1 / 130

Legal and Regulatory Tutorial

Legal and Regulatory Tutorial. INET 2002 June 18, 2002 Jim Dempsey Mike Godwin John Morris. Legal and Regulatory Tutorial Copyright. INET 2002 June 18, 2002 Mike Godwin.

Faraday
Download Presentation

Legal and Regulatory Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Legal and Regulatory Tutorial INET 2002 June 18, 2002 Jim Dempsey Mike Godwin John Morris

  2. Legal and Regulatory TutorialCopyright INET 2002 June 18, 2002 Mike Godwin

  3. Based on materials prepared by Profs. Pamela Samuelson & David Post for the Computers Freedom & Privacy Conference, April 4, 2000. Edited and amended by Mike Godwin, CDT, for INET'01, updated for INET'02.

  4. WHAT IS “INTELLECTUAL PROPERTY” (A.K.A. “IP”)? • Rights in commercially valuable information permitting owner to control market for products embodying the information • Copyrights for artistic & literary works (including software) • Patents for technological inventions (also including software)

  5. WHAT IS “IP”? (2) • Trade secrets for commercially valuable secrets (e.g., source code, Coke formula) • Trademarks (e.g., Coca Cola, Coke) to protect consumers against confusion • Copyright and trademark law are the areas most likely to have international, civil-liberties significance on the Internet, and, of the two, copyright law is more likely to be significant than trademark law.

  6. ELEMENTS OF ALL IP LAW • Subject matter to be protected • Qualifications for protection • Who can claim • Procedure for claiming • Substantive criteria • Set of exclusive rights (rights to exclude other people's uses of the IP) • Limitations on exclusive rights • Infringement standard • Set of remedies

  7. ELEMENTS OF COPYRIGHT • Subject matter: works of authorship • E.g., literary works, musical works, pictorial works. NB: software (for copyright purposes) is a “literary work” • Qualifications: • Who: the author (but in US, work for hire rule) • Procedure: rights attach automatically (but US authors must register to sue; remedies depend on regis.) • Criteria: “originality” (some creativity); [in US] works must also be “fixed” in some tangible medium

  8. COPYRIGHT ELEMENTS (2) Set of exclusive rights (right to exclude others): • to reproduce work in copies, • to prepare derivative works, including translations • to distribute copies to the public, • to publicly perform or display the work, or communicate it to the public (broadcast) • “moral rights” of integrity & attribution • some rights to control acts of those who facilitate or contribute to others’ infringement (e.g., ISPs)

  9. COPYRIGHT ELEMENTS (3) Limitations on exclusive rights: • Fair use (e.g., Sony Betamax, Acuff-Rose) in US • Fair dealing in UK and Canada • First sale (e.g., libraries, bookstores) • Library-archival copying (e.g., ILL, course reserves) • Classroom performances • Special inter-industry compulsory licenses (e.g., cable-network TV) • Other (e.g., playing radio in fast food joint) • Constructing functional item from an expressive work (e.g., building a bicycle from a design)

  10. COPYRIGHT ELEMENTS (4) • Limitations on exclusive rights: duration • Berne standard: life + 50 years • EU & US: life + 70 years; 95 yrs from publication • Infringement standard: violating exclusive right (often copying of “expression” from protected work based on substantial similarity) • Remedies: injunctions, lost profits, infringers’ profits, “statutory damages,” costs, & sometimes attorney fees

  11. “UNCOPYRIGHTABLE” STUFF • Ledger sheets and blank forms • Rules and recipes • White pages listings of telephone directories • Facts and theories (although particular expressions of facts or theories are copyrightable) • Ideas and principles • Methods of operation/processes

  12. COMPILATIONS AND DERIVATIVE WORKS • Creativity in selection and arrangement of data or other elements = protectable compilation. (There has to be some small degree of creativity at the very least -- see, e.g., Feist v. Rural Telephone.) • Original expression added to preexisting work = protectable d/w (e.g., novel based on movie) • Compilation or derivative work copyright doesn’t extend to preexisting material (e.g., data or public domain play) • Use of infringing materials may invalidate copyright in compilation or derivative work

  13. INTERNATIONAL TREATIES • Berne Convention for Protection of Literary & Artistic Works • Basic rule: “national treatment” (treat foreign nationals no worse than do own) • Berne has some minimum standards (duration, exclusive rights, no formalities) • WIPO administers treaties, hosts meetings to update, revise, or adopt new treaties

  14. INTERNAT'AL TREATIES (2) • TRIPS (Trade-Related Aspects of Intellectual Property Rights) Agreement • Sets minimum standards for seven classes of IPR, including copyright, that binds WTO members • Must have substantively adequate laws, as well as adequate remedies and procedures and must enforce effectively • Dispute resolution process now available

  15. DIGITAL COMPLICATIONS • Digitized photographs of public domain works (e.g., Microsoft claims ownership in some) • Very easy to reselect and rearrange the data in databases; uncreative databases may be very valuable although not copyrightable; EU has created a new form of IP right in contents of databases to deal with this. (New right is analogous to copyright, but not the same as copyright. Database protection can have civil-liberties, freedom-of-inquiry implications. May affect journalism, scholarship.)

  16. DIGITAL COMPLICATIONS (2) • Digital environment lacks geographic boundaries • Very cheap and easy to make multiple copies and disseminate via networks • Very easy to digitally manipulate w/o detection

  17. DIGITAL COMPLICATIONS (3) • Can’t access or use digital information without making copies. (U.S. courts began this analysis by stating that even ephemeral RAM or transmission copies are "copies" regulable under copyright law.) • New ways to appropriate information (e.g., Motorola violated the law by “stealing” data from NBA games for sports pager device)

  18. DIGITAL COMPLICTIONS (4) • People see that much Internet information is free and expect it all to be (or nearly so). • Many and perhaps most individuals think that private copying doesn’t infringe copyright; much of industry disagrees. Some in industry would like to meter access to copyrighted works, so that all private use is for-pay.

  19. DIGITAL COPYRIGHT CONTROVERSIES • Linking, framing • iCraveTV case • Cyberpatrol case - extracting list of sites • RIAA v. Diamond (Rio player case) • UMG Recordings v. MP3.com • Napster • DeCSS cases • Sklyarov (AKA ElcomSoft) • Sonic Blue

  20. WIPO COPYRIGHT TREATY (1996) • Reproduction right applies to digital works (but no agreement on temporary copies) • Exclusive right to communicate digital works to the public by interactive service • Fair use and other exceptions can apply as appropriate; new exceptions OK • Merely providing facilities for communication not basis for liability

  21. WIPO TREATY (2) • Tampering with copyright management information to enable or conceal infringement should be illegal • Need for “adequate protection” and “effective remedies” for circumvention of technical protection systems • Treaty not yet in effect, but US has ratified and implemented through DMCA; Canada has signed; EU has adopted a directive similar to DMCA (see Hugenholtz analysis/criticism).

  22. DMCA • Digital Millennium Copyright Act (1998) • “Safe harbor” provisions for ISPs based on notice and takedown • Section 1201: anti-circumvention rules • Section 1202: false copyright management information(CMI)/removal of CMI

  23. DMCA ANTI-CIRCUMVENTION RULES • WIPO treaty vague • Campbell-Boucher bill in US: proposed to outlaw circumvention of technological protection systems to enable copyright infringement (would have linked circumvention offenses to intent-to-infringe cases. • MPAA: wanted all circumvention outlawed • DMCA: illegal to circumvent an access control, 17 U.S.C. s. 1201(a)(1) • But 2-year moratorium; LOC study; 7 exceptions

  24. EXCEPTIONS TO CIRCUMVENTION RULE • Legitimate law enforcement & national security purposes • Reverse engineering for interoperability • Encryption research and computer security testing • Privacy protection & parental control

  25. ANTI-CIRCUMVENTION DEVICE PROVISIONS • Illegal to “manufacture, import, offer to public, provide or otherwise traffic” in • any “technology, product, service, device, [or] component” • if primarily designed or produced to circumvent technological protection systems, if only limited commercial purpose other than to circumvent technological protection systems, or if marketed for circumvention uses

  26. MORE ON DEVICE RULES • 1201(a)(2)-- prohibits manufacture etc. of devices to circumvent effective access controls • 1201(b)(1)--prohibits manufacture etc. of devices to circumvent effective controls protecting a right of copyright owners • Actual & statutory damages + injunctions • Felony provisions if willful & for profit

  27. PROBLEMS WITH ACCESS/CIRCUMVENTION REGS • Existing exceptions overly narrow • No general purpose exception • Not clear that fair use circumvention is OK • May be used to penalize circumvention when there is no underlying “right” being protected (e.g., when protected work is in public domain)

  28. MPAA v. REIMERDES • CSS is effective access control for DVDs • DeCSS circumvents it & has no other commercially significant purpose • Injunction against posting of DeCSS on websites or otherwise making it available

  29. DVD-CCA v. McLAUGHLIN • Trade-secret misappropriation case (actually, a copyright case presented as if a trade-secret case). • CSS = proprietary information; DVD-CCA took reasonable steps to maintain secret • Inference: someone must have violated clickwrap license forbidding reverse engineering • Breach of agreement was improper means • Even though DeCSS on web for 4 months, not to enjoin would encourage posting trade secret on Web

  30. DIGRESSION: ELEMENTS OF TRADE-SECRET LAW • Information that can be used in business that is sufficiently valuable & secret as to afford an economic advantage to the holder • Outgrowth of unfair-competition law • No “exclusive rights” as such, but protected vs. use of improper means & breach of confidence • Independent development & reverse engineering are legitimate ways to acquire a trade secret • Relief generally limited to period in which independent development would have occurred

  31. IMPLICATIONS OF DVD-CCA • Anti-reverse engineering clauses are common in software licenses; enforceability much debated • Judge treat information obtained through alleged reverse engineering as trade secret • Johansen didn’t reverse engineer, nor did many posters, yet held as trade secret misappropriators • Judge enjoined information that had been public for several months may be error

  32. Hollings Bill/Tech Mandates/CBDTPA • W/in 1 year, makers of computers and consumer electronics, consumers and copyright owners should develop standards and encoding rules. • If the private sector fails to agree, FCC develops standards. (Linked to DTV policy) • All "digital media devices" -- TVs, audio and video players, and PCs, as well as many other devices -- must respond to those standards. • Rules would have to preserve fair-use rights, e.g., educational/research purposes and some consumer copying.

  33. CONCLUSION • Digital technology has posed many difficult questions and problems for copyright law • Much remains in controversy; how current cases are resolved matters a lot • Possible to build balance into law, but US “selling” broad anti-circumvention rules. • Gap in perception about law between copyright industry and the public • Easier to see the risks than the opportunities

  34. Legal and Regulatory Tutorial Consumer Privacy Overview INET 2002 June 18, 2002 Jim Dempsey

  35. Three Branches of Privacy 1. Consumer privacy - the right of individuals to control information about themselves generated or collected in the course of a commercial interaction. Referred to in Europe as "data protection." 2. Government records - the right of individuals to fair treatment of PII "voluntarily" submitted to the gov't - tax, welfare, property records. 3. Search and seizure law - right of individuals against unreasonable gov't privacy intrusions involving coercion. In the US, based on the Constitution's 4th Amendment.

  36. The Online Privacy Problem • Online Privacy Risks • Collection of information to an extent never before possible: click-stream data, location information. • Aggregation of data across time, space, applications, vendors - creating a detailed dossier of activity and thought. • Retention is cheap and easy. • Distribution is cheap and easy too. • An Enduring Cause of Public Concern • Survey data and business experiences show that privacy is a major consumer concern and impediment to e-commerce. (Irony: Most do nothing about it.)

  37. Fair Information Practices • Consumer privacy protection in the US and Europe, as well as under the guidelines of the OECD, is based on the following principles: • 1. Notice - before the collection of data, the data subject should be provided notice of what information is being collected and for what purpose • 2. Consent/choice - an opportunity to choose whether to accept the data collection and use. • Opt-out versus opt-in: In Europe, data collection cannot proceed unless data subject has unambiguously given his consent (with exceptions).

  38. FIPs (2) 3. Collection Limitation - data should be collected for specified, explicit and legitimate purposes. The data collected should be adequate, relevant and not excessive in relation to the purposes for which it is collected. 4. Use/Disclosure Limitation - data should be used only for the purpose for which it was collected and should not be used or disclosed in any way incompatible with those purposes. 5. Retention Limitation - data should be kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the data was collected.

  39. FIPs (3) • 6. Accuracy - data must be accurate, complete and up-to-date; reasonable steps must be taken to ensure that inaccurate or incomplete data is corrected or deleted • 7. Access - a data subject should have access to data about himself, in order to verify its accuracy and to determine how it is being used • 8. Security - those holding data about others must take steps to protect its confidentiality • 9. Accountability/ Enforcement - through a combination of informal complaint resolution and law

  40. The Three Components of Effective Privacy Protection • Privacy by design • Self-regulation/consumer education • Law

  41. Privacy by Design • Building privacy into the technology. • Collection limitation • Don’t transmit, collect, retain, or share data unless essential • Example: Log retention • Authentication ≠ Identification • Limit personally identifiable data • Allow for anonymity, pseudonymity, proxies, trust agents • Enhance user control

  42. Privacy by Design • P3P - the Platform for Privacy Preferences • www.w3.org/p3p • www.p3ptoolbox.org • User control • E.g., Wireless location: Handset versus network • Privacy Enhancing Technology • Encryption • Anonymizers • Free or pre-paid services • Cash - the best privacy technology in the world

  43. Self Regulation and Consumer Ed • TRUSTe and BBB Online - seals • OPA guidelines - www.privacyalliance.org • DMA - do not call/spam/mail lists • Privacy policies • www.consumerprivacyguide.org • www.privacytoolbox.org Privacy can and will be a source of competitive advantage (?)

  44. The Government Access Problem • The best corporate privacy practices are of limited help if sensitive information is readily available through other means without adequate privacy protections. • Access can take place in the course of criminal investigations, or civil discovery in a range of contexts. The customer subject to a subpoena or court order need never have violated the law.

  45. Current Federal Privacy Laws • Fair Credit Reporting Act (1970) • Privacy Act (1974) • Right to Financial Privacy Act (1978) • Video Privacy Protection Act (1988) • Drivers Privacy Protection Act (1994) • Health Insurance Portability and Accountability Act (1996) • Children’s Online Privacy Protection Act (1998) • Title V of Gramm-Leach-Bliley(1999)

  46. Current Federal Privacy Laws (2) • Electronic Communications Privacy Act (1986) • Family Educational Rights and Privacy Act(1974) • Sec 445 of the Gen'l Educational Provisions Act • Privacy Protection Act (1980) • Sec. 222 of the Communications Act (1996) • Cable Communications Policy Act (1984) • Telephone Consumer Protection Act (1991)

  47. EU Data Protection Directive • Implemented country-by-country • FIPs - obligations on "data processors" • Data protection commissioners • Exceptions • Transborder flow • Adequate level of protection • US - EU Safe harbor • http://www.cdt.org/privacy/eudirective/

  48. Example: Location-Based Services • Wireless devices provide desirable new services and generate sensitive information based on location • Logging is a critical issue. Records of location can be a tool for surveillance and a treasure trove in lawsuits. • Platform-Specific Difficulties • Constraints on privacy policies, privacy seals • Traditional opt-in/opt-out harder to present • What is meaningful notice and choice in the wireless context?

  49. Location-Based Services (2) • Identification and Anonymity • Wireless data services appear to provide a clearer connection between a user’s activities and identity. Ex: Impact of sharing user phone number with wireless applications providers. • Meaningful notice and choice for consumers should be an essential part of the design of location-based services. • Key point: Authentication ≠ Identification

  50. Location-Based Services (3) - Federal Legislation (c) Confidentiality of customer proprietary network information. (1) Privacy requirements for telecommunications carriers. Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable [CPNI] in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

More Related