The privacy geeks out there are all very familiar with the famous Supreme Court case California vs. Greenwood, which established the point that, once you've put stuff out for garbage collection, you have relinquished it as your own personal property. But that case focused on the 4th Amendment issues of things like warrants. In theory, there could still be laws unrelated to the issue in the Greenwood case concerning who can and cannot take the garbage you've set out. And apparently, New York City has just such a law, making it illegal to take appliances or air conditioners. There may be many reasons for this (safety, for one), but it seems like a pretty ridiculous law to try to enforce, either way. However, apparently in NYC, they actually pay people to sit and watch appliances that people have thrown out.
That's what led to a woman and her son getting charged with a $4,000 fine for picking up a discarded air conditioner. The Consumerist lets us know that, thankfully, a judge has tossed this fine. There are so many ridiculous angles to this case, even if you believe the law is reasonable. First, two people were fined. The guy who picked up the air conditioning unit... and his aunt, who owned the car, but was not in it at the time. That seems pretty questionable as well. It's a bad application of liability. Just because the nephew put the AC unit in the car, why should the aunt be subject to the fine?
The bigger issue, though, is the fact that NYC, which is having financial problems, actually pays people to watch appliances that people are throwing out. The original Daily News article includes a great quote from the nephew:
"Our city is going bankrupt and we are using our tax dollars to pay these guys to stare at appliances all day," he said. "How do I get a job like that?"
All along defenders of ACTA have insisted that it will not change US copyright law. In fact, the argue that, since it's an executive agreement and not a treaty, it cannot change US copyright law. However, the devil is always in the details, and the details are not good. Earlier this year, we noted that the real problems were not in what was included in ACTA, but what was left out. That is, ACTA technically includes stuff that is (mostly) already in copyright law... but leaves out all sorts of exceptions and consumer protections. On top of that, some of what it seeks to do is to "lock in" areas of copyright law that are still very much in flux -- such as aspects like "inducement" that have only recently been determined by case law, but have not been discussed or reviewed in Congress itself. ACTA would prevent such changes, because if Congress later decides -- for example -- that it did not intend for there to be an "inducement" standard for copyright infringement (as the courts have created) it would not be able to do so because of ACTA.
With the official draft of ACTA finally released, Jonathan Band alerts us to a filing (which I'm guessing he played a large role in drafting) from the Library Copyright Alliance (along with CCIA, CEA, NetCoalition, EFF, Public Knowledge and a few other groups) that carefully and with great detail highlights the many serious problems with the released ACTA draft, detailing how it is not, in fact, in line with US copyright law, and how at different points it seeks to lock in areas of the law that are still very much in flux. You should read the whole thing:
It notes that the "official" version leaves out what countries are supporting what -- and points out that there are certainly parts of the text that are still up for debate that clearly go against current US copyright law. However, with many of those, the letter gives the USTR the benefit of the doubt that it will not agree to those phrases that are clearly outside the scope of US copyright law. Instead, it focuses on the parts of the released text that do not appear to be in dispute or negotiation any more, but which still appear to go against current US copyright law:
These comments will focus on the language in the Consolidated Text that we
believe the U.S. government has endorsed. While the United States probably could
comply with these provisions of the Consolidated Text without amending the U.S.
Copyright Act, these provisions are inconsistent with U.S. law in several significant,
troubling respects. The common thread of these inconsistencies is that the Consolidated
Text does not reflect the balance in U.S. copyright law. This lack of balance is at odds
with the Obama Administration's policy concerning balanced international copyright
law
The biggest concern comes in the form of statutory damages. Again, the text of ACTA does not currently go beyond US copyright law, but it does tie the hands of Congress on an issue that has constantly been debated (and over which there are some ongoing lawsuits challenging the legitimacy of current statutory rates). Locking those in would be a massive problem. When you then combine that with a lack of prominent exceptions to copyright law -- such as fair use (which is in US law, but not elsewhere, and is not required by ACTA), you create a situation that could present massive liability problems to US companies operating abroad:
Although the existing statutory damages framework has a chilling effect on
innovation and follow-on creativity, its negative impact in the U.S. is somewhat
mitigated by the existence of strong exceptions such as the fair use doctrine. Other
countries, however, do not have these exceptions. And the U.S. in ACTA has not
demanded the adoption of these exceptions. In other words, the U.S. seeks the export of
our strong enforcement mechanisms but not our strong exceptions.
This asymmetric export of our laws could be particularly harmful to U.S. Internet
companies as they attempt to expand their operations overseas. For example, U.S. courts
have treated the copying of copyrighted material by search engines as permitted by fair
use. In contrast, courts in Europe have found Google and other search engines liable for
copyright infringement for engaging in similar activities. If ACTA is adopted, and
European countries enact statutory damages, the potential exposure of U.S. search
engines will increase exponentially for conduct considered lawful in the U.S. They will
be liable not just for the actual damages they cause, but the level of damages set by
statute. Under current U.S. law, if a company is held liable under a direct or secondary
liability theory for infringements by thousands of consumers, the resulting damages (up
to $150,000 multiplied by thousands of works deemed infringing) could easily bankrupt
the company. Raising the possibility of similar, ruinous damages for conduct considered
lawful in the U.S. would simply hinder U.S. businesses' ability to operate abroad.
Along those lines, the letter notes that US law contains the right to decrease statutory awards in the case of "innocent infringement." Once again, this does not show up in ACTA, so we are, yet again, exporting the draconian parts of copyright law, without any of the important strong exceptions.
The letter also highlights the attempt in ACTA to not just lock in third party liability when it comes to copyright (a concept that has been determined by case law, but not in Congress -- and, in fact, was rejected by Congress when a law creating such liability was proposed a few years ago), but also appears to redefine third party liability, by expanding the definition to cover three different things, when current US law does not do that:
There are numerous problems with these two clauses of footnote 47. First, they
suggest that inducement is a different test from contributory infringement; that is,
they imply that there are three theories for third party infringement under
copyright -- vicarious liability, inducement, and contributory infringement.
However, Grokster makes clear that inducement is not separate and distinct from
contributory infringement.
And, of course, once again, it looks like in the issue of third party liability, ACTA makes it much stronger and removes the balance found in US copyright law:
Finally, article 2.18.3 lacks the balance present in U.S. third party liability law.
Article 2.18.3 makes third party liability mandatory. In contrast, exceptions to such third
party liability are only permissive: "the application of third party liability may include
consideration of exceptions or limitations...."
Notice the pattern? This does a variety of problematic things. First, it creates serious problems abroad for all other countries that sign onto ACTA, giving them all the limitations of copyright law without the important exceptions (which, it's been shown, are more important when it comes to economic activity). Second, should the US ever adapt its own copyright law, which has been going on pretty much non-stop, it locks in the limitations, but not the exceptions. That means that US law will only be able to take away the exceptions, but not ratchet down some of the problematic aspects of copyright law. That's downright scary.
And, of course, the rationale for all of this? It's based on studies that our own government now says were bogus.
It's even worse when you realize that if the point of copyright law is to promote the progress of science and the useful arts and there's no real evidence of a causal link between any particular copyright policy and greater societal progress, then it makes no sense at all to harmonize copyright laws in lockstep. Instead, it makes sense to do the exact opposite. It makes sense to let different countries experiment with different types of copyright laws so that we can actually build real evidence for what works and what does not work. Locking in a particular set of laws across much of the developed world, without any evidence as the basis is downright scary. It's faith-based policy making, pushed almost entirely by a small group of businesses who stand to benefit. It's an incredible shame that the USTR seems totally taken in by them.
Rep. Rick Boucher released a draft internet privacy bill that's getting plenty of attention. You can read the draft on Boucher's site (pdf) or embedded below:
In Europe, internet privacy laws are pretty standard -- but in the US we've stayed away from them. The initial reaction to the bill seems to be that everyone hates it. Well, everyone who has a strong position and/or financial interest in it. Privacy groups say the bill is way too weak. Companies say it's way too restrictive. As per usual, the reality is probably somewhere in the middle. The key component of the bill is that is splits up information into two categories: "covered information" which sites will have to allow users to opt-out of collection, and "sensitive information" which sites will have to have users opt-in.
Covered information (information that sites can collect, but users will have the right to "opt-out" if they don't like it) includes:
The first name or initial and last name.
A postal address.
A telephone or fax number.
An email address.
Unique biometric data, including a fingerprint or retina scan.
A Social Security number, tax identification number, passport number, driver's license number, or any other government-issued
identification number.
A Financial account number, or credit
or debit card number, and any required security
code, access code, or password that is necessary
to permit access to an individual's financial account.
Any unique persistent identifier, such
as a customer number, unique pseudonym or
user alias, Internet Protocol address, or other
unique identifier, where such identifier is used
to collect, store, or identify information about a
specific individual or a computer, device, or
software application owned or used by a particular user or that is otherwise associated with
a particular user.
A preference profile.
Any other information that is collected, stored, used, or disclosed in connection with any covered information described in subparagraphs (A) through (I).
As for "sensitive information" (which sites will require people to opt-in to collect), you've got:
medical records, including medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
race or ethnicity;
religious beliefs;
sexual orientation;
financial records and other financial information associated with a financial account, including balances and other financial information; or
precise geolocation information.
There are also some "exemptions" for the collection of information that was for "operational purposes" or "transactional purposes." Reading through the whole thing, I have to admit I'm a bit confused as to the purpose of the bill. It seems like the "opt-in" information is the type of information that you would have to opt-in for anyway, because no website is going to be able to get that information without it. As for the opt-out information, most of that can again be handled by the user, simply through various technology offerings out there.
Perhaps I'm missing something, but this seems like the kind of bill that's designed to say "hey, look, privacy law!" but that doesn't really do anything to protect people's privacy. I could see it causing a lot of trouble for sites, though, for no good reason. For example, saying that IP address information can be "opt-out" could create a massive hassle for pretty much any site that keeps log files. Imagine the fun someone could cause by visiting sites and then demanding the site remove his or her IP address from their logs. I understand the general thinking behind this, but I just don't see it doing anything good, while I could see all sorts of unintended consequences from it.
Hmm. Last fall, we wrote about 50 Cent (Curtis Jackson's) excellent appearance on CNBC, where he said he didn't worry about file sharing because he saw it as a part of the marketing:
"the people who didn't purchase the material, they end up at the concert."
That seemed rather forward looking of him. Now, however, he seems a bit more ambivalent. Copycense points us to an interview with 50, where he at first notes that the music industry is doing fine... but then busts out the claim that they need to pass new laws to help the industry:
"I don't think the music business is dying," 50 says in the interview. "I think we're just experiencing technology and we just have to pass new laws, eventually, to change how music is being distributed. There's no lack of interest in great material, I don't see people 'not' going to the night club or enjoying themselves when the song comes on. It's just about re-developing what the music business is. It's easier to download a song that's three minutes long, probably about three or four seconds for you to download it, it's easier to steal...The technology is so new and what we're actually doing on the web that we have to develop that."
But... uh... wasn't he just saying that the file sharing acted as marketing for his other lines of business? He seems to go back and forth between recognizing this and saying that new laws are needed, even though it's not clear why. Then he claims that those new laws are coming... just as soon as Hollywood learns that movies are being shared online (apparently 50 hasn't paid attention to what's popular on the file sharing sites these days):
"And those things won't actually happen, the effective laws won't happen until it starts to damage film. When you got your blockbuster film doing $120 million in a weekend and then that blockbuster film that they spent $120 million comes out and nobody goes to see but everybody watched it because they could pull it off their computer and see it on HD at home on a theater. They'll change those laws."
Except, uh, those movies all can be downloaded, and are downloaded... and people still go to theater, just like they "still go to the night club" or to concerts, because of the social experience of going out. It's why some of the most successful movies are also the most downloaded. It's why even as it's quite easy to download a film (contrary to what he appears to believe), box office results keep hitting record highs. And, it's not like the MPAA isn't working hard to try to change those laws, but (thankfully) there doesn't seem to be enough appetite for the type of massive copyright changes the MPAA would like to see.
Michael Geist points our attention to the news that India has introduced a draft of proposed amendments to its copyright law, in an attempt to bring India's copyright laws into alignment with those ever popular "international obligations" found in various (industry dominated) treaties. There were reports late last year that the proposals were likely to be draconian, as the negotiations had mainly been between the government and the recording industry with no input from the public. However, the actual proposal (pdf) is much more of a mixed bag -- with lots of somewhat surprisingly good things included.
For example, it extends the concept of "fair dealing" to cover "private and personal use" and makes sure that anti-circumvention rules only apply when the circumvention is used to infringe on copyrights. The US anti-circumvention clause in the DMCA makes no such distinction (so even if you circumvent copy protection for a perfectly legal reason -- such as to make a personal backup -- it's still infringement just to circumvent). Also, the new proposal would allow more access to copyrighted works by "physically challenged persons." However, it appears that some feel that those provisions don't go far enough. It allows for the conversion of copyrighted works into Braille without having to pay a fee, but many visually impaired point out that it does not cover converting the works to audio formats with e-reading software or audiobooks. Some political parties are threatening to boycott the proposal if this part isn't fixed.
The part of the bill that's getting the most attention in India is that it would create an additional right for content creators, which they would hold onto, rather than having the right transferred over to the producers and record labels. In other words, it seeks to make sure that the actual content creators don't have their rights stripped from them by the industry. Not surprisingly, the record labels are up in arms about this, and find the whole thing to be terribly unfair. In their defense, it is a bit strange to set up a copyright where the rights are not transferable, even if the purpose is really to give more power to the content creators themselves.
That controversial clause does seem like a mixed bag itself. Decreasing the control the industry has over actual content creators is a good thing, but I'm not sure layering on another "right" is the way to do it. There are some other questionable aspects of the bill as well -- including (of course) extending the length of copyright, in some cases, for no good reason. It also sets up new statutory compulsory rights. While those sometimes are useful in clearing up confusion, it creates a totally arbitrary system for setting payment rates, rather than letting the market figure it out.
Overall, it sounds like this is better than many of the proposed copyright law changes out there -- and I'm sure that the entertainment industry, who had been pushing for India to put potential infringers in jail, won't like this one bit -- but it's not that great either.
If you hadn't noticed, there's been a growing moral panic around the concept of "cyberbullying", with various states passing laws against it and Congress even considering it as well. And, of course, if you read stories in the news these days, you might think that cyberbullying is happening everywhere and that It Must Be Stopped at all costs To Protect The Children.
However, as Larry Magid is pointing out, actual studies on the issue show that so-called "cyberbullying" is on the decline and most kids are good kids who are as disgusted with the concept as adults. In fact, some research suggests that all of the stories about this "cyberbullying" threat may actually make the problem worse. That's because kids are more likely to engage in the practice if they think it's common. And, even though it's not common today, all the press reports may spread the idea that it is. In the end, as Magid points out, as with other moral panics, the real solution tends to be parental education -- not misguided laws.
As mentioned, while I don't think it's safe for most people to drive while on a mobile phone, I'm a bit skeptical of laws that explicitly forbid driving while yakking. Very few of them seem actually focused on improving safety on the roads -- but they do appear to be a way for state governments to make some extra cash. In California, where the fines were not that big originally, it looks like it's about to get a lot more expensive to drive while talking with you mobile phone held up to your ear (you can still drive while yakking hands free -- despite some studies showing that can be just as dangerous). The politicians involved even admitted that this was more or less the plan all along. Get the law passed by keeping the fines really low, wait a few years, and then jack up the fees. I'm all for making the roads safer, but it's not clear that this law actually does that.
Michael Geist points us to a rather thorough review, by Margot Kaminski, of some of the more troubling aspects of the leaked ACTA draft. Kaminski highlights 24 different points, but we'll just pick out a few key ones. For example, she notes that ACTA would create an express lane for intellectual property cases in the courts, and questions: "Why should copyright take precedent over other cases and have such a fast turnaround?" There are a few concerning things about border searches. While ACTA negotiators and defenders keep insisting that ACTA won't mean border searches for individuals, the draft highlights a few things that are troubling. For example, the US, Canada and New Zealand want to change the exemption criteria for border searches from the current "small quantities of goods of a non-commercial nature" to the much lower standard of "reasonably attributable to personal use of the traveler." In other words, this does, in fact, grant more powers to customs and border patrol to search laptops and iPods and the like, if there's any indication of more information that is "reasonably attributable to personal use," -- though, that standard seems quite vague and subjective.
Then there are the big ones, such as greatly increasing the scope of what's considered criminal copyright infringement (remember, in reality, most copyright infringement is a civil offense, but copyright holders have tried desperately to turn it into a criminal offense, so the government gets to do the dirty work for them):
Expanding the definition of Criminal Copyright Infringement- THIS IS BIG: ACTA as the US wants it to read will expand the international definition of criminal copyright infringement to explicitly include Internet "piracy" done for personal benefit alone. Under TRIPS, countries must hold a person to have committed an act of criminal copyright infringement if he or she has willfully infringed on a "commercial scale", which was understood to mean involving sale to others. ACTA: 1) expands the international definition of "commercial scale" to include "private financial gain," (Australia and New Zealand request striking "private" to stick to a TRIPS understand of commercial scale) which is the standard in U.S. law, and 2) explicitly includes "significant willful infringements that have no direct or indirect motivation of financial gain" (U.S. initially, in its ACTA discussion paper, made clear that this was referring to Internet copyright infringement: "without motivation for financial gain to such an extent as prejudicially affect the copyright owner (e.g., Internet piracy).")
The downloading of copyrighted files or collection of copyright-infringing research "for private financial gain" by avoiding paying for such material may be found to meet this standard. This standard has the potential to criminalize the behavior of an enormous number of individuals, worldwide.
Along these lines, Kaminiski notes that ACTA greatly enhances and expands criminal aspects of various laws, well beyond previous agreements (i.e., this is not -- as ACTA defenders keep claiming -- just about enforcement).
And, yes, despite claims to the contrary, ACTA even goes beyond what US law currently includes. For example, in the language that seeks to export the DMCA to other countries, the US very specifically chooses language that goes beyond the DMCA -- specifically including language that covers inducement. Inducement is not found in the DMCA, though it is a part of US case law. But, of course, as part of case law, Congress could always clarify it and get rid of it. However, with it in ACTA, we'd be blocked because the industry folks would immediately start screaming about how we have to "obey our international obligations."
And the scariest part, right at the end:
Only Five states are required for ratification. So effectively, the five most powerful can rush to sign on to terms that everybody else will have to take on later.
Back when we first discussing the bits and pieces of ACTA leaks, an IP lawyer in our comments suggested that we shut up until the full document was produced, as commenting on it beforehand wouldn't do any good, and he was sure (so sure) that it wouldn't possibly include any language to expand US law. I'm curious what he thinks now.
Michael Scott points us to a very interesting analysis of how to different appeals courts have very different interpretations of our federal anti-hacking law. The Computer Fraud and Abuse Act was passed by Congress to create criminal sanctions for malicious computer hacking. The problem, of course, is that whenever you have politicians passing laws about technology, they may be a bit vague. So, the way hacking was defined was effectively to say that the perpetrator accessed info "without authorization" or (more troubling) that the activity "exceeds authorized access." Now, it's pretty obvious what's meant by this. If you're breaking into parts of a computer system where you don't belong for nefarious purposes, you're probably violating this law.
But that's not how all courts are interpreting it. The article notes that the Seventh Circuit, in International Airport Centers, LLC v. Citrin, found that an employee violated this law by deleting information on his laptop (which would have presented evidence of a breach of contract by the guy), after he had resigned. Obviously, that's a totally different situation than what the CFAA was intended to cover, but the court found that once he quit, he was no longer authorized to use the laptop, and doing so was effectively hacking. That seems like an extreme stretch of the law. But at least some other courts are following suit:
For example, in a case in the U. S. District Court for the Eastern District of Missouri, the district court relied upon the Citrin decision and held that, even if employees were authorized to access their employer's computer records, they cannot use such authorization (and, hence, their access can become "unauthorized"), if they use the information for their own interests.... The court concluded that the employer sufficiently alleged that the employees "acted without authorization when they obtained [the employer's] information for their personal use and in contravention of their fiduciary duty to their employer."
Yes, you read that right. If you use your employer's computer simply to access the company's data for your personal use, you may be guilty of computer hacking. That's quite clearly not what the law was intended to cover.
Thankfully, the Ninth Circuit (which all too often comes out with weird decisions) seems to have gotten this one right:
In declining to adopt the Seventh Circuit's interpretation of "without authorization," the court held that a "person uses a computer 'without authorization'... [only] [1] when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or [2] when the employer has rescinded to access the computer and the defendant uses the computer anyway."... The Ninth Circuit declined to hold that the "defendant's authorization to obtain information stored in a company computer is 'exceeded' if the defendant breaches a state law duty of loyalty to an employer" because no such language was found in the CFAA.... The Ninth Circuit noted that because the CFAA was "primarily a criminal statute," and because there was ambiguity as to the meaning of the phrase "without authorization," it would construe any ambiguity against the government....
Obviously, I agree that this is the proper interpretation of the law -- and stretching the definition of criminal hacking "without authorization" to things like accessing personal information on an employer's computer is dangerous. Of course, with the split rulings, it's likely that eventually this will get to the Supreme Court to sort out, and hopefully they get it right. Or, in the meantime, Congress could clarify the law -- but chances are they'd just make it worse.
We've had a series of posts debunking all of the bogus claims from supporters of ACTA and the current secrecy involved in the ACTA process -- such as how this secrecy is "normal" (no its not), how this is "just an executive agreement, not a treaty" (the difference is effectively meaningless) and how this can't change US law so there's nothing to worry about (even if it doesn't change US law directly, it can prevent fixing problems in the law, while putting pressure on legislators to change the law anyway). Well, here's another one, courtesy of the folks over at Public Knowledge.
One of the claims that's been made in defense of the "secrecy" around ACTA is that the agreement is really just about "enforcement," rather than any legal changes. While we've already questioned how true that claim really is, John Bergmayer, does a nice job explaining why we should be worried about an agreement on "enforcement" anyway: because the question of enforcement is meaningless compared to the actual procedure of enforcement. Bergmayer quotes Rep. John Dingell to make the point:
"I'll let you write the substance ... you let me write the procedure, and I'll screw you every time."
The fear here is that while ACTA might not technically change US law, it could easily change US procedures and policies on "enforcement" allowing the effective change in the law, without people even realizing it. He quotes Professor Thomas Main, saying:
"procedural reforms can have the effect of denying substantive rights without the transparency, safeguards and accountability that attend public and legislative decision-making."
And, indeed, this is what we've see in the leaked drafts of ACTA. While most (though, certainly not all) of the proposals that have been leaked don't necessarily include a direct change to US law, they often do subtly word things so that existing rights, safeguards and accountability are left out, just as Prof. Main warns. To make sure those subtle changes do not have serious impacts that let certain special interests (in the words of Rep. Dingell) "screw" the public, doesn't it make sense to reveal the contents of what's being negotiated?
