Stillborn Thoughts

News, Issues, and Analysis on the intersection of Law and the Internet

Monday, October 31, 2005

News/Issue: Email Privacy (i know your a dog, you know your a dog, and everyone else does too)

What better topic to write up for Halloween than spooks. Not ghosts, or goblins, or those CIA agents that dress up as fire hydrants and trees and such. We're talkin electronic spooks, and the very real and very immediate privacy concerns they create.

In the most recent "Loose Wire", Jeremy Wagstaff's technology column for the Wall Street Journal, he writes about a number of creepy programs that haunt electronic mail systems by tracking information. He writes,

Take, for example, the idea of software that checks whether someone has read your email. It sounds like a simple enough function: Send someone an email and then receive word, either via a separate email or program, when they've read it. Is that like sneaking a peek over a colleague's shoulder at work to see whether they've opened your mail yet, or is it no more creepy than sending something registered mail, so you know it arrived safely? And, depending on where you stand on that, how about if the sender could check how long it took the recipient to open the mail after it was sent? Or for how long he or she read it? What if all this was done without the recipient knowing?
Scary stuff, and it gets even more frightening. He goes on to detail several such programs. One particularly troubling aspect of a program called DidTheyReadIt is its ability to track roughly where the recipient physically responds to the email.

My chills don't come from individuals reading my emails... I don't particularly want John and Jane Doe tracking when I open the musical E-Greeting card they send me for Christmas, but I'm not going to lose any sleep over it. Its corporations and employers that worry me. And its not just a slippery slope for a few reasons:

1. Trick or Treat: I've had a long standing discussion/argument with one of my friends about the right to privacy. His position, based on fairly extensive reading he's done (I'll figure out some of his sources, but its late right now and he's in new york and i don't want to call him) is that there is no right to privacy, or at least, not in the way its usually conceived. Technology, he argues, is advancing at such a rapid pace that surveillance techniques are outstripping any ability to catch up with the threats to privacy. You can try to use counter-surveillance techniques, but you'll lose that battle fairly quickly. The best thing to do is try to receive something in return for the invasion (example: i let gmail scan my email for advertising keywords, in return i get a gig of email to play around with).

In this vein of reasoning, the architecture that will govern the internet is the market- privacy will be balanced by incentives. One may disagree with the position, which creates the tough question of 'ok, what other options are there?' (a question i will address in a later post, but don't hold your breath, the other options might be pretty lame)

2. Boo: Ok, so our assumptions about corporations and privacy rights are probably fairly dismal... and this is the issue that I think should concern us the most. If programs like these continue to gain in popularity and public acceptance (Microsoft Outlook and Gmail as well as a few others have some features that allow tracking, but I don't believe they have anything that allows the sort of stealth tracking that concerns us here), then the legal precedents put into place for corporate email may extend into the private realm.

Why? The reasonable expectation of privacy, which is one of the founding pillars of a lot of legal work done in the realm of internet privacy. In Gerald Biby v. Board of Regents at the University of Nebraska et. al. and United States of America v. Eric Neil Angevine, the courts determined that students and faculty have no reasonable expectation to privacy using university computers. In cases involving Pillsbury, Microsoft, Diebol, and other corporations, the rule is generally that there is no reasonable exception of privacy of email sent across work systems (also you often forfeit your privacy by agreeing to the terms and agreements of corporate email systems). I'm lazy and don't want to link all the cases, but you can get a summary of a relevant cases at the internet library of law and court decisions' page on email privacy.

One interesting exception is Timothy McVeigh (no relation to the Oklahoma City Bomber). He was enlisted in the United States Navy as a distinguished officer for 17 years, and was discharged after someone saw the word "gay" on an AOL profile of McVeigh's. A chronology of the battle can be found here.

Ok, so certainly discrimination is a problem (which is why policies like 'Don't Ask Don't Tell' create considerable room for abuse), but do you really have a reasonable expectation of privacy on your AOL profile? Take for example a prospective employee. Googleing the person's name seems to be the quickest way to partially confirm relevant information (past work experience, academic records, ect.). What if, as I've seen happen, the employer stumbles across the employees personal blog or webpage, which has pictures of him/her doing illicit substances or acting illegally? Is that unreasonable?

3. Skeletons in the Closet: Even the so-called socially progressive companies are shifting the balance of privacy away from the consumer. In a piece by Mark Rasch of SecurityFocus in The Register entitled "Google's Gmail: spook heaven?" he concisely argues that,
Even though the configuration of the Gmail service minimizes the intrusion into privacy, it represents a disturbing conceptual paradigm - the idea that computer analysis of communications is not a search. This is a dangerous legal precedent which both law enforcement and intelligence agencies will undoubtedly seize upon and extend, to the detriment of our privacy.
So yea... not good. The Electronic Frontier Foundation and EPIC's words to San Francisco are a pretty good way to start looking at integrating privacy concerns into what may become the dominant architecture of the internet in the near future.

To conclude? Right now, the market is the dominant force shaping the privacy debate, and while the occasional backlash against anti-privacy forces, its a losing battle. Privacy is not an intrinsically valued right on the internet - it is valued so much as there is a 'reasonable expectation' that it be valued - and technology is changing this criteria. So what might be better? Well, as long as we've accepted a market-based approach to privacy, lets make some clear standards of negotiation... let me have very clear opt-in protocols set up.

This is similar to the conclusion Lessig reaches in Code v. 2.0. I want to go further, focusing in on one of the caveats Lessig makes to the brand of privacy regulation he subscribes to- abuse. Privacy protects, but it also allows people and corporations to do a whole lotta unscrupulous things- a few examples of which I will go into further detail in my next post.

Thursday, October 27, 2005

News- UK post bill to disclose child pornography practices of ISPs

Quick news byte from the BNA Internet Law News highlights: the UK has introduced a bill to force ISPs to disclose their child pornography practices.

My understanding of how ISPs have dealt with child pornography is that if their is any defining structure to changes made, it is in being retroactive. Basically, child pornography on the internet started making a lot of headlines during the late 1990s... and when the words 'child pornography' and 'AOL' or 'MSN' started appearing frequently in the same headline, changes were made. Going back to 1997, you can see Kid Shield's survey of ISPs child pornography practices. Pretty abysmal. At the same time, the U.S. F.B.I. and law enforcement agencies were taking action with efforts like operation ripcord and operation innocent images (summaries can be found here, along with other internet child pornography related law efforts). Since that time most major ISPs have made major efforts to ban illegal newsgroups from their servers (I believe there are some notable excptions... and I want to say MCI is one of them, I'll edit this when I find out...)

Right now, that's not my focus. I will write a lot on child pornography regulation in the future, as its one of the main reasons I started this blog, because it looks as though in terms of architectural changes, the internet maintains its status as a bastion of such material.... in the meantime...

The UK law ties pretty nicely in with the whole architecture/free speech concept. In this case the architecture is being created in a few noteworthy ways:

1) Top-down. The regulation in this case is coming from legislation directed at ISPs, NOT the user, and NOT the government. All of the expense is paid for by the ISP, however...

2) The law uses disclosure as punishment. This law is pushed as a first step towards later action. It simply demands disclosure... but just by requiring transparency in the way that ISPs deal with child pornography, its going to encourage them to do something about it. How much bark and how much bite those actions have is something to wait on, but the law itself prescribes no punitive damages.'

Code here, is used to censor illicit and illegal material. It might be a move towards cyberzoning, viewing this as the first zone, which ought not be allowed to be disseminated under any circumstances (where other zones might follow, such as material that ought not to be disseminated to those under 21). It can also be viewed as an extension of current law into the internet, without the sort of 'translation' Lessig talks about. In the Guardian article a few UK talking heads point out the danger in trafficking this material not in terms of harm to the internet consumer, but in terms of harm to the child victims of such horrific acts.

But wait... and here's the rub... what about the huge ongoing debate about virtual child pornography, where images are doctored through visual image manipulation programs to make images appear as if they are real children engaged in sexual activities. So while the law pushes towards a new architecture, it does not take a further step and ask how technology changes the situation, and what the real meaning behind the law is... but that brings me to the #2 most important internet law case on the UCLA site, Ashcroft v. Free Speech Coalition, which is just about that. Yea, and you thought this was only a post about some news article, but it comes all the way back to the Supreme Court cases... sa-weet. But that's for a later, albeit equally ignored, post.

Tuesday, October 25, 2005

Issue- Freedom of Speech (And many, many metaphors)


So the internet has been, in one form or another, analogously tied to pretty much every form of space. Castells argues that the rise of the network society creates a shift from a "space of places" where the emphasis is on physical location to a "space of flows" where time is determined through the new architectures that connect people through networks.

Legally, it looks as though we're still kind of getting our heads around what exactly this whole internet thing represents in terms of space. One of the big cyberlaw cases (perhaps the biggest- its ranked the most important Supreme Court cyberlaw case by UCLA's Online institute for Cyberlaw and Policy Top Internet-Related Case and Statutes) is Reno v. ACLU. The Case centers around the Communications Decency Act (CDA) put into place under the Clinton administration. The disputed sections of the CDA can be found here, the most pressing of which makes it a felony to transmit an "'indecent' communication knowing that the recipient of the communication is under 18 years of age." Lessig writes at length about the CDA in Code, as an example of the limitations of regulation, and the underlying values that regulation represents. Again, as I've mentioned, I'm pretty new to the whole internet law thing, and doing this largely for my own benefit (I'm fairly certain no one else has read, like, any of this). Some of the more important claims made in the decision:

1. The assumption of choice: Stevens argues that, unlike the popular notion that users commonly "run into" obscenity accidentally on the internet, exposure to sexually explicit images is not likely to be done unwittingly:

"Almost all sexually explicit images are preceded by warnings as to the content." [n.15] For that reason, the "odds are slim" that a user would enter a sexually explicit site by accident. [n.16]
Unlike communications received by radio or television, "the receipt of information on the Internet requires a series of affirmative steps more deliberate and directed than merely turning a dial.
"

2. Stevens compares the CDA to several past forms of obscenity regulation, Ginsberg v. New York, FCC v. Pacifica Foundation, and Renton v. Playtime Theatres, Inc. In his analysis Stevens finds that the CDA represents a different form of regulation than the cases he cites, either because a) they limit speech only within certain time frames or physical references and b) they are specific about the nature of speech (as Lessig points out, never before have we held that "indecent" speech does not qualify as constitutionally protected speech). As Stevens contends:
According to the Government, the CDA is constitutional because it constitutes a
sort of "cyberzoning" on the Internet. But the CDA applies broadly to the entire
universe of cyberspace. And the purpose of the CDA is to protect children from
the primary effects of "indecent" and "patently offensive" speech, rather than
any "secondary" effect of such speech. Thus, the CDA is a content based blanket
restriction on speech, and, as such, cannot be "properly analyzed as a form of
time, place, and manner regulation."
So what about all the metaphors I promised? Yea, well, I lied. I think the problem is that before I wrote this, I read Stuart Biegal in the L.A. Daily Journal, claiming:


"In the end, it must be recognized that the Internet can probably be
viewed as all of the above: a library, a city, a telephone, a public park, a
broadcast medium, a print medium, a private living room, and a public
educational institution. Thus the answer to the Supreme Court's inquiry will
inevitably become that much harder to ascertain"


In the case, Steven's seems to concentrate not so much on how the internet is like any of these other spaces, but how it is unlike them, and can not be regulated in a like manner. However, despite the fact that the internet represents a unique space, Stevens gives some indication that given the proper architecture, the internet may well be ok to regulate. He makes the point that in terms of screening providers of sexually explicit or in this case 'indecent' material the technology does not exist to determine if such providers acted in good faith to reasonably restrict access to minors. Furthermore, although commercial providers of explicit material use technology that screens minors out (or at least intends and attempts to screen minors out), noncommercial providers of material can not be expected to meet the economic burden of using such technology.

The point is that, while Stevens strikes down the CDA on a number of different grounds, there is much room for regulation to occur. The dissent of O'Connor and Renquist goes further, arguing in favor of the sort of cyberzoning that Lessig mentions as a possible means of regulation (Wikipedia's entry of Reno v. ACLU has a good summary of the case and dissent) .In Lessig's terms, it is vital that the internet be regulated in some way that reflects a democratic consideration of values, and coincides with practical considerations of implementation.

I guess the question now is: does the technology exist to provide such an architecture? has such an architecture been attempted? what are the legal considerations of such an architecture, whether it has been attempted or not? That's what I'll focus on in my next Freedom of Speech entry.

P.S. Eventually I hope to get to the point of actually providing an opinion on these matters, but I figured the best way was to start at the beginning, with a heavier emphasis on facts and foundations than on opinion.

Monday, October 24, 2005

Two Views of the Net

Howdy,

Ok, so I've read a rather random assortment of material on internet and law... Instead of trying to pull from that woefully confused and partially forgotten mess of memory, I went back to the start, and searched the web for material that would offer me a sound basis in the fundamentals of internet law. Also, I want this blog to be exclusively focused on content that can be accessed online... Which makes life easier for everyone.

So the closest thing to a comprehensive introduction on the internet and law that I've found comes from Lawrence Lessig, a law professor at Stanford University. His groundbreaking book, Code and Other Laws of Cyberspace, is now available online on a wiki as part of a project to update the text. Lessig is an amazing writer, with a gift of simplifying complex concepts while maintaining clear themes throughout his various arguments. In Code, his focus is on the architecture of cyberspace, and in the promise and limitation of applying American constitutional legal theory to the regulation of cyberspace.

Although Lessig sees the present state of cyberspace regulation as headed in the wrong direction, he provides room for hope. Towards the beginning of the book he argues,

"Control. Not necessarily control by government, and not necessarily control to
some evil, fascist end. But the argument of this book is that the invisible hand
of cyberspace is building an architecture that is quite the opposite of what it
was at cyberspace’s birth. The invisible hand, through commerce, is constructing
an architecture that perfects control—an architecture that makes possible highly
efficient regulation. As Vernor Vinge warned in 1996, a distributed architecture
of regulatory control; as Tom Maddox added, an axis between commerce and the
state."


Lessig suggests that as a society, values need to play a much larger role in how cyberspace regulation is used. For Lessig, as for many authors, there are a number of different regulatory structures that can be applied, and choosing between them is vital to a society that increasingly participates in the cyberworld. He lays out several different possible structures to regulate the issues of privacy, freedom of speech, and intellectual property using the principle of translation. The concept of translation argues that an interpretation and application of law needs to take into account both how the law was written and the context in which the law was written. Namely, although technology has changed, you can still look back at previous decisions and decide whether the law was written in terms of a specific technology, or as a regulation of what that technology represents (and what invasions that technology makes).

Alright, enough book review time, although there's much more to write on Lessig's Code. The reason that Lessig offers such an insightful perspective into the world of internet law is because he offers a structure for how regulation might take place. It is a position founded on the architecture of the internet, and provides a very clear mechanism of regulation (code) and examples of how this might look. As far as the regulation is concerned, Lessig offers an effective overview of the connection between law, code, and regulation, and what actors might or might not be involved (Lessig stresses that the government should be involved, although to what extent varies).

However, there's still the question of values, and how our values will be (or should be) embedded in the laws that govern cyberspace. To illuminate this, I would read Manuel Castells, Informationalism, Networks, and the Network Society, a recent publication that not only makes the case for values and evolving networks, but also nicely summarizes and integrates a lot of Castells previous work. Castells, like Lessig, is concerned about the juncture between commerce and code, although Castells takes a more global view (and therefore not a view that emphasizes American constitutional law). A sociologist, Castells arguments place the development of the internet within a larger rise of what he calls the Network Society, in which power is expressed and contained in networks.

In terms of Lessig's work, Castells is primarily important for two reasons: 1) he emphasizes the characteristics that make networks such as the internet powerful, both in terms of communications and freedom. This might help give a basis for regulation that is founded in both Lessig's conception of translation and American constitutional law, as well as with how other networks are/should be regulated. 2) Castells is deeply concerned with how values emerge in networks, particularly in light of the dominance ocapitalisticic markets and military power. Just as Lessig worries about the convergence of commerce and code, Castells seems devout in his position that networks of communication need to be inherently valued, that the structure of such networks ought to be based on communication as the end goal.

In both, certain forms of regulation threaten to eclipse the values that so desperately need to be a part of internet law. Regulation is therefore seen as the safeguard of values, whether those be positive or negative, democratic or authoritarian, localized or cosmopolitan. My hope is that I will draw on both of these sources as I sort of mull my way through internet law resources on the internet...

Monday, October 17, 2005

the structure of this site

Alright,

So I want to have some sort of underlying structure for how this blog is put together. Since I'm learning a lot of this as I blog, it should be easy to maintain something of a linear growth. However, there are some exceptions. So, I've decided to title blog headings under the following:

"Issue"- a basic post that explores any given issue (example: "Issue- Intro to Internet Law")
"Update"- a post that updates a specific issue (example: "Update- Digital Copywrite")
"News"- news about internet law (example: "News- Google Sued By Authors Guild")

note: I do not, nor do I have the capacity to, post a whole lot of news articles on this blog- there are PLENTY of other sites that do that EXTREMELY well. Check the linked sites to this blog for news updates, and subscribe to the Burea of National Affairs Internet Law News.

"Random"- everything else (example: "Random- Kevin Mitnick releases new book")

I might think of something else, and despite these first two posts, I do have a sense of humor, we'll hope that starts to come across sometime soonish

Internet Law and this Blog

Hi,

Most of my friends that create blogs tend to write about, well, themselves. Sometimes, this can be extremely entertaining, more often than not, I find the personal blogosphere a little underwhelming. Then, there are other blogs that attempt to tackle a specific issue, and engage in debate and discourse about a particular subject- whether it be fantasy football or Slavic languages or George W. Bush. This, I hope, will become one of the later, on the subject of Internet law. But first (to steal from Tom Robbins Another Roadside Attraction) a little PERSONAL INFORMATION:

My name is Colin Hector, and I'm a recent college graduate (woo-hoo). I currently work in the tech industry, but I see myself gravitating away, towards the world of law, policy, and perhaps writing. My interest in creating this blog is that I've always been interested in internet law issues, and hope to pursue them in the future. However, after reading sort of a smattering of what's going on I haven't come across something that is a comprehensive or definitive collection of internet law information (there are some sites specifically dedicated to encryption, freedom of speech, digital copywrite, ect.), and it is also somewhat rare to find sources that are fairly accessibly to those of us that haven't spent time in law school. My humble hope, therefore, is to jot down the resource that I find useful in my ongoing exploration into this field, and pass that along to whoever feels like reading it. I don't try to pass myself off as someone with an amazing grasp on prose, but I imagine that might be for the better (hooray for brevity). So, I hope those of you that are interested in this sort of thing can glean something or other off of this blog... as I know I'll learn something from the feedback I receive.