Information Technology and the Law

When talking about “community standards” with respect to the Internet, I agree with the proposal in class for a “network community.” With regard to obscene or indecent material on the Internet, it is difficult to draw parallels to real-life situations, especially when talking about pornography.

There are three main reasons that I believe it can be acceptable for someone to distribute pornography online. These characteristics can define an “online” or “network community.” First, people must sign up for the service. Second, the material must be password protected. Third, it should be very difficult for minors to obtain the material.

The reason I believe people must sign up for the service is because this shows a positive action on their side. When somebody signs up online in order to view or download this material, they are, in effect, joining the “online community.” Because they have decided to join this community, knowing what it entails, members cannot later say that they did not want to have access to this material.

The second characteristic that needs to be included is to password-protect the material. This can be either members logging in with their own passwords, or all using one password to view the material. The main goal of this provision is to make it difficult or impossible for anyone not in this “community” to accidentally gain access to the material. By being forced to enter a password to view the material, the community is, in effect, protected.

The third characteristic, difficult access for minors, is the toughest to achieve. However, there are ways to make it more difficult. Forcing members to use a credit card, acknowledge that they are over 18, or something of the sort can help accomplish this.

The reason that I believe an “online community” is possible is because of the difference in access as opposed to a real-life situation. If obscene/indecent material is posted on a billboard, sold in a store, or distributed via mail, the community as a whole is exposed to it, and their values should be considered. However, an online community has a different set of values, since everyone who joined this community, knew what kind of material would be available.

If a community is formed online in this manner, I feel that it should be allowed to exist and distribute its material regardless of the physical location their members exist. Once members sign up for this online community, they agree to respect its values and rules.

I agree that ICANN is not perfect, but some of the radical changes proposed in class on Wednesday are simply not feasible. There are many good theoretical solutions for replacing ICANN; however, we all know that what works in theory does not always work when put into practice. There are usually flaws, tradeoffs, and unexpected obstacles that arise when talking about solutions. Thus, I believe the best solution is to keep what we have and continually tweak it to better fit what we need it to do. It is up to us, the general public, to police ICANN.

There are two major problems with creating a coalition of countries or trying to sign a treaty, and they both come back to the same underlying principle: countries have a hard time agreeing with each other. Our football team of 100 players has a hard enough time trying to decide on locker room music; just imagine hundreds of countries getting together to decide on a treaty for something as important as the Internet. The only things they would agree on would be the easy issues, the same things that ICANN has already decided on. That’s the first problem: the initial treaty. The second is more problematic, and it involves decision-making by the “government” that would have to be formed to govern the Internet. Again, a coalition of countries from around the world would have trouble making any decisions at all, let alone the swift judgments the Internet requires.

Thus, because the Internet needs fast, responsive, decisive action, a private company is the best choice. ICANN is already in place and we know it works well enough. Instead, it is up to the public to regulate ICANN, and balance their monopolistic power.

What public opinion can do is help make changes when they believe ICANN has overstepped its powers or done something wrong. The public has the ultimate weapon; they choose to acknowledge ICANN as the official database of Internet names. If ICANN exceeds its authority, it is the job of the general public to hand over power to a new company, by acknowledging them as the official database holder.

However, this drastic alternative should rarely, if ever, be needed. It will mostly act as a deterrent, a bargaining tool when trying to reform ICANN. As Professor Felten said in class, people might not think ICANN is perfect, but the alternative could be worse—much worse. We, the public, have the power to control ICANN; we should allow them to continue their job, while using that power if need be.

If we are going to use permissions as a way for people to communicate the level of restriction they want on their personal files, then we have to respect them. Permissions placed on files restrict or allow different levels of access to different persons, groups, etc. This is the way that most if not all file systems work.

In the hypothetical H drive case, a student found another student’s homework on the H drive, copied it, and turned it in. As we all agreed, this was a definite violation of Princeton’s Honor Code and a normatively wrong behavior. However, though wrong on many levels, should this act fall under the Computer Fraud and Abuse Act? The answer is no.

The CFAA prevents accessing a computer “without authorization” or by “exceeding authorization” in order to obtain, essentially, restricted data. Clearly, the homework file was not meant for the student to read and copy. However, the copier did not gain unauthorized access. According to the permissions set by the owner of the homework file, the copier was completely within his rights—under the CFAA—to access that file.

Again, the morality—or lack thereof—of an act is not the basis by which we judge whether that action falls under the CFAA. We must look at the law itself, and in this case, this particular law does not fit.

In general, I believe that if we are going to use permissions as a standard way of setting access limitations on files, we must respect what they say. If we determine that they are ill-suited to their function, then we should determine a new way to accomplish this function. We should not misinterpret laws based on our feelings of morality.

Granted, there are exceptions to every rule. There are times when restriction of access should be implied. If I type in www.google.com and up on my screen pops up the classified information on the War in Iraq, I should be held responsible for not reading, editing, forwarding, or doing anything else with that data. But for the most part, these exceptions are cut and dry cases.

In the H drive case, the crime is not in accessing the file. Theoretically, if the copier accessed the file and did not copy the homework or was not in the class, there would be no discussion of whether or not this was contained in the CFAA. The crime was in using the file to commit a separate wrong act—copying homework.

Whether or not permissions are the best way to restrict/allow access, they are the current way. Every time somebody comes to a file, they should not have to sit at their computer and ponder what access the owner intended on this file. They should check the permissions placed on the file, and proceed accordingly.

I do believe websites can be treated as property, but I think a closer parallel to draw is between commercial property instead of private property. When we tried to draw parallels between private property and websites, we hit a few sticking points. However, thinking about it as commercial property fits rather well.

First of all, I had one big problem with the private property example. Unlike a person’s house, a website is meant for at least some group of people to see. Like we said in class, nobody creates a website for nobody to see. For the most part, my house is my own space and I don’t want unwelcome visitors. I only want people I invite over to enter my house. Usually, websites follow a different path than this.

Think of a department store, a restaurant, or a sporting goods store. In general, the owner of these commercial properties want as many people as possible to enter their property. People who enter are customers, and the more customers, the more money they will make. In the same way, a website is created and posted—either as a store-like property where people come to purchase something or as an information “store” that the creator wants people to see.

There are times, however, in both scenarios, where the owner/creator would want to limit visitors. In the commercial property case, this could be a member-based restriction—where the owner requires someone to be a member to enter his/her property—or a conduct-based restriction—where the owner bans a specific person for unruly conduct or some other reason. The same thing applies to the Internet. A site could want to limit access to its contents to only a select group of people. This happens all the time on the Internet, with user name/password combinations restricting access.

However, it is more difficult for web site creators to ban specific people who perform detrimental acts. For example, in the eBay case—eBay wanted its site to be open to the public to browse, but it wanted to ban Bidder’s Edge from accessing its site. This is akin to, say, a casino. A casino wants lots of people gambling on their property; but they also want to ban specific people—known card counters, thieves, or even a specific person who caused a ruckus previously.

I feel that websites should have this same right. If I create a website, I should be able to limit its access to whomever I want. If I want to limit its access to only myself, or 100 people, or everyone but 100 people, I should be allowed to do this. And, if banned people continue to access the site, then that should be considered trespassing. Just as somebody banned from a University, a restaurant, or a store would be prosecuted if they were found on that property. Putting my site on the web should not force me to grant access to anyone with access to the web.

So while the private property example has some similarities, I believe the commercial property parallel is a much better fit.

The confusion of Wednesday’s discussion got me thinking. It seemed like we couldn’t pinpoint exactly what the facts were in the case, and then that lead to an uncertainty about exactly what issues were at hand in our discussion. After having time to digest and contemplate the debate, it became a bit clearer to me. First, all talk of a monopoly was way off base; and, second, the main issue at hand was something to which we didn’t give much attention—namely, should companies be allowed to tie two products together.

The problem with discussing monopolies with respect to the Lexmark case is that there is nothing close to a monopoly here. First and foremost, as pointed out in class, there are numerous other printers and cartridges available. A customer who doesn’t like having to buy Lexmark cartridges with their Lexmark printer can simply buy a different type of printer. A second point, touched on to some extent in class, is the fact that customers were given an option. Save $30 and promise to use Lexmark cartridges. If you don’t want to do this, buy their other printer and cartridges.

The main disagreement I had, however, was with the Microsoft example. This is not the same type of situation. Microsoft tying its Windows operating system to the Internet Explorer browser has much further-reaching implications and more complicated consequences. An operating system is difficult to switch from. When deciding on one, one must take into account many different aspects: ease of use, compatibility, popularity, familiarity, etc.; the least of which is the browser to use. On the other hand, deciding on a printer is easy. Take into account functionality and price. Choose the one with the best functionality at the lowest price. It will work with any computer, any operating system, etc. Thus, a business or person does not have as much flexibility to switch operating systems as they do printers.

All of which brings me to my second point. Whether or not companies should be able to tie together two of their products should depend mostly on three things: the number of other options available from other companies, the number of other options available from the same company, and the ease of switching from one product to another.

In these two cases, the conclusions are quite different. Microsoft should not be able to tie IE with Windows. Though there are some other OS to choose from, the difficulty of switching from one to the other means that once Microsoft ties one in to Windows, they are able to force other products on them. Microsoft also does not offer two versions: say, one version of Windows that forces users to use Microsoft’s IE browser and another that doesn’t for $X cheaper. I feel that it’s the combination of the difficulty of switching OS and the lack of a second option that leads to this conclusion.

Lexmark on the other hand, should have every right to continue their business practice. There (a) are many other companies selling printers and cartridges, (b) is another option provided by Lexmark not forcing customers to use their cartridges, and (c) is no difficulty in switching from Lexmark to, say, HP—or even the other Lexmark printer. Therefore, though we were right in discouraging Lexmark from using copyright to protect itself, they should be able to continue their business practice. They simply went about it the wrong way.

Disallowing the reverse engineering of video games and video games consoles via EULAs should definitely be allowed. I agree with some of the opinions from previous posts that reverse engineering is an important part of innovation. However, I argue that it is not the case in the video game world.

For one, video games are for pleasure; there is nothing necessary or important about video games. They are played merely for entertainment. It is not necessary that others be allowed to build upon previous works to quickly produce upgrades for the betterment of society.

What should drive most decisions is the protection of the ability to create. In video games (of which I am a big fan), the time and ingenuity needed to produce a new console or a new game must be protected, to some extent, by copyright. If Sony, for instance, came out with the PlayStation 3 console in three years, and within a month, somebody had reverse engineered, rebuilt, and resold it, what incentive would Sony have for a PlayStation 4? They would have to put tons of time and money into not only researching and creating the console, but also into designing a way to stop, or at least slow down, reverse engineering. Meanwhile, the reverse engineers would need to spend only one month and very little money figuring out how to (basically) steal Sony’s design and sell it at a much lower cost.

Economically, it only makes sense to let users negotiate away their “right” to reverse engineer. If Sony currently sold its PS3 console for $200, and it was reverse engineered and sold, thus hurting Sony’s profits, Sony would then have to sell its PS4 for $300 instead of $200, to make up for either (a) lost revenue due to reverse engineering or (b) investment in research to stop reverse engineering.

Of course, this does not mean that reverse engineering must be disallowed. Let’s say a different company—say, Microsoft’s Xbox—thought that reverse engineering would help increase the sales of their console and games. Microsoft would then not include a provision in its EULA prohibiting reverse engineering. In this scenario it is possible that, even though Sony might make more money on its PS3, Microsoft would make more money on future versions. The reverse engineering would allow users to also play their games on a PC. Though Microsoft would lose revenues to those who bought the reverse engineered console, the increased popularity of their system would cause a boost in their game sales and aid in the profits tied to future releases of the console.

The point is this: reverse engineering is not a natural right. Sometimes it is very useful and even necessary. However, a software producer and user should be allowed to negotiate this right in a contract or EULA. A software producer, if he so chooses, should be allowed to only sell his product to those who agree not to reverse engineer it. If users do not want to give up this right, they can simply refuse to purchase the software. While reverse engineering is a fair use, it is not a natural right.

The copyright owners of this country are fighting an increasingly uphill battle. When Napster debuted a few years ago—an apparently benign file-sharing service—the recording industry, the film industry, and other copyright owners could never have foreseen the grim situation they now find themselves in. Though they have won cases against P2P services such as Napster, file-sharing systems continue to spring up everywhere, infringing downloading of copyrighted material is skyrocketing, and neither seems to be slowing down anytime soon. The more information I see about this deadly combination of P2P and illegal downloading, the more I believe there is no way to stop it.

As I read the recent Princetonian article about Professor Felten, it became clear to me that the P2P technology is not going anywhere. It is simply too easy to create and has too many uses—legal and illegal. Users have also proven that they will not stop downloading the free (illegal) music and movies. I also believe that it has been demonstrated to be nearly impossible to prevent illegal downloading through filtering or other methods. The Napster example showed that people will find ways around any mechanism geared towards filtering copyrighted files.

So, if the copyright owners cannot stop the existence of the technology, the infringement of the users, or the availability of their works, what can they possibly do? An earlier post suggested the recording industry follow the advice of a well-known axiom: “If you can’t beat ‘em, join ‘em.” I recommend a different one: “Desperate times call for desperate measures.” I’m proposing something much more radical—a huge risk, but huge reward strategy: Stop making music.

It’s called playing hardball and it fits the recording industry’s personality much better. Think about it. People go on strike all the time: professional sports leagues, supermarket workers, transit groups. Why not the recording industry? Tell the public, “If you want to exploit us, we’ll stop making music.” Sure, the current collection of music will still be available, along with new music from indy bands. But there is no way the public could go very long without a fresh wave of music from the biggest stars. Any new music produced would inevitably be of lesser quality: inferior singers, worse musicians, no recording studios, a LOT less money…the list goes on and on. People would HAVE to eventually give in. No more Britney Spears, Usher, Eminem…you name it, they are done.

This is not to say that it would not be risky. The recording industry would have to, in effect, form a union and convince every big-name artist to stop making their music. They would have to shut down the recording studios and remove their CDs from stores. Most importantly, they would have to hold firm; they could not give in to the public. This is a war of attrition and discipline and unity are the keys. Sure it would be hard, but money talks and this is about loads of it.

If the recording industry wants to cut their losses and salvage what is left, they can go the other route; they can try to join the file-sharing business and survive off of advertising. But to have it all—and more—the recording industry (all of it) must play hardball.