Week 5 Assignment

profilebfied0404
14CH_Rogers_Business.pdf

286

CHAPTER 14: Cyberlaw

CHAPTER 15: International and Environmental Law

Unit V Business Law in the

21st Century

rog80328_14_c14_286-306.indd 286 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

287

B usinesses increasingly operate in a global environment, one linked together by elec- tronic communication that is almost instantaneous, and that now enables even small businesses to do business on an international level. The Internet has vastly increased

opportunity for both businesses and consumers, but it also has brought new hazards in the form of security and privacy issues. In Chapter 14, we will look at some of the major con- cerns involving law and the Internet.

As companies increasingly move across national boundaries, an awareness of international law is important for the business student. In Chapter 15, we will discuss laws impacting import and export of goods, international contracts, and some of the problems that can arise when one country’s laws conflict with another’s. We will also examine the major areas of environmental regulation, noting both where legal protections have been effective, and where they have fallen short.

As the world grows increasingly interdependent, in terms of both economies and resources, business practice and the law will both continue to evolve. These chapters will introduce business students to topics critical to globalization, and hopefully pave the way for future understanding as changes take place.

rog80328_14_c14_286-306.indd 287 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

rog80328_14_c14_286-306.indd 288 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

289

Chapter Overview

14.1 Jurisdiction and the Problem of Enforcement

14.2 Computer Crime • Hacking • Identity Theft • Fraud • Phishing

14.3 Cyber Torts

14.4 Privacy • Cookies and Privacy • E-Mail and Privacy • Commercial E-Mail and Privacy • The Constitution and Privacy • Computer Crime and Privacy

14.5 E-Contracts • Click-Wrap Contracts • Sales Tax

14.6 Intellectual Property • The Digital Millennium Copyright Act (DMCA) • The Stop Online Piracy Act (SOPA)

14.7 Chapter Summary • Focus on Ethics • Case Study: American Guarantee & Liability Insurance

Co. v. Ingram Micro, Inc. • Case Study: E. & J. Gallo Winery v. Spider Webs Ltd. • Critical Thinking Questions • Hypothetical Case Problems • Key Terms

14 Learning Objectives

After studying this chapter, you will be able to:

1. Distinguish the major statutes regulating cyber activity.

2. Define spam, phishing, click-wraps, and cookies.

3. Describe the issues relating to privacy and the Internet.

4. Explain how legal issues about sales tax affect business on the Internet.

Cyberlaw

Lucenet Patrice/Oredia Eurl/SuperStock

rog80328_14_c14_286-306.indd 289 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

290

CHAPTER 14Section 14.1 Jurisdiction and the Problem of Enforcement

The incredible capabilities of computers and the growth of the Internet have greatly increased opportunities in the business world, but have also resulted in new risks for both businesses and consumers. Technology makes it possible for us to com- municate with anyone in an instant, to buy goods with a click of a mouse, and to gather vast amounts of information with unprecedented speed and efficiency. So, too, does the brave new world of electronic communication present a challenge for the law. How do we translate the traditional contract rules of offer and acceptance in a world of elec- tronic transactions? What are the limits on how others collect and use our personal data? How do we balance the free flow of communication and information with the protection of our privacy? These are just a few of the issues this chapter will explore. In many ways, the Internet is the Wild West of the new millennium, full of both opportu- nity and danger!

Cyberlaw is a broad term used to refer to rules dealing with this digital Wild West, with the Internet and computer technology. In some cases, well-established areas of law such as torts and contracts have evolved to deal with situations arising from computer use. In others, legislatures have to enact new statutes when existing laws fall short.

The main categories of cyberlaw include criminal law, tort law, contracts, and intellectual property. Note that there are issues that overlap these different segments of the law. For example, statutes such as the Digital Millennium Copyright Act contain both criminal and civil provisions, and privacy concerns in the cyber sector have spawned legal develop- ments in multiple areas of the law.

14.1 Jurisdiction and the Problem of Enforcement

Regardless of what the law says about behavior in cyberspace, there is a major prob-lem when it comes to enforcement of the rules in physical space. The Internet has no regard for state or national boundaries. A hacker in Russia can target your com- puter as easily as someone who lives next door to you. Counterfeiters in China do a huge trade in bootleg DVDs of Hollywood movies, some- times hitting the market even before the movie has been released. The hacker and the counterfeiter are both vio- lating the law, but what can you do about it? The answer may well be nothing.

One obstacle is identify- ing the culprit. The Inter- net allows a certain degree of anonymity, and even if a particular account is iden- tified as where the action

Digital technology has made it much more difficult to police copyrights and prevent counterfeiting.

gzorgz/iStock/Thinkstock

rog80328_14_c14_286-306.indd 290 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

291

CHAPTER 14Section 14.2 Computer Crime

originated, the Internet Service Provider (ISP) may not cooperate in identifying who the account belongs to.

Even if that problem can be overcome, and you know who is responsible for the offense, the problems of suing someone in a foreign country, particularly one not known for cooperation with the United States, are huge. And suppose you sue and win and now are seeking to collect your damages? Enforcing a judgment depends on the government of the country where the defendant’s assets are located.

14.2 Computer Crime

Hacking Computers are both victims and tools of crime. A common computer crime is hacking, where a person gains unauthorized access to a computer from a remote location. Hackers may maliciously target a computer to raid its data or damage it through the use of viruses, and of course they are usually using computers and software programs to commit these offenses. In the early days of computers and the Internet, many unauthorized incursions of this type were not covered by existing law.

Example 14.1. A graduate student improperly uses university computers and databases to do personal research. If he had legally paid for the ser- vice, it would have cost about $12,000. Is this theft? He has not “taken” any information from the computers; he’s just shared it. And while the old saying goes “Time is money,” the common law says that time and money are actually very different things! So the student could not be convicted of a crime under traditional rules.

Cases such as this eventually resulted in the creation of new regulations including the fed- eral Computer Fraud and Abuse Act of 1986 (CFAA). The CFAA applies to any computer on the Internet (which today is the vast majority of them) and prohibits computer tres- pass, fraud, espionage, theft, damage to a computer such as planting viruses or worms, and selling of computer passwords, among other things.

Example 14.2. David, a college student, accesses Gov. Sarah Palin’s Yahoo e-mail account by guessing the answers to the prompt questions that allow the password to be reset. He posts the new password on a public bulletin board, allowing access by others. In 2010, David is convicted of unauthor- ized access and sentence to one year and one day’s imprisonment.

However, the CFAA only applies within the United States, which considerably limits its effectiveness. Many hackers operate from outside the United States, even if their victims are in this country.

Example 14.3. On November 24, 2014, a massive cyberattack was launched against Sony Pictures Entertainment by a group calling themselves the Guardians of the Peace. The attackers wiped out the data on thousands of Sony’s computers and servers and stole a wide range of data includ- ing movie scripts, emails, and films. They also made off with personal

rog80328_14_c14_286-306.indd 291 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

292

CHAPTER 14Section 14.2 Computer Crime

employee data including 47,000 social security numbers. Much of this data was subsequently posted on the internet. The FBI concluded that North Korea was responsible for the attack, although some private security experts have suggested that it was an inside job.

Despite the CFAA, hacking continues to occur on a regular basis. As massive as the Sony hack was, it only ranked as the 33rd largest data breach of 2014. The largest data breach in 2014 occurred earlier in the year when an eBay database was hacked, resulting in over 145 million customer records being compromised.

Identity Theft Another law targeting criminal behavior on the Internet is the Identity Theft and Assump- tion Deterrence Act of 1998, which prohibits use of false identification to commit fraud or other crimes. Identity theft is a growing problem: in 2014, approximately 17.6 million U.S. residents age 16 or older (about 7%) were the victims of identity theft. The law gives vic- tims a right to sue for damages, but possibly more useful (since a victim may never know who put that $5,000 charge for Racy Stacy lingerie on his card, and thus will be unable to sue him or her!) is the provision that limits liability to the first $50 when a stolen card has been used. It is important for victims to report identity theft to credit card companies as soon as possible, so as to limit the liability for the fraudulent credit card charges.

Fraud Fraud is an enormously common crime committed via the Internet and takes many dif- ferent forms. One common variety is the Nigerian Letter scam, in which the victim gets an e-mail purporting to be from a Nigerian gov- ernment official who seeks help in transferring funds out of the country; the would-be official is willing to pay a large sum of money to whoever allows the funds to be transferred into their per- sonal bank account. Of course, whoever actu- ally agrees to help is actually the victim of the crime since he will need to provide the “Nige- rian official” personal bank account informa- tion so that the funds can be transferred. The perpetrator of this fraud then uses the informa- tion to raid the victim’s account. To many, this may seem like such an obvious hoax as to be laughable, but millions of dollars are lost annu- ally to such fraudulent schemes.

Phishing Another fast-growing area of crime is phishing, where the victim receives an e-mail that appears to come from a site such as PayPal, eBay, or a bank, asking her to verify her account information. Clicking on the link provided takes the victim to a “dummy” site, one that appears to look legitimate but in fact is a clever counterfeit. When the victim logs in, her account information is then transmitted to the phisher.

E-mail has become a favorite tool of scam artists.

© 2009 Justin NB Francis/Just One Film/Getty Images

rog80328_14_c14_286-306.indd 292 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

293

CHAPTER 14Section 14.3 Cyber Torts

The Federal Trade Commission also has regulations that apply in the area of consumer fraud and deceptive practices committed via the Internet, and some states have passed additional statutes. California, for example, requires companies to inform consumers when their personal information has been the target of unauthorized access.

14.3 Cyber Torts

There are a number of torts that can be committed in a cyber setting as well as in the “real” world. Consider defamation, which is the publication of a false statement about the plaintiff that harms the plaintiff’s reputation. Example 14.4. Puppy Love is the doggie day care and boarding business operated by Jenny Love. Fred tells Maggie that Puppy Love mistreats dogs, hiding them in overcrowded kennels when their owners aren’t around. Maggie in turn tells other neighborhood dog owners, and Puppy Love loses a great deal of business. Assuming this claim is untrue, both Fred and Maggie can be liable to Jenny Love for defamation under the common law.

If Fred had instead posted the defamatory statement on his website, he would still be lia- ble. But note that the ISP that hosts Fred’s site is not liable for passing on the information in the same way that Maggie is. Under the Communications Decency Act of 1996, ISPs and Web hosts are not liable for information posted by others, because they are not the content providers. The law recognizes the reality that the volume of communication is such that to require a site or provider to police content might severely restrict the flow of free speech.

If Fred posted the statement on an Internet bulletin board, Everything Dogs, that site is likewise not liable. But if Everything Dogs has a policy stating they will investigate and respond to complaints and three months after Jenny Love has asked them to remove the post, they still have not acted, they may have liability under a contract theory.

The property torts of trespass and conversion can also be committed in computer situations.

Example 14.5. Keisha is a realtor with Sunshine Realty who maintained a client list on her computer at the Sunshine office. Keisha’s contract with Sunshine specifies that she is an independent contractor who retains own- ership of her work product. After a disagreement with Sunshine’s manage- ment, Keisha decides to leave the firm. Sunshine refuses to give her access to her list. Even though the list exists in electronic, rather than tangible, form, Sunshine is still interfering with Keisha’s ability to possess her prop- erty, so Sunshine may be liable for conversion.

Example 14.6. Alpha Corp has done business via the Internet with Beta Inc. Unknown to Alpha, Beta has installed software on Alpha’s computers that interferes with the speed at which the computers operate. Beta may be liable for trespass.

rog80328_14_c14_286-306.indd 293 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

294

CHAPTER 14Section 14.4 Privacy

14.4 Privacy

The same tools that contribute to the ease and speed of Internet communications (think one-click shopping, which lets you buy without always reentering your address and credit card information) also present a threat to personal privacy. Inter- estingly enough, federal law does not require companies to have a privacy policy. How- ever if a company chooses to have a policy, it must comply with it.

Cookies and Privacy The lack of regulation means that most popular websites routinely install thousands of tracking tools (often called “cookies”) on the computers of consumers who visit. The cookies track such information as what websites you visit, but also record the keystrokes you enter online. This information is often then sold to marketers, who use it to target online advertising. But the security implications go beyond a consumer’s being plagued with unwanted ads. Once that information has been recorded, it may be accessed by hack- ers, or by the government, and used in harmful ways.

Congress has acted to protect children specifically with the Children’s Online Privacy Pro- tection Act of 1998 (COPPA) that prohibits Internet operators from collecting information from children under 13 without their parents’ permission. Sites must also disclose how they will use any such information. Mrs. Field’s Cookies ran afoul of the law when their site offered birthday coupons for free cookies to children; they were collecting names and birth dates without parental consent.

The European Union has taken a more proactive approach, requiring sites to offer an “opt-in” system under which tracking cookies may not be used unless the consumer has authorized it. The website must also state how the tracking devices will be employed.

E-Mail and Privacy Many people routinely discuss very personal matters via electronic communications such as e-mail, and use computers in ways they would not like to see made public. Suppose Sally is using her work e-mail account to tell her best friend all about her recent divorce. Could her employer read this e-mail? Or Bob has downloaded child pornography using his computer at the office after hours, although he subsequently deleted all the images. A coworker tips off the police. Can the police then obtain a warrant, seize the computer, recover the images, and use them as evidence against Bob?

In all likelihood the answer to both these questions is yes because most employers have stated policies that make clear that office computers and e-mail accounts belong to the employer and information transmitted or stored is not confidential. The Electronic Com- munications Privacy Act of 1986 does prohibit unauthorized access to, or disclosure of, e-mail and transmissions from pagers or cell phones. Despite this lack of actual privacy, sitting alone at your computer does create an illusion of privacy.

Perhaps the best advice is to never say anything on the Internet that you would not say in a crowded café, where the person eavesdropping at the next table might be a police officer or your worst enemy!

rog80328_14_c14_286-306.indd 294 9/20/16 11:03 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

295

CHAPTER 14Section 14.4 Privacy

Commercial E-Mail and Privacy A different type of privacy issue—and a very common one for many e-mail users—is the flood of unwanted e-mail that appears in your inbox (frequently advertising things such as penile enlargements and drugs to enhance your sex life). Known as spam, this e-mail is not banned but is regulated by the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM). This law prohibits deceptive headings (To, From, Subject, etc.) and requires an unsubscribe option and that the advertiser pro- vide a legitimate physical address, among other things. Unfortunately this law does not seem to have had much effect and spam continues to be a

problem for computer users. There have been a few tort lawsuits arguing that unwanted e-mail in volume is a kind of trespass, but courts have generally refused to allow dam- ages for sheer annoyance, instead restricting liability to situations in which the plaintiff’s computer is actually damaged.

The Constitution and Privacy The First Amendment protects free speech and has significant implications for statements made on the Internet as well. As already noted, ISPs are largely shielded from liability for disseminating statements that may be defamatory.

The Fourth Amendment also has implications for online privacy. Note that if the govern- ment wants to get evidence such as e-mail from a computer, the officers will ordinarily have to obtain a warrant. This is equally true if they are seeking the information from the ISP. However it should be noted that there are situations, such as those involving national security under the USA Patriot Act, where the legalities of government intrusions are less clear, and the warrant requirements may not be applicable.

Example 14.7. The FBI suspect Jason of having robbed five banks. They have reason to think he communicates with some of his gang by e-mail and text messages. The FBI needs a warrant to obtain access to Jason’s e-mail from his ISP.

Example 14.8. Comcast thinks one of their account holders is using the ISP to traffic in porn. Because Comcast is not a government entity, it does not need a warrant to access the suspected porn user’s account.

Spam is the modern form of junk mail.

Devonyu/iStock/Thinkstock

rog80328_14_c14_286-306.indd 295 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

296

CHAPTER 14Section 14.4 Privacy

Computer Crime and Privacy While invasion of privacy is often treated as a civil matter, it can also be a crime. One of the highest- profile computer-based privacy cases of recent years involved a college student, Dahrun Ravi, who used a computer-mounted webcam to spy on his roommate Tyler ’s intimate encounter with another man. Ravi then sought to use social media to encourage oth- ers to watch. A few days later, Tyler committed suicide by jumping off a bridge. Ravi was prosecuted for multiple crimes, including crimi- nal invasion of privacy, and even- tually sentenced to 30 days in jail, three years of probation, counsel- ing, and community service.

In the Media: Apple vs. the FBI

How much privacy should an individual who commits a crime be entitled to during an investigation? Should the government be able to force companies to hack into their customers’ private data? Apple and the United States FBI faced these questions during the investigation into a mass shooting in Southern California. On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik shot and killed 14 people and wounded 22 others at a banquet held at a community facility in San Bernardino, Califor- nia. In the course of their investigation into the mass shooting, the FBI seized an Apple iPhone from a Lexus belonging to Farook’s family that was found parked outside Farook’s residence. The FBI asked Apple to help them disable some security features on the phone so that they could unlock the phone and access the data stored on the device. In particular, the FBI wanted Apple to disable an encryption feature that automatically erases the data on the phone after ten failed password attempts. When Apple declined the FBI’s request, the FBI obtained a court order directing Apple to assist the govern- ment in accessing the data on the phone.

Apple filed an objection to the order, setting off a debate between privacy and national security inter- ests. Apple claimed that complying with the court order would require writing software which did not yet exist. The government could then use this software to access data on anyone’s device. Compro- mising the security of the iPhone would also leave iPhone users vulnerable to hackers. Apple argued that forcing the company to comply with the FBI’s request would set a dangerous precedent which could be used as the basis for requiring Apple or other technology companies to create software that would give the government access to citizens’ private, encrypted data such as messages, location, and financial and health information.

The government argued that not only did they have a valid search warrant authorizing law enforce- ment to access the device, but the owner of the device (Farook’s employer) consented to allow the

Dharun Ravi (right) was convicted for criminal invasion of privacy. He set up a webcam to record his roommate’s intimate encounter with another man. His roommate later committed suicide.

Mel Evans/Associated Press

(continued)

rog80328_14_c14_286-306.indd 296 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

297

CHAPTER 14Section 14.5 E-Contracts

14.5 E-Contracts

Click-Wrap Contracts Many times when a transaction is conducted over the Internet, a consumer is confronted with a section that says something like “I have read and agree to all terms and condi- tions.” Such agreements are sometimes called click-wrap contracts. Many people will click without ever reading such terms, which are often stated in dense legalese and seem to go on forever.

Example 14.9. Emily buys a software program for graphics from an Inter¬net site. She clicks “I accept” without reading, since she must do this to download the program. Later the program crashes her computer and she loses valuable data. Now Emily discovers that the company’s liability is limited by her “acceptance” of their warranty, which provides they will only refund the purchase price.

Click wrap agreements are generally held to be enforceable as long as certain conditions are met. The user must be required to take some affirmative action such as clicking a checkbox manifesting their agreement to the terms and conditions, or clicking a button that states that the user agrees to the terms and conditions. In addition, the terms and conditions must be readily available to the user either through a hyperlink or in a textbox conspicuously displayed close to the “I agree” check box or button.

Some of the most common provisions to be found in these click-wraps are provisions that mandate arbitration will be used to settle disputes, and ones that limit liability (such as

In the Media: Apple vs. the FBI (continued)

government access to the device. The government further argued that they were seeking Apple’s assistance in accessing only this device, and the software required to do so would remain in the pos- session and control of Apple. Others have argued that encryption such as that on the iPhone makes it more difficult for law enforcement to solve crimes and combat terrorism and that digital data is not entitled to any greater protection from the government than any other type of information.

Prior to the final hearing in the case, the Department of Justice reported that it had been able to unlock the device and access the data with the help of a third party and asked the court to dismiss the case against Apple. Although this case is over, the broader public policy debate pitting encryption and data privacy against public safety and national security continues.

Sources: http://www.latimes.com/local/lanow/la-me-ln-san-bernardino-shooting-live-updates-htmlstory.html https://www.docketalarm.com/cases/California_Central_District_Court/5--16-cm-00010/USA_v._In_the_Matter_of_the_Search_ of_an_Apple_iPhone_Seized_During_the_Execution_of_a_Search_Warrant_on_a_Black_Lexus_IS300_California_License_ Plate_35KGD203/1/ http://www.nbcnews.com/storyline/san-bernardino-shooting/judge-forces-apple-help-unlock-san-bernardino-shooter- iphone-n519701 http://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html http://www.cnbc.com/2016/02/17/apple-order-to-hack-iphone-for-fbi-in-san-bernardino-case-chilling-tim-cook.html

rog80328_14_c14_286-306.indd 297 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

298

CHAPTER 14Section 14.5 E-Contracts

the clause that confronted Emily in the example above). In Specht vs. Netscape Communica- tions Corporation, the plaintiffs downloaded software from Netscape’s web page by click- ing on a button labeled “Download.” If the plaintiffs had scrolled further down the page, they would have seen a link to another page where they could have reviewed the terms and conditions of Netscape’s software license agreement, which included an arbitration clause requiring arbitration of any disputes. When the plaintiffs later sued Netscape over an issue with the software, Netscape moved to dismiss the lawsuit on the grounds that by clicking on the download button, the plaintiffs had agreed to arbitrate the dispute. The Court ruled that the plaintiffs were not bound by the terms and conditions of the Netscape license because there was no “immediately visible notice of the existence of the license terms” conspicuously displayed by the download button. In addition, the users down- loaded the software without having to do anything that would indicate their unambigu- ous assent to the terms of the Netscape license.

Sales Tax Another major legal issue relating to e-commerce concerns the imposition of sales tax on Internet-based sales of goods. State governments often rely on sales taxes as a major source of revenue, especially in states that do not impose an income tax. During the 2008 recession the federal government cut aid to state and local governments; by 2012 states faced a projected $50 billion shortfall in their budgets. One suggested way to make it up was by taxing online retailers such as Amazon.com, Overstock.com, Blue Nile, and others. A 1992 Supreme Court ruling, Quill v. North Dakota, had found that retailers generally can’t be made to collect taxes for out-of-state sales unless they have either a physical presence or an alliance with a business with a physical presence in the tax jurisdiction in question.

Example 14.10. Book Exchange Company has an office and warehouse in Illinois, but does only online and mail order business in other states. Book Exchange can be made responsible for collecting sales tax only for its Illi- nois customers. Brooks and Stalwart Ltd. has an extensive online store but also has brick-and-mortar bookstores across the country. Brooks and Stal- wart Ltd. can be made to collect taxes in any state in which it has a store.

Theoretically consumers are supposed to pay a “use tax” for Internet transactions with no sales tax. The difference between a sales tax and a use tax is simply who collects the money and remits it to the state: a sales tax is collected by the seller, and a use tax is paid directly by the buyer to the state. In practice, consumers simply don’t pay the tax, and the state has no effective way of tracking such purchases and the money goes uncollected. Of course, many consumers have no idea this tax exists! In some states, if you buy an item at a garage sale, you should be paying use tax to the state.

However, there is an ongoing lobbying effort by big-box retailers such as Walmart to have Congress pass legislation that would force online retailers to collect sales tax from con- sumers. These stores argue that they are put at a competitive disadvantage by having to charge sales tax; the online sellers counter that expecting them to deal with a confusing patchwork of regulation in 50 different states is unrealistic. The online businesses point to states such as Rhode Island, where the purchase of a mink coat would be subject to sales tax but the purchase of a mink purse would not, and New Jersey, where candy is taxed but

rog80328_14_c14_286-306.indd 298 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

299

CHAPTER 14Section 14.6 Intellectual Property

cookies are exempt. Brick-and-mortar stores at least only have to worry about the states in which they are physically located, since that is where their sales will take place. An online business may be getting orders from fifty states and all around the world, which makes compliance much more difficult.

14.6 Intellectual Property

The Digital Millennium Copyright Act (DMCA) The Digital Millennium Copyright Act (DMCA), signed into law by President Clinton in 1998, amended previous federal copyright law in part to implement two international treaties on intellectual property protection. It criminalizes the circumventing of measures that control access to copyrighted materials (known as digital rights management or DRM) and to copyrighted works.

Example 14.11. Mega Music Online sells music for download by custom- ers. Mega Music uses DRM to prevent copying and to prevent the down- loaded music from being played on non-Mega Music apps and devices. Devri writes a software program that can bypass the DRM and allow the music to be copied and played on a wide range of non-Mega Music devices. Devri’s act of decrypting the DRM constitutes an offense under the DMCA.

In addition, the DMCA heightens the penalties for copyright infringement on the Inter- net, although it does provide a safe harbor for ISPs whose clients are infringing. The file- sharing sites MP3.com and Napster were early targets under the DMCA; more recently Bit-Torrent Inc., which maintains a file-sharing protocol that allows large filesto be trans- ferred (such as movies), has been the subject of lawsuits by the entertainment industry. Not only the sites, but the people who download from such places can be liable. By 2008 the recording industry had filed over 20,000 lawsuits against downloaders. In one case, a woman in Minnesota was ordered by the court to pay $220,000 to media companies, rep- resenting $9,250 for each of the 24 songs she was found to have shared online.

The Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 autho- rized increased damages for copyright infringement, seeking to discourage would-be pirates and compensate copyright holders. Penalties were increased from the $500 to $20,000 range to $750 to 30,000 per act of infringement, and from a maximum of $100,000 for willful infringement to $150,000. Although the increase may not seem drastic, it is important to note that the penalty is assessed for each individual instance of violating a copyright, which can add up in short order.

rog80328_14_c14_286-306.indd 299 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

300

CHAPTER 14Section 14.6 Intellectual Property

In the Media: You Gotta Fight, for Your Right . . . to Download?

The Digital Theft Deterrence and Copyright Damages Improve- ment Act of 1999 attempts to do what its name suggests: deter electronic copyright infringement by allowing for the imposi- tion of huge fines. In fact, under the statute the maximum fine allowed for each willful, illegal music download is $150,000. That’s serious deterrence, but not enough to deter everyone from taking a song or two through the use of file-sharing ser- vices like Kazaa and the former, but still infamous, Napster.

In 2003, Joel Tenenbaum, while still living at his parents’ home, illegally downloaded hundreds of songs. The Recording Indus- try Association of America (RIAA) took notice of 30 of those downloads and—under the authority of the Digital Theft Deter- rence and Copyright Damages Improvement Act—sent him a letter demanding $3,500. According to his downloads, Tenen- baum liked what most teenagers listened to at the time: Green Day, Limp Bizket, Eminem, and Red Hot Chili Peppers. Tenenbaum (who had also downloaded Incubus’s song “Pardon Me”) acknowledged the downloads and told the RIAA he couldn’t afford to pay the demanded amount, but offered $500. The RIAA then filed suit, whereupon Tenenbaum increased his offer to settle to the originally demanded figure, and then to $12,000. Although the RIAA settles most cases it brings against downloaders, it pressed on and in 2009 a federal jury ordered Tenenbaum to pay $675,000 to the RIAA, which is much less than the maximum allowed $5.4 million it could have been. The judge, however, reduced the jury’s damages to $67,500, calling the fines allowed for under the Digital Theft act oppressive and in violation of the Constitution’s Due Process clause.

Both sides appealed the decision and a federal appeals court upheld the verdict, and also reinstated the original $675,000 damages award. Tenenbaum wouldn’t give up and sought a review of the decision with the U.S. Supreme Court. But in 2012, it refused to hear his appeal. Tenenbaum, who is earning a Ph.D. in physics from Boston University, has had a legal team that included famed Harvard law profes- sor Charles Nesson, whose legal arguments included the Fair Use doctrine. Tenenbaum never paid any of the $675,000 judgment against him. In 2016, the entire amount was discharged in bankruptcy.

Sources: http://www.informationweek.com/news/internet/policy/218900365 http://www.boston.com/news/local/massachusetts/articles/2011/04/05/student_fights_music_sharing_fine/ http://blogs.wsj.com/law/2011/04/05/whats-the-appropriate-punishment-for-illegal-downloading/ http://www.scribd.com/doc/17299117/Plaintiffs-Supplemental-Disclosure-Statement-102808 http://www.plainsite.org/dockets/2yne4d2qg/massachusetts-bankruptcy-court/joel-n-tenenbaum/

The Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 was put in place to control high rates of piracy and copyright infringement.

Imagebroker.net/SuperStock

rog80328_14_c14_286-306.indd 300 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

301

CHAPTER 14Section 14.7 Chapter Summary

The Stop Online Piracy Act (SOPA) How to stop online piracy remains a major concern for business, but much of the pro- posed legislation is highly controversial. The Stop Online Piracy Act (SOPA) and the Pro- tect IP Act (PIPA) were statutes that would have required search engines such as Google to delete links to sites that infringe copyrights, and that would block payments from com- panies such as Visa and PayPal to infringing sites. Unlike the DMCA, which can require a website to remove infringing content (YouTube, for example, does this regularly), these proposed laws target the entire site. They have been compared to shutting down an entire flea market because one vendor is selling counterfeit Gucci bags. There have been public protest against the laws, including the popular website Wikipedia’s going offline for a day, and, for the time being, both statutes seem to have stalled short of becoming law.

14.7 Chapter Summary

The 21st century has brought a veritable explosion of computer-related technology, and with it has come amazing opportunity for business and individuals, but also unprecedented threats to privacy and security. Spam, phishing, and tracking cook- ies represent problems ranging from annoying to extremely harmful, and there is no doubt that computers and the Internet have made identity theft an ever greater threat. Even traditional areas of law such as torts and contracts have been impacted in various ways by technology. Invasion of privacy has taken on new dimensions when social media and webcams are used as tortious tools. Contracts made online with a click of a mouse are less likely to have been read first. Even a relatively straightforward transaction such as the sale of goods becomes more complicated when made online, since the assessment of taxes is different than transactions made in a bricks-and-mortar store.

The law has in some cases struggled to catch up with technology, and in many areas there is either little regulation or little effectiveness in implementing what regulations do exist. But there is no easy answer: many proposed regulations immediately run into conflicts with perceived censorship of the Internet or stifle innovation. As the world continues to be increasingly linked by electronic communication, societies will have to find a balance between technology and safety.

rog80328_14_c14_286-306.indd 301 9/20/16 11:04 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

302

Section 14.7 Chapter Summary CHAPTER 14

Focus on Ethics

Facebook is an enormously popular social media site with a reported 1.71 billion monthly users at the end of June 2016. But a number of Facebook users became disenchanted with the company’s gathering of their personal information and filed lawsuits, seeking $15 billion in damages. At issue was Facebook’s practice of tracking users’ Web activity, even after they had logged out of Facebook. The lawsuit is just one of a pattern of complaints against Facebook relating to privacy issues. These include:

• Not allowing users to terminate their accounts. Users could deactivate their accounts, but Facebook continued to store their information unless each item was manually removed by the user.

• Data mining (the collection of large data sets) by third parties. College students doing a research project were able to download 70,000 Facebook profiles from four target schools.

• Reserving the right to sell information about users to third parties. • Using of a script called Beacon, which allowed third-party web-

sites to publish their activity with Facebook users on Facebook, so that users’ recent purchases and games played were published on the site. If a Facebook user bought videos at Video.com, it would appear on the user’s Facebook site where it could be seen by any “friend.” This meant that you could purchase a gift for someone who would see on your Facebook site that you had bought it! So much for surprises.

• Facilitating identity theft. Researchers have been able to use off-the-shelf face recognition software and match Facebook users with supposedly anonymous Match.com profiles, and also to take pictures of random experimental subjects on a college campus and match them to corresponding Facebook profiles. Furthermore, the researchers were also able to use pre- viously developed algorithms to predict social security numbers with significant success. The result is that a photo taken of a person in public could be used to eventually discover very sensitive information about that person.

In many cases, after the privacy problems were exposed in the press or after legal complaints were filed, Facebook changed its policy or instituted new procedures.

Questions for Discussion

1. Do you believe Facebook is ethical with regard to protecting users’ privacy? Do you think Face- book does an adequate job of alerting its users to possible privacy issues?

2. Is it an adequate response for a company such as Facebook to say that users may opt out of various procedures that may compromise their policy? Or should sites like Facebook be required to change their default so that users have opted out unless they specifically choose to “opt in”?

Source: http://newsroom.fb.com/company-info/

Facebook revolutionized social media, but it also facilitated invasion of privacy to a degree many users did not understand.

Dominic Lipinski/ Associated Press

rog80328_14_c14_286-306.indd 302 9/20/16 11:05 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

303

Section 14.7 Chapter Summary CHAPTER 14

Case Study: American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc.

Civ. 99-185 TUC ACM, 2000 U.S. Dist. LEXIS 7299 (D. Ariz., Apr. 19, 2000)

Facts: Ingram is a wholesale distributor of microcomputer products. Ingram uses a computer system to track all of their business transactions. Ingram’s computers are insured by American, under a policy covering real and personal property and loss of business income. The policy insures against all risks of direct physical loss or damage.

On December 22, 1998, Ingram’s data center had a power outage. Although electrical service to the buildings continued, all of the electronic equipment, including the computers and telephones, stopped working. As a result, Ingram could not conduct business in either the United States or Europe. After eight hours, during which Ingram employees strove to discover and solve the problem, power was restored to the electronics by bypassing a faulty switch.

When the power outage occurred, all of the programming information disappeared from the random access memory of the computers. The customized configurations Ingram’s computers had used before the outage were different than the default settings that were restored afterwards. As a result, the con- figurations had to be reprogrammed before business could resume.

Ingram filed a claim under its policy with American. American denied coverage, and Ingram sued.

Issue: Did Ingram suffer a loss attributable to direct physical damage to its property?

Discussion: American contended that because the computer system and switch were not physically damaged, the loss was not covered. Both items worked after power was restored, and the inherent ability to accept and process data and configuration settings was not adversely affected.

Ingram’s argument was that “physical damage” includes loss of use and functionality. When power was restored, the computer system could not function until it had been “repaired” by restoring the custom configurations.

The court found Ingram’s argument to be more persuasive, saying:

At a time when computer technology dominates our professional as well as personal lives, the Court must side with Ingram’s broader definition of “physical damage.” The Court finds that “physical damage” is not restricted to the physical destruc- tion or harm of computer circuitry, but includes loss of access, loss of use and loss of functionality.

The court went on to note:

Lawmakers around the country have determined that when a computer’s data is unavailable, there is damage, when a computer’s services are interrupted, there is damage; and when a computer’s software or network is altered, there is damage. Restricting the Policy’s language to that proposed by American would be archaic.

Holding: For Ingram. The policy covered the loss. (continued)

rog80328_14_c14_286-306.indd 303 9/20/16 11:05 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

304

Section 14.7 Chapter Summary CHAPTER 14

Case Study: American Guarantee & Liability Insurance Co. v. Ingram Micro, Inc. (continued)

Questions for Discussion

1. Does the court’s definition of physical damage make sense to you? 2. Note that although Ingram eventually won their case, it was only after they had spent time

and money on a lawsuit. If you had a business that relied heavily on computer operations, are there additional clauses you would want put in your insurance policy to avoid this sort of situ- ation in the first place? What sort of hazards have you learned about in this chapter that might be relevant here?

3. In another case involving loss of data due to alleged negligent service on a computer system, insurance coverage was denied but the court upheld the insurance company’s decision. There, the language in the policy referred to “physical injury to tangible property.” How might that be distinguished from the policy language in the Ingram case? Do you agree with the distinction?

Case Study: E. & J. Gallo Winery v. Spider Webs Ltd.

129 F. Supp. 2d 1033 (S.D. Tex. 2001)

Facts: E. & J. Gallo Winery (Gallo) is a California corporation founded in 1953 that produces and sells alcoholic beverages under its various trade names. Gallo registered the mark ERNEST & JULIO GALLO with the U.S. Patent and Trademark Office in 1964. Gallo has sold more than four billion bottles of wine bearing the Gallo trademarks and has spent over $500 million promoting its brand name. Gallo owns several Internet domain names incorporating Gallo’s registered trademarks, e.g., GALLOWINERY.COM. Spider Webs Ltd (Spider Webs), a Texas partnership, registered about 2,000 Internet domain names and offered them for sale on its website and eBay.com. In 1999, Spider Webs registered the domain name “ERNESTANDJULIOGALLO.COM” to sell it for profit. Gallo sued Spider Webs for violation of the Anti-Cybersquatting Consumer Protection Act (ACPA). Gallo asked for a permanent injunction to pre- vent Spider Webs from using the Internet domain name ERNESTANDJULIOGALLO.COM and registering any domain name that contains the words “Gallo,” “Ernest,” and “Julio.” Gallo also asked for damages. After the suit began, Spider Webs published a website at ERNESTANDJULIOGALLO.COM to discuss the pending litigation and risks of alcohol use.

Issues: Did Spider Webs violate the ACPA by registering the domain name “ERNESTANDJULIOGALLO .COM”? Did Gallo satisfy the conditions to justify a permanent injunction?

Discussion: The trial court noted the goal of the ACPA—to protect businesses from “cybersquatting” (the “abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks”). The evidence proved that Spider Webs registered the domain name ERNESTANDJULIOGALLO.COM with “a bad faith intent to profit from the (continued)

rog80328_14_c14_286-306.indd 304 9/20/16 11:05 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

305

Section 14.7 Chapter Summary CHAPTER 14

Critical Thinking Questions

1. Write down a list of the advertisements you see when you browse the Internet. Do the advertisers seem to know your age range and your gender? Do they know something about your interests? Make a profile of the person the advertisers think you are. Where do you think they compiled this data from? Can you think of sites you have visited that would give this impression of you?

2. If you use social media such as Facebook, how familiar are you with their pri- vacy policy? How easy is it to figure out what information they are collecting and what is being done with it? Can you tell from Facebook’s site how to delete an account and the information posted?

Case Study: E. & J. Gallo Winery v. Spider Webs Ltd. (continued)

sale of the domain name.” Gallo registered the trademark “ERNEST & JULIO GALLO,” but Spider Webs had “no intellectual property interest” in the name “ERNESTANDJULIOGALLO” apart from its regis- tered domain. Therefore, Spider Webs violated the ACPA. To be granted an injunction, a plaintiff must show the existence of a wrongful act, the existence of imminent harm and irreparable injury, and the absence of an adequate remedy at law. The wrongful use of the ERNESTANDJULIOGALLO.COM website by Spider Webs, especially publication of disparaging comments about the current lawsuit and alcohol use, proved the existence of imminent and irreparable harm. The court concluded that Gallo satisfied conditions for being granted a permanent injunction.

Holding: The court ordered a permanent injunction to Spider Webs against using the Internet domain name ERNESTANDJULIOGALLO.COM and registering any domain name that contains the words “Gallo,” “Ernest,” and “Julio.” The court found Spider Webs and its partners jointly and severally liable to Gallo for $25,000.

Questions for Discussion

1. What evidence is there that the trademark Gallo registered was well-known and distinctive? Did Gallo register an Internet domain name?

2. Why did Spider Webs register the domain name ERNESTANDJULIOGALLO.COM? Was this registration made in good faith?

3. Why did Gallo sue Spider Webs, asking the court for a permanent injunction? What is a permanent injunction? What conditions must a plaintiff satisfy to be granted a permanent injunction?

4. The main issue of the lawsuit is an allegation of a violation of the ACPA. Why did Gallo sue Spider Webs in a federal court instead of a state court?

5. Imagine you are a business owner planning to launch your website. What should you do to make sure your business name is not used by other companies? Why is it important for business own- ers to ensure that their trademarks are not subjected to “cybersquatting”?

rog80328_14_c14_286-306.indd 305 9/20/16 11:05 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.

306

Section 14.7 Chapter Summary CHAPTER 14

click-wrap An agreement that one must make in order to use a program or website. They are often very long and complex and many people never read them.

cookies Tracking programs installed on computers to track Internet usage, often without the computer owner’s awareness.

cyberlaw A general term referring to vari- ous laws regulating the Internet and com- puter usage. It can include criminal, tort, regulatory, and intellectual property law.

digital rights management (DRM) Any technology that inhibits uses of digital content. Often used by manufacturers of music CDs, DVDs, and software to prevent copying after first sale.

hacking Gaining unauthorized access to a computer.

phishing Internet-based type of fraud that involves sending an e-mail that appears to come from a legitimate source such as a bank, asking the victim to click on a link that takes him to a dummy site, where he is asked to” verify” personal information.

spam The Internet equivalent of junk mail, unsolicited and often sent in bulk.

use tax A tax paid by a consumer on pur- chases, as opposed to a sales tax, which is paid by the seller.

Hypothetical Case Problems

Case 1. Terrell sends an e-mail “bomb” to his ex-girlfriend, Sofia, which floods her inbox with 200,000 e-mails. What statute has Terrell possibly violated?

Case 2. Amazon.com allows people to post reviews on items sold on the site. Ama- zon’s policy suggests that posters be civil. Amazon retains editorial rights over content. Jerome published several books about how to avoid pay- ing taxes and sold them through Amazon. Some readers posted negative reviews; a few went so far as to label Jerome a “crook” and a “felon.” Jerome complained to Amazon, which agreed to remove the posts. After two days, the posts were still there so Jerome sued Amazon. Will the CDA’s “safe har- bor” prevent Amazon from being held liable?

Case 3. Cyberheat, Inc. ran a website with sexually explicit content for consenting adults. It contracted with other companies, called affiliates, to direct potential subscribers to its site. It provided the affiliates with a hyperlink to sexually explicit images. Some of the affiliates sent e-mail with fake subject lines that contained porn in the message. The FTC received over 400 complaints from consumers. Which federal law may Cyberheat have violated?

Key Terms

rog80328_14_c14_286-306.indd 306 9/20/16 11:05 AM

© 2016 Bridgepoint Education, Inc. All rights reserved. Not for resale or redistribution.