This Week in Law 285 (Transcript)
Denise Howell: Hi, folks. This Week in Law we’ve got law professors coming out of our ears! We’ve got Annemarie Bridy, Jonathan Mayer and David Levine joining me. We’re going to talk about hacking, Keurigs, cars, and Sony Blackphone apps. What’s up with the TPP, the Pirate Bay sinks...and cannibalism conspiracies? All next on This Week in Law.
Netcasts you love, from people you trust. This is Twit! Bandwidth for This Week in Law is provided by CacheFly. At C-A-C-H-E-F-L-Y.com
Leo LaPorte: Hi, this is Leo LaPorte, and if you would like to help us design a new website, I invite you to visit <twit.to/navtest>. We’ve got eight quick questions that we’d like to ask you that will help us make the navigation easier to use. That’s <twit.to/navtest>. Thanks a lot.
Denise: This is TWIL. This Week in Law with Denise Howell: Episode 285. Recorded December 12, 2014.
Rainy Day DRM
This episode of This Week in Law is brought to you by FreshBooks: the simple cloud accounting solution that helps millions of entrepreneurs and small business owners save time billing and get paid faster. Join over five million users running their businesses with ease. Try it free at <freshbooks.com/TWIL>.
And by Blue Apron. Blue Apron will send you all the ingredients to cook fresh, delicious meals with simple step-by-step instructions—right to your door. See what’s on the menu this week and get your first two meals free by going to <blueapron.com/twit>. That’s <blueapron.com/twit>.
Hi folks. It’s Denise Howell and you’re joining us for This Week in Law. I hope you guys have your pencils sharpened and your thinking caps on. It’s exam season, of course, and we have threee law professors joining us today. Just to get you in the festive mood of that season, of course the holidays are upon us as well. But not much in our run-down is too holiday-oriented, I’m afraid, just so you know, except for the fact that we have some scenarios that I’m hoping (maybe not this term) could give our law professors some fodder for their exams coming in the future. Without much further ado, let’s go ahead and introduce them. Returning to the show is Dave Levine from Elon University—Elon Law, in Greenfield, North Carolina.
Denise: Hello, Dave.
David Levine: Good to see you again, Denise. A pleasure to be back.
Denise: Good to see you too. For those of you who might not have caught Dave on the show before, he looks at issues related to intellectual property law and public life. He is the host of Hearsay Culture on KZSU FM at Stanford. So, Dave and I love each others’ shows and I’m always so glad when Dave can join us on ours.
David: That’s right. Anything I can do to support a fellow podcaster I will do, so… Thrilled to be here.
Denise: Thank you so much. Also joining us is Annemarie Bridy. Annemarie teaches copyright law, cyber law, intellectual property and contracts at The University of Idaho College of Law. It’s way, way up near the Canadian border in Idaho. Hi, Annemarie!
Annemarie Bridy: Hi, Denise. How are you?
Denise: I’m great. It’s wonderful to have you on the show.
Annemarie: Yes, I am here north of everything.
Denise: [slight laugh] North of everything, but you say it’s not snowing up there.
Annemarie: It is not. It’s about fifty-five degrees and cloudy, so we are having a mild winter so far.
Denise: All right. Well, I hope that that’s what you’re in the mood for. I know here at least in California, I think both in Northern and Southern California, have been pounded with rain the last couple of days. So we’re…
Annemarie: I would be upset if I were a downhill skier, but I think I’m fine.
Denise: That’s good. Also joining us from Northern California is Jonathan Mayer. Hello, Jonathan.
Jonathan Mayer: Hi there.
Denise: Jonathan also teaches at Stanford this time. He’s a computer scientist and a lawyer at Stanford. He’s a cyber security expert and…right now you’re teaching surveillance law?
Jonathan: That’s right. It’s available on Course Era. I just wrapped up, but we’re going to be offering it again.
Denise: Oh, that is so cool. For people who haven’t heard of that, tell them what Course Era is.
Jonathan: So, it’s an online platform that lets lots of students take a class at the same time. One of these massive online, open classes, or in the less artful acronym: A MOOC. So the idea is, the lectures are recorded, and then there’s an opportunity to ask questions, and office hours, so it allows bringing quality educational material to a lot of people at once.
Denise: Is it free?
Jonathan: Yeah, yeah.
Denise: That’s so cool. And do people get grades and credit for it? Yeah, there’s a statement of accomplishment that’s available. There’s CLE credit available. And I believe we has a little over 18,00 sign-ups this go-around--so, pretty popular.
Denise: Wow, really, that’s quite a lot of people. Well, good. We get tons and tons of questions during the show about law and surveillance, and so I hope that people will go and check that out. Let’s start out looking at some policy issues.
[Transition music plays]
Denise: When Dave comes on the show we always have to check in with the TPP because Dave is someone who is following that pretty closely. That’s the Trans-Pacific Partnership. Dave, why don’t you give us the latest?
David: Sure, thanks Denise. So, yeah, the last few times that I’ve come on there seems to be a broken record to use—an archaic technology reference—a refrain that goes on and on, which is: What do we know, but more specifically, what don’t we know? For those in your audience who aren’t familiar, the Trans-Pacific Partnership agreement is a multilateral agreement that involves not just trade issues, but a variety of other topics, including—of particular interest to listeners, viewers of this week in law: internet policy and intellectual property law. It’s a trade agreement designed do all the things that we think trade agreements are designed to do: create innovation, bring jobs, increase commerce and so forth. But, unlike many agreements that have been created in the past and involved these issues, it—particularly on the IP and Internet side—has been negotiated in stark secrecy.
As of today, and recording toward the end of 2014 after nineteen-plus rounds of negotiation, ministerial meetings and so forth, we have still yet to see a final—or any—formal negotiating text coming out of the negotiation. What that has meant—and particularly, given recent statements not just by the President, but by ministers in other countries, that the TPP is really at its final stage, and now the President’s involved, apparently, in working out (at least from a diplomatic perspective). Whatever the details are, they’re to be negotiated. The public
still doesn’t know what that agreement will look like. And so, even though this agreement is apparently close to finalization at the negotiation level, and even though that would therefore mean that many of the controversial issues, and perhaps all of the controversial issues on the IP side ranging from infringement rules that exist in linking to content on the internet to access to medicine from a medical perspective from a patent perspective may have been resolved. The public still is unable to see what’s being negotiated and; therefore, is unable to verify that these terms would or would not change US law and other laws, but also offer input.
So, the funny thing is, is that the update is largely more of the same in that the secrecy still exists. There was, however, in a big change since the last time I was last on, a wiki league did leak another chapter of the IP section of the agreement. At this point, six weeks or so ago, which did again offer more information with regard to where the negotiators were. The document itself, however, even though it was art least six weeks ago, was dated from May of 2014 and; therefore, which is generally a problem when you’re dealing with fast-moving negotiations, it’s unclear that that document reflects not only where the negotiators were when it was leaked, much less where they are now. So there is more information, but unofficial leaks are just that. You don’t know whether, in fact, they are accurate and they don’t necessarily reflect where the negotiators are.
So at this late date it would seem like this would be past the time when it would benefit, not only the US trade representative, but the other negotiators who put a document out there. But, nonetheless, we remain largely in the dark.
Denise: From the things that have been leaked, Dave, I know you just put a big disclaimer on that and said we can’t really take any of this as Gospel, but are there any things in there that give you pause?
David: Yeah, you know, when you go through the agreement there’s a lot of language for example, and again referencing specifically kinds of issues that you focus on in This Week in Law. There’s a lot of discussion on what we proverbially, or generally, think of balance inside copyright law. So there is language that suggests that the negotiators—and to be clear—the parties that would eventually have to comply with the agreement, recognize the need for balance in copyright law across the board. So, even though the prima facie case in copyright infringement look the same, they recognize a need for some kind of fair use type protections.
Having said that, the language of the agreements don’t make it clear exactly what those would look like, and of course you have to remember that when you’re dealing with an international trade agreement, which is not the traditional model through which such laws are, it’s unclear what countries would have to do with that information, with those agreements, once they have to comply. There is very robust language that allows for a variety of not only ways to go after alleged copyright infringers, but also remedies which raise concerns, and even on the trade secret side of the equation, which is an area that doesn’t get a lot of attention, there is language suggesting that there would be, for example, criminal sanctions associated potentially with trade secret law in these countries, that we don’t really have to-date, even here in the United States. So again, I always put this disclaimer on as you noted, Denise, that we really don’t know. But there is definitely cause for concern.
On the other hand, it is also fair to say that at least, based upon that league versus the previous chapter league (and the last full chapter league had occurred at this point… Wow, and and I think about it now, almost four years ago), there seemed to be more granularity in the thinking about these issues. But I am one of these people—and to be clear it’s not that I don’t think discretion is needed in negotiating agreements—but because we don’t have accurate information, I guess I have become a bit of a hardliner when I say it’s almost counterproductive to comment—and I don’t mean that we shouldn’t talk about it—but to make sure that when we comment on what’s going on in these areas, we are clear that we, as members of the public will be impacted by these agreements, do not know exactly what is going on.
And I find it a bit irksome that many smart people around the globe—not only academics, but civil society members and others, to be clear—have to waste their time at some level, of going through leaked agreements to the interest of trying to offer input, and knowing full-well that they don’t have all the information they need. So whereas in an early-round negotiation I could see the need for more discretion, after nearly twenty rounds of negotiation to me, the benefits of public disclosure outweigh whatever is needed with regard to bargaining at the diplomatic level.
So I’ve been a little polemical there, but the fact is there, the agreement still has many troublesome terms, although it appeared to be a little more balanced than what we saw from it previously.
Denise: I have one more question for you before I get everybody else’s input on the current state of the TPP, and that question is, Dave: Assuming that we see something soon, that is the final result of negotiations, and something is officially released for people to review, what is the process from that point forward? Is there
A way for people to critique and massage this document before it takes final effect, or is this something—you know I don’t know much about international treaties and how they are implemented and made effective—but it seems like something, you know, this one in particular, has been negotiated so much in secret and then when it’s released it’s kind of like “their way or the highway”?
David: That’s a great question, Denise, and it’s a tricky one. Here’s the short answer: Once the negotiators reach what is known as a ‘final text,’ that final text leaves this administrative level where it, in my view, input would be most likely to be useful in terms of making substantive changes and enters the political process and a legislative process that exits in all of the negotiating countries. In our country, and this is an enormous political battle which we will see the moment that the text is finalized, occur here in the US, the question will be whether the agreement is what’s known as “fast-tracked.” And what fast-track authority is, in a nutshell, is a way for the President to move pretty rapidly, with limited ability on the Congressional level, to offer amendments and changes and the like, towards ultimate ratification. One of the interesting outcomes from the election last month is that where we might expect that the president and a Republican-controlled Congress would be at loggerheads on everything, this is actually one area where I would expect that the Republican senate and the President might actually have more in common than not.
The major proponents of slowing down the agreement once it reaches the Senate, i.e. not fast-tracking it and allowing for more public input—and exactly what you’re referring to—more ability to actually make changes, has come from Democratic members of the Senate, led by senators such as Senator Wyden from Oregon. Because Democrats would not be in control in the next Congress, it seemed that the Republican-led Senate would be much more likely to move this agreement along and not have the same kind of back-and-forth and amendment process that the Democrats might have had. So it’s kind of a surprising..if you don’t pay attention to these issues, and they are rather complex, and they’re not a traditional realm that intellectual property and technology people tend to focus [on]. That’s the long answer.
The short answer to your question is practically speaking, it is going to be much more difficult for anyone, including senators, to make changes to the text after it leaves the negotiating rounds and enters the political process, which is why I am (I am writing about this and I’ll have more to say about it next year) I’m firmly in the camp of wanting to move this fast because (and I’ll leave this as a teaser because I want to hear from Annemarie and Jonathan as well) the Trans-Atlantic Trade and Investment Partnership, the TTIP, which is, if you will, a TPP analog being negotiated between the EU and the United States, which can have many similar provisions and efforts and international harmonization, is in the early rounds of negotiation, and the EU has been pushing much more than we saw in the TPP (and remember, the EU is now part of the TPP) to have more transparency and more access to information. So this issue involving access information and international trade on the IP and technology level is going to continue to plague us (or help us, depending on your perspective) for the next few years, at least.
Denise: All right, well that wasn’t exactly holiday fruitcake that I think any of us want to sink our teeth into [laughing].
David: Happy holidays, everyone!
Denise: [laughing] Annemarie, anything that you want to add?
Annemarie: No, I think this just feels like ACTA all over again, and I know Dave and I were both pretty intimately involved with things that were happening when ACTA was being negotiated. And I feel like ACTA was more transparent relative to what’s going on in the TPP. I don’t know. I haven’t looked at the full text of the last leak from the TPP, but I definitely share Dave’s concerns that we are not really going to have a meaningful opportunity as the public, and our representatives in Congress are not going to have a meaningful opportunity to weigh in to make any changes to this agreement—that it will be presented as ACTA was—as a fait acccompli. It would be interesting to see, when the text does get released, whether it will get the same kind of firestorm that grew up around ACTA will also coalesce around this. I’m just not sure. But one of the things that was interesting to me about the TTIP agreement was the pressure that was coming already from the EU negotiators to be more public and more transparent about the process, and I think that that would be a beneficial thing. I think the United States has really been one of the most secretive of all of the negotiating parties for all of these agreements, and for a country that is supposedly dedicated to transparency and democratic process, it’s a distressing truth about the process.
Denise: I agree. Jonathan, any thoughts on this?
Jonathan: So, I guess two thoughts. The first being there is some potential here for 2016 presidential politics to leak in. It’s not clear that’s going to happen yet, but it’s not outside the realm of possibility. Some Republicans have tried to make wedge issues around technology—in particular, surrounding NSA revelations. That could happen here. I believe Rand Paul is on the record saying he wanted TPP to advance, so there’s one leading voice that seems unlikely to chime in, but it’s possible. So that’s one thought.
The other being, there’s a strange political dynamic around TPP where, many of the provisions are intended to align law and other nations with other American law—and of particular concern, of course—the Digital Millennium Copyright Act. And so the political dynamic in the US is less one of making the law worse so much as entrenching the law, and that could potentially cut in favor of lesser response, or it could potentially cut in favor of, ‘Well, what’s the big deal? What’s the rush to enact?’ I guess my knee-jerk reaction would be, If there aren’t particular harmful legal provisions that opponents are going to be able to point to, saying, ‘Here’s how things get worse under TPP,’ as opposed to, ‘Well, other countries are going to do these bad things that we’ve already done in our own law,’ that’s going to make opposition difficult.
Denise: Okay, I think we’ll make “entrenching the law” our first MCLE pass phrase for this episode of This Week in Law. We put these phrases in the show in case you are listening for continuing legal or other professional education credit. If you’re interested in doing that, we have some information about it on our wiki at <wiki.twit.tv>. If you head on over to the This Week in Law page there, we’ve got some information for lawyers who are interested in listening to the show for Cle credit. And in some jurisdictions, folks like to know that you have some way of proving that you actually watched or listened, so we put these phrases in the show for that purpose, and our first one is “entrenching the law.”
Dave, let’s talk about the possibility of a federal Trade Secret Law. What’s going on there, and if it happens, what does that mean?
David: Sure. With regard to this issue—and I guess I should put a disclaimer up front—which is that I’ve been active in opposing the efforts in Congress to federalize trade secret law, the nutshell in this issue is that there is a legitimate concern among businesses in the United States, large and small, and of course we know it all-too-well with regard to what’s happening with Sony at the moment, which we may talk about later. There’s a legitimate and huge concern about cyber espionage, or the ability of intruders and hackers and the like to break into corporate networks to steal all kinds of information. In the case of Sony, of course, it’s information—not just IP—but a range of other things, but a lot of what happens tends to be the theft of information that’s valuable because it’s not known by competitors.
What has happened with increasing frequency, although it’s hard to quantify it, has not just been intruders breaking into corporate networks on their own, but state-backed cyber espionage and intrusions coming apparently, and largely from China and to a lesser extent, countries like Russia. What that meant is that US industry has been looking for ways to address these intrusions, and they have argued that the existing state trade secret law, which primarily comes out of the Uniform Trade Secret Act, is inadequate. And so in an effort to address these concerns, members of Congress, and on a bipartisan basis, introduced bills—really starting a couple of years ago, but mostly in the last Congress—designed to create a federal, private cause of a action, under an act called the Electronic Espionage Act, which is an act that is used at the federal level to allow the Department of Justice and others to bring criminal prosecution against intruders into networks who attempted to steal trade secrets.
The bills that currently exist, known as the Trade Secret Protection Act, and the Defend Trade Secrets Act, respectively, at least in the last Congress—and I have no doubt that they will be introduced early in the new Congress—are designed to give this new private cause of action to industry, along with powers along with ex parte seizure, which is an issue, which as Annemarie mentioned, ACTA, is always a concern whenever you’re dealing with IP enforcement: the question of being able to seize assets of a punitive defendant, often without notice, and with the defendant’s ability to defend itself. And in the federal bills that are currently being considered, an ex parte seizure provision would allow some limitation for a private plaintiff to use a criminal process to seize a wide swath of information that might be connected with the alleged trade secret misappropriation. The bills themselves have wide support from groups like The National Association of Manufacturers and others, however, through work that I have done with Sharon Sandeen from Hamlin Law, she and I and many other IP professors raise some significant concerns about the bills. First and foremost being that the bills don’t, in our view, actually do anything to address the problems that these sponsors of the bills identify. We do not believe—and I certainly can say “we” based upon this letter, Denise. I can send you to a link if you want to put it up on your site after the show—
David: But the nutshell is, Sharon and I and others who signed the letter, don’t see the bill as doing anything to specifically address cyber espionage, and it’s unclear to us what the specific factual scenario is that the supporters of the bills think they’re going after. Relevant to the work that Jonathan does, as best as we can tell, the hypothetical (It’s not a hypothetical-it happened) that they’re most concerned about would be an employee who puts a thumb drive into a computer, puts trade secrets on the thumb drive, and then heads to a US international airport like O’Hare and is about to get on a plane to a foreign country. What does that company do to intercept that fleeing employee and prevent them from leaving the country with the trade secret? The fact is, as we see the bills, the bills do nothing to make it any easier for a company to go after those people.
So that’s one issue. There are others, and as you know with law professors, generally we can go on and on and on, but there are other issues we have, ranging from the fact that these bills say nothing about things like covenants not to compete and mobility of labor, and access to information, which is another huge issue. So it could actually be used as another way for corporate entities to control access to intellectual property that the public might want access to, and other concerns that we have. It’s status, to be clear, is because it has bipartisan support, For example, it was sponsored in the Senate by Senators Leahi and Coons, and also other senators on the Republican side, as well as in the House where you have the bill being sponsored by—for example—by my retiring member of Congress, Howard Coble from North Carolina; and Jerry Nadler-a Democrat in New York, who are not generally people working together on high-profile legislation. This looks like—just as TPP does—another piece of legislation, which might be in this group of bills that could move fast and wind up on the President’s desk.
The White House has identified trade secret misappropriation and direct intrusions into our major defense-oriented companies like Boeing over the last couple of years, and so the White House appears to be in support of doing something like this. And so Sharon and I, along with the support of some of our colleagues, have been attempting to raise some of these concerns. Our hope is that there will be public hearings on the bills, because as it stands now, the only hearings on the bills have focused on the harms, have focused on the question of Is there cyber espionage? And that’s not really debated. The issue that Congress has to grapple with is whether these particular bills address those problems and whether there aren’t downsides that outweigh whatever punitive benefits we think there are. Sharon and I think there are more downside than there’s clearly any more benefits, and so we hope that there will be hearings. I expect the bills to be reintroduced rather quickly in the next Congress, and I would suspect that you’ll be hearing a lot more about these bills in the early part of next year.
Denise: Jonathan, we’ve all seen the results of laws that get enacted that are possibly not well-designed to achieve their goal and possibly broader than they need to be—for example, I’m thinking of the Computer Fraud and Abuse Act—where it can be applied in ways that maybe the lawmakers never even intended. Do you think that this federal trade secret proposed legislation sounds like it’s falling in the same category, or is there something useful here?
Jonathan: It’s certainly a great risk. So in debates over computer access, statutes or trade secret statutes, there’s this focus—as David noted—on these big, sophisticated foreign actors that are just pillaging everything from American companies. And I think while it makes sense to focus on those issues as a policy concern, there’s a mismatch between those episodes and what trade secrets or computer access statutes can actually achieve. Realistically, these sophisticated foreign actors are just outside the reach of the American legal system. A pointed example of that being this indictment of the past few months, half a year ago—something like that—of some Chinese officers who were involved breaches in the United States. Those folks are certainly never going to be prosecuted in the US Court. And so, in the dynamics of legislation surrounding computer access/trade secret, it’s important to keep in mind who’s actually going to be a realistic defendant here. To the extent that there are some good cases that you want plaintiffs to be able to bring, prosecutors to be able to bring—some cases that are of great concern—it’s important to bear in mind the factual background that for many of these statutes, will tilt, like a practical litigation, towards the more concerning cases.
Denise: All right. Annemarie, anything to add here?
Annemarie: Not much. I mean, I think that the point Dave made about the ex parte seizure provisions being problematic is potentially a wave for competitors to harass other competitors. That’s a problem. And, Jonathan’s jurisdictional point is probably the most important one. So to the extent that these hacks and these cyber attacks are coming from outside the United States, I’m not quite sure how the ability to bring a claim in US federal courts is going to be able to reach Ukrainian or Chinese hackers, so I’m not sure that the law is achieve its intended goal to the extent that lots of these attacks are originating from places abroad.
Denise: All right, well…
David: Well, one thing…
Denise: Yes, Dave…
David: Very quickly: Well, both of those points are excellent. Recognize that one of the big issues here is that trade secrecy is generally off the radar, not only among the public, but even among civil society. And so there is an increasing number—but it’s slow—of civil society groups and members and others who are starting to pay attention to trade secrecy. A public citizen has become to jump in here. And the reason why I want to take a look is because both of these points that Jonathan and Annemarie made are exactly right. It is not at all clear—and I don’t, in fact, even think that’s the case—that there would be any ability for a company to enforce these orders outside, and they certainly can’t reach jurisdictionally. One of the arguments has been made in favor of the bills, coincidentally and ironically, is that US trade secret law is difficult to explain to people who live in other countries. And literally, one of the arguments has been that if there is a federal law that is uniform across all the states and will be easier for the United States to explain trade secret law—and exactly to Jonathan’s point with regard to international trade earlier—make it easier for the US to therefore, perhaps, have these countries model US law. I find that almost laughable, particularly since the UTSA has been adopted in most states. But what I wanted to jump in on and say quite clearly, is that there’s an opportunity here for the public not only to educate itself, but also to learn more about this area and have an impact, because one thing I’ve noticed is that there is a need for understanding about trade secret law in particular, because it doesn’t get the attention that copyright, patents and trademark does. And really, it doesn’t even get the attention that things like privacy does, and so I throw that out there. Info Justice, which is American University’s pigeon program, infojustice.org, does a lot of good work here. Of course, EFF writes about it in their other groups. But I want to jump in and just point out that this is an area which is wildly underexplored and needs a lot more attention than it’s been getting.
Denise: All right. And I’m going to point out, just for anyone who is not a lawyer, that the Uniform Trade Secrets Act is what UTSA stands for, and what that means.. the fact that it’s been adopted in.. did you say all the states, Dave?
David: No. At this point it’s basically forty-seven states and the District of Columbia. Massachusetts may be adopting it soon.
Denise: So, pretty close to all the states. And that means that although the states may have different variations in how they enforce trade secret law, they have this one unifying document that almost all of them have signed onto, and for anyone like me, Dave, I’m also glad that when we do our shows I’m in front of a computer and can Google anything if necessary, I did not know—and public service for anyone else who didn’t—that “civil society” according to Wikipedia is “the aggregate of non-governmental organizations and institutions that manifest interests and will of citizens.”
So things like EFF and Epic, and.. Am I on the right track there?
David: That’s exactly right.
Denise: Yes. Okay.
David: It’s groups that forth speak for large public interests.
Denise: Gotcha. Right.
David: Sorry for using all that jargon. That’s the lawyer in me. You’re absolutely right.
Denise: No, not at all. Let’s see, where should we go next? I think what we will do is take a quick break. We’re going to get to some privacy considerations in just a moment, but first we’re going to thank our sponsor—our first sponsor for this episode of This Week in Law, and that is Fresh Books; the Cloud accounting software designed from the ground-up for entrepreneurs and small businesses. Now I know how great it works for a small business, because that’s what I have. I’m a solo attorney, and I’ve been using Fresh Books in my practice for quite some time. It manages invoices seamlessly. Just stays in the background, does exactly what you want it to do, is non-intrusive and just professional and great. If you’re still using Word or Excel or Google docs to create invoices, you really have to give it a try because Fresh Books is the easiest way to create professional-looking invoices in minutes. Fresh Books is built for a growing business.
On average, Fresh Books customers double their revenue in the first twenty-four months, and get paid an average of five days faster. Are you tracking billable hours with a watch, still? Billing clients for your time has never been easier. All you have to do if you’re using Fresh Books is open the app on your phone, start the timer, and go. You can also avoid those awkward phone calls and e-mails to your late-paying clients. Automated late payment reminders help you get paid faster and stay worry-free. You can also set up recurring profiles, so you can put out your billing easily and seamlessly. It’s like it’s on autopilot. Fresh Books customers spend less time on paperwork, freeing up to two days a month to focus on the work that they love.
Do you keep your receipts in a shoebox? I used to do that, but I don’t have to anymore, because what I can do with Fresh Books is just snap photos of the receipts right from my phone and instantly capture my expenses. You could also instantly access complete financial reports, so you could make smart decisions for your business. Fresh Books integrates with your apps: Google apps, PayPal, Stripe, Mail Chimp, FundBox, Zen Payroll. And if you ever need help, you’ll talk to a real person every time. And support is free forever. Try Fresh Books free for thirty days with no obligation. Go to <freshbooks.com/TWIL> and enter This Week in Law in the How did you hear about us section when signing up. Start your thirty-day free trial today. Go to <freshbooks.com/TWIL> and don’t forget to enter This Week in Law when they ask you how you heard about us. Thank you so much, Fresh Books, for supporting this episode of This Week in Law.
Denise: All right, as promised, let’s talk privacy [transitional music plays]. All right, Jonathan, I guess we are more solidly in your wheelhouse here. Can you tell us about what happened—just this week or last week, correct—that extended the NSA’s metadata collection authority?
Jonathan: And so periodically the NSA, through the FBI, has to go back to the FISA Court and get permission to continue the bulk domestic phone metadata program. That’s the program that’s been really controversial. There’s a lot of media coverage. There’s been a lot of legislative debate around it. And so there was another of these renewals recently. And the kind of upcoming kind of key debate is that the provision under which this program has been operated, Section 215 of the USA Patriot Act, is scheduled to expire in mid-2015. And so these renewals can continue to be a form matter until then, but after mid-2015 there’s some debate over whether the NSA could continue this program under that legal authority or under other legal authorities.
Denise: All right, so there’s just really nothing to be done about this. The lawmakers have spoken, and the NSA is going to go forward unless one of these constitutional challenges to the laws that we have in place right now, becomes successful. Am I right about that, Jonathan?
Jonathan: Well, there could also be a statutory challenge to the law. So the Constitutional challenge is that collection of metadata in this quantity over this period of time is constitutionally invalid in a way that collecting one person’s metadata in some targeted fashion isn’t. There’s very clear Supreme Court precedent, Smith against Marilyn, that phone metadata isn’t protected by the Constitution. The Supreme Court may come back and revisit that. I certainly sure hope it will, but until then courts are going to have to navigate around it, and they’ve ben somewhat skeptical of the notion that there’s something unique about bulk or long-term metadata.
The statutory challenge just says, Look, Section 215 of the Patriot Act just doesn’t authorize this program, and challenges to that are under the Administrative Procedure Act. I think as a purely legal matter, this statutory challenge is the stronger one. The issue is showing that the Administrative Procedure Act isn’t precluded by some other provisions around Section 215 challenges. So there’s this notion that only someone who receives one of these orders can challenge it—not folks who happen to learn about one of these orders and are impacted by it. If I were judge for a day I would dispose of the issue on the statutory ground, but thus far courts have found they can’t reach the statutory issue.
Denise: All right. Well, we will continue to see if somebody—some judge—decides to take that on. Many judges are being asked to consider these privacy practices on Constitutional grounds and I guess we just had (was it, I know this case is pending in the Ninth Circuit. Annemarie, was it oral argument that just happened in Smith vs. Obama?)
Annemarie: Yes, oral argument in the Ninth Circuit. And two cases have already been decided on this issue of the constitutionality of Section 215. There was one in the District of Columbia: Claimant vs. Obama. And the court there (actually I’m a little more sanguine about this than maybe Jonathan is about this) the court did think that there was something about the bulk telephony metadata collection that’s going on now, that is different from what was going on in Smith vs. Marilyn, that quantitatively the difference is so profound that for Constitutional purposes it actually amounts to a qualitative difference. But then there was a court in New York, in a case known as ACLU vs. Clapper, that found that there was no fourth amendment violation, and so I think it seems this issue is headed for the Supreme Court. I think one of the districts in either the District of Columbia or this other District of New York tried to get it to go, to sort of bypass, the circuit courts of appeals and sort of go directly to the Supreme Court. But the Supreme Court said, ‘No, this case just needs to makes its way up to us like any other case does,’ but also say that White House Civil Liberties and Privacy Oversight Board is on the record as saying that Section 215 does not provide an adequate legal basis for the bulk metadata collection, and so it would be great if there were a statutory amendment that would sort of discontinue this practice. I think that might be the cleanest way to do it, given as Jonathan said, the sort of iff-iness of the Constitutional challenges. We’ve already seen two courts go two different ways on this question, but it was just interesting to me that the Privacies and Civil Liberties Oversight Board has said there is no legal basis for this. Too much data is being collected about too many people and it’s being retained for too long a time.
Denise: Right. And it’s kind of interesting to look at the parties involved in this case that was just argued before the Ninth Circuit. And just as an aside, if we’re looking for this case to go up to the Supreme Court, I guess that maybe we can be happy that there’s one of these Constitutional challenges pending in the Ninth Circuit because the Supreme Court so loves to undo what the Ninth Circuit has done, so [laughing] maybe they’ll get their opportunity to engage in one of their favorite pasttimes with this case.
But Anna Smith seems quite fascinating. She has described herself as a Northern Idaho mom with no particular legal background, and her husband argued the appeal. He’s a lawyer, but not a lawyer who deals with these kinds of Constitutional issues on a regular basis, but he is getting some help from the ACLE and EFF, who have their own lawsuits pending. Any Idaho insights about Anna Smith, Annemarie?
Annemarie: No, not in particular. I mean, I think she’s an interesting plaintiff just because she seems so much like an everywoman. No, she is not the ACLU. One of the interesting aspects of this case is that other plaintiffs in these kinds of cases have had trouble in the past establishing standing because they weren’t able to prove that their data was actually being collected. And I think that the Snowden Leaks actually did provide a basis for ordinary citizens to bring these kinds of claims, because what they established was basically every single Verizon customer is having their metadata collected. And so whereas before plaintiffs would have difficulty establishing standing because they couldn’t prove that their data was being collected, and of course that was a secret what data was being collected, and so they couldn’t get at it by subpoena or any other way, so I think the Snowden Leaks have really opened up this field of litigation to ordinary people like Anna Smith.
Denise: Dave, any thoughts about Constitutional challenges to data collection or statutory interpretation challenges?
David: Yeah. The only broad comment I have is what Annemarie was just alluding to, that the Snowden Leaks themselves have brought all kinds of technological concepts and methods to public light that, even if people attempted to understand them they would be challenged, and they weren’t aware anyway that these concepts really applied to them. So I share Annemarie’s interest and fascination that you could have two people who appear to be—entirely outside the group of likely plaintiffs for this kind of suit to have the ability to go to one of the main federal appellate courts that would be handling one of these issues—and have their case heard. And the article that you shared indicated that Miss Smith said how amazing it was that she had the felt like she had the ability to do it.
One thing that I certainly hope for, and anyone that has been around cyber law for a long time knows this, one of the potential benefits of the Snowden Leaks, aside from the ability to simply know what’s going in is that perhaps it will force policymakers and decision makers to have a more granular understanding of technology. And certainly while we would have confidence in judges doing their best to understand the technology, recent bills with SOPA: the Stop Online Piracy Act a few years ago, and others, indicate an enormous knowledge gap. And so perhaps—and again this is optimistic—the Snowden Leaks can allow for a better understanding of what exactly we’re doing with technology that can lead to ameliorating a lot of the harms that have existed because of lack of information.
Denise: Hopefully they’ll decide to take Jonathan up on his Course Era offerings and become part of the eighteen thousand [laughing] trying to better understand. We’ve been referring to Joe Mullins’ article coverage of this case at Ars Technica, and you can do that, too. You can look at his piece, and all the rest of the things that we have in our run-down there, available at <delicious.com/thisweekinlaw/285> is our episode number this time around.
Denise: Jonathan, tell me what the All Writs Act is, and why it’s been in the news lately.
Jonathan: Sure. So, the All Writs Act is an old statute that lets courts issue court orders. It’s sort of a Swiss Army knife. It’s used for all sorts of things ranging from appellate review to certain types of challenging agency action to—most recently and quite controversially—assisting in effectuating warrants. And in particular, the Department of Justice has been getting warrants for locked i-Phones and Android devices, and then getting assistance from Apple and Google in unlocking those devices.
This is kind of a strange news story in that for folks who were watching surveillance law, this was all new. In fact, the language that some journalists pointed to as concerning surrounding the All Writs Act was language out of Apple’s own law enforcement guide. So the notion that the All Writs Act was getting used in this way was not really news (news, I should say, within the surveillance law community), but it was surprising to a lot of people who weren’t steeped in surveillance law.
And so there are some potentially quite-concerning applications to the All Writs Act. It doesn’t seem to have been used in these ways yet. But just to give a couple of hypotheticals: What if a company was compelled to ship a back-doored software update, or was compelled to decrypt a phone? Not just get rid of a lock screen, but actually to decrypt the contents. DOJ could try it. It’s not clear exactly how a court would rule. But, very clearly, the All Writs Act is the law in point.
Denise: Does it give anyone pause that this authority is flowing from an act that came into being in 1789?
Jonathan: I have to say I don’t really find that argument so compelling. I think it’s funny.
Jonathan: I think it’s really funny.
Denise: [laughing] It is kind of funny.
Jonathan: But it’s…Folks are going to object to these searches based on a Constitutional amendment from the eighteenth century. They’re going to have these arguments in courts with their jurisdiction dating back to the eighteenth century, so the notion that it’s old and somehow questionable, I don’t think carries a lot of water--in our profession. Maybe in the technology profession that’s a good argument.
Denise: [laughing] Exactly. Dave, any thoughts about this?
David: Well, I think I agree with Jonathan to a degree. And ultimately I think he’s probably right that it doesn’t matter as much that the act is old as much as it might matter that the act reflects what behaviors and technologies and activities that do not indicate where we are today. As I was just listening to Jonathan talk, and following the issue, and I don’t follow it closely, but it reminds me of what was going on in the early days of the Internet. If we can flash back to the late nineties and early two-thousands with online gaming, then the question of whether one could gamble online—and this is when I was in practice, but I did some work for software manufacturers then who were wondering whether what they were creating, that is gambling software—would violate US law.
And it turned out, and we now…the issues have largely been resolved, but at the time, people started getting into the Wire Act, which is of course is a federal law from the early parts of communication technology involving the question of whether information was moving over wires, and what have you, and it was a problematic issue. Now again, as Jonathan pointed out, you can get to answers and you can apply these laws, but the fact that you’re dealing with an older law certainly, for me, causes me to think more carefully about the policies underlying them and whether those policies are the right fit for the behaviors we have today. So that’s just kind of a broader observation about the role of law here. But I generally agree with Jonathan that that doesn’t necessarily mean that the law shouldn’t apply or doesn’t apply to these situations.
Denise: Well, I think we have to make our second MCLE pass phrase for the show: “Part like it’s 1789.” So, there you go. Both phrases are in the show for folks who are listening for continuing legal education purposes. Annemarie, any pause on your part, having authority flow from something that is either too old or too ill-fitting to serve the purposes that it’s being used for today?
Annemarie: I will not be the only cyber law prof to not have a cyber law chestnut, and so my chestnut is…
[All present laughing]
Annemarie: The early cases involving SPAM and intrusions to corporate computer networks were pursued under a theory called Trespass to Chattels, which was another one of these really, really old theories, and so I guess I don’t have a problem with the idea that you would adapt old law to new scenarios and new technologies. I think that’s how the law evolves, but I do think that the FBI and law enforcement will sort of stop at nothing to try to undermine these efforts by manufacturer, to sort of disempower themselves from being able to provide information about their users. And it seems to me that that’s what Apple and Google are doing, by sort of encrypting operating systems, as they would like to take themselves out of the middle of these kinds of investigations. And the All Writs Act is being used to not let them do that. So I don’t know what to say about that, but “old wine, new bottles,” “old law, new technology.” I don’t think that’s a problem. I think that’s just how the law works and how it relates to developing technology.
Denise: Let’s talk about old phones and new phones, and the business model behind Blackphone, and whether under that business model, Blackphone may just skirt these kinds of issues because there’s nothing technologically it could do to help law enforcement. Blackphone, for folks who haven’t been following it very closely, is a phone that is oriented around the user’s privacy and is all about end-to-end encryption and basically, serving the market niche that is growing up around people who are concerned about the government being able to access their e-mail accounts, their phones, et cetera, et cetera. And so Blackphone recently announced that not only is it going to have its phone, which in and of itself is an interesting development, but it’s going to have its own app store, populated with privacy-oriented apps. Jonathan, what do you think about this?
Jonathan: Well there’s clearly a growing market demand for privacy-oriented products and services. So far as the law goes there isn’t a requirement that a company put a “back door” on its products of this sort, with one asterisk for voice-over IP that allows for calls to the ordinary phone system. That’s covered by the Communications Assistance for Law Enforcement Act—or CALEA—but otherwise there are prospective assistance laws on the books, and so I completely agree with Annemarie. I think that this is part of a movement to use technology to take companies out of the equation where there’s nothing the legal process can do to them to compel access to their users’ information. Law enforcement is going to have to go to the users themselves.
Denise: Right. Which is less convenient, but probably the way it should be done. Do you agree, Dave?
David: Yeah. That would seem to be the main way that we’d want this work to happen. Again, a lot of the themes that run through the topics we’re talking about today involve these broad questions of notice. Terms of Service, which we haven’t alluded to yet, but just questions of what the capabilities are. And I have (and this is just more of my own speculation), but when everything from the Snowden leaks to the kinds of behaviors that Blackphone-made entities that focus on privacy deal with, turn to, are questions of people simply not being aware of what’s going on. It’s a thought experiment that we’ll never have, but I wonder how much opposition would actually have occurred if, in a hypothetical world, the public had been told, ‘Hey, look, the NSA’s going to pay attention to and read all of your e-mails.’ That is not to suggest that there aren’t significant concerns and problems that we have with that in undermining the purpose of the Internet and Internet architecture. But a lot of people might also say, ‘Well, thanks for telling me, and now I know.’ So I think that Blackphone and these other entities are addressing a real market vacuum that has existed in people just feeling like they’re being treated in an upfront way.
Denise: Yeah, I think it’s really fascinating how we adopt these new technologies because they’re convenient or fun or they have lots of utility for us, and the privacy ramifications of them don’t really hit home until something like the Snowden leaks happen. I’m hoping that Anna Smith has been reached out to by the Blackphone people, and that she’s one of their beta testers. There would be some nice synergy to that.
But cars are kind of like phones that way. We’re all driving around in increasingly technologically-sophisticated cars, and I think that at some point there will be a similar epiphany that as we are using all these useful and convenient and fun features in the cars, that the privacy ramifications of them will hit home, too. And it looks like carmakers are starting to pay attention to that, as well, with nineteen automakers who make most of the passenger cars and trucks in the US, signing onto a set of principles they say will protect motorists’ privacy in the modern era.
Jonathan: Rallying around a self-regulatory code is not a new move and I think the positive spin on it is here’s an industry that’s trying to do the right thing in advance of potential concerns. I think the more cynical and in many cases the more realistic tag is here’s an industry that doesn’t want to get legislated against or regulated against or slapped with lawsuits and so they’re going to try to get in front of the issue in a way. The reoccurring problem with these codes of conduct is they have loopholes so big you could really try not to use the pun about drive a truck through it here. But they have huge loopholes. This document is no different. There are all sorts of provisions around companies being allowed to collect data for their own internal purposes just like many others of these codes of conduct. I think the question to put to an auto maker is in the wake of this document is; “tell us the source of the information you’re going to collect or to put it differently tell us the source of information you have collected before but won’t collect now. I think that those categories look pretty slim. So I can’t say this document looks like an overly great privacy protection but there is no doubt the auto makers did a great job with the PR spin around – that they look good for it. It’s understandable why they’d do it.
Denise: I join you in your skepticism that there is a PR aspect of this. Especially because, and I don’t pretend to know all the intricacies of new automotive developments but it seems as we sit here today that instead of your car becoming your phone its really how your phone integrates with your car so if there’s going to be a privacy question its really one that involves the phone more than the automobile today. Do you agree Dave?
Dave: This is interesting. At a conference that the Princeton’s center of Information Technology policy where I’m doing a fellowship this year did this last year a presentation involving autonomous cars done by Bo Stevens and Raul Rojas. And Raul particularly laid out a schematic of how cars themselves; the cars that are coming in the next few years; are going to be communicating with each other and where within your automobile you are going to be communicating. It was incredibly complex and mind boggling and in a room full of people that I’m not one of them who follow these issues very closely and also not one of them who are computer science people. They were amazed. It reminded me again, I’m doing these broad scope kind of statements but it got me thinking about all of the issues around copyright duration and how flex it is to figure out whether a particular work of authorship is under copyright protection based on when its published because of all of the changes to US copyright law. So yes again it seems spot on in terms of where we’re headed. The complexity here makes me hope; and certainly the car manufacturers see the benefits here that these kinds of questions will be well thought through. But I’ll tell you based on that schematic which was quite something it seems we have a lot of steps to take before 2016 when we can start seeing these cars on the road.
Denise: Right and of course the one thing no matter how your communications and entertainment are integrated into your car – the one thing that cars will always know in today and in future will log quite effectively is where you’ve been and all of your location data and obviously that can be quite relevant in criminal and other legal proceedings. So it’s clearly something that I think automakers are paying attention to for public relations or other purposes are trying to get out in front of. Anne Marie, can you think of any other reasons why we’d want our cars to have good privacy protection?
Annemarie: I can think of all kinds of reasons why we’d want our cars to have good privacy protection. I think this whole issue really highlights what I think is a yawning need for reform of the communications privacy act and for comprehensive federal privacy statute. I rented a car last weekend and as I was sort of clicking through the adhesion contract so that I could get to the point that I could actually get the keys to the car one of the provisions was that there was technology imbedded in the car that would allow dollar to track where I had gone and in order to rent the car I had to consent to that tracking and I was just outraged by that. So this is going on now. I think that the FTC has been operating in this space with regards to these codes of conduct and these published privacy policies for example that online behavioral advertisers have. I think Jonathon suggests that the situation with car manufacturers is moving in the same direction where they will just adopt this voluntary code of best practices and then they will only be responsible to the law to the extent that they breech those practices in a way that the FTC and then assert some jurisdiction over it. I think Congress really needs to step up. It’s time for this kind of reform; the technologies are just getting more and more invasive and they are getting cheaper and cheaper and I think people are getting more and more concerned about this. I hesitate to say that congress should do anything because it doesn’t seem to be able to do much of anything but I think if it does anything it should do ECPA reform. It is time.
Denise: I’m guessing you rented the car though?
Annemarie: I did rent the car. What else was I going to do? It was a terrible bind.
Denise: Right. So what sad situation do we find ourselves in. We have a very brilliant law professor who has read the terms, found the outrageous provision in there and still feels like she has to sign off on it to rent the car. You teach contracts too.
Annemarie: I know, it really irked the guy at the Dollar Rent a Car counter that I was actually bothering to read through the screens. He was definitely not happy about that. I just wanted to know what I was agreeing to. It’s a legitimate thing.
Denise: Right. Someone was interjecting there. Does anyone have a comment?
David: I was going to ask Emory where she went but I figured that’s probably also a private thing.
Annemarie: Ask Dollar Rent a Car. They’ll tell you where I went; everywhere I went.
Denise: Alright well speaking of being able to mess around with things like contracts and computers and coffee machines I suppose maybe we’d better look at some copy right issues. So I’ve been struck lately of the prevalence of articles covering things like DRM and circumventing DRM and the DMCA in general and I think these things might be bubbling up to our consciousness these days because we’re in the process – people like the EFF and others are in the process of suggesting exemptions, applying for exemptions to the operation of the DMCA. The copyright office decides every 3 years what sort of ways in which you can circumvent various encryption technologies in order to access or use your devices in ways that would otherwise be barred by the DMCA. So we’re in the throes of that process right now and I think that may be contributing to a number of these stories but these come up from time to time. People probably remember lawsuits about printers and making compatible printer cartridges. We’ve covered the Keurig coffee maker problem on the show before and whether Keurig is going to allow non-licensed k cups to be used in its machines. Their response is not exactly been garnering a whole lot of consumer support and there are whole sites dedicated to hacking Keurigs. I thought we’d go ahead and give you some evidence of how that can be done. There’s a great video that we’ll show you exactly how you can go ahead and – well this isn’t exactly circumventing copy protection. It’s a little bit less sophisticated than that but we’ll go ahead and show you what you can do. Yes it involves tape. There we go. Achievement unlocked. Non-compliant Keurig defeated by some tape. Alright; thank you so much for bearing with us as we show that to you. I thought it was pretty funny and I do think that it shows how people do not have a whole lot of patience with being told we can only use our licensed coffee cups or printer cartridges or you may not access certain parts of your car. People are going to work around that aren’t they Annemarie?
Annemarie: People are going to work around it and they should work around it because DRN the anti-circumvention provisions in the DMCA are really intended to prevent copyright infringement and to prevent the breaking of encryption that protects copyrighted works. But the question in these kinds of cases the DRM isn’t being used to protect copyrighted code from being copied; it’s basically being used to prevent 3rd party manufacturers from making interoperable after-market parts or consumables as you said the printer cases are on point here. Courts have said in these cases that customers have really paid for the right to access the software that controls the devices they own and so we care about circumvention when circumvention is being done we don’t care or shouldn’t care and the law shouldn’t care about circumvention when its being done to help you have a cup of coffee from a vendor who’s not going to charge you as much for a k-cup as Keurig will. I think we need to remember the purpose for which section 1201 was enacted. It wasn’t enacted to give these manufacturers control over after markets. It is just not what it was for.
Denise: We had positive development along these lines from a federal judge in New York. I think related to the Apple E-book anti-trust litigation and parties that have come after Apple because of its e-Book strategy. This is called Abbey House Media versus Apple and Abbey House Media on its page pointed users to a free program they could use to remove DRM from their downloaded e-Books in order to have them available should they change reading devices etc. and the Judge in that case; I’m not sure if this was a claim or a counter claim. I think it was probably a counter claim by Apple against Abbey House that –oh they should be liable because they’re telling people how to break our DRM. The judge in that case found no that that was not inducing infringement that there was no allegation. That Abbey House or its users had engaged in that or that Abbey House had encouraged them; so simply pointing to DRM defeating technologies as we just did in showing you that video arguably would not be a problem per this judge in New York. I take it you think this was the right outcome Annemarie?
Annemarie: I think this was the right outcome. The other thing the court said in this case was that there was no proof that there was any underlying direct infringement because people who were being instructed on where to go to find circumvention tools were people who’d lawfully purchased those e-Books and were going to lose access to them because Abbey House had gone out of Business and was taking its business DRM servers down. I don’t know exactly what the factual details were around it but these were people who were going to lose access to works they had already purchased and Abbey House was simply saying to them here’s how you can strip the DRM away so you can port these books to other devices. So not only did the courts say that’s not a facilitation of infringement but there is no direct infringement that was being facilitated here by Abbey House. So I think it was a good decision on both of those fronts that there was no underlying infringement by the users and that Abbey House did nothing wrong.
Denise: So among other things that are being requested in the current exemption process the EFF is working on one that would exempt people tinkering with their cars to being subject to DMCA circumvention liability. There is a good list over at the EFF’s site that I’ll point you guys towards. It’s a little too long to read on the air here but if you google EFF and 2015 rule making you’ll find it and its on our discussion points on delicious; where they’re tracking not only exemptions that they are responsible for requesting but others as well. Dave, have you heard of any other notable ones that are in the offing?
Dave: There is one that I’m a bit familiar with that is interesting. It’s under the research side of the equation. A number of engineers have proposed an exemption for security researchers. The need for security researchers to have access to the systems that they are researching to determine vulnerabilities raise the very DMCA technological protection measure issues that the previous case alluded to. I know that that was a proposal that was put in to allow security researchers the ability to do their research and have access without running afoul of the TPN provisions. One of the interesting wrinkles here in my mind and I agree with Annemarie that the holding there was the right one; is a differences between circumventing technological protection measures and distributing devices that circumvent technological protection measures. A lot of the concern I think coming from the copyright industry ultimately boils down to that second issue. Individual access is one thing but the dissemination of devices that circumvent is another and from a policy and practical standpoint it seems to be that a lot of those exemptions have a much better chance as much as any of them have to be clear – a lot of those proposals have a better chance when they narrow the scope of what it is they’re trying to get around. The other thing I wanted to note was this issue of contributing to infringement and who is actually liable is one that comes up fairly regularly where courts are trying to figure out what exactly inducement is to the extent that courts narrowly construe the statute to hold an inducement is inducing literally copyright infringement and not something related to it and I think that’s a good thing.
Denise: Yes absolutely. I put this in for you Annemarie because this is someone else who reads contracts and terms of service – Sebastian Page of the idownload blog found some entertaining language in the iOS terms of service regarding jail breaking which is legal in the United States but Apple still really, really doesn’t want you to do it – really doesn’t want you to do it and they phrased it that way in their documentation. What they say is; “making unauthorized modifications to the software on an iPhone violates the iPhone software license agreement, the common term for modifying an iPhone is jail breaking with a particular emphasis on the second part of that term That’s why we strongly almost emphatically recommend that you do not do so – really! So just some interesting draftsmanship there and also I guess the issue contractually – and whether this is a good thing or not, the fact that this is legal in the US but still if you go ahead and do it you’re going to be violating your license agreement and Apple’s going to try to not service that phone as much as possible. Do you see a problem there Annemarie?
Annemarie: I do. I think the tension between what copyright law permits and what terms of service permit goes back for many years now. Questions about 1st sale doctrine and whether terms of service can prevent you from selling media that you have bought and that you have a right under the copyright act to resale if you want to. We live in a country where you can give up your constitutional rights in a contract and so it seems a little strange to think that you wouldn’t sort of be able to waive your right to jail break in a contract. I do think that its problematic when you have these mass sort of contracts of adhesion that all consumers have to sign where they are asked to give up rights that they affirmatively have under law. So I don’t know exactly what to say about that except that it seems problematic that the public law gives you something that then private law takes away. That has been the way of things with copyright for some time.
Denise: You mentioned earlier I think that that might be the province of the FTC to step in and say that that’s actually not ok to do?
Annemarie: I don’t know. They haven’t done that and I don’t think they will because it’s not as if Apple is engaging in some kind of deceptive trade practice. They’re not publishing some policy that they then turn around and violate. All they’re doing is using their power as the seller of that device to sort of set the terms under which you get the warranty. So if you’re willing to give up the warranty you can certainly go ahead and exercise your right to jail break a phone and that’s a cost that Apple is permitted to impose on its buyers. It’s one reason I don’t buy any Apple products.
Denise: Alright. Let’s look in a moment at the aftermath of the hack that Sony was involved in but not until we get to our second sponsor of this episode of This Week in Law which is Blue Apron. We’ve talked a lot about Blue Apron on this show lately and I’m so glad that we get to do so again right before the Holidays because I really want you to put this on your list both for your own Holiday entertaining; it’s going to make that so much easier and really a wonderful way to share deliciousness and easy gourmet cooking with your friends during the Holidays as well. Cooking and eating should be fun but if you’re busy or health conscious or just don’t know your way around the kitchen it can be a chore. I know this; I love to cook but frequently don’t have the time to go through all the steps involved in making a really wonderful meal. Ordering out is expensive and gets unhealthy pretty fast and who knows how long that food in the grocery store has been sitting around on the shelves or how far it’s had to travel but you can forget all that because you need Blue Apron to make cooking fresh delicious easy. Here’s how it works. You pay $9.99 per person per meal. Blue Apron then sends you a refrigerated box with the right high quality ingredients in exactly the right proportions and simple step by step recipe instructions. This all comes right to your door. These ingredients come from local farms so you’ll be getting produce that is currently in season and at the peak of its freshness. Meals are only 500-700 calories per serving though you’d never guess it given how delicious they are. They work around your schedule and your dietary preferences. Cooking takes about half an hour. Shipping is always free and the menu is always featuring new recipes. They’ll never send you the same meal twice. You’ll make meals like salmon with quick preserved lemon, quinoa curly kale or you could try cabbage and chard stirred fried rice with sweet potatoes and shiitake mushrooms. You’ll cook these and many, many more incredible meals and be blown away by the quality and freshness. Blue Apron is fast, fresh and super affordable. You’re going to cook like a gourmet chef. I know you might be skeptical about that but I’ve made plenty of these meals now and they’re really wonderful and really quite easy. So what you’re going to do is you’re going to see what’s on the menu this week and get your first 2 meals by free by going to BlueApron.com/twit. That’s right, 2 meals just for going to blueapron.com/twit. Thank you so much Blue Apron for the delicious food, the wonderful holiday help and your support of This Week in Law. Alright, let’s go take a quick look at Hollywood before we get out of here. So I think by now most people know that Sony was hacked. I saw it even came up in James Franco’s monologue when he recently hosted Saturday Night Live. So it’s out there in the public consciousness but Jonathan is Sony now trying to hack the hackers? What’s going on there?
Jonathan: So there’s a lot of ambiguity around this. It got kicked off by some reporting by Recode that was pretty ambiguous. So the article talked about how Sony had launched a distributed denial of service attack against folks who were hosting stolen files. But the details of the article seemed not really to be a d-dos attack but rather an approach to slow down downloads by spoofing folks in bit-torrent forms who had these files but not actually having the files. That raises a much lesser set of legal concerns and I think a much lesser set of policy concerns. Pretending you have some stolen files you don’t have is just not the same as knocking down folks who happen to have the stolen files.
Denise: Absolutely but will the law recognize that fine grain distinction do you think?
Jonathan: Oh absolutely. I think the provision more on point for denial of service attack is a portion of the computer fraud and abuse act; to be precise 1030e5A which deals with intentionally damaging computer systems. I think it’s hard to get to that sort of intentional damage out of claiming you have something and not having it. I’m not aware of a case that’s gone that way. Some courts have certainly stretched that provision but the most common use now seems to be around denial of service attacks and so I think that would be very clearly covered. I’m not aware of a case quite like that.
Denise: Ok. Before we go ahead and leave our entertainment related stories I guess a moment of silence for the Pirate Bay would be in order since they have rated again and don’t seem to be something that’s going to have a viable future at least for the immediate time being. Do you have any thoughts on Pirate Bay going down Dave?
Dave: This is an amazing history and short history of what happens when; just looking at the article again – what happens when you’ve got groups of individuals who’re gathered around a particular activity that causes a lot of high profile problems and when you hold up a lightning rod you get hit. My profound insight here is that all of the efforts as the article points out to prevent Pirate Bay from getting taken down don’t work very well. This is something again that Jonathan knows well and my own work on trade secrecy and I’ve talked to cyber security experts and I’ve said to them look if you have a bottom list pit of resources if you’re bowling and you can put all the money and tons of people into securing your network; what is our technological capability and the response is often “well we can detect intruders but we really can’t prevent them from going in. So in a broad sense the efforts to create networks to allow for this activity to go forward never seem to work as well as those who want to stop that behavior from happening. This has been the history of copy right infringement on the internet as well. I also wanted to note by the way quickly with regard to the previous story and the CFAA. Recognize that the computer fraud and abuse act which got a lot of attention after the tragedy surrounding the death of Aaron Swartz is in dire need of reform and not to circle back and hijack for the last few minutes to go back to trade secrecy but one of the primary goals we have in terms of imposing those bills is a suggestion that the solution to these problems of cyber espionage and computer security is not at all trade secret law but it’s to fix the CFAA. So those issues tend to recur.
Denise: That’s a wonderful segway because we have something about the CFAA in our resource section when we get to our tip and resources of the week. Before we go there I promised I would try and give you guys some fodder for your upcoming exams and that Keurig hacking Youtube video – of course the IRC chatroom all picked up on the Darth Vader music in the background but none of us mentioned it, so just mull on that. When one is making a video that tells you how to alter a non-licensed Keurig into working with the Keurig machine and one inserts into it presumably non-licensed Star Wars sound track music in the background – discuss on your copyright exam. Are you ready to put that one into practice Annemarie?
Annemarie: I think that’s a fair use parody.
Denise: There we go.
David: Can I say one last thing on that one?
Denise: Of course.
David: Just very quickly, and again I feel like I’m dating myself endlessly with all these references to old technologies and laws and I’m really going to date myself now but for those of you who remember the 5 and ¼ inch floppy disk that was so useful in the 80’s; one way to do a Keurig like hack of those disks which can only be recorded on one side – very similar to Keurig, a little slit that was on the side of it was to get a whole puncher and punch a similar hole on the other side of the disk to allow you to record on the other side. So this tried and true method of using tape and basic home craft aids in solving issues involving locking down technology is one that has a very rich history. So it brought back a happy memory for me in hacking all of my disks to make them twice as valuable.
Denise: Seems like we need a book cataloguing those sorts of instances Dave. You can put that on your plate. Alright, our tip of the week is that if you’re not already licensing things under creative commons you should start doing it because in 2015 someone is going to license the billionth creative commons licensed work. It could be you. So that’s my tip, if you’re not already using the creative commons license in the things you’re creating do it and you could be the billionth user. I’m sure balloons and things will fall from the sky if it does wind up being you. We have a couple of great resources for you this week. As promised a moment ago a great primer on the computer fraud and abuse act from Kim Zetter at wired. She says this federal anti-hacking statue prohibits unauthorized access to computers and networks and was enacted to expand existing criminal laws to address a growing concern about computer crimes; but law makers wrote the law so poorly that creative prosecutors have been abusing it ever since and we’ve had lots of instances of that that we’ve discussed on the show. Do you have any further thoughts on the CFAA, Jonathan?
Jonathan: Sure, I’ve actually done some research on my own on the statute. In a forth coming paper I did some purical work on understanding how CFAA gets used. Its turns out not only are there some potential for abuse in the sorts of fact patterns that you might not want to have under the statute. Not only is that potential that’s actually on the civil side. The most common set of fact patterns are the employer, employee disputes, the competitor disputes, where there really isn’t technical sophistication. It looks a lot like trade secret type litigation but it gets brought as hacking claims. On the law enforcement side most cases appear to be the sort of things we would consider a conventional hacking – some sort of technical sophistication circumventing some kind of technical protection. But there are still an awful lot of cases that don’t involve that and somewhat amusingly in a sense one of the most common fact patterns is law enforcement officers who have access to a proprietary data base and use that access in ways that the department prohibits by policy or just exceeds the scope of their job. Strangest case hands down; just to close with a goofy in a sense antidote – strangest case hands down was (I kid you not) a cannibalism conspiracy in New York where one of the participants was a New York police detective who was researching allegedly potential victims using department resources. He ultimately didn’t get convicted of the cannibalism issue but did get convicted under CFAA because he accessed department resources in violation of policy.
Denise: Delicious is all I can say. Yes that’s an odd way for the CFAA to come up and be applied. We have one more resource for you. In keeping with the holidays I figure you’ll want to know about this for 2 reasons. Number 1; people listening to this show might know other people for whom this would be a great gift and all of us will hopefully have some free time coming up over the holidays. On my reading list is the new audio book put out by Cory Doctorow of his book “Information Doesn’t want to be Free; Laws for the Internet Age”. He’s independently produced it, Wil Wheaton reads the whole thing. There are forwards by Neil Gaiman and Amanda Palmer. It’s $15 and is DRM free. It has no…so you won’t have to read the fine print. I’m sure its delightful and I’m looking forward to experiencing the whole thing. You put Cory Doctorow, Wil Wheaton, Neil Gaiman and internet laws together in one package for me and put it under the Christmas tree and I am one happy, happy gal. Hopefully that will be the case for others who listen to this show. This has been such a great panel. I’ve really enjoyed picking your brains about all the important issues we’ve discussed today. Dave, it’s always great to have you back on the show.
Dave: Thanks Denise so much. I always enjoy chatting with you and I’m a big fan of This Week in Law so thanks for having me back again.
Denise: Well we’re big fans of you so thanks so much. We really appreciate your time and your thoughts and the same goes for you Annemarie Bridy; so great to meet you over Skype and to have had a chance to chat with you on the show.
Annemarie: It was fun, let’s do it again.
Denise: Yes, definitely. Stay warm up there in Northern Idaho and Jonathan you do the same up there in the Bay area.
Jonathan: Thanks. It looks like the rain has stopped.
Denise: Yes, that’s because we got it down here in Southern California. It’s deluging outside here today but I know you guys just went through that as well. It’s so funny to me how here in California everything shuts down because of a bit of rain. We actually had school closures for rain up in Northern California as I understand it. Definitely we need it, but it has been throwing everything into a tail spin. Jonathan, it was great chatting with you; so fun learning about your work at Stanford. Anything else on your plate that you want to let people know about before we get on out of here?
Jonathan: We have some upcoming survey results on the 3rd party doctrine that may be of interest. So this is this doctrine that exempts metadata from constitutional protection. The notion is folks knowingly give out this information and therefore they waive their privacy interest. So with asking some ordinary folks; what do you think you know you give up? We should have some answers on that soon. We’re already pretty surprised by what we’re finding. Some pretty nuanced distinctions for example between cell phone location when someone’s using their phone versus when they’re not using their phone might be constitutionally salient. At any rate stay tuned.
Denise: Yes, that does sound really interesting. Keep up posted if you would. Annemarie, do you have anything going on in your studies or at your school that you want to let people know about?
Annemarie: In April we have the Idaho law review symposium called Privacy in the age of pervasive surveillance. Our keynote speaker is going to be David Medine; chairman of the privacy and civil liberties oversight board. We’re going to be live streaming that. It will be in Boise. Ed Felton of CITP will be there, Chris Legoyan. It’s really a wonderful lineup of people who are doing important work in privacy and surveillance and cyber security.
Denise: I’m so glad we got to bring up Ed Felton on this show because we’ve been talking much about the freedom to tinker and he’s been writing at that blog for a long time. Dave, how about you; anything going on at Elon or with you?
Dave: Yes, Sharon and I will have a longer piece on trade secret reform coming out in Washington – an online law review. That’ll be out in January and we are excited about that. I’m also going to have a piece trying to figure out a meaningful way to allow for public access international trade agreements given what TTIP is going. That’ll be out in the Spring as well. Those are the immediate things. More long term is looking at how trade secret law can be tailed by industry and how we think about information flows. So quite a bit of writing and sitting in front of computers but all towards a good end in the coming few months.
Denise: Alright. Well this has been a really wide ranging and fun show. I’m so glad you’ve all been able to join us. If you’ve been doing so on Friday at 11 o’clock Pacific time 19 UTC then you’ve been joining us live and we really appreciate that. That’s when we record the shows. However, don’t worry if you can’t catch it live. We’re going to be available for you on demand however you like. We’ve got a Youtube channel at www.youtube.com/thisweekinlaw. We’ve got our show page of course at www.twit.tv/thisweekinlaw where you can find our whole archive of shows. We’re on Roku, we’re in iTunes and various ways that you like to consume your Netcast entertainment. We’re going to be right there for you. If you check our show page you’ll see that there are many, many different ways to access the show and we encourage you to do it in the way that makes the most sense for you. We’re just happy to have you along for the ride. You can find me on Twitter. I’m @dhowell over there. That’s a great way to reach out to me between shows. Send me links and ideas; if you have something a little more confidential you’d like to share I do have email. I’m email@example.com. You can use that or if you just need some more room head on over to Google Plus or Facebook where we have show pages as well. Those are great places to reach out. Give us your feedback on this show or any others; give us guests suggestions, topic suggestions. We love to hear from you. These are huge topics that we follow here on This Week in Law and there is no way to know everything about them or what’s going on in all of these areas so we really rely on you our audience members to keep us posted what’s going on and what hits your radar that looks important so really appreciate your help with that. We appreciate you joining us today and we’ll see you next week on This Week in Law!