The story of The Pirate Bay’s server drones echoes the saga of Sealand and HavenCo, so James Grimmalmann’s story in Ars Technica–“Death of a data haven: cypherpunks, WikiLeaks, and the world’s smallest nation”–is timely, entertaining, and informative.
Here’s a brief summary of last Friday’s federal government offensive against online gambling.
- Federal prosecutors brought fraud and-money laundering charges against the three largest online poker sites: Full Tilt Poker, PokerStars, and Absolute Poker. The government also seized their domain names, terminating their presence online–until they obtain another domain name.
- All three sites are located outside the U.S. Full Tilt is based in Alderney (an island in the English Channel and part of the U.K., ) PokerStars is on the Isle of Man, and Absolute Poker is in Costa Rica.
- According to the Wall Street Journal online poker sites last year took in about $16 billion in wagers from about 1.8 million U.S. residents who play poker online.
- The Unlawful Internet Gambling Enforcement Act of 2006 made it a crime for U.S. financial institutions to process payments for online gaming businesses. The NY Times reports “[t]he online poker operators sought to avoid detection by banks and legal authorities by funneling payments through fictitious online businesses that purported to sell jewelry, golf balls and other items, according to the indictment. It says that when some banks processed the payments, they were unaware of the real nature of the business, but the site operators also bribed banks into accepting the payments.”
- The legal environment is online poker is hardly clear. Disagreement exists over whether poker and blackjack are even illegal under federal anti-gaming laws, since some argue they are games of skill, not chance.
- The NY Times again:
- “Prosecutors seemed to skirt the issue. They based parts of their prosecution on state laws in New York and elsewhere that prohibited unlicensed gambling, including poker. Legal experts said the prosecutors needed to rely on such prohibitions as a foundation for going after the claims of money laundering and fraud. But Mr. Walters [a lawyer whose clients include other online gaming sites] said this strategy might face challenges. He said it was not clear that the state laws applied to foreign-based gambling operations, given that under federal law, international commerce was regulated at the federal level.”
- According to the WS Journal the sudden enforcement action surprised the sites’ customers, quoting a professional poker player who said “we understood there were issues. We never assumed there’d be some type of black-out overnight.”
PC World reports that a draft treaty leaked from the Anti-Counterfeiting Trade Agreement talks would make ISPs liable for civil damages for user-generated uploads and downloads of copyrighted content. According to PC World, the draft treaty would require ISPs to take affirmative steps, such as terminating violators’ accounts, to avoid being liable for their users’ copyright infringement. France last year enacted a “three-strikes” law requiring ISPs to terminate an account after a user’s second warning for copyright violations. Participating in the ACTA talks are the U.S., the E.U., Australia, Canada, Jordan, Mexico, Morocco, New Zealand, Singapore, South Korea, and the United Arab Emirates. If adopted by the U.S the draft proposal would change current law. Under the Digital Millennium Copyright Act U.S. based ISPs can avoid liability for users’ copyright infringement by adhering to the DMCA’s notice and take-down procedures. A U.S. ISP has no duty to monitor its site for user-posted copyright-infringing material, but if a copyright holder notifies the ISP of the presence of its copyrighted material on the site then the ISP must “expeditiously remove or disable access to” the targeted content to maintain the liability safe harbor. (See DMCA §512 for the complete text of the safe harbor requirements and procedures.)
In another European case I’ve blogged about before (here, here, and here), yesterday an Italian court convicted three Google executives of criminal privacy violations in a case arising out of a 2006 YouTube video of the bullying of an autistic boy, posted to YouTube by his abusers. The court imposed suspended three- to six-month sentences on three of the executives charged, acquitting them of defamation along with another executive facing only the defamation charge. Google, which said it plans to appeal, called the result “astonishing.” One of the convicted defendants–who is Google’s global privacy counsel–said “[t]he judge has decided I’m primarily responsible for the actions of some teenagers who uploaded a reprehensible video to Google video.” Google’s senior vice president and chief legal officer and its chief financial officer were also convicted. The Wall Street Journal article stated “[t]he trial could help define whether the Internet in Italy is an open, self-regulating platform or if content must be better monitored for abusive material.”
U.S. law, specifically Section 230 of the Communications Decency Act, would shield Google from liability because the actionable video was created and posted online by a third party. To put it in the language of Section 230, Google would not be liable because it was not the video’s information content provider; it was not “responsible, in whole or in part, for the creation or development of” the video. U.S. law recognizes the impracticability–or impossibility–of screening tens of thousands of posts and other items created by Internet users. This case, and the French case discussed in the prior post, show how far the Internet has come from that described in John Perry Barlow’s Declaration of the Independence of Cyberspace:
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind . . . You have no sovereignty where we gather . . . I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.
Or, eBay Loses Again in France. Last week the Paris District Court held eBay liable for using LVM’s trademarks as AdWords to, according to an eBay spokesperson, “direct buyers’ listings for authentic goods from eBay sellers.” The court ordered eBay to pay 230,000 € for damages and LVM’s legal fees and 1,000 € for every future violation. LVM and eBay have duked it out before; in June 2008 LVM won a suit against eBay over auctions of counterfeit Louis Vuitton handbags, the court holding that eBay did not employ adequate measures to prevent the sale of fake goods. Last year the Paris District Court fined eBay for continuing violations of the 2008 order.
Other luxury retailers have sued eBay for similar claims on both sides of the Atlantic. In August 2008 a Belgian court ruled for eBay in a suit over the sale of counterfeit Lancome perfumes. The court held “that eBay is a passive provider of ‘host’ services, as that term is defined in a European Community policy directive, and that it’s therefore entitled to more legal leeway than a brick-and-mortor auctioneer would receive if counterfeit goods were being sold on his premises,” reasoning that echoes what one would expect to be the outcome of the same claim under U.S. law. In July 2008 (eBay had a busy summer) Tiffany and Company lost a suit in federal court in New York City for trademark claims arising from eBay auctions of counterfeit trademarked goods. That court held “to the extent that eBay may have possessed general knowledge of infringement and dilution by sellers on its Web site, eBay did not possess knowledge or a reason to know of specific instances of trademark infringement or dilution as required under the law”–a clear expression of the difference between U.S. and French law on website liability.
In a speech a few weeks ago Hillary Clinton criticized China and other nations for their Internet censorship, warning that what she called an “information curtain” might prevent the citizens of such countries from the free flow of information. Her speech came shortly after Google reported it was the victim of computer hacking that it believed originated in China, announced that it would no longer censor references to the Tiananmen Square Massacre and other taboo topics from its Chinese search engine, and said it might withdraw from China altogether. Clinton said “[i]n an interconnected world, an attack on one nation’s networks can be an attack on all. Countries or individuals that engage in cyber attacks should face consequences and international condemnation.” China responded the next day, saying “the Chinese Internet is open” and the U.S. should “respect the truth and to stop using the so-called Internet freedom question to level baseless accusations.” Most interesting to me was China’s characterization of “[t]he American demand for an unfettered Internet” as “information imperialism:” “[t]he U.S. campaign for uncensored and free flow of information on an unrestricted Internet is a disguised attempt to impose its values on other cultures in the name of democracy.”
One might dismiss China’s rhetoric but this diplomatic fray involves a fundamental problem of Internet governance, which is whose law should apply to resolve Internet disputes? In the U.S. we often regard First Amendment rights to speech, press, assembly, religion, and petition as the manifestation of natural human rights that are fundamental to human dignity and liberty. (That is, we often talk about First Amendment rights in such terms. In practice we are woefully ignorant of the scope of legal protection these rights. Legislatures, with little apparent awareness, pass laws that violate the First Amendment, citizens urge legal sanctions against unpopular ideas, and religious fundamentalists denounce non-believers.) We believe benighted citizens of nations without free-speech traditions await liberation. That may certainly be true, but it is not inevitably, universally true. Imagining how we would react as a nation if another nation prosyletized about its superior beliefs can help one understand China’s reference to information imperialism. Indeed France has been saying much the same thing for years about the effect of American language and culture on French culture. I am not defending moral relativism. I believe that transparency and the free flow of information are better politically, socially, economically, and ethically than secrecy and censorship, but we cannot impose those values and expect cultures in which they have no foothold to embrace them at once.
Here’s the First Commandment for the Study of Internet Law: What the Internet was is not what the Internet shall always be. A few more stories echoing the last post’s theme:
- France’s Constitutional Council rejected the legislature’s attempt to thwart digital piracy by terminating Internet access for alleged illegal downloaders. Under the legislative proposal “a newly created agency, acting on the recommendations of copyright owners, would have been able to order Internet service providers to shut down the accounts of copyright cheats who ignored two warnings to stop.” The Council held the proposal violated French constitutional principles including the presumption of innocence and freedom of speech.
- The on-again, off-again Italian trial of four Google executives on criminal defamation and privacy charges arising from Google’s failure to remove a YouTube video of the bullying of an autistic boy in Turin started again this week–and then stopped after one day, when a translator failed to appear. The prosecution claims “that Google should have acted to prevent the broadcast of the footage and that by failing to do so it breached the disabled boy’s privacy.” Google, in turn, claims it has no legal liability to monitor content posted by third-parties and that “seeking to hold neutral platforms liable for content posted on them is a direct attack on a free, open internet.” The charges, which carry potential prison terms of three years, underscore the profound difference between U.S. and European Union privacy law and the importance of ISP liability immunity provided by Section 230 of the Communications Decency Act.
- NetChoice published its Internet Advocates Watchlist for Ugly Laws–“iAwful” to publicize “ the top ten worst proposed laws affecting ecommerce and open communications. . . . [The list’s] primary focus is on laws that will affect business, particularly by increasing taxes or dictating standards and practices that the group thinks are unworkable.”
Despite domestic and international opposition (e.g. “China Faces Criticism Over New Software Censor“) China is proceeding with its requirement that the Green Dam Youth Escort content-filtering software be installed on, or included on a compact disc accompanying the purchase of, all new computers sold in the country as of July 1. The name “Green Dam Youth Escort” conjures an image of a responsible elder guiding a youngster through a landscape dotted with levees holding back reservoirs of Internet yuckiness–or perhaps an image of an escort service that caters to minors. China’s ostensible purpose is to stem exposure to violent and pornographic content. Some critics fear the software is a vehicle for greater government monitoring of and control over dissident or other politically-unacceptable speech. Manufacturers are concerned the new software won’t play nice with operating systems and other software. The Beijing News reported the software is both over- and under-inclusive, blocking content it should permit and permitting content it should block. Computer scientists have said the software contains flaws that third parties could exploit. China, nevertheless, continues to say that July 1 compliance deadline is firm.
I’m following this story because it is interesting on its merits and because of what it says about the state of Internet law. I’m pointing my Internet law course in a new direction for the coming academic year, reducing its emphasis on theories of regulation. Current events, like this story, reflect powerful forces contending over the future of the Internet. I want students to understand these forces and what is at stake. “Code is law” continues to be an important message, but the playing field of 2009 is far more complex than that of a decade ago.
The Internet Safety Technical Task Force recently released its final report, titled “Enhancing Child Safety and Online Technologies.” The Task Force prepared the report at the request of 50 state Attorneys General “to determine the extent to which today’s technologies could help to address . . . online safety risks” including “the dangers of sexual solicitation, online harassment, and bullying, and exposure to problematic and illegal content.” The Task Force concluded “the risks minors face online are complex and multifaceted and are in most cases not significantly different than those they face offline, and that as they get older, minors themselves contribute to some of the problems.” (Today’s class discussion about cyberbullying, involving students far closer to the problem than me, echoed this conclusion.” Cherry-picking from the 278-page report’s Executive Summary:
- The Internet increases the availability of harmful, problematic and illegal content, but does not always increase minors’ exposure. Unwanted exposure to pornography does occur online, but those most likely to be exposed are those seeking it out, such as older male minors.
- Social network sites are not the most common space for solicitation and unwanted exposure to problematic content, but are frequently used in peer-to-peer harassment, most likely because they are broadly adopted by minors and are used primarily to reinforce pre-existing social relations.
- [Minors] who are most at risk often engage in risky behaviors and have difficulties in other parts of their lives. The psychosocial makeup of and family dynamics surrounding particular minors are better predictors of risk than the use of specific media or technologies.
The Task Force reviewed numerous technologies intended to protect child safety online “including age verification and identity authentication, filtering and auditing, text analysis, and biometrics,” a review that produced “a state of cautious optimism.” The report did “note that almost all technologies submitted present privacy and security issues that should be weighed against any potential benefits. Additionally, because some technologies carry an economic cost and some require involvement by parents and teachers, relying on them may not protect society’s most vulnerable minors.” The Task Force “cautions against overreliance on technology in isolation or on a single technological approach.”
Inspired in part by concerns raised by the Conficker worm the New York Times posed a question in Sunday’s Week in Review: Do We Need a New Internet? The issues are not new to anyone who has read Larry Lessig’s Code (either the original or Code 2.0) or Jonathan Zittrain’s The Future of the Internet–And How to Stop it, or anyone who has taken my Internet law course. The Internet was built to facilate sharing research among scientists, academics, and defense researchers. It valued openness, decentralization, and ease of use over security. Then the world discovered this wonderful communications network and brought to it all of the best and all of the worst humans can offer. John Markoff wrote in the Times that
there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over. What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there.
We just cannot stop ourselves from screwing up a good thing.