copyright » Digital Age Defense

Prenda Law and the CFAA

Analysis/commentary, Unauthorized access 1 Response »

Apr 112013

The Computer Fraud and Abuse Act is no stranger to these pages. The tragic suicide of Aaron Swartz at the beginning of the year following the relentless pursuit of the Department of Justice against him for his downloading of the JSTOR archive has galvanized a reform movement to overhaul – or at least ameliorate – some of the most troublesome provisions of the CFAA.

One such provision can be found at 18 U.S.C. § 1030(g), which creates a civil cause of action for a party claiming to be aggrieved by the purported wrongdoings described in subsection (a). While civil causes of action are generally beyond the scope of this blog, having a civil cause of action buried in a statute designed to enable criminal prosecutions can be problematic for defendants facing the latter because the civil litigation, as it explores the contours of the statute and its internal definitions, tends to leave in its wake precedent that prosecutors can later use. Which is unfortunate, because how the statute may be interpreted in a civil context – which inherently can only reflect the particular dynamics of the particular civil dispute between these particular private parties – reshapes how the statute will be interpreted in a criminal context. Especially with a law like the CFAA, whose language always tempts excessive application, these civil precedents can vastly expand the government’s prosecutorial power over people’s technology use, and easily in a way Congress never intended. One should also never presume that the outcome of a civil dispute correlates to a result that is truly fair and just; miscarriages of justice happen all the time, often simply because it is often so difficult and expensive to properly defend against a lawsuit, especially one asserting a claim from such an imprecisely-drafted and overly broad statute like the CFAA.

The reality is that plaintiffs often abuse the judicial process to bully defendants, and that brings us to the second subject of this post, Prenda Law, which is currently being exposed, judicially and publicly as one of the biggest bullies on the block. But why should we care here? Because although Prenda has most notoriously exploited the Copyright Act for its legal attacks, it has also showed itself ready, willing, and able to abuse the easily-abusable CFAA in order to enrich itself as well. Continue reading »

Copyright history reading list

Analysis/commentary, Criminal IP Enforcement No Responses »

Feb 182013

It’s become clear that I will need to talk more about copyright policy in general on these pages, even if in a not-particularly-criminal-law context. As we evaluate criminalizing acts involving technology that cause “harm,” and since some of that notion of harm is predicated on our notion of copyright, it’s important that we truly understand where the concept of copyright comes from and what policy objective it is supposed to achieve. Particularly because it’s a fair question as to whether modern copyright law still achieves those objectives, or instead potentially represents its own harm. Continue reading »

BBC HTML DMCA OMG

Criminal IP Enforcement, Examples, Uncategorized No Responses »

Feb 132013

Last week the BBC contributed its thoughts to the W3C committee contemplating the Encrypted Media Extensions Proposal to the HTML standard, which would allow for more standardized video viewing across multiple platforms. After establishing its bonafides as a source of Internet video broadcasting, it got to the point. The proposal, it said, was was overall a helpful one as far as the standardization was concerned. Technological fragmentation is a problem for someone who wants to make sure their video is viewable to a wide audience. Despite that enormous benefit, however, the BBC could only support the Proposal if it incorporated a DRM standard such that the BBC could pointedly control the retail market for its programming.

It’s worth questioning whether manipulating markets ultimately enlarges them — or, instead, potentially reduces them — but that’s not a subject for these pages right now. The problem was how the BBC required the proposal to be changed in order to ostensibly enable such manipulation:

The proposed Encrypted Media Proposal looks to be a useful starting point. However, the BBC is unlikely to be able to use any such mechanism unless we feel that it is sufficiently secure that there would be the possibility of legal action in the event of bypassing it.

This is not an easy qualification: the W3C is an international body, and laws on bypassing technical protection measures vary significantly from country to country. In this instance the BBC would be looking for such a mechanism to be secure enough in the UK that it would be a “effective technical protection mechanism” under section 296zb of the Copyright, Designs and Patents Act 1988 (as modified by the Copyright and Related Rights Regulations 2003). We expect that other providers will look for similar assurances in their own territories, such as the anti-circumvention provisions in the Digital Millennium Copyright Act in the United States. (emphasis added)

To summarize, the BBC, “the world’s leading public service broadcaster,” “established by a Royal Charter” and “primarily funded by the licence fee paid by UK households” with a “mission [...] to enrich people’s lives with programmes that inform, educate and entertain,” has just lobbied an international technical standards organization charged with “lead[ing] the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web” such that it enables “involves participation, sharing knowledge, and thereby building trust on a global scale” to make its standards such that people could be imprisoned for using that very technology in a way the BBC did not like.

True, perhaps the BBC was only contemplating there being civil penalties, which is problematic as well. But both the DMCA and section 296zb of the Copyright, Designs and Patents Act 1988 allow for state criminal enforcement when people circumvent technologies designed to control access to content, regardless of how legitimate that access would be.

More like trespass than theft

Analysis/commentary, Criminal IP Enforcement, Intermediary liability No Responses »

Feb 092013

The following case, Twentieth Century Fox v. Harris, is not a criminal matter. But I want to include it here nonetheless in part because it’s important to talk about copyright policy generally, particularly given the increasing trend for it to be criminalized. And partly because, in this case, hardly two weeks after I asserted that copyright infringement analogized more to trespass than to theft, a court independently reached the same conclusion. Continue reading »

The illegality of unlocking your cell phone (and more)

Analysis/commentary, Criminal IP Enforcement, Unauthorized access No Responses »

Jan 292013

In 1998 the Digital Millennium Copyright Act amended U.S. copyright law in a few key ways. Of most relevance here is the additions it made to 17 U.S.C. §§1201 et seq., which includes the provision:

“No person shall circumvent a technological measure that effectively controls access to a work protected under this title.” §1201(a)(1)(A)

If one does, they can be liable for damages, §1203(c), or, more saliently for this blog, fines of $500,000 and/or 5 years imprisonment for the first offense and $1,000,000 and/or 10 years for subsequent ones. §1204(a).

The question here is, why?

A crime of permission

Analysis/commentary, Criminal IP Enforcement, Unauthorized access 2 Responses »

Jan 212013

The 13-count superseding indictment (now dismissed) against Aaron Swartz basically boiled down to two major complaints: he accessed a computer system, and then downloaded files, without permission to do either.

It was not completely unprecedented in the pre-digital age to penalize acts that at their essence were about doing something without permission. Trespass, for instance, can be criminally prosecuted if someone has entered another’s real property without their permission. But (per the Model Penal Code § 221.2) it is typically prosecuted as a petty misdemeanor, commensurate with the negligible resulting harm. In instances where more serious harm resulted, a harm that could be properly measured in real word dimensions, such as the deprivation or destruction of real or immovable property, then a separate crime could be charged, such as theft – one targeted to address that violent sort of outcome. But even in those cases the crime and its commensurate penalty would hinge on the resulting harm, not the underlying lack of permission (see, e.g., Model Penal Code explanatory note §§ Sections 220.1-220.3). On its own, merely doing something without permission has not been something US law has sought to punish with serious charges carrying lengthy prison sentences.

In Aaron Swartz’s case, however, while his actions, even if true as alleged, resulted in no more measureable harm than an ordinary trespass would have, he was nonetheless charged with multiple felonies.
Continue reading »

Jolt into action

Analysis/commentary, Criminal IP Enforcement, Unauthorized access No Responses »

Jan 142013

This weekend’s news about the death of Aaron Swartz is a cogent reminder of what this project is about. Aaron was a gifted contributor to the tools and values that make the Internet the extraordinary medium it is, impacting everything from the RSS standard to the Creative Commons licensing system and more. From all accounts he was on a constant quest to free humanity’s knowledge and make it accessible to anyone who wanted or needed it.

These actions challenged the status quo, however, and the status quo fought back. For those who treat knowledge as a currency that can be horded, acts to free it are seen as a threat. Unfortunately for Aaron, those people have power, and they wielded it against him. Furthermore, and most saliently for this project, it happened not through private actions, but by leveraging the power of the state to pursue and criminally prosecute him for his efforts.

Fortunately for Aaron he had competent counsel able to help defend him against the charges laid at his door. For all too many in similar positions as Aaron such counsel isn’t always available, which is a big reason why this project exists. It’s important that there be counsel ready and able to understand both the technological nature of the criminal act alleged and the nature of the crimes charged in order to properly defend them. It is very easy, as we see with this case, for a prosecutor to throw the book at a defendant for having done anything with technology outside of the norm, regardless of whether that technology use really deserves such a sanction, or even any sanction at all.

But having counsel isn’t enough. These prosecutions are backbreaking and bankrupting, and even if the defendant is ultimately acquitted the mere persecution will have already extracted a punitive toll from the defendant. In Aaron’s case he was looking at defense costs and fines in the millions of dollars, and the specter of years if not decades of imprisonment. Who among us could bear such a fate looming over them without their lives being fundamentally altered?

Thus the parallel purpose of this project is to help advocate for better legal policy, so that we don’t empower the state to punish our innovators for innovating. The disruption they spawn, though perhaps painful for incumbents who liked things as they were, are necessary in order to have a future that benefits everyone.

Quicklinks 1/7/2012

Quicklinks No Responses »

Jan 072012

Other interesting items from this past week (or so):

“Stuxnet may have up to 4 malware siblings made on the same platform,” Meghan Kelly, Venture Beat, Dec. 29, 2011.
“Teachers warned over Facebook and Twitter use,” BBC News, Jan. 1, 2012. For a contrasting view, see “Can Social Media and School Policies be ‘Friends’?” Laura Varlas, ASCD, Winter 2011.
“Facebook complicated for public officials,” Carrie Wells, Herald-Tribune, Jan. 1, 2012.
“New law requires all restaurants in Malaysian city to provide Wi-Fi,” Harrison Weber, TNW, Jan. 2, 2012. Update Jan. 8, 2012: @apisanty points out that while this law is being put into place, free, municipal WiFi is also being discontinued.
“Why politicians should never make laws about technology,” Paul Venezia, InfoWorld, Jan. 3, 2012.
“Saudi hackers claim to post personal information of 400,000 Israelis,” Sefi Krupsky and Oded Yaron, Haaretz, Jan. 3, 2012. Israel has responded with the declaration that they will respond to this as they would any enemy attack. See also Cyber Warfare and the Privacy Revolution, Neil J. Rubenking, PC World, Jan. 7, 2012. Update Jan. 8, 2012: In light of the forgoing declaration by Israel, this story about an 18 year old being arrested for using those numbers to buy things for himself seems particularly interesting.
“iPad passport scan gets man across U.S. border,” CBC News, Jan. 3, 2012.
“How Copyright Industries Con Congress,” Julian Sanchez, The Cato Institute, Jan. 3, 2012.
“Plaintiffs Win Round on Discovery of Facebook Pages,” Ben Present, The Legal Intelligencer, Jan. 4, 2012.
“Why 2012 is starting to look like 1984,” Geoff Duncan, Digital Trends, Jan. 4, 2012.
“Bangladeshi jailed for Facebook post on prime minister, and 7 other posts that got people arrested,” Elizabeth Flock, Washington Post, Jan. 4, 2012.
“Privacy Alarm at ‘Smart’ Electric Meters,” Jack Bouboushian, Courthouse News Service, Jan. 4, 2012.
“Worm steals 45,000 Facebook login credentials, infects victims’ friends,” Jon Brodkin, Ars Technica, Jan. 5, 2012.
“Proposed DNA bank could ensnare NY graffiti artists,” Dan Wiessner, Reuters, Jan. 5, 2012.
“Nicole Richie’s Cursing May Spur Top Court to Free Broadcasters,” Greg Stohr, Bloomberg News, Jan. 6, 2012.

Quicklinks 12/31/11

Quicklinks No Responses »

Dec 312011

From this past week:

All sorts of Facebook fun from this week. First, Facebook postings calling for assassination of First Family bring investigation. Huffington Post, Dec. 20, 2011. See also Associated Press, Dec. 26, 2011 (“An 18-year-old Pittsburgh man is accused of burglarizing a market with three teens, then post[ing] pictures on his Facebook page showing the suspects mugging with some of the loot.”) and “Utah woman, son rescued after Facebook post,” Associated Press, Dec. 26, 2011.
“Office of the New York City Public Advocate Hacked,” Dissent, Pogo Was Right, Dec. 24, 2011. This week also saw private intelligence firm Stratfor also hit by hackers. See “Antisec Hits Private Intel Firm; Millions of Docs Allegedly Lifted,” Quinn Norton, Wired, Dec. 26, 2011. Dissent at Pogo Was Right also wonders “What was Stratfor’s obligation to secure data and what might this breach cost them?” Dec. 26, 2011.
“Detroit police say 3 deaths tied to dating services site,” James B. Kelleher and Ian Simpson, Reuters, Dec. 26, 2011.
“Under Obama, an emerging global apparatus for drone killing,” Greg Miller, Washington Post, Dec. 27, 2011. And for more drone news on the domestic front, Local Police Employing Aerial Drones to Spy From Sky, Kenric Ward, Sunshine State News, Dec. 26, 2011.
“China’s Parallel Online Universe,” Christopher Walker & Sarah Cook, The Diplomat, Dec. 27, 2011.
“Mexico’s cartels build own national radio system,” Michael Weissenstein, Associated Press, Dec. 27, 2011.
“Apple Fined $1.2 Million in Italy Over AppleCare Warranties,” John Paczkowski, All Things D, Dec. 27, 2011. (h/t Liquid News Room)
“A privacy law must not muzzle our memories,” Jonathan Heawood, Guarding Comment is Free, Dec. 28, 2011. Worth a link because it considers balance between privacy and free speech issues.
“Red Light Camera Company Posts Car Crash Montages On YouTube,” Chris Moran, The Consumerist, Dec. 28, 2011.
“Man charged with hacking wife’s email vows to fight after case sent to trial,” L. L. Brasier, Detroit Free Press, Dec. 28, 2011.
“Republicans Shake More Hands Using Social Media,” Jennifer Preston, New York Times, Dec. 28, 2011. See also news from South Korea, “Constitutional Court OKs Twitter for election campaigns,” Kim Eun-jung, Yonhap News Agency, Dec. 29, 2011.
“Sussex Police ban mobile phone charging to save money,” BBC News, Dec. 29, 2011.
“Why we shouldn’t let Google (or anyone else) claim their private services are public spaces,” Rob Beschizza, BoingBoing, Dec. 29, 2011.
“Kid privacy rules tricky to update but necessary,” James Temple, SFGate, Dec. 30, 2011.

2012 EU Digital Content Policy

Criminal IP Enforcement, Examples No Responses »

Dec 292011

This article from Paid Content describes upcoming EU policy initiatives for digital content:

The project’s primary pillar is creating a “single digital market” to boost entertainment download and streaming services across borders, including by simplifying content licensing and harmonising online payments access.

Towards that end, upcoming initiatives include:

Legislation to simplify cross-border content licensing;
“Restart[ing] a dialogue among industry stakeholders on copyright levies”;
Revision of the Directive on enforcement of intellectual property rights (IPRED) to address online piracy; and
Developing “an action plan to boost e-commerce, including by making online payments affordable and secure across borders.”

The article indicates many of these items have already been detailed by Professor Ian Hargreaves’ Review Of Intellectual Property And Growth, and the UK government has already promised implement his recommendations “in order to simplify IP law for the digital and to make economic stimulus.”

Recommended measures include creating a Digital Copyright Exchange, enabling automatic licensing of orphan works, decriminalising format-shifting and backing the EC’s cross-border licensing drive.

Older Entries