Wi-Fi Wiretapping Update

There isn’t a whole lot going on in the world of intellectual property at the moment (though make sure to check out the Senate hearings on the NSA’s data collection programs…that’s pretty important).  The only real interesting update (involving a previous post) was that Google petitioned the Ninth Circuit to reconsider its earlier decision stating that intercepting data from unencrypted Wi-Fi constituted wiretapping.  Google’s logic?  Calling Wi-Fi signals “wiretapping” will create confusion as to what radio signals a user can and cannot legally intercept (including radio and TV signals).  I find this reasoning lacking.  The court opinion made it clear that they considered the more common usage of the term “radio communications” to be the one referenced by the Wiretap Act (listening to the radio for instance) and not to all radio transmissions.  Lack of clarity was not a problem with the Ninth Circuit’s original ruling, and Google did little to challenge the ruling beyond simply saying that they thought it was wrong.

In other news, Valve spent the week making a number of announcements concerning their future (available at http://store.steampowered.com/livingroom/).  At time of writing, Valve announced two new products: SteamOS and Steam Machines.  SteamOS is a new, Linux-based operating system optimized for running games, while Steam Machines represent Valve’s first attempt at a game console.  There is a third announcement pending (likely for a new controller, though I still hold out hope for particular game announcements).

I’m personally still not sold on either of these products.  SteamOS’s success requires a large portion of PC gamers to change over to a completely different operating system.  That isn’t impossible (and Valve has the best shot at pulling this off), but such an effort strikes me as overly ambitious.  I suspect that without a great deal of developer support (in the form of some big name games made as SteamOS exclusives) this operating system will have a hard time getting off the ground.  I do think that for some people (you know who you are…), SteamOS is a godsend though.  There have always been a contingent of PC gamers who stayed on Windows only because game and game hardware driver support is significantly better than Linux or Apple’s.  SteamOS may provide those people with an excuse to leave Windows entirely, but I feel like that’s not a large enough number of people to make the operating system a success.  Some of the cooler features (like game streaming over a home network) gives this thing a better shot.

The Steam Machine has a better shot though.  My skepticism there comes mostly from the need to compete against Sony and Microsoft in the living room.  The XBox and Playstation (and the Wii from Nintendo) dominate that market, and would seemingly create an uphill battle for Valve.  I suspect that Valve is aiming for a different audience entirely: PC gamers who want a set top box that makes it easier to share their game libraries across multiple devices.  Given Valve’s game loaning program (announced earlier in the year), that appears to be an emphasis for them recently.  Having a device that manages living room entertainment intuitively definitely gives a company like Valve an opening.  I suspect that the third announcement, whatever it may be, will help determine how viable this business venture is.  For what it’s worth, I look forward to seeing Steam Machines and SteamOS in action when they become available.

That’s it for me.  See you all next week.

Advertisements

The Right to Be Forgotten

Google’s Eric Schmidt has said, on a few occasions, how he thinks that teenagers should have a right to be forgotten (or a delete button for their past).  This right would allow for teenagers to delete information posted about them (either by themselves or other parties, like their parents) if they deemed that information embarrassing.  There is a certain logic to this idea; we all do stupid things as teenagers that we’d rather people didn’t remember (and the internet has a long memory).  Outside of the European Union (which has discussed the idea seriously since 2010), this idea was mostly academic in the United States.

Recently, California enacted a law that allows minors to remove content they posted (starting in 2015).  The California law is relatively limited: it only allows for the individual to delete content they generated, but companies do not have to remove this information from their servers.  The law also does not allow for the deletion of others’ postings of the person’s content.  In other words, you can delete your own tweets but not the retweets (or shared statuses, or any number of other forms of digital sharing).  This seemingly makes the law rather toothless, but the idea raises a number of concerns.

First, as the Center for Democracy and Technology points out in the BBC article above, there is a potential chilling effect.  Content hosting sites might limit their functionality for younger users since they rely on posted data for their advertising revenue, due to legal uncertainty.  This is a fair concern, but one that likely will not come to pass.  The California law does not permit a person to delete reposts of their content or have the content deleted from the site’s servers.  These limitations ensure that some value remains in what younger internet users post to sites like Facebook or Twitter, even if these users can delete the original post.  Facebook can, for example, still analyze whatever marketing data produced by the status (even if it is deleted) because they retain a copy of it.

The second concern, as addressed by law professor Jeffery Rosen in the Stanford Law Review, is more difficult to navigate.  There are free speech concerns in allowing individuals to potentially shape what others have to say about them online.  People could potentially abuse the right to be forgotten to squelch criticism.  Even without a right to be forgotten, people occasionally try to force other internet users to take down embarrassing information about them.  Shortly after the Super Bowl, Beyonce’s publicist tried to get content aggregation site Buzzfeed to remove a number of unflattering photos of the singer.  Instead of taking the photos down, Buzzfeed opted to highlight a few of the more humorous photographs.  These photographs then moved on to internet meme status as the disagreement became news, highlighting how hard it is to remove information posted by others on the internet.  If the right to be forgotten existed at the time, Beyonce and her attorneys might have had the photos removed through a legal order.  Furthermore, such a broad right to be forgotten is likely unconstitutional.  The Supreme Court stated that the First Amendment protects the right to publish truthful information that one acquired legitimately (Florida Star v. B.J.F., 491 U.S. 524 (1989)).  This precedent likely applies to information published by third parties.

In other news, Dish Network’s ad-skipping technology on the Hopper avoided getting enjoined in a Los Angeles Federal court.  The ad-skipping software can stay in place until the case concludes.  The actual opinion was not released, however, so I can’t say more on that in the meantime.

Finally, Valve announced that they will release their own Linux-based operating system (called SteamOS).  While I’m a little skeptical of the odds of getting the whole PC gaming community (or even a large portion of it) to move to Linux, SteamOS does have some neat features worth looking into further.  The major intriguing one (for me) is the ability to stream games installed on one device to another device on the same network.  As someone who occasionally likes to game in front of his TV (usually playing a strategy game of some type), that sounds like a useful feature.

Anyway,  that’s it for today.  See everyone on Friday. 

 

Facebook Likes Get Constitutional Protection

New technology often raises difficult constitutional questions.  New forms of communication inevitably raise the issue of whether that communication is protected speech (as in, speech protected by the First Amendment).  Sometimes, this question is easy.  A status on Facebook or a tweet likely receives constitutional protection because they (usually) express ideas and beliefs.  The “likes” on Facebook (where a person clicks a button to register their approval of a particular status, item, movie, etc.) represent a tougher question.

The Fourth District Court recently held that Facebook likes represent protected speech under the First Amendment, available here.  The plaintiffs in this case were employees of a sheriff’s office in Hampton, Virginia who supported the sheriff’s opponent during the sheriff’s re-election campaign.  Two of these employees liked the opponent’s Facebook page, which the sheriff argued was not protected speech (and thus result in a dismissal).  There were a number of other activities that the group of plaintiffs engaged in to support the sheriff’s opponent (to the point that one wonders what kind of boss he was), but the plaintiffs could only demonstrate the sheriff’s actual knowledge of the Facebook likes. 

The court’s logic for such a decision is rather straightforward: clicking the like button on a politician or their campaign’s page signals an individual’s approval for politician and agreement with that politician’s views.  While this is a rather minimal form of expression, it still represents political expression.  While there is a long-standing debate over what actual speech is protected and what is not (such as defamation or “fighting words”, scholars and judges universally state that the Constitution protects political speech.  The Court went so far as analogizing the like in this case to placing a sign on one’s lawn (which the Supreme Court specifically stated is protected speech).

Practically, this does not mean much for most people.  The First Amendment (as well as most of the rest of the Constitution) only applies to the government.  Private sector workers can’t claim a First Amendment defense if they get fired for liking a group or status mocking their boss (not without some statute saying otherwise).  Still, it is nice to get a ruling defining Facebook likes as protected speech.  More importantly, having a form of electronic communication as simple as a Facebook like deemed protected speech opens up the door to a number of other, similar social media activities.  Courts can apply the Fourth Circuit’s logic regarding Facebook likes to, say, retweeting other people’s tweets on Twitter (say that three times fast…) or sharing statuses on Facebook.  The ruling also keeps the door open to other future forms of digital expression that, like Facebook likes, might not constitute “speech” in the conventional sense.

And on that note, have a wonderful Friday.  I’ll see you all next Wednesday.

Pandora (and Internet Radio) Survive Round One

Pandora recently sued the American Society of Composers, Authors & Publishers (ASCAP) over an attempt by ASCAP to limit the scope of the library made available to Pandora.  Pandora and ASCAP previously had a fee agreement that expired in 2010, and were unable to come to terms on a new fee agreement.  During the negotiations, a few record labels (such as EMI) attempted to withdraw “new media” rights from the ASCAP in order to negotiate with Pandora separately.  ASCAP, in turn, threatened to withdraw a number of songs from Pandora.  Pandora argued that an antitrust consent decree requiring ASCAP to provide its entire library in its licensing deals (and prevent the labels from withdrawing), and moved for summary judgment.  The New York federal court agreed with Pandora, and granted summary judgment in their favor. 

From a copyright perspective, radio (especially internet radio) is a strange beast.  Terrestrial radio (the kind you hear over a radio set in the car for example) operates under different licensing rules than most other licensees, with an explicit exemption from the US Copyright Office (at section 110(5)(A)) from normal licensing requirements for performances.  In other words, radio stations don’t need to ask the artists for the right to replay copies of the artists’ songs each time they choose to replay a song.  The US Copyright Office (through the Copyright Royalty Board) did not extend this protection to internet or satellite radio, which must pay royalties in order to play songs.

In addition, ASCAP’s role causes this case to stray even more from traditional copyright law.  Normally, artists can negotiate whatever deal they see fit with other groups over aspects like performance rights.  After all, copyright law gives the copyright holder control over reproduction or performance (including public performance) of a work.  ASCAP, however, has some special restrictions on it dating back to the early 1940s.  The most relevant in this case is that the New York federal district court has to approve any fee agreement ASCAP negotiates (due to monopoly worries).  As a result, the court’s ruling here means a lot for the final fee agreement.

The court’s logic rested on how they defined what constituted a work in ASCAP’s repository.  ASCAP argued that this term only applied to works they currently possessed a specific license to, whereas Pandora argued it applied to their entire library.  The court held that Pandora was correct, since at the time of the license ASCAP did not categorize their song and artist licenses by type or format.  As a result, ASCAP could not withhold certain songs simply because certain labels decided to withdraw the “new media” rights to them in order to negotiate with Pandora separately.

This case potentially means a lot for the nature of the final agreement.  Pandora is pushing for lower licensing fees, which would be easier to acquire under ASCAP’s consent decree than through separate licensing agreements with individual labels.  This is especially important given the upcoming court case in December considering what constitutes “reasonable” rates for ASCAP to charge.  Preserving access to ASCAP’s entire library while arguing that the current licensing fees are unreasonable is in Pandora’s interest.  There are also a number of internet radio services, but Pandora is the most prominent.  The rates they receive from ASCAP likely set the bar for the rates other internet radio services, like Slacker and Tunein, receive.

This entire case begs a broader question: why does internet radio have to pay licensing fees when terrestrial radio does not?  Does the difference in medium really change whether radio receives an exemption from infringement actions while internet radio does not (beyond the fact that the US Copyright Office says so, of course)?  There doesn’t appear to be a clear policy reason why regular radio receives such a broad exemption when internet radio does not, beyond the fact that terrestrial radio has existed longer (making it more entrenched politically).  The exemption exists because radio broadcasters convinced policymakers that radio provides marketing for new songs, but this logic applies equally well to satellite and internet radio (as well as pretty much any means of streaming music).  While there have been a number of attempts to argue against the radio exemption (notably during a hearing over a bill to reduce royalties for internet radio), there does not appear to be much movement in this regard.  I doubt this larger question will arise during Pandora v. ASCAP.  However, I would not be surprised if lawmakers continue asking why this question any time the issue of internet radio royalties arises.

 

 

Steam Borrowing Becomes Real and Copyrighted Legal Codes

There wasn’t one big topic to tackle today, so I decided to cover two smaller ones.

Valve recently announced their long speculated “Family Sharing” plan on Wednesday.  Basically, a user can share their game library on up to ten different devices.  Anyone using that account on the different devices will have access to the user’s entire Steam library.  There are some important restrictions.  First, players can only play one copy of a particular game at a time.  If another user is borrowing a digital copy of a particular game, no other user can access it on that account.  The second major restriction is on a by game basis.  Some games on Steam require third party keys or account log ins for access.  For example, Far Cry III requires the user to log in to an Ubisoft Uplay account in addition to their Steam account.  Uplay may, as a result, bar players from sharing their copies of Far Cry III with other users on their account.

What’s interesting to me is how aspects of the plan reflect pre-existing licensing agreements between Valve and various game publishers.  Valve clearly allows, as part of its licensing deal with publishers, for various third party authentication software in the forms of digital accounts.  Using the earlier Uplay example, Ubisoft’s licensing deal with Valve clearly allows for Ubisoft to require users to maintain a working Uplay account to access the game.  In addition, the “only one copy of the game can be active at a time” restriction appears designed to prevent multiple users from gaining the benefit of multiple copies through one purchase.  While this program is probably a step in the right direction, it illustrates a common complaint of gamers: a lot of digital software gets greatly restricted by the rights holder in the end.

The second issue is an interesting one involving copyrighting building code ordinances.  A website, called Public.resource.org, opted to republish building code ordinances (written by groups such as the Sheet Metal and Air Conditioning Contractors National Association) that normally must be purchased by the authoring group.  The website’s owner, Carl Malamud, argues that since these ordinances have the force of law (many states incorporate them into their safety laws), they should be available to the public. The various trade organizations argue that copyright protects their ordinances as they would any other work.

As the article points out, laws are normally not copyrightable (the government generally cannot create copyrightable works, according to section 105).  Copyright protection comes into existence for “original works of authorship fixed in a tangible medium of expression.”  When created by legislators, laws generally aren’t a “work of authorship” or “original” as understood by copyright law.  The Copyright Act provides a list of categories that constitute “works of authorship” (though that list is not all inclusive and the categories are intentionally broad”).  In addition, normally the author must contribute something unique to the work.  In order to do that, they have to independently create the work and possess a modicrum of creativity (Feist v. Rural Telephone Service).  The issue in this case is probably not the  independent creation aspect (these entities went to great length in their complaint to talk about how much effort goes into creating these safety ordinances).  Whether laws created independent of government legislators fits the “modicrum of creativity” requirement is another matter.  Normally, copyright does not possess a high threshold for a work to have a modicrum of creativity.  Generally, this bars protection for works like compilations (like a phone book) unless the organization of that work is creative in some respect.  Even then, the actual information is not copyrightable in that circumstance.

The other major obstacle for protection of laws created by private entities is conceptual separability.  Generally speaking, copyrightable works must be creative in some respect.  If the work is purely utilitarian, then it cannot receive protection.  There’s a famous case involving those ribbon bike racks in parks called Brander International v. Cascade Pacific Lumber, which sets the standard here.  Brander holds that if the creative aspects cannot be separated from the utilitarian ones, then the work cannot be copyrighted because those aspects are not conceptually separable.  This concept might not be a significant bar however.  The purpose of conceptual separability is the preventing parties from getting copyright protection for items more suited for patenting (which they cannot get for whatever reason).  If the court chooses to hold to that idea, rather than a broader notion that copyrighted works should ultimately be creative in nature, then conceptual separability might not be a significant bar to copyright protection.

How the court rules on this should be interesting.  My instincts lean towards laws not being copyrightable, even when developed by private actors (though they might have a case for the manner in which they compiled these laws).  The trade organizations didn’t provide any insight into why they think they deserve copyright protection, beyond merely registering the copyright.  The court’s logic, one way or the other, should be particularly interesting.

Anyway, that should wrap things up for this week.  Have a great weekend everyone, and I’ll see you all next Wednesday.

Street View Wiretapping

Today’s article deals with two rather complicated items: the federal Wiretap Act and Google’s Street View program.  For those unfamiliar with Street View, Street View is a service Google provides as part of their Google Maps program.  Basically, Google sends out a fleet of special cars with cameras to take pictures of the streets.  Google then compiles these pictures into complete images of the road at street level, which the user can then access.  Street View recently got a rather hilarious mention in the show Arrested Development.

The case in question (Joffe v. Google) deals with the information these cars gathered while taking these street level pictures.  Specifically, the plaintiffs alleged that Google’s cars collected a vast amount of data from nearby Wi-Fi networks.  Google later revealed that their cars collected MAC addresses and SSIDs (which serve to identify Wi-Fi networks), as well as transmission data sent over the Wi-Fi networks (such as emails, passwords, and payment information).  Google argued that Wi-Fi represented an electronic communication (which do not receive protection under the Wiretap Act) and that the case should be dismissed.  The Ninth Circuit Court of Appeals disagreed, and sent the case back to the District Court for trial.

The importance of this case lays in the ruling placing Wi-Fi under the protection of the federal Wiretap Act (18 U.S.C. 2511).  The Wiretap Act is a little convoluted in terms of what it does and does not protect, with a large subsection ((2)(g) specifically) detailing transmissions the Act does not cover.  Google, in particular, argued that Wi-Fi (particularly unencrypted Wi-Fi) represents an electronic communication that is “readily accessible to the public” and thus not subject to protection under the Wiretap Act.  The Wiretap Act also has a broad exemption for radio transmissions, generally barring liability in regard to radio.  The lower level court, referencing an earlier ruling (In re Google Inc. St. View Elec. Commc’n Litig., 794 F. Supp. 2d at 1076–81), held that “radio communications” only applies to traditional radio services and not to newer technologies (such s Wi-Fi and cell networks) that also use radio waves.  The case itself goes into great detail as to why Wi-Fi does not constitute a radio communication under the Wiretap Act.  This argument mostly boils down to the colloquial definition of radio communication (basically, listening to audio transmissions on a radio) being the legal definition instead of the technical one (any device that uses radio waves to transmit information).  Google could thus not claim the broader radio communications exemption, which would only grant protection to encrypted networks.

The next step for the court was to decide whether information transmitted on unencrypted Wi-Fi is “readily available to the public.”  This is the area where I would expect a court to rule in a way that is both obvious and (in my opinion) incorrect.  Most judges would see the word “unencrypted” and assume that the data is available to the public without doing a deeper investigation into how Wi-Fi operates.  In this case, the court gave two reasons for why they felt that unencrypted Wi-Fi is not readily accessible to the public.  First, the transmission of a Wi-Fi network is geographically limited (rarely transmitting beyond the walls of the house in which they are located…usually no more than 330 feet).  The opinion compares the relative power and transmission distances of Wi-Fi and AM radio, noting that AM radio stretches for around 100 miles.  The court reasons that such a severe limitation in transmission range limits the intended purpose to private usage.  The second reason given is that Wi-Fi networks still require some device authentication in order to share payload data.  Decoding this data requires special equipment and expertise, both of which the general public lacks.  As a result, collecting data from an unencrypted Wi-Fi network represents a violation of the Wiretap Act in the Ninth Circuit’s view.

This is a very important ruling for data privacy purposes.  First, it clears up an important unanswered question regarding what protections the Wiretap Act offered Wi-Fi networks.  Since most people have Wi-Fi networks as their home network, obtaining transmitted information (such as passwords and credit card numbers) any Wi-Fi network is illegal.  Given the prestige of the Ninth Circuit when it comes to technology issues (their proximity to Silicon Valley means that they handle a lot of internet and tech derived cases), this ruling could potentially provide a very influential piece of precedent (even if Google still has to undergo the actual trial).

Autonomous Cars

Self-driving cars present some intriguing possibilities to me, as a piece of technology.  I personally like the idea of reading a book while my car drives me to work in the morning, and some of the ownership possibilities (such as owning a self-driving car with a small group of people) are especially tempting.  Google famously has a fully autonomous car in the works, but other companies also have their own self-driving cars in the pipeline.  These cars run from being fully autonomous to having certain features in the car automated.  For example, Volvo has a braking system that automatically detects obstacles on the road and adjusts accordingly. Similarly, Mercedes invested tons of money into a system that can stop the car or keep it in the lane in an emergency as an additional feature for their S-Class sedan.

As a geek, I find this technology fascinating.  As an attorney, I wonder about how the legal system will treat these vehicles.  Currently, establishing liability for speeding or accidents is pretty simple.  Cars have an owner and operator (though they aren’t always the same person) who would possess some liability should the car be involved in some violation of the law or cause injury.

First, certain common driving violations might not even apply to self-driving cars.  There are a number of driving laws designed to combat certain human limitations. Speeding and DUIs represent the most obvious examples of this category of law.  A computer operated vehicle does not get drunk (though if it could, that would represent a rather strange breakthrough), rendering the DUI inapplicable.  Speeding is built around limitations in human reflexes leading to state-issued determinations on what speeds in which it is safe to operate a car.  Computer technology not only gets around some of those limitations, it can likely be set to adhere to speed limits if need be.  There are even other laws that might go by the wayside.  Running a red light, for instance, might not be necessary since intersections would operate differently.  As this article from The Atlantic demonstrates, a world of self-driving cars could handle infinitely more complicated intersections since this system ensures a constant flow of traffic based on what everyone else is doing (no lights necessary).

That leaves the issue of tort liability, which will likely still exist.  It is not clear how much legal responsibility the human driver bears for the actions of the vehicle, since one of the assumption with self-driving cars is that the human operator can assume manual control of the car in situations the computer cannot handle.  As this Stanford Center for Internet and Society white paper points out, owners often retain some liability for the actions of a person whom they let drive.  There would still be a need to operate the vehicle prudently (as currently required by law), and a driver may still be liable for negligent actions committed during operation of a self-driving car.  The issue would be when that liability begins: would it begin when an individual directly operates the car, would they need to intervene to stop an accident during certain circumstances, or would the owner of a car always remain liable for any accidents resulting from operation of the self-driving car?

A significant part of determining liability also hinges on how states define the prudent operation of a motor vehicle in this circumstances.  The Stanford article claims that this arises in three ways: inputs (the instructions the human operator provides to the car), outputs (how the vehicle performs with other cars), and vigilance (how much attention the driver must pay to the road).  All three provide some duty on the part of the driver and thus creates the possibility of negligence.  However, state determinations will determine the precise nature of these duties and how they impact drivers.  Requiring a human driver to pay as much attention to the road in a self-driving car as they would when driving manually would impose a potentially high duty to pay attention even when one does not actually drive the car.  Self-driving cars will likely get into accidents less frequently than people (given how big of a factor human error represents in-car accidents), but an owner may retain some responsibility for the accidents that do occur due to this prudence requirement.

Finally, Bryant Walker Smith points out another, more subtle issue in this article from Slate.  Self-driving cars have the potential to collect a great deal of data regarding the comings and goings of their owners.  How companies use and secure that data (and when they’re forced to disclose it) represents a major question.  In order to operate, these cars use a variety of positional sensors, GPS, and driving data that would tell those reading the data an extraordinary amount about the person who owns the car.  Think about how much someone could tell about you if they could see exactly where your car went over the course of a few weeks or months.  I would go further than Smith, and wonder about the Fourth Amendment implications of such a technology.  Would courts consider an owner to have a reasonable expectation of privacy in the data held by their car?  Would police be able to conduct a search of such data without a warrant?  Courts would likely have to spend years considering the expectation of privacy people have in the data stored in a car’s onboard computer?  The closest case I can think of is U.S. v. Jones, which dealt with the police placing a GPS tracking device on a car without a warrant.  The court found that use of such a device to track a vehicle’s movements represented a search under the Fourth Amendment (and thus needed a warrant).  However, the majority of the Court argued that placing the GPS tracker on the car represented a trespass (which would not apply to a computer in the car itself).  Two other justices wrote opinions articulating different theories (one saying that the GPS tracker violated the defendant’s privacy and the other questioned the general constitutionality of GPS surveillance).  Until the Supreme Court hears a case dealing with a police search of the information stored on a car’s onboard computer, there likely won’t be a definitive answer to this Fourth Amendment question.

How states and courts resolve these issues will take years of policy and legal debates to sort out.  While the technology may be coming quickly, the changes a self-driving car represents for transportation regulation are enormous.  I still look forward to seeing how these issues get resolved, as well as seeing one of these cars in action for myself.

I also have a small update.  In observance of Rosh Hashanah (the Jewish New Year), I will not have a post for Friday.  Enjoy the rest of the week everyone.