ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

E-commerce juggles technology, legislation


In this story:

Who owns what on the Web?

ISP protection

New catches to buying software

Regulating data use

Scalable legislation


(IDG) -- Just five years ago, the Web was still a tiny subset of the world of computers; no one had heard of, and most people called their travel agent if they wanted to book a vacation to Hawaii.

The rapid pace of technological and business innovation since then has turned the world upside down. Business has taken the Internet, once largely a community of academics, and turned it into an economic machine. In the process it has changed the way many industries do business, and is on the verge of changing many more.

That rapid change, and the fortunes to be made and lost because of it, is driving new laws and proposed laws affecting everything from buying real estate to using software. Specifically, the Digital Millennium Copyright Act (DMCA), the Uniform Computer Information Transactions Act (UCITA), and database legislation currently before the U.S. Congress are attempts to keep pace with rapid technological and business changes.

"The rise of the Internet is the cause of these new laws," says Skip Lockwood, Washington-based coordinator of the Digital Future Coalition (DFC), an organization dedicated to intellectual property issues, and 4CITE (For a Competitive Information and Technology Economy), a coalition formed to either reform or oppose UCITA. "We are dealing with companies that are not used to the Internet and they are terrified of it."

Lockwood points to the recording industry and MP3 debate as an example of how technology can shake up an industry.

"You've got an industry that has set itself up successfully. Then, all of a sudden, the technology has come along and scrambled the pipeline," Lockwood says. "They feel very uncomfortable in this shifting environment."

Industry groups on all sides have sought to influence these laws to turn the atmosphere of change to their advantage. But the laws have the potential to do more than just ensure that record companies stay in business.

"UCITA, Title One of the DMCA, and the database legislation is a three-legged stool," says Jonathan Band, a Washington-based attorney specializing in these issues at the law firm Morrison & Foerster. "These three things acting together set frightening rules on how people can use information in the future."

Who owns what on the Web?

Passed and signed into federal law in 1998, the DMCA was designed to implement treaties with the World Intellectual Property Organization (WIPO). But it has since evolved to include additional provisions on related matters.

  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Test Center
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

A provision set forth in Title One seeks to outlaw piracy of intellectual property, such as movies, music, and other copyrighted material, and imposes criminal penalties for the circumvention of technological protection measures. But many observers question the wisdom of outlawing circumvention.

"The problem at a theoretical level with Title One is that it targets technology rather than use of technology," Band says. "By outlawing technology, you outlaw legitimate uses, too."

For example, groups representing the movie industry, the Motion Picture Association of America, and the DVD Copy Control Association have filed lawsuits against Web sites offering a downloadable tool called DeCSS, which allows users to crack the encryption in DVDs. The people who reverse-engineered the DVD protection system weren't doing it to facilitate piracy, Band says, but rather to ensure Linux compatibility. (Until recently, a DVD could only be played on a Wintel DVD drive.)

In April, First Amendment attorneys took up the cause of those sites posting DeCSS, filing an appeal claiming the postings are constitutionally protected free speech, and that the encryption technology does not meet the criteria of trade-secret infringement. The DVD cases are still pending, with one set for trial this month.

"A lot of provisions in this law have the potential to chill uses of information, especially among competitors," Lockwood says.

The DMCA does make provisions for exceptions to Title One. Several exceptions have already been carved out to allow reverse-engineering for interoperability, encryption research, and security. Furthermore, the U.S. Copyright Office is currently accepting comments on possible additional exceptions. In particular, libraries and universities have concerns about being able to use digital content for educational purposes.

Companies that have concerns about their content being hijacked without permission also have an arsenal of new technological tools at their disposal (see "Protecting intellectual property on the Web," link below).

ISP protection

Title Two of the DMCA offers ISPs "safe-harbor protection," which protects them from liability for acting as an information conduit.

"Title Two, on the whole, is a good statute," Band says. "It provides a degree of certainty for service providers, so that they know what their exposures are."

But ISPs must remove material if a copyright-holder claims it is an infringement. If the Web site operator says it will contest the claim, or if the copyright-holder does not pursue its lawsuit, the ISP may repost the information. This was the situation in Metallica's case against Napster: The rock group sent Napster a list of users who were infringing on its copyrights.

"Napster disabled lots of people, but told them if they were not sued in 10 days that they could ask that their material be reposted," Band says. "Napster could put them back up and be protected. Safe harbor still applies."

New catches to buying software

UCITA governs software licensing, and although it hasn't generated the kind of publicity that Napster has it could transform the way consumers and businesses buy software.

Designed as state law, the UCITA draft legislation was created by the National Conference of Commissioners on Uniform State Laws (NCCUSL) to bring uniformity to and facilitate interstate commerce. That group then sends the law to state legislatures to be passed. So far only Maryland and Virginia have passed the law.

Essentially, UCITA interprets software not as a product but rather as intellectual property that must be licensed. People who buy books own them and can resell, burn, or give them to someone else. UCITA states a software licensee does not own the software purchased and so is not granted the same rights. A software "lease" sets rules for how the software is used, how long it can be used, and whether or not it can be given to someone else. As a result, UCITA seems to have the potential to severely limit how companies use software. The following are some examples.

  • Electronic self-help. UCITA allows a vendor to build back doors into its software that enable the vendor to enter and shut down the software with or without the licensee's permission. Some UCITA opponents have said building such back doors into software could present a serious security risk.

"If a software publisher puts in that capability, anybody who finds out about it can use it," says Stanley L. Klein, a computer consultant in Baltimore. "If an electric utility uses software with a back door, somebody could break in and shut down the power."

Other observers question how vendors will ensure that licensees are not violating their agreements.

"The only way a vendor can find out that you are violating the terms of their license agreement is by monitoring your use," Lockwood says. "It [seems like] Big Brother."

  • Shrink-wrapped license enforcement. UCITA makes the terms of shrink-wrapped licenses more enforceable. Every time a user clicks on the "I agree" button the licensee company is bound to those terms. Even large IT organizations use a significant amount of shrink-wrapped software.

"No one in business should be allowed to agree to any click-wrap of any sort without referring it to management and legal counsel," Klein says.

  • Reverse-engineering. More enforceable shrink-wrap licenses in effect outlaw reverse-engineering, observers say, which can make managing an enterprise even tougher. For example, if a company wants to switch its database software, it can't write a program to transfer the files from one system to another. Instead, it would have to convert the data into an ASCII flat file and then import it into the other product. Any proprietary formatting of the data would be lost.

Companies may also lose access to their own data if the vendor says the licensee isn't living up to the terms of the agreement.

"And in a case of a dispute where your license becomes voided, you can no longer access your data," Klein says.

  • License transference. The law makes it possible for a publisher to prohibit a customer from transferring the license to another party without their permission. For example, if one company acquires another, the acquiring company does not get the software unless the software maker approves the transfer. Klein has seen at least one license agreement specifying that sale of more than 50 percent of a company shall be considered a transfer of license.

"I bought Corel Linux's backup and recovery utility," Klein says. "Their license has this provision. I was flabbergasted when I saw it."

  • Warranty disclaimers. UCITA allows vendors to disclaim warranties. For example, a software product that doesn't work could not be returned if the customer has agreed to a click-wrap license disclaiming an implied warranty of merchantability.

The Federal Trade Commission is examining the issue of software warranties and is currently accepting public comment on the issue.

Although these provisions are considered extreme by many observers, UCITA has not yet raised the hackles of executive-level management, because it doesn't affect sales or revenue streams. IT and legal departments would work most directly with the law, Morrison & Foerster's Band says, and these departments at most companies are considered cost centers, so they don't raise red flags. But as more money goes to license negotiations, executives may begin to take notice.

Putting more time into negotiations may offer some protection. One attorney recommends that corporate users "opt out" by specifying in their licensee agreement that UCITA does not apply to that agreement.

"Parties to a software license agreement, and other 'computer information transactions' covered by UCITA, are free to negotiate to avoid UCITA and choose another source of governing law," says Jim Boeckman, a partner at the law firm Vinson & Elkins, in Austin, Texas.

But Boeckman warns that the opt-out provision doesn't apply to UCITA's electronic self-help provision. Vendors can still repossess software if they think you've violated your license agreement.

"Until now, there's been a lot of skepticism whether these shrink-wrapped licenses are enforceable," Band says. "UCITA says this is a contract, so all arguments that have existed in the past go out the window. The only hope you have is that the Supreme Court will rule that it's pre-empted."

Whether it will get that far is questionable.

"Proponents say, 'No, you don't need any provisions to protect libraries and archives because copyright law pre-empts these license terms,' " the DFC's Lockwood says. "The problem with that is that federal copyright law pre-empts only when there is a conflict between state law and federal law. Things such as fair use and archives are not spelled out in copyright law. So there is very seldom a case where federal law and state contract law would be in disagreement."

To avoid many of UCITA's provisions, IT executives must tread carefully when negotiating software license agreements (see "Avoid getting burned in the age of UCITA," link below).

Regulating data use

Originally part of the Digital Millennium Copyright Act, but dropped in the conference committee of the Senate and House, H.R. 354 would set rules on the use of information in databases. Supporters of the bill include Lexis-Nexis, the National Association of Realtors, and other large database producers.

"Bills like H.R. 354 are designed to slow everything down so that big companies can get a better hold and understand what's going on before the competition outstrips them," Lockwood says.

At issue is the kinds of information eligible for copyright. For example, courts have ruled that facts are not copyrightable, Band says.

"If I go out and create a database of recipes on cakes, I do not own the rights to the use of flour, milk, and eggs," Lockwood says.

But according to Richard Stallman, founder of the GNU project, H.R. 354 would allow database owners to copyright facts.

"H.R. 354 would effectively allow facts to become private property, simply through their inclusion in an electronic database," states Stallman in an essay about the database legislation titled U.S. Congress Threatens to Establish a New Kind of Monopoly. "Ominously, many collections of public records, maintained by companies on contracts to governments, would become property of those companies."

But H.R. 354 would cut off database information from start-up, value-added, information-aggregator companies.

For example, Band says, take a person that wants to create a listing of houses for sale to target high-income individuals. "I could go to once a day to see what's there and come up with a listing of the newly listed homes in a certain price range to list on my Web site," he says. "That's a nice value-added service, and all I'm copying is the price of the house, the general location, and the size. H.R. 354 would make that illegal."

A competing bill, H.R. 1858, has the support of companies that oppose H.R. 354, including Yahoo, AT&T, and many dot-com start-ups. It offers more protection without preventing the value-added uses of information that are lawful today, Band says.

"A lot of Internet businesses are based on aggregating information," Band says. "H.R. 354 could really stifle the growth of all kinds of Internet businesses."

Shopbots, such as Price Watch, that search the Web and aggregate price information are prominent examples of the kind of value-added information services that H.R. 354 could make illegal. Consider eBay's suit against Bidder's Edge. The company sought to prevent Bidder's Edge from crawling its site, claiming that Bidder's Edge was going onto its site 100,000 times a day, thereby placing a burden on its systems. Rather than claim intellectual property infringement, eBay alleged that by searching items listed for sale the shopbot for auction sites was trespassing on its site.

Although a federal court granted a preliminary injunction against Bidder's Edge, the company has gotten around the ruling by allowing users to search eBay listings in a separate window. Bidder's Edge has also filed an appeal; the case is still pending.

Such shopbots create a commodity market for many products -- a frightening prospect for some companies. The scope and accessibility of the Internet cuts the middleman out in many industries and has the potential to do the same to many more.

"Everyone wants a free market until it's their market that has intense competition," Lockwood says. "Then they want protection."

Scalable legislation

Observers argue that existing laws should well enough govern the rapidly evolving computer and Internet industries. But as long as powerful interests have fortunes to gain or lose, laws will continue to be proposed and passed. Lockwood believes that in any case, big pieces of legislation should be avoided.

"Things are too fluid to be creating restrictive laws," Lockwood says. "We talk about scalable servers and scalable sites. That's what should be going on in the legislative process rather than these omnibus, let's-do-it-all-in-one-fell-swoop pieces of legislation."

U.K. e-mail snooping bill passed
July 28, 2000
Chinese online pioneer calls for light regulation
July 17, 2000
Group launches wide-ranging study on Internet attitudes
June 13, 2000
Global panel issues Internet security recommendations
May 18, 2000
Administration report on fighting Internet crime wins broad industry support
March 9, 2000

Protecting intellectual property on the Web
Avoid getting burned in the age of UCITA
Defining material breach
The new pitfalls of today's software licensing
Who owns your content?
The case for and against UCITA
Now, UCITA... later, you don't?
(The Industry Standard)

Warranty Protection for High-Tech Products and Services

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.