Delivered at the Indiana Continuing Legal Education Forum's The Year in Review 1998 on Dec. 15, 1998.
by Sean M. Mead of Mead, Mead & Clark, P.C.
Table of Contents
The Internet - Legal Resources, Legal Issues
The past year proved to be a busy one for answering and for raising Internet-related legal issues. The Internet Tax Freedom Act, the Digital Millenium Copyright Act, the Child Online Protection Act, and the Child Online Privacy Act poured out of the Congress. The State Department began to tackle the problems of the EU Data Privacy Directive. The FTC moved on privacy concerns related to a large online service. The Justice Department brought Microsoft to trial on anti-trust issues. The courts began hearing an increasing number of Internet-related cases, although they have yet to issue many decisions in this area. Finally, state level actions have begun to influence the use of the Internet.
More issues were raised than settled in Internet law. The death of one man, Jon Postel, threw into doubt the impending transfer of legal control over the domain name registration process, a process that affects every Internet user. Year 2000 litigation began. The music industry attacked Internet standards that allow the perfect reproduction of the digitally mastered songs issued on CD. Playboy’s suit against a former Playmate raised questions of trademark infringement for the use of trademarked terms in "meta tags". Ubiquitous e-mail use caused considerable damage to Microsoft, Sun, Netscape and Intel in various court wrangles. The use of technical standards to improve the functioning of the Internet may be threatened by copyright and patent attacks from Microsoft. Threats of suits over hyperlinks to and from a variety of web sites are generating controversy and concern, and the issue of how to apply geographic jurisdictions to cyberspace violations is still unresolved. This area will continue to raise interesting concerns for the foreseeable future.
I. Internet Tax Freedom Act
The Internet Tax Freedom Act, S. Res. 442, 105th Cong., 2d. Sess. (1998) provided much needed certainty as to the application of taxes in cyberspace. Business concerns over multiple and unpredictable taxes on Internet commerce provoked the creation of this act. The initial business concern centered on the collection of sales and use taxes in Internet transactions. For example, if a customer on vacation in California used the Internet to access a web site located in Illinois and ordered a product from a company headquartered in New York, which fulfilled the order in and shipped the product from New Jersey to the customer’s home in Indiana, then the question proposed was "What states may collect sales and use taxes on the transaction and who is obligated to ensure payment of those taxes?" While less problematic than the sales tax issues, several states were also considering implementation of a variety of excise taxes upon the use of the Internet. The imposition of interstate sales taxes and the creation of new Internet taxes are on hold since the passage of the act.
The Internet Tax Freedom Act, § 101(a), declared a moratorium on states and their political subdivisions imposing a tax on Internet access and imposing multiple or discriminatory taxes on electronic commerce. The moratorium began on October 1, 1998 and runs for three years from that date. There is an exception allowing the continuation of any Internet access taxes in effect prior to October 1, 1998.
This moratorium should give electronic commerce time to develop without having its growth prematurely stunted by multiple taxing regimes and excises taxes.
Indiana did not have Internet access taxes in effect prior to October 1, 1998, and therefore, will not be able to impose any such excise tax for at least three years.
While Indiana companies selling products over the Internet are not subject to other states' sales taxes upon customer's purchases, they are still responsible for complying with Indiana sales tax provisions (Ind. Code § 6-2.5-1 et seq.), when the purchaser or receiver is known to reside in Indiana.
Indiana companies purchasing products over the Internet are still subject to Indiana's use tax provisions (Ind. Code § 6-2.5-3) for each of the products purchased from out of state vendors.
The Internet Tax Freedom Act prevents the imposition of any additional taxes based upon the transaction's electronic commerce nature, and prevents the imposition of multiple sales/use tax regimes on the transaction.
Any person or entity knowingly engaged in interstate commerce of any material that is harmful to minors is, pursuant to § 101(e), excepted from the taxation moratorium, unless that "person or entity requires the use of a verified credit card, debit account, adult access code, or adult personal identification number, or such other procedures as the Federal Communications Commission may prescribe, in order to restrict access to such material by persons under 17 years of age." This exception provides states and their subdivisions with a club to hold over the heads of adult services to force the use of access controls. If the service does not comply, then it can be taxed prohibitively. This provision is not likely to affect many adult services, as most such services already comply with the requirements of this subsection.
Internet Service Providers (ISPs) are, pursuant to § 101(f)(1), excepted out of the moratorium, unless they agree to provide to customers 'screening software', software designed to permit a person to limit access to material on the Internet that is harmful to minors, at the time that customers initiate service. ISPs are permitted to charge a fee for this software. This provision is presumably designed to ensure parents easy access to filtering software that can restrict children's abilities to view harmful material. This subsection will not prove to be particularly controversial. Most ISPs already either offer such software for sale, or provide easy access through hypertext links to the sites where persons may purchase by credit card a copy of such filtering software for immediate downloading onto their personal computer.
II. Digital Millenium Copyright Act
The Digital Millenium Copyright Act of 1998, H.R. Res. 2281, 105th Cong., 2d. Sess. (1998), dealt with several intellectual property problems caused by the difficulty in fitting digital technology and Internet use into the traditional copyright paradigm. Digital technologies record sounds, movies, images and text as binary files, a sequence of 0s and 1s. This process allows exact duplicates to be made of the original digitized information with no loss of quality. Once digitized, it is also easy to manipulate the original works. Digital copies can be duplicated and distributed over the Internet at a per copy cost that rapidly approaches zero as the number of copies rise. It is generally no more expensive to make and to distribute by the Internet ten thousand copies as it is to make and distribute the first copy. Obviously, music producers, film producers and photographers felt threatened by uncontrolled, digital reproduction capabilities. Several film and music producers have developed copyright protection devices, but those devices are subject to being circumvented by programs available on the market. The Act included implementation of a World Intellectual Property Organization treaty designed to address some of these problems encountered in the electronic realm by copyright holders. The Act also incorporates limitations on liability for infringement under certain circum- stances.
On December 20, 1996, the World Intellectual Property Organization completed at Geneva, Switzerland a treaty entitled the " WIPO Performances and Phonograms Treaty". The "WIPO Copyright and Performances and Phonograms Treaties Implementation Act of 1998" located in Title I of the Digital Millenium Copyright Act of 1998 applied the above treaty to U.S. law. The Implementation Act made law important restrictions on the circumvention of copyright protection systems and on the management of copyright information discussed below; the Act also made numerous, minor technical amendments to Title 17 of the United States Code (Copyright) that this paper will not address.
The Act, which creates Chapter 12 of Title 17 of the United States Code, criminalizes and provides civil causes of action against circumvention of a copyright protection system. It also does the same against manufacture and distribution of devices that aid others in circumventing copyright protection systems. This portion of the act was demanded by the music and film industries, which feared wholesale, unlawful digital copying of their wares, if people have access to the technology to do so. There is a two-year period after enactment of the act, before this portion of the act comes into force.
There are exemptions created for libraries, educational institutions and law enforcement. There are limited exemptions for encryption research and for reverse engineering, where specified conditions are met. The encryption research exemption is broad, but the reverse engineering exemption is limited primarily to the extent necessary to achieve interoperability of an independently created computer program with other programs protected by the copyright protection devices.
This act applies to videotapes, digital images and sound recordings, as well as computer software.
The Act also criminalizes and provides civil causes of action against knowingly or intentionally providing false copyright management information, or altering or removing copyright information. By copyright management information, the Act is referring to several items. It refers to name and address of the copyright holder and of the author. It also refers to identifying serial numbers and symbols. This definition is designed to include the CD key numbers and serial numbers popular among software producers for use as an authentication device. This portion of the Act is found in 17 U.S.C. § 1202.
The penalties for violation of either copyright protection device circumvention or of copyright management information integrity may include civil damages of actual damages or statutory damages of $200 to $2,500 per violation, and may include five years imprisonment and up to a $500,000 fine for a first offense or ten years imprisonment and up to a $1,000,000 fine for any subsequent offense.
The `Online Copyright Infringement liability Limitation Act' amends Chapter 5 of Title 17. This is predominantly a counterbalancing provision demanded by telephone companies and Internet service providers to limit their exposure for copyright violations. This act also adds the ability to subpoena infringer's identities from service providers, which might otherwise fear suit for violating their customer's privacy, if the provider exposed the offender. There are in addition a few miscellaneous liability limitation provisions described below. The granting of these limitations was necessary to overcome resistance from the Internet service community to passage of the overall bill.
Internet service providers and telephone companies are not liable for infringing materials which pass through the network, pursuant to 17 U.S.C. § 512(a). To be eligible, the service provider must not know that it is transmitting an infringing work and must not modify the content of that work during the transmission process. This limitation is similar to telephone companies' long-standing protection against libelous statements transmitted through the network. Under a strict reading of copyright law prior to this amendment, service providers could have been found liable for transmitting infringing works, even though the service provider had no knowledge that the work was infringing. Service providers, depending on size, generally pass thousands to millions of communications over their respective networks on any particular day. It is not feasible for such service providers to check each communication to ensure that it contains no infringing work. An Internet transmission will typically pass through the networks of numerous service providers before arriving at its destination. Without this limitation, each provider would be fully liable for any infringement. This limitation removes a lot of questions about the application of strict liability provisions of copyright law to service providers. This was an area where technology had raced ahead of the law, and created a problematic situation unforeseen when the Copyright Act was written in 1972.
Related to the problems resolved above concerning the pass through of infringing works, 17 U.S.C. § 512(b) resolves issues of copyright infringement caused by caching. Caching is an automated process where a file is stored in memory in anticipation being requested by a user on the system. Service providers often cache popular web pages to speed the access of their system users to those pages when users request them. Cached web pages can generally be delivered to a system user much more quickly than a web page, which is not cached on that same system. Case law exists which determines that any loading of a work into a computer's memory system constitutes copying for copyright infringement purposes. Caching is just such a loading of a work into memory. Without the limitation of liability for system caching, service providers would need to abandon caching due to liability concerns. Regular requests by system users for a work, which is an infringing work, would cause said work to be cached and create infringement liability for the service provider. The elimination of caching would lower the quality of service to system users and increase user dissatisfaction with their Internet experiences due to increase wait times. This limitation removes the need for service providers to abandon caching.
Again, this limitation in 17 U.S.C. § 512(c) relates to the use of Internet services by a mass market. Customers normally receive, as part of their contract for Internet service, storage space on the service provider's computers. This limitation prevents liability to the service provider for infringing works that users post on the service provider's system without the service provider's knowledge that the works are infringing another's copyright.
The service provider must remove expeditiously any material that any interested party claims to be infringing material, or the service provider loses this limitation.
Provided that the service provider does not have knowledge that the site to which a service provider is directing a user is infringing another's copyright, the service provider is limited from liability for the provision and use of information location tools, pursuant to 17 U.S.C. § 512(d). Information location tools is broadly defined to include directories, indexes, pointers and hyperlinks, in addition to actual search services.
A faculty member's or graduate student's knowing or intentional infringing use is not attributed to the educational institution if the infringement is not in instructional materials, the institution has not received more than two notifications of infringement concerning the faculty member or graduate student within the preceding two years, and the institution has distributed to its system users informational materials promoting compliance with United States' copyright laws. 17 U.S.C. 512(e).
Any person who misrepresents that material or an activity is infringing is liable for all damages, including attorney's fees, suffered by the alleged infringer, by any copyright owner or copyright owner's authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing.
Likewise, any person who misrepresents that the removal of infringing material from a system was a mistake is liable for all damages, including attorney's fees, suffered by the alleged infringer, by any copyright owner or copyright owner's authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in replacing the removed material or ceasing to disable access to it.
A service provider is generally not liable for taking down material, for which a claim of infringement has been made. The service provider is obligated to provide notice of the removal to the customer from whose site such material was removed. 17 U.S.C. 512(g).
A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with 17 U.S.C. § 512(h). This provision clarifies the responsibility of the service provider to provide identifying information, and protects the service provider from claims of invasion of privacy for disclosing a user's identity, when it complies with this procedure.
The 'Computer Maintenance Competition Assurance Act' amends 17 U.S.C. § 117 to permit copies of programs to be made in order to maintain or repair a computer system without infringing the underlying copyright. This permits back-up copies to be made, but does not permit the copies to be used for any other purpose than maintenance or repair. This amendment overrides provisions in some licenses that strictly construed would not permit the end-user to make maintenance back-ups of the program. Such back-ups are necessary, because computers and computer software fails; generally, failure rates are higher than those that would be acceptable in most other industries. Without the ability to make back-ups, vast sums of money would be riding on the hope that one's computers and software will not fail; a highly improbable hope.
The Patent and Trademark Office attracted a great deal of attention to itself when it approved the patent of a business model proposed by a company called CyberGold. On August 11, 1998, the Patent and Trademark Office granted CyberGold United States Patent 5,794,210 for "Attention Brokerage and Orthogonal Sponsorship," granting CyberGold the sole right to pay consumers online incentives for interacting with Internet advertisements. Contrary to PTO precedent, this patent was granted for a business model. PTO distinguished CyberGold's business model from others and granted the patent, because the business model was an online business model. CyberGold is seeking to license its model to other advertising agencies, while expanding into the unrelated micropayments market. Expect to see online business models challenged as patentable in the near future, albeit CyberGold's will not likely be the test case, as there are not many companies expressing interest in directly paying consumers to read their advertising.
IV. Anti-Spam Laws
"Spam" is the electronic equivalent of junk mail. Unsolicited e-mail is sent to millions of recipients for less cost than a traditional direct mail campaign sent to a few thousand recipients. The recipients of the e-mail version of junk mail are no more enthusiastic about its’ receipt, and maybe less so, than the recipients of regular junk mail. The ubiquitous nature of junk e-mail led to the use of the term spam. The analogy is to an early 1970s skit by Monty Python’s Flying Circus wherein diners at a restaurant discovered that the only food available at that restaurant consisted of variants of Spam. Spam was everywhere and there were no other options. A like situation presents itself with the omnipresent junk e-mail, or spam, of today’s Internet existence.
The federal and state legislatures have begun to instigate some restrictions and penalties upon spam, particularly the more fraudulent or offensive varieties.
The federal government took steps to begin to rein in spam with a provision in the `Anti-slamming Amendments Act', S. Res. 1618, 105th Cong., 2d. Sess. (1998). Any person transmitting an unsolicited e-mail is required to include the following information in the body of the e-mail: the name, physical address, electronic mail address, and telephone number of the person who initiates transmission of the message, the name, physical address, electronic mail address, and telephone number of the person who created the content of the message, if different from the transmitter, and a statement that further transmissions of unsolicited commercial electronic mail to the recipient by the person who initiates transmission of the message may be stopped at no cost to the recipient by sending a reply to the originating electronic mail address with the word `remove' in the subject line.
In addition, all Internet routing information contained within or accompanying an e-mail message must be accurate, and valid according to the prevailing standards for Internet protocols, and must accurately reflect the message's routing. 47 U.S.C. § 301.
The Federal Communications Commission may act to enforce the provision by imposing a civil fine of up to $15,000 per violation, by filing a civil suit in district court for an amount up to $15,000 per violation, by filing a civil suit in district court for injunctive relief, or by employing any combination of the above choices. 47 U.S.C. § 302.
The States' Attorney Generals are also empowered to act under these provisions where they believe that the interests of residents of their state are being threatened. 47 U.S.C. § 303.
On October 22, 1998, the Attorney General of Washington State filed the nation's first state-level spam lawsuit. Filed in King County Superior Court, the suit alleged that Natural Instincts and its owner, Jason Heckel of Salem, Oregon, sent spam, to millions of Internet users to sell his online booklet entitled, "How to Profit From the Internet." As of June 11, 1998, it became unlawful under Washington state law to send e-mail to a Washington state resident that bears a false or misleading origination address, that bears a false or misleading subject line or that bears the address of a third party's e-mail address without their permission. Heckel is accused of spamming Washington state residents with e-mail containing false subject lines and false origination addresses.
Under Washington state law, a victim can file a complaint with the Attorney General's Office, can file a private action for $500 per offense or actual damages, or can file a private action for injunctive relief and attorney's fees under Washington's Consumer Protection Act. A copy of the bill may be found at leginfo.leg.wa.gov/pub/billinfo/house/2750-2774/2752-s_sl_032798.
The Washington state law generally follows the requirements of the federal law, however other states future laws in this area may well diverge from the federal template. The nature of spamming being to spread the e-mail as wide as possible, spammers need to observe the various state spamming laws that will come to pass as other states follow Washington's lead, or else risk prohibitive fines and judgments.
The 'Child Online Protection Act', H.R. Res. 3783, 105th Cong., 2nd Sess. (1998) amended the Communications Act of 1934 to restrict adult services from providing their services in such a manner as to be accessible to children. Nick-named CDA II, this is the second attempt at the Communications Decency Act (CDA). The CDA was originally passed as part of the Telecommunications Act of 1996. The CDA imposed penalties upon any entity that made "indecent" material available on the Internet to which minors could obtain access. The CDA was struck down by the Supreme Court due to its choice of an "indecent" standard, which was found to not be narrowly tailored and to violate adults' First Amendment rights. The Child Online Protection Act chose "harmful to minors" as its standard. The considered opinion is that the change to a harmful to minors standard may allow this act to survive constitutional challenge.
We will soon find out. On October 21, 1998, a coalition of 17 groups including the American Civil Liberties Union, the Electronic Frontier Foundation and the Electronic Privacy Information Center, filed suit in the United States District Court for the Eastern District of Pennsylvania, No. 98-5591, to block enforcement of the Act. On November 20, 1998, Judge Reed issued a temporary restraining order enjoining enforcement of the Act. (www.aclu.org/court/acluvrenoII_order.html) That order has been extended to February 1, 1999 by agreement of the parties. The results of this case will be significant in defining the limits on First Amendment speech that is sexually related.
The act makes it illegal to knowingly, in interstate commerce by means of the World Wide Web, make available for commercial purposes any material that is harmful to minors and which is available to minors. The penalties under the Act are severe. A violator may be subject to a fine of up to $50,000 and six months imprisonment per violation. If the violation was intentional, then an additional fine of up to $50,000 per violation may be levied. Further, a separate civil penalty of up to $50,000 per violation may be imposed. For purposes of the fines, each day is considered a separate violation. 47 U.S.C. § 231(a).
With the wide variety of press savvy plaintiffs, this case will be closely followed in the press. It deserves watching.
VI. Children's Online Privacy Protection Act
The `Children's Online Privacy Protection Act of 1998' came into being as Title IV to the Internet Tax Freedom Act described above. S. Res. 442, 105th Cong., 2d. Sess. (1998) The Act makes it unlawful for an operator of a website or online service directed to children, or for any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child without verifiable parental consent, without making provisions for the parent to deny further use of the information, or without provisions for the disclosure to the parents of the information collected and the reason for collection. § 403(b).
The act prohibits disclosure of information as a requirement for participation in a game, for the offering of a prize or for other activity. § 403(b)(1)(C).
The act does permit the collection of information without consent where the information is used for a one-time transaction and will not be retained. § 403(b)(2).
This Act arose due to the rampant and facile collection of personal information from children through web sites offering games and promotions. This behavior offended those opposed to direct, targeted marketing to naïve children and worried those concerned about the risk of disclosure of such information to child molesters.
VII. West Citation Decision
The United States Court of Appeals for the Second Circuit decided Matthew Bender & Co. v. West Publishing Co., No. 97-7430, on November 3, 1998 (cite not yet available; opinion available at laws.findlaw.com/2nd/977430v2.html), on the issue of whether citation of West's "star pagination" constituted copyright infringement. The Court upheld the district court's grant of summary judgment in favor of the plaintiff, Matthew Bender & Co. The Court found that citation to West's star pagination did not constitute copyright infringement, and that even if it did constitute infringement, citation to the star pagination is permissible under the fair use doctrine. Star pagination means a notation within the body of an opinion containing an asterisk and the page number where the same text resides in the official West Publishing Co. layout of the opinion. As an example, [* 304] in a non-West copy of the opinion is star pagination marking where page 304 of West opinion 545 N.E.2d 301 begins in the text of the opinion (the cite is fanciful). The Court, citing to Feist Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340, 111 S. Ct. 1282 (1991), found that West's pagination, which is determined by a computer program, did not involve a sufficient degree of creativity to earn copyright protection. The Court's ruling expressly permits parallel citation, or star pagination, to the West opinion in CD-ROM products without infringing upon West's copyrights.
In the current electronic publishing environment, the result of this case is likely to be the creation of one or more online full-text case reporters available more cheaply than West and Lexis, possibly even for free. Electronic reproduction is sufficiently cheap that an Internet based case reporter relying on advertising income rather than subscription fees is a very real possibility, if not a probability, in the next year.
Numerous undecided issues in Internet law still burden the field. Some arise from a lack of case law, some from the ever-changing technology of the Internet.
This year we saw the one federal case, but no statutes issued forth to clarify the location of jurisdiction in cyberspace. ("Cyberspace" is the non-geographical, perceived location of activities occurring between parties connected by a computer network). Jurisdictional location is a slippery concept in cyberspace, because of the extraordinary, yet often anonymous, geographical connectedness provided by the Internet. It is not uncommon for two parties in a transaction to be located in different states or countries with their communications travelling through numerous other jurisdictions. Depending upon definitions, the actual endpoints of the communication may be located in different states from the states of residence of the sender or receiver. Commonly, neither sender nor receiver can readily ascertain the physical location of the other party, and therefore, may not have any notice of the laws applicable in the other party’s jurisdiction.
The first case directly addressing a jurisdictional issue in the context of the Internet yielded an appellate decision a few weeks ago. On November 12, 1998, the United States Court of Appeals for the Federal Circuit, decided in 3D Systems, Inc. v. Aarotech Laboratories, Inc., Aaroflex, Inc., and Albert C. Young [cite not yet established] that personal jurisdiction was not established by the mere presence of a passive, commercial web site on the Internet. The plaintiff, 3D Systems, Inc., was incorporated in and had its primary place of business in the State of California. The plaintiff filed a patent infringement suit against the defendants. Defendant Aarotech was incorporated in the State of Oklahoma and had its primary place of business in the State of Virginia. Aarotech maintained a web site viewable from California that advertised its subsidiary Aaroflex's products and that received e-mail requests for information about Aaroflex products. (Aaroflex, which had direct contact with 3D Systems, Inc. in California, was found to be under the personal jurisdiction of the district court.) Aarotech forwarded the e-mail requests for information on Aaroflex products to Aaroflex, a West Virginia corporation with its principal place of business located in the State of Virginia. Aaroflex maintained a web presence on the Aarotech web site. The appellate court applied the Akro test to determine whether federal due process considerations permitted a finding of personal jurisdiction over the respective defendants. Akro Corp. v. Luker, 45 F.3d 1541, 1544, 33 USPQ2d 1505, 1507 (Fed. Cir. 1995).
Under that test, the court found that Aarotech failed the first prong of the Akro test, which must be found true to enforce personal jurisdiction. The court found that "Aarotech did not take any direct actions toward the residents of California, except that its name appeared, in a different spelling (Aarotec), on the letterhead used by Aaroflex to correspond with certain California residents. Although Aarotech maintained a World-Wide-Web site viewable in California, any e-mail responses to that site were forwarded to Aaroflex. See Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414, 419-20 (9th Cir. 1997) ("essentially passive" web site was insufficient to establish purposeful availment for purposes of due process) ". The Court's ruling supports the argument that jurisdiction is not established for federal purposes by the mere presence of a "passive" web site advertising a company's products.
Whether state courts will accept the distinction between "passive" and "active" web sites, and whether state courts will decide to so limit their application of personal jurisdiction remains to be seen. Even broad acceptance of such a distinction for the purposes of invoking personal jurisdiction, does not decide the companion issue of the choice of laws between the respective jurisdictions of each party to be applied to an alleged offense or cause of action.
Practicalities advise against making senders liable under the laws of the receiver’s location; the effect of this choice would be that all actions on the Internet would need to comply with the laws of all jurisdictions, foreign and domestic, a highly problematic situation. However, there is no authority at this time that supports the removal of liability from the sender for communications that do not violate the laws of the sender’s jurisdiction, but do violate the laws of jurisdictions through which the communication passed, or the laws of the receiver’s jurisdiction. Without a resolution of this issue, a Las Vegas gambling web site may be subject to the jurisdiction of a Salt Lake City prosecutor, a Los Angeles adult web site may be liable for criminal violations the laws of the People’s Republic of China, or a web-enabled Hoosier attorney may be liable for the unlicensed practice of law in Louisiana. Web site operators need a quick resolution to the question of which jurisdictions will possess authority over the operator.
An exciting development of 1998 is the increasing spread and acceptance of open source software. The software that you receive when you purchase a typical product is composed of compiled code. Compiling makes the software readable by your computer, but makes the program unreadable by a human being. Software prior to compiling, at a time when it is still readable by a human, is called source code; it is the source of the later compiled program. Source code is normally protected from outside view, as knowledge of the source code makes possible unauthorized copying or modification of the program. Open source software is software where the source code is openly published for all to see and where copying and modification of the source code is encouraged. Programmers contributing to open source software lose their exclusive rights to that software in exchange for the recognition by fellow programmers of the contributing programmer’s skill and art.
The contribution of the source code to the general public is accomplished by means of the GNU General Public License (GPL). The GPL is a unique copyright agreement (called a "copyleft" agreement by its proponents). It allows open copying and modification to the contributed program, provided that any future users provide the supplied source code to anyone who desires it, and provided that the original contributions of previous software authors are noted in each derivative work. The leading proponent of open source software is the Free Software Foundation, and the primary examples of the success of the open software movement are Linux and Apache.
Linux is an operating system designed to imitate the best features of the Unix operating system, while running on mere personal computers. It is widely considered more reliable and flexible than commercial competitors, and it is free. Linux is primarily distributed through free downloads from the Internet. Linux did not exist prior to 1991. According to Linux International, there are now more than seven million Linux users. Microsoft’s SEC filings for 1998 indicate that Linux poses a serious threat to Microsoft’s WindowsNT market for server software. Internal Microsoft memos released as a result of United States v. Microsoft demonstrate that the software giant fears the potential impact of these open source solutions upon Microsoft’s ability to generate new and retain old customers. While Microsoft memos implicate strategic concerns about open source software, IBM sought to harness it by licensing Apache.
IBM’s licensing of Apache demonstrated some of the complications that will arise in an open source software setting. Apache is the leading web server software in the world. Like Linux, its source code is available to any interested party, and the compiled programs are available via the Internet for free. Apache is licensed under the GPL license described above and is maintained by a loose group of approximately twenty programmers. When IBM sought to license Apache for use in IBM’s WebSphere line of web servers, IBM discovered that there was no one entity to deal with. No person or single entity "owned" the code. The programmers maintaining the software did not constitute a partnership or a formal organization. Finally, money was not an effective currency to complete the licensing transaction. The exchange of value had to be based on a contribution by IBM of technology to the public via open source methods. One of IBM’s lawyers summed up the situation by stating, "So let me get this straight…We’re doing a deal with … a Web site?" Josh McHugh, For the love of hacking, FORBES, Aug. 10, 1998, at 95. The nebulous nature of the open source movement will continue to impose contracting problems as the movement’s works are seen to be increasingly useful and valuable for mainstream corporate applications.
Digital sound files are perfect reproductions of digitally mastered music. The digital sound file format known, as MP3 became a de facto standard for musical reproduction on the Internet this year, because it greatly reduces the size of music files while retaining perfect reproduction. Numerous sites distributing MP3 files, some legal, most illegal appeared on the web. A well-respected hardware manufacturer, Diamond Multimedia, Inc., began distributing a portable MP3 file player. Now a consumer can download MP3 files of their favorite musician, transfer these files to the portable player and take the music with them. The Recording Industry Association of America (RIAA) promptly sued Diamond Multimedia, Inc. to enjoin production and sale of the MP3 players. Diamond has filed a response and counterclaim stating that the RIAA conspired to restrict trade by preventing the sale of MP3 devices and the distribution of music in MP3 format. Public reaction on the Internet has been strongly negative against the RIAA, extending even to some artists such as Public Enemy, which responded to the RIAA suit by making available for free downloading the songs on its newest album. Matt Richtel, Public Enemy Fights the Music Industry With Online Releases, NEW YORK TIMES ON THE WEB, December 4, 1998. The music industry is opposed to two aspects of the MP3 standard. First, the reproduction is an exact reproduction with no controls to prevent copying of the material, and second, artists are able to release material directly to a large audience without the traditional distribution framework provided by the industry. It is too early to tell which side will see success in this fight.
The Year 2000 problem is a consequence of choices made by programmers in times past. Prices for memory have declined dramatically over time. Typical computers sold today for less than one thousand dollars contain more random access memory than some of the supercomputers built and operated within the lifetimes of most of the participants at this seminar. Because memory cost so much and was so scarce, programmers employed several conventions to save memory usage in their programs. Representing the year date with two rather than four digits was one of the most prevalent conventions. Instead of using a date field that would contain 1998, a programmer would use a date field that would only contain 98; the 1900 was implied. Programmers knew from the start that this held the potential to create some serious problems thirty or more years down the road, but generally, assumed that the programs then being written would be replaced prior to the turn of the century. In many cases, that assumption was incorrect. The result of only using a two digit date field for the year is that when the century turns, many computers may accept the date to be 1900, rather than 2000, and calculate mortgage payments, maintenance schedules, flight times, etc. based on that mistake. There are additional related problems with 2000 being a leap year, while 1900 was not, with 9/9/99 (September 9, 1999) being an end of file symbol in some programs, and with Julian dates hitting the Year 2000 problem in April of 1999, rather than in January of 2000.
With the wide variety of hardware and software connected to the Internet, it is certain that the Internet will suffer some Year 2000 problems. We will not know what most of those problems will be until they occur. (We do know some problems, such as the fact that a large number of servers operating on a popular server program will lock out their operators. However, this is an unusual degree of foreknowledge for Year 2000 problems.) Failure to prepare for known Year 2000 problems and to prepare for likely system failures may generate serious liabilities for Internet connected companies. The first Year 2000 class action suit, Atlaz International v. Software Business Technologies, Inc., was filed in the Marin County Superior Court, California, and has already been settled. This case is the merely the small pebble rolling down from the top of the slope which will generate an avalanche of suits against software producers, consultants, officers, directors, utilities and insurance companies.
There is an amazing array of issues swirling about this problem. Did the recipient of the software assume a known risk? What was state of the art at the time that the relevant software was developed? When did any error first occur? What statute of limitation applies? Does "fixing" of the problem constitute copyright infringement if performed by a party other than the copyright holder? What actions to mitigate would have been reasonable? What contractual limitations on liability apply? What liability do officers and directors bear for failing to ensure that their company was Year 2000 compliant? What responsibility do officers and directors bear to recover the cost of Year 2000 remediation efforts from the company's insurers? Does a Year 2000 problem constitute an "occurrence" for insurance policy purposes? The issues go on and on.
The Year 2000 problem is significantly beyond the scope of this paper. ICLEF held a seminar on the Year 2000 problem on October 8, 1998, and will surely hold more as the Year 2000 approaches. There are numerous publications and serials currently tracking this issue. One of the better known serials is Countdown 2000 published by LEXIS Law Publishing.
Domain names are the textual addresses to Internet connected sites. These sites may contain numerous computers in any one domain. For example, the domain name for Indiana University is "indiana.edu". The computers directing traffic on the Internet actually utilize numeric, rather than textual addresses. These numeric addresses are called IP (Internet Protocol) addresses. The domain names must be converted to IP addresses in order for Internet traffic to travel back and forth between connected sites. This conversion is performed by specialized computers, which receive a conversion table from a master set of computers called domain name servers. The domain names are read from right to left. The farthest right element is a "." that represents the root domain; usually, this "." is implied. Moving left, the next element is a top-level domain. In "indiana.edu", the "edu" is the top-level domain. Current top level domains are .com (commercial), .edu (educational), .gov (United States governmental), .mil (United States military), .net (networking organizations), .org (non-profit organizations), and two letter country codes, such as .us (United States), .uk (United Kingdom), and .fr (France). Moving one step further left, the last domain name element is a second-level domain. In the above example, "indiana" is the second-level domain of the domain name "indiana.edu." There is any number of second-level domains, limited only by the requirement that there can not be two second-level domains with the same name within the same top-level domain. Resolution of the top-level and second-level domain names provides the IP address of the web site desired.
The United States government controlled the assignment of domain names due to the Internet having evolved from the Defense Department's Arpanet. The U.S. through the National Science Foundation (NSF) transferred control of domain name registration services to Network Solutions, Inc. (NSI) (www.netsol.com) on December 31, 1992. Since that time, NSI held a monopoly on the registration of domain names. The NSI agreement with NSF expired on September 30, 1998.
This year saw active debate as to the process of transfer of the domain name registration from the sole control of NSI. The result of the process was the creation of a quasi-governmental non-profit organization called The Internet Corporation for Assigned Names and Numbers (ICANN). (www.icann.org) The ICANN is currently in negotiations with NSI and with the U.S. on the opening of the domain name registration process.
Domain name registration is about to change in several ways, besides the transfer of control to ICANN. First, there will be an expansion in the number of authorized registrars in the hope of injecting competition in pricing and in services into the process. Second, there will be an increase in the number of top- level domains. A few of the proposed top-level domain additions include .firm, .store, .service and .home. There is no consensus as to which additions will occur, but there is consensus that there will be additions. The domain name registration process will continue to evolve in 1999.
Trademark protection on the Internet, particularly with the application of the Federal Trademark Dilution Act of 1995, is an aggravating business. The trademark owner will want to own domain names that are identical to or associated with the owned trademark. Domain names are often abbreviated or altered from an entity's regular marks, domain names are registered on an international basis, and domain names which are identical or similar to a registered trademark are not restricted to purchase by the owner of that trademark. Further, the same second-level domain name may be issued to different parties for different top-level domains. (Party A may own web.com, Party B may own web.org, Party C may own web.net, Party D may own web.tv, etc.) The original cost for domain names was nominal and "prospectors" went out and bought many domain names identical to major trademarks. There is no clear precedent as to whether a trademark owner is entitled to enforcement of its trademark in the arena of domain names. The result is that an owner seeking to enforce its trademark may well find that the desired domain name is already owned by a prospector, by another trademark owner with a legitimate claim to ownership of the domain name to protect its trademark, by a foreign entity not subject to U.S. jurisdiction, or by an amorphous, unincorporated association with no registered address. Further, the trademark owner may not have legal redress available to force a change of ownership. Finally, the trademark owner must face such considerations for each top-level domain, the number of which will increase in coming years. Trademark owners are not thrilled with this state of affairs, but they have not yet been able to secure legislative change. Next year will likely see renewed calls by trademark owners for legislation enabling enforcement, continued resistance by the Internet community, resistance of a U.S.-based solution by the international community, and no successful resolution of the issue.
The issue of what liability if any lies for trademark infringement in "meta tags" is beginning to be litigated. Many web pages now bear meta tags. Tag, as used in this paper, refers to an HTML (Hypertext Markup Language, the primary formatting language used to control the appearance of web pages) element in a web page. A meta tag is a tag that is used to provide information about the document rather than to dictate the display of the document. Web surfers do not see meta tags. Meta tags are designed primarily to be reviewed and cataloged by automated search engines. The search engines use the information found in the meta tags to assist users in the search engine in finding appropriate web pages to answer the users’ search requests. Meta tags describing the document contents are typical. Some web sites prepare misleading meta tags for their pages. Many pages unrelated to adult topics include large repetitions of the word "sex" (or variants of that theme) in their meta tags, so that persons searching for the topic of sex (studies indicate a large number of searches executed on search engines concern related topics) will generate a search response that includes that particular web site. It is not unknown for a site to include in its meta tags trademarks registered to that site’s competitors in the hope that persons searching for the competitors products may be induced to visit the sponsoring web site. This year saw one prominent case alleging trademark infringement by the use of meta tags.
On February 27, 1998 in the U.S. District Court for the Southern District of California, Playboy Enterprises, Inc. sued Terri Welles, the December 1980 Playmate and the 1981 Playmate of the Year, for trademark infringement, because Welles included the words "Playmate" and "Playboy" in her web site’s meta tags, as well as including the abbreviation PMOY ’81 as a background image in some of the published pages. Playboy moved for a preliminary injunction against Welles use of the terms Playmate, Playboy and PMOY, including her use of these terms in her meta tags. The district court found that since Welles was the Playmate of the Year for 1981, she would likely win her defense on "fair use" grounds for trademark infringement pursuant to 15 U.S.C. §1114(1), for false designation and unfair competition pursuant to 15 U.S.C. §1125(a), and for trademark dilution pursuant to 15 U.S.C. § 1125(c) and 15 U.S.C. §1127. The court also found that Playboy failed to prove any irreparable damage that would result if the motion was denied. The court therefore denied Playboy’s motion for preliminary injunction. (www.pmdlaw.com/download/PlayboyWellesOrder.htm) With regard to the use of meta tags by Ms. Welles, the court applied the fair use doctrine and ruled that,
"With respect to the meta tags, the court finds there to be no trademark infringement where defendant has used plaintiffs trademarks in good faith to index the content of her website. The meta tags are not visible to the websurfer although some search engines rely on these tags to help websurfers find certain websites. Much like the subject index of a card catalog, the meta tags give the websurfer using a search engine a clearer indication of the content of a website. The use of the term Playboy is not an infringement because it references not only her identity as a "Playboy Playmate of the Year 1981," but it may also reference the legitimate editorial uses of the term Playboy contained in the text of defendant's website. Plaintiff conceded, both in its papers and in oral argument, that defendant may properly use the term Playboy in an editorial fashion (i.e. in reference to the Playboy Mansion). Therefore, the court finds that defendant has not infringed on defendant's trademarks by using them in her website meta tags."
Playboy appealed the denial of its motion for preliminary injunction to the United States Court of Appeals for the Ninth Circuit in Appeal No.98-55911. On October 27, 1998, the appellate court issued a terse "Not for Publication" order, which upheld the district court’s denial of Playboy’s motion for preliminary injunction.
At this stage, the case makes no effective statement as to particular liability for trademark infringement with meta tags. The implication of the current arguments is that meta tags, although not normally viewable by web users, will be accepted as statements that may incur trademark infringement liability within the jurisdiction of the Ninth Circuit.
A "link" in the context of the Internet generally means a hypertext link. A hypertext link is a piece of text or an image that is connected to an address for a Uniform Resource Locator, or URL, located on the World Wide Web (the Web). On most web pages, hypertext is generally underlined and colored differently than the other text on that web page. Selecting that hypertext link will take the user to the web page to which the link is addressed.
There are two primary types of liability being suggested by the ongoing threats of link-related lawsuits. First, some web sites wish to control who can link to their web site and to control how some party can link to their web site. Second, the threat exists, but has not been the subject of lawsuits like the first type of link liability, that liability will be found against a web site for linking to a particular site, and thereby implying recommendation of the site which is linked to, a site which may turn out to be harmful to the public in some way. Last year was a much more active year than 1998 for the filing of lawsuits over the link liability issues. However, despite the time since the first link lawsuits and the multiple opportunities for decisions, there is yet to be an authoritative case decided or statute established on these issues. Most link liability cases to date have been settled without generating any reported decisions.
Digital signatures are a method of proving authentication of an electronic document. Electronic contracts will not be widely accepted until there is an agreed upon method between parties of recording a digital signature. Several types of digital signatures are being explored. Some digital signatures designed to be used only with a particular party such as the Internal Revenue Service are merely Personal Identification Numbers (PINs). In 1999,
the IRS will conduct experiments with the use of PINs as digital signatures. This type of signature is easily forged, and by its nature, can not be used as a universal digital signature.
The more favored design in the Internet field is to use some form of public key encryption combined with certification to serve as a digital signature. Encryption is a method of securing a communication from being read by an unintended party. The encryption program turns a message into a scrambled code that only the proper encryption key may decrypt, or translate, into readable form once again. An encrypted message that is intercepted by an unintended party is not readable by that interceptor. Private key encryption relies on both parties sharing a private key that both encrypts and decrypts the communication. Public key encryption relies on one party using a private key to generate a public key for that party, which will then be published publicly. Anyone wishing to send an encrypted message to the publisher, encrypts the message with the public key. Only the original publisher possesses the private key necessary to decrypt that message. A related function useful for digital signatures is that the publisher may send a message (such as the publisher's name) encrypted with the private key, which may only be decrypted by the public key. If A claims to B that A is John Doe, then A can prove that by sending a message encrypted with John Doe's private key. If B can decrypt the message using John Doe's public key, then A is John Doe (or at the least is sending the message from John Doe's personal computer). A's message encrypted with his private key can become his digital signature as only A can encrypt a message, which A's public key will decrypt.
Generally, discussions of digital signatures suggest adding an additional level of security by requiring an authentication certificate. Authent- ication certificates use public key encryption methods, but require that the user prove his identity through traditional means before he is ever granted the certificate. If A claims to be John Doe and is using public key digital signatures, but not using an authentication certificate, then B can verify that A is A, but B can not verify that A is also John Doe. If A claims to be John Doe and is using an authentication certificate, then B can verify that A is A, and B can verify that A proved to the certification authority that A is also John Doe. B must still rely upon the procedures for verification used by a particular certification authority, but B can choose which certification authorities that he will accept. Anyone with a server and an Internet connection can establish themselves as a certification authority, but not just anyone will be trusted as a certification authority by the majority of users. There are established, serious certification authorities, such as VeriSign, AT&T and GTE, which are trusted by large numbers of Internet users.
For digital signatures to gain widespread acceptance in legal situations, there will need to be legal recognition of digital signatures in each state's statutes. Proposed sections 2B-113 and 2B-119 of Article 2B of the Uniform Commercial Code, discussed below, suggest guidelines for statutory recognition of digital signatures. However, the proposed sections are only in draft form and no state has yet adopted them. For acceptance, there will also need to be agreement at least among the parties to a contract, if not within the state statutes, as to which forms of digital signature, which encryption standards, and which certification authorities will be acceptable to prove the validity of a digital signature. These problems are resolvable in the near future, possibly in the next year.
Software companies adore "shrink-wrap licenses". A shrink-wrap license is a license contained within the packaging of a software product. Such a license is typically not visible at the time of purchase and typically contains broad, sweeping provisions limiting the software company’s liability, while imposing obligations and liabilities upon the purchaser. Numerous parties in breach of contract and in copyright cases argued that the sale of software packages is governed by Article 2 of the Uniform Commercial Code, which concerns the sale of goods (Ind. Code § 26-1-2-101 et seq.). Proponents of this argument made two further assumptions. First, that the shrink-wrap license was not visible at the time of purchase, and second, that the purchaser was not a merchant. Based on these assumptions and the governance of Article 2 of the U.C.C., the proponents argued that the shrink-wrap licenses constituted additional proposed contract terms (Ind. Code § 26-1-2-207), which did not become binding unless the purchaser expressly accepted them. Case law has been indecisive on this issue, but enough concern has been raised that the American Law Institute and the National Conference of Commissioners on Uniform State Laws set about modifying Article 2 to account for shrink-wrap licenses and software leasing agreements.
The first attempt to update Article 2 was soundly rejected by software producers. The Draft Committee then opened the process up to more extensive outside participation. Over sixty organizations have been represented in the Draft Committee and more than 200 seminars and public meetings have been held on the U.C.C. 2B draft. With the additional outside participation, numerous issues related to electronic commerce and licensing other than the initial questions about shrink-wrap licenses have been addressed as well. The U.C.C. 2B just closed comment on what is probably the final discussion draft. A final proposed draft will be tendered to the committee in all likelihood early next year, but such a draft has not yet been published.
The current draft accepts shrink-wrap licenses, which it identifies as "mass market" licenses, as valid, binding contracts; it does not interpret such licenses as merely additional proposed contract terms. In exchange for this acceptance, the draft imposes certain requirements upon the licenses. The draft requires that the purchaser have the ability to return the software for a full refund, if the purchaser does not agree to the terms of the license upon review. The draft mandates that choice of law provisions are ineffective to the extent that they would impair consumer protection statutes in the purchaser's state of residence. The draft dictates that choice of forum provisions are not exclusive, unless the agreement expressly provides that the choice of forum provision is "exclusive". U.C.C. 2B § 108. Further, the choice of forum provisions must not be "unreasonable" or "unjust". U.C.C. 2B § 108. The draft also prohibits "unconscionable" contract provisions, although it leaves "unconscionable" up to a case by case determination. Finally the draft notes that breaches of shrink-wrap and click-through licenses must be material breaches to be actionable.
The draft of U.C.C. 2B also makes extensive provisions for the operation of electronic contracts. The draft includes proposals for indicating offer and acceptance, including acceptance by electronic agents, for ensuring that commercially reasonable attribution procedures are utilized to verify that the apparent contractor is valid and authorized, for providing methods by which voluntary submissions of ideas release intellectual property rights that could potentially be attached to those ideas, for determining performance, including self-completing performances, and for methods of rescission and revocation.
Further, the draft proposes that consumers be provided with an implied warranty of quiet enjoyment, with an implied warranty of system integration, and with an implied warranty of informational content. These warranties are likely to be a shock to the software industry, and while subject to contractual disclaimer, ease the burden imposed on the consumer by the determination that mass-market licenses are enforceable. The draft also restricts a software producer's ability to terminate a license by imposing a time restriction on the length of the license.
U.C.C. 2B is still being drafted and is subject to change, but if the final draft is similar to the current draft, it will create radical new changes in commercial law, of which all lawyers should make themselves aware.
Electronic agents, otherwise known as software agents, are programs that interact with other entities in cyberspace to obtain information, compare prices, purchase items, schedule tasks and perform other functions. The electronic agents perform these functions without direct, active supervision by a human. Like any program, it is probable that electronic agents will make a mistake from time to time. The agent is most likely conducting its transactions with a less complex set of programs on the other end of the ether, and most likely there will not be direct, active human supervision on that other end. The use of electronic agents will raise many of the same questions raised by normal agency relationships, and will raise a few new ones. What is the capacity of the electronic agent to contract on behalf of the principal? Which party takes the risk of the agent's malfunction in the transaction? Does the principal possess any right to rescind transactions committed to by the electronic agent? Does the principal need to notify the other party that they are dealing with an electronic agent, not a human? If a third party piece of software harms or obliterates the electronic agent, what is the measure of damages? Look for some very interesting factual patterns to arise in the context of electronic agent issues.
Sun Microsystems, Inc. v. Microsoft Corporation, filed in the United States District Court of the Northern District of California, No. C 97-20884 RMW (PVT), is a case that will help determine the future of Internet computing. Sun is predominantly a hardware company specializing in high-end servers and networking equipment, but in 1991, Sun allowed their lead programmer, James Gosling, to begin design of a new computer language. Sun named this new language "Java". Gosling had a problem that he wanted to rectify. Whenever he wrote a program for widespread use, he would have to rewrite the program repeatedly to modify it to run on different operating systems with different computer languages. Gosling saw rewriting as a waste of his engineers' time and effort. Gosling designed Java to remove this waste. The promise of Java was that a programmer could write his program one time, and provided that each machine had a piece of software called a Java Virtual Machine (or Java VM), that program could successfully run on any computer without being rewritten. This concept gained immediate popularity with programmers.
Microsoft makes many of the tools used by a large number of programmers to write programs. Microsoft realized that Java would be successful among programmers. Microsoft licensed Java from Sun, so that Microsoft could incorporate Java into Microsoft's programming tools and so that Microsoft's own engineers could take advantage of Java.
Microsoft makes the bulk of its money on and focuses its strategy on the sale of its operating system software. Microsoft operating systems control more than ninety percent of the personal computers in existence. All of the most popular software for personal computers is designed to run on Microsoft operating systems. As a general rule, software designed to run on one operating system will not run on another operating system without modification, if at all. Java changes that!
Java programs run equally well on all popular operating systems, whether Microsoft Windows, System 7, Solaris, or Linux. This run anywhere model means that the operating system used by the consumer is irrelevant as long as the software is written in Java. This model posed a serious threat to the continued dominance of Microsoft's operating systems. If the applications software runs on any operating system, then there is no necessity for the consumer to purchase Microsoft operating systems, and there are several reasons for consumers to choose operating systems other than Windows (reliability and cost being the primary reasons for an alternate operating system). If consumers began to choose other operating systems, then Microsoft's fortunes would suffer.
Sun alleges that when Microsoft faced this threat, Microsoft used the license of Java from Sun to attempt to destroy the language from within by adding components to the language, which would cause programs to run only on Windows machines. As Microsoft is the primary development environment supplier to a vast number of programmers, their sabotage of the programming tools used by hundreds of thousands of programmers would severely impair the Java promise to write once and run anywhere. If that promise gets destroyed, then Microsoft's operating system sales are not faced with the competition that would exist if the promise is kept.
On November 17, 1998, Judge Ronald M. Whyte issued a preliminary injunction demanding that Microsoft conform its programs to the license within ninety (90) days or remove all Java from the products. (http://java.sun.com/lawsuit/111798ruling.html) Microsoft has announced that it will comply with the injunction while the trial goes forward.
This case has been dragged into the antitrust suit against Microsoft described below as an example of Microsoft's anti-competitive behavior. E-mail discovered for this case, and delivered to the antitrust case, led Microsoft Chairman Bill Gates to engage in a Clintonesque performance during his deposition as he attempted to explain what Microsoft Project Leader Slivka meant by when Slivka stated that Microsoft would be "pissing on" Java Foundation Classes at every opportunity. (http://www.zdnet.com/zdnn/stories/news/0,4586,2170955,00.html) The Sun v. Microsoft case is important to the Internet, because of the very subject of the case: the Java language and its development.
If Java is developed as envisioned by Sun's James Gosling, then corporate administration costs will be lowered, programmers will become more productive, better interoperability between divergent computer systems will develop, software costs will drop, and Microsoft will lose market share. If Microsoft prevails, then the above benefits are unlikely to come to pass.
E-mail was the "killer app" (killer application, the program which explosively and decisively makes a technology a must-have product) that first demonstrated the mass market utility of the Internet. To be without e-mail today is analogous to being without a facsimile machine five years ago. It is to be without an essential means of professional communication.
E-mail, however, is a more problematic communication media than letters or faxes. E-mail can be printed, and therefore, bears a resemblance to other written media, but the use of e-mail differs from that other written media. Letters tend to be thoughtful endeavors. The writer thinks through the content, dictates it, revises the result, and possibly, institutes further revisions after the first; all before the letter is sent. E-mail, on the other hand, is often swiftly issued or replied to, without extensive thought and without revision. It is not uncommon for a person to use language and mannerisms in e-mail that the same person would never use in a more formal letter. Typical users treat e-mail more like speech than like written letters. This less formal treatment can become a problem in litigation.
Discovery requests for e-mail are becoming commonplace. E-mail is more persistent than many users realize. Deleted e-mails, in the most popular e-mail programs, reside on a user’s hard drive in a readily accessible directory until that "Trash" (or "Deleted Items") directory is emptied. Even then, the e-mail is recoverable for an extended period of time with the proper tools. Additionally, most corporate e-mail resides upon server computers separate from the end-user’s personal computer. These server computers are normally backed-up by copying files on the server onto storage media and storing the back-up media in a safe location off-site. An attempt to delete the e-mail on the corporate servers will not erase any copies of that same e-mail that may be replicated on the back-ups, whether stored on-site or off-site. The persistence of e-mail, discovery requests for relevant e-mail and the informal treatment of e-mail by users combine to create possible vulnerabilities where a strict e-mail destruction policy is not in effect.
E-mail savvy companies such as AOL, Microsoft, Netscape and Sun Microsystems, Inc. have suffered embar- rassments this year, in litigation described elsewhere in this paper, when the discovery process turned up e-mails that were contrary to the positions espoused by the respective companies in their respective cases. Each of the above companies earns at least part of its revenue from activities directly related to servicing customers’ e-mail needs. If such savvy parties can fall into trouble from e-mail disclosures, then it is clear that most corporations and small businesses are vulnerable to damaging exposures that may be lurking in the e-mail archives. The extent to which attorneys are obligated to proactively advise clients of these dangers has not yet been determined. It would not be surprising to see malpractice claims arising over the failure to advise clients as to potential discovery dangers relating to e-mail communication.
Strong encryption is a munition, a weapon. That is the position of the United States government. Strong encryption in this case refers to encryption that uses a 64-bit key or larger for encryption. A bit is the most basic measurement of binary code; it is one element, rendered as a 0 or a 1. Encryption becomes more difficult to break as the key length increases. The difficulty increases exponentially as the length of the key increases. With the exception of a few military ones, all the basic encryption algorithms have been published. This has created an enforcement problem due to the application of the First Amendment. Everyone agrees that if the a 128-bit key encryption program is printed out on paper, then it is legal to walk out of the country with the code in book form. However, if the same code is in electronic form, then it is subject to the International Trafficking in Arms Regulations (ITAR) administered by the Department of State.
Privacy advocates complain that the government is merely supporting the restrictions in an effort to deny private citizens encryption that is not readily breakable by the National Security Agency (NSA). Software producers complain that United States export restrictions cause a loss of sales into foreign markets, where the foreign competitors are able to offer stronger encryption than American companies. Realists point out that all of the encryption algorithms prohibited from export already exist in publicly available download sites on the Internet in numerous countries outside the U.S. After the United States lost two separate prosecutions for encryption ITAR violations in 1996 and in 1997, it appeared that the fight over encryption was over. The government seemed ready to leave the regulations on the books, but not actively enforce them.
Then, on December 4, 1998, the Clinton administration convinced the thirty-three signatories of the Wassenaar Arrangement, which limits arms exports, to agree to restrict the export of general encryption products with more than 56-bit keys and of mass-market products with keys larger than 64-bits. (For comparison, the North American version of the Netscape Navigator browser contains encryption with 128-bit keys.) Aaron Pressman, U.S. Says Got Curb On Global Encryption Trade, REUTERS, December 4, 1998.
This success came as a surprise to the Internet community, which had thought the issue dead for all practical purposes. Deliberate, public violations of this agreement will occur and the issue is sure to continue to develop during 1999.
The Congress failed to pass any restrictions on gambling on the Internet this year despite several attempts. There is opposition to Internet gambling both from groups with moral objections, and from states concerned about the diversion of resources from state-sanctioned (and state-run) gambling, so we can expect to see more attempts to regulate or outlaw gambling on the Internet in the coming year.
Wal-Mart Stores, Inc. filed suit against Amazon.com, Kleiner, Perkins, Caufield & Byers (a well-known venture capital firm that funded Amazon.com), Drugstore.com on October 16, 1998 in the Chancery Court of Benton County, Arkansas alleging violations of the Arkansas Trade Secrets Act. Wal-Marts alleges that Amazon.com specifically targeted Wal-Mart employees for recruitment in order to obtain trade secret information on Wal-Mart's proprietary business information systems. Other than the well-known names of the parties, this case is not a particularly landmark case at this time, but it represents a major problem of the Internet economy. Most of the value of many modern businesses is not locked into any tangible form, but lies in the talents, training and experience of the employees.
What constitutes trade secrets? While this general question has been answered many times in the past, it becomes more complicated in the Internet age. It appears that Wal-Mart will argue that technical skills developed in the maintenance and implementation of an information system constitute a trade secret. However, while the topology of the network may well be a trade secret, actual construction techniques are not unique to Wal-Mart. There are only a limited number of ways to configure a server to operate a modem bank, etc. Whether Wal-Mart can narrow the issue of trade secrets to exclude ludicrous claims, while still maintaining valid claims over actual trade secrets is yet to be seen. Proving that a particular technique is a trade secret risks exposure of the technique. However, without specification, it may be difficult to prove that the employer's information technology environment was sufficiently unique to merit classification as a trade secret. How can a company protect itself from disbursement of its knowledge when employees leave? Standard trade secret and noncompete agreements are likely to be unenforceable for skilled Internet-related employees for a couple of reasons. A geographic scope that protects the employer will likely turn out to be overly broad for the courts. An employee whose job skills are Internet-related may be as much of a threat to the employer's business if the former employee is in Bangladesh as if the former employee is in town. Restricting the scope to the employer's locality may not protect the employer, while broadening the scope to national or international area may tempt dismissal by the court. The employee's training may be so specialized that the only potential, suitable employment is by the employer and the employer's direct competitors. Attempting to restrict all ability of the employee to enter into employment in his chosen field may well result in the court disregarding any noncompete agreement. The problem that an employee solves for the employer may well be repeated at the next employer's site. With a finite number of solutions given specific hardware and software, it may be difficult to prove that the employer's solution constitutes at trade secret.
Even if the employer wins, the employer still needs to prove damages from any theft of a trade secret. Where the trade secret involves the design and implementation of information technology, rather than any secret directly associated with sales or production, the employer may well find it impossible to point to specific examples of measurable damages, even though there is significant and real value to the trade secret for both the old and new employers.
There are certainly trade secrets lurking in the information structures of most Internet connected firms, but establishing enforcement of trade secret protection and assessment of damages for violations is still in an infantile stage.
What is the liability of Internet users for violation of political crimes? While this issue has bubbled up in the past, particularly in the case of CompuServe liability in German courts for members posting of Nazi material, those past cases were usually dropped or settled. However, on December 4, 1998, the People's Republic of China tried Lin Hai, a computer engineer for subversion of the state as a result of the man selling mainland Chinese e-mail addresses to a U.S.-based Chinese dissident group, VIP Reference. The court has the case under advisement as of the time of this writing. If convicted, Lin Hai faces a sentence of from three years to life. Chinese court weighs Internet dissent case, REUTERS, December 4, 1998.
The Internet is an international medium. Most countries bear stricter limits on political expression than the United States. If a U.S. resident (but non-citizen) posts a web site or distributes e-mail that is perfectly legal with the United States, but which enters or is viewable from a jurisdiction where such a display or message is criminal, and if the respective country seeks to punish the violation, what will the result be? Will the result depend on the citizenship of the alleged violator? While we can make educated guesses, we currently have no definitive answers to these issues.
Microsoft Corporation is an intensely competitive corporation with the highest market capitalization of any company in the United States. Microsoft provides the operating system for more than ninety percent of the personal computers (PCs) in the country. (An operating system is the program in a computer that mediates between the computer hardware and higher-level applications programs. Some examples include Windows95, OS/2, System7, Linux, and DOS.) The Department of Justice concluded that Microsoft’s dominance of the PC operating system market constituted a monopoly. The Department further concluded that Microsoft’s competition in the market for browser software included anticompetitive and improper business activities. (Browser software is the application that allows the viewing of web pages on the World Wide Web. Examples include Netscape Navigator, Internet Explorer, Mosaic, and Opera.) Microsoft’s actions included giving away for free a browser in competition with Netscape’s browser that cost $49 per user for businesses. Based on the above conclusions, the DOJ brought an antitrust suit against Microsoft and eventually, settled the original complaint with Microsoft.
In 1998, the DOJ concluded that Microsoft had violated the terms of the settlement and had incurred new antitrust violations. In May, the DOJ filed a new antitrust suit against Microsoft. The two sides failed to settle, and this cause proceeded to trial; the trial is still ongoing as this paper is being prepared. . This case for the first time raises the legal issue of what is an operating system, what is an application, and what difference does a distinction between the two make? It raises the issues of what constitutes a monopoly in the software market, and what responsibility does a monopolist in the software market bear? This case also, represents the first foray of serious government oversight into the software industry, an industry that is integral to the functioning of the Internet. Whether the federal government will see this situation as an invitation for more intensive oversight and regulation, or whether it will be viewed as a temporary aberration is yet to be seen. Increased oversight and regulation would seriously impact an industry thriving on rapid change and dualistic competitive-cooperative relationships among most of the players.
HTML (Hypertext Markup Language) which permits the existence of the World Wide Web did not exist prior to 1989. A browser which could function as a graphical interface to the World Wide Web was not built until 1993. Since that time, more than one hundred million web pages have been constructed. American Internet users number in excess of fifty (possibly even eighty) million. Where the Internet, at the beginning of the 1990s, prohibited commercial activity by governmental fiat, Internet commerce is omnipresent today. The rapid speed of change on the Internet leaves little solid ground for legal analysis. The medium is too young to have suffered much case law. Legislators find it difficult to analogize the Internet to topics with which they are familiar; it's like and yet unlike: television, radio, telephony, print publishing, bulletin boards, public gatherings, real estate, intangible property, libraries, and a plethora of other subjects.
This year saw some firming of the ground. The federal government stepped in on several topics and threatened to move into more. The state governments have begun to act on their own, although this is problematic in the Internet's context. The courts take time to gear up to speed and 1999 may well be a year that sees the Internet legal arena finally generating its fair share of appellate opinions. The past year opened up some exciting topics, and the coming year promises to be even more interesting than those, which have went before.