Ken Dreifach talks about digital rights management issues and common law.
Return to Page 1
Return to Page 2
Chapell: I couldn't agree more. Bringing it back to my original point, implicit in that statement, once you set up these audits and methods around ensuring some level of compliance around your business partners, you're going to discover that business partner A costs you one amount to ensure compliance, and business partner B costs a higher amount. As part of the maturation, you need to make a decision as to whether partner B is worth that cost. I think historically in the online space that hasn't always happened.
Similarly, in the context of digital rights management -- and I'm not talking necessarily about the Sony root kit issue (Editor's note: the "Sony root kit issue" refers to the record label's inclusion of a "root kit" on new CDs in order to restrict consumers' ability to copy the CD. By doing so, they inadvertently created a security risk, and have since discontinued the practice. See DRM This, Sony! for more information) -- I can certainly appreciate the right of any company to protect its intellectual property. But what seems to be happening, at least in some cases, is that companies are changing the essence of the bargain in mid-stream. For example, if I download music at a legitimate, paid music site, and as part of the deal I'm told I can copy my music onto five other devices, and later the company changes that number from five to three, I'm going to feel a bit cheated. Has your office looked into DRM?
Dreifach: The terms that are on the site at the time of purchase are the ones that control the data. The best practice is to have a grace period before the new policy is put into effect. It'd be tough to make the case that the policy that was on the site last year applies to this year's download.
Overall, you've got a broader policy question about what the fair default should be-- which has to balance protection of digital rights on one hand, with potential fair use rights on the other.
Chapell: In the case of downloadable software, we're starting to get a sense that certain things should be upfront, and that some things should be in the EULA (end user license agreement). With DRM, this is something that I would really want to have upfront and not buried in a privacy policy.
Dreifach: That's a good point; it goes to the material aspect of what consumers expect they are getting. But there is a spectrum here: when you're talking about what is very material and what is perhaps arguably material, as opposed to generally not material. It's just something you carry around in your gut, and it's kind of a quasi-legal, quasi-business decision. It'll be interesting to see -- talking about DRM issues -- how various industries define what the reasonable default setting should be.
In Europe, there are even laws that say you are allowed, absolutely, to make a personal copy. I think fair use in the United States would say the same thing. I think most EULAs incorporate that. Then the question becomes: Should you be able to make three copies? Should you be able to make five copies? And it also depends on what product you're talking about. If you're talking about the latest Celine Dion CD, should the reasonable consumer expect to be able to make 50 copies of that CD?
That's a different question than if you're talking about educational programming. One of the big questions with the broadcast flag is if libraries and educators will have their fair use protected. You're seeing this conversation going on every day and week in testimony, back in forth.
Chapell: Not too long ago, your office worked in conjunction with the Nebraska AG's office to establish some "controls over categories of chat rooms that are likely to be frequented by child predators." How do you take the good ideas coming from an AG office in New York or California and take them national? Do you see this as becoming more commonplace, and perhaps working towards the establishment of national standards?
Dreifach: It's interesting. Common law is very similar in all 50 states. And the common law has served us pretty well for a long time. The greatest judges in American history were folks like Oliver Wendell Holmes or Cardozo or Learned Hand, who really mastered the common law, and mastered setting a balance in terms of who should bear certain burdens, and just figuring out what types of burdens you should bear and what types of precautions you should take, simply because they're reasonable, and simply because certain harms are foreseeable.
You see this being applied now in the privacy and security debate. Aspects of the common law can also be applied, and we've applied them, to spam and adware. I think the answer is that, whether people know it or not, there is a largely national standard based on the common law, which says: You have to guard against foreseeable harms arising out of your acts or your products. That says you have to give the recipient of your service or product a reasonable description of the product they're getting, and if you're doing something to someone's property that has a material effect, you have to get permission. These principles are not new-- they're decades or centuries old. It's something that unifies regulators and state attorney generals across the country.
I'm sometimes skeptical when people say we need a national standard, because I think there often already is a national standard. As the FTC has pointed out in reference to spyware, they already have Section 5 jurisdiction to curtail the harmful act. You can go them one further: If you analyze some of these supposedly unifying acts, like the spyware bills, they necessarily require you, by referring to terms like "affirmative consent," to look to some body of law, to determine what "consent" is. And that body of law is, again, state common law.
We've got a lot of arrows in our quiver right now. It's just a matter of understanding the facts and applying the law facts. We're very comfortable with the laws we have under New York State common law.
Chapell: Any final thoughts?
Dreifach: Every year or two, there's a new scam or new questionable way of making money by piggybacking on technological loopholes -- ActiveX technology or open proxies, for example -- I think that's the nature of the beast.
Evaluating each of these business practices, you come down to the same question: Is there something deceptive and a little bit off about the way the business practices are being done? It's the same dynamic, and as new technology comes along, there will be new ways to subvert the technology.
Alan Chapell is president of Chapell & Associates. Read full bio.