Date: Tue, 11 Jul 95 14:13:00 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#003 Computer Privacy Digest Tue, 11 Jul 95 Volume 7 : Issue: 003 Today's Topics: Moderator: Leonard P. Levine Re: Exon Coats Amendment TIME Cyberporn Issue Advanced Surveillance Conference Legal Bytes 3.01 Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: Dean Ridgway Date: 09 Jul 1995 13:23:37 -0700 Subject: Re: Exon Coats Amendment This stemms from a research paper of mine. I think it covers the Exon amendment pretty well. It's just a hair on the dry side, but well worth the read. A good part of my research stemmed from links on the Center for Democracy and Technologies home page. http://www.cdt.org/ When all this Exon business first started I jokingly suggested in a few newsgroups that congress simply make it against the law for minors to use computer networks. I was royally flamed for even thinking of such a vile despicable suggestion (which BTW makes a lot more sense to me than Exon's trash). :-( I simply can't believe that people would have so little regard for the Constitution as to support something like Exon's Information SuperPlayground (term lifted from local paper's political cartoon). /\-/\ Dean Ridgway | Two roads diverged in a wood, and I- ( - - ) InterNet ridgwad@peak.org | I took the one less traveled by, =\_v_/= FidoNet 1:357/1.103 | And that has made all the difference. CIS 73225,512 | "The Road Not Taken" - Robert Frost. http://www.peak.org/~ridgwad/ PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126 ------------------------------ From: Robert Jacobson Date: 09 Jul 95 14:44:42 -0700 Subject: TIME Cyberporn Issue For those who are following the scandal emerging regarding TIME magazine's coverage of the "cyberporn" issue, there are ongoing discussions on HotWired on the Web and even more extensively in the WELL's media conference. (The WELL is a private online conferencing service available via Telnet: well.com .) It appears that TIME took at face value a questionable study by one of Carnegie-Mellon University's undergrads which reportedly evaluated over 900,000 images found online (mostly on BBSs) and found the overwhelmingly to be pornographic. The study has been cut to shreds by online authori- ties and the author's own background has been questioned (he seems to have a long association with the topic), but the TIME story has now become the centerpiece of the Senate's censorship campaign. It's a fascinating tale of spins and exploitation (of the press, not people). Do check it out if you can! -- Bob ------------------------------ From: "Dave Banisar" Date: 10 Jul 1995 21:58:42 U Subject: Advanced Surveillance Conference Advanced Surveillance Technologies Sponsored by Privacy International Electronic Privacy Information Center 4 September 1995 Grand Hotel Copenhagen, Denmark This one day public conference will bring together experts on information technology, privacy and data protection to discuss the threats to privacy created by leading-edge technologies. It will focus on little known advanced technologies that have not yet been addressed by law or public policy. The conference will be interactive, and will extensively involve the audience. Audience size will be limited to between sixty and eighty participants. 9am - Introductions and Welcome 9:15 -9:45 Keynote Speech Simon Davies "Fusing Flesh and Machine" Simon Davies, Director General of Privacy International and Law Fellow at the University of Essex, UK will present a lively introduction to the surveillance technologies being discussed throughout the day. He will describe the trends in technology, culture, convergence and politics that are bringing about an era of universal surveillance. 9:45 - 11:00 Perfect Identity Governments throughout the world have devoted considerable resources to developing a means of creating perfect identification of their population. New technologies offer opportunities to achieve this goal. This panel will discuss advances in biometrics, identity cards and implant technology 11:00 - 11:15 Break 11:15 - 12:30 Perfect Surveillance In many countries the era of the private person is at an end. Information surveillance, automatic visual recognition and geographic tracking are at an advanced stage, and are set to imperil privacy. This panel will discuss developments in surveillance, including advanced Closed Circuit TV, satellite remote sensing, Intelligent Vehicle Highway Systems, and forward looking infrared radar. Lunch Break 12:30 - 1:45 1:45- 3:00 Perfect Knowledge. Despite the introduction of privacy and data protection laws, the collection and dissemination of personal information is proliferating at a breathtaking rate. The development of new collection systems allows intimate knowledge of large populations. The panel will discuss new technologies such as DNA screening, computer matching, information warfare, and the implications of future developments such as nanotechnology. 3:00 - 3:15 Break 3:15 - 4:30 Solutions This panel will discuss a range of possible responses to the new era of surveillance. These include regulation, consumer action, and the development of privacy friendly technologies. 4:30- 5:00 Conclusion and Wrap-up Registration Fees [] Standard - 950 Crowns ($175 US) [] Non-profit organizations/Educational - 400 ($75 US) Information Name: ____________________________________________________________ Organization: ____________________________________________________________ Address: ____________________________________________________________ ____________________________________________________________ Phone/Fax: ____________________________________________________________ Electronic Mail: ____________________________________________________________ Space is limited. Please contact us immediately if you wish to attend ------------------------------------------------------------------- About Privacy International Privacy International (PI) is a human rights organization concerned with privacy, surveillance and data protection issues worldwide. It has members in over forty countries and is based in London, England with offices in Washington, DC and Sydney, Australia. PI has engaged in numerous campaigns on privacy issues, publishes the International Privacy Bulletin, and sponsors two yearly conferences. Yearly memberships or subscriptions to the International Privacy Bulletin are $75 US for individuals, $125/ Government Agencies/ Libraries, $200 for organizations. For more information, contact: Privacy International Washington Office 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 USA 1-202-544-9240 (phone) 1-202-547-5482 (fax) pi@privacy.org (email) www.privacy.org/pi/ _________________________________________________________________________ Subject: Advanced Surveillance Conf. _________________________________________________________________________ David Banisar (Banisar@epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org ------------------------------ From: "Prof. L. P. Levine" Date: 09 Jul 1995 12:17:18 -0500 (CDT) Subject: Legal Bytes 3.01 Organization: University of Wisconsin-Milwaukee Taken from Computer underground Digest Sun Jul 2, 1995 Volume 7:Issue 55 ISSN 1004-042X From: David Smith Date: 13 Jun 1995 00:31:00 -0500 (CDT) Subject: File 4--Legal Bytes 3.01 (part 1) ---------- Forwarded message ---------- Date--Fri, 2 Jun 1995 11:40:42 -0500 From--owner-legal-bytes@io.com By George, Donaldson & Ford, L.L.P. Attorneys at Law 114 West Seventh Street, Suite 1000 Austin, Texas 78701 (512) 495-1400 (512) 499-0094 (FAX) gdf@well.sf.ca.us ___________________________________ Copyright (c) 1995 George, Donaldson & Ford, L.L.P. (Permission is granted freely to redistribute this newsletter in its entirety electronically.) ___________________________________ David H. Donaldson, Jr., Publisher <6017080@mcimail.com> Peter D. Kennedy, Senior Editor Jim Hemphill, Contributing Editor Jeff Kirtner, Law Clerk ___________________________________ IN THIS ISSUE: 1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES? 2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING 3. LOTUS LOSES FIGHT TO PROTECT ITS USER INTERFACE 4. COPYRIGHT LAW UPDATE: COPYING BY COMMERCIAL RESEARCHERS IS NOT NECESSARILY A FAIR USE ____________________________________________________ 1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES? Can software companies unilaterally decide what terms govern the sale of their software? What's the point of those long, complicated, one-sided licenses that come with most commercial software packages? Are they enforceable? The Purpose of Shrink-wrap Licenses. Everyone has seen these licenses -- they come with commercial software and state that opening the package or using the software means the buyer is agreeing to abide by their terms. While these documents may be slightly aggravating, software companies use them for two important reasons -- to protect their copyrights and to limit their exposure to lawsuits. Software is terribly easy to copy and distribute; software developers understandably want to protect themselves from losing revenue from unauthorized copying. Shrink wrap licenses include terms restricting the copying of the software in order to help insure that the sale of a single copy of the software does not give rise to any implied license to make, distribute or use additional copies. The licenses might also try add further restrictions, such as prohibiting resale or leasing of the software. Shrink-wrap licenses have a second goal: to limit the software company's legal liability. This need arises not from copyright law, but from the general laws governing contracts and the sale of goods -- which in all states (except Louisiana) is the Uniform Commercial Code, or UCC. Article 2 of the UCC sets "default" rules that automatically become part of just about every sale of goods, unless the buyer and seller agree to change the defaults to something else. Despite some theoretical questions, most legal authorities agree commercial software is a "good" under the UCC. The problem for a software vendor is that the UCC reads into every sale implied terms that favor the buyer. Rather than adopt the doctrine of "caveat emptor," the UCC assumes that the seller has made certain promises or warranties about the quality of the product. If the product does not live up to these implied warranties, the buyer can sue. Most importantly, the UCC assumes that the seller always promises that the product is "merchantable," that is, fit for the customary use that such products are put to. Further, the UCC also assumes that the seller has promised that the product was fit for the buyer's particular intended use, if the seller had reason to know of that use. The seller and buyer can agree to change these terms, such as when a used car is sold "as is." The buyer and seller can also agree to limit the scope of the seller's liability if the product does not live up to the promises that were made. However, when the seller tries to make these limitations himself, through terms on an invoice or other document, the limitations must be "conspicuous," they must mention "merchantability," and they cannot be "unreason- able." Moreover, the buyer has to agree to the limits. Are Shrink-wrap Contracts Enforceable? There is serious question about how effective a typical shrink-wrap license is. Various criticisms are made. First, and most obviously, is whether a purchaser has really "agreed" to the terms of the shrink wrap license. Typically, the buyer does not know what the license says when she buys the software; the purchase is made before the terms are revealed. How can the buyer "agree" to the terms without knowing what they are? After a sale is made, one party cannot add new terms. The federal court of appeals sitting in Philadelphia discussed these issues in STEP-SAVER DATA SYSTEMS, INC. v. WYSE TECHNOLOGY, 939 F.2d 91 (3rd Cir. 1991), and decided that a particular shrink-wrap license was not enforceable. See also David Hayes, Shrinkwrap License Agreements: New Light on a Vexing Problem, 15 Hastings Comm. Ent. L.J. 653 (1993). A second, related objection is one raised to all take-it-or- leave it contracts, which are derisively named "contracts of adhesion." These tend to get rough treatment by courts, and shrink-wrap licenses are a special strain. Other concerns relate to the technical question of contract formation -- the sale is usually made between a retailer and the consumer, but the shrink-wrap license is between the consumer and the software company. Is that a contract at all? What did the software company give the consumer that the consumer did not already have when she bought the product? There are also some concerns about whether particular restrictive terms in these licenses (or more accurately, state laws that state that the terms are enforceable) violate the federal Copyright Act. See VAULT CORP. v. QUAID SOFTWARE, LTD. 847 F.2d 255 (5th Cir. 1988). Can These Problems be Fixed by On-line Transactions? Do these same objections to shrink-wrap licenses apply to on- line transactions? Maybe not. The unique nature of interactive on-line transactions offers vendors the ability to get and record the buyer's agreement to license terms before a purchase is made. Much of the software that is distributed on-line, shareware particularly, comes with a license.doc zipped up with the program files. These licenses will have the same troubles a shrink-wrap licenses, because they are an after-the-fact "surprise". However, most bulletin board systems, and now the World Wide Web, can easily be configured to require short interactive sessions before a transaction is consummated. The vendor can display the license terms, require the buyer's assent before the software is made available, and importantly, the buyer's assent can be recorded -- written to a log file. While an on-line seller cannot force the buyer to read the terms, it surely can record the fact that the terms were displayed, and that the buyer gave affirmative responses -- "Did you read the terms of the license?" "I did." "Do you agree to the terms?" "I do." This type of interaction before the sale makes the transaction appear far less one-sided. While take-it-or-leave-it terms might still be criticized as "adhesion contracts," the unique give-and- take that's possible on-line removes much of the inequitable sting that "surprise" shrink-wrap license terms leave on many observers. ___________________________________________________________________ 2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING Advertising on the Internet is booming -- not with crass "spamming" on Usenet newsgroups, but with flashy, multi-media home pages on the World Wide Web that show off pictures, sound and even video. Most commercial World Wide Web sites combine a mix of advertising, information, and entertainment -- honoring the Internet tradition that tasteful, non-intrusive self-promotion is acceptable if it comes along with something neat or valuable. Are there legal risks involved in on-line advertising? There are, just like any other endeavor. Any business that extends its advertising to cyberspace must take the same care as it does with print or broadcast advertising. Electronic advertising also introduces new questions of jurisdiction -- whose laws apply? On- line service providers that accept advertising must consider their own potential liability, too. What is their duty concerning the content of other companies' ads? Advertisements are "publications." Companies that put their ads on the Internet are "publishers" and face the same potential risks of defamation, invasion of privacy, etc., from these ads as from print ads. Moreover, electronic service providers that accept paid advertisement may be "publishers" of those ads as well, and responsible to some degree for their content. Absent particular exceptions, advertisements carried by a publisher are viewed as that publisher's own speech. For example, the landmark 1964 Supreme Court libel case, New York Times v. Sullivan, concerned the liability of the New York Times for a paid advertisement written by others. The Supreme Court's ruling, although favorable to the Times, made no distinction between advertisements and other content of the newspaper. Compuserve, in the now-famous Cubby v. Compuserve case, successfully defended itself from a libel suit by proving its ignorance -- that it knew nothing of the content of a newsletter carried on its service, but provided by an outside contractor. This defense -- based on the traditional protection granted bookstores from libel suits -- is unlikely to be available when it comes to paid advertisements. Publishers, whether on-line or in print, generally review the content of advertisements before they are accepted and published, if only to determine pricing. They usually retain the right to refuse an advertisement based on its content. (Recall the recent attempts by revisionist "historians" to place ads in college papers denying that the Holocaust took place). Because of this potential exposure to liability, electronic publishers should be guided by two general principles: (1) review all proposed advertisements for potential legal problems, and (2) obtain an agreement that the advertiser will indemnify the publisher for any legal liability that arises from the ad. This article reviews several areas of potential concern for electronic advertisers. Ads for illegal transactions. You can't legally advertise marijuana for sale. (Or, more accurately, the First Amendment does not protect ads for illegal transactions.) A publisher can't knowingly carry such ads, even if the publisher would not be a party to the illegal transaction. A publisher's liability for carrying ads for illegal transactions has been hashed out in an interesting series of lawsuits involving the magazine Soldier of Fortune, which unintentionally carried several classified advertisements submitted by real live hit men offering the services of a "gun for hire." The hit men were hired through the magazine ads, and the families of those people "hit" sued the magazine. Two federal appeals courts came to entirely opposite conclusions about very similar Soldier of Fortune ads. The Eleventh Circuit upheld a multi-million dollar damage award against the magazine; the Fifth Circuit reversed a finding of liability. The legal principles these courts announced were relatively consistent, though: if an advertisement poses a "clearly identifiable unreasonable risk that it was an offer to commit crimes for money" the publisher can be held liable if it was negligent in running the ad. BRAUN v. SOLDIER OF FORTUNE MAGAINZE, INC., 968 F.2d 1110, 1121 (11th Cir. 1992), cert. denied, 113 S. Ct. 1028 (1993). A publisher must make sure that the ad, on its face, does not present a "clearly identifiable unreasonable risk" that the advertisement is soliciting an illegal transaction. On the other hand, the courts are less likely to impose liability for ambiguous advertisements that could have an innocent meaning. See EIMANN v. SOLDIER OF FORTUNE MAGAZINE, INC., 880 F.2d 830 (5th Cir. 1989), cert. denied, 493 U.S. 1024 (1990). This recognizes courts' reluctance to impose a duty on publishers to investigate advertisements beyond what the advertisements say. There is no reason to believe that this standard is different for advertisements of so-called "victimless" crimes like prostitution, although the likelihood of a civil lawsuit might be less. Ads for regulated businesses. Many businesses are regulated, and so is the content of their advertisements. The First Amendment permits some government regulation of commercial speech; for example, lawyer advertising is regulated by state bar associations or courts (although lawyers are constantly fighting over how far the regulations can go). Businesses placing ads should know what rules regulate their advertising. Companies accepting ads have two choices: (1) know the regulations for all companies for which it accepts ads; or (2) require the advertiser to guarantee that its ads comply with applicable regulations, and indemnify the publisher for losses if they don't. An example of the difficult legal questions raised by local regulation in the new borderless world of cyberspace are lottery and gambling ads. Some states (and territories) regulate or ban advertising lotteries and gambling. Puerto Rico, for instance, allows casino gambling. It also allows advertisement of gambling aimed at tourists, but prohibits such ads aimed at Puerto Ricans. The U.S. Supreme Court says that this odd regulatory scheme is constitutional. POSADAS DE PUERTO RICO ASSOCIATES v. TOURISM CO. OF PUERTO RICO, 478 U.S. 328 (1986). More recently, the Supreme Court also upheld the constitutionality of a federal law that forbids radio or television stations from broadcasting lottery ads into states that don't have a lottery -- even if the broadcasts are primarily heard in a state that has a lottery. UNITED STATES v. EDGE BROADCASTING CO., 113 S. Ct. 2696 (1993). This federal law only regulates airwave broadcasts of lottery ads. However, some states have similar statutes banning lottery advertising in any medium. For example, North Carolina prohibits advertising a lottery "by writing or printing or by circular or letter or in any other way." N.C. Stat. 14-289. Could North Carolina enforce this law against electronic publishers who carry lottery ads? Answering that question raises a host of difficult, unanswered jurisdictional questions and is beyond the scope of this short article. As a practical matter, it seems unlikely that North Carolina officials would try to prosecute the State of Texas, for example, if Texas set up a Web site to advertise its lottery that of course could be accessed from North Carolina. On the other hand, a local North Carolina service provider that accepted and posted ads for the Texas lottery (or even the results of the Texas lottery) might have something to worry about: the language of the law prohibits it; the service provider is in easy reach of local prosecutors; and the U.S. Supreme Court has already looked kindly on a similar law. Misleading and deceptive ads. The First Amendment does not protect false advertisement; state statutes (and some federal laws) routinely prohibit false, misleading and deceptive ads. For example, the broad Texas Deceptive Trade Practices-Consumer Protection Act ("DTPA") prohibits all sorts of deceptive advertising, and gives deceived consumers very powerful remedies in court. Such statutes are primarily aimed at those who place advertisements, rather than the publishers. Where do electronic publishers fit in? As usual, it's not clear. Newspapers cannot be sued under the Texas DTPA because that law does not apply to "the owner or employees of a regularly published newspaper, magazine, or telephone directory, or broadcast station, or billboard." Tex. Bus. & Comm. Code 17.49(a). Is an internet service provider a "magazine" or "broadcast station?" Maybe. Is a BBS or a World Wide Web page a "billboard"? Maybe. The question has not come up yet. While it would be more logical and consistent with the purpose of the statute to exempt electronic publishers that perform the same function as a newspaper, courts are supposed to apply the DTPA "liberally" to provide consumers with as broad a remedy as possible from deceptive ads -- leaving the answer in doubt. Some things are clear. An entity distributing information regarding its own goods or services cannot claim the "media exemption" -- a newspaper or BBS that publishes false information about its goods or services can be sued by consumers under the DTPA. Also, an entity that has a financial stake in the sale of the goods advertised is also subject to DTPA liability. This means that internet service providers that accept a percentage of sales generated by on-line advertising will be subject to the restrictions of the DTPA, and should insure that the ads they place are not deceptive, and that the seller has agreed (and can) indemnify them for liability. Finally, no publisher -- whether earthbound or in cyberspace -- is exempt from DTPA liability if the outlet and/or its employees know an ad is false, misleading or deceptive. Remember: It's YOUR service. Unless an electronic publication accepts all advertisements, regardless of content, and does not review the content of that advertising in any way or reserve any right to reject advertisements (and can prove this in court), the presumption will be that the service "published" the ad and is responsible for its content. No one has a First Amendment right to place their advertisement with any given Internet service provider or on any commercial information service. Despite lots of on-line rhetoric, the First Amendment only restricts what the government can do, not what businesses (even big ones) can do. Remember that a publisher always has the right to reject an ad for any reason at all and can require changes before an ad is placed. For ads that are obviously illegal, slanderous or misleading, the safest bet is to refuse the ad. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #003 ****************************** .