EFF celebrates its 20th anniversary with a new animation by Nina Paley. “This short cartoon,” EFF writes, “highlights some of the reasons why EFF is here.” And it's fun too.
I have the privilege to be on EFF's Advisory Board.
Lori Drew's conviction overturned: A classic case of ugly facts but even uglier legal arguments appears to have (finally) concluded with the legally correct result.
This case mattered, because the government's legal theory would have turned every violation of a private firm's terms of service into a crime. Yes, that bad.
Case dismissed against woman in MySpace hoax that led to teen's suicide
A federal judge tentatively decided today to dismiss the case against a Missouri woman who had been convicted of computer fraud stemming from an Internet hoax that prompted a teenage girl to commit suicide.
Lori Drew of Dardenne Prairie, Mo., was convicted in November of three misdemeanor counts of illegally accessing a protected computer.
The decision by U.S. District Judge George H. Wu will not become final until his written ruling is filed, probably next week. Wu said he was concerned that if Drew was found guilty of violating the terms of service in using MySpace, anyone who violated the terms could be convicted of a crime.
Congratulations to Orin Kerr, who worked pro bono for this result.
See also article at wired.com.
The 9th Circuit issued its ruling in Coalition for ICANN Transparency v. VeriSign. It begins,
This appeal is about whether the plaintiff, Coalition for ICANN Transparency, Inc., using antitrust statutes drafted in the late 19th century, has successfully stated claims in connection with the administration of the Internet domain name system, so essential to the operation of our sophisticated 21st century communications network. The district court ruled that the plaintiff failed. With the benefit of extensive briefing, collegial discussions and amicus participation on appeal from other players in the domain name system, we hold that the plaintiff has stated claims under both Sections 1 and 2 of the Sherman Act, 15 U.S.C.
Congratulations to Bret Fausett who wrote a brief that deserved to win.
I'm also pleased to note that the court relied in a small but key part on an article I co-wrote with Mark Lemley,
CFIT has essentially alleged that ICANN is a private standards-setting body akin to the NFPA. ICANN administers the DNS and is responsible for entering into agreements with registry operators like VeriSign. According to the complaint, ICANN’s mission includes a commitment to promoting competition for the contracts. CFIT’s allegations further state that ICANN, like the NFPA, is a private body with no public accountability. These allegations are consistent with the view held by commentators on the subject, who have, indeed, identified Allied Tube as providing the strongest argument in favor of imposing antitrust liability on those who seek to coerce ICANN. See Michael Froomkin & Mark A. Lemley, ICANN and Antitrust, 1 U. Ill. L. Rev. 1, 72-73 (2003) (noting that “given ICANN’s private status, VeriSign will face antitrust liability for persuading a private company in a position of power to grant it control over a market,” and naming Allied Tube as the “closest analogue”). We hold, therefore, that pursuant to The Supreme Court’s holding in Allied Tube, CFIT has adequately alleged that VeriSign’s improper coercion of ICANN and attempts to control ICANN’s operations in its own favor violated Section 2.
From the skimpy facts this sounds like (1) some Twitter user posted something pretending to be Tony La Russa; (2) Tony La Russa sued Twitter; (3) Section 230 of the CDA will block the defamation (but not the IP) claims. That said, it's a little hard to imagine how a trademark claim would work here — where's the likelihood of confusion? — but again without seeing the offending text it's hard to say much. For example, it might be a suit against Twitter and John Doe, in order to get Doe's identity, and the TM claim is there to avoid jurisdictional issues.
La Russa sues Twitter over false page: Cards manager says reputation damaged by fake 'Tweets'
Cardinals manager Tony La Russa filed suit against the social networking internet site Twitter.com last month, claiming that a page on the site that falsely used his name caused him to suffer “significant emotional distress [and] damage to reputation,” the St. Louis Post-Dispatch reported Thursday.
La Russa is suing for trademark infringement, trademark dilution and misappropriation of name and likeness.
The website removed the false page shortly after the lawsuit was filed, the paper reported, and La Russa said Wednesday he thought the “issue was done.” He declined to elaborate.
The lawsuit includes a screenshot of the page and several “Tweets” associated with La Russa's name, two of which include distasteful references to Darryl Kile and Josh Hancock, Cardinals pitchers who died in 2002 and 2007.
If this is a John Doe case, does that make it the first against Twitter? Will the court apply the Dendrite test? I think it should.
I've posted a second entry to the Concurring Opinions symposium, What is To Be Done?”.
I doubt it will be as controversial as my first entry, but we'll see.
Today through Thursday I'm participating in an online symposium at Concurring Opinions in which a whole list of us have been asked to comment on Danielle Citron's article Cyber Civil Rights.
There are already a large number of interesting contributions there, and I've just added mine: CCR Symposium: The Right to Remain Anonymous Matters. It may be controversial.
Washington Post in Microsoft Executive Tapped For Top DHS Cyber Post reports that Team Obama has tapped Phil Reitinger, currently “chief trustworthy infrastructure strategist” at Microsoft, to be Deputy Undersecretary of DHS's National Protections Program division.
I've watched Phil in action since his days at DoJ, and agree with Stewart Baker that he's great for the job and “we should be glad he was willing to take on the responsibility”.
It seems I'll be on Channel 10's 6pm news broadcast explaining why tragedies like this one — Pembroke Pines teen broadcasts suicide on webcam — don't mean that we need a special set of cops and regulators for the Internet. (Earlier Channel 10 story, saying up to 1500 people were watching his broadcast; eventually someone called the Pembroke Pines cops, but they broke in too late to save Abraham Biggs Jr.)
The facts are grisly:
A Pembroke Pines teenager told an Internet audience he wanted to kill himself by drug overdose — and then he followed through on his macabre threat while a live webcam captured it, according to the Broward County Medical Examiner's Office.
Abraham Biggs Jr., 19, ingested a lethal mixture of three different drugs early Wednesday, then continued to blog about it while others watched online and egged him on.
The end of the video — which shows Pembroke Pines police busting into his bedroom and discovering his body — remained up on LiveVideo.com as of Friday morning.
Yes, I blame the people involved, not “the Internet”.
Florida has displaced the common-law rule against suicide with some statutory provisions. The most relevant one is aimed at assisted suicide (there's also § 782.081, banning premeditated commercial exploitation of a suicide, but that seems to me not to apply to these facts). Here's the relevant law:
The obvious legal questions, were a prosecutor to attempt the probably unwise project of indicting one or more of the 'egging on' crowd, are782.08 Assisting self-murder.—Every person deliberately assisting another in the commission of self-murder shall be guilty of manslaughter, a felony of the second degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084.
My gut instinct — and I'll quickly admit this is not my field at all — is that 'egging on' does not amount to 'deliberately assisting' under this statute, which was pretty clearly aimed at physician assisted suicide, and cases where someone gives a depressed person guns or pills. I see the law as criminalizing the provision of tools in the main. Perhaps this could be extended to specialized knowledge, such as telling a depressed person how to make or find a gap in a protective fence at 'Suicide Gulch'. But I don't see it as extending to encouragement — even if a psychiatrist might testify (let us imagine) that the encouragement was a necessary element of the victim's decision.
Good thing, too, because the second question is much harder…
In Thomson Reuters: The Gang That Couldn't Sue Straight, James Grimmelmann does a takedown on the (seemingly) asinine Thompson Reuters complaint against GMU (!) about a faculty member's distribution of (widely available) free open source firefox plugin Zotero.
(I'm partial to the less powerful but very useful Scrapbook myself, but that's mostly habit.)
That said, it does seem to me that there is one interesting and potentially triable (i.e. not utterly out-to-lunch) issue in the case, and that is the extent to which a contract by a firm with a (state) university can bind its professors. Let's say that the contract at issue does prohibit GMU from distributing software like Zotero (not obvious it does, but bear with me). Does that prohibition bind the GMU faculty? I'm not sure; but to the extent the acts were within the scope of employment, it might. But of course it doesn't bind either James or me, since we're not parties.
And, as James points out, even if it does there's the little question of what sort of damages would be owing. Since the claim is contractual, there's no scope for tort damages, just contract damages, and it's hard to see how those would be measurable here — in which case the courts would usually count them as zero.
In Miami demands end to home-based porn site, the Miami Herald says that the City of Miami's code enforcement board wasn't very impressed by the 11th Circuit's Voyeur Dorm, L.C. v. City Of Tampa, Florida precedent:
After 10 hours of listening to evidence and arguments, Miami's code enforcement board ruled late Monday night that Phillip Bleicher's Flava Works, an Internet porn production and distribution company, is illegally running an adult entertainment business out of a single-family home at 503 NE 27th St., zoned for residential use, and ordered that those operations cease.The city claims that there is a material difference between the Miami ordinance and Tampa City Code 27-523, the one in the Voyeur Dorm case. That case turned on a very particular reading of the Tampa code's prohibition on offering adult entertainment “to the public”:
“I think the city has met its burden of showing a link between the house on 27th Street and the website,” board member Oscar Rodriguez Fonts said before moving to deny a motion, made by Flava Works' attorney James Benjamin, to dismiss citations posted by city code inspectors in May.
The residence of 2312 West Farwell Drive provides no “offer[ing] [of adult entertainment] to members of the public.” The offering occurs when the videotaped images are dispersed over the internet and into the public eye for consumption. The City Code cannot be applied to a location that does not, itself, offer adult entertainment to the public.
Miami took the view that its rules were materially different:
“Miami's adult entertainment ordinance encompasses Internet activity in a way the Tampa ordinance did not,” Rodriguez Fonts said.
Not having the text of the Miami ordinance, I have to admit that's certainly possible. It's also possible that the same considerations the controlled in the Voyeur Dorm case might apply here.
Either way, unless it is blindingly obvious, it sounds like a possible student note topic to me.
Judge Reed has made the temporary injunction permanent, blocking enforcement of the Child Online Protection Act (COPA) on First and Fifth Amendment grounds. Full text of ACLU v. Gonzales here. An appeal is certain. (The case has already been to the Supreme Court once.)
It has always seemed to me that the critical part of this case was going to be the factual findings about filtering, and Judge Reed appears, on a quick read, to have crafted these very carefully, in a way that will make the government's case on appeal difficult. Interestingly, he bases much of the facts on testimony by Ed Felton and Lorrie Cranor, who certainly would be anyone's top choices for reliable experts in this area. It was also fascinating to see Ronald Mann's testimony on payment cards — the court really had access to excellent experts here. (Smart lawyering by the ACLU!)
On the critical issue of whether filtering is a less restrictive means of achieving the statute's objectives, the opinion puts the burden of proof on the government, and says it failed to meet it in light of the expert testimony about the improved effectiveness of filtering technology. There is of course no debate that filters are less restrictive than the blunderbuss liability approach in COPA; the tough issue is whether despite being less restrictive filters are also as effective. My gut tends to say “no”. It was interesting to read testimony tending to say “yes”, testimony which allowed the court to reach these conclusions of law:
32. Although filters are not perfect and are prone to some over and under blocking, the evidence shows that they are at least as effective, and in fact, are more effective than COPA in furthering Congress’ stated goal for a variety of reasons. For example, as shown by Findings of Fact 68, 78 through 80, 87 through 91, and 92 through 99, filters block sexually explicit foreign material on the Web, parents can customize filter settings depending on the ages of their children and what type of content they find objectionable, and filters are fairly easy to install and use. See also Findings of Fact 102-109.
33. Reliable studies also show that filters are very effective at blocking potentially harmful sexually explicit materials. Findings of Fact 110-116.
34. Even defendant’s own study shows that all but the worst performing filters are far more effective than COPA would be at protecting children from sexually explicit material on the Web, garnering percentages as high as nearly 99 percent in successfully blocking such material. Findings of Fact 117-121. As a result of Conclusions of law 28 through 34, it is clear that defendant has failed to establish that COPA is the least restrictive means of protecting children from harmful sexually explicit materials on the Web.
This is not the only grounds on which the court invalidates COPA — there is discussion of vagueness and overbreadth for example — but I think it's the key, and because it is so fact-based will be much tougher to overturn than the purely legal conclusions. So I predict this outcome survives.
If I'm right about that, then Congress's next move is to mandate or subsidize filtering. Oh joy.
Via Slashdot, comes the news that data (and maybe tax) haven Sealand is for sale. The 'nation' has had some problems recently.
Sealand claims to be a country based on its fixation to the continental shelf in what were then but are not now international waters. Although this claim is not recognized by anyone that matters, the claim is somewhat less ludicrous than that of any other man-made micro-nation, e.g. that of the Dominion of Melchizedek.
I like the idea behind The Small Print Project which intends to collect interesting (and odd) terms from EULAs (End User Licensing Agreements).
Final exam fodder for that e-commerce course?
(spotted via The Trademark Blog)
In the course of a domain name arbitration awarding mymorganstanleyplatinum.com to Morgan Stanley, arbitrator Richard Hill had this to say,
Respondent maintains that it is a cat, that is, a well-known carnivorous quadruped which has long been domesticated. However, it is equally well-known that the common cat, whose scientific name is Felis domesticus, cannot speak or read or write. Thus, a common cat could not have submitted the Response (or even have registered the disputed domain name). Therefore, either Respondent is a different species of cat, such as the one that stars in the motion picture "Cat From Outer Space," or Respondent's assertion regarding its being a cat is incorrect.If Respondent is in fact a cat from outer space, then it should have so indicated in its reply, in order to avoid unnecessary perplexity by the Panel. Further, it should have explained why a cat from outer space would allow Mr. Woods to use the disputed domain name. In the absence of such an explanation, the Panel must conclude that, if Respondent is a cat from outer space, then it may have something to hide, and this is indicative of bad faith behavior.
On the other hand, if Respondent's assertion regarding its being a cat is incorrect, then Respondent has undoubtedly attempted to mislead this Panel and has provided incorrect WHOIS information. Such behavior is indicative of bad faith. See Video Direct Distribs. Inc. v. Video Direct, Inc., FA 94724 (Nat. Arb. Forum June 5, 2000) (finding that the respondent acted in bad faith by providing incorrect information to the registrar regarding the owner of the registered name). ...
The Panel finds that Respondent's assertions that it is a cat provide sufficient evidence to conclude that the Respondent registered and is using the disputed domain name in bad faith. And this despite the fact that the Panel, unlike Queen Victoria, is amused.
People teaching (or studying) cyberlaw may find final exam creation (or study) inspiration in this non-hypothetical case of "NTP vandalism."
Here's another Google subpoena case. It looks like I was wrong in my radio sound bite: we didn't have months before this case came up -- we didn't even have days,
Police blotter: Judge orders Gmail disclosure: The subpoena asks for not only current e-mail but also deleted e-mail: "All documents concerning all Gmail accounts of Baker...for the period from Jan. 1, 2003, to present, including but not limited to all e-mails and messages stored in all mailboxes, folders, in-boxes, sent items and deleted items, and all links to related Web pages contained in such e-mail messages."Remember: Google never forgets. And it can all be traced back to you.Google's privacy policy says deleted e-mail messages "may remain in our offline backup systems" in perpetuity. It does not guarantee that backups are ever deleted. Baker estimated he may have tens of thousands of e-mail messages in his Gmail account.
[yes, yes, I'm not speaking to the .00001% of you who know how to route things through anonymizing proxies and actually do so on a routine basis, ok?]
My dad forwarded me this interesting article in Le Monde, Wanadoo et Free : des clauses abusives à haut débit.
Following a trail blazed by AOL and Tiscali, supposed good-guy ISPs Wanadoo.fr and Free have been found guilty of violating French consumer protection law. Wandoo now becomes the holder of a special booby prize (Le Monde calls it a gold medal for abusive clauses), having been ordered to revise no less than 32 clauses in its standard form contract that were found to be "abusive or illicit".
Among the clauses ruled illegal by the court were those which:
I'm sure almost every reader of this blog in the US is party to one or more contracts with clauses like these. But good luck getting anyone to declare them illegal (although conceivably a state court might refuse to enforce one or two of them if push came to shove).
A friend writes suggesting I publicize this posting for a law teaching job specializing in information security:
The Indiana University School of Law-Bloomington and the School of Informatics seek to appoint an outstanding scholar and teacher to fill a new tenured/tenure-track position in the area of information security law. The position will be affiliated with Indiana University's Center for Applied Cybersecurity Research and the School of Informatics which provide a broad, interdisciplinary perspective on the use of technologies, systems, policies, laws, personnel, and education to protect information networks and systems and information content from unauthorized access, use, destruction or alteration.
While appointment at any rank is possible, preference will be given to candidates with information security law and policy experience appropriate for associate or full professor rank. Salary will be commensurate with educational background and experience. J.D. or Ph.D. required; J.D. strongly preferred. Anticipated start date by August 2006.
Applicants are invited to apply online.
Reuters reports that,
U.N. agency says it's ready to govern the Net:The United Nations' International Telecommunications Union is ready to take over the governance of the Internet from the United States, ITU head Yoshio Utsumi said on Friday.While the ITU's desire to replace ICANN has been an open secret for years, this is the clearest declaration yet from the ITU's rather outspoken leader. The official line until now has been much softer.The United States has clashed with the European Union and much of the rest of the world over the future of the Internet. It currently manages the global information system through a partnership with California-based Internet Corporation for Assigned Names and Numbers, better known as ICANN.
"We could do it if we were asked to," Utsumi told a news conference. The U.N. agency's experience in communications, its structure and its cooperation with private and public bodies made it best-placed to take on the role, he said.
As far as I can tell, the US government mistrusts the ITU for various complicated telecoms-related related reasons I've never fully grasped. That's just as well, as the ITU is no friend to impecunious NGOs, who are at best third-class participants in its deliberations, and certainly never participants as of right, only suffrage.
"Washington has made clear that it would oppose any such move, despite widespread demands for changes in the current system.We will not agree to the United Nations taking over management of the Internet," said David Gross, a U.S. Department of State official attending a two-week conference preparing for a U.N. World Summit on the Information Society in Tunisia in November.
Reading all this, one canny observer on a list I follow remarked, "The secret to good comedy is timing."
The US position on WSIS is stated, quite forcefullly, in EU and U.S. clash over control of Net.
Key quotes:
The European decision to back the rest of the world in demanding the creation of a new international body to govern the Internet clearly caught the Americans off balance and left them largely isolated at talks designed to come up with a new way of regulating the digital traffic of the 21st century.
"It's a very shocking and profound change of the EU's position," said David Gross, the State Department official in charge of America's international communications policy. "The EU's proposal seems to represent an historic shift in the regulatory approach to the Internet from one that is based on private sector leadership to a government, top-down control of the Internet."...
Political unease with the U.S. approach, symbolized by opposition to the war in Iraq, has spilled over into these technical discussions, delegates said.
...
The United States has sharply criticized demands, like one made last week by Iran, for a UN body to govern the Internet, Gross said. "No intergovernmental body should control the Internet," he said, "whether it's the UN or any other." U.S. officials argue that a system like the one proposed by the EU would lead to unwanted bureaucratization of the Internet.
"I think the U.S. is overreacting," said David Hendon, a spokesman for the EU delegation.
Something truly odd and potentially important is happening at WSIS.
The Register says, EU deal threatens end to US dominance of internet, while The Inquirer says, America needs to give up Internet control, but neither one really explains what is going on.
I guess we'll know by tomorrow.
Several people have been kind enough to send me pointers to this Slashdot item on a blogger being sued for defamation and trade secret disclosures which were (at least primarily) committed by posters to his blog.
I've posted my comment on this at slashdot, but I suppose I should reprint it here too. And while we're at it, I might as well improve and expand it a little...
Insofar as we're concerned with liability for the commentator's remarks, the Communications Decency Act, sec. 230(c)(1) says,
And, in sect. 230 (f)(3),No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
if you read the full text of sec. 230 you will see that Congress intended fairly broad protection; in sec. 230(f)(3) it certainly wrote in very broad terms. Why a blog with comments would be treated differently from, say, a BBS or a chat room escapes me."The term ''information content provider'' means any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.
The leading case on sec. 230, Zeran v. America Online, Inc. 129 F.3d 327 (4th Cir. 1997) adopts a broad reading of it, some later cases in California state court and in the Seventh Circuit critique that breadth. And to the extent they wish to impose distributor liability as opposed to publisher liability -- ie you're liable if you keep it on line after being on notice as to the problem -- there may be some merit to their critique. Even so, I think that the publisher's liability for defamation claim is covered by sec. 230, and probably the distributor liability also.
The trade secret claim is a little harder. Congress didn't have trade secrets in mind when it wrote sec. 230. The CDA immunity in sec. 230 doesn't create a new protection for intellectual property claims (see 230(f)). So it's not an open-and-shut issue on the trade secrets. Nevertheless, unlike defamation law which applies to everyone, common law trade secret duties usually fall only on those who have a duty to keep the information secret, or who misappropriated it, not on innocent third parties.
A similar rule is found in the Uniform Trade Secrets Act, although the Act creates a civil right of action against third parties who "at the time of disclosure or use, knew or had reason to know that his knowledge of the trade secret was (I) derived from or through a person who had utilized improper means to acquire it." Whether that applies to this case is of course a factual question. I suspect it wouldn't apply in the ordinary case of a blog comment, but might if the blogger had a special knowledge about the situation.
In law there are few certainties until after a court rules, but absent unusual facts I think the balance here points towards a finding of non-liability both on CDA grounds and traditional trade secret grounds where innocent receivers of information, and especially journalists who receive information, are not usually liable.
Update: These issues and many more are discussed EFF's Legal Guide for Bloggers.
[Edited and re-ordered for clarity.]
The US Department of Commerce has announced an unexpected new policy regarding the Domain Name System (DNS) and the Internet Corporation for Assigned Names and Numbers (ICANN).
In previous pronouncements, the US had indicated that the US would someday release its ultimate control over the "root" -- the file that contains the master list of authorized registries and thus determines which TLDs show up on the consensus Internet and who shall have the valuable right to sell names in them. That day would come if and when ICANN fulfilled a number of conditions spelled out in a Memorandum of Understanding (MOU).
Today's announcement says the opposite: the US plans to keep control of the root indefinitely, thus freezing the status quo. Nothing will change immediately as a result. But the timing is weird, coming as it does only a short time before the forthcoming meeting of the UN-sponsored World Summit on the Information Society (WSIS).
Five years ago, in Wrong Turn in Cyberspace, I wrote (footnote 42, reformatted slightly):
Whether and under what circumstances DoC would turn over the root to ICANN has been the subject of somewhat contradictory pronouncements. In the White Paper, DoC stated, "The U.S. Government would prefer that this transition be complete before the year 2000. To the extent that the new corporation is established and operationally stable, September 30, 2000 is intended to be, and remains, an 'outside' date.'" White Paper, supra note 15, at 31,744. More recently, DoC assured Congress that it intends to retain its rights over the DNS:The Department of Commerce has no intention of transferring control over the root system to ICANN at this time [July 8, 1999]. . . . If and when the Department of Commerce transfers operational responsibility for the authoritative root server for the root server system to ICANN, an [sic] separate contract would be required to obligate ICANN to operate the authoritative root under the direction of the United States government.Letter from Andrew J. Pincus, DoC General Counsel, to Rep. Tom Bliley, Chairman, United States House Committee on Commerce (July 8, 1999), National Telecommunications and Information Administration.
Meanwhile, or at best slightly later, DoC apparently assured the European Union that it intends to give ICANN full control over the DNS by October 2000:[T]he U.S. Department of Commerce has repeatedly reassured the Commission that it is still their intention to withdraw from the control of these Internet infrastructure functions and complete the transfer to ICANN by October 2000. . . . The Commission has confirmed to the US authorities that these remaining powers retained by the United States DoC regarding ICANN should be effectively divested, as foreseen in the US White Paper.Commission of the European Communities, Communication from the Commission to the Council and the European Parliament: The Organization and Management of the Internet International and European Policy Issues 1998-2000, at 14 (Apr. 7, 2000) (emphasis added), Information Society Promotion Office. Recently, DoC assured the GAO that "it has no current plans to transfer policy authority for the authoritative root server to ICANN, nor has it developed a scenario or set of circumstances under which such control would be transferred." GAO Report, supra note 28, at 30. ICANN meanwhile stated on June 30, 2000, that "[s]ince it appears that all of the continuing tasks under the joint project may not be completed by the current termination date of the MOU, the MOU should be extended until all the conditions required to complete full transition to ICANN are accomplished." Second Status Report Under ICANN/US Government Memorandum of Understanding (30 June 2000), § D.4, (June 30, 2000).
Since then, every time the MOU with ICANN has lapsed, the US has observed that the terms were not met -- but extended the agreement. And every time, ICANN has said that it's just about to meet all the necessary conditions any day now...although it never does. And in fact, ICANN has come closer and closer, although one or two major, perhaps insurmountable, obstacles remain (agreements with the root server operators and especially agreement with the ccTLD operators).
Thus, the ambiguity remained. Most recently, in fact, Commerce had sent signals suggesting it was leaning in ICANN's favor, notably an announcement that the current MOU extension would be the last one -- leading me and other observers to think the fix was in for turning ICANN loose.
But today, in a surprise statement by the Commerce Department, the US government took out the ambiguity -- and said it intended to keep its authority over the root. In the short and medium term, the implications of this statement are political, not operational as the status quo for operations remains unchanged.
The new policy states that the US no longer has any intention of handing the root to ICANN even it meets the terms of the MOU (as amended):
U.S. Principles on the Internet's Domain Name and Addressing System
The United States Government intends to preserve the security and stability of the Internet's Domain Name and Addressing System (DNS). Given the Internet's importance to the world's economy, it is essential that the underlying DNS of the Internet remain stable and secure. As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.
Governments have legitimate interest in the management of their country code top level domains (ccTLD). The United States recognizes that governments have legitimate public policy and sovereignty concerns with respect to the management of their ccTLD. As such, the United States is committed to working with the international community to address these concerns, bearing in mind the fundamental need to ensure stability and security of the Internet's DNS.
ICANN is the appropriate technical manager of the Internet DNS. The United States continues to support the ongoing work of ICANN as the technical manager of the DNS and related technical operations and recognizes the progress it has made to date. The United States will continue to provide oversight so that ICANN maintains its focus and meets its core technical mission.
Dialogue related to Internet governance should continue in relevant multiple fora. Given the breadth of topics potentially encompassed under the rubric of Internet governance there is no one venue to appropriately address the subject in its entirety. While the United States recognizes that the current Internet system is working, we encourage an ongoing dialogue with all stakeholders around the world in the various fora as a way to facilitate discussion and to advance our shared interest in the ongoing robustness and dynamism of the Internet. In these fora, the United States will continue to support market-based approaches and private sector leadership in Internet development broadly.
This new statement is consistent with some of what Commerce has said to Congress in the past, but it is not consistent with much of what the US has been telling its allies. Some of them are going to be very upset with this change in policy.
Personally, I'm actually not that upset with this promise to maintain the status quo because I don't see ICANN as deserving to slip loose of the last significant source of even potential control on its ever-expanding budget and activities. And, although it's not politically correct in international circles to say so, I'd be uncomfortable with any international control over the Internet that gave any foreign despot a say in how domestic communications work. (I'd be fine with a coalition of the willing serving as co-trustees if membership were limited to democracies; for some reason that's never what anyone contemplates.)
But the timing of this announcement seems odd -- even Bolton-eseque -- as it comes so soon before WSIS, and may be experienced as a stick in the eye by some of the governments there. Is it an attempt to dissuade participation in WSIS on the grounds that it will be pointless? An attempt to lower expectations? Or just ham-handed?
The bright side from the point of view of potentially angry foreign governments is the invitation to thinking about new ways to deal with ccTLD issues; coupled with the reference to multiple fora, this suggests a possible deal on taking the ccTLD part out of ICANN and situating it somewhere else. But that's pure speculation on my part.
Updates: Henry Farrell suggests that the ccTLD part is just a sop: "This is very small beer; country level domain names aren't that important."
Also, I just came upon this remarkably defensive interview with ICANN CEO Paul Twomey, held before this announcement (but did he know?) in which he asserts that ICANN's future is not in danger, and denied rumors that the EU's Paul Verhoef, who had been ICANN's Vice-President, quit suddenly (did he know?) because Verhoef was frustrated with ICANN and/or because the EU is lessening its support.
Update2: According to someone who should know, the job Verhoef left ICANN for is one that anyone in their right mind would prefer, so one should not read anything into that move.
Bret Fausett reports on today's Friday Board Meeting at ICANN, including this item:
ICANN has provisionally reserved (countrynames).jobs and (countrynames).travel pending further review and consideration of a request from the GAC. The issue will go to the GNSO for discussion and possible resolution.
This seems like a good opportunity to plug my article on the legal status of country names in top and second-level domain names: When We Say US™, We Mean It!.
Ed Hasbrouck, whom I consider to be an extremely reliable source on matters relating to travel, and to ICANN's relation with the travel industry, reports on what should be a major scandal: ICANN reveals “.travel” sponsor is a front. He also predicts no one will care, and ICANN will get away with this sham.
The Committee did not find any purely technical reasons that the root name servers could not provide the same level of response with a much larger root zone file. Indeed, the ability of the .com name servers to respond to billions of queries a day against the .com zone file, with over 20 million entries, is a demonstration of the technical capacity that could be applied to the root zone, if necessary.The only technical arguments put forward against new TLDs suggested that it was necessary to limit the rate of addition. The committee agreed that the acceptable rate is tens of TLDs - which means anywhere from 20 to 90 per period. The committee thus arrived at the following conclusion:
Considering technical and operational performance alone, the addition of tens of gTLDs per year for several years would pose minimal risk to the stability of the root.Old hands in the DNS wars will immediately be reminded of two pieces of ancient history: First, that Jon Postel himself proposed adding 50 new TLDs per year to the root. Second, that in all the years of its operation, ICANN - - which claims to be a technical coordination body (when that suits it) - - and which is single-handedly responsible for the current artificial cap on new TLDs never once dared commission a study of what would be technologically safe...perhaps because it feared the answer.
If new gTLDs are to be created, the currently-employed comparative hearing process should not be assumed to be the only process for selecting their operators. ICANN should consider alternate processes, including those that incorporate the use of auctions in some way.
Whois data management and access should be designed to allow for gradations in access while maintaining some degree of free access to Whois information.
The continued evolution of ICANN to attain legitimacy among its critical constituencies and, consequently, to receive stewardship responsibility from the U.S. government, appears to be the most feasible path to governance of the DNS that is broadly accepted as international.No doubt this conclusion will be interpreted by ICANN itself as something of an endorsement. But it is a conditional, less than ringing one. And it is, of course, based on a completely circular argument: "feasibility" is the standard used, and whatever the USG accepts becomes "the most feasible" path because the USG holds veto power over the outcome. But note that the conclusion does not say this is the best path. Indeed, it comes with a pretty large caveat, one which inverts the entire meaning:
Recommendation: Before completing the transfer of its stewardship to ICANN (or any other organization), the Department of Commerce should seek ways to protect that organization from undue commercial or governmental pressures and to provide some form of oversight of performance.If that's taken to heart and implemented in a meaningful way, even I can live with that.
Although it is possible that the U.N.-sponsored World Summit on the Information Society will lead to proposals for some form of internationally-negotiated, quasi-governmental or multi-stakeholder organization with oversight or other influence over DNS governance, specific proposals are not yet (in December 2004) on the table and cannot be evaluated either for their practicality or their feasibility." (Chapter 5)With respect to root server operators, the report comes out in favor of the status quo. It suggests that the Commerce Dept. should consider relaxing its MoU requirements about pushing ICANN and the RS operators into contractual agreements. It calls vaguely for "more formal coordination" of RS operation by ICANN instead of centralized contractual agreements.
If the creation of the ccNSO does not result in increased participation by the ccTLDs in ICANN policy making, then ICANN may find itself subject to increasing pressures to constrain its role to that of gTLD management and root zone file record-keeping.This flat recognition of reality, unusual given its political sensitivity, will no doubt be greeted happily at the ITU, which has long angled for a role in handling the ccTLD delegation process. In effect, the report comes quite close to recognizing that ICANN's powers may have to be shared if things don't change.
Both the Domain Name System and Internet navigation services will be significant elements of the Internet for the foreseeable future….The preservation of a stable, reliable, and effective Domain Name System will remain crucial both to effective Internet navigation and to the operation of the Internet and most of the applications that it supports." (Concluding lines of Chapter 9).The conclusion is important because back when this study was commissioned (2000), many people were still saying that the DNS might be superseded or replaced by other technologies. We know better now.
The University of Toldeo College of Law is sponsoring what sounds like it will be a great conference on Cybersecurities regulation. I wish I could go. But as the first presenter on the first panel is my wife, someone has to stay home.
The Tenth Anniversary of Cybersecurities Law
Friday, April 8, 2005
9:00 a.m. to 2:30 p.m.
University of Toledo College of Law
Co-sponsored by the Cybersecurities Law Institute, the Stranahan National Issues Forum, and the University of Toledo Law Review
Keynote speaker:
John Reed Stark, Chief of Office of Internet Enforcement and Counselor to Director of Enforcement, U.S. Securities and Exchange Commission
Recent Developments in Cybersecurities Fraud Enforcement
Moderator: Prof. Howard M. Friedman, Director, Cybersecurities Law Institute, University of Toledo
Presenters:
Panel I: The Challenge of Technology
Prof. Caroline M. Bradley, University of Miami School of Law
Information Society Challenges to Financial Regulation
Prof. Olufunmilayo Arewa , Case Western Reserve University School of Law: Securities Law and Technology: Translation and Accommodation in Cyberspace
Panel II: The SEC's New Securities Offering Rules (Proposals)
Broc Romanek, Esq., Editor, TheCorporateCounsel.net
David C. Lee, Esq., Gibson, Dunn & Crutcher, Washington, D.C.
E-Communications by Public Companies: Inside and Outside the Offering Context
Panel III: Innovative Uses of Cyberspace
Prof. Christine Hurt, Marquette University Law School
What Google Can't Tell Us About IPO Auctions (And What It Can)
Dr. Dirk Zetzsch, Heinrich Heine University (Dusseldorf)
Corporate Governance in Cyberspace-The Impact of Virtual Shareholder Meetings
Panel IV: The Internet and International Securities Issues
Dr. Paul U. Ali, University of New South Wales
Cyberderivatives-Online Retail Markets in International Equity Betting
Prof. Dimity Kingsford-Smith, University of New South Wales
Follow My Leader? Similarities and Differences in Australian and US Online Investing Regulation
JURIST reports
The WTO sided with the island nation of Antigua and Barbuda, ruling that US legislation that criminalizes online gambling is in violation of global trade law. In a 287-page report released Wednesday, the WTO concluded that the US inconsistently applied gaming law so as to prejudice foreign countries, in violation of the General Agreement on Trade in Services (GATS).
I guess I have to read it now. And GATS.
The latest twist in the Yahoo! case arrived today when the 9th Circuit overruled a district court decision which had held that Yahoo! could file a declaratory judgement action in the US to block domestic enforcement of a French court's judgment that Yahoo! had violated French law against Nazi propaganda. The 9th Circuit disagreed, holding that US courts lack jurisdiction against the French parties to this case, until and unless they subject themselves to this suit either by presence or by themselves suing to enforce the French judgment.
At first glance, the primary import of this pretty reasonable-looking decision, besides simplifying teaching the case, is to give the French parties more control of the forum if they ever seek to litigate against Yahoo! in the US.
VeriSign Sues ICANN. Get the information as it develops at ICANNWatch.org.
The nice people from Voyeur Dorm are in the news again. Last time the question was whether a virtual business ran afoul of a local zoning ordinance prohibiting adult businesses providing entertainment 'to the public' (the 11th Circuit said it was not, since the public was not allowed to attend in person). This time twelve former Voyeur Dorm employees are suing the site's owner,
alleging that the daily regimen of semi-nude sunbathing, housekeeping, swimming, showering and chat-room correspondence in the fishbowl of the World Wide Web went well beyond the limited hours they were told they would have to work.They seek compensation for uncollected overtime pay.
The Tampa company has fired back with a lawsuit of its own, alleging two of the women violated a ''noncompete'' agreement by taking their talents, training and trade secrets to a rival business called Voyeur Cam Friends.
Although cavorting in a dorm may sound like easy labor, the plaintiffs say nitpicky rules often stipulated how they slept (with one leg dangling outside the sheets), brushed their teeth or watched TV (topless, or while painting one's toenails).
'It's not taxing work,'' scoffed Tony Griffin, a labor law attorney representing Voyeur Dorm.He said the list of required tasks assigned to employees seldom even approached 40 hours a week and that the women could log those work hours sunbathing topless or even sleeping in a provocative nightgown. When not performing the assigned tasks ''on the clock,'' the women were on camera but free to do pretty much as they pleased, the company says.
The company contends the women weren't entitled to overtime anyway, because they worked for a fixed weekly salary.
But the litigants, none of whom still work for the company, say the federal Fair Labor Standards Act of 1938 entitles them to overtime pay. They claim a certain number of them had to be in the house at any one time, making them virtual prisoners — and that anyone who left the premises could not leave for long.
I can just imagine the depositions….
Maria Farrell, who works as a lobbyist for an undisclosed international membership organization based in Paris (OECD? ICC?) writes a great account of WSIS at Crooked Timber. Below I include a sampler, but it's worth clicking the link to get the whole thing.
Other interesting WSIS links include:
[Links snagged from all over, espeically Lextext]
Here are some choice quotes from Maria Farrell:
The developing countries, led by Senegal, came to the table wanting a Digital Solidarity Fund, and went away with their begging bowls empty. …… I personally believe a proposal to control the DNS which both China and Egypt can agree on is not something those who value freedom of communication could support. …
Finally, freedom of expression. Well, here’s where I lost my remaining patience for the WSIS as a worthwhile political process. The final summit declaration was a wash-out which you can read for yourselves (page 8). But let me describe a high level round table I attended which gives an idea of just how these things run. It was called ‘diversity in cyberspace’(list of participants available here) and was chaired by the president of Latvia and moderated by BBC newsreader Nick Gowing. President Freiburga said the 2 hour session would cover three aspects of diversity; cultural diversity (preserving and digitalizing cultural heritage, diversity of languages), freedom of expression and media ownership, and law and ethics on the internet (censorship).
After an hour or so on cultural heritage and language diversity, Gowing said that he’d get to the other two topics in 20 minutes. He didn’t. No one objected. At the 90 minute mark, he still hadn’t. And, with 20 minutes to go, Gowing finally introduced the broad area of freedom of expression as one topic, at which point the Chair left the room and skipped half the remaining discussion. The discussion consisted of the journalists’ federation piping up on press freedom, and the governments of Morocco, Tunisia and Uganda rejoining that it was all very well, but just not for them, thank you. So a three-topic round table was chaired to ensure there was no meaningful discussion on two key topics that might prove uncomfortable to the country delegates. No one apart from civil society representatives spoke in favour of freedom of expression. A shaft if ever there was, and a telling one too.
Belarus KGB chief: Internet should be brought under control (10/12/2003):
KGB should exert control over Internet, because international terrorism and organized crime more and more often use WWW. “We are trying to provide all the possibilities, and legal - fist of all, in order to be able to control Internet, “- said Mr. Leonid Erin, chief of Belarusian KGB.Mr. Erin emphasizes that he understands criticism of this position, especially in connection with human rights violation. But he insists that prior to that are state interests and secret services activities.
Note that although the underlying motives may differ substantially, one hopes, the official position as to what should happen is not that different from that of many governments, including several democracies.
While I try to reassemble my consciousness through a haze of jet lag…
I'm back from I think was a fairly successful trip to Amsterdam. The Experts' Group meeting was perhaps more mainstream telecom than some of the events I would usually choose to go to, but that had its advantages, as it confronted me with some fairly alien viewpoints. Many of the participants were fans of the ITU, and seemed pretty convinced that it would be an improvement over ICANN. Here's a small sample of things they said:
Amsterdam is a lovely city, even in the cold and light rain. Everyone I met was very nice. The intrusion of English into the life of the city is a little shocking — natives are as likely to address each other in English if they don't know each other. Many of the ads on the street and on TV are wholly or partly in English. One hears a great deal of English on the street, and not just from people who look like tourists. And of course, everyone I dealt with professionally or commercially spoke great English. One Dutch colleague said modestly, “We are a small country. We have no pride,” but I don't believe this is correct. The Dutch do in fact have quite justifiable pride — for example, the Internet research group in the Amsterdam/Tilburg axis rivals if not surpasses the work done at Berkeley, the US leader in the area — but this pride does not overwhelm their fundamental practicality.
This is the most sensible thing I've seen on the subject. And it still leaves out half of what I think is the story: the non-US perspective. Folks out there are getting real grumpy with what they see, with some justice, as US domination of the infrastructure.
Andy Oram, Gee, when did we give away the Internet? (An analysis of news about WSIS)
What king or dictator or bureaucrat has signed the document giving power over the Internet to one organization or another? Did I miss the ceremony?One laughable aspect of news reportage is that the founders and leaders of ICANN always avowed, with the utmost unction, that they were not trying to make policy decisions and were simply tinkering with technical functions on the Internet. Of course, there is rarely such a thing as a merely technical function, and that truth has been borne out by the effects of ICANN's policies on “intellectual property” and on the allocation of domain names in general. Perhaps it's good for people to be talking openly of ruling the Internet.
But, in whatever ways ICANN has managed to wield its three-pronged fork (domain names, addresses, and assigned numbers such as protocols), it has never come close to being master of the Internet.
Now that the mainstream media have announced that the Internet is up for grabs, they are presenting the debate falsely as a two-sided fight between ICANN and the International Telecommunications Union (ITU).
…
So what is up for grabs? Certainly the right to define new top-level domain names (anybody visited a .museum site lately?) and to hand out to various favored organizations the plum of domain name registration (which really should be a nearly pure technical function, and has been turned into a heavy-weight, politicized activity by the “intellectual property” interests). But that's not really very much.
The fears that seem to be circulating around the domain name fight is that governments or other organizations will use control over domain names to censor the Internet. Ironically, the biggest threat to freedom in the use of domain names has been from the private sector, specifically the “intellectual property” interests. But the danger is present that governments will catch on (China seems to be doing so) and manipulating the system to restrict free speech. Still, with search engines becoming more popular and more powerful all the time, domain names are not the prime prizes they seemed in the late 1990s.
IP addresses are also a potential source of control that Internet users should be conscious about, if not worried about. Addressing can be abused mainly in a context of scarcity, and there has been debate for years over whether IP addresses are getting scarce. (They're certainly scarce when you ask the average local ISP for more than one!) A vigorous campaign to adopt IPv6 would remove most of the worry over this potential choke-hold.
And who ultimately is in charge of the Domain Name System? You are. You determine what domains you view. Somewhere on your personal computer is a configuration option that determines where you go to resolve top-level domains, and you can go far beyond what ICANN would like you to see.
What I'm thinking about today
Broadly speaking, Internet regulation today can be conceived of as involving three related spheres: Direct regulation of the internet infrastructure itself; regulation of activities that can be conducted only over the internet; and, regulation of activities which can be, but need not be, conducted over the Internet.
1. Direct regulation of the internet infrastructure itself, including
a. the standards of communication,
b. the equipment used to provide and access Internet communication,
c. intermediaries engaged in the provision of Internet communications, e.g. Internet Service Providers (ISPs)
2. Regulation of activities that can be conducted only over the internet and which have no significant off-line analogues. An example is the regulation of anonymous online communication via anonymizing re-mailers.
3. Finally, there is the regulation of the enormous category of activities which may or may not be conducted over the internet, e.g. e-commerce in both tangible and intangible goods. In many cases the Internet version of an activity often will simply be swept up in the general regulation of the type of conduct.
a. In some cases, however, the Internet version may be subject to special or additional regulation because the use of the Internet is seen as somehow aggravating an underlying problem or offense. An example of this is US attempts to regulate the provision of obscene or “indecent” content to minors via the Internet.
b. In other cases, there may be attempts to craft special regulations for the Internet version of an activity because of fears that its international character (and concomitant regulatory arbitrage), the ease of anonymization, or the elimination of formerly prohibitive transactions costs changes the danger, incidence, or character of the activity — or, most commonly, makes the enforcement of the pre-existing rules difficult or impossible. Examples of this include attempts to regulate peer-to-peer sharing of material copyrighted by others and regulation (or in some cases discouragement) of e-cash.
These spheres of regulation are obviously related in many ways. This schema underlines why approaches to the first sphere of regulation, direct regulation of the infrastructure, have two sometimes radically different sets of motives even though the regulatory techniques and tools often may overlap or even interfere with one another.
One the one hand, some regulatory (or de-regulatory) strategies pursue goals that are primarily internal to the first sphere. For example, the current Internet architecture depends on the unique assignment of Internet Protocol numbers; the regulation of the mechanisms that control assignment of these potentially valuable resources — and which determine when and how the underlying standards might be modified — is a matter of critical importance to the Internet, one that is (currently) internal to the first sphere. Similarly, the regulation of the creation of new Top-Level Domains (TLDs) and the regulation of the assignment of Second-Level Domains (SLDs) are in the first instance an issue in the first sphere, albeit one influenced by external rules such as trademark law.
More generally, a number of independent, private, non-profit, standards bodies define the technical standards for various parts of the Internet. These groups include the Internet Engineering Task Force (IETF), an unincorporated international volunteer organization of software and network engineers, and the W3C, a consortium of corporations and interested individuals who concentrate on HTML and WWW-oriented standards. These bodies do not, however, tend to venture beyond classic standard-setting activities.
In contrast, other bodies, notably governments and industry pressure groups, seek to facilitate and deploy regulatory strategies that regulate the Internet infrastructure aim to leverage control over that infrastructure to achieve social goals external to the infrastructure itself. An example of this are calls to expand the information that domain name registrants must publish in the WHOIS database in order, for example, to allow copyright owners to know to what address they should address their writs in the event that they believe that their rights are being infringed online.
The contrast between what I have labeled the internal and external motivations not only influences the type of rule likely to be advanced, but more importantly has institutional implications. Of these, the most critical is the type of regulatory body likely to be seen as a legitimate source of the rule in question. Questions about the mis-match between legitimacy and effectiveness lie at the heart of both current and future debates about the regulation of the Internet infrastructure. Many bodies — governments — with legitimacy to make rules in the second and third spheres lack, or believe they lack, the ability to regulate the infrastructure effectively; the most apparently effective bodies extant today, the Internet Corporation for Assigned Names and Numbers (ICANN) and its seemingly subsidiary body, the Internet Assigned Numbers Authority (IANA) face substantial questions about their legitimacy, especially when they venture out of the first sphere. There is more acceptance of the legitimacy of established technical standard setting bodies such as the IETF and the W3C but this is in large part because they tend to restrict their activities firmly to the first sphere, and also because there is greater respect for the quality of their decisions (or, perhaps, less general knowledge of them). In contrast, ICANN already acts like a market regulator, and faces pressures to expand its remit further into realms ordinarily occupied by governments. Simultaneously, governments are taking an increasingly direct role in this supposedly private body's decision-making, but are doing so in a manner notably lacking in transparency.
The Supreme Court of Florida has appointed me along with a bevy of state law luminaries to its Committee on Privacy and Court Records. You can read the Administrative Order (.pdf) and the Press Release. There is also a useful webpage with background information.
The tension between online public access to court documents and privacy raises really hard questions for which I have no ready answers. As an abstract matter it isn't easy to say why if a record is 'public' in the sense of being available in the basement of a courthouse somewhere it shouldn't also be available online for all of us who find it hard to get to that basement. On the other hand, as a realistic matter, some filings - especially pro se filings in family law cases - have lots of sensitive (and basically irrelevant) personal information that could easily enable identity theft. Putting that data online exposes people to substantial risks that it would be good to shield them from.
Florida law on procedure and on technology issues often serves as a model for South American courts, and even for other states. By addressing this issue directly, the Supreme Court is shouldering this responsibility in an admirable fashion.
Judging from the press calls I'm getting, the part of today's order that will get people excited is the interim so-called “moratorium” (expiring not later than July 1, 2005) on the provison of certain information for posting online. But if you read the whole order, you see that the Supreme Court exempts large classes of judicial information from what it rightly calls a “limited” moratorium—so at least at first reading it is hard to see what legitimate interests will be seriously harmed by this temporary order.
Pro-Spam “Anti-Spam” Law (found via Electrolite).
Nathan Newman has identified one of the key problems with the Senate's much touted anti-spam law, so I don't have to…
I generally avoid trade law and trade treaties, on the grounds that life is too short. The way trade law is going, however, I may have to make some exceptions. I've already had to read up on the dispute settlement rules in major trade treaties to teach International Law, which I'm doing for the first time this year.
Now, IP Justice, a civil liberties group, has just published FTAA: A Threat to Freedom and Free Trade. In it they analyze the Intellectual Property parts of the draft Free Trade Area of the Americas Treaty which is intended to go into effect in 2005. Their summary is scary enough that I think I'll have to go read the full agreement and see if it is as bad as they say. [Note: Headline corrected.]
The FTAA seeks to unite the 34 democracies in the Western Hemisphere (including the US) to a single trade agreement akin to NAFTA. Parts of the treaty take an aggressive position on harmonization issues—and these are among the controversial parts.
According to IP Justice's summary, the draft intellectual property rights chapter in the FTAA Agreement will expand criminal procedures and penalties against intellectual property infringements throughout the Americas. One proposal in Article 4.1, they say, would make Internet music swapping a felony throughout the Western Hemisphere in 2005.
Worse, apparently the proposed agreement forbids consumers from bypassing technical restrictions on their own CDs, DVDs and other property, similar to the controversial US Digital Millennium Copyright Act (DMCA). That would 'lock-in' the DMCA — just at a time when proposals to repeal part of it are gathering some steam in US Congress.
Ironcially, for a “free trade” agreement, the FTAA would enshrine price discrimination by making illegal to bypass trade barriers such as DVD region code restrictions.
Other frightening stuff in the IP Justice summary:
The draft treaty also imposes new definitions for “fair use” and “personal use,” curtailing traditional fair use and personal use rights to a single copy and only under limited circumstances. This prevents consumers from backing-up their media collections, using their media in new and innovative ways, and accessing media for educational and non-commercial purposes.Another clause would require all countries to amend their copyright laws to extend copyright's term to at least 70 years after the life of the author, essentially forcing the new US standard on all other 33 countries in the hemisphere. Although forbidden by the US Constitution, FTAA's copyright section would allow companies to copyright facts and scientific data.
Another provision requires all domain name trademark disputes to be decided by the Internet Corporation for Assigned Names and Numbers (ICANN), a private and unaccountable organization that is ill equipped to determine the limits of freedom of expression rights or the scope of intellectual property rights. Americans would no longer have access to their local public courts to adjudicate rights over their Internet domain names. [I really got to check this out — that sounds dubious — as the current and highly flawed ICANN procedure provides for subsequent court actions….]
“The FTAA Treaty's IP chapter reads like a 'wish list' for RIAA, MPAA, and Microsoft lobbyists,” said IP Justice Executive Director Robin Gross. “Rather than promote competition and creativity, it is bloated with provisions that create monopolies over information and media devices,” stated the intellectual property attorney.
The next round of FTAA Treaty negotiations will be here in Miami from November 16-21, 2003. Looks like I better read it by then….
I've blogged previously about the Sitefinder crisis.
This morning at 6am California time, the Internet Corporation for Assigned Names and Numbers (ICANN) announced it was giving VeriSign 36 hours to turn off Sitefinder or else. I've got the basic info, and the key links, up at ICANNWatch under the title ICANN Throws Down the Gauntlet to VeriSign on Sitefinder.
Jennifer Granick of the Stanford Center for Internet and Society has just announced the publication of the first Packets newsletter designed “to provide the legal community with concise descriptions of recently decided cyberlaw-related cases, and to point to the original decisions.” The announcement says it will be a bi-monthly publication written by Stanford Law School students. Staff and fellows of the center and volunteer attorneys will be the editors. The first issue is already online. It looks like a good, and well-written, resource for students and for lawyers who are not immersed in the field, complete with links to the sources after the summaries. People wanting more news, more often, albeit even more summarized, will probably want to subscribe to Michael Geist's exhaustingly comprehensive free daily newsletter, BNA Internet Law News.
Predicting the outcome of lawsuits is a risky game. But I'm going to predict that this motion by SCO seeking to dismiss the declaratory judgment complaint filed against it by Red Hat will fail. Miserably. Unless of course SCO's lawyers were to promise the court that they would never bring a copyright infringement claim against Red Hat or any of its customers. That's highly unlikely, but it would certainly moot the case.
SCO is the company that has been running around claiming that Linux violates its intellectual property rights. While trumpeting this claim, and offering purported licenses to users of Linux, SCO has been unwilling to make public a single convincing example of infringing code. It seems pretty obvious that SCO's own actions create a live controversy sufficient to satisfy the Declaratory Judgment Act, 28 UCS § 2201. Furthermore, the suggestion that the case is somehow precluded by a related action involving SCO and IBM is not at all persuasive, especially as many of the issues in that case involve a contract to which only IBM was a party. SCO is represented by David Boise's firm, Boies, Schiller & Flexner. So far, the paper in SCO's case and the client's general behavior are not making the Boise firm look good (yes, yes, I know some clients are beyond their lawyers' control….). Usually top-quality firms have aces up their sleeves before filing stuff like this motion, something that over time gives them credibility with judges, but right now I just can't see where an ace might be hiding.
There has also been recent action in the SCO-IBM case: IBM filed an elegant and reasonable-sounding counter-claim. It's an interesting document because it wraps IBM's case in the flag of open source and the GPL. IBM is represented by Cravath, Swaine & Moore.
Meanwhile SCO insiders have been selling stock at a decent clip .
The whole SCO-Linux thing is too big to summarize here. If you're just coming in at the middle, the places to go for more info are Slashdot and especially a great blog called Groklaw. Worryingly, Groklaw—imprisoned by the responsibilities of success—is about to have a bit of an identity crisis.
Last week, VeriSign, the people who run the .com registry (the big data file that has all the .com registration data in it), unilaterally decided to change the way the most-traveled portion of the Internet works for most people. Until then, if you typed in a .com domain name that didn't exist, you would get an error message. Unless, of course, you were an MSN or AOL subscriber, in which case you would get a custom web page they each designed, and which included some ads from folks who thought that they might profit from common misspellings.
Well, VeriSign saw a profit opportunity, and it decided to eat AOL's and MSN's and everyone else's lunch by introducing its “Sitefinder” service. In the new .com, every browser typo, every attempt to load up (the technical term is “resolve”) a domain that didn't actually exist, leads you to special pages designed and owned by VeriSign…and on which we are all invited to buy tailored advertising. [Sitefinder, incidentally, has the most unintentionally hilarious terms of service I have ever seen : a web page you go to by accident, and only because VeriSign made you, links to the adhesive assertion that “By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.” But I digress.]
Naturally, MSN and AOL are unhappy. But the technical community is furious. The web is not the whole Internet, and there are many other Internet tools that rely on getting the standard error message when a domain does not resolve properly. VeriSign's change threatened to break all those applications. [There are a lot of ccTLDs (national top-level domains like .ph) and one gTLD (.museum) that already do the same thing. But they are almost all very low volume, and their users were—in the main—forewarned before they registered their domains.]
The technical community responded by coding up changes to BIND, the dominant software for translating domain names into the Internet Protocol numbers that actually do the real work of identifying where the content you want is to be found, and telling the computer that has it how to find you. These changes essentially overtrump the VeriSign change. But fixes like this take time to deploy and propagate. It would be much tidier if VeriSign could be persuaded to put the cat back in the bag.
Meanwhile, the more formal part of the technical community also swung into action. The relevant Internet standards are defined by the Internet Engineering Task Force (IETF). The closest thing the IETF has to a governing body is a committee called the Internet Architecture Board (IAB). The IAB quickly issued a very careful and useful report. In effect, the IAB said that the relevant standards (called “RFCs”) are vague at the critical points, so thatwhat VeriSign did was not in technical violation of them. It's just in very, very bad taste. (Ironically, the IAB is chaired by a VeriSign employee who quite properly recused herself from the issue.)
Unlike most of the Internet, the domain name system has a global regulator. That job falls to the Internet Corporation for Assigned Names and Numbers (ICANN), the body chosen for that role by the U.S. Department of Commerce (for a long, technical description and critique of the relationship, see my Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution and Jonathan Weinberg's ICANN and the Problem of Legitimacy). Many people have thus looked to ICANN to force VeriSign to undo its change. Others bemoaned the fact that whatever ICANN was doing, its new streamlined processes meant that the public was cut out of its deliberations. An eloquent example of this is Michael Geist's lament that Regardless of the eventual outcome, Internet users will look back on the day that Internet governance mattered and remember that they didn't.
So far, however, ICANN, hasn't done much. It issued a preliminary statement, which prompted a very unenlightening reply from VeriSign .
Now ICANN's Security and Stability Committee has announced that it plans a meeting in Washington on October 7 to get input. That probably takes the pressure off ICANN to act immediately.
My sense is that is just as well for two reasons. The first is ably explored by Jonathan Weinberg at ICANNWatch. It turns out that under the trilateral (ICANN-VeriSign-US government) contractual regime negotiated by the US Government, ICANN probably lacks the authority to make VeriSign retreat.
There's a second reason. ICANN isn't democratic or accountable. In fact, we're in this pickle partly because of ICANN's own mistakes. The .com domain retains its importance and dominance for many reasons, but one of them is ICANN's total failure to permit much in the way of meaningful competition for it, something that is and would have been entirely in ICANN's power. It would be ironic and unfortunate to reward ICANN for its past failings by giving it new powers.
Some people will say that ICANN's impotence in the face of a serious technical hiccup is a problem. I think the signs are that the technical community is doing a fine job of working this one out in (excuse the ICANN-speak) a spontaneous, bottom-up, consensus-based manner that is technically sound and will contribute to the stability and security of the Internet.
Or, in other words, if you never heard about this crisis, odds are you may never need to.
Even a technical solution, however, doesn't mean that the lawyers will stay away from this one. Already two lawsuits have been filed against VeriSign, one by GoDaddy and the other by Popular Enterprises . Those suits may be nothing, however, compared to a looming patent infringement claim against VeriSign, as it appears that Sitefinder may infringe U.S. Pat. No. 6,332,158.
In Virtual Worlds such as Ultima Online and Everquest, the Internet may accidentally provide an environment that lends itself well to the testing of legal rules.Despite the name, and the historic focus on straight telecoms, in the past four or five years TPRC emerged as the place to go for interesting work on Internet and e-commerce. Uniquely among the conferences I attend, the organizers were not only interdisciplinary, but managed a good mix of business school and law school types. Even more unusual was the positively military insistence that papers be in on time, well before the conference, or you lost your free admission. In my experience TPRC draws very good papers from very good people. In its former venue TPRC had great soft chairs in the common area, where you could sit for hours talking to colleagues while missing out on sitting on the hard chairs in the lecture rooms. TPRC lost a lot of its funding, and isn't providing subsidies for travel or hotels this year. It also has a new venue at the George Mason law school (this will be my first visit there). That resulted, I think, in a slightly less interesting set of papers than usual, at least outside the telecoms area, although there's still some good stuff. More worrying, however, is the impact of Hurricane Isabel. This year's conference is supposed to start today, and the web site says it's going ahead as scheduled, but I've heard from a number of friends that they aren't going, either because their flights were cancelled, or out of general caution. Indeed, DC airports are reported closed until noon today. As it happens, my flight isn't until this afternoon, and so far it's showing as on time, so I'm going, although it's unclear how much of an audience there will be -- and more importantly how much fun the hallways will be.A growing literature suggests that there is a relationship between certain legal rules and economic well-being. Data about the economic consequences of rules would enormously enrich debates over economic regulation. Unfortunately, in the real world experimenting with legal rules can be costly and risky. Some scholars of comparative law attempt to draw lessons by comparing the diverse experiences of different countries, but these efforts too often fall prey to errors of cultural, not to mention legal, translation.
Virtual worlds could permit experiments without the real-world costs of bad rules or regulatory competition. Existing role playing games tend to include internal market regulations that resemble those seen in Western capitalist economies. These rules could be changed, or different versions of the game might use different variants. Online role playing games would provide better data than economic models because it should be possible to design the games to reduce the number of assumptions involved. Moreover, game participants are likely to care about outcomes more than participants in laboratory-based experiments, if only because resource constraints force these to be conducted for low stakes.
This paper is something special for me. It's my third collaborative paper, but the first time I've ever collaborated with my U.Miami colleague Caroline Bradley, who is also my wife. Working with her turned out to be surprisingly easy and pleasant -- we are used to one another and not only in the same time zone, but on the same home network. I think we've got a strong first draft of what will be a fun and interesting paper. The best part, though, is that Caroline did most of the thinking. We were driving south down Red Road one day, and I was describing what I'd learned about virtual worlds to Caroline. I was particularly struck by the way in which the mercantile rules adopted in some of the more popular games replicated or borrowed actual rules we use in real life.
"There's got to be a paper in there somewhere," I said.
"There is," Caroline replied, and sketched out the main ideas you'll find in our paper.
Virtual Worlds is a hot topic. There's going to be a conference in New York soon, and there's a neat new blog called Terra Nova devoted to discussing academic questions arising from MMORPGs generally (that's Massively Multiplayer Online Role-Playing Games, if you were wondering). They're pretty sharp: Dan Hunter, one of the bloggers, already has an item up noting our paper. Blogs move fast.