An Introduction to Internet Law (Psst: There's no

advertisement
Updating Your Typewriter Use Policy:
An Introduction to Internet Law
Steven J. McDonald
General Counsel
Rhode Island School of Design
2008 EDUCAUSE/Cornell
Institute for Computer Policy and Law
Agenda
• Updating your typewriter use policy
– The law of the horse
– A brief history of Internet law since 1728
•
•
•
•
Public institutions, private lives?
iFERPA, iCopyright, and other iMiscellanea
Meta-geography and cyber-jurisdiction
Questions (and maybe even some answers)
What is the Internet?
How Can I Possibly Deal with That?
• If a student sends a series of sexually
harassing e-mail messages to another
student, and your computer use/e-mail
policy doesn't specifically prohibit
sexual harassment, can you do
anything about it?
New Whines and Old Battles
"Technological advances must continually
be evaluated and their relation to legal
rules determined so that antiquated rules
are not misapplied in modern settings. . . .
Yet, if the substance of a transaction has
not changed, new technology does not
require a new legal rule merely because of
its novelty."
– Daniel v. Dow Jones & Co.
What is the Internet, really?
•
•
•
•
•
•
A bulletin board
A printing press
A library
A bookstore
A television set and a television station
A telephone, with lots of party lines and
unlimited conference calling
• A post office
• ...
What is the Internet, really?
A medium of communication!
How Can I Possibly Deal with That?
• If a student sends a series of sexually
harassing typewritten letters to another
student, and your typewriter use policy
doesn't specifically prohibit sexual
harassment, can you do anything about
it?
• Of course!
• The medium is not the message
Three Key Misconceptions
• Cyberspace is a separate legal jurisdiction
– In fact, conduct that is illegal or a violation of
policy in the "offline" world is just as illegal or a
violation of policy when it occurs online
• If it's technically possible, it's legal
– In fact, the technology has some legal
implications, but it does not define the outer limits
of the law
• Free access = free speech = unfettered speech
– In fact, even public institutions may limit the use of
their computer resources to business-related
purposes
One Key Point
• Internet law (and policy) existed long
before the Internet:
– The law of libel
– The law of privacy
– The law of copyright
– Criminal law
– Your sexual harassment policy, code of
student conduct, workplace rules
–...
And Two Key Implications
• Internet-specific rules aren't necessary
and may create problems
– Except when there are unique issues that
aren't already covered by generally
applicable laws and policies
• Education is critical
– It isn't always immediately clear (surprise!)
how the law applies to new situations
But It's on My System!
• Don't I have to do something about it?
• Won't I be held liable if I don't?
• Back to the law of the horse . . .
What are Colleges and Universities?
"Colleges and universities are just
Internet Service Providers that
charge tuition."
– former Harvard counsel Allan Ryan, Jr.
Key Dates in the Development
of the Law of ISP Liability
•
•
•
•
•
•
1728 – The King v. Clerk
1889 – Fogg v. Boston & Lowell RR. Co.
1933 – Layne v. The Tribune Co.
1952 – Hellar v. Bianco
1973 – Anderson v. New York Telephone
1986 – Spence v. Flynt
Who is responsible?
• Publishers
– Create content and hold it forth as their own
– Directly liable for the libels they disseminate
• Distributors
– Don't create, but choose to, and actively do, distribute
– Liable only if they "knew or should have known" that what
they are distributing is libelous
– No duty to prescreen
• Conduits
– Operate a system by which other people communicate
– No liability for libel, regardless of knowledge
Key Dates in the Development
of the Law of ISP Liability
• 1991 – Cubby v. CompuServe
• 1995 – Stratton Oakmont v. Prodigy
• 1996 – Communications Decency Act
47 U.S.C. § 230(c)(1)
"No provider or user of an
interactive computer service
shall be treated as the publisher
or speaker of any information
provided by another information
content provider."
"Harmful Content"
• Zeran v. AOL – defamation (even with
knowledge)
• Doe v. AOL – child pornography
• Stoner v. eBay – bootleg sound recordings
• Green v. AOL – computer viruses
• Noah v. AOL – religious harassment
• Doe v. Sexsearch.com – inaccurate age
information about potential sex partners
Hmm . . .
"No provider or user of an
interactive computer service
shall be treated as the publisher
or speaker of any information
provided by another information
content provider."
Hmm . . .
"The term 'information content
provider' means any person or
entity that is responsible, in whole
or in part, for the creation or
development of information
provided through the Internet or
any other interactive computer
service."
Hmm . . .
"A website operator can be both a service
provider and a content provider . . . . The
CDA does not grant immunity for inducing
third parties to express illegal preferences.
Roommate's own acts – posting the
questionnaire and requiring answers to it –
are entirely its doing and thus section 230 of
the CDA does not apply to them."
– Fair Housing Council v. Roommates.com
47 U.S.C. § 230(e)(2)
"Nothing in this section shall be
construed to limit or expand any
law pertaining to intellectual
property."
A Model Typewriter Use Policy
Policy in a Box
• All users of university computing
resources must:
– Comply with all federal, Ohio, and other
applicable law; all generally applicable
university rules and policies; and all
applicable contracts and licenses.
Getting Personal
• All users of university computing resources
must:
– Refrain from using those resources for personal
commercial purposes or for personal financial or
other gain. Personal use of university computing
resources for other purposes is permitted when it
does not consume a significant amount of those
resources, does not interfere with the performance
of the user's job or other university responsibilities,
and is otherwise in compliance with this policy.
Slow Down, You Move Too Fast
• All users of university computing
resources must:
– Respect the finite capacity of those
resources and limit use so as not to
consume an unreasonable amount of
those resources or to interfere
unreasonably with the activity of other
users.
But What About . . .
• File-sharing?
– Copyright policies and law
– Excessive use restriction
• Spam?
– Personal use/no commercial use restriction
– Excessive use restriction
– E-mail harassment law
• Harassment on blogs and other Next New
Thingamabobs
– Harassment policies
– Libel law (But is that really your issue, particularly
when the material is hosted off campus?)
You've Got Questions,
We've Got Answers
• Why doesn't the policy prohibit all personal use of
university computing resources? Why doesn't the
policy permit unrestricted personal use of university
computing resources?
• Does the restriction on use of university computing
resources for personal commercial purposes or
personal financial or other gain prohibit faculty from
using such resources in connection with their
consulting work?
• Does the restriction on individualized monitoring
prohibit a supervisor or co-worker from accessing an
employee's computer files for work-related purposes?
The Enforcer
• Violations will normally be handled through
the university disciplinary procedures
applicable to the relevant user. . . . However,
the university may temporarily suspend or
block access to an account, prior to the
initiation or completion of such procedures,
when it reasonably appears necessary to do
so in order to protect the integrity, security, or
functionality of university or other computing
resources or to protect the university from
liability.
I Know What You Did Last Summer
The Key to Handling
Computer Privacy Issues
Successfully
Ignore the law
But First, Let's Invade a Little
What is Privacy?
"[T]he right to be let alone – the most
comprehensive of rights, and the right
most valued by civilized men."
– Justice Louis Brandeis
Olmstead v. U.S.
The Legal Basis for Privacy:
A Crazy Quilt
• U.S. and state constitutions
– But no explicit reference in U.S.
constitution
– Fourth amendment (and state versions)
• Statutory privacy
– Electronic Communications Privacy Act
(and state versions)
– FERPA and other general privacy statutes
– But also federal and state FOIA laws
• The common law of privacy
The Fourth Amendment
"The right of the people to be secure in
their persons, houses, papers, and effects,
against unreasonable searches and
seizures, shall not be violated, and no
warrants shall issue, but upon probable
cause, supported by oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be
seized."
The Fourth Amendment
in Cyberspace
"We are satisfied that the Constitution
requires that the FBI and other police
agencies establish probable cause to enter
into a personal and private computer."
– U.S. v. Maxwell
Publics are Private,
Privates are Not
"Although individuals have a right under the
Fourth Amendment of the United States
Constitution to be free from unreasonable
searches and seizures by the Government,
private searches are not subject to
constitutional restrictions."
– U.S. v. Hall
O'Connor v. Ortega
"Fourth Amendment rights are implicated
[whenever] the conduct of the [government]
officials at issue . . . infringe[s] 'an
expectation of privacy that society is
prepared to consider reasonable.'"
O'Connor v. Ortega
(continued)
"[W]e reject the contention . . . that public employees can
never have a reasonable expectation of privacy in their
place of work. Individuals do not lose their Fourth
Amendment rights merely because they work for the
government instead of a private employer. The operational
realities of the workplace, however, may make some
employees' expectations of privacy unreasonable when an
intrusion is by a supervisor rather than a law enforcement
official. Public employees' expectations of privacy in their
offices, desks, and file cabinets, like similar expectations of
employees in the private sector, may be reduced by virtue
of actual office practices and procedures, or by legitimate
regulation."
O'Connor v. Ortega
(continued)
"Given the great variety of work
environments in the public sector, the
question whether an employee has a
reasonable expectation of privacy must be
addressed on a case-by-case basis."
Reasonable Expectations
in Cyberspace
• Who owns the system?
• Who has access to the system?
• How does the system work?
• How is the system used?
• Is the system password-protected?
• What policies apply to the system?
• What is the ordinary practice?
The Electronic Communications
Privacy Act (ECPA)
• "[A] fog of inclusions and exclusions" – Briggs
v. American Air Filter Co. (5th Cir. 1980)
• "[A] statute . . . which is famous (if not
infamous) for its lack of clarity" – Steve
Jackson Games, Inc. v. United States Secret
Service (5th Cir. 1994)
• "[T]he Fifth Circuit . . . might have put the
matter too mildly." – U.S. v. Smith (9th Cir.
1998)
ECPA Prohibitions
• Generally illegal to:
– Intercept an electronic communication
while it is in transmission (§2511(1)(a))
– Disclose the contents of an electronic
communication that has been illegally
intercepted (§2511(1)(c))
– Use the contents of an electronic
communication that has been illegally
intercepted (§2511(1)(d))
"In Transmission"
• "[T]he seizure of a computer on which is stored private email that has been sent to an electronic bulletin board, but
not yet read (retrieved) by the recipients" did not violate
§2511(1)(a) "because [the] acquisition of the contents of
the electronic communications was not contemporaneous
with the transmission of those communications". – Steve
Jackson Games, Inc. v. United States Secret Service
• ECPA "protects electronic communications from
interception when stored to the same extent as when in
transit." – Konop v. Hawaiian Airlines, Inc. I
• "We therefore hold that for a website such as Konop's to
be 'intercepted' in violation of the Wiretap Act, it must be
acquired during transmission, not while it is in electronic
storage." – Konop v. Hawaiian Airlines, Inc. II
ECPA Exceptions
• A provider of electronic communication
service may intercept an electronic
communication, or disclose or use an
intercepted communication, "while engaged
in any activity which is a necessary incident to
the rendition of [its] service or to the
protection of [its] rights or property".
(§2511(2)(a)(i))
More ECPA Exceptions
• A party to an electronic communication, or a
person to whom a party to an electronic
communication has given consent, may
intercept the communication "unless such
communication is intercepted for the purpose
of committing any criminal or tortious act".
(§2511(2)(d))
More ECPA Exceptions
• A party to an electronic communication, or a
person to whom a party to an electronic
communication has given consent, may
intercept the communication "unless such
communication is intercepted for the purpose
of committing any criminal or tortious act".
(§2511(2)(d))
– An exception to the exception: Some
states require that all parties consent.
Still More ECPA Prohibitions
and Exceptions
• It generally is illegal to access an electronic communication
while it is in electronic storage. (§2701(a))
– But a provider of electronic communication service has
apparently unlimited authority to access stored
communications on its system. (§2701(c)(1))
• But a provider of electronic communication service to the
public generally may not divulge the contents of a stored
communication. (§2702(a)(1))
– But any provider may divulge the contents of a
stored communication with consent or as a
necessary incident to the rendition of service or to
protects its rights or property. (§2702(b))
"To the Public"
"The statute does not define 'public'. The word
'public', however, is unambiguous. Public means
the 'aggregate of the citizens' or 'everybody' or 'the
public at large' or 'the community at large'. Black's
Law Dictionary 1227 (6th ed. 1990). Thus, the
statute covers any entity that provides electronic
communication service (e.g., e-mail) to the
community at large."
– Andersen Consulting LLP v. UOP
Law Enforcement Access
• Voluntary or at government request?
• Obtained inadvertently or intentionally?
• In transmission or in storage?
– In storage more than 180 days?
• Contents or log files?
• With consent of user or without?
• With notice to user or without?
www.cybercrime.gov/s&smanual2002.htm#_IIIF_
Or Maybe Not
"Where the third party is not expected to
access the e-mails in the normal course
of business, however, the party
maintains a reasonable expectation of
privacy, and subpoenaing the entity with
mere custody over the documents is
insufficient to trump the Fourth
Amendment warrant requirement."
– Warshak v. United States
But Then Again . . .
"We vacate the preliminary injunction
because Warshak's constitutional claim
is not ripe for judicial resolution."
– Warshak v. United States (en banc)
Common Law
Invasion of Privacy
• Intrusion
– "One who intentionally intrudes, physically or
otherwise, upon the solitude or seclusion of
another or his private affairs or concerns, is
subject to liability to the other for invasion of his
privacy, if the intrusion would be highly offensive to
a reasonable person."
• Public Disclosure of Private Facts
– "One who gives publicity to a matter concerning
the private life of another is subject to liability to
the other for invasion of his privacy, if the matter
publicized is of a kind that (a) would be highly
offensive to a reasonable person, and (b) is not of
legitimate concern to the public."
In summary . . .
"Law reflects but in no sense determines the
moral worth of a society. . . . The better the
society, the less law there will be. In Heaven
there will be no law, and the lion will lie down
with the lamb. . . . In Hell there will be
nothing but law, and due process will be
meticulously observed. "
– Grant Gilmore
Untangling the Privacy Mess
• Ignore the law
• Establish – and follow – a policy
– What expectations are reasonable?
– Consent
• Options:
– No privacy
– Total privacy
– Somewhere in between
Private Eyes may be Watching You
• The university may . . . specifically monitor the activity and
accounts of individual users of university computing resources,
including individual login sessions and communications, without
notice, when (a) the user has voluntarily made them accessible
to the public, as by posting to Usenet or a web page; (b) it
reasonably appears necessary to do so to protect the integrity,
security, or functionality of university or other computing
resources or to protect the university from liability; (c) there is
reasonable cause to believe that the user has violated, or is
violating, this policy; (d) an account appears to be engaged in
unusual or unusually excessive activity, as indicated by the
monitoring of general activity and usage patterns; or (e) it is
otherwise required or permitted by law. Any such individual
monitoring, other than that specified in "(a)", required by law, or
necessary to respond to perceived emergency situations, must
be authorized in advance by the Chief Information Officer or the
Chief Information Officer's designees.
Fun With FERPA
FERPA
• The Family Educational Rights and
Privacy Act of 1974
• A.K.A. the Buckley Amendment
FERPA's Big Three
• College students have the right, in
general, to:
– Control the disclosure of their "education
records" to others
– Inspect and review their own "education
records"
– Seek amendment of their "education
records"
So, What's an "Education Record"?
• "'Education records' . . . means those
records that are:
(1) Directly related to a student; and
(2) Maintained by an educational
agency or institution or by a party
acting for the agency or institution"
So, What's an "Education Record"?
• A record is "directly related" to a student if it
contains "personally identifiable information"
about that student
• "'Personally identifiable information' includes,
but is not limited to:" name, address, personal
identifiers (such as SSNs or campus ID
numbers), "a list of personal characteristics
that would make the student's identity easily
traceable", and "other information that would
make the student's identity easily traceable"
So, What's an "Education Record"?
• "Maintain" is not defined!
• Supreme Court:
– "FERPA implies that education records are
institutional records kept by a single central
custodian, such as a registrar."
– "The ordinary meaning of the word
'maintain' is 'to keep in existence or
continuance; preserve; retain.'"
We Don't Need No "Education"
• "Education records" certainly includes
transcripts, exams, papers, and the like
• But it also includes:
–
–
–
–
–
–
–
–
Financial aid and account records
Discipline records, including complaints
SSNs and campus ID numbers
Photographs
"Unofficial" files
Records that are publicly available elsewhere
Information that the student has publicly revealed
Virtually everything!
E-mail?
• Directly related?
• Maintained?
– Messages residing in faculty and staff
accounts
– Messages residing in student accounts
Disclosure
• Before disclosing education records – or
information from education records – an
institution must obtain a signed and dated
written consent from all relevant students,
specifying:
– The records that may be disclosed
– The purpose for which they may be disclosed
– The persons or classes to whom they may be
disclosed
What is a "Disclosure"?
• FERPA "clearly does not allow an educational .
. . institution to leave education records
unprotected or subject to access by
unauthorized individuals, whether in paper,
film, electronic, or any other format. We
interpret this prohibition to mean that an
educational . . . institution must use physical,
technological, administrative and other
methods, including training, to protect
education records in ways that are reasonable
and appropriate to the circumstances in which
the information or records are maintained."
What is a "Disclosure"?
• "[W]hen an institution is authorized to disclose
information from education records . . ., FERPA does
not specify or restrict the method of disclosure. . . .
FERPA does not mandate any specific method, such
as encryption technology, for achieving these
standards with electronic disclosure of information
from education records. However, reasonable and
appropriate steps consistent with current technological
developments should be used to control access to and
safeguard the integrity of education records in
electronic data storage and transmission, including the
use of e-mail, Web sites, and other Internet protocols."
Coming Distractions
• Proposed new regulations would add
"biometric record" and "[o]ther indirect
identifiers, such as date of birth, place
of birth, and mother's maiden name" to
definition of "personally identifiable
information"
• "Directory information does not include
a student's social security number or
student identification (ID) number."
Coming Distractions
• "Directory information includes a student's
user ID or other unique personal identifier
used by the student for purposes of
accessing or communicating in electronic
systems, but only if the electronic identifier
cannot be used to gain access to education
records except when used in conjunction with
one or more factors that authenticate the
user's identity, such as a personal
identification number (PIN), password, or
other factor known or possessed only by the
authorized user."
Coming Distractions
• "FERPA does not require an educational
agency or institution to notify students
that information from their education
records was stolen or otherwise subject
to an unauthorized release . . . ."
Combat Rock
Sympathy for the Devil
$16,000,000,000
$14,000,000,000
$12,000,000,000
$10,000,000,000
$8,000,000,000
$6,000,000,000
$4,000,000,000
$2,000,000,000
$0
1999 2000 2001 2002 2003 2004 2005 2006 2007
Annual sales of recorded music – RIAA
I Want You to Want Me
I Need You to Need Me
Liability: Users
• Direct infringement: "Anyone who, without the
authorization of the copyright owner, exercises any of
the exclusive rights of a copyright owner, . . . is an
infringer of copyright."
• Exclusive rights include copying and distribution, the
very functions that are at the heart of file-sharing
• (Very) strict liability
– Knowledge and intent are irrelevant to liability
– "'Innocent' infringement is infringement
nonetheless."
– Potential liabilities include as much as $150,000
per infringement, plus attorney fees and possible
criminal penalties
Fear of Music
• "Space shifting" your own music for
your own personal use generally is
regarded as fair use – see, e.g., RIAA v.
Diamond Multimedia Systems
• Transferring physical possession of a
CD to someone else is protected under
the "first sale" doctrine
But You Said It's Nice to Share
• "Sharing" with 10,000,000 of your
closest personal friends is neither
• "Napster users who upload file names
to the search index for others to copy
violate plaintiffs' distribution rights.
Napster users who download files
containing copyrighted music violate
plaintiffs' reproduction rights." – A&M
Records v. Napster
I Fought the Law, and the Law Won
• BMG Music v. Gonzalez
– Summary judgment – no need for trial
– Pre-purchase "sampling" is not fair use
– "Innocent" infringement: "Ignorance is no
defense to the law."
– 30 downloads = $22,500
• Statutory minimum of $750 per song infringed
Gypsies, Tramps, and Thieves
"Gonzalez's theme that she obtained
'only 30' . . . copyrighted songs is no
more relevant than a thief's contention
that he shoplifted 'only 30' compact
discs, planning to listen to them at home
and pay later for any he liked."
– BMG Music v. Gonzalez
Face the Music
• Capitol Records v. Thomas
– First case to go to trial
– Five-minute deliberation: willful
infringement
– Juror: "She's a liar."
Rhythm is Gonna Get You
Now Give Me Money,
That's What I Want
• 24 songs = $222,000
–$9,250 per song
–Two jurors wanted to impose the
statutory maximum of $150,000
per song ($3,600,000)
–iTunes value = $23.76
You're So Vain, You Probably
Think This Song is About You
"The Court is contemplating granting a new
trial for a different reason – on the grounds
that the Court committed a manifest error of
law when . . . it instructed the jury that '[t]he
act of making copyrighted sound recordings
available for electronic distribution on a peerto-peer network, without license from the
copyright owners, violates the copyright
owners' exclusive right of distribution,
regardless of whether actual distribution has
been shown.'"
Liability: ISPs
• Contributory infringement: "[O]ne
who, with knowledge of the
infringing activity, induces, causes
or materially contributes to the
infringing conduct of another, may
be held liable as a 'contributory
infringer.'"
You Like to Think That You're
Immune to the Stuff, Oh Yeah
• However, the Digital Millennium
Copyright Act provides ISPs with two
important safe harbors from liability in
this context:
– Information Residing on Systems or
Networks At Direction of Users (Hosted
Content)
– Transitory Digital Network Communications
(Conduit)
General Conditions for Eligibility
• Must accommodate, and not interfere
with, "standard technical measures"
• Must adopt, inform users of, and
"reasonably implement" a policy that
provides for the termination of the
accounts of "repeat infringers" in
"appropriate circumstances"
Nobody's Perfect
"We hold that a service provider
'implements' a policy if it has a working
notification system, a procedure for
dealing with DMCA-compliant
notifications, and if it does not actively
prevent copyright owners from collecting
information needed to issue such
notifications."
– Perfect 10, Inc. v. CCBill LLC
A Perfect Day
"To identify and terminate repeat
infringers, a service provider need
not affirmatively police its users for
evidence of repeat infringement."
– Perfect 10, Inc. v. CCBill LLC
Perfect Rejection
"The DMCA notification procedures place
the burden of policing copyright
infringement – identifying the potentially
infringing material and adequately
documenting infringement – squarely on
the owners of the copyright. We decline
to shift a substantial burden from the
copyright owner to the provider . . . ."
– Perfect 10, Inc. v. CCBill LLC
Be My Host
"A service provider shall not be
liable for . . . infringement of
copyright by reason of the storage
at the direction of a user of material
that resides on a system or network
controlled or operated by or for the
service provider . . . ."
Eligibility Conditions for
Hosted Content Safe Harbor
• Have no actual knowledge that specific material is
infringing or awareness of facts and circumstances
from which it is apparent
– Need not monitor or affirmatively seek out infringement
• "Expeditiously" remove or disable access to infringing
material upon gaining such knowledge or awareness
• Derive no financial benefit directly attributable to the
infringing activity
• Register a designated agent to receive notices of
claimed infringement
• Comply with notice and takedown procedure upon
receipt of a notice that "substantially complies"
Just Passing Through
"A service provider shall not be liable for . . .
infringement of copyright by reason of the
provider's transmitting, routing, or providing
connections for, material through a system or
network controlled or operated by or for the
service provider, or by reason of the
intermediate and transient storage of that
material in the course of such transmitting,
routing, or providing connections . . . ."
Eligibility Conditions for
Conduit Safe Harbor
• Transmission is directed by someone else
• Transmission is carried out by an automatic
technical process with no selection of
material by provider
• Provider does not select recipients
• Any transient copy is not "ordinarily"
accessible to others or retained for longer
than "reasonably" necessary for the
transmission
• Material is transmitted without modification of
content
It's Fun to Stay at the D-M-C-A
• Knowledge doesn't matter
• Takedown requirement doesn't apply
• But virtually all of the file sharing activity
on our campuses involves precisely this
situation
• "That is not surprising; P2P software
was 'not even a glimmer in anyone's
eye when the DMCA was enacted.'" –
RIAA v. Verizon Internet Services
Getting to Know You,
Getting to Know All About You
"A copyright owner . . . may request the clerk
of any United States district court to issue a
subpoena to a service provider for
identification of an alleged infringer . . . . The
subpoena shall . . . order the service provider
. . . to expeditiously disclose to the copyright
owner . . . information sufficient to identify the
alleged infringer of the material . . . to the
extent such information is available to the
service provider."
– 17 U.S.C. § 512(h)
Our Lips Are Sealed
"The issue is whether § 512(h) applies to an
ISP acting only as a conduit for data
transferred between two internet users, such
as persons . . . sharing P2P files. . . . We
conclude from both the terms of § 512(h) and
the overall structure of § 512 that . . . a
subpoena may be issued only to an ISP
engaged in storing on its servers material that
is infringing or the subject of infringing
activity."
– RIAA v. Verizon Internet Services
And the Beat(ing) Goes On
• "We agree with and adopt the reasoning of
the United States Court of Appeals for the
District of Columbia in Verizon as it pertains
to this statutory issue." – In re Charter
Communications, Inc.
• "It is possible, as the RIAA argues, that
Congress would have wished that such
subpoenas be issued to Section 512(a)
providers. It is equally clear, however, that for
whatever reason, the drafters of Section
512(h)" did not do so. – In re Subpoena to
UNC Chapel Hill
Meet John Doe
• "The clerk shall issue a subpoena, signed but
otherwise in blank, to a party requesting it,
who shall complete it before service. An
attorney as officer of the court may also issue
and sign a subpoena on behalf of . . . a court
in which the attorney is authorized to practice
. . . ."
–
–
–
–
No sworn declaration required
Not limited to identity
No requirement of judicial approval
Few grounds to contest
Rescue Me
We Are Family
(Educational Rights and Privacy Act)
• Subpoena must be "lawfully issued"
• Must make "reasonable effort to notify the . . .
student of the . . . subpoena in advance of
compliance"
• Rule 45 permits third-party witnesses to
object on the basis of privilege or undue
burden or expense
• No obligation – and not much standing – to
oppose subpoena beyond that
• Also no obligation to have the answer to the
question
One Way or Another, I'm Gonna Find Ya,
I'm Gonna Getcha, Getcha, Getcha, Getcha
Listen to What the Man Said
• As a condition of receiving federal financial
aid, each institution must now certify that it:
– "(A) has developed plans to effectively combat the
unauthorized distribution of copyrighted material,
including through the use of a variety of
technology-based deterrents; and
– (B) will, to the extent practicable, offer alternatives
to illegal downloading or peer-to-peer distribution
of intellectual property, as determined by the
institution in consultation with the chief technology
officer or other designated officer of the
institution."
Listen to What the Man Said
• "Effective technology-based deterrents are currently
available to institutions of higher education through a
number of vendors. These approaches may provide
an institution with the ability to choose which one best
meets its needs, depending on that institution's own
unique characteristics, such as cost and scale.
These include bandwidth shaping, traffic monitoring
to identify the largest bandwidth users, a vigorous
program of accepting and responding to Digital
Millennium Copyright Act (DMCA) notices, and a
variety of commercial products designed to reduce or
block illegal file sharing."
Cyber-Jurisdiction
Who Decides?
United States Supreme Court
Highest State Court
State Appellate Courts
State Trial Courts
Federal Courts of Appeal
Federal District Courts
Special Federal Courts
Judicial Jurisdiction
• Subject matter jurisdiction
– Jurisdiction over the case
• Type of case
• Amount in dispute
• Personal jurisdiction
– Jurisdiction over the parties
• Originally a matter of pure geography . . .
Judicial Geography
Internet Geography
Where do you want to be sued today?
A Really Big Shoe
"[D]ue process requires only that in
order to subject a defendant to a
judgment in personam, if he be not
present within the territory of the forum,
he have certain minimum contacts with
it such that the maintenance of the suit
does not offend 'traditional notions of
fair play and substantial justice.'"
– International Shoe Co. v. Washington
And Another
"We find that Sullivan, as the producer
and master of ceremonies of 'The Ed
Sullivan Show,' entered Arizona by
producing the play entitled 'A Case of
Libel' in New York City. . . . [T]he
telecast of the show . . . in Arizona [was]
voluntary, purposeful, reasonably
foreseeable and calculated to have
effect in Arizona . . . ."
– Pegler v. Sullivan
Zippo Dee Doo Dah
• "If a defendant enters into contracts with residents of a
foreign jurisdiction that involved the knowing and
repeated transmission of computer files over the
Internet, personal jurisdiction is proper."
• "A passive Web site that does little more than make
information available to those who are interested in it is
not grounds for the exercise [of] personal jurisdiction."
• "The middle ground is occupied by interactive Web
sites where a user can exchange information with the
host computer. In these cases, the exercise of
jurisdiction is determined by examining the level of
interactivity and commercial nature of the exchange of
information that occurs on the Web site."
– Zippo Mfg. Co. v. Zippo Dot Com, Inc.
Jurisdiction.edu?
"Revell first urges that the district court may assert
general jurisdiction over Columbia because its
website provides internet users the opportunity to
subscribe to the Columbia Journalism Review,
purchase advertising on the website or in the journal,
and submit electronic applications for admission. . . .
Though the maintenance of a website is, in a sense,
a continuous presence everywhere in the world, the
cited contacts of Columbia with Texas are not in any
way 'substantial.'"
– Revell v. Lidov
International Jurisdiction
• Within the U.S., the law usually doesn't vary
much from state to state
• But the Internet doesn't stop at national
borders, either
• "In the information age, the whole planet is
just a click away. So, unfortunately, are all
the lawyers." – University Business
• "In cyberspace, the First Amendment is just a
local ordinance." – variously attributed
Finally: Top Five Tips for Success
1. Forget about computers
2. Treat pornography as you would the Bible
3. Even publics should be private
4. Don’t go looking for trouble
5. Teach your children well
Download