Stop SOPA

Here’s another NY Times Op-Ed, this one by Rebecca MacKinnon, titled Stop the Great Firewall of America. MacKinnon compares effects of the the proposed Stop Online Privacy Act–the Senate version is the Protect IP Act–to the Great Firewall of China, i.e. Chinese censorship of online content. These proposed laws would upend the DMCA notice-and-take down provisions that establish the ISP safe harbor from liability for copyrighted content and impose affirmative duties on ISPs to screen for unauthorized posting of copyrighted content. These are dangerous laws that would protect copyright at the expense of speech and other democratic principles.

CSI: Fish Pier

You ordered mahi-mahi but is it really Vietnamese catfish on your plate?  The NY Times reports that researchers compared genes of commercially-available fish with a database of gene sequences of identified species and “consistently found that 20 to 25 percent of the seafood products they check are fraudulently identified.”   Seafood sold in the U.S.–84 percent of which is imported, according to the Times article–travels “a multistep global supply chain.”  Along the way the reported percentage is mislabeled, both to upgrade to more expensive species (“tilapia may be the Meryl Streep of seafood, capable of playing almost any role”) and to disguise an overfished species that conscientious consumers might avoid as something plentiful.   The Times quotes a doctoral student who has worked on the research:  “If you can’t even trust that the name is right, then how can you trust anything else on the package, including the date?”  Let’s see the invisible hand of the free market solve this problem.

Privacy and Security

A story in yesterday’s Wall Street Journal titled NSA’s Domestic Spying Grows as Agency Sweeps Up Data (subscription required) reports that–

According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called “transactional” data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA’s own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge’s approval when a link to al Qaeda is suspected.

The NSA’s enterprise involves a cluster of powerful intelligence-gathering programs, all of which sparked civil-liberties complaints when they came to light. They include a Federal Bureau of Investigation program to track telecommunications data once known as Carnivore, now called the Digital Collection System, and a U.S. arrangement with the world’s main international banking clearinghouse to track money movements.

The effort also ties into data from an ad-hoc collection of so-called “black programs” whose existence is undisclosed, the current and former officials say. Many of the programs in various agencies began years before the 9/11 attacks but have since been given greater reach. Among them, current and former intelligence officials say, is a longstanding Treasury Department program to collect individual financial data including wire transfers and credit-card transactions.

An NSA spokeswoman stated that the Agency “strictly follows laws and regulations designed to preserve every American’s privacy rights under the Fourth Amendment to the U.S. Constitution.” If you find comfort in that statement, consider this description of how the Agency uses its expanded domestic surveillance authority to pursue leads:

If a person suspected of terrorist connections is believed to be in a U.S. city — for instance, Detroit, a community with a high concentration of Muslim Americans –the government’s spy systems may be directed to collect and analyze all electronic communications into and out of the city. The haul can include records of phone calls, email headers and destinations, data on financial transactions and records of Internet browsing. The system also would collect information about other people, including those in the U.S., who communicated with people in Detroit.

The information collected “doesn’t generally include the contents of conversations or emails.” Generally. That’s a word we lawyers use to say “most of the time we don’t, unless we do.” Even without such content the NSA can identify the parties to phone calls and emails, their locations, and their cell phone numbers. The telecoms enable the NSA’s efforts either by copying all data through their switches to share with the NSA, or by ceding control to the NSA over the switches. The White House is pushing a bill that would immunize the telecoms from liability for privacy claims arising from this data collection. The NSA domestic surveillance program includes elements of and technology from the Pentagon’s Total Information Awareness initiative that Congress defunded in 2003 following criticism of TIA’s potential for civil rights abuses. Before it was killed the Pentagon renamed TIA to Terrorist Information Awareness to make it seem less creepy. Now the NSA is implementing TIA through its “black budget,” beyond effective non-NSA scrutiny.

The Journal story reminded me of a recent Wired column by the always-prescient Bruce Schneier: What Our Top Spy Doesn’t Get: Security and Privacy Aren’t Opposites. Schneir’s column focuses on a proposal from National Intelligence Director Michael McConnell to monitor all–“that’s right, all–” Internet communications:

In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer or Web search. “Google has records that could help in a cyber-investigation,” he said. Giorgio warned me, “We have a saying in this business: ‘Privacy and security are a zero-sum game.'”

This states it as baldly as one can. This administration’s top intelligence personnel consider every increase in security to require a corresponding decrease in privacy. As Scheier states “I’m sure they have that saying in their business. And it’s precisely why, when people in their business are in charge of government, it becomes a police state.” Scheier says privacy versus security is a false dichotomy, that the true dichotomy is between liberty and control–and that “liberty requires both security and privacy.”

Net Neutrality Bill

Congressman Ed Markey, chairman of the House subcommittee on telecommunications and the Internet, this week introduced a bill titled The Internet Freedom Preservation Act that seeks to maintain the open architecture of the Internet. Net Neutrality is a buzzword that means different things according to who wields it. My use is consistent with Markey’s. Net Neutrality means keeping some portion of the architecture of the Internet–or some portion of the architecture of each layer of the Internet–open and free from discriminatory treatment of access and data. In other words, maintain that original architecture that allows anyone to get online, establish an Internet presence, establish connections with other networks, and publish and receive information without interference. To others, such as the US Telecom Association, net neutrality means government regulation of Internet architecture. They want the ability to treat some data–such as movies streamed from their servers to their paying customers–preferentially, which in turn means giving lower priority to other data. They argue that Internet architecture has always been market-driven and government should stay out of its design. One irony is that some early-Internet pioneers, for whom government regulation of anything network related was anathema, support the goals of Markey’s bill. Another is that the original design of the Internet was research-driven, not market-driven, certainly not in any commercial sense of “market.” The Internet was created by the U.S. government to enable collaboration among military and academic researchers. Unrestricted data flow is in its DNA. It is disingenuous to argue that the market should continue to govern its design, as if the market was always the invisible hand shaping its development. It wasn’t.

Nice try, but . . .

British Farmer Robert Fidler wanted to build a castle. Not metaphorically, as in “a man’s home is . . .” but literally. Local laws forbade building in the zone where his castle was located but Fidler is not one to have his wishes turned aside by mere regulations. His solution was to erect a huge pile of hay bales, cover it with blue tarps, and secretly build the castle inside. He figured that as long as he kept its existence secret he would be protected by a law that protected a non-conforming structure if no objections was made to it within four years. Such it-almost-makes-sense-but-not-quite reasoning is common among those trying desperately to evade regulations–the regulation on which Fidler hung his hat is premised on the non-conforming building being visible and tolerated by those who might object to it. A secret building hidden inside an enormous blue mound doesn’t cut it. See the story and pictures, but don’t be surprised if you remain puzzled after doing so. This is an odd story.

The Undead

Like Cool Hand Luke rising from the ground each time Dragline knocked him on his ass or like the living dead from the George Romero movies, Allofmp3.com refuses to submit, popping up after each execution with an amnesiac’s disregard for its back story. See None of MP3.com, AllofMP3.com Lives Yet, and AllofMP3.com–Is That All You’ve Got? This story reports that Russia caused the site to be shut down “to end criticism from the United States that Russia was failing to clamp down on music and video piracy.” By the time the press ran the story Media Services, the company behind AllofMP3.com, had opened a new site named mp3Sparks.com that it claims is legal under Russian law. Since the arguments for the new site’s legality echo those used to support Allofmp3.com we can expect this saga to continue. Frustrating, I’m sure, for parties on both sides of the issues but a boon to a professor of Internet law, this story captures the nailing-a-blob-of-mercury nature of cross-border Internet regulation.

Embrace the Gray*

This week a discussion of direct and indirect regulation turned to cigarettes. The legal regulation of cigarettes turned to other regulated products and behaviors, such as New York City’s ban on trans fats and state laws requiring adults to wear seat belts. Some students supported such laws because they promote societal good or reduce societal costs. Others criticized them as unwarranted “nanny state” interference in personal decision-making. (No one argued against laws regulating the effects of second-hand smoke or requiring use of automotive restraints for young children.)

A student emailed me after class, annoyed at the inconsistency in the laws we had discussed. He made a point I have heard from many non-lawyers, although he defines his frustration more clearly than most: “If I knew nothing about math symbols, only numbers, and you told me that 2 + 2 = 4, and 4 + 3 = 7, I would quickly learn how to do similar addition problems.” He wants law to achieve the same certainty. He cited the different ways in which the law regulates trans fats, marijuana, cocaine, and heroin, alcohol, and cigarettes. He also cited seat-belt laws. He asked “So why the inconsistency in the law?” Everything on his list is capable of providing some amount of personal pleasure, can have harmful consequences for the person who engages in them, and imposes direct and indirect social costs. He did not argue a particular agenda for or against anything on his list. To someone who teaches law to college undergraduates who (mostly) will not be lawyers, his question is more profound, : “I just feel that if I were to look at 2 + 2 = 4 and 4 + 3 = 7, I should be able to figure out similar problems . . . Trans fats, no seat belts, marijuana, and cigarettes should, based on the similar facts they share, all be outlawed or all be allowed.”

Until I started to teach I never thought at length about this intense desire for legal certainty. I saw it in clients, of course, but in the context of advising them about specific problems. At big firm billable rates they did not engage me to muse about the nature of the American legal system. When surrounded by lawyers, there is a comfort level with the law’s inherent ambiguity. We spend three years in law school distinguishing this case from that case, arguing why X and X1 are materially different and why Y and Z are the same thing. Nature, training, and experience enable most lawyers to live comfortably in the gray zone.

The next day I used this topic as a springboard for discussion in the class where it began. How do my students respond to the law’s ambiguity? “That’s the way the law has to be” said the first few speakers. Another student raised his hand. “I’d like to talk more about what is legal and what is illegal, and talk less about everything else.” I walked to one end of the board and wrote “legal.” Dragging the chalk along the board I drew a line to the far end and wrote “illegal.” “Law is pretty clear at these extremes” I said. “Most of what you encounter in business will not fall at either end. It will be here.” I drew a large oval around the middle of the continuum. “This is where the questions are most interesting.” He did not appear satisfied. He wants a checklist of behaviors so he knows what will land him in jail or make him liable for someone else’s harm.

I understand his desire for certainty. We are drawn to binary solutions for complex problems. But, as I said in class, the law only becomes more complex because we humans find new, precedent-setting ways to do each other harm. Teaching law as a checklist would create greater certainty but less understanding. As frustrating as it is for many of them, I believe I serve my students better by teaching why the law is often ambiguous.

*Last semester a student who did poorly on an early exam talked to me on the eve of the second exam. “I was thinking too much about the law in black and white” he said. “For this exam I’ve learned to embrace the gray.” He did much better the second time around.

Internet and Crime

Three articles I read today about Internet crime created an interesting juxtaposition. A c|net article discussed the affordability of tools for sale to facilitate online criminal activity, a Washington Post article discussed how unsecured WiFi connections enable anonymous, roaming access for criminal activity, and a Wall Street Journal article (subscription required) discussed the prosecutorial trend of filing criminal charges in venues that are physically remote from the persons charged.

According to c|net RSA, which monitors transactions on websites and ICQ channels between providers and consumers of hacking tools, reported at a recent conference that the tools are becoming more sophisticated while their prices are falling. Vendors are offering bulk discounts: 1-10 purloined eBay accounts cost $5.00/each, but the price drops to $4.50/each for 10-50 accounts, and to $3.50 for another 50 accounts. The Washington Post article begins with the tale of police, armed with a warrant, closing in on a suspected pedophile who traded child pornography online. Their target location was inhabited by an elderly woman who had nothing to do with the crime, other than being the owner of the wireless router beaming broadband access throughout her apartment building. Apparently one of her neighbors–police could not trace who it was–gained access through her router. There are more than 46,000 public wireless access points around the country, making it easy to log in, do harm, log out, and move on. The Post quoted a law enforcement official: “It’s frustrating for officers . . . If a suspect is going from coffee shop to coffee shop and using free signals to commit crimes, the police probably aren’t going to catch him. That’s the reality.”

The Journal balances the bad-guys-are-winning theme. In the short history of Internet law one thing is axiomatic: the Internet is everywhere. Usually we discuss how the Internet’s ubiquity frustrates regulation. It also enables prosecutors to charge crimes against remote defendants. If a police investigator downloads child porn to a computer in Buffalo, New York from a man residing in Massachusetts, it does not matter that the defendant has never set foot in Buffalo: he can face prosecution there because the crime was committed there. A concern exists that prosecutors will chose venues that will be hostile–or at least inconvenient to–the defendant but, as one attorney notes in this article, “inconvenience isn’t a defense.”

Online Gaming Smorgasbord

The Unlawful Internet Gambling Enforcement Act has created interesting ripples. Before the recent election there was speculation that the Republican-sponsored Act, which imposes civil and criminal penalties on financial institutions that process transactions with online gaming sites, could affect the fortunes of some house races. “‘I’ve been a loyal Republican for over 30 years, and I’m quitting the party I once loved,’ said Jim Henry, 55, who lives outside San Francisco. ‘Not because of the Mark Foley scandal or Middle East policy. But because the Republican Party wants to stop me from what I love to do: play poker over the Internet.'” The Republicans, of course, lost the control of both houses of Congress, although I’ve read nothing that suggests opposition to the Act materially affected the outcome. Reactions to the Act underscore a split in Republican voters, between religious conservatives who oppose gambling on moral grounds and libertarians who object to government regulation of a private recreational activity.(1)

Since President Bush signed it into law on October 13 the Act has had serious financial consequences for online gaming companies. Traffic to Internet gaming sites by U.S. residents dropped 56% in the month following the Act’s passage and companies such as Sportingbet PLC (60% U.S.-based business) and Party-Gaming PLC (80% U.S.-based business). Investors sold off shares of publicly traded gambling companies; PartyGaming PLC saw more than half of its market capitalization disappear (£2 billion), Sportingbet PLC lost £500 million, and other publicly-trade companies experienced major losses.(2) Companies like PokerStars continue to operate, offering online poker games that they argue are games of skill, not chance, and therefor outside the Act’s reach.(2)

Meanwhile, BetOnSports PLC settled a civil lawsuit filed by the U.S. Attorney in St. Louis by agreeing (a) not to take any bets from U.S. residents, (b) to take out advertisements in U.S. newspapers telling readers that online gambling is illegal in the United States, and (c) to establish a toll-free number to advise customers how to obtain refunds of wagers placed before the suit was filed. BetOnSports, which did not admit any wrongdoing in settling the case, said it plans to concentrate its business on the Asian market. BetOnSport’s CEO David Carruthers, who was arrested in July along with other BetOnSports employees for conspiracy, fraud, and racketeering charges, still faces criminal charges and is in custody in St. Louis.(3)

The U.S. has also stepped-up enforcement of existing criminal statutes. One week ago law enforcement officials announced the prosecution of a “billion-dollar-a-year gambling ring,” charging 27 people with “enterprise corruption, money laundering, and promoting gambling.” The gambling ring allegedly centered on a web site through which bettors, supplied with a secret code, could track bets placed with bookies on football, baseball, basketball, and other sports. Police say that defendant James Giordino, the putative mastermind, ran the gambling operation from a laptop that he never let out of his sight–until he left it behind in his hotel room while attending a wedding on Long Island in 2005. Police hacked into the computer (presumably subject to a warrant) and discovered information that led to the recent arrests. Prosecutor seek forfeiture of $500 million in assets.(4)

  1. Adam Goldman, Did Republicans overplay their hand with the anti-Internet gambling bill? FindLaw, 2-Nov-06
  2. Sean F. Kane, New Legislation Forces Gaming Sites to Decide When to Hold ‘Em and When to Fold ‘Em, Internet Law & Strategy, 3-Nov-06; Associated Press, Traffic to online gambling sites drops in wake of new U.S. law, SiliconValley.com, 14-Nov-06
  3. Associated Press, U.S., BetOnSports Settle Civil Case, 10-Nov-06, The Wall Street Journal; CBS/AP, 11 Charged in Web Gambling Crackdown, CBSNews.com, 18-Jul-06
  4. Associated Press, Criminal charges brought over online gambling, MSNBC.com, 15-Nov-06