Updating Your Typewriter Use Policy: An Introduction to Internet Law Steven J. McDonald General Counsel Rhode Island School of Design 2008 EDUCAUSE/Cornell Institute for Computer Policy and Law Agenda • Updating your typewriter use policy – The law of the horse – A brief history of Internet law since 1728 • • • • Public institutions, private lives? iFERPA, iCopyright, and other iMiscellanea Meta-geography and cyber-jurisdiction Questions (and maybe even some answers) What is the Internet? How Can I Possibly Deal with That? • If a student sends a series of sexually harassing e-mail messages to another student, and your computer use/e-mail policy doesn't specifically prohibit sexual harassment, can you do anything about it? New Whines and Old Battles "Technological advances must continually be evaluated and their relation to legal rules determined so that antiquated rules are not misapplied in modern settings. . . . Yet, if the substance of a transaction has not changed, new technology does not require a new legal rule merely because of its novelty." – Daniel v. Dow Jones & Co. What is the Internet, really? • • • • • • A bulletin board A printing press A library A bookstore A television set and a television station A telephone, with lots of party lines and unlimited conference calling • A post office • ... What is the Internet, really? A medium of communication! How Can I Possibly Deal with That? • If a student sends a series of sexually harassing typewritten letters to another student, and your typewriter use policy doesn't specifically prohibit sexual harassment, can you do anything about it? • Of course! • The medium is not the message Three Key Misconceptions • Cyberspace is a separate legal jurisdiction – In fact, conduct that is illegal or a violation of policy in the "offline" world is just as illegal or a violation of policy when it occurs online • If it's technically possible, it's legal – In fact, the technology has some legal implications, but it does not define the outer limits of the law • Free access = free speech = unfettered speech – In fact, even public institutions may limit the use of their computer resources to business-related purposes One Key Point • Internet law (and policy) existed long before the Internet: – The law of libel – The law of privacy – The law of copyright – Criminal law – Your sexual harassment policy, code of student conduct, workplace rules –... And Two Key Implications • Internet-specific rules aren't necessary and may create problems – Except when there are unique issues that aren't already covered by generally applicable laws and policies • Education is critical – It isn't always immediately clear (surprise!) how the law applies to new situations But It's on My System! • Don't I have to do something about it? • Won't I be held liable if I don't? • Back to the law of the horse . . . What are Colleges and Universities? "Colleges and universities are just Internet Service Providers that charge tuition." – former Harvard counsel Allan Ryan, Jr. Key Dates in the Development of the Law of ISP Liability • • • • • • 1728 – The King v. Clerk 1889 – Fogg v. Boston & Lowell RR. Co. 1933 – Layne v. The Tribune Co. 1952 – Hellar v. Bianco 1973 – Anderson v. New York Telephone 1986 – Spence v. Flynt Who is responsible? • Publishers – Create content and hold it forth as their own – Directly liable for the libels they disseminate • Distributors – Don't create, but choose to, and actively do, distribute – Liable only if they "knew or should have known" that what they are distributing is libelous – No duty to prescreen • Conduits – Operate a system by which other people communicate – No liability for libel, regardless of knowledge Key Dates in the Development of the Law of ISP Liability • 1991 – Cubby v. CompuServe • 1995 – Stratton Oakmont v. Prodigy • 1996 – Communications Decency Act 47 U.S.C. § 230(c)(1) "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." "Harmful Content" • Zeran v. AOL – defamation (even with knowledge) • Doe v. AOL – child pornography • Stoner v. eBay – bootleg sound recordings • Green v. AOL – computer viruses • Noah v. AOL – religious harassment • Doe v. Sexsearch.com – inaccurate age information about potential sex partners Hmm . . . "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Hmm . . . "The term 'information content provider' means any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service." Hmm . . . "A website operator can be both a service provider and a content provider . . . . The CDA does not grant immunity for inducing third parties to express illegal preferences. Roommate's own acts – posting the questionnaire and requiring answers to it – are entirely its doing and thus section 230 of the CDA does not apply to them." – Fair Housing Council v. Roommates.com 47 U.S.C. § 230(e)(2) "Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property." A Model Typewriter Use Policy Policy in a Box • All users of university computing resources must: – Comply with all federal, Ohio, and other applicable law; all generally applicable university rules and policies; and all applicable contracts and licenses. Getting Personal • All users of university computing resources must: – Refrain from using those resources for personal commercial purposes or for personal financial or other gain. Personal use of university computing resources for other purposes is permitted when it does not consume a significant amount of those resources, does not interfere with the performance of the user's job or other university responsibilities, and is otherwise in compliance with this policy. Slow Down, You Move Too Fast • All users of university computing resources must: – Respect the finite capacity of those resources and limit use so as not to consume an unreasonable amount of those resources or to interfere unreasonably with the activity of other users. But What About . . . • File-sharing? – Copyright policies and law – Excessive use restriction • Spam? – Personal use/no commercial use restriction – Excessive use restriction – E-mail harassment law • Harassment on blogs and other Next New Thingamabobs – Harassment policies – Libel law (But is that really your issue, particularly when the material is hosted off campus?) You've Got Questions, We've Got Answers • Why doesn't the policy prohibit all personal use of university computing resources? Why doesn't the policy permit unrestricted personal use of university computing resources? • Does the restriction on use of university computing resources for personal commercial purposes or personal financial or other gain prohibit faculty from using such resources in connection with their consulting work? • Does the restriction on individualized monitoring prohibit a supervisor or co-worker from accessing an employee's computer files for work-related purposes? The Enforcer • Violations will normally be handled through the university disciplinary procedures applicable to the relevant user. . . . However, the university may temporarily suspend or block access to an account, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of university or other computing resources or to protect the university from liability. I Know What You Did Last Summer The Key to Handling Computer Privacy Issues Successfully Ignore the law But First, Let's Invade a Little What is Privacy? "[T]he right to be let alone – the most comprehensive of rights, and the right most valued by civilized men." – Justice Louis Brandeis Olmstead v. U.S. The Legal Basis for Privacy: A Crazy Quilt • U.S. and state constitutions – But no explicit reference in U.S. constitution – Fourth amendment (and state versions) • Statutory privacy – Electronic Communications Privacy Act (and state versions) – FERPA and other general privacy statutes – But also federal and state FOIA laws • The common law of privacy The Fourth Amendment "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." The Fourth Amendment in Cyberspace "We are satisfied that the Constitution requires that the FBI and other police agencies establish probable cause to enter into a personal and private computer." – U.S. v. Maxwell Publics are Private, Privates are Not "Although individuals have a right under the Fourth Amendment of the United States Constitution to be free from unreasonable searches and seizures by the Government, private searches are not subject to constitutional restrictions." – U.S. v. Hall O'Connor v. Ortega "Fourth Amendment rights are implicated [whenever] the conduct of the [government] officials at issue . . . infringe[s] 'an expectation of privacy that society is prepared to consider reasonable.'" O'Connor v. Ortega (continued) "[W]e reject the contention . . . that public employees can never have a reasonable expectation of privacy in their place of work. Individuals do not lose their Fourth Amendment rights merely because they work for the government instead of a private employer. The operational realities of the workplace, however, may make some employees' expectations of privacy unreasonable when an intrusion is by a supervisor rather than a law enforcement official. Public employees' expectations of privacy in their offices, desks, and file cabinets, like similar expectations of employees in the private sector, may be reduced by virtue of actual office practices and procedures, or by legitimate regulation." O'Connor v. Ortega (continued) "Given the great variety of work environments in the public sector, the question whether an employee has a reasonable expectation of privacy must be addressed on a case-by-case basis." Reasonable Expectations in Cyberspace • Who owns the system? • Who has access to the system? • How does the system work? • How is the system used? • Is the system password-protected? • What policies apply to the system? • What is the ordinary practice? The Electronic Communications Privacy Act (ECPA) • "[A] fog of inclusions and exclusions" – Briggs v. American Air Filter Co. (5th Cir. 1980) • "[A] statute . . . which is famous (if not infamous) for its lack of clarity" – Steve Jackson Games, Inc. v. United States Secret Service (5th Cir. 1994) • "[T]he Fifth Circuit . . . might have put the matter too mildly." – U.S. v. Smith (9th Cir. 1998) ECPA Prohibitions • Generally illegal to: – Intercept an electronic communication while it is in transmission (§2511(1)(a)) – Disclose the contents of an electronic communication that has been illegally intercepted (§2511(1)(c)) – Use the contents of an electronic communication that has been illegally intercepted (§2511(1)(d)) "In Transmission" • "[T]he seizure of a computer on which is stored private email that has been sent to an electronic bulletin board, but not yet read (retrieved) by the recipients" did not violate §2511(1)(a) "because [the] acquisition of the contents of the electronic communications was not contemporaneous with the transmission of those communications". – Steve Jackson Games, Inc. v. United States Secret Service • ECPA "protects electronic communications from interception when stored to the same extent as when in transit." – Konop v. Hawaiian Airlines, Inc. I • "We therefore hold that for a website such as Konop's to be 'intercepted' in violation of the Wiretap Act, it must be acquired during transmission, not while it is in electronic storage." – Konop v. Hawaiian Airlines, Inc. II ECPA Exceptions • A provider of electronic communication service may intercept an electronic communication, or disclose or use an intercepted communication, "while engaged in any activity which is a necessary incident to the rendition of [its] service or to the protection of [its] rights or property". (§2511(2)(a)(i)) More ECPA Exceptions • A party to an electronic communication, or a person to whom a party to an electronic communication has given consent, may intercept the communication "unless such communication is intercepted for the purpose of committing any criminal or tortious act". (§2511(2)(d)) More ECPA Exceptions • A party to an electronic communication, or a person to whom a party to an electronic communication has given consent, may intercept the communication "unless such communication is intercepted for the purpose of committing any criminal or tortious act". (§2511(2)(d)) – An exception to the exception: Some states require that all parties consent. Still More ECPA Prohibitions and Exceptions • It generally is illegal to access an electronic communication while it is in electronic storage. (§2701(a)) – But a provider of electronic communication service has apparently unlimited authority to access stored communications on its system. (§2701(c)(1)) • But a provider of electronic communication service to the public generally may not divulge the contents of a stored communication. (§2702(a)(1)) – But any provider may divulge the contents of a stored communication with consent or as a necessary incident to the rendition of service or to protects its rights or property. (§2702(b)) "To the Public" "The statute does not define 'public'. The word 'public', however, is unambiguous. Public means the 'aggregate of the citizens' or 'everybody' or 'the public at large' or 'the community at large'. Black's Law Dictionary 1227 (6th ed. 1990). Thus, the statute covers any entity that provides electronic communication service (e.g., e-mail) to the community at large." – Andersen Consulting LLP v. UOP Law Enforcement Access • Voluntary or at government request? • Obtained inadvertently or intentionally? • In transmission or in storage? – In storage more than 180 days? • Contents or log files? • With consent of user or without? • With notice to user or without? www.cybercrime.gov/s&smanual2002.htm#_IIIF_ Or Maybe Not "Where the third party is not expected to access the e-mails in the normal course of business, however, the party maintains a reasonable expectation of privacy, and subpoenaing the entity with mere custody over the documents is insufficient to trump the Fourth Amendment warrant requirement." – Warshak v. United States But Then Again . . . "We vacate the preliminary injunction because Warshak's constitutional claim is not ripe for judicial resolution." – Warshak v. United States (en banc) Common Law Invasion of Privacy • Intrusion – "One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person." • Public Disclosure of Private Facts – "One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public." In summary . . . "Law reflects but in no sense determines the moral worth of a society. . . . The better the society, the less law there will be. In Heaven there will be no law, and the lion will lie down with the lamb. . . . In Hell there will be nothing but law, and due process will be meticulously observed. " – Grant Gilmore Untangling the Privacy Mess • Ignore the law • Establish – and follow – a policy – What expectations are reasonable? – Consent • Options: – No privacy – Total privacy – Somewhere in between Private Eyes may be Watching You • The university may . . . specifically monitor the activity and accounts of individual users of university computing resources, including individual login sessions and communications, without notice, when (a) the user has voluntarily made them accessible to the public, as by posting to Usenet or a web page; (b) it reasonably appears necessary to do so to protect the integrity, security, or functionality of university or other computing resources or to protect the university from liability; (c) there is reasonable cause to believe that the user has violated, or is violating, this policy; (d) an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; or (e) it is otherwise required or permitted by law. Any such individual monitoring, other than that specified in "(a)", required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the Chief Information Officer or the Chief Information Officer's designees. Fun With FERPA FERPA • The Family Educational Rights and Privacy Act of 1974 • A.K.A. the Buckley Amendment FERPA's Big Three • College students have the right, in general, to: – Control the disclosure of their "education records" to others – Inspect and review their own "education records" – Seek amendment of their "education records" So, What's an "Education Record"? • "'Education records' . . . means those records that are: (1) Directly related to a student; and (2) Maintained by an educational agency or institution or by a party acting for the agency or institution" So, What's an "Education Record"? • A record is "directly related" to a student if it contains "personally identifiable information" about that student • "'Personally identifiable information' includes, but is not limited to:" name, address, personal identifiers (such as SSNs or campus ID numbers), "a list of personal characteristics that would make the student's identity easily traceable", and "other information that would make the student's identity easily traceable" So, What's an "Education Record"? • "Maintain" is not defined! • Supreme Court: – "FERPA implies that education records are institutional records kept by a single central custodian, such as a registrar." – "The ordinary meaning of the word 'maintain' is 'to keep in existence or continuance; preserve; retain.'" We Don't Need No "Education" • "Education records" certainly includes transcripts, exams, papers, and the like • But it also includes: – – – – – – – – Financial aid and account records Discipline records, including complaints SSNs and campus ID numbers Photographs "Unofficial" files Records that are publicly available elsewhere Information that the student has publicly revealed Virtually everything! E-mail? • Directly related? • Maintained? – Messages residing in faculty and staff accounts – Messages residing in student accounts Disclosure • Before disclosing education records – or information from education records – an institution must obtain a signed and dated written consent from all relevant students, specifying: – The records that may be disclosed – The purpose for which they may be disclosed – The persons or classes to whom they may be disclosed What is a "Disclosure"? • FERPA "clearly does not allow an educational . . . institution to leave education records unprotected or subject to access by unauthorized individuals, whether in paper, film, electronic, or any other format. We interpret this prohibition to mean that an educational . . . institution must use physical, technological, administrative and other methods, including training, to protect education records in ways that are reasonable and appropriate to the circumstances in which the information or records are maintained." What is a "Disclosure"? • "[W]hen an institution is authorized to disclose information from education records . . ., FERPA does not specify or restrict the method of disclosure. . . . FERPA does not mandate any specific method, such as encryption technology, for achieving these standards with electronic disclosure of information from education records. However, reasonable and appropriate steps consistent with current technological developments should be used to control access to and safeguard the integrity of education records in electronic data storage and transmission, including the use of e-mail, Web sites, and other Internet protocols." Coming Distractions • Proposed new regulations would add "biometric record" and "[o]ther indirect identifiers, such as date of birth, place of birth, and mother's maiden name" to definition of "personally identifiable information" • "Directory information does not include a student's social security number or student identification (ID) number." Coming Distractions • "Directory information includes a student's user ID or other unique personal identifier used by the student for purposes of accessing or communicating in electronic systems, but only if the electronic identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a personal identification number (PIN), password, or other factor known or possessed only by the authorized user." Coming Distractions • "FERPA does not require an educational agency or institution to notify students that information from their education records was stolen or otherwise subject to an unauthorized release . . . ." Combat Rock Sympathy for the Devil $16,000,000,000 $14,000,000,000 $12,000,000,000 $10,000,000,000 $8,000,000,000 $6,000,000,000 $4,000,000,000 $2,000,000,000 $0 1999 2000 2001 2002 2003 2004 2005 2006 2007 Annual sales of recorded music – RIAA I Want You to Want Me I Need You to Need Me Liability: Users • Direct infringement: "Anyone who, without the authorization of the copyright owner, exercises any of the exclusive rights of a copyright owner, . . . is an infringer of copyright." • Exclusive rights include copying and distribution, the very functions that are at the heart of file-sharing • (Very) strict liability – Knowledge and intent are irrelevant to liability – "'Innocent' infringement is infringement nonetheless." – Potential liabilities include as much as $150,000 per infringement, plus attorney fees and possible criminal penalties Fear of Music • "Space shifting" your own music for your own personal use generally is regarded as fair use – see, e.g., RIAA v. Diamond Multimedia Systems • Transferring physical possession of a CD to someone else is protected under the "first sale" doctrine But You Said It's Nice to Share • "Sharing" with 10,000,000 of your closest personal friends is neither • "Napster users who upload file names to the search index for others to copy violate plaintiffs' distribution rights. Napster users who download files containing copyrighted music violate plaintiffs' reproduction rights." – A&M Records v. Napster I Fought the Law, and the Law Won • BMG Music v. Gonzalez – Summary judgment – no need for trial – Pre-purchase "sampling" is not fair use – "Innocent" infringement: "Ignorance is no defense to the law." – 30 downloads = $22,500 • Statutory minimum of $750 per song infringed Gypsies, Tramps, and Thieves "Gonzalez's theme that she obtained 'only 30' . . . copyrighted songs is no more relevant than a thief's contention that he shoplifted 'only 30' compact discs, planning to listen to them at home and pay later for any he liked." – BMG Music v. Gonzalez Face the Music • Capitol Records v. Thomas – First case to go to trial – Five-minute deliberation: willful infringement – Juror: "She's a liar." Rhythm is Gonna Get You Now Give Me Money, That's What I Want • 24 songs = $222,000 –$9,250 per song –Two jurors wanted to impose the statutory maximum of $150,000 per song ($3,600,000) –iTunes value = $23.76 You're So Vain, You Probably Think This Song is About You "The Court is contemplating granting a new trial for a different reason – on the grounds that the Court committed a manifest error of law when . . . it instructed the jury that '[t]he act of making copyrighted sound recordings available for electronic distribution on a peerto-peer network, without license from the copyright owners, violates the copyright owners' exclusive right of distribution, regardless of whether actual distribution has been shown.'" Liability: ISPs • Contributory infringement: "[O]ne who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another, may be held liable as a 'contributory infringer.'" You Like to Think That You're Immune to the Stuff, Oh Yeah • However, the Digital Millennium Copyright Act provides ISPs with two important safe harbors from liability in this context: – Information Residing on Systems or Networks At Direction of Users (Hosted Content) – Transitory Digital Network Communications (Conduit) General Conditions for Eligibility • Must accommodate, and not interfere with, "standard technical measures" • Must adopt, inform users of, and "reasonably implement" a policy that provides for the termination of the accounts of "repeat infringers" in "appropriate circumstances" Nobody's Perfect "We hold that a service provider 'implements' a policy if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications." – Perfect 10, Inc. v. CCBill LLC A Perfect Day "To identify and terminate repeat infringers, a service provider need not affirmatively police its users for evidence of repeat infringement." – Perfect 10, Inc. v. CCBill LLC Perfect Rejection "The DMCA notification procedures place the burden of policing copyright infringement – identifying the potentially infringing material and adequately documenting infringement – squarely on the owners of the copyright. We decline to shift a substantial burden from the copyright owner to the provider . . . ." – Perfect 10, Inc. v. CCBill LLC Be My Host "A service provider shall not be liable for . . . infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider . . . ." Eligibility Conditions for Hosted Content Safe Harbor • Have no actual knowledge that specific material is infringing or awareness of facts and circumstances from which it is apparent – Need not monitor or affirmatively seek out infringement • "Expeditiously" remove or disable access to infringing material upon gaining such knowledge or awareness • Derive no financial benefit directly attributable to the infringing activity • Register a designated agent to receive notices of claimed infringement • Comply with notice and takedown procedure upon receipt of a notice that "substantially complies" Just Passing Through "A service provider shall not be liable for . . . infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections . . . ." Eligibility Conditions for Conduit Safe Harbor • Transmission is directed by someone else • Transmission is carried out by an automatic technical process with no selection of material by provider • Provider does not select recipients • Any transient copy is not "ordinarily" accessible to others or retained for longer than "reasonably" necessary for the transmission • Material is transmitted without modification of content It's Fun to Stay at the D-M-C-A • Knowledge doesn't matter • Takedown requirement doesn't apply • But virtually all of the file sharing activity on our campuses involves precisely this situation • "That is not surprising; P2P software was 'not even a glimmer in anyone's eye when the DMCA was enacted.'" – RIAA v. Verizon Internet Services Getting to Know You, Getting to Know All About You "A copyright owner . . . may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer . . . . The subpoena shall . . . order the service provider . . . to expeditiously disclose to the copyright owner . . . information sufficient to identify the alleged infringer of the material . . . to the extent such information is available to the service provider." – 17 U.S.C. § 512(h) Our Lips Are Sealed "The issue is whether § 512(h) applies to an ISP acting only as a conduit for data transferred between two internet users, such as persons . . . sharing P2P files. . . . We conclude from both the terms of § 512(h) and the overall structure of § 512 that . . . a subpoena may be issued only to an ISP engaged in storing on its servers material that is infringing or the subject of infringing activity." – RIAA v. Verizon Internet Services And the Beat(ing) Goes On • "We agree with and adopt the reasoning of the United States Court of Appeals for the District of Columbia in Verizon as it pertains to this statutory issue." – In re Charter Communications, Inc. • "It is possible, as the RIAA argues, that Congress would have wished that such subpoenas be issued to Section 512(a) providers. It is equally clear, however, that for whatever reason, the drafters of Section 512(h)" did not do so. – In re Subpoena to UNC Chapel Hill Meet John Doe • "The clerk shall issue a subpoena, signed but otherwise in blank, to a party requesting it, who shall complete it before service. An attorney as officer of the court may also issue and sign a subpoena on behalf of . . . a court in which the attorney is authorized to practice . . . ." – – – – No sworn declaration required Not limited to identity No requirement of judicial approval Few grounds to contest Rescue Me We Are Family (Educational Rights and Privacy Act) • Subpoena must be "lawfully issued" • Must make "reasonable effort to notify the . . . student of the . . . subpoena in advance of compliance" • Rule 45 permits third-party witnesses to object on the basis of privilege or undue burden or expense • No obligation – and not much standing – to oppose subpoena beyond that • Also no obligation to have the answer to the question One Way or Another, I'm Gonna Find Ya, I'm Gonna Getcha, Getcha, Getcha, Getcha Listen to What the Man Said • As a condition of receiving federal financial aid, each institution must now certify that it: – "(A) has developed plans to effectively combat the unauthorized distribution of copyrighted material, including through the use of a variety of technology-based deterrents; and – (B) will, to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property, as determined by the institution in consultation with the chief technology officer or other designated officer of the institution." Listen to What the Man Said • "Effective technology-based deterrents are currently available to institutions of higher education through a number of vendors. These approaches may provide an institution with the ability to choose which one best meets its needs, depending on that institution's own unique characteristics, such as cost and scale. These include bandwidth shaping, traffic monitoring to identify the largest bandwidth users, a vigorous program of accepting and responding to Digital Millennium Copyright Act (DMCA) notices, and a variety of commercial products designed to reduce or block illegal file sharing." Cyber-Jurisdiction Who Decides? United States Supreme Court Highest State Court State Appellate Courts State Trial Courts Federal Courts of Appeal Federal District Courts Special Federal Courts Judicial Jurisdiction • Subject matter jurisdiction – Jurisdiction over the case • Type of case • Amount in dispute • Personal jurisdiction – Jurisdiction over the parties • Originally a matter of pure geography . . . Judicial Geography Internet Geography Where do you want to be sued today? A Really Big Shoe "[D]ue process requires only that in order to subject a defendant to a judgment in personam, if he be not present within the territory of the forum, he have certain minimum contacts with it such that the maintenance of the suit does not offend 'traditional notions of fair play and substantial justice.'" – International Shoe Co. v. Washington And Another "We find that Sullivan, as the producer and master of ceremonies of 'The Ed Sullivan Show,' entered Arizona by producing the play entitled 'A Case of Libel' in New York City. . . . [T]he telecast of the show . . . in Arizona [was] voluntary, purposeful, reasonably foreseeable and calculated to have effect in Arizona . . . ." – Pegler v. Sullivan Zippo Dee Doo Dah • "If a defendant enters into contracts with residents of a foreign jurisdiction that involved the knowing and repeated transmission of computer files over the Internet, personal jurisdiction is proper." • "A passive Web site that does little more than make information available to those who are interested in it is not grounds for the exercise [of] personal jurisdiction." • "The middle ground is occupied by interactive Web sites where a user can exchange information with the host computer. In these cases, the exercise of jurisdiction is determined by examining the level of interactivity and commercial nature of the exchange of information that occurs on the Web site." – Zippo Mfg. Co. v. Zippo Dot Com, Inc. Jurisdiction.edu? "Revell first urges that the district court may assert general jurisdiction over Columbia because its website provides internet users the opportunity to subscribe to the Columbia Journalism Review, purchase advertising on the website or in the journal, and submit electronic applications for admission. . . . Though the maintenance of a website is, in a sense, a continuous presence everywhere in the world, the cited contacts of Columbia with Texas are not in any way 'substantial.'" – Revell v. Lidov International Jurisdiction • Within the U.S., the law usually doesn't vary much from state to state • But the Internet doesn't stop at national borders, either • "In the information age, the whole planet is just a click away. So, unfortunately, are all the lawyers." – University Business • "In cyberspace, the First Amendment is just a local ordinance." – variously attributed Finally: Top Five Tips for Success 1. Forget about computers 2. Treat pornography as you would the Bible 3. Even publics should be private 4. Don’t go looking for trouble 5. Teach your children well