ann Chaitovitz part 4).

One must question, then, whether there is as much credence in the incentive for creativity argument (as applied to the music industry) as we once thought, given that, according to at least one prominent recording artist, few royalty artists (to whom we have presumed p2p file sharing poses the greatest danger) ever receive financial compensation from their record labels. Are we indeed defending the artists when we assess the potential for damage possessed by file sharing, or are we merely protecting the financial interests of the industry that has built itself atop their talents?

One could imagine that it might be constructive for more artists to strike out against the industry which feeds off their creativity by actively participating in file sharing (as some artists already do [brief of the respondents 21]), thereby promoting their own work without bearing the monetary burdens placed upon them by the record labels. However, artists frequently relinquish copyrights for material that they create to the record labels on which they depend for distribution, and thus theoretically cannot even distribute their own content without committing infringement!

Could it be that now is the time for a new dominant model of distribution - one that in every way favors the artist over the industry? Could p2p file sharing, by its independence from the entertainment industry, actually enhance the incentive for creativity given that the record labels seem to be doing such a poor job of compensating many of their artists? One must consider, however, that while the use of copyright law within the structure of the recording industry may not serve the best interests of artists, copyright restrictions do directly protect the welfare of some: those who are financially dependent on the recording industry itself. As much as some of us might enjoy seeing artists take full control of their work by employing electronic means of distribution and sale such as p2p file sharing, imagine, for instance, all the employees of record stores who would suddenly find themselves without a source of goods to sell if the machinery of the recording industry collapsed under the financial strain imposed by such electronic mediums.

The balance between p2p software distributors and the recording industry which we have repeatedly referred to in class is much more complex than we may have thought. Indeed, this is not a balance with two sides, but one with at least four: the p2p software writers, the artists, the record labels, and the enterprises reliant on the recording industry. Only time will tell how the Supreme Court decides to weigh this predicament.