The MySpace suicide case concluded last week, with the jury finding Lori Drew guilty of three misdemeanor counts of gaining unauthorized access to the popular social-networking site.
While most of the press attention has been focused on the specifics of the case, the more important issue is the potential impact this could have on the Internet in general.
Web site terms of service, which end users universally ignore, suddenly have teeth: violating them is a federal hacking offense, punishable with jail time. The days of being able to freely lie on the Web could be coming to an end. This could mean serious trouble for people who lie about their age, weight, or marital status in their online dating profiles.
Bad cases and bad laws
The specifics of the Lori Drew case are messy and emotional. The important fact is that there is no federal cyberbullying statute, so the U.S. attorney in Los Angeles turned to a novel interpretation of existing computer hacking laws to try to punish the woman. The general idea is that in creating terms of service, a Web site owner specifies the rules of admission to the site. If someone violates any of those contractual terms, the "access" to the Web site is done without authorization, and is thus hacking.
Unfortunately for Internet users everywhere, a jury bought the theory last week and found Lori Drew guilty of three misdemeanor violations of the Computer Fraud and Abuse Act, punishable with up to one year in a federal prison and a $100,000 fine for each of the three counts.
Horrible terms of service
Until the Drew case is overturned, terms of service would appear to have the power of federal hacking laws to back them up, at least in cases where an ambitious federal prosecutor is interested in making a name for himself.
Back in March, I wrote about Google's insane terms of service--which forbid the use of the site's search engine, free e-mail service, or any of its other offerings by people under the age of 18. The site's terms state:
"You may not use...Google's products, software, services and Web sites...and may not accept the Terms if...you are not of legal age to form a binding contract with Google.
Under the Department of Justice's current interpretation of hacking laws, every high schooler who uses Google to do homework is in theory a criminal.
However, it gets even better than that. As the Electronic Frontier Foundation noted in its amicus brief to the court, the dating site Match.com prohibits married persons from using the Web site to cheat on their spouses:
"You must be at least eighteen (18) years of age and single or separated from your spouse to register as a member of Match.com or use the Website."
Dating site eHarmony takes this even further, forbidding its users from lying in their online profiles:
"You will not provide inaccurate, misleading or false information to eHarmony or to any other user. If information provided to eHarmony or another user subsequently becomes inaccurate, misleading or false, you will promptly notify eHarmony of such change.
All those people who have lied about their age or weight in an eHarmony profile would now appear to be computer hackers. Oh, and if you gain 30 pounds after posting your profile and don't promptly update your profile--yep, jail for you.
Silver lining...a weapon against RIAA
Back in the early days of the Digital Millennium Copyright Act, activists discussed the creative use of terms of service to keep agents of the RIAA and MPAA from visiting their sites, and collecting evidence for later trials. In a few minutes of searching, I was able to find at least one Web site whose terms of service still forbid such activity.
Notice to RIAA & MPAA and affiliated contractors: Pursuant to DMCA statutes, you are forbidden from accessing or reproducing any content on this site, due to a violation of our terms of service. This is not a matter for discussion. You must exit this Website now.
These amateur click-wrap agreements didn't seem to hold much weight back then. Could the precedent set by the Lori Drew case provide ammunition to pirates, activists, and the thousands of other Internet users who have an anti-RIAA ax to grind?
Parry Aftab, a lawyer and executive director of an anti-cyberbullying group hailed the court case as a victory, telling the Associated Press that the "verdict has made it very clear if you use the Internet as a weapon to hurt others, especially young, vulnerable teens, you're going to have to answer to a jury. This is not acceptable."
For those of us who see the over 30,000 lawsuits filed by the RIAA as an abuse of the legal system and an organized shakedown of vulnerable high school and college students who know little about the law, perhaps this warning will hold true.
Updated on 5/19/08 with comment from RealPlayer (see below)
Users of YouTube and other video-sharing sites could face $750 per clip penalties if they have watched a video that was uploaded without the copyright holder's permission.
Copyright infringement in the United States strict liability offense. What this means, is that users are liable when they illegally copy works, even if they're not aware that this is wrong, or that the work is protected by copyright.
As an example, let us consider the popular video sharing website YouTube.
Every week, 6 days after the show airs, HBO uploads the most recent episode of "Real Time with Bill Maher." However, within a few hours of the show's TV broadcast, a number of other users upload copies that they have recorded with their computers.
When a user visits YouTube, and searches for "Bill Maher", he will see a large number of results - some of which will be for official content uploaded by HBO, and the vast majority of which is for copyrighted content illegally uploaded by other users.
According to a strict reading of the copyright laws, and discussions with legal scholars, users could unknowingly be liable if they click on the wrong YouTube link. The fact that they're not aware that a video was illegally uploaded is irrelevant. All that matters is that they clicked on a link, and watched the video.
For BitTorrent websites like The Pirate Bay, where the vast majority of the files are illegal, it is at least semi-reasonable to expect most users to know that they are engaged in an illegal act. However, for sites like YouTube, where both legal and illegal content are available on the same platform, it is significantly trickier. How exactly, are the less-tech savvy amongst us supposed to determine if a file is legal to watch?
Copytraps
The issue of unintentional home user liability is the subject of a recent paper by Ned Snow, a law professor at the University of Arkansas. In "Copytraps", Professor Snow argues that copyright law unfairly exposes end users to significant liability, for actions which they have no reason to believe are illegal.
Professor Snow puts forth the following example: A user visits Google, and searches for the name of a band they like. One of the first results takes them to a website, named "legal-music-downloads.com". Once there, the user hands over her credit card, and pays $.99 per song to this unknown website. Now, imagine that "legal-music-downloads.com" is in fact a fraudulent website run by a couple guys in Eastern Europe. They download files from BitTorrent, and then illegally re-sell them to American consumers.
As Prof. Snow describes, the fact that the end user thought she was participating in a legal purchase is irrelevant. All that matters is that she has copied (downloaded) a copyrighted work, which was not sold through legitimate means. This user could be liable for up to $750 per song.
This may sound crazy, but it's completely possible under the existing system. Yes, the RIAA and MPAA have for now, gone after people who were sharing files. However, there is nothing in the law forcing them to stick to just those users. They are legally permitted to go after downloaders too.
Experts respond
To make sense of this, I turned to a few other experts in copyright law. First, I spoke with Corynne McSherry, a staff attorney at the Electronic Frontier Foundation. McSherry told me that the scenarios I outlined were not beyond imagination, and quite possible under existing copyright law.
As an example of copyright holders going after downloaders, she pointed to a 2006 attempt by the Embroidery Software Protection Coalition to get the identities of all the participants of an online embroidery discussion forum. In support of their claims, the Coalition compared the stitchers' online screeds to "terrorist activities" and accused them of posting slanderous statements "that marched across the Internet bulletin boards and chat groups similar to Hitler's march across Europe."
The Embroidery Coalition, following tactics similar to the RIAA and MPAA, threatened grandmothers with lawsuits for downloading copyrighted embroidery patterns from the Internet. These little old ladies were given the choice of either paying a few hundred dollars, or facing a lawsuit.
Luckily, the lawyers at the EFF were able to get the Coalition to back down, but this does at least prove that left unchecked, copyright law can be used to go after the end users.
The EFF's McSherry told me that the penalties in copyright law were "not like many other areas of the law where you have to show harm." Thus, illegally copying a song that is sold for $.99 at the iTunes store can still lead to a $750 per song fine. McSherry labeled this as "completely disproportionate" and said that because of this, "for regular people, who don't have thousands of dollars, the inclination is to settle (the cases), rather than to fight."
YouTube users at risk
While Professor Snow focuses on the example of lying websites, I am personally far more interested in liability for users of major sites like YouTube.
Sherwin Siy, an attorney with Public Knowledge, told me that my YouTube fears might be overblown. Siy points to a difference between downloading a video, and streaming it. He told me that "arguing that a buffer copy (for a streaming view) is a duplication, that's even more of an uphill (battle), and the potential awards might not be worth the attorneys fees." He added that "merely watching a video on your screen, authorized or not, isn't going to be an infringement if you're not publicly performing or copying it."
Siy also noted that copyright law does allow for a reduced $200 per work penalty for infringement, if the pirate can prove that they had no reason to believe that they were infringing.
Updated:
Siy clarified his point in a followup email: "For instance, if my local network TV affiliate were to broadcast an infringing copy of a TV show, and I were to watch it at home, I would definitely not be liable. The copytraps idea might come into play had I (however innocently) taped or DVR'd the broadcast."
While Siy makes some good points, I will have to disagree with him on the issue of viewing vs. downloading. There are many off the shelf tools that allow users to download YouTube videos. The most widely deployed of these is RealPlayer, which automatically makes allows the user to make a local copy of every YouTube video that a user watches. YouTube has no way of knowing if someone is streaming or downloading a video - as it's simply a case of transferring bits over a wire. If the RIAA or MPAA ever subpoenaed YouTube's logs, they wouldn't be able to differentiate these users either.
YouTube's Position
A few years ago, a number of major firms started threatening Linux end-users with patent lawsuits. In response, one or two Linux companies to shield their customers from such lawsuits. That is, buy Linux from us, and we'll cover any potential legal bills.
Thinking along these lines, I reached out to YouTube to get their perspective. I wanted to know if they would offer to foot the bills of users who were sued after watching a video on their site. I also wanted to find out if YouTube has ever disclosed a list of infringing viewer IP addresses to a copyright holder.
YouTube's spokesperson ignored my actual questions, and instead told me that:
We prohibit users from uploading infringing material, and we cooperate with all copyright holders to identify and promptly remove infringing content as soon as we are officially notified.
As a company that respects the rights of copyright holders, we expect to continue to take the lead in providing state of the art DMCA tools and processes for all copyright holders.
While the liability for end users remains unclear, there is certainly the potential for some nasty lawsuits, should the copyright owners decide to go down that path. In a conversation with me, Prof. Snow described a scary future with Copyright Trolls who delay sending takedown letters to websites, so that the number of infringing users (who the company can later go after) will increase.
A scary future indeed.
Update: Jeff Chasen, a VP at RealPlayer contacted to let me know that I had erred in my original blog post. He told me that:
RealPlayer does not automatically download or make local copies of videos from YouTube. RealPlayer 11 gives users the option of downloading the video they are watching, but it requires that the user click a button to initiate the download. No copies or downloads occur until a user explicitly takes an action.
I do stand by my original point though, which is that YouTube (and any copyright holder who gets a list of the views/downloads via a subpoena) has no way to tell when a user is watching a video, and when a user is downloading them via a single-click RealPlayer tool.
- prev
- 1
- next
