Jul 022015

It would take many, many blog posts to fully articulate all the ways that modern copyright law threatens innovation. But one notable way is through Section 1201 of the copyright statute.

As discussed previously, Section 1201 is ostensibly supposed to minimize copyright infringement by making it its own offense to bypass the technical protective measures (TPMs) controlling access to a particular copy of a copyrighted work. (Sometimes these sorts of TPMs are referred to as DRM, or Digital Rights Management.) It is a fair question whether forbidding the bypass of TPMs is at all an effective approach to minimizing infringement, but it’s an even more important question to ask whether the portion of the copyright statute that forbids the bypassing of TPMs does so at the expense of other sections of the statute that specifically entitle people to make certain uses of copyrighted works.

The answer to this latter question is clearly no, and in fact Congress anticipated that it would be “no,” when it put into Section 1201 the requirement that the Copyright Office consider afresh, every three years, whether certain types of TPM bypassing should be deemed specifically permissible, notwithstanding Section 1201’s general prohibition against it. Unfortunately these triennial rulemakings are an extremely cumbersome, expensive, and ineffective way of protecting the non-infringing uses of copyrighted works the public is entitled to make. But the even bigger problem, and the one that I will focus on here, is that Section 1201’s prohibition against bypassing TPMs is increasingly standing in the way of not just non-infringing uses of copyrighted works but non-infringing uses of computing devices as a whole.
Continue reading »

Apr 112013

The Computer Fraud and Abuse Act is no stranger to these pages.  The tragic suicide of Aaron Swartz at the beginning of the year following the relentless pursuit of the Department of Justice against him for his downloading of the JSTOR archive has galvanized a reform movement to overhaul – or at least ameliorate – some of the most troublesome provisions of the CFAA.

One such provision can be found at 18 U.S.C. § 1030(g), which creates a civil cause of action for a party claiming to be aggrieved by the purported wrongdoings described in subsection (a).  While civil causes of action are generally beyond the scope of this blog, having a civil cause of action buried in a statute designed to enable criminal prosecutions can be problematic for defendants facing the latter because the civil litigation, as it explores the contours of the statute and its internal definitions, tends to leave in its wake precedent that prosecutors can later use.  Which is unfortunate, because how the statute may be interpreted in a civil context — which inherently can only reflect the particular dynamics of the particular civil dispute between these particular private parties — reshapes how the statute will be interpreted in a criminal context.  Especially with a law like the CFAA, whose language always tempts excessive application, these civil precedents can vastly expand the government’s prosecutorial power over people’s technology use, and easily in a way Congress never intended.  One should also never presume that the outcome of a civil dispute correlates to a result that is truly fair and just; miscarriages of justice happen all the time, often simply because it is often so difficult and expensive to properly defend against a lawsuit, especially one asserting a claim from such an imprecisely-drafted and overly broad statute like the CFAA.

The reality is that plaintiffs often abuse the judicial process to bully defendants, and that brings us to the second subject of this post, Prenda Law, which is currently being exposed, judicially and publicly  as one of the biggest bullies on the block.  But why should we care here?  Because although Prenda has most notoriously exploited the Copyright Act for its legal attacks, it has also showed itself ready, willing, and able to abuse the easily-abusable CFAA in order to enrich itself as well. Continue reading »

Feb 202013

At an event on CFAA reform last night I heard Brewster Kahle say what to my ears sounded like, “Law that follows technology tends to be ok. Law that tries to lead it is not.”

His comment came after an earlier tweet I’d made:

I think we need a per se rule that any law governing technology that was enacted more than 10 years ago is inherently invalid.

In posting that tweet I was thinking about two horrible laws in particular, the Computer Fraud and Abuse Act (CFAA) and the Electronic Communications Privacy Act (ECPA). The former attempts to forbid “hacking,” and the second ostensibly tried to update 1968’s Wiretap Act to cover information technology. In both instances the laws as drafted generally incorporated the attitude that technology as understood then would be the technology the world would have forever hence, a prediction that has obviously been false. But we are nonetheless left with laws like these on the books, laws that hobble further innovation by how they’ve enshrined in our legal code what is right and wrong when it comes to our computer code, as we understood it in 1986, regardless of whether, if considered afresh and applied to today’s technology, we would still think so.

To my tweet a friend did challenge me, however, “What about Section 230? (47 U.S.C. § 230).” This is a law from 1996, and he has a point. Section 230 is a piece of legislation that largely immunizes Internet service providers for liability in content posted on their systems by their users – and let’s face it: the very operational essence of the Internet is all about people posting content on other people’s systems. However, unlike the CFAA and ECPA, Section 230 has enabled technology to flourish, mostly by purposefully getting the law itself out of the way of the technology.

The above are just a few examples of some laws that have either served technology well – or served to hamper it. There are certainly more, and some laws might ultimately do a bit of both. But the general point is sound: law that is too specific is often too stifling. Innovation needs to be able to happen however it needs to, without undue hindrance caused by legislators who could not even begin to imagine what that innovation might look like so many years before. After all, if they could imagine it then, it would not be so innovative now.

Jan 212013

The 13-count superseding indictment (now dismissed) against Aaron Swartz basically boiled down to two major complaints: he accessed a computer system, and then downloaded files, without permission to do either.

It was not completely unprecedented in the pre-digital age to penalize acts that at their essence were about doing something without permission. Trespass, for instance, can be criminally prosecuted if someone has entered another’s real property without their permission. But (per the Model Penal Code § 221.2) it is typically prosecuted as a petty misdemeanor, commensurate with the negligible resulting harm. In instances where more serious harm resulted, a harm that could be properly measured in real word dimensions, such as the deprivation or destruction of real or immovable property, then a separate crime could be charged, such as theft – one targeted to address that violent sort of outcome. But even in those cases the crime and its commensurate penalty would hinge on the resulting harm, not the underlying lack of permission (see, e.g., Model Penal Code explanatory note §§ Sections 220.1-220.3). On its own, merely doing something without permission has not been something US law has sought to punish with serious charges carrying lengthy prison sentences.

In Aaron Swartz’s case, however, while his actions, even if true as alleged, resulted in no more measureable harm than an ordinary trespass would have, he was nonetheless charged with multiple felonies.
Continue reading »

Jan 142013

This weekend’s news about the death of Aaron Swartz is a cogent reminder of what this project is about. Aaron was a gifted contributor to the tools and values that make the Internet the extraordinary medium it is, impacting everything from the RSS standard to the Creative Commons licensing system and more. From all accounts he was on a constant quest to free humanity’s knowledge and make it accessible to anyone who wanted or needed it.

These actions challenged the status quo, however, and the status quo fought back. For those who treat knowledge as a currency that can be horded, acts to free it are seen as a threat. Unfortunately for Aaron, those people have power, and they wielded it against him. Furthermore, and most saliently for this project, it happened not through private actions, but by leveraging the power of the state to pursue and criminally prosecute him for his efforts.

Fortunately for Aaron he had competent counsel able to help defend him against the charges laid at his door. For all too many in similar positions as Aaron such counsel isn’t always available, which is a big reason why this project exists. It’s important that there be counsel ready and able to understand both the technological nature of the criminal act alleged and the nature of the crimes charged in order to properly defend them. It is very easy, as we see with this case, for a prosecutor to throw the book at a defendant for having done anything with technology outside of the norm, regardless of whether that technology use really deserves such a sanction, or even any sanction at all.

But having counsel isn’t enough. These prosecutions are backbreaking and bankrupting, and even if the defendant is ultimately acquitted the mere persecution will have already extracted a punitive toll from the defendant. In Aaron’s case he was looking at defense costs and fines in the millions of dollars, and the specter of years if not decades of imprisonment. Who among us could bear such a fate looming over them without their lives being fundamentally altered?

Thus the parallel purpose of this project is to help advocate for better legal policy, so that we don’t empower the state to punish our innovators for innovating. The disruption they spawn, though perhaps painful for incumbents who liked things as they were, are necessary in order to have a future that benefits everyone.

US v. Nosal background

 Examples, Unauthorized access  Comments Off on US v. Nosal background
Dec 102011

A key case involving the Computer Fraud and Abuse Act will be heard by an en banc panel of the Ninth Circuit Court of Appeals on Thursday.  More will inevitably said about this case, this law, and the underlying policy to define, deter, and punish “hacking,” but for the moment, this article provides a good summary of the salient issues from the upcoming hearing: “When Computer Misuse Becomes a Crime,” Ginny LaRoe, The Recorder, Dec. 9, 2011. (h/t @Dissent)