Mod a Game Console, Go to Jail

I’ve been puzzling over the 6th Circuit’s new opinion in United States v. Reichert (No. 13-3479, Mar. 28, 2014), in which a divided panel affirmed a defendant’s criminal conviction for violating the Digital Millennium Copyright Act’s anti-trafficking rule (17 U.S.C. § 1201(a)(2)) based on the defendant’s sale of a “modded” video game console to an undercover federal agent.

It’s a confusing opinion. Part of the confusion may have to do with my relative unfamiliarity with criminal law; most of the majority’s opinion is devoted to explaining why the defendant’s violation met the “willfulness” mens rea standard of 17 U.S.C. § 1204(a) despite the defendant’s apparent ignorance of the DMCA. I personally find troubling the court’s characterization of “willfulness” as permitting conviction based on proof that the defendant “deliberately ignored a high probability that he was trafficking in technology” that the DMCA in fact forbids (irrespective of whether the defendant knew that the DMCA forbid such trafficking), which seems to me inconsistent with United States v. Liu, 731 F.3d 982 (9th Cir. 2013), a case that engaged in a much more careful analysis of copyright’s criminal mens rea requirements than does the Reichert panel. But perhaps I’m misreading the court’s opinion on this point; criminal law isn’t my specialty.

My more basic problem is that, quite apart from the mens rea issue, I am having a hard time understanding the underlying DMCA claim. Read more…

Cybercrime’s International Challenges

Jane and I are in Cluj-Napoca, Romania, for a conference titled “Crimes, Criminals, and the New Criminal Codes: Assessing the Effectiveness of the Legal Response” at Babes-Bolyai University. Jane is speaking on “Surveillance in a Technological Age: The Case of the NSA,” and I’m giving a talk based on my forthcoming article Ghost in the Network. I’ll post updates from time to time – one thing I’ve just learned is that Ramniciu Valcea, Romania, is known as “Hackerville” because it has become what Francesca Bosco of UNICRI calls the “Silicon Valley of organized crime.”

Updates

  • Straight out of “The Wire“: organized crime hacked systems at the Port of Antwerp to smuggle drugs into the country in shipping containers without detection.
  • Reminder from Jane: FISA doesn’t protect non-U.S. persons who are abroad, and never has.
  • Jane: there is exactly one criminal case where a defendant has received notice that information developed under a FISA order is being used against him/her. (Of course, that’s because the government routinely lies about this.)
  • Giovanni Ziccardi on hate speech: pure cybercrimes are unusual – the real action is in the linkage between “old” crimes and use of computers. In 20 years (1993 – 2013), Italy had 72 unauthorized access cases, 7 virus cases, and 17 about attacks on critical systems (at the country’s 1st and 2nd level courts).
  • Ziccardi: Italy’s draft law 2195 bans Internet anonymity. Appears to have been drafted by squirrels and starlets [my summary].
  • John Vervaele: The EU has only one mechanism for forcing member states to comply with basic standards for human rights – suspending that state’s membership rights. It’s too strong a remedy to be effective in ensuring the rule of law, since the EU is reluctant to deploy it.

Formalism and Slow Victories in “Saving the Neighborhood”

We’re fewer than 24 hours away from seeing Carol Rose and Richard Brooks at a conference at the University of Arizona James E. Rogers College of Law, titled “Saving the Neighborhood,” after their new book. (Spaces still available! Register here.) I posted about the information law aspects of racial covenants here (cross-posted by Jane at Balkinization). Today I want to discuss briefly two additional aspects of the book that I found thought-provoking and counterintuitive: formalism, and slow victories.

On formalism: Rose and Brooks argue that relying on real property law as a mechanism for enforcing racial segregation in housing was risky. It was a gamble because even Southern courts – no friends of integration, as they would show in the full-bore resistance to ending school segregation and to prohibiting Jim Crow laws – were skeptical of the devices. Particularly in the pre-Lochner era, the courts evinced a formalistic understanding of property, and of the need (perhaps even of a constitutional dimension) to prevent governmental interference with property rights. The whole point of racial covenants was to operate as a restraint upon alienation – a restraint that might take considerable effort to evade or remove. The ability to dispose of one’s property as one sees fit is at the heart of classical property theory, checked by policing against externalities (such as pollution) by courts. Courts turned down efforts to limit integration through nuisance lawsuits (via formal conceptions of “use,” which did not include mere status of the purchaser) and through zoning. When homeowners turned next to covenants, they did not have certainty that those deed restrictions would be enforced if challenged.

I find fascinating the clash of goals that was taking place in front of the courts adjudicating nuisance, zoning, and covenant suits. The homeowners or municipalities wanted to enforce segregation against opportunists and defectors (not to mention minority buyers). Doubtless the judges hearing the cases were sympathetic. But they had a different normative ordering: segregation, while certainly appealing, had to be weighed against jurists’ commitment to particular views of property and of constitutional rights. And at least in the case of zoning and nuisance, segregation yielded: protecting a particular, formal conception of property loomed as the more important consideration. For me, this usefully complicated my perception of the court system during this period. My mental model was of the Alabama Supreme Court during the civil rights era – say, during the back-and-forth with the U.S. Supreme Court in NAACP v. Alabama. Judges’ motives and goals encompassed far more than simply defending segregation against all comers, and there were times when countervailing values – such as restraint upon governmental intrusion, or a particular model of real property – prevailed over race-based goals. That I found surprising.

On slow victories: the NAACP, despite a string of defeats, continued to attack racial covenants on the theory that their enforcement constituted state action. This strategy flew in the teeth of the prevailing legal wisdom, which was that these arrangements constituted classic private law, carrying no constitutional implications. In Shelley v. Kraemer, the NAACP’s theory was vindicated – a triumph for equal protection, for integration, and for legal realism, all at once. But it struck me how counterintuitive and edgy this strategy was. The NAACP risked accumulating a string of unfavorable precedents, perhaps even capped by a Supreme Court decision that was, along the lines of Plessy v. Ferguson or Bowers v. Hardwick, a seminal defeat. My own tendencies are far more conservative: you have to pick your spots, and once a theory seems like a consistent loser, you abandon it. The NAACP believed in their vision, as both a legal and moral imperative, and they were proved right. Sometimes you have to lose for a while to win. This seems to have modern resonance: the litigation strategy for marriage equality confronted a string of bad precedent and unfavorable politics, and I was deeply worried when the Supreme Court granted cert in both Windsor and Perry. There, too, the plaintiffs proved that the moral arc of the universe is sometimes shorter than we think – and still bends towards justice.

“Saving the Neighborhood” forces us to re-examine long-held assumptions about racial covenants, housing segregation, clashes of norms over race, and the risks of bold litigation strategies. For that, I’m indebted to Carol Rose and Richard Brooks.

Arizona: How Not To Combat Revenge Porn

Arizona House Bill 2515 seeks to criminalize revenge porn. The only small problem: the proposed statute is blatantly unconstitutional. Here’s the text:

Be it enacted by the Legislature of the State of Arizona:

Section 1.  Title 13, chapter 14, Arizona Revised Statutes, is amended by adding section 13-1425, to read:

13-1425.  Unlawful distribution of images; state of nudity; classification; definition

A.  It is unlawful to knowingly disclose, display, distribute, publish, advertise or offer a photograph, videotape, film or digital recording or other reproduction of another person in a state of nudity or engaged in a sexual act without obtaining the written consent of the depicted person.

B.  This section does not apply to any of the following:

1.  Lawful and common practices of law enforcement, reporting criminal activity to law enforcement, or when permitted or required by law or rule in legal proceedings.

2.  Medical treatment.

3.  Images involving voluntary exposure in a public or commercial setting.

C.  A violation of this section is a class 5 felony, except that a violation of this section is a class 4 felony if the depicted person is recognizable.

D.  For the purposes of this section, “state of nudity” has the same meaning prescribed in section 11‑811.

Sigh. This is the trouble with some of the draft legislation floating around out there that gets copied and pasted without the intervention of legal analysis. This bill is plainly unconstitutional – it offers no exception for matters of public concern or newsworthiness. Here’s the hypo that shows why it’s DOA: I have an image of Monica Lewinsky and President Bill Clinton engaged in a sex act. I publish it in the newspaper. Can I be prosecuted? Clearly not – it’s a matter of public concern (the President is having an affair with an intern, a government employee), so the First Amendment blocks the prosecution. And the bill’s failsafe (“permitted by law”) isn’t sufficient; rather, it’s lazy drafting – it puts the onus on courts to clean up the legislature’s mess, and to sort out permitted from proscribed speech. That’s not nearly enough; there is a long line of precedent making clear that the legislature must, for due process reasons, provide far more clear notice of what is banned and not, especially where speech is concerned. (See, for example, Reno v. ACLU.) I lay out the challenges of drafting a criminal law that’ll pass First Amendment muster in this post and in my article Exposed. (Just for one example, the legislature ought to read U.S. v. Stevens.)

Arizona passes a lot of unconstitutional laws these days. Revenge porn is a real problem that needs thoughtful solutions. This isn’t one of them. Arizonans deserve better.

Reifying Racism: Real Property as Information Law

On Friday, Carol Rose and Richard Brooks will co-star at a conference at the University of Arizona James E. Rogers College of Law, titled “Saving the Neighborhood,” after their new book. (You can come! Register here.) Rose and Brooks examine the development of legalized racial segregation in housing, the gradual shift to the use of covenants in real property deeds to effectuate restrictions, and the legal battle that culminated in the Supreme Court’s rejection of such devices in Shelley v. Kraemer. Shelley is a casebook standard for both constitutional law and property courses, entangled as it is in questions of state versus private action, alienability of property, and the rise of the civil rights movement. Rose and Brooks, though, tell a much less well-known story: one of subtle signals, game theory, legal formalism, and norm entrepreneurs. The book is gracefully written and eminently readable. It tells a story that is much more complex than the standard 1L accounts of racial covenants. It intrigued me, and in the next few posts, I’ll expound upon why.

Rose and Brooks argue that the legal enforceability of racial covenants was almost beside the point: court battles were rare, and expensive. Rather, racial covenants served as a substitute and a signal. In looser-knit communities (and in ones with higher socio-economic status), racial covenants took the place of informal social pressures – everything from angry glares to deadly violence – that were the standard mechanism for maintaining racial boundaries in poorer communities or ones with closer ties. Racial covenants carried two simultaneous messages. First, and most obviously, they conveyed to potential homebuyers who were of a racial or ethnic minority (principally African-Americans, but also Asian-American and Latino-American ones as well, depending on the location) that they were quite definitely unwelcome. This indicator had real as well as semiotic effects. It was far more difficult for minority purchasers to obtain a home mortgage when reviewing banks saw the covenants, and the legal proscription could demonstrate a willingness to engage in extra-legal pressures as well. The second signal was to neighbors of the restricted property. It reassured them that collective action to maintain segregation remained strong, preventing the risk of panicked selling or white flight when neighbors feared a sudden shift in the area’s racial composition. This is a sophisticated account of the functioning of fairly arcane legal restrictions. (How many homeowners reading this have checked their deeds for restrictions? Supreme Court Justice William Rehnquist didn’t.)

I have two thoughts about the signaling function of racial covenants. The first is that it suggests some internal discomfort, on the part of at least some white homeowners, about their racial attitudes. Racial covenants strike me as a mechanism for psychological distancing from a slightly distasteful / embarrassing prejudice. (Put another way, I would argue that at least some homeowners preferred more covert “polite racism” to the overt pressures of broken windows and burning crosses.) If this is correct, covenants would have two appealing features. First, unlike “Not For Sale” signs or other constant, more salient signals, racially restrictive covenants were invisible until needed. While real property deeds are nearly always recorded, few people bother to check them until there is a need – buying or selling a parcel of property. Thus, white homeowners did not have to reveal themselves as racist until it was economically or socially important to convey that information. And, covenants allowed a sort of outsourcing of blame: the homeowners could claim that it was not they who were preventing neighborhood integration, but rather the law, via the mechanism of the deed to their property. Some homeowners (like Rehnquist) might plausibly claim not to know of the covenants, or even to disagree with them. But, they could argue that it was no longer up to them – the property carried a legal restriction, and they wanted to follow the law. (Put to one side the fact that, like Rehnquist, they could likely extinguish such covenants with a few hours of a lawyer’s time.) I would argue, then, that racial covenants played an important role for white homeowners aside from the practical one of keeping minorities out of their neighborhood: it allowed them to avoid confronting fully the depth and effects of their prejudice.

Second, this signaling function has important implications for utilitarian versus expressivist theories of law. I have always been an instinctive utilitarian: unenforceable laws strike me as useless. (Years ago, Massachusetts attempted to clear a congeries of outdated, unenforceable laws from the statute books, only to run into stiff opposition from segments of the public who still supported those strictures, even while acknowledging they were no longer binding.) Rose and Brooks’s work, though, convinces me the line between the two theories is not nearly so sharp as I had thought. Even legal devices that cannot be enforced in court can still have social effect. While racially restrictive covenants were rarely enforced in court before Shelley, the shadow of the law may have been important. But even after the Supreme Court’s decision, parties continued to write these covenants into deeds. The expressivist utilitarian view is that these were tales told by an idiot, full of sound and fury (at the Court’s decision), signifying nothing (legally). Rose and Brooks, however, argue that these formally defunct restrictions continued to play a role in setting out social norms – they were greatly weakened signals, but signals nonetheless. It took a flat ban under the Fair Housing Act of 1968 to cut off the informational role of covenants. Even afterwards, recorded deeds still served as musty, but functional, data for buyers about what to expect from their new neighbors.

This is real property as information law – tremendously exciting. More to come.

UPDATE (28 Jan 2014, 8:39PM): sorry, switched “expressivist” and “utilitarian” in the last full paragraph. My fault.

Video: Hacking Revenge Porn

The video from the NYC Legal Hackers event on Revenge Porn is now available. Props to Jonathan Askin, Phil Weiss, David Giller, Warren Allen, Mark Jaffe, Lee Rowland, Ari Waldman, and Jeremy Glickman for a fantastic event. And thanks so much to everyone who braved the (blinding, driving) snow to attend! It was wonderful to catch up with so many friends.

Hacking Revenge Porn

I’ll be back in Brooklyn on Thursday, to take part in a fantastic NYC Legal Hackers session on revenge porn. I’m excited to hear from and learn from Lee Rowland, Mark Jaffe, and Ari Waldman. And, I’m really grateful to Phil Weiss, Jonathan Askin, David Giller, and the brilliant Legal Hackers team for this event. Come hang out in DUMBO and help us think about this problem. (Hint: I think copyright is the solution.)

Shark Tanks and Cybersecurity

It’s the most wonderful time of the year… for data breaches. Target may have compromised as many as 40 million credit and debit cards used by shoppers in their stores. What liability will they face?

At George Mason’s excellent workshop on cybersecurity, there was a spirited debate over the mechanisms of enforcing security standards. (This in large measure derives from Woody Hartzog and Dan Solove’s excellent paper on the FTC’s enforcement work, which they analogize to the development of the common law in tort, among other areas.) Those who criticize the FTC prefer, generally, the use of tort to regulate cybersecurity. And, their critique often accuses the FTC of neglecting to consider the offsetting consumer benefits of failing to invest in cybersecurity (15 USC 45(n)). I think those arguments are profoundly misguided. Here’s why:

Imagine you go to Whole Foods. You’re walking down the aisle with exotic shade-grown turtle-harvested coffee and notice that, in the middle of it, there’s an open pit that is filled with water and man-eating sharks. People are carefully edging around it; a few teeter on the edge, causing the sharks to circle faster, but they recover and make it past. So, as best you can tell, no one has yet been harmed by the shark pit in the middle of the grocery aisle. And, admittedly, kids in the store are fascinated by the sharks, providing them valuable entertainment while their parents overspend. Should Whole Foods be liable for the shark pit?

This is the flaw with tort regulation, and with the balancing test for the FTC’s Section 5 enforcement of cybersecurity. If there’s a data spill, plaintiffs have to wait until something bad happens – until there’s identity theft, or financial fraud, or some other definite harm – to sue. Without that, they lack standing: there’s no concrete harm to redress. And even with that harm, the plaintiffs are going to have a tough time proving causation: did the spill lead to the identity theft? How do they know? More important, how can they demonstrate it sufficient to overcome a motion to dismiss? The dirty secret is that tort doctrine is a dismal failure for redressing cybersecurity breaches. On every element of a claim – duty, breach, harm, causation – a court can (and almost always does) find a failure of proof. Even utter incompetence – not changing default passwords, for example – usually doesn’t lead to liability. Tort simply doesn’t work. Anyone arguing for it seriously is going to have to advocate for doctrinal change, not just using the standard causes of action. Similarly, claims that there isn’t any provable harm from cybersecurity breaches assume two things: one, that hackers are systematically stupid and irrational (apparently they spend time breaking in to corporate databases and then utterly fail to exploit the information they gain), and two, there’s simply no connection between spills of given people’s data and resulting identity theft, fraud, spearphishing, etc. Even if you’re ready to believe six impossible things before breakfast, this is a stretch.

The second part – the tradeoffs – is nearly as ridiculous. Sure, consumers may benefit a bit from companies that don’t employ cybersecurity precautions: perhaps prices are just a bit less. But I’d also benefit in the same way from pharmaceuticals with no clinical trials, or airlines with no NTSB or FAA regulation. That’s an argument against regulation at all, rather than a tradeoff. Given the massive information asymmetries that pervade cybersecurity, the idea of evaluating the benefits of insecurity, on behalf of consumers, is silly. The kids may well enjoy seeing the sharks in the open pit in the middle of the aisle. Perhaps we ought to factor that into the analysis of whether Whole Foods gets to have the James Bond-esque shark trap in the store. But I think that stretches utilitarianism to the point of ridicule. It’s not just that I don’t think having a slightly cheaper ride on The Mangler at the carnival is a poor trade-off, given how hard it is to inspect safety or to hold a judgment-proof vendor accountable. It’s that we don’t want The Mangler to exist in the first place.

There’s a lot of resistance to regulating cybersecurity. The trouble is that these arguments are typically Panglossian: this is the best of all possible worlds, and additional legal strictures would simply make things worse for everyone. The benefit is that these positions are often risible on inspection. Unless, of course, you like the prospect of shark attack during grocery shopping.

Draft Legislation for Protecting Intimate Media

In Exposed, I argue for expanding copyright protection to protect intimate media and to treat unauthorized performance, distribution, or display of such works (as with revenge porn) as infringement. I have drafted model legislation, the SHARE IT Media Act, for the proposal – forcing oneself to put together statutory language for a policy proposal imposes very helpful discipline, and I’ve made some changes to the paper as a result. I would welcome thoughts and feedback on the draft language.

AALS Advice

I’ve just returned from the AALS Faculty Recruitment Conference – universally known as the “meat market” – in Washington, D.C. Arizona is fortunate enough to be hiring this year, and we met some terrific candidates. There’s a wealth of advice out there for entry-level candidates, but I thought I would share three quick things that struck me after two days sitting in a slightly dingy hotel room asking the same questions of person after person:

  1. Remember, always, that it’s a conversation – The goal is to have an engaging give-and-take with your interlocutors. That means being ready to hold up your end of the conversation and, critically, not turning it into a monologue. I was quite surprised by the number of candidates who talked for 8 or 10 or 12 minutes straight, even when the body language of the committee suggested the person needed to bring their bit to a close. Everyone is nervous and wants to make a good impression, but self-awareness is absolutely vital. The committee has a certain set of things they need to get through – your research agenda, extant scholarship, teaching package, etc. – and 25 minutes, tops, to do so. You have to play your part: have a 2-3 minute bit on your research agenda and a 2-minute version of your job talk. Practice them until they’re set pieces. And, if you notice yourself talking for more than a few minutes straight (you absolutely have to pay attention to time here): STOP. Finish your sentence and cease speaking. We all have The Talker on our faculty, and we all (except The Talker) want to avoid hiring a younger version of that person. I can’t overemphasize this point.
  2. Know the flaws of your work – We asked candidates to give us their job talk papers before the meat market, and spent about half the interviews talking about them with candidates. If you’re going on the market, give your draft piece – in whatever stage it’s in – to people in your field who will give you candid criticism. I do mean criticism here: ask them specifically for the flaws or weaknesses in the paper. Listen carefully to their answers. Develop responses. Hopefully you can work these into the piece itself, but if you don’t have time, or if they’re difficult to work around, be ready with verbal responses that acknowledge the point and show how you can handle it thoughtfully. Appointments committees are like velociraptors when it comes to papers: they are built to detect weakness and pounce on it. Whatever the problems in your work, they will find them, expose them, and expect you to respond to them. You must have convincing answers: “I’ll have to think about that and get back to you” is death. I think Arizona’s faculty is unusually good in going straight to the heart of a paper and finding the difficulties with it (or, perhaps, it’s no great feat to find the woes in my work), but I also believe we’re not the only ones who do this. This weekend, I was surprised at the number of people who had not thought much about fairly evident difficulties with their work. Be ruthless in figuring out where your article’s weaknesses are.
  3. It’s not personal – Failing to get a callback feels terrible. It feels like a judgment of  your intellect, work, and even self-worth. It’s often not, though. Maybe the committee couldn’t agree on who to bring back for IP and so they don’t bring anyone. Maybe you’re up against the next Cass Sunstein and Richard Posner, and the school can only offer 2 slots. Maybe the committee decided the need for Torts outweighs the need in your area. Perhaps the university pulled the funding for a line. Or maybe your paper critiques the hiring chair’s former roommate’s brother’s work. So, sometimes it will be that you didn’t have a good interview, or failed to make a good impression. Many times, though, it’s a congeries of other factors that are completely out of your control. I hope that’s some comfort, although I don’t want to downplay the emotional toll of the hiring process.

The meat market is a tough experience. I hope these pointers can help a little bit.