Paper 3: Software Patents / Computer Crime
Due: Saturday, July 2 Comp 417,
Dordal
(Tentative)
Topic option 1: Are software patents a special case?
Paul Graham wrote
There's
nothing special about physical [machines] that should make them
patentable, and the software equivalent
not.
Is there any reason to treat software as a special case?
The purpose of patents in general is to encourage innovation and investment
in innovation, for social progress. Does this actually work for software
patents? If not, does it fail badly enough that software should not be
patentable, or should involve patent restrictions?
The position that software is not a special case is compatible
with both the idea that software should be patentable just like
everything else, and also with the idea that nothing should be
patentable; the latter argument is made in Michele Boldrin and David
Levine's The
Case Against Patents, and their longer work Against
Intellectual Monopoly. You may certainly argue that nothing should be
patentable, though if you do so you should be sure you understand your
argument's implications for, say, the pharmaceuticals industry.
One facet of the question is whether software patents, on the whole, are of
benefit to society; if they are not, and other patents are, then
you have established a distinction. Do
software patents foster innovation, leading to more software ideas for
everyone? For the purposes of patent law, should software be included?
Here are a few justifications that have been advanced for considering
software patents to be fundamentally different:
- Software is often about abstraction, and abstract ideas
- Software has greater generality than physical machines
- Algorithms are fundamentally mathematical facts rather than inventions
- Many software "inventions" are straightforward implementations of
broad ideas
- Many software patents are in fact functional patents, which
have long been suspect
- Often the "creativity" in software is simply realizing that, yes,
there is a market for the product
Others have argued that the only specialness of software patents is that the
patent office allegedly has difficulty conducting patent examinations for
software. Still others argue that it is the existence of open source that
makes software patents unique.
In the I4I v Microsoft case, an obscure patent about a data structure for
holding XML tags became very expensive for Microsoft, once the data
structure in question was interpreted so broadly as to cover any method of
manipulating XML structure separately from data. Does this represent a
fundamental problem with the use of abstraction (ie in describing
data structures) in computer science? Or was this just a quirk of the
judicial system?
Another way to address the question above is that, yes, Graham was right,
but that software should be subject to different
patent rules. If this is what you feel, propose different rules and argue
for them. If your main argument is that software is indeed a special case,
you may either make the case that it is so different that patents should not
apply, or make the weaker argument that special patent rules should apply.
Argue your position, addressing both sides, and come
to a conclusion. Your conclusion should either support one side or
the other (perhaps with qualifications), or else it should outline some sort
of "compromise" position.
Here are a few more points to think about if you need suggestions. You
don't have to address them all (you don't have to address any of
them):
- Incentives to innovation and development
- Litigation costs as a negative social side-effect
- Inventor's rights
- Public's rights to shared ideas
- Conflicts between patented software and open source
- Whether software is "too abstract" to be patentable in general
(Bilski's process was held to be too abstract)
- Many claimed software inventions are straightforward implementations
using existing components
Topic option 2: What should the rules be for computer crime?
When someone steals a piece of property, there is seldom a question whether
a crime has been committed. But Randal Schwartz clearly did not think he did
anything wrong, and many disinterested observers in the
system-administration community at the time agreed. Similarly, while Aaron
Swartz certainly knew he was bypassing something, many have
claimed he had no reason to think what he was doing might be criminal.
Terry Childs may not have intended to be cooperative, but it seems clear he
had no idea that he could end up in prison for four years. Jeremy Hammond
certainly appears to have understood some might see his actions as criminal,
but he felt what he was doing was a form of civil disobedience.
Certainly some judges and many prosecutors feel that they are quite capable
of determining which computer crimes are "serious" and which are not. Should
the rest of us trust their discretion? Crimes involving firearms are given
hefty additional penalties; should the same be true of crimes involving a
computer?
The CFAA criminalizes "unauthorized access". This makes sense by analogy
with physical property, but there is quite a bit of ambiguity as to what
constitutes "unauthorized" access to a computer, especially for people for
whom some access is authorized. Unauthorized use of physical
property pretty much means stealing it; unauthorized use of a computer can
cover a wide range of things.
For example, the CFAA, in theory, criminalizes creating a second Facebook
account, or use of Google search by minors (before March 2013). These uses
are explicitly "unauthorized" by the sites' Terms of Service. When Bidders'
Edge got in trouble with E-Bay for collecting data about E-Bay auctions, it
was because they had to create E-Bay accounts to get access to the system,
and they used these accounts in ways contrary to the E-Bay terms of service.
Using a workplace computer to check out Facebook, or even to check news
headlines during lunch, is often "unauthorized".
On the other hand, Lori
Drew was acquitted of violating the MySpace terms of service, in a
case in which Drew created a fake MySpace account that probably contributed
to the suicide of Megan Meier.
Here is the central question: is a law against "unauthorized access" a good
idea, or must there be some other standard as well, and, if so, what?
Some possibilities are
- the perpetrator caused actual harm (a problem with this approach is
that harm is notoriously hard to evaluate)
- the perpetrator acted with malicious intent, ie intent to
cause harm (the government would have trouble proving that for most of
our examples here)
- ???
Another way to summarize this question is simply "Is the CFAA too broad?
If not, why? If so, how might it be fixed?"
A closely related question is that of restitution: should a hacker be
obligated to pay costs that clearly are part of normal security
procedures? Sometimes hackers are asked to repay system owners for the
costs of basic retroactive patch installation.
A brief argument in favor of the CFAA approach is that computer crimes
often make use of unforeseen mechanisms of access, and so a very broad
proscription is in order.
Your paper (either topic) will be graded primarily on organization (that is,
how you lay out your sequence of paragraphs), focus (that is, whether you
stick to the topic), and the nature and completeness of your arguments.
It is essential that all material
from other sources be enclosed in quotation marks (or set off as a block
quote), and preferably with a citation to the original source as well.
Expected length: 3-5 pages (1000+ words)