Information Technology and the Law

In United States v. American Library Association, Inc., Supreme Court reversed the lower court’s decision that the Children’s Internet Protection Act (CIPA) was unconstitutional. CIPA requires that all libraries receiving federal aid install filtering software on their computers in order to block obscenity. The act is currently in effect and in theory it is supposed to prevent minors from getting subjected to obscenity. However, in practice the act does not seem to work better than alternative solutions.

First of all, no filtering software can really block all unwanted material. Moreover, even if filtering software is currently successful, it is very likely that Internet users will find a way to get around it soon, making it impossible for software developers to keep track of the changes that take place in the network. This aspect of filtering software would not be as significant a problem if it were not accompanied by a greater flaw. Namely, in an attempt to discover all possible obscenity out in the web, filtering software usually ends up blocking wanted material, preventing users from accessing legitimate websites. Since librarians are supposed to disable the filtering software at a computer at the request of an adult, this situation only makes it harder for adult library users to browse the web with total freedom. However, for minors there is no solution to this problem. Since the filtering software cannot be disabled for them, they will have to enjoy a limited freedom while browsing the web, possibly missing out on totally legitimate and informative websites.

Moreover, CIPA financially and time wise strains librarians. Namely, filtering software developers keep their database of unwanted material secret, making it impossible for librarians or users to know in advance which web sites they will not be able to access with a specific filtering software product. Accordingly, choosing the right filtering software might be a difficult task for librarians. Moreover, it is possible that certain filtering software knowingly or involuntarily blocks necessary and legitimate material such as a news website. Once this is discovered the library has to switch to another filtering product, spending more time and money on deployment of such systems. Furthermore, requiring librarians to disable the filtering software at the requests of adults places even more burden on librarians as they need to attend individual computer users, disabling and enabling filters in between users.

Unfortunately, there is no easy way to replace filtering software or making them more effective. However, I think there are alternatives to CIPA act. For example, CIPA requires librarians to attend all adult computer users if they wish to disable the computers. Once an adult user leaves a computer librarians need to re-enable the filtering software before a minor can use the same computer. Since so much attention and time of library staff is already spent on ensuring children’s protection from obscenity and since filtering software already fails to prevent secondary subjection to obscenity, why not abandon the act altogether and just require librarians to occasionally check whether minors are using the computers for viewing obscenity or not? Such a solution will not only save libraries funds but will also not limit the freedom of library computer users. It might even be more effective than filtering software as librarians can ask adults who print out indecent material and leave such printouts in the printing terminal to leave the library, protecting minors from secondary subjection.

An independent consumer union in France (L’Union Fédérale des Consammateurs - Que Choisir) has recently managed to pass a ban on the usage of DRM technology with specific DVDs from the Paris Court of Appeals.* The union brought up the case against the producers of the movie Mulholland Drive, Les Films Alain Sarde et Studio Canal after receiving complaints from a consumer. The consumer had purchased a DVD featuring the movie and tried to make a private copy on videocassette so that he could watch the movie at his mother’s house. According to French law, making a private copy of a purchased DVD is fair use and thus the consumer was denied his fair use by the DRM technology used on the DVDs. However, the court used a different argument to justify the ban. Namely, the court’s decision was mainly based on findings that the DVD packaging was misinforming the user. The court explained that although the term “copying is prohibited” (copy prohibée) was on the package, it was printed out in small letters and was not explicit enough. Accordingly, the court ordered that the producers of the movie remove the DRM on the DVDs within one month. I think this case from overseas touches upon an interesting blend of issues we have discussed in class and I want to elaborate on how the American courts could have reacted to the same situation.

First of all, copying for private purposes in general would also be considered fair use under the US copyright law. However, the main question is whether the US courts would actually ban the utilization of DRM technology on the specific DVDs or not. I believe that the bare fact that a use is fair does not imply that the producers cannot utilize technological measures to control access to their works. Namely, DMCA indirectly gives the producers the right to place such control mechanisms on their products by specifying that whoever circumvents “a technological measure that effectively controls access to a work” protected under DMCA will be prosecuted under DMCA. Accordingly, I don’t think this argument by itself would be sufficient to pass such a ban in the US. On the other hand, since DRM technology is employed by the movie producers to ensure that no illegal copying of their movies takes place, the movie producers could even sue the individual who is trying to circumvent the DRM technology.

With respect to the second point made by the French court about the misleading packaging for the DVD, I also do not believe that this argument would be able to lead the US courts to a ban on the DRM technology use on specific DVDs. Namely, while discussing Davidson v. Internet Getaway we touched upon how the specific packaging used for a product can sometimes be misleading or not explicit enough. However, we generally agreed that a contract is conscionable as long as its terms are not unconscionable and it is clearly explained in some part of the packaging, giving the consumer the option to return the product if he does not wish to enter the contract. In this case the bare fact that the DVD can not be copied is written in small letters on the packaging leads the French court to decide that the information on the packaging is not explicit enough. Although, protection of consumer rights could require such decisions in certain situations, I believe this case does not merit a decision that favors the consumer to this extent. Namely, the producers have not kept it a secret from the consumer that the DVDs cannot be copied. They merely wrote the indication in small dimensions on the package. Moreover, given the current prevalence of DRM technology it should not come as a complete surprise to the consumer that the DVD he has just purchased uses this technology. However, since I have not seen the specific packaging I can not completely dismiss the necessity of reparation from the producers in this case. Yet, it is curious that the French court took a radical action and banned the DRM technology on all copies of the specific movie as opposed to requiring more informative packaging from the producers. Given this argument I find it very unlikely that a US court would pass such a ban.

This ruling by the French court has satisfied the independent union of consumers in France, leading to a declaration from a member of the organization that this judgment can apply to other cases as long as one has legally bought the original DVD. Indeed, the case is quite significant in reflecting the courts’ approach to the conflicts between DRM and fair use and casts a shadow over the future of such technologies in France.

* The original article is La justice interdit de protéger les DVD contre la copie

While discussing the computer fraud and abuse act, a hypothetical case about H drives came about. H drives are used on campus to store personal files. Anyone can access anyone else’s H drive as long as he is granted the appropriate permissions. In the hypothetical case a student realizes that another student has not properly set up the permissions on his H drive. Accordingly, he manages to access the student’s H drive, view his homework and copy it. If we assume that the student accessed the other student’s H drive without authorization, then he shall be liable under the Computer Fraud and Abuse Act and might be sentenced to 1-10 years in jail. Did the student really exceed authorized access in this case? Unfortunately, the act does not clarify what is meant by “authorized access” and thus it is hard to argue whether the law really covers this case. However, it is interesting to discuss whether the law should cover this case or not.

It has been argued that the student did not really exceed his authorizations. Indeed, whether a file is meant to be viewed by the public or not is officially declared through the file permissions. Since the owner of the H drive did not set up his permissions right, nobody who accesses his H drive can be forced to guess whether he really meant to set up his permissions that way or not. Up to this point I agree with this argument. Yet, I also think it can be argued that at least for some portion of the time during which he views the contents of the other student’s H drive, the student is fully aware that he lacks the proper authorization. Namely, once he gains access to the other student’s H drive, the student then makes use of the information he gathers and copies the other student’s homework. Clearly, he should be aware that he is not authorized to view the other student’s homework. Yet, he continues. I think the student might be liable under the Computer Fraud and Abuse Act as soon as he intentionally exceeds his authorization, making some use of confidential information that he would otherwise not be able to access.

I agree that in this hypothetical case punishing the student under the Computer Fraud and Abuse Act in addition to Honor Code system sounds really harsh. However, I think any unjust decision can be prevented in the Court through consideration of other factors such as the damage caused, and the gravity of the files accessed. On the other hand, I believe that the application of this act to cases similar to the hypothetical H drive case where authorizations are not set properly can sometimes be necessary. For example, if consider the senate case discussed in class where the Democratic and Republican staff store their folders on the same network, this argument might make more sense. In this case, the Democratic staff did not set their permissions right and the Republican staff managed to access their folders for an extended period of time, leaking information to the journalists. Did the Republican staff not know that they were not authorized to access the folders of the other party? Very doubtful. Did they make use of the information they gained? Yes. Accordingly, I think the computer Fraud and Abuse act could and should apply to this case.

I agree that file permissions are the only way to officially indicate the authorizations given to the public. However, I believe that the majority of the general public is not aware of the existence of file permissions let alone what permissions are currently set on their computers and how they could change them. Moreover, even the most computer literate people can accidentally change their permissions, allowing the rest of the world access to their private files. Accordingly, I think it is not fair to leave people vulnerable to computer fraud without proper punishment just because their permissions were not set right. Imagine an extension to the hypothetical H drive case where the owner of the H drive did not only allow access to his H drive but also accidentally granted outsiders the right to make changes. What would happen if another student destroyed his files? Can we really argue that the student should not be punished because he could not have known that the permissions were not set right and that he was not allowed to change the files on the H drive? Indeed, we have been discussing the application of property law to cyberspace (and the analogies between a house and H drive). Clearly, cyberspace and computers in general are similar to property in some ways. Although I do not completely support the application of property law to cyberspace, I still believe that the law should protect “document owners” against those who wish to pry into their private documents just like it protects property owners from those who wish to abuse their property.

In eBay v. Bidder’s Edge and CompuServe v. Cyber Promotions, the Courts followed the precedent set in Thrifty-Tel v. Bezenek, applying the ancient doctrine of Trespass to Chattel to cyberspace. In class, we’ve discussed the similarities and differences between cyberspace and real or intellectual property. Overall, the majority of the class seems to think that cyberspace should not be considered real property. Moreover, we also tend to agree that copyright law in its current form does not specifically address the needs of cyberspace. What exactly are the needs of cyberspace and what gap do the Courts aim to fill through application of the Trespass to Chattel doctrine to these two cases?

In both eBay v. Bidder’s Edge and CompuServe v. Cyber Promotions, the defendants were requesting substantial amounts of data from plaintiffs’ computers. In both cases, the website owners wished to patrol access to their websites and the Courts found that the website owners were harmed or could in the future be harmed by the defendants’ acts. Accordingly, the plaintiffs were granted the right to refuse access to defendants. The harm factor involved in both cases indicates that the website owners might indeed need some sort of control over who is allowed access their sites. The Courts, through application of Trespass to Chattel to cyberspace, temporarily address this issue. However, the question of whether copyright or property laws could solve the problem at hand remains to be answered.

If we consider websites as a new form of intellectual property as Dan Burk argues in The Trouble with Trespass and conclude that copyright law is applicable to all websites, then website owners would not have the exclusive right to control who accesses their sites. Indeed, copyright law does not grant owners of copyrighted works the right to limit access to their works. Instead, copyright law indicates that anyone can access copyrighted works for fair use or in adherence with the law. The main intuition behind the absence of such a term in copyright law is the fact that copyrighted works, once published or produced to be viewed by the general public, enter the public domain. Works in the public domain should be accessible to everyone for fair use. For example, an author whose books are sold in bookstores cannot expect the law to enforce his wish that only blonds are allowed to purchase his works. Accordingly, although copyright law could cover websites once they are copyrighted, it currently fails to provide a solution to website access problem.

On the other hand, if property law is to be applied to websites, assuming that websites are properties, then website owners would indeed be granted the right to refuse access to individuals and groups. Moreover, since it might be technically hard and in some cases not in the best interest of website owners to patrol access to websites through technological means, website owners could solely rely on the law to enforce their rights under the property law. In that case a student could publish her diary on her homepage, indicating that nobody except herself can read the diary. If her friend accesses the website and reads her diary, the student could then sue her friend for trespass to property.

Clearly websites are not exactly equivalent to tangible properties or copyrighted works. Instead, some properties of both copyrighted works and tangible properties are exhibited by websites. To begin with, similar to copyrighted works websites also enter the public domain as soon as they are published over the cyberspace. Accordingly, I do not believe that website owners should be granted any exclusive rights over and above those granted to copyright owners. However, similar to properties websites do belong to entities and can be harmed by uncontrolled access. Accordingly, I do not believe that the law should deny websites owners all control over access to their websites. Namely, even if they do not explicitly control access to their websites, website owners should be protected against third parties that consume their computing resources through uncontrolled access to their websites and cause harm. Indeed, eBay should not be expected to increase its capacity just because Bidder’s Edge’s bots consume most of its bandwidth, making it impossible for regular clients to access eBay’s website*. The courts, through application of the Trespass to Chattel doctrine to these two cases, have protected the plaintiffs against malicious access to their websites. However, as pointed out earlier the implications of considering websites as property are grave and should not be allowed to happen. In conclusion, the best solution to the problem at hand seems to be finding a middle ground through enactment of statutes or common law tailored for cyberspace and websites.

* I’m aware that this was not exactly the case but for the sake of my argument it makes sense. As a side note I do not agree that an action should be taken against Bidder’s Edge just because their acts can potentially damage eBay. I think damage should be proven before the law prohibits any entity access to websites.

While discussing Lexmark International, Inc., v. Static Control Components, Inc., the issue of whether Lexmark’s prebate cartridge option and the corresponding shrink-wrap agreement were conscionable or not came up. Lexmark is a printer manufacturer that offers consumers both prebate and non-prebate toner cartridges for its printers. Prebate cartridges are significantly cheaper than non-prebate cartridges. However, a shrink-wrap agreement located on the prebate cartridge boxes states that consumers are required to return the empty cartridges to Lexmark after one usage. On the other hand, non-prebate cartridges can be refilled and reused. The two cartridges operate on similar printers with different software. Static Control copied Lexmark’s Toner Loading Program and built its own chip for Lexmark’s prebate cartridges. Once the chips on Lexmark’s prebate cartridges are replaced by those manufactured by Static Control they can be refilled by third parties and reused with Lexmark printers. Among other issues, two interesting points were raised about this case. Namely, some seemed to think that Lexmark’s shrink-wrap agreement was not conscionable and others found Lexmark’s business practice unconscionable. I would like to address both of these issues.

First of all, I agree with the previous discussions we have had about how some products are subject to contracts with hidden “evil” terms. Moreover, I also agree that consumers tend to avoid reading long and complicated contracts. However, neither one of these points proves that Lexmark’s shrink-wrap contract can be called unconscionable because consumers often fail to read it and instead expect the cartridge they just purchased to be reusable like most other cartridges. Namely, consumers, in addition to having basic consumer rights, also bear responsibilities one of which is to pay reasonable attention to the writings on the container of a product before purchasing it. Accordingly, if Lexmark states on the prebate cartridge boxes in a reasonably understandable and conspicuous format that these cartridges can only be used once, then the consumer can not really blame Lexmark for deceiving him into buying the prebate cartridges. Consider for example the case where a consumer discovers at home that he by mistake grabbed a hair conditioner as opposed to the shampoo of the same brand from the supermarket shelf. Can the consumer blame the brand for using the same logo on both bottles or for not taking the extra step to further inform him about the differences between the two bottles?

Secondly, I do not agree that the specific business plan of Lexmark can render the terms of the shrink-wrap agreement unconscionable. To begin with, trying to establish monopoly over a product in some way or another is a very common practice in the industry. Lexmark, with its prebate cartridge plan, tries to establish monopoly over its own printers and cartridges. This strategy, as pointed out in class, is not much more different than that of car manufacturers who sometimes fail to grant warranty if the parts not manufactured by them have been placed into the car. Accordingly, a contract term that lets the manufacturer establish monopoly over its own product can not immediately lead to the conclusion that the contract is unconscionable. Instead, at least two other factors should be considered. First of all, Lexmark should not be allowed to try to establish monopoly over the entire industry. Accordingly, even if Lexmark places a small piece of code (or an original poem) in its printers in order to enable a handshake between the printer and an acceptable cartridge, they cannot prevent other companies from copying this material. Indeed, if copying this piece of code is the only way for the other companies to manufacture cartridges that will work with Lexmark printers, then the other companies can legally do so as proven by the 6th Circuit. Secondly, as noted by others in the class, whether Lexmark has already established a monopoly over the industry or not should also be considered. Namely, if Lexmark were the sole printer manufacturer or controlled a very large portion of the market, then whether Lexmark’s business plan is conscionable or not would be open to more discussion. However, even in that case 6th Circuit’s ruling would still let the other manufacturers copy Lexmark’s Toner Loading Program and produce Lexmark compatible chips.

In Davidson & Associates, INC., et al., v. Internet Gateway, et al., the court is faced with a challenging copyright dilemma. Namely, Blizzard Entertainment, as the plaintiff, produces and holds the copyrights to a number of computer games and an online gaming service called Battle.net. The individual defendants are computer programmers who organized a volunteer effort to program bnetd, an online gaming service that mimics Battle.net. For this purpose, the defendants utilized reverse engineering to learn the protocols used by Blizzard. The end product, bnetd, did not infringe Blizzard’s copyrights. Moreover, reverse engineering had been declared a fair use in Sony v. Connectix by the 9th Circuit that remanded the decision of the lower court. Despite the legality of the end product, bnetd, and the methods used during its production, the court decided to deny the defendants’ motion for summary judgment on the account that the defendants violated Blizzard’s End User License Agreement (EULA) and Term of Use (TOU). Indeed, Blizzard requires, through click wrap agreements, the acceptance of a EULA before any user can play their games and a TOU before any user can take advantage of the Battle.net service. The EULA and TOU, among other things, prohibit reverse engineering of Blizzard products as well as hosting or running matchmaking services for these products. The court recognized these two agreements as enforceable contracts, giving Blizzard the right to limit or prohibit fair use of its products. What would be the consequences of granting copyright holders the right to control and limit the fair uses of their copyrighted products through EULAs and TOUs?

In the case of software industry I believe the free market economy would lead towards the solution of this problem, favoring the users over the industry. Namely, assuming that the courts consider EULAs with fair use inhibiting terms as conscionable and thus enforceable contracts, it could be to the advantage of most firms in the industry to require EULAs with such terms. After all, holding extensive rights over copyrighted products can be a highly desirable situation for some copyright holders. However, in a free market economy competition between companies in an industry is taken for granted. It is then highly possible that other firms already produce or eventually will produce games and online gaming services equally appealing to the gamers as those of Blizzard. Faced with such competition, can it then not be a clever marketing strategy for a firm to advertise that it does not in any way inhibit fair use of its products and instead encourages programmers to produce better online gaming services for their games? Wouldn’t a user choose the products of such a firm over others of equivalent quality because there is a volunteer effort out there that has produced a better gaming medium for that specific firm’s products? Indeed, if the courts do decide to grant extensive rights to copyright holders in the software industry through EULAs, it seems like the free market economy would gradually lead the industry towards loosening of the terms in the EULA, in the long run completely removing terms that inhibit fair use from these agreements.

The same logic unfortunately does not quite apply to more creative works.* For example, what would happen if an author required the acceptance of a EULA before his book can be read? He can write the terms of the agreement on the first page of his book and inform the reader that he will have accepted this agreement if he passes onto the 2nd page of the book. Otherwise, the reader can return the book to the publisher for full refund. The author might choose to include harsh terms limiting the fair use of his book in the EULA. Namely, he can prohibit quoting his book or even lending it out in libraries. It’s doubtful that a free market economy would resolve such a situation in favor of the readers. After all, it’s hard to imagine readers refusing to read a significant literary work just because they are not allowed to quote it. It can be argued that this situation follows from the more creative nature of the literary medium and the lack of competition among literary works. However, it can also be argued that the producers of more creative works would not really wish to limit fair use of their works as such limitation may not necessarily benefit them. Either way, it seems like letting copyright holders hold extensive rights over their works through contracts they have prepared is not very favorable or sustainable in the long run. Moreover, the implications of such a decision might extend to numerous other mediums, creating difficult situations. Additionally, relying on the free market economy or consumer psychology to resolve this dilemma can be dangerous, producing unexpected results. Therefore, I disagree with the decision of the District Court in in Davidson & Associates, INC., et al., v. Internet Gateway, et al.

* I believe there is not much difference in terms of creativity between different games with the same theme. Thus, I don’t consider gaming industry very creative. However, I’m not really a hardcore gamer so I might be wrong.

Law and economics professors have filed a brief as friends of the court for the Grokster case. The brief basically challenges the views of the courts in the precedent cases, proposing a significantly economic approach to secondary liability test. I believe the test put forth by the economics professors partially addresses one of the main problems I’ve had with the Grokster case, court’s ignorance of willful blindness. However, given the impracticality of the test, I don’t think the brief overall achieves to provide a complete or robust solution to the secondary liability issue.

First of all, I think the Grokster case created a loophole for P2P systems by allowing willful blindness. Namely, through elimination of the login feature Grokster managed to prove that it had no means of blocking infringing users even though the music industry notified Grokster of their identities. In fact, the court noted that even if Grokster did not send new updates to these users, they would still be able to communicate with others who also did not receive the updates and shared their versions of the software. Although the court indicates that this incapability of Grokster arose from design choices that the court should not interfere with, I believe this could also be the result of willful blindness. Indeed, it does not make sense for a company to willingly give up all control over its users or its own software. After all, wouldn’t Grokster want to kick out users who distribute pornography or viruses through its system? Both the district court and the 9th Circuit failed to question Grokster on this argument, claiming that there was nothing Grokster could do to stop infringement even if it had knowledge of infringement. Accordingly, Grokster managed to escape liability for contributory infringement. The test offered by the economics professors, on the other hand, seems to address part of the willful blindness issue. Namely, the professors argue that secondary liability might be considered when the indirect party could deter the infringing acts at low costs. Indeed, keeping a list of users and forcing them to log onto the system before being able to search or share should not be too costly to Grokster since they initially implemented their system with a login feature, changing their design only after the Napster decision. Cleary, it could be infeasible to ask Grokster to change its decentralized system into a centralized one but it seems fair to ask them to require user login. Unfortunately, the court completely ignored the cost benefit aspect of such unwarranted design decisions made by Grokster, allowing the company complete freedom in its acts.

Although the test offered by the brief fill in certain gaps such as willful blindness, as we have discussed in class, it certainly creates many more gaps of its own. I think the main problem here originates from the fact that the brief and the accompanying test are suggested by economics professors who tend to formulate theories and leave the application process to secondary parties. Indeed, a solution to such a complicated problem as secondary liability in P2P systems probably can not be cleared with a few lines of theory. If their test is ever to be taken seriously, professors should outline how the cost-benefit analysis will be carried out. Moreover, more work is required on different parts of the test as we have discussed in class. Finally, I don’t believe that a solution to such a complicated case can be provided by representatives of a specific sector such as economists or technology developers no matter how much confidence they lay in their tests. Instead, I think any solution that is to be used in the present and future secondary liability cases has to take into account numerous aspects of the issue, combining all or a subset of the economics, active inducement, substantial non-infringing use and intent factors. Such a test, I believe, can only be devised by a fair and independent group of representatives with knowledge of the proposed tests (possibly the court).

edit: I realized that a final test does not necessarily have to cover all of the factors I’ve listed in the last paragraph. I also changed the tone in the fourth sentence in the 2nd paragraph as I am not quite sure if Grokster really is engaged in willful blindness. The court is to decide.