Tag Archives: 1999



July 1 / All Articles, Computing

Clear Signatures, Obscure Signs

There are two kinds of digital signatures: signatures good enough for a six dollar trade among friends, and signatures good enough for a six figure trade between strangers. [1] This Article considers both, from the digital equivalent of an initialed placemat to secure verification techniques more like notarizations. Nationally and internationally, diverse groups and bodies have been propelling the development of digital signature and certificate authority regulation and legislation. This Article examines the need for such legislation, questioning the assumption that current law presents, at best, uncertainties or, at worst, outright barriers to the use of electronic records and signatures. This analysis attempts to determine the extent of such uncertainty or conflict, by examining case law, as well as the most crucial technological and policy issues that face the drafters of digital signature legislation. Finally, the major statutes, drafts, and model laws are evaluated with regard to their efficacy in addressing the concerns so identified. [2]

The fundamental question legislation drafters face is the same question courts face: under what circumstances are electronic records and signatures as trustworthy as traditional writings and signatures? Beyond this question, however, many groups have also considered whether there is a need to legislate proactively in order to encourage the use of the more secure varieties of electronic signatures and to stimulate electronic commerce. To analyze fully the existing common-law environment for the treatment of digital records and signatures, one would ideally examine cases involving both low security records (e.g., a faxed signature, a name in text at the end of an e-mail) and records protected by elaborate security measures (particularly those that have been cryptographically signed). Unfortunately, while the law has long dealt with the application of new technologies by which non pen-and-ink signatures are used, as of yet there are no cases ruling on the per se validity of writings or signatures where a message was cryptographically signed. [3]

Thirteen states have digital signature statutes that apply generally to public and private settings; at least six have already passed “comprehensive” legislation also including the regulation of certificate authorities. [4] Pioneered by the Utah Digital Signature Act, [5] the “comprehensive” laws set precise rules governing the validity of signatures, the issuance and revocation of certificates, and the regulation of certificate authorities. In addition, a growing number of states have enacted limited statutes specifying only a vague outline for digital signature validity and delegating broad rulemaking authority to executive agencies. [6] Various guidelines and model laws have also contributed greatly to the evolution of state laws in this area, including efforts by the American Bar Association, the National Conference of Commissioners on Uniform State Laws (“NCCUSL”), which is preparing a Uniform Electronic Transactions Act, and the United Nations Commission on International Trade Law (“UNCITRAL”).

Several subordinate concerns must also be considered in the preparation of digital signature laws and drafts. As should be evident from the discussion herein, different types of electronic “signing” yield different levels of reliability. Drafters must acknowledge that it may be necessary to abandon bright line, “yes or no” rules in order to treat different kinds of signatures appropriately in all cases. This may mean leaving digital signatures equivalent to normal, signed documents in some cases and attaching evidentiary presumptions to others, even within the same statutory scheme. Some of these protections may be appropriate for generically defined signatures, and other measures may be appropriate only when specific, proven technologies, such as public key encryption, are used. In addition, digital signature laws must avoid interfering with the validity of electronic authentication procedures agreed to by contract, and with the validity of already-valid traditional signatures.

Drafters concerned solely with removing impediments in pre-existing laws may view the question of enhanced protection for secure signatures very differently from those who think the legal environment should proactively encourage the use of secure authentication methods. Either viewpoint may be appropriate, but drafters must be aware of their objectives. Moreover, digital signature statutes would be most effective if they were uniform and compatible with the laws of other states and nations. Yet, this goal must be balanced against preserving decentralization of regulation in order to allow experimentation and evolution in this nascent industry, and to avoid the negative privacy implications of an overly centralized infrastructure.

In short, the legal landscape is treacherous. It is therefore critical that any legislation be made with deliberate caution, adherent to two basic, guiding principles. First, given the uncertain environment, legislation must be narrowly tailored to address specific legal needs and obstacles. Second, the level of legal protection and recognition granted signatures must be no greater than is commensurate with the security and reliability provided by the weakest form of signature to qualify for such protection.

 

Adam White Scoville

June 4 / All Articles, Copyright

On-Line Copyright Infringement Liability For Internet Service Providers: Context, Cases & Recently Enacted Legislation

“If you can’t protect what you own–you don’t own anything.” [2] Motion Picture Association of America

“To promote the progress of knowledge on the Internet, those who are building the Net itself need fair and predictable ground rules” [3] U.S. Telephone Association

INTRODUCTION:

The above quotes, the first from a member of the content community and the second from an association representing telephone companies and Internet Service Provider (ISP), highlight the tension that exists between copyright holders and Internet Service Providers concerning the issue of on-line copyright infringement liability. As the Internet has grown, the problem of on-line copyright infringement has developed into an economically significant issue. [4] According to the Motion Picture Association of America, U.S. companies are losing millions per year to on-line copyright pirates, and with the current growth of the Internet, the content community fears that the amount lost to pirates will only increase. [5] The ISP industry, however, while acknowledging its unique position in terms of the Internet, does not want to become a “deep-pocket”, third-party defendant in every on-line copyright infringement lawsuit. The Internet Service Providers have argued that the law’s lack of predictability in this area and its standards for ISP copyright liability over the past few years have caused real concerns for this new and growing industry. [6] ISPs have argued that due to the nature of the Internet and the unique role of the ISP industry, a narrow limitation on copyright infringement liability should be established for Internet Service Providers so that those who are building the Internet will have a clearer sense of how and when they might be held liable for on-line copyright infringement. [7] In turn, they argue that a heightened level of certainty about this issue will help speed the growth of the Internet by encouraging more entrepreneurs to enter the ISP industry. [8]

How fast has the Internet grown? At the end of the Reagan-Bush era, just six years ago, the world of cyberspace consisted of fewer than 50 World Wide Web sites, most of them used by computer scientists and physicists. [9] Today the Internet is no longer just for researchers, and it is expected that within five years international commerce on the Internet could reach $3.2 trillion. [10] The fact is that in the past 72 months the number of Internet users has risen from hundreds to millions of users, and is estimated by some experts to reach perhaps a billion users by the year 2008. [11] In terms of copyright infringement, the commercialization and exponential growth of the Internet create an entirely new set of problems for copyright holders. [12]

In this context, it is understandable why writers, publishers, and researchers often look upon using the Internet as “riding the Tiger.” While the Internet has allowed researchers, educators, artists and publishers to expand their markets at an unprecedented rate, the same technology allows any anonymous and invisible copyright pirate to copy and disseminate instantaneously anything that is displayed on the Internet. Understanding how easy it is to duplicate copyrighted material from the Internet today, the content community has valid concerns about how much easier pirating could be five or ten years from now, and they argue that something must be done now to address this problem. [13]

Recognizing the inherent difficulty of enforcing copyrights against individual Internet users world-wide, some experts have argued that the answer to this problem is placing legal liability for copyright infringement on those who allow and enable Internet copyright pirates to exist, namely the ISPs. [14] It is argued that ISPs profit from the pirates’ use of the Internet, and in comparison to an independent publisher or author, an ISP is in a much better position to police how its subscribers use the Internet. [15] On the other side of the argument, ISPs claim that they are passive carriers similar to telecommunications companies and therefore should be granted some limitation from copyright infringement liability. [16] In addition, they argue that to make ISPs liable could stifle the growth of the Internet. [17]

Others argue that the answers to this problem will come from technological innovations, such as the use of “digital watermarking”, rather than through legal reforms. [18] In addition, the argument has been made that cooperation between ISPs and the content community is what is truly needed to solve this problem. [19] ISPs share the content community’s desire to see the Internet grow, and some believe that the threat of holding ISPs liable for copyright infringement may not be the best way to encourage ISPs to help minimize Internet copyright piracy. [20]

The issue of on-line copyright infringement has been around since the use of the Internet started to expand rapidly in the early 1990’s and has been the subject of extensive federal executive branch activities, court cases, and Congressional action. In the closing days of the 105th Congress, President Clinton signed into law a bill that addressed this issue; Title II of the Digital Millennium Copyright Act, the Online Copyright Infringement Liability Limitation Act of 1998. [21]

This paper will analyze the policy arguments, the court cases, and the legislative process that produced this law.

As for the structure of the paper, the first section will discuss the Clinton Administration’s activities concerning this issue. The second section will briefly address statutory copyright law in general and will put the specific issue of on-line copyright infringement liability in context by analyzing the five leading court cases in this area of law. The third section will address the policy arguments for and against the establishment of a limitation on copyright infringement liability for Internet Service Providers. Lastly, this paper will analyze the final version of the legislation that has been signed into law, and discuss why enacting this bill into law is a step in the right direction for the Internet.

 

Mark E. Harrington [1]

May 25 / All Articles, Trade Secret

Criminal Consequences Of Trade Secret Misappropriation: Does The Economic Espionage Act Insulate Trade Secrets From Theft And Render Civil Remedies Obsolete?

The enactment of the Economic Espionage Act of 1996 [1] (“EEA”) was greeted with great fanfare as an unprecedented and broad federal attack on foreign and domestic trade secret misappropriation. Negligent, even inadvertent conversions of trade secrets seemed subject to criminal prosecution in the broad wake of the statute. The statute’s draconian criminal penalties for individual and corporate offenders alike, coupled with its license to the Government to seek protective orders, civil injunctive relief, and forfeiture, were viewed as the preferred remedy for the victim of trade secret misappropriation. Yet the plain language of the threshold elements of EEA offenses, and the statute’s restrained interpretation and application by the United States Department of Justice, reveal a statute more limited in prosecutorial scope, with its application bound by significant legal obstacles.

The EEA does not criminalize every theft of trade secrets. Traditional notions of what a protected trade secret is and when a theft is actionable may not apply to an EEA prosecution. Ultimately, the EEA is not a panacea for the victim of a trade secret misappropriation. A civil cause of action that seeks injunctive relief and economic compensation remains the preferred and, perhaps, the most effective method for a victim to achieve an expedited and comprehensive remedy.

Indeed, the single published opinion by a federal appellate court involving an EEA prosecution sends clear warning signals to American private industry of the perils of referring suspected trade secret misappropriation to the Department of Justice for criminal prosecution. [2] The commencement of a federal criminal prosecution under the EEA may compel the disclosure of formerly confidential proprietary information to the defendant and defense counsel as part of discovery in the criminal case; the very same corporate secrets that the victim corporation sought to protect by making its referral to the Government.

United States v. Hsu, which was decided by a panel of the Third Circuit during the summer of 1998, raises troubling issues that corporations and their counsel should carefully consider when weighing the decision of whether to disclose an incident of trade secret theft to the Government or, alternatively, to pursue private remedies under available civil statutes or common law theories. [3] These private remedies, however, may not give comfort to a corporate victim that its proprietary information will be insulated from discovery in civil litigation.

Yet the EEA is not a sword of Damocles to the unknowing or unwitting corporate beneficiary of a rogue employee’s unlawful conversion of a trade secret. The multiple and substantial intent requirements of the statute would preclude the imposition of corporate vicarious liability for the ultra vires conduct of such an employee. [4] Nevertheless, corporate and other business organizations should take affirmative steps to avoid any exposure under the EEA to the risk of Government investigation through the implementation and enforcement of comprehensive and well-documented trade secret protection programs.

 

Mark D. Seltzer, Angela A. Burns *

April 8 / All Articles, Computing

A Safe Bet? State Control Of Internet Gambling

Gambling has been a part of American life longer than the Constitution. The first recorded instance of gambling in the English colonies occurred in 1620 with horse races in Virginia. [1] Shortly thereafter came the first instance of government in America addressing the issue of gambling when in 1621 the Plymouth Colony placed restrictions on gambling in that colony. [2] Ever since that time, gambling has been regulated at both the federal and state levels. [3]

With the advent of the Internet, gambling regulations that do not anticipate the use of online gambling are quickly becoming outdated. As individual citizens become increasingly able to bet virtually unrestricted amounts of money via the Internet, state governments that regulate gambling will find it increasingly difficult to maintain their regulatory structures and, at the same time, meaningfully limit such gambling.

This article will specifically address the tension between Internet gambling and state gambling policy (using Colorado law as the primary example of state policy) and will provide a workable solution that could be adapted by the federal government as well as any state that wishes to control Internet gambling. Part I of this comment discusses state gambling policies, mainly through the vehicle of Colorado’s Limited Gaming Act, and compares gambling in Colorado with gambling on the Internet in its current, largely unregulated, form. Part I also demonstrates the tension that is inherent between Internet gambling and regulated gambling under Colorado law. Part II examines multiple proposed solutions that have been put forth by various sources in an effort to ease these tensions. The sources of the solutions include the Internet gambling industry itself, as well as other state governments and the federal government. Finally, Part III of this comment will explore a plan of action that will accommodate the interests of the various parties involved. [4]

 

Scott L. Jones *