Paper 3: Software Patents / Computer Crime

Comp 317/417, Dordal

Topic option 1: Do software patents need reform?

Paul Graham wrote

There's nothing special about physical [machines] that should make them patentable, and the software equivalent not.

Patents for physical machines have, arguably, helped advance society by creating an incentive for innovation. But some feel that software patents, in particular, have not been socially useful. Do we need to revise the rules for software patents?

If yes, do you have modest technical changes in the patent process in mind, or do you want to scrap software patents entirely, or something in between?

If no, say why; you might pick a common objection or two to software patents and explain why the objection is not sufficient to justify change, or you might argue that, whatever the drawbacks, software patents do create a socially useful incentive for invention, or you might address a combination of these.

Some people think that nothing should be patentable; the latter argument is made in Michele Boldrin and David Levine's The Case Against Patents, and their longer work Against Intellectual Monopoly. If you think that all patents are equally bad, feel free to make that argument, but please make your position clear. If you argue against all patents, you should be sure you understand your argument's implications for, say, the pharmaceuticals industry.

Here are a few justifications that have been advanced for considering software patents to be fundamentally different, and thus deserving of special rules:
Others have argued that the only specialness of software patents is that the patent office allegedly has difficulty conducting patent examinations for software. Still others argue that it is the existence of open source that makes software patents unique.

Discuss both sides, and come to a conclusion. Your conclusion should either support one side or the other (perhaps with qualifications).

Here are a few more points to think about if you need suggestions. You don't have to address them all (you don't have to address any of them):

Topic option 2: What should the rules be for computer crime?

When someone steals a piece of property, there is seldom a question whether a crime has been committed. But Randal Schwartz clearly did not think he did anything wrong, and many disinterested observers in the system-administration community at the time agreed. Similarly, while Aaron Swartz certainly knew he was bypassing something, many have claimed he had no reason to think what he was doing might be criminal.

Terry Childs may not have intended to be cooperative, but it seems clear he had no idea that he could end up in prison for four years. Jeremy Hammond certainly appears to have understood some might see his actions as criminal, but he felt what he was doing was a form of civil disobedience.

Certainly some judges and many prosecutors feel that they are quite capable of determining which computer crimes are "serious" and which are not. Should the rest of us trust their discretion? Crimes involving firearms are given hefty additional penalties; should the same be true of crimes involving a computer?

The CFAA criminalizes "unauthorized access". This makes sense by analogy with physical property, but there is quite a bit of ambiguity as to what constitutes "unauthorized" access to a computer. Unauthorized use of physical property pretty much means stealing it; unauthorized use of a computer can cover a wide range of things.

For example, the CFAA, in theory, criminalizes creating a second Facebook account, or use of Google search by minors (before March 2013). These uses are explicitly "unauthorized" by the sites' Terms of Service. When Bidders' Edge got in trouble with E-Bay for collecting data about E-Bay auctions, it was because they had to create E-Bay accounts to get access to the system, and they used these accounts in ways contrary to the E-Bay terms of service. Using a workplace computer to check out Facebook, or even to check news headlines during lunch, is often "unauthorized" by your employer.

On the other hand, Lori Drew was acquitted of violating the MySpace terms of service, in a case in which Drew created a fake MySpace account that may have contributed to the suicide of Megan Meier.

Here is the central question: is a law against "unauthorized access" a good idea, or must there be some other standard as well, and, if so, what? Some possibilities are

Another way to summarize this question is simply "Is the CFAA too broad? If not, why? If so, how might it be fixed?"

A closely related question is that of restitution: should a hacker be obligated to pay costs that clearly are part of normal security procedures? Sometimes hackers are asked to repay system owners for the costs of basic retroactive patch installation.

A brief argument in favor of the CFAA approach is that computer crimes often have unforeseeable effects, and so a very broad proscription is in order.

The US Supreme Court is currently reviewing one aspect of the CFAA in US v Van Buren.

Your paper (either topic) will be graded primarily on organization (that is, how you lay out your sequence of paragraphs), focus (that is, whether you stick to the topic), and the nature and completeness of your arguments.

It is essential that all material from other sources be enclosed in quotation marks (or set off as a block quote), and preferably with a citation to the original source as well.

Expected length: 3-5 pages (1000+ words)