While there have been numerous reported cyberattacks against various government entities (including a widely discussed cyberattack by Russian activists against the Estonia government in retaliation for its decision to relocate a Russian war memorial), there is little evidence of the ability of even the most sophisticated governments to engage in even limited-scale cyberwarfare.

The hype surrounding “cyberwar” reminds me of similar hype in the 1970s concerning the extent of “computer crime” in the United States. At that time the FBI and other state and federal agencies were angling for massive increases in funding. There was a widely circulated “fact” that computer crimes were costing U.S. businesses $100 million to $10 billion annually, and that new legislation and heightened funding were desperately needed to defend against this scourge. However, in an unbiased study of the sources of these alleged losses (Jim Taber, A Survey of Computer Crime Studies, 2 COMPUTER L.J. 275, 307 (1980)), Jim Taber of IBM showed that these numbers were both unverified and unreliable. His investigation showed that these numbers were simply pulled out of thin air by security consultants and FBI executives who stood to benefit if Congress and the public thought that computer crime was exploding. And it worked. Congress substantially increased funding for law enforcement agencies to fight “computer crime,” which included significant funds for contracts that were awarded to the same computer security consultants that promoted these fictitious figures in the first place.

Those using scare tactics to garner new funding for “cyberwarfare” seem to be taking pages directly from the “computer crime” playbook. Throw out a lot of scary rhetoric, claim that the underlying facts are either unknowable or classified, and then tell Congress and the American public that they should “trust us,” since we know better than they do. Congress seems to be falling for this once again without any critical analysis. However, as noted by James Rid, who has studied cyberwarfare in depth:

There was no and there is no Pearl Harbor of cyber war. Unless significantly more evidence and significantly more detail are presented publicly by more than one agency, we have to conclude that there will not be a Pearl Harbor of cyber war in the future either.

Before wasting untold billions to line the pockets of defense contractors, it would behoove Congress to look behind the scare tactics and determine whether cyberwarfare is real, how much of a threat is it to us, and how best to deal with the issue.

Flash forward to today. She is almost 3 years old and her love for the iPad has not diminished. Of course the choice of apps has changed. She is learning conversational French, watching ballet videos (ballet is her passion) and listening to all types of music. And no, she’s not a couch potato. She plays soccer, takes ballet lessons, and loves to jog/walk with her mother over a mile a day along the beach.

Her parents and I are very careful about the apps we download for her. And frankly I had thought little about the privacy issues that such apps might create until I read a recently report from the FTC titled “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” (Feb. 2012).

This staff report shows the results of a survey of mobile apps for children. The survey shows that neither the app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared, or who will have access to it.

The report recommends:

• All members of the “kids app ecosystem” — the stores, developers and third parties providing services — should play an active role in providing key information to parents.
• App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
• App stores also should take responsibility for ensuring that parents have basic information.

While we don’t plan to stop buying apps for my granddaughter, I suspect we will be more vigilant in reviewing the apps before we allow her to use them to make sure there are no hidden privacy problems.

There are so many “hot button” issues, it is hard to decide which ones to mention. So I’ll just mention the three that I find extremely interesting:

1. Network neutrality. The FCC issued regulations to prevent telcos and other ISPs from engaging in what supporters would call unfair and anticompetitive activities. On November 10, 2011, those regulations came up for a vote in the Senate. Republicans were attempting to overrule the regulations, but the Democrats were able to defeat the bill. Of course, that is only a temporary victory, since the regulations are also being challenged by Verizon in court, and if the Republicans take over the White House in the next election those regulations are likely to be thrown out.

2. Online sales tax. For many years, Amazon, and other online retailers have been able to avoid collecting sales taxes for their online sales. However, political pressure is mounting for Congress to change the law to compel these vendors to collect sales taxes. Much of this pressure is coming from states that are suffering with sagging tax revenues. If such a law passes, of course, there are bound to be constitutional challenges, eventually winding up in the U.S. Supreme Court.

3. Privacy and GPS devices. The U.S. Supreme Court recently heard oral arguments on whether the police can install a GPS device on a suspect’s car and “follow” him around by monitoring the device. Surprisingly, at least to me, the Supremes seemed receptive to the argument that such activities violated the Fourth Amendment. Next year’s decision will be interesting reading, particular if the Court upholds a right of privacy in these circumstances.

Let me know what your hot button issues for 2012.

The FTC previously reviewed the COPPA Rule in 2005 and retained it without change. In light of rapidly evolving technology and changes in the way children use and access the Internet, in 2010 the FTC initiated another review of the Rule on an accelerated schedule. On April 5, 2010, the FTC sought public comment on every aspect of the COPPA Rule, posing numerous questions for the public’s consideration. In addition, the FTC held a public roundtable and reviewed 70 comments received from industry representatives, advocacy groups, academics, technologists, and individual members of the public.

The Internet has clearly changed considerably since 2000 and it is clear that an updated Rule (if done properly) would be of enormous benefit both to parents (whose children are increasingly interacting with Internet on a daily basis) and website operators (who still seem to be unclear on how to comply with COPPA).

One of the most troublesome areas in complying with COPPA is the “verifiable parental consent” requirement. I am pleased to see that this is one area that the FTC is specifically looking at. Unfortunately, the FTC proposals appear to be increasing the burden on websites, not streamlining them as the proposal claims. The promulgation of the original Rule, with its “verifiable parental consent” requirement resulted in many child-oriented sites moving away from efforts by sites to “customize” the experience for each child-visitor, since the information required to do so fell within the strictures of COPPA. Instead, sites changed to provide the same “experience” to every child that came to them, which turned off a lot of kids.

As the number of interactive child-oriented sites decreased, many children starting exploring more adult-oriented sites that did not need to get “verifiable parental consent” as long as the site was not directed to children and the site operator did not ask for the age of the visitor. Under many lawyers’ reading of the COPPA, a Disney-sponsored site would be required to get consent to gather information from an eight year-old, but playboy.com would not. Certainly a perverse result!!

It will be interesting to see whether changes are actually made this time to the Rule, and whether those changes help or hurt websites that are directed at children.

What many people do not realize is that many newer cars (particularly those manufactured by GM and Ford) contain an “event data recorder” (a so-called “black box”) that is similar to those on airplanes. These devices generally are triggered by electronically-sensed problems in the engine (often called faults), a sudden change in wheel speed or airbag deployment, and store a variety of data, such as which seat belts were being worn at the time of the event and the vehicle’s speed, direction and location. The information contained in the black box can be invaluable in determining the cause of an accident.

The question is whether a driver (or car owner) has a legitimate expectation of privacy in the information stored in the black box or whether the police can download that information without a search warrant.

In a New York case, the court held that no search warrant was required for the recovery of black box data. In People v. Christmann, 3 Misc.3d 309, 776 N.Y.S.2d 437 (2004), the defendant was involved in a motor vehicle accident with a pedestrian. The police at the scene downloaded the data from the car’s black box without a warrant. The court held that exigent circumstances (“[e]vidence regarding the pre-accident conditions within Defendant’s automobile could easily be destroyed, either purposely or accidently, if the automobile was moved from the scene under its own power.” 3 Misc.3d at 315, 776 N.Y.S.2d at 441.) justified the data download at the scene without a warrant.

However, a recent California case, People v. Xinos, 192 Cal. App. 4th 637, 121 Cal. Rptr. 3d 496 (2011), review filed (Mar. 21, 2011), the court came to the opposite conclusion. In Xinos, the defendant was convicted of vehicular manslaughter, based in significant part on the data contained in an event data recorder (also called a “sensing and diagnostic module” or “SDM”) in his car. The defendant had filed a suppression motion regarding the SDM data, claiming that the downloading of the data without a warrant violated his Fourth Amendment rights. The lower court had rejected the motion. On appeal, however, the court reversed.

After an accident in which a pedestrian was killed, the defendant’s car was towed to a police impound lot. A year after the accident, at the request of the District Attorney’s Office, and without obtaining a warrant, police went to the impound lot and:

downloaded the data contained in the vehicle’s SDM. They accomplished the download using a cable connected to the diagnostic link connector (DLC), which was located underneath the vehicle’s dash area on the driver’s side. An SDM receives data from various inputs related to the vehicle’s restraint systems, seat belt pretensioners and airbags. The data includes information regarding engine speed, vehicle speed and deceleration, throttle percentage, braking, airbag deployment, and the restraint system. . . .
Using software, [the police] produced a crash data retrieval (CDR) report. It showed information captured during the five seconds before defendant’s vehicle experienced a change in velocity. It disclosed the vehicle’s speed during the five seconds before the incident. The data indicated that there had been brake activation but the braking “could just be covering the pedal” and was not necessarily hard braking.

Id. at 647, 121 Cal. Rptr. at 502-03.

In the trial court, the prosecutor argued that “no search warrant was required because defendant had no reasonable expectation of privacy in the SDM’s data, analogizing to electronic beepers and emphasizing the diminished expectation of privacy in vehicles. The People maintained that the year delay in conducting the download was immaterial.” Id. at 651, 121 Cal. Rptr. at 505. The trial court held that there was no Fourth Amendment violation:

In this matter the Court is satisfied that the police were permitted to conduct tests and discover data because the vehicle was an instrumentality of the crime of vehicular manslaughter as well as hit-and-run. Therefore, the retrieval of the data in the SDM was not a search within the meaning of the Fourth Amendment. Id.

It further stated that, even if downloading the information was “not a test or a diagnostic event” and it was a search, the search fell “within the automobile exception to the warrant requirement because the police officers had probable cause to believe that evidence pertaining to the crime was contained in the SDM.” Id. at 651, 121 Cal. Rptr. at 505.

The appellate court disagreed:

This case is fundamentally distinguishable from the cases where technology is used to allow law enforcement to capture information that a person is knowingly exposing to the public. . . .
[I]n this case, defendant could not have claimed any reasonable expectation of privacy with respect to governmental observations, including those using enhanced technology, of his driving on public roads. We are more familiar with the examples of law enforcement measuring vehicular speed with radar guns or recording failures to stop at red lights with automated cameras. But in this case, the government was not making any observations of conduct exposed to the public view. Here, defendant’s own vehicle was internally producing data for its safe operation. That exceedingly precise data was not being exposed to the public or being conveyed to any other person.

Id. at 654, 121 Cal. Rptr. at 508. The appellate court found no probable cause for the download:

[T]he scope of a legitimate warrantless search of a vehicle under the automobile exception “is defined by the object of the search and the places in which there is probable cause to believe that it may be found.” The scope of a warrantless search authorized by the automobile exception is “no broader and no narrower than a magistrate could legitimately authorize by warrant.” Moreover, probable cause to conduct a warrantless search must exist at the time the warrantless search is executed.
[I]n this case, the prosecution failed to show that the objective facts known to the police officers at the time of the download constituted probable cause to search the SDM for evidence of crime. The download occurred long after the collision and criminal investigation. The officers who conducted the download were merely complying with an unexplained request of the D.A.’s Office and believed no relevant data would be found. The download of the data was not supported by probable cause.

Id. at 661, 121 Cal. Rptr. at 513. Nor did the court find the SDM data to be lawfully seized evidence of a crime:

The Attorney General has not cited any Fourth Amendment authority permitting new intrusions into any internal part or component of a vehicle simply because the vehicle was seized as evidence. . . . The retrieval of raw data from a vehicle’s SDM not believed by police to hold any evidence of crime is not a reexamination or closer look at areas of a vehicle already reasonably believed to be or contain evidence of a crime; it is a new and different intrusion. The prosecution failed to show in this case that the download of data was justified by the circumstances warranting seizure of the vehicle and examination of its condition. Further, the download of raw data from a SDM does not qualify as a scientific test, similar to DNA or ballistics testing since downloading is merely the copying or retrieval of electronic data or information.

Id. at 663, 121 Cal. Rptr. at 515.

Clearly, the two cases can be factually distinguished. The New York case involved a download of data immediately after the accident versus the year delay in Xinos. The more important issue, however, is whether a driver has a legitimate expectation of privacy in the black box data at all, and if so, when a warrant based on probably cause should be required. As black boxes become ubiquitous in new cars, this issue is bound to be before the courts again.

Those early days in the growth of the Internet saw Congress passing several laws that freed the Internet from potential liability – the DMCA “safe harbors” provisions, Section 230 of the Communications Decency Act, and the Internet Tax Freedom Act of 1998 – to name just a few. And the Internet responded to this light touch by growing exponentially both within the U.S. and around the world – with almost two billion users today!

Unfortunately, during the last decade, the Internet has lost its luster – at least as far as politicians and the courts are concerned – and is being subjected to ever-increasing regulation and liability. Many politicians blame all of society’s ills on the Internet. (See here and here for just two examples.) As a result, they are openly hostile to the idea of an open, global forum for the exchange of information and ideas, as well as for global commercial activity, and seem intent on killing the “goose that laid the golden egg.” Just a look at today’s online news sites will confirm that the Internet is under increasing attack worldwide.

Fortunately, the Internet is extremely resilient – both from a technical, as well as a social and economic, perspective. So far the Internet (and those who dwell within it) have been able to “work around” many of these new laws and regulations or adapt to them without significant damage to the “business as usual” nature of the system. But it’s difficult to tell from our vantage point whether real, permanent damage is being done to the Internet – as both a communications medium and a platform for e-commerce. A decade from now analysts may look back at the Internet as a failed experiment – killed off by politicians, judges and self-serving business interests, who thought the Internet had to be “tamed,” and in doing so destroyed its ultimate potential.

Only time will tell….

However, after pressure from my friends and family (all of whom are devoted iPad users), I purchased an iPad for myself last Christmas. While I don’t use it as much as my kids do, or as some of my students do, I have warmed up to the device and have become a regular purchaser from the iPad app store. I use it mainly to do email and read ebooks. That is why I was very distressed to read about an emerging battle between Apple and the e-reader companies (Sony, Amazon and Google) over the nature of the e-reader apps they will be allowed to distribute through the app store in the future. See, e.g., Yukari Iwatani Kane and Stu Woo, “Apple Rejects Sony E-Book App,” Wall. St. j. (Feb. 2 2011).

In general, e-reader apps have been just that. They can be used to read e-books, but if you want to purchase an e-book, you need to go to the applicable website and pay for the e-book there. While it is somewhat inconvenient to have to leave the e-book app to buy a new e-book, it hasn’t been a major issue. At least for e-book readers. Apparently it has been a major issue for Apple, since Apple does not get a cut of the revenues generated by those e-book sales. As Apple stated in a recent press release:

We are now requiring that if an app offers customers the ability to purchase books outside of the app, that the same option is also available to customers from within the app with in-app purchase.

It is reported that Apple has rejected an e-reader app from Sony, demanding that Sony provide the means to purchase their e-books through the iTunes store – and pay Apple 30% of the revenues generated from such sales. Considering that many e-book sales are made with little or no profit already (various stories assert that Amazon loses money on the e-books it sells for $9.99 or less), having to give Apple 30% of revenues would make most e-book sales unprofitable – which might require e-book sellers to jack up the price of their titles across the board to cover Apple’s cut.

And there is no reason that Apple won’t expand that policy to other e-commerce areas. As one commentator recently stated:

Now that Apple has changed the business arrangement for e-books, you can bet it’s thinking about the terms for video-streaming apps like Netflix and Hulu Plus and music apps like Pandora, or even more general e-commerce apps like Amazon’s Windowshop. If Apple wants a 30 percent cut of my Kindle book today, I assume it will want a 30 percent cut when I try to buy an actual Kindle tomorrow.

Farhad Manjoo, “Ditch the App Store,” Slate.com (Feb. 1, 2011).

It will be interesting to see what Sony, Amazon and others do in response to Apple’s changing policies. And whether the FTC or various state attorneys general may get involved as well.

But Negroponte saw those technological impediments as transitory speed bumps in the transformation of the computer to the center of our world. At the time it seemed unlikely, but over the last 15 years the Internet, smart phones, the iPad, myriad software apps, and high-speed phone lines have proven Negroponte right on so many of his predictions.

When I read the book for the first time in 1995 it made me think about how the law, business and society would need to change if his predictions came true. Much of my research over the last decade and a half has focused on the impact of what I call “transformative media” on the law. Ever five years I reread Negroponte’s book. It is always fresh and generates lots of new ideas. I just finished reading the book for the fourth time and am still amazed by how many of his predictions have come true just over the last five years (since I last read his book) – particularly with regard to the demise of newspapers, the emergence of e-books, broadband technologies driving Blockbuster into bankruptcy and DVD rentals replaced with Netflix downloads, while CDs (“atoms”) continue to lose ground to iTunes and other digital downloads (“bits”).

Although the book is now 15 years old, it is still a compelling read, and I would highly recommend it. (Ironically, the book is NOT available as an e-book. Portions of the book are available online, but to get the whole book, you still must buy the “atoms.”) What’s up with that?

The court is sympathetic to the Blockowiczs’ plight; they find themselves the subject of defamatory attacks on the internet yet seemingly have no recourse to have those statements removed from the public view. Nevertheless, Congress has narrowly defined the boundaries for courts to enjoin third parties, and the court does not find that Xcentric falls within those limited conscriptions based on the facts presented here.

– Blockowicz v. Williams, 675 F.Supp.2d 912, 915 (N.D. Ill. 2009).

One possible solution would be to amend Section 230 so that a website would continue to enjoy immunity from third party defamations posted on their site, conditioned on the website owner offering the victim a “right of reply.” If the website owner refused to do so, then it would lose its Section 230 immunity.

This is similar to the DMCA, that conditions immunity from copyright infringement claims on the website owner’s obligation to comply with the notice and takedown procedures of the Act. The website owner can choose not to comply, but will lose its immunity from copyright infringement claims.

While the U.S. Supreme Court has held that a mandatory right of reply statute violated the First Amendment (Miami Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974)), no case has ever found that a voluntary right of reply statute would not be found constitutional.

Obviously, a right of reply should not be open-ended, since it could be misused, as the DMCA notice and takedown provisions have been misused, to stifle certain positions or promote a particular point of view, instead of merely replying to a defamatory statement. But that is simply a matter of fine tuning the text of whatever legislation might be enacted.

Do I expect a right of reply amendment to be introduced in Congress in the near future? Probably not. But if the perceived shortcomings of the current Section 230 continued to be emphasized by the courts and commentators, at some point a congressperson will take note. The danger is that Congress may not merely stop at amending Section 230 immunity, but repeal it entirely. That would be devastating.

This year I thought I would add a second skills-based course in drafting license agreements. Fortunately, there are a number of good casebooks that have appeared over the last couple of years that focus on licensing law. I thought that using one of those texts, supplemented by some of the licensing materials from my multimedia law treatise, would provide a good foundation for the course. Like my previous course, I thought I could create a series of exercises that could teach students how to draft contract clauses for various licensing situations. However, unlike my prior course, where everyone seemed to be working in the same direction from Day 1, I have found the licensing law class to be a much greater challenge.

Why? Because many of the students have worked at law firms and in legal departments of various entertainment industry companies, either as summer clerks or as externs, and have been exposed to licensing agreement actually used in their particular industry – all of which are radically different from license agreements used in other industries. The result is that perhaps a third of the class thinks they know what a license agreement looks like, and are shocked, and often offended, when I tell them that the license clauses they are drafting are not acceptable.

The problem is that every sub-industry within the entertainment field has their own unique way of writing license agreements, and the clauses used have been honed for very specific types of transactions. While the technology industry generally has a style of contract drafting that does not differ significantly with the subject matter – patent license for semiconductors look a lot like patent license for biotech (with some obvious differences in terminology), license agreements in the music industry may look very different depending on whether you are working for a composer, music publisher, record company, recording artist, etc. And that’s just the music industry. The same Tower of Babel exists in the movie industry, television industry, sports industry, etc.

What I have found is that I must ask the students to look beyond the very specific clauses unique to a particular player in a particular entertainment field, and try to see those aspects of licensing that are common to all (or at least most) of the IP fields. That’s turned out to be easier said than done. I need to constantly talk about the important underpinnings of licensing law in general, and how those general principles are then “customized” for each industry. I have to tell the students to see beyond the industry they have some (generally fairly superficial) familiarity with, and understand what sets licenses apart from other forms of agreements.

We are just entering Week 4 of the class, and I think I have around 80% of the students on board to that broader way of thinking about licensing. Unfortunately, that still leaves about 20% of the students thinking that the way they learned to write licenses in their first and only “job” in the field is the only way to write such contracts. The positive results of this ongoing debate is that it gives me a lot of examples to use in class to highlight the fact that licenses are very malleable things that can be modified to meet the needs of a particular industry or sub-industry, but that underlying those differences are certain principles that are (almost) universal in application.

Fortunately, in a couple of weeks the materials we have been covering that focus on the general principles of licensing, will give way to more industry-specific contracts. That will give the students an opportunity to draft clauses that are more particular to specific areas of entertainment law – music, motion pictures, professional sports, etc. I am hoping that this will solve some of the problems I have faced thus far. I’ll let you know.