(PYS) Is there a net equivalent of
shouting fire in a crowded theater ? Recall the recent "bright moon
phenomenon" where a re-mailed private e-mail that casually discussed
a "banner" headline in the Farmer's Almanac about a bright moon got
blown out of proportion and before long the media had us all prepped
to gaze upon a huge moon. Couldn't chain e-mails - set up my a
multitude of bogus e-mails with one or two real people in there
routed and re-routed be used to generate the same effect for
something more serious - what if Orson Wells were alive today - is
there a Cyber version of the War of the Worlds ? If so, how could
such a person be stopped? Could a disgruntled stock owner fabricate a
news story about a company he didn't like sent it around ? Get all
the day traders in a lather? [Science fiction fans may want to
look at Larry Niven's story "Flash Crowd" in Flight of the
Horse .]
(PYS) A court initiates a
publication ban on
information about a trial while that trial is in progress. Someone
attending the trial creates a web site on a server in another country
with information about the trial. Are there any legal rules which
can be used to either block the web site or limit access to the trial
of that person?
(PYS) According to the Anti-Defamation League website, at least 12 of the 30 groups on the State Department's list of designated foreign terrorist organizations maintain Web sites on the Internet. (<http://www.adl.org/terror/focus/16_focus_a.asp>). Does the U.S. have any authority to shut down these terrorist-operated websites? Can an argument be made that maintenance of such a website in and of itself is a crime? Should it be? Do we care about first amendment protections for people who are not American? Does the War on Terror preempt any concern we might have about stifling the free speech of Al Qaeda? Is there some slippery slope argument that's holding us back from doing this, or is the technology not available?
(PYS) Suppose the FBI creates computer software to track the websites visited by a particular online identity. One subject identity, suspected of terrorist connections, visits multiple websites daily, but visits at least one specific site everyday - www.scu.edu/law. Since the FBI cannot determine who is masquerading as the online identity, it figures the next best thing would be to raid the SCU campus in an effort to uncover its connection to terrorist activities. If such software exists and is available to the government, should it be enough to satisfy the constitutional requirements for a search warrant?
(PYS) What liability should accrue to the various parties involved with a particular Distributed Denial-of-Service attack?
• The party launching the attack?
• The party who wrote the code that enabled the attack?
• The hosting site containing the files loaded onto the zombie machines?
• The owners of the zombies? Do the owners of
the zombies have a cause of action against the other parties? What
are their damages (assuming that the zombie only runs the DDoS code
when the CPU is idle, and there is no per-minute charge for Internet
connection)? Should it matter whether they also allow their machine
to be a zombie for benign purposes (e.g., SETI analysis)?
(DF) Suppose we replace the DDoS attack with a
massive spam operation, again using hijacked computers? The spam is to
advertise a service or product actually produced by a real and findable
firm. The firm hired someone else to send out their advertising. Under
what circumstances are they liable, and for what?
(PYS) What are the limits of the state's ability to control computer operations under its power to protect public safety?
• Using the metaphor of "building codes", can a state require manufacturers or sellers of computer equipment to include state-ofthe- art virus protection with all new equipment?
• Using the metaphor of "building inspectors", should the state be allowed to examine user equipment before allowing the user to connect it to a public "utility", such as the Internet?
• Should it matter whether the ISP is fully private or partly governmentcontrolled? (For example, cable modems operate over cable television systems that are granted a franchise by the municipality.)
(PYS) In a jurisdiction that
allows a defense of
"contributory negligence", should "failure to back up" one's files,
or "failure to use reasonable antivirus protection" be a valid
set-off against a claim of destructive intrusion by a tortfeasor?
(PYS) I send an email in confidence to a "friend,"
containing lewd and explicit material. My friend then 'forwards' it
to his younger brother and all his friends as a joke, with my name
still attached.
If this email ends up at Church Youth Group, would I be vicariously
liable as the originator of the smut? Is my friend or his brother
liable to me, and if so for what? How does the situation change if the
email is widely disseminated by people who are trying to shame me?
DF) The Cornell case provides an
example of
private entrapment--the recipients of the bogus email were induced to
reply more openly than they would have in a public document because
they thought they were responding to someone who shared their views.
The fact that email exchanges are as casual as conversations, but
occur without face to face interaction, may make them particularly
well suited to such activities. How would existing legal rules apply
to such an activity, assuming you could prove who was responsible?
What new legal rules might be useful, if any?
(DF) Given a very cheap, potentially anonymous, communication system, what new forms of "information warfare" become possible and what legal issues do they raise? Does any of it go beyond "we'll use the power of the net to ridicule, satirize, humiliate, and embarrass them too." If the net is sufficiently powerful for those purposes, does that raise any issues that the first amendment does not settle?
(DF) What legal rules provide the best incentive for self-protection by private parties, such as hospitals or utility companies, against on-line terrorist attacks? The best incentives to report attacks?
(DF) Are there legal rules that
can enforce anti-harassment rules in a networked world without making
it easy to frame defendants?
(DF) I could set up this web page
to track usage.
Would doing so violate your legitimate expectations of privacy? What
if you, in order to defend your privacy, access the page through a
proxy server--the web equivalent of an anonymous remailer? Can I
prevent that by announcing that your grade depends in part on my
record of your use of the web page?
DF: David Friedman
PYS: Previous Year's Student
Research
by Grant Turner: Memogate
When Trouble Online Leads to Trouble Offline by Francesca Cedor, webbed on her site