Ethics Week 7, October 20 Brief note on Stallman, in Baase pp 235 ff p 228, fourth item in the bulleted list, on the "negative right", or liberty, to be generous. Stallman believes this rises to the level of an *obligation*, or duty, though not to the level of a "positive right" to receive assistance. p 237: "Some people in the free-software movement do not believe ..." One last bit of privacy: how it can be invaded even if you're anonymous! Free speech =================================================================== Quick announcement about Terry Childs The Conflict He was suspended for insubordination on July 9, apparently for refusing to turn over router passwords. There are GOOD reasons for limiting access to such passwords on a need-to-know basis, BUT refusing to turn them over is going pretty far. He committed a burglary at age 17 and spent 4 years in prison. He was arrested by SF police on Saturday, July 12. There has not been any public explanation. He is still in prison. He refused to give the police valid passwords at his arrest (such refusal is COMPLETELY appropriate). He did give the passwords to the mayor of SF, on July 21. The city's main claim is that Childs was arrested because he placed the city systems in jeapordy. Two points: 1. Refusal to share passwords is hard to see as a criminal act. After all, Childs could always quit. 2. The city knowingly created and encouraged the environment in which Childs was the only one with the passwords. 3. No operating systems were at risk. The biggest concern to computing professionals is that San Francisco has a laundry list of allegations against Childs that in fact are standard practices: 1. Childs knew several other people's passwords. 2. He had network sniffers in place 3. He had "back-door" access to the routers 4. Routers were configured to resist password recovery 5. Configurations were not written to flash memory 6. Childs' pager was sent a page by one of the routers. Childs seems to have been "security-conscious to the point of paranoia". But most good computer-security people are! =================================================================== Odlyzko and price discrimination: real goal behind all this commercial info? Odlyzko: price discrimination basic supply/demand. You set price P, user X has threshold Px P <= Px: user X buys it P > Px: user X does not buy it But what you really want is to charge user X the price Px. Example: Alice & Bob each want a report. Alice will pay 1100, bob will pay 600. You will only do it for $1500. If you charge Alice 1000 and Bob 500, both think they are getting a deal. But is this FAIR to alice? In one sense, absolutely yes. But what would Alice say when she finds out bob paid half, for the same thing? Possible ways to improve the perception of value: give it to Alice earlier give her bonus tracks, too delete some features from Bob's copy, or disable them What do computers have to do with this? Airline pricing: horrendously complicated, to try to maximize revenue for each seat. Online stores certainly *could* present different pricing models to different consumers. Does this happen? I have never seen any evidence of it. Dell: different prices to business, education This *is* the same thing, though the education discount is not nearly as steep now. academic subscriptions and price discrimination Libraries pay as much as 10 times for some journal subscriptions as individuals! two roundtrip tickets including weekends can be less than one (this example is ~ 2005; all flights are round-trips) Minneapolis -> Newark Wed-Fri: 772.50 Minneapolis -> Newark Wed-nextweek: 226.50 Newark-> Minneapolis Fri-nextweek: 246.50 Airlines have actually claimed that if you don't fly your return leg, they can charge you extra! The issue isn't online shopping so much as store shopping "versioning": selling slightly different versions to different market segments, some at premium prices. ======================================================== What about grocery stores? CASPIAN: nocards.org They're against grocery discount cards. A big part of Caspian's argument appears to be that the cards don't really save you money. customer-specific pricing: nocards.org/overview Latest strategy: scan your card at a kiosk to get special discounts. nocards.org/news/index.shtml#seg3 Jewel "avenu" program One clear goal within the industry is to offer the deepest discounts to those who are less likely to try the product anyway. In many cases, this means offering discounts to shoppers who are known to be PRICE SENSITIVE. Clearly, the cards let stores know who is brand-sensitive and who is price-sensitive. Loyal Skippy peanutbutter customers would be unlikely to get Skippy discounts, unless as part of a rewards strategy. They *might* qualify for Jif discounts. Classic price discrimination means charging MORE to your regular customers, to whom your product is WORTH more, and giving the coupons to those who are more price-sensitive. "shopper surveillance cards": 1. Allow price discrimination: giving coupons etc to the price-sensitive only. There may be other ways to use this; cf Avenu at Jewel "The idea used to be that you, the consumer, could shop around, compare goods and prices, and make a smart choice. But now the reverse is also true: The vendor looks at its consumer base, gathers information, and decides whether you are worth pleasing, or whether it can profit from your loyalty and habits." -- Joseph Turow, Univ of Pennsylvania 2. segmentation (nocards.com/overview) What about arranging the store to cater to the products purchased by the top 30% of customers (in terms of profitability)? Caspian case: candy aisle was reduced, although it's a good seller, because top 30% preferred baby products. Using a card anonymously doesn't help here, as long as you keep using the same card! Using checkout data alone isn't enough, if "the groceries" are bought once a week but high-margin items are bought on smaller trips. ======================================================================== ======================================================================== Free Speech offensive speech: * whatever offends the government; examples p 149 (China, France, Georgia) JURISDICTION PROBLEM * sexual material: basis for several US laws * libel * threats, "hate speech" * information on bombs, guns, suicide, methamphetamines, routers, and dieting (ok, not "conventional" dieting, but anorexia & bulemia) * seditious speech * stock touting * regulated speech elections, wine selling, investment discussion * spam * source code * DRM circumvention (DMCA) =================================== sexual material ("pornography" is a perjorative term) Miller v California, Supreme Court 1973: 3-part guideline: * must be against the law * must be against COMMUNITY STANDARDS * has no redeeming artistic,etc merit For the internet, COMMUNITY STANDARDS is the problem: what community? As the Internet became more popular with "ordinary" users, there was mounting concern that it was not "child-friendly". This led in 1996 to the Communications Decency Act (CDA) (Baase p 151) The CDA was extremely broad. From the CDA: uses any interactive computer service to display in a manner available to a person under 18 years of age, any comment, request, suggestion, proposal, image, or other communication that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards... WHICH COMMUNITY? On the internet, you cannot tell how old someone is === Butler v Michigan, 1957: SCOTUS struck down a law making it illegal to sell material (pornography) in Michigan that might be harmful to minors. CDA was widely viewed as an attempt by Congress to curry favor with a "concerned public", but knowing full well it was unlikely to withstand court scrutiny. It did not. Supreme court ruled *unanimously* in 1997 that the censorship provisions were not ok. too vague did not use "least-restrictive means" Child Online Protection Act (COPA), 1998: still stuck with "community standards" rule Set up commission, that later wanted some of google's query data. CIPA: Child Internet Protection Act, 2000 (Baase, p 158) Schools that want federal funding have to install filters. Filters are sort of a joke, though they've gotten better. However, they CANNOT do what they claim. They pretty much have to block translation sites and all "personal" sites, as those can be used for redirection. SCOTUS upheld CIPA in 2003. The Chicago Public Library gave up on filters, but did install screen covers that make it very hard for someone to see what's on your screen. This both protects patron privacy AND protects library staff from what might otherwise be a "hostile work environment" Baase has more on the library situation, p 157 ====================================================================== ====================================================================== Batzel v Cremers: One piece of the CDA survived: section 230: No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. [Wikipedia] Why is this there? Note that there is no limit of Section 230 to any particular area of law, eg libel. ===================== History of this as applies to protecting minors from offensive material Cubby v CompuServe: 1991, District court only, New York State (Does anyone remember compuserve?) Giant pre-Internet BBS available to paid subscribers. The "rumorville" section, part of the Journalism Forum, was run by an independent company, Don Fitzpatrick Associates. Their contract guaranteed DFA had "total responsibility for the contents". Rumorville was in essence an online newspaper; essentially it was an expanded gossip column about the journalism industry. I have no idea who paid whom for the right to be present on CompuServe. 1990: Cubby Inc and Robert Blanchard plan to start a competing online product, Skuttlebut. This is disparaged in Rumorville. Cubby et al sue DFA & Compuserve for libel. Compuserve is only distributor; they escape liability. In fact, they escape with Summary Judgement! Court rules that they had no control at all over content. They are like a bookstore, or a *distributor*. While CompuServe may decline to carry a given publication altogether, in reality, once it does decide to carry a publication, it will have little or no editorial control over that publication's contents. This is especially so when CompuServe carries the publication as part of a forum that is managed by a company unrelated to CompuServe. CompuServe has no more editorial control over such a publication than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would be for any other distributor to do so. It was and is generally accepted that distributors have no liability for content (unless it can be proven that they encouraged the content). (we'll come back to "distributor liability" later.) ============ Stratton Oakmont v Prodigy: New York *state* court 1995 On a financial matters forum called "Money Talk," a Prodigy user posted about Daniel Porush, the president of Stratton Oakmont, a financial services company. The remarks called Porush a "soon to be provencriminal" and that Stratton Oakmont was a "cult of brokers who either lie for a living or get fired" Prodigy claims Compuserve defense in motion for summary judgement. Prodigy lost, *because* they promised to monitor for bad behavior on the board. At the very least, they CLAIM to the public that they reserve the right to edit or remove messages. This was in fact part of Prodigy's family-oriented marketing. Prodigy was trying to do "family values" editing (including the deletion of profanity), and it cost them. In legal terms, Prodigy was held to "publisher liability" rather than "distributor liability" because they CLAIMED to exercise editorial judgement. Prodigy did have some internal confusion about whether they were for the "free expression of ideas" or were "family safe" Prodigy's policy was to ban individual attacks, but not group attacks; anti-semitic rants did appear and were not taken down. [After Prodigy lost motion for summary judgement, the case was settled.] [In _Wall Street versus America_ by Gary Weiss, the allegation is made that the settlement did not involve the exchange of money.] ======= Enter the CDA. Section 230 was intended to *encourage* family-values editing. Whether this was specifically to encourage providers to remove profanity & obscenity, the targets of the CDA, or whether it was just a compensatory free-speech-positive clause in an overall free-speech- very-negative law is not clear. Most of Congress did not expect the CDA to withstand judicial scrutiny. Congressional documents suggest fixing Stratton Oakmont precedent was the primary purpose of section 230. However, arguably the *reason* for fixing Stratton Oakmont was to protect ISPs and websites that *did* try to provide a "family-friendly" environment. ====================================================================== ====================================================================== Batzel v Cremers summary * Facts Robert Smith was a handyman who worked for Ellen Batzel at her North Carolina home, doing repairs to house and vehicles, in 1999. He claims: 1. Batzel told him that she was "the granddaughter of one of Hitler's right-hand men" 2. He overheard Batzel tell someone that she was related to Heinrich Himmler (or else this was part of conversation #1) 3. He was told by Batzel the paintings were "inherited" Smith had a dispute with Batzel [either about payments for work, or about Batzel's refusal to use her Hollywood contacts to help Smith sell his movie script]. Smith sent his allegations about Batzel in an email to Ton Cremers, who ran a stolen-art mailing list. Smith found Cremers by through a search engine. This is still 1999. Smith claimed in his email that some of Batzel's paintings were likely stolen by the Nazis. (p 8432 of the decision, Absolute Page 5) Smith sent the email to securma@museum-security.org Cremers ran a moderated listserv specializing in this. He included Smith's email in his next release. Cremers exercised editorial control both by deciding inclusion and also by editing the text as necessary. He included a note that the FBI had been notified. Normal address for Cremer's list was: securma@x54all.nl Smith's emailed reply to someone when he found out he was on the list: I [was] trying to figure out how in blazes I could have posted me [sic] email to [the Network] bulletin board. I came into MSN through the back door, directed by a search engine, and never got the big picture. I don't remember reading anything about a message board either so I am a bit confused over how it could happen. Every message board to which I have ever subscribed required application, a password, and/or registration, and the instructions explained this is necessary to keep out the advertisers, cranks, and bumbling idiots like me. Some months later, Batzel found out and contacted Cremers, who contacted Smith, who continued to claim that what he said was true. However, he did say that he had not intended his message for posting. On hearing that, Cremers did apologize to Smith. Batzel disputed having any familial relationship to any Nazis, and stated the artwork was not inherited. Batzel sued: Smith (who has no money) Cremers Netherlands Museum Association Mosler, Inc The latter was included because they paid for ads on the site. Cremers filed for: * summary judgement under anti-SLAPP rules * motion to dismiss for lack of jurisdiction He lost on both counts. (Should he have?) Famous Section 230 case. ======================= *IS* cremers like an ISP here? The fact that he is editing the list he sends out sure gives him an active role, and yet it was Prodigy's active-editing role that the CDA section 230 was arguably intended to protect. Does this immunize employers against claims of sexual harrassment though employer-sponsored email? Is that ok? Is the other interpretation (that employers *are* liable) fair, either? * Legal history * decision *Is* Cremers like an ISP here? Why does Communications *Decency* Act have such a strong free-speech component? Generally free speech is something the *in*decent are in favor of. 9th Circuit (Federal Appellate court in CA, other western states) (Page numbers are as_printed/absolute Judge Berzon: Opening (8431/4) There is no reason inherent in the technological features of cyberspace why First Amendment and defamation law should apply differently in cyberspace than in the brick and mortar world. Congress, however, has chosen for policy reasons to immunize from liability for defamatory or obscene speech "providers and users of interactive computer services" when the defamatory or obscene material is "provided" by someone else. Note up-front recognition that this is due to *Congress*. Section 230 was first offered as an amendment by Representatives Christopher Cox (R-Cal.) and Ron Wyden (D-Ore.). (8442/15) Congress made this legislative choice for two primary reasons. First, Congress wanted to encourage the unfettered and unregulated development of free speech on the Internet, and to promote the development of e-commerce. (8443/16) ... (Top of 8445/18) The second reason for enacting § 230(c) was to encourage interactive computer services and users of such services to self-police the Internet for obscenity and other offensive material [extensive references to congressional record] (8447/20): In particular, Congress adopted § 230(c) to overrule the decision of a New York state court in Stratton Oakmont, 1995 Regarding question of why a pro-free-speech clause was included in an anti-free-speech law (or, more precisely, addressing the suggestion that section 230 shouldn't be interpreted as broadly pro-free-speech simply because the overall law was anti-free-speech): (8445/18, end of 1st paragraph): Tension within statutes is often not a defect but an indication that the legislature was doing its job. ============ 8448/21, start of section 2. To benefit from § 230(c) immunity, Cremers must first demonstrate that his Network website and listserv qualify as "provider[s] or user[s] of an interactive computer service." The District court limited this to ISPs. The Circuit court argued that (a) Cremers *was* a provider of a computer service, and (b) that didn't matter because he was unquestionably a USER. 8450/23, at [12] Critically, however, § 230 limits immunity to information "provided by another information content provider." Here's one question: was *Smith* "another content provider"? You can link and host all you want, provided others have created the material **for online use**. The other question is whether Cremers was in fact partly the "provider", by virtue of his editing. Answer to first question: 8450/23, 3rd paragraph Obviously, Cremers did not create Smith's e-mail. Smith composed the e-mail entirely on his own. Nor do Cremers's minor alterations of Smith's e-mail prior to its posting or his choice to publish the e-mail (while rejecting other e-mails for inclusion in the listserv) rise to the level of "development." More generally, there is simply no way to extend immunity to Stratton Oakmont -type editing, or to removing profanity, while failing to extend immunity "all the way". ******** Is that actually true? ******** The Court considers some other partial interpretations, but finds they are unworkable. Second point: 8584/27, 3rd paragraph Smith's confusion, even if legitimate, does not matter, Cremers maintains, because the § 230(c)(1) immunity should be available simply because Smith was the author of the e-mail, without more. We disagree. Under Cremers's broad interpretation of § 230(c), users and providers of interactive computer services could with impunity intentionally post material they knew was never meant to be put on the Internet. At the same time, the creator or developer of the information presumably could not be held liable for unforeseeable publication of his material to huge numbers of people with whom he had no intention to communicate. The result would be nearly limitless immunity for speech never meant to be broadcast over the Internet. Sent back to district court to determine 8457/30, at [19] We therefore ... remand to the district court for further proceedings to develop the facts under this newly announced standard and to evaluate what Cremers should have reasonably concluded at the time he received Smith's e-mail. If Cremers should have reasonably concluded, ===> for example, that because Smith's e-mail arrived via a different e-mail address it was not provided to him for possible posting on the listserv, then Cremers cannot take advantage of the § 230(c) immunities. =========================================================================== (Potential) corporate liability for sexual harassment is most frequently cited justification for lack of employee privacy regarding company email. Should this liability be there? =========================================================================== Since this case, there have been MANY others decided by application of this decision. See eff.org's section on Free Speech. There have also been many attacks on Section-230 immunity. Some limitations may come, someday. Publisher liability: liability even without knowledge of defamatory material's inclusion: Distributor liability: liability for knowingly distributing defamatory material Best approach to attack section-230 immunity (2007): distributor liability. =========================================================================== ====================================================================== ====================================================================== spam 1996: aol v Cyber Promotions (Baase, p 161) note that CP sued aol for blocking CP's spam! Eventually AOL sued CP. Intel-Hamidi case: Ken Hamidi sent email to 30,000 intel employees. Intel sued. It eventually reached the California Supreme Court, who ruled in Hamidi's favor. Harris Interactive sued the Mail Abuse Prevention System, for blocking their opinion-poll email. One interesting claim by Harris is that they were "turned in" to MAPS by a competitor. Harris dropped the suit. CAN-SPAM act People have a right to send email. Sort of. Maybe not companies, though. ====================================================================== ====================================================================== Regulated classes of speech All these categories are things that, once upon a time, private individuals seldom if ever got caught up in. p 166: Commodity-Futures Trading Commission (CFTC): they required that, if you wrote about commodity futures, you needed a license. The regs were originally intended to cover traders, but CFTC applied them to newsletters too, and then the web. p 176: political campaign laws Anything you do that is "coordinated" with a political campaign are considered contributions. These are subject to limitations, and to reporting requirements. McCain-Feingold: no even mentioning a candidate's name or face within 60 days of an election. In 2004, the Federal Election Commission was ordered by a judge to write rules extending the McCain-Feingold rules to the Internet. How would this affect bloggers? Would they be silenced? Note that the opposing candidates are VERY likely to file complaints. 2006 FEC rules on the internet: it's ok as long as you aren't paid, EVEN IF political activity is "in coordination with" the candidate. 2007: Supreme court struck down the McCain-Feingold restriction on issue ads. === Home selling: if you list your house online, do you need a real-estate license? ============================================================================