Information Technology and the Law

Eric, Lauren and Jeff all make very effective criticisms of the community-based test for obscenity as defined by the law. I agree with their positions, but I would like to take a more general look at the existence of obscenity and indecency laws, and consider their actual usefulness and justifiability. In general, I tend to view these laws as fallacious and unnecessarily invasive.

One of the main reasons that section 223(a) of the CDA was ruled unconstitutional is because indecent speech enjoys some first amendment protection and the statute is viewed as being too broadly restrictive of this right due to the nature of the Internet. I would counter, however, that on a fundamental level, this rule is unfair even with respect to obscene material. If I use a “telecommunications device knowingly” to “initiate the transmission of any comment, request, suggestion, proposal, image or other communication which is obscene,” I should NOT necessarily be held criminally liable. If I am, for example, choosing to send something obscene to a consenting recipient and there are no affected third parties, what place should the law have in telling me I’m not allowed to do so. This seems like an egregious invasion on personal rights on the part of the government and serves no obvious functional utility.

In class this week, many dismissed this and similar arguments by acknowledging (rightfully) that obscene speech does not enjoy first amendment protection. Granted, this may be true, but this statement alone hardly seems to provide any normative justification. Laws exist so that members of a society can coexist in a way that no member is unduly bothered by another. If a subset of the society, however, wants to behave a certain way, they should be allowed to do so, provided it does not interfere with the rights of the rest. Public obscenity and public indecency laws, for example, are more ethically palatable. Obscene speech or action that occurs in a public space necessarily affects third parties who do not have the ability to consent or decline consent to being passive participants. In this case, there is a clear societal benefit to making obscene conduct illegal- it invades the rights of most members of the society, who agree that this is something ‘obscene’ (whatever the definition may be). In cases, however, where the only affected people are the willing participants who actively consent to taking part, prohibitions on obscenity are unfair, unnecessary and no more justifiable than prohibitions on indecency.

This division becomes less clear on the Internet. In the case of solicited e-mail and private sites, it seems pretty clear to me that anybody accessing the material is a willing participant and that the content should be ungoverned by obscenity laws. The case with public websites, however, is less obvious. Theoretically, such a website still requires a request from the client, which suggests some sort of active seeking out of the material. Realistically, however, the linked nature of the Internet means that effectively people are often exposed to sites inadvertently or mistakenly, without prior intention. Since this is quasi-public, I think there is a stronger case to be made for policing obscenity available openly on the world wide web.

On a very fundamental level, however, I think that to the extent that it is free of third-party effects, a government has no business telling an individual that certain acts or speech are not allowed because they are deemed obscene by some collective conscience.

In my post this week, I discuss issues related to the Internet Corporations for Assigned Names and Numbers. It seems bizarre that an organization with so much control over how the Internet is governed and used can manage to so effectively avoid the mainstream spotlight. I consider the issue of “expedited administrative proceedings ” to settle trademark disputes and more generally the level of accountability built into the structure of ICANN.

Before registering a domain name with ICANN, registrants must agree to abide by its uniform domain name dispute resolution policy. Trademark holders can invoke an expedited conflict resolution procedure which some have argued generally tilts in favor of the challenging trademark holder. Given that well-established avenues of legal recourse exist for trademark dispute resolution, it seems unnecessary for people to be made to follow the ICANN policy. It is particularly disturbing because ICANN has a (perhaps necessary) monopoly on domain names, so that anybody wanting to register a name effectively has no choice but to accept the resolution policy.

Furthermore, if in fact the expedited process tends to favor the trademark holders, this circumstantially suggests that the arbitration may be inconsistent with how the legal process would rule. The burden of liability for trademark is generally that a use is infringing only if it confuses consumers about the origin of some product or about an association with a given product. If I somehow was holding www.justdoit.com and hosted a website about my personal travels, it would be unlikely that anybody would mistakenly believe that my website was affiliated with Nike. While I cannot say certainly that ICANN’s expedited resolution would rule against me in this case, it is certainly within the realm of possibility. If this happened, I would be unjustly punished against the rule of law with basically no recourse. This is ideologically a dangerous situation to have created.

The issue above underscores the general lack of accountability with ICANN. ICANN has been granted a monopoly and substantial power over Internet naming, but ICANN Watch rightfully points out that ICANN is free of traditional governmental accountability AND also of corporate responsibility since it has no shareholders and few elected members. There is a strong case to be made for centralizing control over Internet naming rights, and for the Internet to continue functioning cohesively, the monopoly granted is perhaps necessary. Nevertheless, there are steps that the DoC can take to make ICANN more accountable, to avoid potential conflicts of interest on the part of the directors and to avoid needless power-clinging.

Would it be conceivable to have a rotating board? This poses a threat to consistency over time, but certainly a greater proportion of the board could be rotated or appointed by an external (governmental?) agency. Aptitude and expertise in the Internet is a natural prerequisite, but surely there is no shortage of qualified people. At the very least, many of the academics at top universities who, in fact, designed much of the Internet architecture anyway, would be qualified to serve in such a capacity. Given that making ICANN a profitable corporation has obvious potentially negative social ramifications, accountability must be sought elsewhere. Rotating board and increased governmental involvement create this.

In his post, Unsuspecting Innocent rightfully points out that much of our recent debate has concerned the level of implied consent for different types of network access. Certainly, this is of critical importance when are evaluating the Computer Fraud and Abuse Act, since all of the infractions involve unauthorized access or exceeding authorized access. Implied consent, of course, renders access authorized for all intents and purposes. Perhaps, then, the legislation would be made stronger if there was some explicit assertion of the level of consent implied by different contexts and situations. I will consider the level of implied consent with the H:\.

Whether or not one can access somebody else’s unprotected H:\ is not as obvious as it initially seems. The University provides these accounts for storage of personal files, and two facts suggest an implicit agreement that a given share is intended solely for the user. First of all, the name of the share actually mirrors the Net ID of the owner. Secondly, any user who logs onto the domain automatically has their H:\ mapped. These two factors suggest quite strongly that the H:\ is intended to be used by the owner. By contrast, it requires an active request to access the network share in order to view somebody else’s H:\.

Nevertheless, the fact that the H:\ is intended for use (reading and writing) by the owner does not preclude that it might also be suitable for use (reading) by others. In other words, while the two factors mentioned above strongly suggest that the share is intended for the use of the owner, they do not necessarily imply that the use is solely for this person. I tend to disagree with Lauren’s analogy to a house, suggesting that it should be implied that without an invitation, one does not have access to the H:\. The critical difference is that the H:\ is a network share- one of the fundamental purposes of networking is to allow data sharing between connected machines. The terminology itself, “share”, suggests this interpretation. Thus, when resources are shared on a network, there might be some implied consent to others accessing it. On the other hand, there is no common practice of using homes communally, so there would be no reason to expect that you could simply enter any home if the door was unlocked. The fact that networks are used so frequently for sharing is precisely why the permission systems work not only as a protection mechanism, but also as a policy statement. Very often, it is not all obvious who has the right to access a given network share- permission systems solve this by stating explicitly who is allowed to access the resource and in what way they are allowed to do so. These systems, then, make clear who is authorized to access a resource and when they have exceeded this access.

Thus, the question of determining whether or not there is implied consent to accessing an unprotected H:\ is an issue of balancing the strength of the permission system against the implications of the name of the share and the automatic mapping upon logon. In general, I believe that given the sharing function of networks and the ability of permission systems to communicate access policy, the balance weighs towards implied consent. In the case of H:\, however, it might also be relevant to consider the nature of the data itself. The H:\ is provided to students predominantly to store their academic work and personal files, and most if not all students are aware of this when they arrive on campus. This, taken with the agreed upon code of Rights, Rules and Responsibilities suggests that implied consent is not present for accessing an unprotected H:\. The case is strengthened by the observation that a “public_html” folder is provided on every H:\ specifically for publishing data to the world wide web, where anybody can access it.

Thus, given how the H:\ shares are named, their automated mapping when the owner logs on to the domain, and the nature of the data expected to be stored, I conclude that there is NO implied consent for authorizing an unprotected H:\ without explicit authorization from the owner. In the general case, however, I believe that in the presence of a permission system, there is implied consent to access an unprotected share.

In class this week we read a number of cases where the tort of trespass to chattels has been applied to cases of Internet trespassing. This raises a number of interesting questions- one of the questions that piques my interest is the extent to which the law should demand that a firm employ self-help mechanisms before raising a legal challenge. I will examine the issue normatively and then consider how the cases we’ve looked at correspond to my opinion.

Fundamentally, the tort of trespass to chattels is grounded in a notion of property rights. In other words, if I own something, I am entitled to use it as I see fit (so long as it doesn’t infringe upon anybody else’s rights) and to do so without having others affect my ability to use it. For example, if I own an automobile, nobody should have the right to drive it without my permission or to apply a boot that will prevent my tire from moving. By analogy, if I have a personal computer system that is accessible via the Internet, I should perhaps be allowed to restrict who has rights to access it. Practically speaking, it is probably in my interests to implement inexpensive protection mechanisms such as a password in order to avoid costly legal fees, but the absence of such a measure should not normatively diminish my right to legal claim. By analogy, installing a security system on my car or parking it in a supervised lot would reduce the likelihood of somebody trespassing on it, but by no means should I be required to do so. Given the public nature of the Internet, it is not unreasonable that I should be made to actively notify (either by email or by some sort of preliminary page) those users whom I would not like accessing my system.

The cases studied this week, however, ground this notion somewhat in practical considerations. In Thrifty-Tel v. Bezenek, for example, much of the dicta surrounds the fact that Thrifty-Tel made absolutely no effort to contact the accused before taking the matter to court. As a point of contrast, eBay v. Bidder’s Edge portrays eBay positively because of its repeated efforts in good faith to reach some sort of a licensing agreement and to employ blocking mechanisms. In the former case, the preliminary injunction was overturned while in the latter it was upheld. Similarly, Compuserve employed technical means in repeated attempts to block incoming email from Cyber Promotions before taking legal action. These cases suggest that some effort at reconciliation outside of court is a prerequisite for success. It is worth noting, however, that in addition to employing technical measures, eBay and Compuserve also sent written notice repeatedly and explicitly informed the defendants that they were no longer permitted to trespass on their systems. My own interpretation is that the significant aspect was not the technological measure itself, but the fact that the parties explicitly informed the defendants and tried convincing them to stop outside of court.

Practically speaking, where electronic protection is very inexpensive (in particular, less expensive than the legal costs), it makes sense that courts would encourage parties to avoid the courts. Nevertheless, this practical consideration should not supersede one’s right to protection under the law. In particular, consider that if the costs of implementing technological protection are less than the cost of litigation and the expected damages reflect real damages suffered, rationally acting parties will choose not to pursue litigation anyway. Thus, it is unreasonable to make a legal claim against a trespasser contingent on some obligation to implement technological protection mechanisms.

Central to discussion of Universal v. Corley this week is the dubious issue of the extent to which computer code is protected by the First Amendment. Professor Tourtesky’s Gallery of CSS Descramblers is very effective in illustrating the difficulties with drawing an arbitrary line between functional code and creative expression. In my post this week, I examine section III.A (4) of the aforementioned ruling. It is my opinion that the court falsely gives too much weight to the potential unlawful access to DVDs that can result from DeCSS in “limit[ing] the scope of its First Amendment protection.”

The court correctly observes that “the initial use of DeCSS to gain access to a DVD movie creates no loss to movie producers.” In other words, DeCSS will allow a user to copy a DVD that he legally owns onto his computer, for example. Given the myriad of potential fair use defenses, DeCSS would seem to have justified its own existence. Without a descrambler, users can only access DVDs through licensed players which may severely restrict their ability to partake in fair use rights that they are entitled to. The story of how and why the code was originally created is telling and poignant- it was created in order to achieve interoperability on Linux, since no licensed DVD players were available for Linux at the time. The fatal flaw is that the court presupposes that the only ramification of encryption code is to “prevent unauthorized access”, whereas in practice, it may also prevent authorized fair use access.

Furthermore, it seems normatively wrong that the licensing scheme employed to enable CSS restricts the devices that one can use to view a DVD. When I purchase a DVD, I should be able to play it as I choose- it seems oddly like coercion that I have to buy a player endorsed by the motion picture studios (who also directly benefit financially from my purchase of the device). Thus, my right to fair use coupled with the fact that reasonably, my content should be interoperable on devices of my choosing, suggests that the DeCSS software serves a positive function to society and should not be excluded from fundamental rights due to some spurious claim about its dangers.

The potentially danger to society at large occurs when the user makes a copy on his computer and then distributes this on the Internet (probably a compressed form). While this indisputably represents copyright infringement, it is significant that it is two degrees separated from the publication of the DeCSS code. While unauthorized access to DVDs is a serious risk, it seems excessive to conflate it to be so dangerous as to generally limit the First Amendment protection on the DeCSS code. Along another line, we’ve shown numerous fair and legal uses for the code. I’m reminded of Sony v. Betamax, where they were many potential illegal uses of the VCR. The substantial non-infringing uses, however, rendered these risks necessary. Similarly, DeCSS has demonstrated and potential fair uses and is not inherently evil.

Therefore, if its purpose and function is to inform its First Amendment protection, one must be balanced and realized that given its relatively neutral standing, it must be entitled to full protection under the law.

In my post this week, I critically examine a specific part of the Sega v. Accolade ruling. In general, I agree with the ruling. Given that there are certainly aspects of a computer program that are unprotected by copyright law, it can’t reasonably be ruled illegal to access these data in what is the only real practical way to do so. Sega , of course, always has the option of making their interfaces public, which would perhaps give them a stronger case. Since they CHOSE not do so, the ruling is sound. Although I agree with the ruling as a whole, I would like to critique the court’s outright dismissal of Section 117 as a defense for Accolade.

Section 117 allows the owner of a computer program limited rights to copy the program in order to execute it insofar as running the program requires making a copy in the computer’s memory. This particular defense is very novel, and its simplicity made it very compelling to me. From a legal standpoint, it seems hard to beat: far from an invocation of judge-made based on precedence, this defense references a statutory clause in the Copyright Act. It seems obvious to me that in reverse-engineering the product, the only copying of the object code was that which was necessary to execute the program. Examining the output or machine instructions generated does not, on the surface, seem like it should be any violation of copyright since these things do not represent the programmers’ expression.

The 9th Circuit dismisses this argument by noting that “Section 117 does not purport to protect a user who disassembles object code, converts it from assembly into source code, and makes printouts and photocopies of the refined source code version.” This argument, while reasonable, does not strictly follow from the letter of the law. An examination of the section reveals that it is, in fact, something of an overextension on the part of the judges. The act itself stipulates that copying is permissible if the “new copy or adaptation is created as an essential step in the utilization of the computer program” and that “all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.” The copies are ONLY MADE for the purposes of running the program- the subsequent reverse-engineering by examining the operations of the computer and the output are beyond the scope of the protected works. The disassembly of code that the 9th Circuit refers to is basically irrelevant to the actual copying. Furthermore, the “printouts and copies of the refined source code” that the 9th Circuit refers to are also beyond the scope of copyright protection. This code, in fact, could theoretically be completely different from Sega’s original source code, as it is merely generated from the instructions that the computer generates. If we are to respect the idea/expression distinction, and Sega has not patented any part of their BIOS, we must accept that the copying is, in fact, supported under section 117.

A crucial distinction in this case which has not been clear from class discussion is that the copyright complaint refers basically only to the intermediate copying involved in the reverse-engineering, while the complaint with respect to the TMSS code is a trade-mark based complaint. Thus, the copyright law really only refers to the copying involved in executing the program. Thus, as articulated above, if we are to respect the idea/expression distinction that defines modern copyright law, we must accept that this copying is supported under section 117.

A consistent topic of discussion in class recently has been to ask rhetorically whether members of the recording industry ‘missed the boat’ on online file sharing, and further, whether they should accept this. This week, I take up this topic from both a practical and a normative standpoint. The questions, respectively, center on the feasibility of any such scheme and on whether or not members are socially obligated in any way to embrace the new technology.

Members of the recording industry have, in fact, begun to enter the market for digital music distribution. Record companies will routinely distribute select tracks for free on the Internet to build enthusiasm for upcoming albums. Services like Apple’s iTunes and the new Napster have gone further and represent an active attempt to sell music on the Internet. These services, however, are dwarfed by the volume of illegal music on the Internet and have achieved at best, marginal penetration in terms of users. This suggests a pessimistic view of the feasibility of the recording industry entering the online music market. The problem is, of course, that the recording industry, as a business, has effectively no real ability to compete. Irrespective of the pricing or quality of their online product, it seems unlikely that a significant percentage of users will buy electronic music when they can pirate it completely free. In fact, this approach further reduces the advantage that many users will still purchase music for the physical disc, the album insert and the aesthetic of the product. In the electronic world, the recording industry will offer a product that is basically indistinguishable from the freely available illegal one. Without legal regulation, therefore, the recording industry’s ability to compete seems hopeless.

The other side of the practical argument, however, is that services like iTunes eliminate one of the major complaints of many consumers: the bundling of music by album. By allowing users to buy only the songs they want at a relatively low cost per song, the recording industry might be able to win back some of the consumers they’ve previously alienated. Thus, while the recording industry’s entry into the electronic market may do little to reduce illegal file sharing, it could nonetheless increase the total sales. My opinion is that if the recording industry can continue to grow their revenues in spite of illegal file sharing, they should do so and be satisfied with this because it seems nearly impossible to completely eliminate illegal file sharing. The question at stake is whether the ultimate goal for members of the recording industry should be to wipe out illegal file sharing or to increase their revenues irrespective of circumstances.

The normative question, I believe, has a more obvious answer. While it is debatable whether or not the recording industry could have been more successful by having entered the digital music market earlier or differently, it seems indisputable that this choice was their prerogative. Members of the recording industry, for better or for worse, own the copyrights to most of the works being infringed upon. If they believe that their business interests are better suited by staying out of the electronic market, they are entitled to this view. Most importantly, the legal status of the agents involved in illegal file sharing on the Internet is a question which should be completely independent of the hypothetical question about whether the recording industry should have been more aggressive in entering the online market. Normatively speaking, suggesting that the recording industry should have entered the digital music market is in no reasonable way a response to their present complaints.