:Information Law and Policy Spring 10

I found this article interesting, as it demonstrates a very active role taken by national politicians related to something as (seemingly) trivial as Facebook:

http://voices.washingtonpost.com/posttech/2010/04/senators_pressure_facebook_to.html

My immediate reaction to this article was “why are our Senators spending time writing letters to Facebook when they should be dealing with more important stuff, like healthcare and immigration rights, and you know, other life-or-death types of things…?”. But after thinking about it, I realized that this action was more than just a publicity stunt directed towards their constituents of the Internet generation: it gives emphasis to the fact that Facebook, while it may have started as a place to post pictures of last night’s parties and stalk your ex-high school crushes, now represents the frontier in collection and storage of (non-financial) personal information–so its policies are likely to be referenced as standards in the “Sears Holdings Management/FTC” issue or “Quon v Arch” case of the future. And after our class assignments, we all know how beneficial (or dangerous) it would be for advertisers and other third parties to be able to store personal data indefinitely. Yes, this really does “fundamentally alter the relationship between the user and social networking site,” and I am glad that it was officially recognized.

[I wonder if those four senators would have been elected to office if information they had posted on Facebook in their youth was available to be stored indefinitely by media outlets…]

Comments Off on Senators appeal to Facebook

While we’re on the subject of trade secrets and paranoia, last week, Gizmodo got its hands on a prototype of the new iPhone, allegedly left in a Redwood City bar, picked up by someone, and sold to Gizmodo for $5,000. A criminal investigation is now under way not about trade secrets, but whether or not Gizmodo’s acquisition of the phone amounts to theft. It’s like a trade secret case on steroids. CNET reports that a San Mateo judge granted California’s Rapid Enforcement Allied Computer Team (REACT) a warrant to raid Gizmodo editor Jason Chen’s house and seize “four computers and two servers.” I know this is a bit outside of the scope of this class’s readings, but the most interesting part of this will be around First Amendment protection of online journalism. According to CNET, “Any prosecution would be complicated because of the First Amendment’s guarantee of freedom of the press: the U.S. Supreme Court ruled in 2001 that confidential information leaked to a news organization could be legally broadcast, although that case did not deal with physical property and the radio station did not pay its source.”

Comments Off on Apple, Secrecy, and Paranoia

These readings came at an apt time, just as iSchoolers are no doubt poring over arcane clauses in summer job or internship contracts. Well, wonder and worry no longer about what your brief employments will mean for your moving on to bigger and better positions in 2011.

Two of the three cases on this slate dealt with what kinds of limitations can and cannot be assumed to be in effect, or explicitly imposed, by an employer in the case of an employee who later moves on to a potential or current competitor. The balance of interests were moved towards the employee, while it was made clear that employers must make explicit covenants in their employment contracts, from the outset of hiring, that set expected limits on future competitive work.

The third case dealt was the few judicial rulings to date on Free and Open Source Software (FOSS) – an area that, if the Noise list is anything to go by, is of great interest to iSchoolers.

In Wexler v. Greenberg, the Pennsylvania Supreme Court determined that, basically, an employer cannot restrict retroactively where a former employee can work and in what capacity, at least on the foundation of trade secrets.

For something (a process, a product, research, the formula for your red-and-white-logo cola) to be in legal terms a trade secret, it must meet two conditions. First, it must be private information that is financially beneficial information and that benefit depends that others do not know it also. Second, it must be demonstrable that the owner of a trade secret has made reasonable efforts to keep this information secret. (Trade secret laws can vary slightly from state to state, but they follow this general structure.)

In this case, the issue is whether Greenberg, a former employee of Wexler’s company Buckingham Wax Co. (BWC), illegally disclosed BWC’s trade secrets when he moved to a new employer, Brite Products Co. (BPC).

Greenberg served as BWC’s chief chemist starting in 1949; his duties were split between reverse engineering competitors’ products in order to develop BWC’s versions of them, and working with chemical sourcers. It’s interesting to note that from 1952 to 1956, BPC and its predecessor company bought mostly, and sometimes exclusively, from BWC, to repackage and resell BWC’s cleaning products to industrial customers, under the Brite label.

In 1957, BPC hired Greenberg away, in order to do exactly what he’d done at BWC. As a result, BPC stopped buying from BWC, but began manufacturing their own products. These were, ironically, reverse engineered versions of BWC’s products.

The initial decision by a lower court found that the formulas for BWC products were trade secrets and that Greenberg had appropriated them, in the sense that he took to BPC the knowledge he had gained in working at BWC. The court also said that this appropriation was in violation of “the duty” the Greenberg owed to that company “by virtue of his employment.”

Greenberg appealed to the PA Supreme Court. The case law it examined included Fralich v. Despar (1894), which stated that an ex-employer was protected “provided… enforceable covenant so restricting his use” of a trade secret and Pittsbugh Cut Wire Co. v. Sufrin (1944), which found similar if the ex-employee had been “bound to secrecy” by a “confidential relationship”.

However, the court stated that all aptitude, skill, ability, and the like, were “subjective knowledge”. And that an employee, or ex-employee, can use and grow these capabilities “unless curtailed through some restrictive covenant”.

As a result, the ex-employer has the burden to show first that there is a legally protectable trade secret, and that there is a “legal basis” (such as a specific covenant, or a confidentiality agreement) “upon which to predicate itself”.

But in the case of Greenberg, there was no such thing: “At no time during Greenberg’s employment with BWC did there exist between them a written or oral contract of employment or any restrictive agreement.”

The court also took up the issue of whether the fact of an employment relationship can be enough to serve as such a restrcition.

In doing so, the court had to balance protecting companies from unfair competition (when an employee absconds to another company, secrets in hand) versus the individual pursuit of meaningful work.

The PA Supreme Court decided that past law weighs toward the individual – even when a covenant exists, courts can scrutinize it for reasonableness (see Morgan’s Home Equipment v. Martucci (1957)).

The court found that there was no violation of trust or a confidential relationship, since BWC had never included any explicit restrictions in Greenberg’s contract, and that Greenberg’s work was not guided specifically by the company, nor technically “experimentation or research” but “fruit’s of Greenberg’s own skill as a chemist”. This meant that his work was not a trade secret, but his own expertise.

In the more general case, the court stated that “ownership of a trade secret… does not give the owner a monopoly on its use” but instead “merely a proprietary right” against unfair means. And the trade secret must be pre-existing.

The relevance today is, seen cynically, all the non-compete and non-disclosure clauses in the employment contracts you’re sure to see soon, if not already. More ideally, this means that it is difficult for a former employer to come after you if you take to your new job all your skills, even if you learned some of them under their employ.

Recent high-profile trade secret laws include Apple v. Does (http://www.eweek.com/c/a/Apple/Court-Hears-Final-Arguments-in-Apple-Trade-Secret-Suit/ ) and Apple v. DePlume (http://www.eweek.com/c/a/Apple/Rumor-Site-Gains-Lawyer-in-Defense-Against-Apple/). Both involved the publication of what Apple claimed were trade secrets – unreleased product info – and both illustrated features of the CA Uniform Trade Secrets Act (CA UTSA).

The case of Whyte v. Schlage was all about the concept of “inevitable disclosure” – that is, whether you will “inevitably” rely on trade secret knowledge should you take a similar position at a new employer. That is, will your new bosses at Gimbel’s learn all about the trade secrets you absorbed when at Macy’s?

The answer is no – this was the first published case in California that dealt with this issue, and the court rejected it.

Whyte was Schlage’s vice president of sales when he was presented with a “what would it take?” offer from Kwikset, another manufacturer of locks. He accepted this dream deal on 3 June… but didn’t resign his old position until 11 days later, after a big and confidential meeting with a client both companies coveted on 5 June.

Schlage felt that Whyte was taking with his certain trade secrets, such as product line information, customer and wholesale pricing, promotions, and other things such as technical information about product manufacture (which the appeals court later termed a “quintessential trade secret”). Whyte had signed a confidentiality agreement with Schlage, but he maintained that the above were “broad” categories of business information. The trial court in the initial case of Schlage suing Whyte (what we’re talking about here is the appeal) agreed that none of these were trade secrets. The Appeals Court said “some” were, but left that finding up to the later trial.

The larger issue of inevitable disclosure has its history in the Seventh Circuit Court of Appeals case PepsiCo v. Redmond (1995). There, the court said the Illinois Trade Secrets Act (based on the general UTSA) supported a district court’s injunction of William Redmond – ex-general sales manager for Pepsi – against taking a comparable position with Quaker Oats (both companies were hotly fighting over sports drinks at the time, an area Redmond worked in).

There was no doubt Redmond has knowledge of some or many of Pepsi’s trade secrets in this area – formulation, marketing strategies, and so on. The court had to manage the tussle (to coin a term) between the employee’s ability to move jobs against protection of a company’s trade secrets. In this case, both the IL court and the Circuit Court fell on the side of the inevitable disclosure doctrine: “unless Redmond possessed an uncanny ability to compartmentalize information, he would necessarily be making decisions about [Quaker’s products] by relying on his knowledge of [Pepsi’s] trade secrets”.

The Whyte V. Schlage court noticed state and federal decisions that seemed to support this, as well as noting Whyte’s “lack of forthrightness”. But in its decision, the court wrote that “decisions rejecting the inevitable disclosure doctrine correctly balance competing public policies of employee mobility and protection of trade secrets. The inevitable disclosure doctrine permits an employer to enjoin the former employee without proof of the employee’s actual or threatened use of trade secrets based upon an inference (based in turn upon circumstantial evidence) that the employee will use his or her knowledge of those trade secrets in the new employment.”

The court also noted that this “injunction restricting employment” was effectively a retroactive non-compete clause, and said that the CA Business and Professions Code Section 16600 generally prohibits non-competes.

California law also protects trade secrets, though – tussle! But the court said that Section 16600 doesn’t invalidate employers including a “don’t solicit former customers” clause in the initial employment contract; this would satisfy Section 16600 as well as protect employers who worry about unfair competition from former employees. Without this clause in a contract, inevitable disclosure doctrines rewrite the employment contract without the employee’s consent.

It’s important to keep in mind that there can be a slim distinction between “inevitable” and “threatened” disclosure; companies can worry about employees going off to competitors, and seek relief under the U.S. USTA.

When facing contracts, be sure to know that employers must identify and protect trade secrets from the outset when you face them. And they must, if worried, have hard evidence of misappropriation of a trade secret. They cannot act upon assumptions that you will behave badly.

An interesting take on the whole thing is at http://venturebeat.com/2006/11/16/how-to-leave-a-company-and-not-get-sued/

The Jacobsen v. Katzer case (which was settled just two months ago PDF here: http://www.trainpriority.com/court_docs/404_dismissal.pdf) addressed the issue of whether a FOSS license such as the GPL or, in this case, the Artistic License, can be enforced. That’s presenting it a bit strongly, but previous to this decision by the Appeals Court, the issue had never been pressed, and the District Court ruling, which this decision vacated and remanded, had relegated the question of the Artistic License to contract law, not copyright law. If this had stood, those putting out products under any FOSS license would have as their only tool a breach of contract claim – which would be problematic with free products.

Jacobsen was a model train enthusiast, when he wasn’t a high-energy physicist at the Lawrence Berkeley Lab. He and some collaborators concocted an open-source set of Java tools (the Java Model Railroad Interface, or JMRI) for controlling their trains. They posted the tools, and their subsequent open-source Decoder Pro application, to the Sourceforge.net web site, labeling it free under the terms of the amusingly named Artistic License (AL).

This license, like the better-known GPL and BSD licenses, allow anyone to download, copy, and use the relevant applications and code. (According to gnu.org, the AL 2.0 is compatible with GPL through its licensing options.) Downloaders can even modify the code and reuse it for their own purposes and/or products. What the AL states is that this use of the copyrighted material is allowed as long as the user is sure to “duplicate all of the original copyright notices and associated disclaimers” (Section 1).

In addition, Section 3 makes specific requirements, and is worth quoting in full:

“3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following:
a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as uunet.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package.
b) use the modified Package only within your corporation or organization.
c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version.
d) make other distribution arrangements with the Copyright Holder.”

In 2005, Jacobsen received a set of notices and bills for licensing fees from Katzer (who owns KAMIND Associates, doing business as KAM Industries). Katzer claimed that code in JMRI infringed on a patent owned by KAM, which produced and marketed a commercial model train product called Decoder Commander. The bill was for $203,000.

Jacobsen originally filed the first suit in this saga, claiming in response that the patent was fraudulently obtained – and therefore, invalid. The source of the fraud was that Katzer’s product copied some JMRI and Decoder Pro files and used them without complying with the terms of the AL. He requested a preliminary injunction against KAM.

His claims were not that Decoder Commander contained the files. This was allowed under the AL. The problem was the violation of explicit terms of the AL; the Decoder Commander software did not include the original authors’ names; the JMRI copyright notices; and references to a COPYING file, as required by the JMRI copyright notices; the identification of Sourceforge or JMRI as the original source of the code; and a description of the changes made to the original files.

Katzer, in turn, stated that the files in question did not show sufficient originality (a topic we discussed earlier this semester) for copyright protection, since they consisted of variables JMRI members transcribed from model train reference materials. But JMRI team members demonstrated to the court that the process of selecting, arranging, and so on, of these variables met the “low threshold” required for originality.

However, though the question of copyright and ownership was settled, the District Court decided that the AL was “intentionally broad” and non-exclusive. In general, a copyright owner waives the right to sue for infringement if using a non-exclusive licence; a license needs to be “limited in scope”. As a result, the court said, the AL didn’t create liability for copyright infringement. Therefore, the court denied Jacobsen’s request for a preliminary injunction, stating that the question was one of breach of contract, not copyright infringement.

(A note on these injunctions: They are very strong once in place, and are reversible only if shown that they have a probability of success on their merits and that there is a possibility of irreparable harm, OR there is a serious question of merit where hardships are more on the moving party.)

However, the Appeals Court saw it differently. It called the “heart of the argument” whether the terms of the AL are conditions of the copyright license agreement, or “merely covenants to” it, at the District Court said. I admit to some confusion over the precise legal definition of “covenant” in this context, but the upshot is that if the AL consisted of those only, it would be relegated to contract law; if the terms can be called “conditions” instead, these are the bases for copyright claims.

The Appeals Court noticed that the AL actually used the terms “condition” a number of times when defining its terms. In addition to this textual analysis, the court said that these “conditions are vital to enable the copyright holder to retain the ability to benefit from the work of downstream users” – that is, for Jacobsen to see how people have “joined in” and built upon, fixed bugs in, or otherwise contributed to his original work.

A phrase from the decision that should be noted by all potential FOSS developers: “These restrictions [in the AL] were both clear and necessary to accomplish the objectives of the open source licensing collaboration, including economic benefit.” That is, both free (as in beer) and free (for-profit but open) projects can enforce terms of a non-exclusive contract like the AL or GPL or BSD, and under copyright law – including seeking preliminary injunctions against those who violate these terms.

Comments Off on Copyrights and Patents and Trade Secrets and Non-Competes

I remember reading a TechCrunch article around the start of the year, which talked about how the EFF defended three anti H1-B websites that were taken down due to defamatory messages against Apex Technology Group, an IT staffing and consulting services firm. [For those not in the know, an H1-B visa enables foreign nationals to work full-time in American corporations] Here’s a link to the article: http://tcrn.ch/cUsg3T

There was some shocking language on display, and as the article demonstrates, it was decidedly racist, and promoted hatred. Why, one of the posts was an open threat: the author said he would “stop blogging” if a senior official in an Indian IT firm was killed. Armed with some (basic) legal knowledge, I decided to visit the EFF blog post to understand their stand better.

The core of their argument is this: should an entire website be taken down due a few defamatory messages? The First Amendment should apply, unless there is a “clear and present danger or a serious and imminent threat to a protected competing interest”, or less restrictive measures are not available. Aren’t these serious threats though? Or do they suggest that these exceptions don’t apply in case of foreign nationals?

A reference is also made to section 230, arguing that websites should be protected from claims against them due to information published by another “information content provider”. However, I am not convinced that propaganda websites in this example can be classified as an “access software provider”,  since they are essentially a forum for hate speech. Which also raises the question – when does free speech cross over to the dark side, and exhibit the properties of hate speech?

It seems as though EFF’s concern was based not so much on the actual content of the posts, but the fact that the entire website was taken down. The usual precedent was just taking down the questionable content from the website. However, the author of the EFF page (which can be found here: http://bit.ly/5S76b6) admitted that he hadn’t even read the disputed content.

Our readings for the Freedom of Expression lecture seemed to touch the issue, but none of them examined it in detail. The proceedings of the ACLU v. Mukasey case pointed to how content being objectionable was relative. Berman & Weitzner suggest that interactive media meant a lesser need for regulation – but doesn’t user controlled content introduce a bias of its own? The UN Joint Declaration asks us to differentiate between incitement and glorification of terrorism. If we adhere strictly to the definition of incitement here, we can find some justification for the NJ court’s ruling against the websites. However, the distinction may not always be that clear. The line between simply expressing one’s views and encouraging hatred is blurred, and the emergence of interactive media only means such occurrences would be more commonplace.

Comments Off on When does the oppressed become the oppressor?

Many of our discussions this semester have dealt with concerns over intellectual property in the digital world, and the ability of legal or technological mechanisms to protect the interests of all relevant parties. A comment made in class regarding frivolous copyright claims recently inspired me to attempt to find real data on how Internet piracy or copyright violation in total has affected the entertainment industry.

Given the amount of public attention that this issue raises, I was surprised (or maybe I wasn’t…) to find that real data on the true impacts of Internet copyright violation and IP piracy just doesn’t exist. There seem to be some vague estimates of how much or how little Internet piracy has affected the music and movie industries based on narrowly sampled surveys, but I could not find any real data from sources that I could really believe to be completely unbiased. During my search I was eventually referenced to a report entitled “Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods” that was recently released by the US GAO (http://www.gao.gov/new.items/d10423.pdf). This report identifies a handful of studies that attempted to quantify the pervasiveness of Internet piracy and the true economic impacts of this behavior. But ultimately the authors do not seem convinced of any undeniable proof that illegal downloading was directly causing the observed drop in music sales; they simply find that more data is necessary.

I think that this brings up an idea that transcends many of the issues that we have talked about throughout the semester:  how are we supposed to create purposeful and fair laws about digital information if we do not even have a clear idea of the problems we are trying to resolve? Wouldn’t misinformed or misdirected legislations restricting the free flow of information online be even more dangerous than the lack of legislation that we currently have?

The availability of hard data would no doubt help all sides involved in technological information issues. Consider again the case of Internet piracy: if the entertainment industry knew exactly how many illegal downloads were replacing sales and how many were representing distribution that would not otherwise exist, it could adjust its business models appropriately. But without at least some kind of dependable picture of their new consumer base, we cannot expect them to do anything other than fight it in court—and hence necessitating the creation of uninformed and dangerously broad legislation or legal precedent on the issue.

Many of us hold the technical training necessary to seek technological resolutions to many of today’s problems with digital information rights and security. But it seems that no matter what we come up with in terms of DRM or other forms of digital protection, consumers with a newfound appetite for free digitized entertainment will eventually find a way to overcome our barriers. So what if we shift just a bit of our efforts towards designing permanent and reliable technological means to simply acquire a full picture of the problem at hand? Wouldn’t this do more to solve the problem in the long term?

I did not spend much time searching for technical means of tracking digital copying/piracy, but if anyone knows of promising techniques (or previously failed efforts) to collect true evidence of the extent of piracy or digital security breaches, I would be interested in learning about them.

Comments Off on Collecting Data on Digital IP Issues

Google continues to make new friends, especially in Europe: the firm is catching heat while setting up its StreetView service in Germany.  Not for the conspicuous privacy concerns, but a slightly more surreptitious one: its StreetView vans, those modern-day equivalents of the ice-cream truck, apparently have been logging wireless networks and the MAC addresses of devices attached to them.  It’s basically WAR driving with corporate imprimatur.

Equally surprising is Google’s increasing tone-deafness about these sorts of privacy violations, especially in countries outside of the U.S.  It certainly adds grist for the mill in privacy cases like the recent one in Italy that resulted in criminal convictions for top Google executives.

The Germans’ response?  I think the phrase “data octopus” speaks for itself.

http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/

Comments Off on Google Street View logs WiFi networks, Mac addresses

Saw this article and thought it was timely addition to our discussion on defamation. Apparently, a man bought a clock on eBay and received it as a broken mess with parts that didn’t seem to fit together, so he gave the seller a bad review. Now the seller filed a $15,000 defamation lawsuit because of the bad review.  It seems like an outrageous claim but are online customer reviews no longer a safe area to give honest feedback? If this case actually wins, are customers going to have to be afraid that Sears is going to sue them if they don’t like their merchandise or service and they publish their opinions online?

http://www.orlandosentinel.com/news/local/os-man-sued-over-ebay-review-20100411,0,4827887.story

Comments Off on Florida Man Sued Over Negative eBay Review

Did any of you ever get a message from Tagged.com?

I’ve deleted them all, but they went along the lines of: “your technologically un-savvy friend has given us her email password and we’ve helpfully spammed everyone in her address book with a message that she’s left a very personal message for you and that you should sign up at our site to find out what she said. And while you’re at it, please give us your email password as well so that we can continue this behavior with everyone in your address book as well?

Due to this behavior, tagged.com now claims that they’re the 3rd largest social networking site in the US and worth $700 million.

Recently, several states have gone after them for deceptive business practices regarding this email spamming. New York and Texas went after the site last year, and San Francisco got in the fun as well – last week it was announced that tagged.com has agreed to a $650,000 settlement and will change their current practices. Well, they’ll still ask for your email password to send out spam, but they’ll be much more upfront about it! I guess it’s a start…

http://www.contracostatimes.com/news/ci_14874240

Comments Off on Tagged.com

By George Hayes, Ayush Khanna and Niranjan Krishnamurthi

Our readings describe two very different approaches to cyber crime. In the US v. Drew case, the implications of one being convicted for violating ToS was lost in the perceived connection between the crime that Drew was charged with and what actually transpired. On the other hand in the Universal Studios v. Reimerdes case, there is conflict between the Constitutional right of Free Speech and Fair Use and the use or distribution of tools to circumvent copyright protection. Lastly we briefly discuss the connections, exceptions and implications of current cyber crime law.

In United States of America v. Lori Drew the core issue of the case was whether or not violating the Terms of Service of a site like MySpace constitutes “fraud” under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. When this story broke in 2007 a clear narrative was described by the media, that in a way obscured the true importance of what was being tried. The public was presented with a disturbing story of an older woman, and neighbor of 13 year old Megan Meier, overseeing the creation of a false online identity that was used to deceive Meir. This online identity, “Josh Evans”, used multiple online services such as AOL Instant Messanger and MySpace to befriend Meirs, find out what whether she spread rumors about Drew’s daughter and then to end their friendship in a potentially hurtful way. This narrative is typified by Suburban Journals, a local news organization serving the greater St. Louis, Missouri area, which wrote an article about this story from a the very personal view point of the Meier’s family and received an outpouring of response from their community. Articles such as this create an incredibly biased view of the story, getting into details of Megan Meier’s struggle with depression, weight and friendship and how her relationship with “Josh Evans” potentially put her over the edge, causing her to commit suicide.

What Lori Drew was being charged with was not causing the death of Megan Meier, but instead with violating 18 U.S.C. § 1030 (a)(2)(c) and (c)(2)(b)(2) by violating MySpace’s terms of service by providing false information and then using this to intentionally inflict emotional distress upon a user. She violated the Terms of Service by providing a fake name, using this fake name to obtain information about a juvenile, and then by using the information they found to “torment” the juvenile. Drew was being charged with criminal charges but the implications of her being found guilty would have been far more significant than that of potentially reducing cyber bullying. As Judge Wu addresses on pages 29-30 of his opinion granting Drew’s motion for an acquittal, Megan Meier herself was also in violation of MySpace’s Terms of Service and therefore violating the same laws which Lori Drew was being convicted of. Judge Wu also describes the many ways in which people could potentially violate MySpace’s Terms of Service and questions where they could be considered criminals.

What would it mean to be able to be charged criminally once you broke a Terms of Service agreement on websites such as MySpace, and more importantly would it be possible to regulate and enforce these rules if they were criminal? It’s easy to see what Lori Drew did was morally reprehensible, the jury foreman in her initial trial Valentina Kunasz told Wired Magazine on December 1st, 2008, “Trust me, I was so for this woman going away for 20 years. However, on the harsher felony charge, it was very hard to find her guilty on the specific [evidence] given to us.”. Though what Lori Drew may have seemed wrong, it is in our collective best interests not to be considered criminals for breaking Terms of Service and for companies like MySpace to be able to determine what it is we can and cannot do online.

The DMCA came into place in the United States as this country’s implementation of the World Intellectual Property Organization (WIPO) Copyright Treaty, but, as mentioned in here at chillingeffects.org, this implementation is “in a much stricter fashion than required, giving copyright owners broader protection than was intended in the international treaty.”

In the second case that we look at, Universal City Studios, Inc. v. Reimerdes, the defendant, Eric Corley, posted on 2600.com, a description, source code, object code and links to other sites where people could download the program DeCSS. Using the DMCA Section 1201, Universal Studios obtained injunctions to have the defendant remove any ability for people to access the said program.

From the case, we realize that one can be in violation of the DMCA Section 1201 if one provides access or traffics in copyright protection circumvention tools. This may not be a concern for the majority of people who do not produce, distribute or provide access to such tools. On the other hand, the average person should be concerned about the use of these tools, even if the end result of using them does not infringe on the rights of the copyright holder, as the DMCA Section 1201 makes circumvention prohibitions distinct from copyright infringement. Say, for example, you wanted to use DeCSS to make copies of legitimately purchased DVDs for your own personal use. Would you be violating the law for having the copies for your personal use? Most probably not, as this falls under the traditional concept of fair use. Unfortunately, you would be violating the law for using DeCSS. So, in reality, its ok to make copies of your DVDs for personal use but not ok to use a tool that facilitates you in doing so, unless it so happens that the tool falls under the exception of the DMCA Section 1201 (a)(1)(C).

Taking things a step further, even if the Librarian of Congress, under the DMCA Section 1201 (a)(1)(C), allows for the use of such circumvention tools, nothing is set in place in the DMCA to protect the development or distribution of such tools. An example of this is the use of the DMCA by cellphone service providers to sue people who purchased or unlocked their cellphones until an exemption was won. However as mentioned in Wired Magazine, “The problem is that the exemption protects unlockers, but it doesn’t apply to those entities that distribute unlocking tools or provide unlocking services to others. Even when the Copyright Office grants exemptions for non-infringing or fair uses, customers usually still suffer because in most cases, including unlocking, only the small number of persons who have the technical know-how to circumvent can do so.”

Copyright holders are entitled to enjoy the exclusive rights to distribute their protected materials for economic gain but enforcement of the DMCA can have negative impact on the fair use of access control measures. In his ruling on Universal City Studios, Inc. v. Reimerdes, District Judge Lewis A. Kaplan addresses this conflict by stating “.. they (the defendants) have raised a legitimate concern about the possible impact on traditional fair use of access control measures in the digital era. Each side is entitled to its views. In our society, however, clashes of competing interests like this are resolved by Congress. For now, at least, Congress has resolved this clash in the DMCA and in plaintiffs’ favor. Given the peculiar characteristics of computer programs for circumventing encryption and other access control measures, the DMCA as applied to posting and linking here does not contravene the First Amendment.”

One of the biggest concerns we see going forward, is how well equipped these laws are to understand an increasingly open, participative web. Let’s take this example, for instance: “Script Kiddies” started unlocking iPhones to enable use on other telephone networks. Of course, AT&T chose to sue these people. Their rationale? The DMCA’s anti-circumvention clause prevents you from circumventing locks in place in order to gain access to copyrighted works. The intended use, however, was limited to protecting copyrighted works of music and movie artists. Eventually, the hackers won: an exception was granted in case the purpose was “lawfully connecting to a wireless telecomunication network”. It can also be argued that, the US v. Drew case was significant here: the Apple/AT&T ToS violation would otherwise have been the plaintiff’s next course of action. There is a catch here though: what about people who sell/distribute this software? It could be said that their “purpose” is entirely different: profit. Where does the law stand on that? There is no convincing answer.

Another interesting scenario arises from the Boardfirst v. Southwest case mentioned in the US v. Drew opinion. Boardfirst was allowing Southwest passengers to check in to particular seats of their choice, for commercial gain. The court ruled against Boardfirst on count of violation of Southwest’s Terms of Service, which stated that the data on their site could not be used for commercial gain. What are the implications of this decision in today’s scenario? We have an plethora of social media tools, each with their own utilities. There is also a fair degree of overlap – You Tweet your Foursquare update via your Facebook account. Can a user be held liable for inadvertently violating the Terms of Service in this maze? The problem is only worsened when we consider how often these ToS evolve. Another parallel from the Boardfirst case: the Southwest flight information was essentially public data, just like much social network data. Can access to such information be “unauthorized”? The broadness – and resulting vagueness of the CFAA was the focal point of the discussion of the US v. Drew case, and this will perhaps be indicative of further tensions between what a user does online and what is considered a crime.

Comments Off on Cyber Bullies & Script Kiddies – Crime 2.0

Last week’s issue of Time Magazine (yes, I read the paper copy) ran an article about a relatively new smartphone application called TigerText which allows the sender to specify an amount of time (between one and five minutes) after which the message is erased from the sender’s phone, the receiver’s phone, and supposedly all servers in between, according to the company.  Time writes that the app is named for Tiger Woods (zing!), and would have also been oh so helpful for our poor Mr. Quan whom we read about this week.

This app made me wonder if the paradigm for law enforcement by collecting text message evidence might now be forced to change to something similar to phone tapping, including getting a “super warrant” first.  Does anyone know if it’s even possible to strip text messages off servers in transit?  It seems like it might be tricky given the relatively arbitrary routing nature of data packets.

Comments Off on Of Texting and Tiger Woods