Altruistic World Online Library

[admin]

MySpace Hacking Indictment Well Supported, by John W. Dozier

May 17, 2008

The federal prosecutors in California obviously did their legal research before asking the grand jury to indict under the Computer Fraud and Abuse Act in the myspace.com suicide case. I don't like the statute's seemingly over-broad reach. I've criticized the statute in the past for the very same reasons some of the free speech liberal commentators object all over the airwaves today. The difference, however, is that I don't pretend to make the law mean what I would like for it to mean. It is what it is. And, as it is written, the prosecutors believe they are right, I think they are right, and the 9th Circuit does too!

Wonder if the prosecutors read my blog entry from last June about Dozier Internet Law and our view on the law of hacking? And I wonder how many of these law professors and talking heads on TV have ever tried a hacking or unauthorized access case? Maybe the prosecutors are new to this, maybe they aren't. But at least they did their legal research. Commentators, particularly the "free speechers" expressing outrage over the indictment, should be so diligent. There's at least one law professor so outraged he is offering his legal services for free. A little research, Mr. Professor, may be in order. Here's why:

California is in the 9th Circuit. I suggest anyone interested in commenting on the case who also wants to sound somewhat knowledgeable read the Middleton v. US case decided by the 9th Circuit. I suspect the prosecutors will use this case to argue that unauthorized access causing damage or loss has already been recognized as a crime in the 9th Circuit. Lay on top of that decision another 9th Circuit case, Creative Computing v. Getloaded.com, which Dozier Internet Law argued before the 9th Circuit, and you can see that the rationale the prosecutors are using has already been established in the 9th Circuit Court of Appeals in a couple of decisions. The trial court HAS TO follow this case law from the 9th Circuit Court of Appeals! Anywhere else in the country and they would not have a trial court bound by this precedent. Smart prosecutors, I would say.

Visit the Dozier Internet Law Hacking page on our site and you can see that our interpretation has always been that such access in violation of a user agreement or terms of use violates not only the CFAA but also many, many state computer crime laws. For those who think that the CFAA applies only to damage to a computer, read the code sections again. And for those who believe that a damage or loss could not include personal injury or death, view the expansive definition of "loss". How could this statute evolve since its passage in the late 1990s to be so inclusive today? 9/11 and the Patriot Act, frankly. You can research the changes that were made to the law, review the legislative history, and read the Computer Fraud and Abuse Act from top to bottom. You may even want to re-read the Dozier Internet Law Hacker Blog Entry from last June in which I made the same points the prosecutor will likely be relying upon, and described a criminal hacking trial for which I was lead counsel in which the Judge also found that violating a terms of use is unauthorized access (won on other grounds).

No, this is not an unprecedented case. The FBI and Department of Justice recently raided our client's offices in Florida based on an alleged website user agreement violation. Another FBI investigation targeted a client for doing the same thing in Northern California. The concepts may seem novel or unique to those feigning expertise in this area of the law. But, the indictment is likely well grounded in law, and I am not surprised at all that the prosecutors brought charges under the CFAA. Particularly in California and the 9th Circuit.

The lesson, of course, is that those contracts you agree to online are binding, and those abusing a website and joining the world of online scofflaws had better watch out. I still don't like the statutes that associate hackers with non-malicious unauthorized access. But, no matter how hard the left wing, free speech commentators try, they can't change the law. They see it as they want it to be. We see it as it is. And it is what it is! Ask the 9th Circuit.

[admin]

November 1 Drop Dead Date for Compliance with New FTC ID Theft Rules, by John W. Dozier

July 16, 2008

Dozier Internet Law today issued a special advisory notice relating to the new Federal Trade Commission requirements for creditors set to go into effect on November 1, 2008. This is the date of compliance-which means that if you are an online business extending credit you may be covered under the law.

These new rules mandate the development and implementation of a written program that identifies and detects "red flags" of identity theft. The program must also describe appropriate responses that would prevent or mitigate the crime and detail a plan to update the program, must be managed by senior employees, and must include oversight provisions for contractors and third party service providers. The program documentation and business process needs to be reasonable given the nature of an online business, but this is an objective reasonableness. In other words, a small business owner's subjective thoughts of what is reasonable is not the measure of adequacy or compliance.

Dozier Internet Law provides coverage advice and assists in the drafting, documentation, and implementation of the processes required by these new rules. It is essential that if your online business takes credit card payments or otherwise extends, renews, continues, or receives through assignment credit commitments you have a qualified attorney determine if your business is covered by these "Red Flag" rules. While many of the indications of identity theft are already used by businesses to avoid credit losses, the key to compliance with the Federal Trade Commission rules, and avoiding prosecution, civil fines, and potentially devastating publicity that cuts to the core of a small business' customer relationships, is to document reasonable processes in a formalized manner.

[admin]

Hackers Hack Away at DefCon Annual Convention, by John W. Dozier

August 19, 2008



Defcon, the annual convention in Las Vegas, began August 8 and it looks like the hackers sitting in the audience and participating in the hacking competitions spent two days trying to hack into the Dozier Internet Law website using SQL Injection Attacks, Mambo Exploits, encoded cross site scripting attempts, shared ciphers overflow attempts, and the like. The frustrated perpetrators (they never got access) were sitting in the Riviera Hotel ballrooms, I suspect, listening to the presentations, and participating in the now infamous "free for all" where the attendees hack into systems in an "Olympian-like" competition to gain bragging rights. The attempts likely came through "backdoor" exploits of webservers around the globe. The favorite and most common ISP access was from Vietnam and China, with Beijing the host and doorway of the Olympic Games as well as many, many hackers.

The Electronic Frontier Foundation staffed a booth full of lawyers to help hackers deal with "bogus legal threats" (the EFF's own words). While attending to their session presentations, offering advice, and driving the underworld of the web to the annual EFF fundraiser, they were losing big time in Court. Then the EFF filed legal documents, released press releases, and held news conferences in which they claimed DefCon attendees are akin to "security researchers" that are gathered in Vegas to listen to presentations involving security.

That's absurd. The graph above shows what these hackers do. They come to Vegas to learn how to hack into systems and create havoc. Going after law firm websites and administration areas that contain attorney/client protected communications and documentation, and even court ordered "sealed" files, is a direct attack on the integrity of the judicial process and the judiciary. And our experience at Dozier Internet Law is just the tip of the iceberg.

This convention wouldn't even exist if the FBI, CIA, Department of Justice, and the National Security Agency and others weren't so anxious to infiltrate it every year for intelligence. Think about it. Hackers from around the world come together once a year and learn how to hack better. Those that support and encourage and facilitate these hackers cannot hide behind the "I didn't know they were hacking while I spoke" defense. Yes, there are researchers and intellectuals and law students and college professors in attendance. But, for the most part, there are hackers learning and improving their trade. And despite EFF's absurd contentions otherwise, the Computer Fraud and Abuse Act, as well as many state computer crime statutes, can and should be used to prevent the aiding and abetting that is the core benefit seen by most attendees.

"SECURITY RESEARCHERS"? Give me a break, Electronic Frontier Foundation. While your lawyers call the hacking laws "bogus", and tell hackers how they can ignore the "bogus" laws, all of the scofflaws are being emboldened by your advice and guidance. The only reason there isn't a round up and indictments for hacking, conspiracy and aiding and abetting is because your annual conference is infiltrated so extensively by the government that it provides a honeypot of intelligence. And adding some professors and other intellectuals to the mixing pot won't clean things up.

Notice to EFF: DefCon is for hackers. Many attendees commit criminal acts while in attendance in organized war games. Others commit criminal acts as they learn the tools of the trade in the very ballroom during speaker presentations. They hack into banks, into personal computers, into businesses, into government agencies, and steal private information, cost businesses billions of dollars annually, and ruin the financial well-being and impair the emotional stability of individuals all across our country. This is the mob of the 21st century; this is the mobosphere. They are hoodlums, thieves, scoundrels, and all too often already convicted felons after the next easy mark.

The only "security researchers" in attendance, I suspect, are the good guys. But then again, they don't need legal advice from EFF, do they?

8/26/08 Update: There have been some of the 9,000 attendees who have blogged this and defended DefCom by pointing out that there are bad eggs everywhere, and most of the attendees are "good guys".

Anyone can attend, unless, as real life experience tells us, you are a SPEAKER arrested by the Feds, a REPORTER "outed" by the Conference management and pursued by a mob of attendees, or a registrant intercepted at our border before getting into the US. Couple that with the session this year on how to hack a Boston public transit system and get "free fares for life" (interrupted appropriately by a Federal Court lawsuit and injunction), and the MSBlast Worm and Virus fiasco of several years ago where the Department of Homeland Security had to issue a global alert the day before the conference, and the many, many other incidents that are recorded for posterity online. And then lay on top of that the Electronic Frontier Foundation's prominent and high profile attendance and involvement at the conference attacking our computer crime laws as "absurd"...laws passed and strengthened post 9/11 by the US Congress.

Are the "good guy" attendees naive? Are they in a state of denial? Are they willing to overlook the "open access" problem in order to keep their employer picking up the tab for three days of partying, fun, gambling etc. in Vegas? Or are they enjoying the short time they have each year being exposed to the "dark side"?

So, here I am, getting feedback from those in the know that I "got it right on". And yes, I agree with some of the feedback I have received...the irony is not lost on me...supposed security professionals operating in an insecure and uncontrollable environment and unable, or unwilling, to recognize a huge and pervasive security risk.

Here are some suggestions: Establish some meaningful vetting of attendees, require full disclosure and contractual commitments, screen out the presentations that rely upon illegal hacking for the subject matter, get rid of the "aliases" used by attendees to hide identities, and act responsibly.

What happens in Vegas, stays in Vegas? If only that were true.

[admin]

New Affiliate Marketing Laws Go Into Effect October 1, 2008, by John W. Dozier

August 21, 2008

The affiliate marketing provisions of the Fair and Accurate Credit Transactions Act ("FACTA") go into effect October 1, 2008. Dozier Internet Law has added the compliance analysis to our legal audits. In a nutshell (it is really quite complicated) an affiliate marketer transferring leads or personally identifiable information to its advertiser requires advance notice to a consumer and an effective 30 day opt-out option.

Penalties? Up to $1,000 per violation (per each solicitation attempt), plus punitive damages and attorneys' fees. In other words, violations will likely bring class action lawsuits and create exposure that is enormous for affiliate marketers.

Dozier Internet Law recommends:

First: Every affiliate marketer consider its particular information-sharing and marketing practices, today and in the future, to determine whether a notice and opt-out opportunity must be given.

Second: Affiliates should consider whether Advertisers are categorizing the affiliate as subject to the Act, and if so determine whether Affiliate Marketing Agreements require compliance in the contract, even if the Affiliate Marketer is operating outside the scope of the Federal Law definition.

Third: Merchants, Advertisers, and Affiliate Managers should review their Affiliate Marketing Agreements to make sure this new law is taken into account in the contract, and then implement appropriate performance standards, creatives, and the like for affiliates.

Fourth: Everyone should get ready to be compliant by October 1, and be prepared to assure and prove compliance with both internal and external facing performance standards.

Fifth: Check and see if there were state laws that mandated certain disclosures and affirmative permission from a consumer that now may be PREEMPTED by this federal law. Yes, there is a preemption provision effectively invalidating state laws that purport to regulate the marketing activities now covered by this Federal law. That could be a good thing for affiliates and merchants and everyone else involved.

Sixth: Keep in mind that there is a work-around for the much talked about 30 day opt-out provision.

Dozier Internet Law offers compliance services in a broad range of online legal areas, with a strong emphasis on affiliate marketing. Whether you use our firm, or someone else, really consider getting some help in this area. One wrong step can have enormous and adverse consequences. And, keep in mind that things are not going to get any easier. There is a lot of proposed legislation and proposed rules that will continue to impact the affiliate marketing community.

[admin]

Dozier Internet Law Federal Court Report, by John W. Dozier

September 04, 2008

At Dozier Internet Law we monitor the Federal Courts everyday and once a month prepare summaries of the most important and interesting lawsuits filed. You can imagine the number of lawsuits I personally go through each month. It's enlightening to see what the trends and latest and greatest theories of recovery are in the Federal Court.

You can get the complete lawsuit off of the Pacer system. But, we do not provide copies of the lawsuits to third parties. At Dozier Internet Law we'll give you a heads up, and I spend a lot of time each month authoring the Dozier Internet Law Federal Court Report. One day all of the state courts will be online and we'll be able to add the lawsuits filed around the country in the state court systems to our report.

The Ronald J. Riley lawsuit will be available online shortly.

[admin]

Ronald J. Riley and Inventored.org Sued, by John W. Dozier

September 05, 2008

Dozier Internet Law has filed a lawsuit in the Circuit Court of the County of Henrico, Virginia against Ronald J. Riley and a total of eleven of his businesses and fictitious names. In response to recent legal action by this law firm against Riley, he is attempting to convince the blogosphere that this lawsuit is an attack on his free speech rights. Just the opposite is true. Ronald J. Riley's misconduct includes his attacking bloggers and blog and forum moderators with threats of getting IP addresses of anonymous bloggers and then tracking them down. Ronald J. Riley is not at all what he seems to be.

The Dozier Internet Law lawsuit resulted from a year long investigation of Ronald J. Riley and took us from interviews with Harvard Law School to Nobel Prize Winners. The discoveries about Mr. Riley along the way are troubling, and as he attempts to continue his attacks on his critics, a well rounded understanding of who Mr. Riley is and how he operates will be profoundly revealing and educational.

Update: The Dozier Internet Law lawsuit is available online now. You may also be interested in the blogosphere's take on Ronald J. Riley and news coverage of Ronald J. Riley from the hometown of the Nobel Prize Winner referenced in the lawsuit.

[admin]

$400,000 Judgment For Using Competitor Name, by John W. Dozier

September 18, 2008

Dozier Internet Law often deals with situations in which a competitor is using another competitor's name, and while this area of law is clearly evolving, the Courts are beginning to understand the nuances associated with the power of this practice for SEO purposes, and reacting appropriately.

An excellent court decision crossed my desk about the August 28, 2008 First Circuit Court of Appeals opinion confirming a judgment for over $400,000 against a small business. The "offense"? Trademark infringement. In particular, the defendant used a competitor's name in its "metatags", and in the content of the site in white lettering with a white background, obviously for SEO purposes. And that is all that was proven. Both the US District Court that awarded the judgment and the First Circuit agreed that both uses infringed on the plaintiff's trademarks.

My guess is that the defendant took the advice of some of the commentators you see online and I suspect, given the other facts of how the case was handled, assumed the Court would conclude there was no trademark infringement. The end result was a judgment for all of the net profits of the Defendant's entire business for the last three and a half years, which was $230,339, plus attorney fees of $188,583, and to add insult to injury, another $7,500 in costs.

Eric Goldman blogs about how "wrong" this decision is. He claims that "metatags don't matter from a technology perspective", citing to his own blog post in which he claims, well..."metatags don't matter". Dozier Internet Law and the Courts, on the other hand, know they do. But this case was also about using a competitor's name in the content, something Goldman missed, I guess.

First, metatag descriptions are used by Google and Yahoo and most search engines. Metatag keywords are used by meta search engines, and other search engines. Anyone with even a passing understanding of search engine optimization would understand that Goldman's off base here and he really does not seem to grasp how SEO and the algorithms of search engines function.

Now, with respect to using competing trademarks in your content, the search engines use those terms to decide when to return a result. So, if someone is searching for Sears, and Walmart repeatedly, and with search engine optimization principles in mind, uses the Sears name on a page of its site, Walmart will come up in the search results when someone is looking for Sears. And thus the problem. If Walmart uses the Sears trademark in the coded title of the page, in an HTML header, repeats it three times, and uses anchored hypertext links with the name to mislead the search engines into believing that a Walmart page is a Sears page, then it becomes more and more apparent what is going on, and the Walmart result will move higher in searches seeking "Sears". There are many other SEO techniques surrounding the Sears name that could be employed, which I won't discuss here. Suffice it to say that the Courts, both the US District Court and Circuit Court, got it right.

By the way, I use Sears and Walmart as an example only. I don't know of any information that suggests either one of these companies is doing this...for what should be obvious reasons to everyone who REALLY understands the law and business of the web.

Obvious, according to the Court decision, even to the Defendant in this case...the Courts found that the defendant "admittedly took these actions because he had heard that Venture's marks would attract people using internet search engines to the McGills website."

[admin]

Dozier Internet Law v. Ronald J. Riley, et. al., by John W. Dozier

September 27, 2008

Well, at Dozier Internet Law, enough is enough. Anyone who knows Ronald J. Riley seems to know about his "antics" online. And from the response we have received from what seems to be all corners of the country, a lot of people are very upset with Riley. Businesses and people want us to represent them and sue Riley on a broad range of claims. The allegations against Ronald J. Riley continue to evolve. Just check out comments about Ronald J. Riley on Techdirt . The Dozier Internet Law lawsuit is here: Ronald J. Riley lawsuit.

Since we decided to move forward with a lawsuit exposing what we believe is an extensive pattern of misconduct, Ronald J. Riley has been working hard to try and get us. Let's follow what he has been doing:

1) His webhost pulled his sites down for violations of terms of use. Riley countered by buying "sucks" domain names of the webhost. From what I understand, he threatened to sue the webhost.

2) His second webhost terminated his account. He then moved his sites to a third webhost as of today. I suspect he will also be terminated by this webhost very soon. Perhaps the hosts simply don't want to risk being tied up in litigation and risk potential "aiding and abetting", "conspiracy", and "contributory trademark infringement" claims as defendants and witnesses in the pending and future litigation and investigations, but my guess is that they just don't like what Riley has been doing, either.

3) Riley went out and "bumped" forum posts and blogs he has published critical of our firm, mostly on free speech sites that disagree with our ongoing efforts to encourage the proper policing of the web, and posted "spam" comments, which is the same cut and paste craziness he has been using for many months, obviously trying to get his negative attacks presented as results on the first page of Google results when someone searches "Dozier Internet Law".

4) Riley opened a number of blogs and tried using our name in posting his canned spam comment critical of our firm. Just as quickly as he was opening these and launching the blogs, the blog owners like Google (blogspot) and others were unilaterally terminating his accounts for what they considered terms of use violations.

5) Riley opened up forum subjects on "fraud" websites trying to make this lawsuit look like a free speech issue and exhorting the masses to assist him by launching "sucks" sites against our firm and specific attorneys within our firm. It looks like someone took him up on it for a day or so, and then probably figured out the truth about Riley and promptly pulled it down before we even found it. No one else has taken him up on it, and most of the websites have removed his posts.

6) Ronald J. Riley appears to have taken at least one old article from the web and posted it in a forum as if the article was brand new, under the apparent guise of a submission from the true author, in an effort to once again get what he clearly perceives as "negative" search results showing. The site promptly pulled the article and forum posting down.

7) Riley has been trying mightily to "rally" the free speech expansionists and Dozier Internet Law has seen some rather childish efforts by a very few commentators to defend Riley. In fact, the Ronald J. Riley Techdirt.com article referenced above was begun as a defense of Riley, but commentators from all over the web used it as a forum to lay out in details the alleged widespread misconduct of Ronald J. Riley.

8) There is a Ronald J. Riley Blog that lays out in detail allegations against Riley, and the owner of the blog claims that Riley copied the blog, placed it on his own server on his own site, and is trying to get Google to see both as "duplicate content" and "sandbox" the blog far down in search results so people won't see it when researching Riley. Now the owner is claiming that someone has hacked into his site and embedded an html code in his site code that prevents search engines from indexing it.

9) Riley is using other Search Engine Optimization techniques to attempt to increase the popularity of his negative posts in the hopes of getting these to be displayed more prominently.

10) Within a couple days of the Dozier Internet Law lawsuit being filed, we saw a post on about Ronald J. Riley on techdirt.com defending Riley, and the blogosphere quickly claimed, with some pretty strong evidence, that it was from Riley using an alias. The response? New and more aggressive rounds of criticism of Riley, even by some who had the knee-jerk reaction to initially defend Riley.

Now I am hearing, although I have no way of confirming this right now, that Riley was asked to leave the membership of the Young Inventor's Group, which is a nationwide group for children to submit their inventions for acceptance, publication and awards...because he was stealing their inventions. Ronald J. Riley stealing kids' inventions? I find that a bit hard to believe, even for a fellow like Riley. I did get a link to the court decision about the lawsuit that Riley's daughter's teacher filed against him after he launched a site attacking her. Interesting read.

I guess Riley thinks that he can carry on as he always has and hide behind some perceived blanket of protections. But reality is otherwise. And if he thinks we don't know what he is doing, how he is doing it, and how to deal with him, then he is mistaken, clouded in his limited wisdom and judgment by his misperception of reality.

The fact is that there is a small percentage of scofflaws out there on the web creating problems for the blogosphere as a whole. And the blogosphere understands that unless it "self-regulates", we will all be subject to formalized government and legal regulatory mandates that will be much more burdensome and create far more numerous and serious problems than exist in a self regulated environment. So, the blogosphere is policing Ronald J. Riley. Good for the blogosphere and the online industry!

[admin]

US Senate Passes Pro-IP Bill, by John W. Dozier

September 29, 2008

At Dozier Internet Law, we represent a lot of businesses in protecting their intellectual property. On the other hand, we represent a lot of businesses accused of intellectual property infringement and theft. So unlike the IP owner special interest groups, which are always going to support stronger IP laws, and the "public interest" groups, which are always going to oppose stronger IP law enforcement, we don't have a preconceived agenda to push, except to try and encourage smart and thoughtful legislation and enforcement decisions.

There is always a balancing act to legislating, of course. In my lobbying days in the 1980s and 90s, I was always impressed by state and congressional legislators' willingness to listen to objective and fair advice. But keep in mind that this bill is being pushed by both sides, Republicans and Democrats, with the support of the RIAA and business concerns, and the support of the AFL-CIO and labor concerns. So, that is a formidable combination unlikely to be defeated.

That being said, the bill, which is headed to the President for his signature, is pretty broad and potentially expands beyond reason the parties and penalties subject to the US Intellectual Property laws. There is going to have to be a lot of prosecutorial restraint exercised to avoid very unpleasant and cataclismic unwarranted and unjustified damage to businesses involved in E-commerce. Dozier Internet Law will give a more detailed review of the law once the President signs it. But vesting greater power in prosecutors to pursue IP theft/infringement and seize associated assets is not a good practice. Because, unfortunately, the "greater power" gives the prosecutor far greater discretion. And it seems to me, from what we are seeing, that broader prosecutorial discretion in complex IP and IT cases is a recipe for disaster.

I cannot forget our ISP client being sued for spam and ending up in bankruptcy, even though they were likely not liable. I cannot ignore the "mistake" made by the Connecticut state police in getting the IP address of our client wrong, raiding his house, seizing his work computers, and then dropping all charges without as much as an apology. I still recall the the FBI raiding our business client's two offices for "hacking"...falsely reported to them by a competitor, or the Utah police taking out criminal charges for what was obviously a "standard fare" civil intellectual property dispute, or a pending prosecution for posting something on Craigslist that is blatantly unconstitutional on its face. Being pro-business does not always mean being biased or prejudiced, or even inclined, towards the protection and prosecution of IP. We handle matters on both sides. But it does mean supporting smart, well conceived, understandable, and fair laws and the attendant prosecution of those laws.

And that is the problem with discretion. Government can put a business out of business using their own "judgment" and "expertise". Just look at last week's seizure by Kentucky of the domain names of alleged gambling sites under the guise that the domain names are an instrumentality of illegal gambling without notice to anyone! This is a complex issue. Litigate first, then obtain the remedy second. But don't go out and shut down businesses because you think you have an argument that you might be right. That is the problem with prosecutorial discretion in a subject matter that mixes technology and the business of the web with unclear laws.

How did we get here? Well, the RIAA tactics of suing first and asking questions second, according to public interest groups, is savage and merciless, they say. The public interest groups are likewise pretty aggressive in explaining how to get rid of evidence of true illegality, representing scofflaws for free, and dishing out legal guidance that is just plain wrong, but gives the "mobsophere" a false sense of security that leads to more brazen misconduct.

Self policing and self regulation did not work. Public interest groups like Public Citizen, Electronic Frontier Foundation, the ACLU and the like did not use appropriate restraint and reasoned judgment, but instead fostered IP problems by fighting for the rights of the "maligned", but really just promoting a false sense that stealing the IP of others is quite alright.

Now we have Congress over-reacting, as so often happens. The pendulum has now swung too far off center. It is caused, indeed, by the inability of the public interest groups to see the bigger picture. And it is not good for the public, it is not good for web businesses, and it is not good for the online world as a whole. And just watch how many stay legislators decide that this type of law would be good for their state. It is only going to get uglier for everybody.

One day, Congress and state legislatures may realize they went too far, and the pendulum will swing back. Let's hope next time it swings back to the middle with a fair and balanced solution. And the RIAA and the IP owners will likely be to blame if that happens for having been too aggressive in their enforcement efforts. My gut tells me, however, that the business interests and IP owners (RIAA included) may know a good thing when they see it, use very measured self-restraint, and ride this law for a long, long time.

The public interest groups could learn a thing or two about self-restraint and good judgment if that happens.

Update: The public interest blogosphere is full of claims that the President will veto this bill. Unfortunately, the vote passing it out was far in excess of 2/3 in support, which means the bill is "veto proof".

[admin]

MySpace Suicide Case Dismissal Coming?, by John W. Dozier

November 21, 2008

We've been involved in quite a few "hacking" and unauthorized computer access cases on both sides of the issue. Several years ago Dozier Internet Law convinced a Judge, after the prosecution had rested, to dismiss a criminal case much like the MySpace suicide case going on in LA right now. We've also used Terms of Use provisions to convince the FBI in a couple of serious cases to abandon its plans for prosecution. In this case, reports indicate the defendant did not set up the account and never read the terms of use. Defense counsel are therefore arguing that the US Attorney cannot prove she accessed the MySpace site without authorization.

This does raise a number of issues...how could she know that she was violating the terms of use if she never read them? Well, there is caselaw to support holding a user of an account responsible for abiding by the Terms of Use of a site even if they were not read. Otherwise, all one would have to do is have a friend open an account and give you the password and you could never be liable for violating the rules. So that argument isn't very convincing. MySpace has its Terms of Use linked on the bottom of pages, so it was available whether you sign up or not. Many sites don't require an independent, conscious acknowledgement by a user of the terms of use and simply link to them on the pages, but most believe they are legally binding. An analogy in the offline world would be the printed language on an unsigned invoice. I've tried that case dozens of times, and the Courts regularly recognize those terms as binding.

Dozier Internet Law was lead counsel in a two week civil trial in which the US District Court (in the 9th Circuit which covers California) found that accessing a site, even when there were no terms of use on the site at all, was unauthorized access. But in that case the party accessing the site had been told not to do so. Now if we look to the equivalent state statutes, they are most often referred to as "computer trespass" laws. And if we think about trespass in the traditional sense, land that is "posted" with "no trespassing" signs is all that is necessary to establish a lack of permission to enter upon the land. Even when the typical defense arises that "I didn't see the sign", and "I entered in between two signs and did not see them", those aren't defenses.

On the other hand, a requirement of proving the elements of "intentional access without authorization" isn't necessarily as clear. The best interpretation, it seems to me, is that the "intentional" requirement relates to the volition involved in the act of accessing a computer, and the "authorization" means affirmative permission to do an act. So, this may be more of an issue of whether the party accessing a computer obtained permission, as opposed to whether that party actually new it did not have permission (didn't read the terms of use). This is clearly new ground being explored.

But here is reality...the prosecutors have reportedly given the party who opened the account and actively participated in some of the mischief complete immunity. My instincts tell me that this will impact the Judge's perception of the legal issues, and given the high burden of proving a criminal offense, this could lead to the conclusion that a jury could not find "beyond a reasonable doubt" a lack of authorization. Case Dismissed! If the Judge really considers the issues, I think the case will go forward, he will allow the defense to put on their case, and let it go to the jury. If the Jury convicts, then the Judge is going to have to make a really hard call on this.

And if there is a dismissal, the decision won't really address the key issue being followed, which is whether you can sign up for a website and then get charged criminally when you violate the terms of use and cause the requisite damages. Also overlooked is the fact that while this prosecution is being brought for an alleged violation of Federal law, there are many states with similar laws on the books (and frankly much easier to prove up).

One thing is for sure. We are a long, long way from defining the law of "computer trespass", no matter how this case comes out.

FINAL COMMENT: It remains clear, though, that this prosecution has never been, as Public Citizen, Electronic Frontier Foundation, and the ACLU types would have you believe, outrageous and unjustified prosecutorial abuse. Trust me that this case is really just standard fare for attorneys who actually deal with these issues on a regular basis. And whatever the decision, First Amendment extremists can rest assured that the Internet will not be disrupted, the foundation of E-Commerce will not collapse, and the sky will not fall. But it doesn't really help a Judge to be offering up "Chicken Little" legal briefs. Try something new-cut him some slack and don't attack him personally in the press and online if he does not agree with your view of the law or the world.

UPDATE (Monday 11/24/08): Prescient? (No, but a good guess!) The motion to dismiss was taken under advisement by the Judge. Judge Wu indicated Monday he might not rule on the dismissal motion until after a jury verdict.