Information Technology and the Law

Jprobst already mentioned many of the problems raised by community standards laws. That a person running an internet site could be held accountable in any jurisdiction from which that web site is accessible puts a huge burden on the site owner to make sure that the material is unobjectionable. Additionally, if we started seeing lawsuits come out of more conservative communities, it would certainly have a chilling effect on free speech in communities where the speech was deemed acceptable. I think the obscenity laws which are governed by community standards are very different from other laws which would govern a business participating in interstate commerce.

Certainly when I start selling a product to another state, I am bound by the laws of that state as well. But these laws are something which is written down and approved by the state legislature. If I want to know whether my business is legal in that region, I can hire a lawyer or simply check the statute myself and it should be relatively straightforward. However for an obscenities law relying upon community standards this is not the case. The standards are literally decided at time of trial by a jury which is there to represent the community. How am I to know ahead of time what is and is not allowed? Even if I were capable and willing to restrict access to my website to those communities where the content was deemed acceptable, is it possible or practical for me to know which communities these are?

I think a much more appropriate model for obscenities laws would be hate crime and hate speech laws. Here, in general, statute is required to narrowly define specific acts which are considered hateful and which therefore fall under these laws. The supreme court has ruled that because of the first amendment, such statutes must be as narrowly defined as possible to support the government’s compelling interest to prevent violence stemming from hateful speech. Why doesn’t a similar standard apply to obscenities? Why is the government here allowed to make extremely broad laws which rely on this notion of community standards, which may not even be defined prior to a trial?

I think the current obscenities legislation is both unconstitutional in that it is overly broad for it’s purpose and also that it is practically irresponsible because it prevents business from getting any certainty about the legality of their operations. Even if a business really wanted to protect itself and make sure that it abided by the law of local communities, the law doesn’t exist until someone complains and it goes to court. This is inefficient for the business, inefficient for the community and just plain unfair. If communities want to apply their own standards for decency, then no one is stopping them from passing laws banning certain acts. But saying that “community standards” are the judge for whether something is legal isn’t really saying anything at all.

I think that websites should not be considered private property, or even as Monte suggests, commercial property. I think the problem we are having in decided how to classify websites comes from the fact that we have predetermined what control a website owner should have over their site, and are then trying to find a way to give them that control. If instead we look at what a website actually is I think it’s clear that the rules of trespass as they apply to property are completely inappropriate.

First, we need to give up the idea that by visiting a website we are “entering” their property. We never phsyically enter their computer in order to view the website. I think a much more appropriate analogy is the following. Instead of calling a website someone’s house, it’s more like a sign posted on their front yard. A person browsing the internet is more akin to a person walking by their house at night with a flashlight. If I wish to read the sign, I shine the flashlight on it, the light travels from the flashlight, is modified and sent back by the sign which I then observe. Similarly, if I wish to view a website, I send some electrons to your computer, which then responds with other electrons which I then observe as the website.

Could I be charge with trespassing for shining a flashlight onto your yard? Does the owner of the house have the right to say only the following people are allowed to view the sign? If they wish to restrict access to the sign to a certain set of people, then they can keep it indoors and invite those people inside. This is similar to adding password protection to a website. If you place the information out in the open, with no technological measures to prevent people from viewing it, then you have no claim whatsoever against someone who viewed it, just as if you leave a sign out in the yard, you can’t sue people for viewing it, even if you didn’t want them to.

Now if you’ve moved the sign into your house and someone breaks in to view it, then of course you should have some legal remedy and analogously if someone circumvents your password protection then you should have a legal remedy. However, once you have created a website and made it available with no technological measures to prevent access, it is very similar to having published any other material and as such it makes much more sense to protect it under copyright law.

Someone will surely object with “What happens when someone shines a thousand flashlights at the sign at once, or a thousand different people each shine one?” The first case would be the equivalent of a DOS attack on a website, and at this point the purpose of shining a flashlight on the sign is no longer to read the sign, but instead to cause harm to the person who posted the sign. In the second case, perhaps you simply need to move the sign to a more private location. On the internet there are certainly plenty of ways to reduce the number of visitors to your website, requiring user registration is perhaps the simplest.

In discussing the Compuserve case today Don brought up the point that because Compuserve was a private entity, the argument made by Samford Wallace that his spam was protected as commercial free speech doesn’t hold up. Compuserve, as a private entity, should have the right to regulate speech over it’s network however it wants. This is further supported by the common carrier laws which apply to phone companies and prevent them from regulating speech based on content and which specifically did not apply to ISP’s.

The issue isn’t quite as clear cut as that though, and several state courts have ruled that there are exceptions. In Pruneyard Shopping Center v. Robbins, the California courts ruled that a shopping center had become a public forum and as such could no longer regulate free speech on its private property. Part of the Pruneyard decision hinges on the specifics of the California constitution, and in the case of free speech the Supreme Court has denied to extend free speech protections to shopping malls.

If we look at other Bill of Rights guarantees though, there are quite a few instances where they have been applied to private groups as if those groups were the government. The Supreme court ruled that a private Minnesota club designed to raise money and help those in need was required to admit women as members, stating that the club was so large that it was essentially different from a private organization. Frank v. Ivy Club dealth with the admission of women to Ivy Club here on campus, and the courts similarly ruled that Ivy was an essential part of Princeton University, which was essentially a public accomodation, and therefore Ivy was bound by the same anti-discrimination laws as any public organization.

Perhaps the most compelling argument is the application of such laws to the workplace. Anti-discrimination laws certainly apply to private businesses. I would then argue that if anti-discrimination laws can apply to private organizations with full force, then why can’t free speech laws? Both are contained in similiar language in the bill of rights, neither is given special treatment over the other.

The general trend in cases of this sort is that at some point an organization becomes a “public accomodation”, it’s just a part of everyday life for many people, and at this point it loses the protections of a private organization or business. Once it becomes a public accomodation, it must obey the same discrimination and free speech laws as any truly public organization would.

Copyright infringement occurs when you create a work which is a derivative or exact copy of another work. There are exceptions, such as fair use, but you are also except from infringement if you had no knowledge of the original work. For literary works this is fine, as the methods of expression are so vast. However, in computer programs they are more limited and there are strict rules to what expressions make up valid computer programs. If you are writing a program meant to duplicate the function of another, the number of possible expressions becomes even smaller.
Imagine I wanted to duplicate the functionality of another program. I knew the length of the program in assembly, l, and I knew the valid inputs to the program and I had a black box which would take inputs, run them through the program, and give me the output. I then have a computer generate all valid assembly programs of length l and compare the outputs of each to those of the black box. Eventually it will find a program which has the same functionality as the black box and in fact will almost certainly be an exact copy of the original program.
Did I commit copyright infringement? I would argue that no, I did not. I have never seen the source code of the original program, so how could I copy it? All I knew about the program was its functionality, the input/output pairs that it would generate. The function of a program cannot be copyrighted, only the expression. While it is likely that I duplicated the expression, that’s only because there are a limited number of expressions which produce the same function.
This method of course isn’t practical for a program of any length. But what if I also knew the number of add and branch operations that occurred. Maybe I checked to see how often each register was accessed. Maybe instead of just counting the number of these operations, I actually watched the processor during execution of the program to see which parts were being used at what times. In theory by watching the processor you could determine every line of the program, without ever looking at the source code itself.
Once you can reproduce the source code perfectly on the first try, it seems obvious that copyright infringement has occurred. If I have to do a brute force search of all possible programs, and purely match it on functionality, then no copyright infringement has occurred. There’s a lot of grey area in between those two extremes. Somewhere we have to draw a line between what is copyright infringement and what isn’t.
One way to look at the amount of information you have about a program is to calculate the number of possible, valid programs that exist which satisfy the constraints. In a brute force search there are an exponential number of possibilities. If you know the frequency of commands, then it becomes factorial. If you know everything but a single line, then it becomes constant. Certainly there is other information that would give different search spaces.
It doesn’t seem like there is any obvious place to draw the line and I can’t even say I have a normative opinion on where the line should be drawn. Maybe this is a place where you use a word like substantial and just let the judges interpret it on a case by case basis.

In class and in posts on this forum we seem to assume that the precedent is what the RIAA is looking for in this case. Jeff makes some prudent points in his essay “What does MGM really want?” pointing out that they can’t really expect to get anything from Grokster or Streamcast. The monetary value of those companies at this point is insignificant compared to the millions in legal fees that the plaintiffs have paid. Any attempt at an injunction against the distribution of Grokster would be fairly futile as well, as the Gnutella network would survive and as we’ve seen in the past, more P2P networks would simply take its place.

However after that point I’m going to disagree with Jeff, who states that the RIAA is going after a precedent in this case. While I’m sure they wouldn’t mind it, I don’t think the precedent is worth as much as others have assumed. First, even if they get a precedent saying that Grokster is illegal, there’s a good possibility that it wouldn’t rule out all permutations of P2P networks and in fact would give new developers guidelines on how to keep their software legal.

Even if a very strong precedent were set, what effect would that have on software developers? Sure, Microsoft isn’t going to be building a P2P network designed for sharing copyrighted music, but major companies with seizable assets are already avoiding these technologies. Maybe it will reduce venture capital for commercial P2P services, but many of the most popular networks already weren’t developed with venture capital, so no real gain there.

P2P networks with thousands of users and potentially millions of instances of infringement can be developed by teenagers in a matter of weeks, and run from decade old desktop computers, we all know of the example of in our class. Furthermore, a precedent would have no bearing whatsoever on international developers. The networks aren’t going to go away just because the courts issue a strong precedent against them.

I think instead the most important effect of the supreme court ruling for the RIAA would be the image it generates. It would be the best anti P2P publicity that the recording industry could possibly get, more effective than any television advertising they could buy. If the Supreme Court rules against Grokster, newspapers will cover it as a ruling against P2P software in general. The ruling will get national media attention focused on file-sharing and how it had just been ruled illegal. More important than the precedent itself will be the stigma attached to file sharing.

The RIAA must realize that suing these individual companies running P2P networks will never make them disappear. What they really are trying to do is shift public opinion so that the average person no longer views file-sharing as something that they should be doing. A Supreme Court ruling and the exaggerated media stories that would follow is the best way imaginable to do that and I think this is really the most important thing for the recording industry, not the precedent itself.

The RIAA has attempted several different strategies in their fight against illegal file sharing and several other strategies have been proposed in discussions both in class and on this site. I’m hoping to follow the model of Unsuspecting Innocent and really analyze some of the options that the recording industry has and how effective they may be.

First, I want to make a few comments on Unsuspecting Innocent’s analysis of lawsuits against individual users. I would argue that even if the expected value of file sharing remains positive, as the lawsuits are too few and not for enough money to provide a real monetary disincentive, that many people are very risk adverse in this area, and will be scared away from file sharing even when the penalty is so small. However, I think the utility to the file sharer is much larger than he estimates, closer to $50 instead of $5. This means that if the recording industry wanted to make it a negative EV to download music, they would need to sue approximately one million individual users, which is not reasonable. Overall individual lawsuits could stop certain risk adverse users from using the system, but a large fraction will be relatively unaffected in their usage.

Another approach that the recording industry has used is to sue and attempt to shut down the distributors of the file sharing service. With early P2P technology such as Napster and Aimster, once the courts ruled for the recording industry, it was fairly straightforward to disable the networks completely. But even then, other services took their place immediately and even in those early cases it’s not clear that this strategy reduced sharing of copyrighted music. Now, even if cases were to be decided in favor of the recording industry, which is not at all a certainty, the company has no power to shut down the existing network. Would a ruling against Grokster do anything at all to stop illegal sharing of copyrighted works? Certainly it would be far less effective than the shut down of Napster, which had little to no effect.

Those are the two main strategies employed by the recording industry, and it seems as though both will necessarily fail. Another strategy which is used somewhat but doesn’t appear to be the focus is to compete with the P2P networks through products like iTunes. While they can’t win on price, the recording industry needs to make sure that the pay to download sites offer both greater convenience and better quality than P2P networks. Based on comments I received on my writing last week, I take it that currently the P2P networks may succeed on both of these points as well, but that certainly doesn’t need to be the case. Still, this strategy may not have much effect on the amount of illegal sharing that occurs.

I think the best option for the recording industry is to turn these P2P networks into part of their distribution system. Don makes this sort of suggestion in his post this week, proposing that some sort of compromise is reached between the P2P networks and the recording industry. I would go further and say that the recording industry needs to take the initiative and create something which equates to the compulsory license under which songs are played on the radio. There needs to be a license to distribute songs on a P2P network which is openly available to anyone that wants to acquire that license, instead of requiring each vendor to negotiate a separate license with the recording industry. This would give P2P networks the option of making their software and networks completely legal so long as they found a sufficient way of getting revenue from their software.

In response to Jeff’s post on Post-Aimster file sharing Jordan posted a link to an interesting study which claims to show that file sharing has no negative effect on music sales. They performed an empirical study of music downloads versus album sales and concluded that in the worst case every 5,000 downloads of a song causes one album to go unsold. Certainly prior studies, mostly conducted by surveys of file sharers, have come to different conclusions.

This study suggests that at a minimum more research into the question is necessary. However, since I can’t perform that research in a 500 word essay, I’d like to draw a parallel to radio which seems to be overlooked. When radio was first available, it was argued that no one would ever go to hear live music again because they could listen to it in their own homes. It could also be argued that radio would hurt sales of prerecorded music because listeners could now record the music themselves onto their own tapes off of the radio. Clearly no one would need to go and buy a tape if they could get it for free. Now of course, artists are desperate to get more exposure on the radio because it is well understood that being played on the radio greatly increases album sales.

Now file sharing is far more convenient than going to the store to buy an album, while recording off of the radio isn’t. However, downloading a song legitimately through a service such as iTunes is both more convenient and will result in a better quality song than downloading it through a file sharing service. Isn’t it possible that we will see the day when artists willingly offer some of their music for download through file sharing networks with the understanding that getting listeners will increase their sales of online music just as radio has increased the sales of prerecorded music?

The record industry I think would have to do two things in order to make that possibility occur. First, they need to continue to promote and expand the availability of online music downloads and specifically work on making it easier to use and find songs than from a file sharing service. Secondly, they need to continue a practice which I think is one of the most effective ways to slow down file sharing and that is releasing fake music files. Even now, often when you download music from a file sharing network, instead of getting the song named by the file, you get merely white noise. These are files released by the record companies to make it more difficult to use these networks and I think are the most effective way to reduce file sharing because they reduce the main advantage, convenience, that it has over legitimately purchasing music.

There will always be people for whom the price of buying music is simply too high for their demand and who will choose to obtain it freely via recording from the radio or now using a file sharing service. However it seems plausible that file sharing could evolve into a way of discovering new music much like the radio is now and in that role increase legitimate music sales.