I: Introduction. Computer Law is useful and interesting. Why it is useful is obvious; the computer industry hires lawyers.
A. Why it is interesting
1. old law, new technology
2. How does law evolve--by analogy (as the arguments made by judges often seem to suggest) or by function (as Posner's thesis that law tends to be efficient, and other similar functional theories, suggest). Consider intellectual property issues, for example.
a. Are programs writings or inventions? (analogy)
b. Do programs have the characteristics that make (c) or Patent appropriate? (function)
3. How does function (or analogy) work? Suppose you think law is functional; you might:
a. Create a functional theory to explain some body of law.
b. Use the theory to predict how new problems will be handled by that body of law.
c. Watch the law evolve, see if it fits the predictions.
d. (we should have started 15 years ago, since part of the evolution has now happened)
B. What we will cover:
1. Intellectual Property Issues: (c) , patent, trade secret, noncompetition agreements, etc.
2. Contracting Issues--computer systems, software.
3. Computer Torts. Who is responsible for errors?
4. Privacy and Encryption
5. Computer Crime
C. These notes will be distributed the week after the corresponding class.
D.Paper can be handed in during the quarter (possibly with a class presentation) or after the quarter. I have some suggested topics.
II: Intellectual Property--starting with functional approach (my version is Law and Econ, but others are possible)
A. The coordination problem: Doing anything complicated requires coordinating the activities of millions of people.
1. Property as a solution. Everything belongs to someone, I get the use of your property by trade. If something is worth doing (i.e. total cost to everyone affected is less than total benefit to everyone affected) it is also profitable to do it. A full explanation of this requires an intermediate microeconomics course (see my textbook), but it works as long as various complications (mostly referred to as forms of market failure) can be ignored.
2. Problems with applying this solution to creating ideas.
a. It is hard to define the boundaries of an idea and often hard to tell when an idea is being used.
b. In particular, it is hard to distinguish between using someone else's idea and independently inventing it yourself--in which case your use should not be credited as a benefit of his invention.
3. You would get the economically optimal rate of innovation if the reward to the innovator was equal to the total value produced by his inventing the idea. But, with a system of intellectual property, you may ...
a. get underinvestment in innovation because the innovator does not get the benefit of other ideas, created by other people, that were based on his and would not have been invented without his (Tolkien's estate does not get royalties from later fantasies inspired by his, for example).
b. get overinvestment in innovation because the innovator gets ownership of the idea for a fixed period of time, even if others would have invented it independently. Under a patent system, if I invent something today and you invent it next week I get all the benefit--not just the benefit of having it one week earlier. This may lead to inefficient patent races. Put differently, by inventing and patenting something I "exhaust the commons"--use up the stock of ideas to be invented--thus imposing a cost on other possible inventors.
B. Patent vs Copyright. (One should also think about trade secret, reputation, first mover advantages, copy protection, honorware, lots of other ways of rewarding innovation..)
1. What are the differences between copyright and patent?
a. (c) is much longer.
b. (c) does not protect against independent invention
c. (c) covers only the expression, not the idea Tolkien gets no credit for inventing the modern fantasy, or. Christie for her role in developing the murder mystery.)
d. Patent has substantial novelty and utility requirements
e. Patent must be pre-approved, (c) only registered.
2. What are the differences between the sorts of things protected by copyright and the sorts of things protected by patent?
a. "Authors and Inventors ... Writings and discoveries." Music and films are now also covered. Arguably they are like writing. How?
b. Writings have no commons problem (negligable chance that I will independently write the same novel you have copyrighted), inventions do. Ergo (c) is for a long term and there are very weak requirements for getting it compared to patent. But this becomes less clear as (c) is applied beyond literal infringement, to protect plot etc.
c. Writings: copying is easy to recognize, independent invention unlikely.
d. Writings: copying very cheap, alternative protections (lead time, secrecy) are hard to use. But... british authors received sizable royalties for U.S. sales c. 1900, when they were not protected by copyright. Under the technology then, publishing first (which the authorized publisher could do--before the book came out in England) was a significant advantage.
C. What Copyright might conceivably protect about a program
1. Program Source Code: Human readable, used to generate ...
2. Object Code, which actually controls the computer.
3. screens (audio-visual copyright)
4. Details of implementation, such as menu structure. This amounts to protecting a standard.
5. Program structure
6. underlying idea (spreadsheet)
7. Consequences of different levels of protection:
a. If source code only is protected, pirate can copy the object code from disk or ROM and use it, but cannot easily modify it to make an altered or improved version (not entirely impossible; disassemblers are used to recreate the assembly language version from the object code).
b. If object code only is protected, pirate can recompile source using a different compiler--but not if the source is kept secret, as it normally can be, since the users only need the object code.
c. If both are protected, but nothing else, the pirate can write a clone--a program closely imitating the original but rewritten from scratch. Lotus v. Paperback Software.
D. The Law--Copyright
1. Early Cases. Narrow legal issues. Does old law apply to determining what is protected, if so how?
a. Data Cash. ROM for a chess playing game is not a copy of program, since a human being cannot read it (just as player piano rolls were not protected under music copyright). The argument makes sense as analogy; what copyright covered in the past was not the sort of thing that a program embedded in ROM is. On appeal, the result was sustained, but apparently on the grounds that the required copyright notice was not on the ROM.
b. Tandy. The court rules that old law only applies to the things covered in [[section]] 106-116, 118--which does not include the definition of what can be copyrighted. New law implies that computer programs are copyrightable, so ROM is a copy.
c. Williams Electronic v. Artic International. does a Defender clone violate the copyright? Defense argues: each time you play the game it is different, so the player is a co-author! ROM is not a copy of a program but part of a tool for controlling what appears on a screen. The ROM is related to the program as a building is related to a blueprint, so the ROM is not protected by a copyright on the program. Judge disagrees; plaintiff wins.
2. Apple v Franklin
a. Apple v. Franklin 1. "The description of the art in a book, though entitled to the benefit of copyright, lays no foundation for an exclusive claim to the art itself. The object of one is explanation; the object of the other is use."(1879) Cites Commissioner Hersey's analogy of a program to a cam controlling a machine. Apple's request for a preliminary injunction is denied.
b. Apple v. Franklin 2. Franklin argues the only way to make an Apple compatible computer is to copy system software, since reverse engineeering is impossibly difficult.
c. Should we think of something like the Apple system software (more recently the IBM BIOS) as a standard or an invention? Suppose the only reason to copy is compatibility--Franklin could write their own system software that would be "as good" but different. Does Apple, by copyrighting the software, monopolize the idea (forbidden under copyright law)? What is the idea--operating system, or Apple Compatible operating system? Contemporaneously with this case, there were multiple compatible operating systems for the TRS80; currently Dr. Dos runs the same programs as MSDos; Phoenix, etc. reverse engineered the IBM BIOS. H shift pattern for cars is an example of a standard.
d. Is there an important legal difference between an application program and an operating system? Arguably a computer game is like a book (interacts with people), an operating system is like part of a machine. Court rejects this argument.
3. Copyright protection beyond the code.
a. Stern v. Kaufman (not in book). Scramble. Clone (1982), sights and sounds of the original were copyrighted as audiovisual work. Defendant claims it is different each time it is played. Plaintiff gets his injunction.
b. Atari v. North American Phillips. Pac-man clone. "total concept and feel" is protected from an imitation that was neither a copy of the code nor an exact copy of the game.
c. Vault v Quaid. Prolok case--an attempt to use copyright law to prevent the sale of a program designed to evade copy protection. Vault claims:
i. loading program to analyze it is illegal copying because not in the 117(1) exception but ... court argues that loading it was necessary to use it, even though the use was not that intended by the producer of the program.
ii. Producer of protection evasion software is guilty of contributory infringement but ... Under Sony, the existence of substantial legitimate uses defeats contributory infringement claim.; making archival copies is a legitimate use of the software. Vault argues that the customer can make archival copies on regular disks and copy them onto the prolok disk if the copy on the prolok disk is damaged. Court declines to read the CONTU report's examples of sorts of damage that archival copies might protect against as limiting when archival copies are legitimate.
4. Synercom Tech v. University Computing. Copying input formats--free ride on engineers trained to use the other company's software. Are input formats idea or expression? If the two are inseparable, expression cannot be copyrighted. Conclusion: formats not protected.
5. Whelan v Jaslow. Again idea v expression, this time a micro program derived from an earlier program to run on a larger machine. The court finds that the structure, sequence and organization of program is protectable. Analogous to the plot of a novel. The result seems to contradict Synercom.
6. Plains Cotton v. Goodpasture. Ex-employees produce a micro version of previous employer's program. Court follows Synercom--the general idea of the program is not protected.
I. Four recent cases related to extent of coverage.
A. Lotus v Paperback Software: Visicalc was the original spreadsheet. Lotus 1-2-3 was a spreadsheet written for the IBM PC, taking advantage of its advantages (bigger keyboard and more information on screen) over the machines for which Visicalc had been designed. Lotus 1-2-3 was very successful. VP planner was a program written as a "work-alike" for Lotus 1-2-3; the code was different, but what the user saw was very similar. Lotus sued for copyright infringement. Court's conclusions:
1. Traditional copyright went beyond the literal elements: in Detective Comics, Inc. v. Bruns Publications Wonderman was found to infringe the copyright on the Superman comics "where both ... central characters have miraculous strength and speed; conceal their strength, along with their skin-tight acrobatic costumes, beneather ordinary clothing; are termed champions of the oppressed; crush guns; stop bullets; and leap over or from buildings." So software copyright should protect against more than literal copying.
2. Utilitarian aspects of useful articles are not works of authorship in which copyright can subsist. But if a program is "a useful article" and useful articles are not copyrightable, then what was congress trying to permit copyright on when it allowed software copyright? If a computer program is not barred from copyright by being a useful article (and obviously it isn't), why is an interface or a screen display? One of Kipling's Just So Stories ("How the Alphabet was Invented") works as a teaching device for helping to teach a small child to read, and was probably intended to do so; does that mean it cannot be copyrighted?
3. How does the idea/expression distinction apply to software copyright? The court rejects Synercom, arguing that most of the cost of a program is in design, not coding. Since Congress was trying to provide substantial protection, it must have intended to protect the design, otherwise cloning would be easy and legal and would frustrate Congress's intent. (This might, alternatively, be an argument for why Congress should have used patent law instead of copyright law to achieve its intent--a point the judge does not consider.)
4. Obviousness negates copyrightability: The instruction "Apply hook to wall" is not copyrightable. (Patent also has a non-obviousness requirement, but it is much stronger). This is related to the idea of merger of idea and expression. If a copyright on one or a few ways of expressing an idea would prevent anyone else from using the idea, then the expressions are not copyrightable. The usual term for this is Scenes a faire. The equivalent in this case is the use of the / key to call up the menu of alternatives.
5. "If particular characteristics not distinctive individually have been brought together in a way that makes the `whole' a distinctive expression of an idea ... then the `whole' may be copyrightable." This sounds like a good argument for Apple in its case against Microsoft.
6. Conclusion: the command structure of 1-2-3 is distinctive, one of many possibilites, hence copyrightable. So a standard (particular way of organizing and identifying the commands, which a user is used to) is protected, the underlying invention (spreadsheet) is not?! "Copyright protection would be perverse if it only protected mundane increments while leaving unprotected as part of the public domain those advancements that are more strikingly innovative"--but that seems to be exactly what the court is doing! The court argues that the success of 1-2-3 shows how innovative its (copyrighted) standard is, but earlier in the case the court explained explained that the real innovation that made 1-2-3 a success was adapting the basic idea of Visicalc to the IBM screen and keyboard. Is the judge trying to use protection of a slight innovation (menu structure) as a way of protecting a larger (although still not very large) innovation (1-2-3)?
7. What are the facts? Was VP planner taking much of the market before Lotus sued? If not, perhaps the first mover advantage is enough to make innovation profitable. Was VP planner really as good as 1-2-3, according to reviews in the computer magazines? If not, then perhaps cloning is not so easy as the court thinks. There is a potential paper here, investigating whether the facts on which the court bases its opinion are true.
8. The Court notes possibility of standardization by contract; VP-planner could have sought a license, sold their improvements to Lotus, or written an add-in for 1-2-3.
B. Apple v Microsoft
1. Three issues:
a. Is the look and feel of the Mac interface protectable?
b. Does it belong to Apple?
c. How much of it was licensed to Microsoft for Windows 1.0?
2. Issues b and c eliminate a large part of the case if "it" is a collection of separate items, since most of the individual items were in Windows 1.0 and most of them were used by people other than Apple. What is left, if anything, is unlikely to be distinct enough to be protectable. So ...
3. Apple argues that was is protectable is a gestalt--a whole that is more than the sum of its parts.
4. Issue b eliminates the entire case, since the interface, broadly defined, was invented by Xerox and used by lots of people other than Apple. And the interface broadly defined (GUI for "Graphics User Interface") is what Windows 3 and the Mac interface have in common; Windows is no more similar to the Mac than to other GUI's--or than the Mac was to the Xerox Star.
4. But issue a is the biggie for future cases. The Court says:
a. If the desktop metaphor is functional, it cannot be copyrighted except to the extent its artistic features can be separately identified and can exist separately as a work of art (the case of a statue used as a lamp base).
b. What Apple is trying to claim is overbroad, and overbroad protection is inefficient (cites Landes and Posner article and similar things), so ...
c. Apple's claim is reduced to lots of individual details, most of which are unprotectable or licensed. Note that this is essentially the procedure recommended in Computer Associates v Altai.
5. If Apple expected to lose, might it have sued anyway? Developers may not know that Apple is going to lose, in which case the suit might slow the development of software for Windows, helping to maintain Apple's lead in GUI.
C. Computer Associates v Altai
1. Altai wrote a mainframe program competing with a program by CA. The programmer had been hired away from CA and took the source code for their program with him (in violation of his employment agreement). He used it, without his employer's knowledge, in writing their competing program. When the employer discovered this (due to CA suing), other programmers were hired to rewrite that part of the program from scratch.
2. CA sued on both trade secret and copyright grounds.
3. Copyright registration issues--original version of the program not registered, current version registered as a derivative work. Does this mean that only the new material is covered? Court says no--since CA is the author of old and new material, one registration for current version suffices to protect all of it. Important issue, although not for our current purposes.
4. Oscar 3.4 clearly infringes; damages will be awarded. What about 3.5 (rewritten version)?
a. The usual evidence for infringement is access by the author to the original work and substantial similarity of the new work to the infringing work.
b. Here, the programmers had potential access but made a good faith effort not to use it. Is there substantial similarity?
c. A program has static structure (organization of the code) and dynamic structure (behavior--how the running program actually functions), with no close relation between the two. Whelan confuses these two. 102(b) of the copyright act denies protection to "any idea, procedure, process ..." which arguably excluses the behavior of the program. So far as the code is concerned ...
d. Literal copying has been eliminated, structure of program is obvious given its function, other details were mostly dictated by what the program had to do (functionality), no infringement.
5. Amount of damages. "Thus, we have two expert witnesses, both ostensibly qualified, and both undoubtedly very well-paid for their opinions. They begin with the same raw data, the sales revenues and expenses for the two companies' competing products plus the market-share information. One expert determines damages to be $13,000,000, while the other finds the damages to be $115,000 (less than 1 percent of the higher amount)." Court makes its own calculation.
6.What about trade secret claims? Court finds that in this case they are preempted by copyright, since it is the same act CA is suing for on both bases.
D. Appeal of the case. Altai concedes infringement, damages on version 3.4 of Oscar. CA still claims that the rewrite violates its copyright.
1. Court affirms copyright decision.
2. Filtration approach: Take allegedly infringed program. Define levels of generality. At each level filter out what is compelled by function, public domain, etc. What is left is protectable--did the infringing work substantially infringe it?
3. Reverses preemption decision--trade secret claims are not preempted.
a. Issue--did CA arguably do anything wrong not already covered by copyright infringement claim?
b. Arguably should have been suspicious of its employee, hence might be liable under trade secret for wrongful acquisition.
c. Rewrite might have used trade secret information not protectable under copyright.
E. Lotus v Borland: Quattro spreadsheet had a compatibility mode that closely resembled Lotus 1-2-3.
1. Borland argued that the menu structure was compelled by functionality (frequency of use of commands) and ...
2. Compatibility with 1-2-3 Macros and ...
3. Was an idea not an expression
4. Court concluded that idea/expression line was between explicit command tree and idea of such a tree, hence explicit tree is expression. Compatibility mode infringes. Functionality determined by pre-existing hardware would not infringe; functionality determined by victim's macros does. Functionality by frequency of use unconvincing. (Qwertiop?)
F. Standard vs invention in ordinary copyright: Suppose your book uses the set of characters from my popular soap opera.
1. You do it because you want readers who know the soap opera to identify with the story, even though you think the characters, names, etc. are no better than ones you might have invented.
2. Actually, you wrote your book before my soap opera became popular--then changed the names of the characters and a few details to make your book fit my setting.
3. Is this analogous to copying the Lotus menu tree?
IV. Semiconductor Chip Act
A. This protects chip designs not programmed ROMs, since the ROM is a commodity and the program in it is not covered by the act.
B. It prevents cheap copying--recognizes that the structure is a valuable property.
C. Is it a cam protection act? It is like a plug mold statute or non-sexual reproduction of plant patent.
D. Perhaps there should be a new class of intellectual property: For anything where the object can be used as the master to make copies doing so requires a license. It substitutes for a difficult to enforce contract between seller and buyer that buyer will not use the good to make a copy.
V. Copyright--other issues.
A. Copyright on network "publishing." Is it a conversation, letter, publication?
B. Joint authorship of Multi-User-Dungeons. If a chess tournament is held, who owns the particular games (which someone might want to publish)?
C. Hypertext--can you copy a set of interconnections?
January 20, 1993: Patent Law
I. Patent--brief summary:
1. pre 1969, Patent office refused to patent software.
2. 1969, CCPA, which had jurisdiction over patent office, started to reverse the PTO and compel issuance.
3. 1972, CCPA was in turn reversed by the Supreme Court (Gottschalk v Benson).
4. 1972-1981 CCPA construed Benson narrowly, but few computer patents were issued.
5. 1981 Diamond v Diehr opened door to patentability without explicity overruling Benson.
B. Changing institutions:
1. Pre 1980, appeals from PTO decisions went to the CCPA, but infringement suits went to Federal district courts, then to circuit courts of appeals.
2. in 1980 the CCPA became the US Court of Appeals for the Federal Circuit and got exclusive jurisdiction over all patent related appeals.
3. The CCPA/CAFC has generally been viewed as more pro-patent then either the Federal circuit courts or the Supreme Court. These cases can in part be viewed as a long tug of war between it and the Supreme Court, which the lower court seems to be winning.
II. Requirements for patentability:
A. Statutory Subject Matter: [[section]] 101. Not law of nature (Funk Bros v. Kalo), algorithm, series of mental steps.
B. Utility: This has generally been a weak requirement. In the 19th century "useful" was interpreted as "not pernicious." Recent cases go a little farther, but not much.
1. Argument in favor of this position: If the invention is worthless then nobody will want to practice it, so the patent will be both worthless and harmless. The fact it is worthless means that inventors will not bear the cost of patenting useless inventions; the fact it is harmless means that if they do it does not matter.
2. Argument against: I might spend resources obtaining patents on presently useless inventions, in the hope that someone else's work might make them useful at some time in the future.
C. Novelty: [[section]] 102.
(a)Unless the invention was known or used, or patented or described or on sale, before the invention by the applicant.
Known means known to the public, not just to the inventor. In Egbert v. Lippman (19th century case) it was ruled that corset steels, worn in the corset of the inventor's girlfriend (later wife), were in "public use!" Date of invention is when the inventor had the idea, not when he applied for the patent--but he must be diligent thereafter.
(b) patented or described in a printed publication or in public use or on sale more than one year before application. ...
(g) someone else invented it first and did not abandon, suppress or conceal it.
Novelty involves two different issues:
1. Priority issue. Does someone else have a better claim to the patent? The answer is yes if he invented the idea first and worked diligently on it from then until he applied for the patent.
2. Was the invention already available to the public? The answer is yes if all elements of the invention were in some one place in the prior art before the applicant invented it or more than 1 year before he applied for the patent. This would bar Lotus from patenting the spreadsheet as an invention, since Visicalc was on the market before Lotus 1-2-3 was invented. It would bar Visicorp from patenting it after it had been on the market for a year.
3. Experimental use (beta testing) does not start the clock running, but other uses by the inventor do. If the reason you were using the product more than a year before you applied for the patent was in order to improve the product, you are not barred from getting the patent. If the reason was that you were getting information about how to market the product, you are. Save your bug reports.
D. Non-obviousness (at time of invention): If all elements existed in places where one skilled in the art could find them then the invention is obvious.
1. They do not have to be all in the same place.
2. An important issue here is what is the "relevant art." This is especially important with a new technology. If I have an invention in using computers for banking, is the relevant art banking, computer technology, both, ... ?
E. Registration must be prompt--the patent is barred by use or publication more than one year before.
F. Copyright covers an expression, not an idea. In a patent application, the description of the best mode of practicing the patent is one expression, but protection is for the idea.
III. Cases: Statutory subject matter
A. Is a program patentable?
1. Gottschalk v. Benson: Conversion of BCD to Binary
a. General process, claim to cover all uses, no: Morse's eighth claim.
b. General process that transforms an article yes.
c. May not patent an idea, this is an idea. Patent on an algorithm forbidden.
d. In later cases, CCPA held Benson to apply only to a process claim; programmed computer is an apparatus (In re Johnson, In re Noll). The CCPA held Benson to preclude process claims only when they would preempt all uses of the algorithm (In re Chatfield).
2. Parker v. Flook; Continuous updating of an alarm limit in hydrocarbon catalysis.
a. Treat algorithm as if already known. The invention then contains nothing patentable.
b. Simply adding insignificant post solution activity does not make an idea patentable.
c. A claim need not wholly preempt an algorithm to be barred.
d. "The only novel feature of the method is a mathematical formula ..." What about the use of that formula in a particular way for a particular purpose? Is continuous monitoring and updating a patentable idea? .
e. Should it be rejected as obvious rather than non-statutory subject matter? The dissent makes this point.
f. Judge Rich in Application of Bergy, Application of Chakrabarty USCCPA 1979, 596 F.2d 952 gives a good critique of Parker v. Flook; he is answered by Justice Stevens in his (dissenting) opinion in Diamond v. Diehr (i.e. Rich won). Rich argues that although the algorithm is unpatentable, the algorithm (or law of nature) may make the invention non-obvious. Otherwise are not all inventions obvious? The Court makes this point in Diehr.
3. Diamond v. Diehr: Curing rubber, continuous monitoring of temperature, continuously recalculate curing time, open press when done.
a. Looks like Parker v. Flook, but ...
b. Curing rubber is a process, gets in under [[section]] 101.
c. What changed between 1978 and 1981? The CCPA finally won out.
4. Is the issue nonpatentable subject matter ([[section]] 101) or insuff novelty and inventiveness ([[section]] 102,103)
B. A process using a program is patentable when? If not just an algorithm?
1. In re Abele:
a. Two steps: Treat mathematical parts as obvious, does what is left qualify as statutory material?
b. Not patentable if it wholly preempts an algorithm or would do so save for limiting to a particular environment.
c. Algorithm is not patentable, application of an algorithm is.
2. In re Meyer: A general approach to analyzing systems is analgorithm, not patentable.
3.In the Matter of the Application of Bradley. Way of running multiprocessing computer.
a. How it does versus what it does. Former is mathematical (everything in a computer is mathematical in this sense), latter need not be.
b. In this case what it is is a new machine.
c. What it does is to move stuff around inside computer memory (including registers).
C. What is an algorithm?
1. Anything expressed in math (PTO)
2. A procedure for solving a mathematical problem (CCPA)
3. So a computerized language translator (Toma) is all right--the method is mathematical, the problem is not.
4. And the unpatentability of algorithms does not forbid patenting all programs.
5. Rich strongly hints that the justices are mathphobes--they reject mathematics, even thought it is the appropriate language for describing some inventions.
D. What are patentable arts? Translation and running a business count (Toma and Paine Webber)
IV: Cases--everything else
1. Dann v. Johnston: keeping track of checks. Whether or not statutory, it is a trivial advance over the existing art.
2. Orthopedic Equipment v. U. S. ditto. Should this apply to Paine Webber?
3. What is the relevant art? Might the non-obvious part of the invention be the discovery of what art is relevant to solving this particular problem? Example: Application of multidimensional voting theory to figuring out what books someone will like.
4. What does one skilled in the art know? Hindsight problem. Visicalc is obvious according to the judge in Lotus v Paperback!?
B. Disclosure: You must describe the best mode you know of practicing the invention and provide enough information to enable its practice.
1. Can you combine trade secret and patent by making the practice of your invention depend on the use of proprietary technology? No; disclosure is the price of protection. So ...
2. If the best, possibly only, mode uses a trade secret, it must be revealed.
3. White Consolidated v. Vega: Is the person skilled in the art here much worse informed than in discussions of nonobviousness?
C. Doctrine of equivalents (and reverse equivalents):
Mead v A.B. Dick: DIJIT uses the same elements in a different way to achieve a different result. Maybe Sweet and Sweet-Cummings are both valid, and both should be required for DIJIT?
V: Present state of patent law re computer programs.
A. Programs are patentable (CCPA); the Supreme Court has not ruled.
B. A mathematical algorithm is not itself patentable but might be part of a patentable invention.
1. So the first question is whether the rest of the invention makes up statutory material.
2. If the algorithm is applied to physical elements or process steps, beyond trivial post-solution activity etc., the invention may be statutory.
Query: Is not a progammed computer a machine? Would patent law apply differently to exactly the same machine if everything was hard wired? Why?
Query: Is there a special commons problem in a new field?
1. In an old field, almost everything that is obvious and useful has already been tried, so is non-novel and cannot be patented. In a new field there may be lots of obvious and useful ideas that have not been tried yet, but will be next week. If I can get a patent on them this week, I am better off at the expense of everyone else.
2. In a new field, it will be particularly hard for judges to tell what is non-obvious, since the judges are unlikely to understand the field. Consider when the current Supreme Court Justices were born. Patent more than copyright issue--if copyright is narrowly defined.
January 27, 1993: Trade Secret
I. What is a trade secret? Is it property?
A. Trade secret law defines the rights of someone whose other legal rights have been violated in certain ways. A trade secret is not itself property in the ordinary sense, since the owner has no recourse against someone who gets it without breaking a contract, tresspassing, etc.--for instance by reverse engineering or because the owner was insufficiently careful about protecting it. But...
B. Dupont v Christopher is the one important piece of counter-evidence. Aerial photographers photographed an unfinished Dupont factory, apparently to learn about a new process. The court ruled that doing so violated trade secret law.
II. Requirements for protection
A. It must be a secret: not widely known, reasonable efforts to protect.
1. Why require reasonable efforts to protect?
a. As evidence that you really value the secret.
b. So that employees are on notice as to what information they cannot take with them and use.
c. But this prevents a "purloined letter" defense--keeping something secret by not protecting it in order that nobody will realize it is valuable.
2. Dickerton v Tiverton: Low development effort by Vail suggests he copied. So does the similarity of his product to what he is alleged to have copied (cosmetic differences only). There was adequate protection--Dickerton had a secrecy agreement with Tiverton, Vail as an employee of Tiverton was bound by it. Demonstrations of the product were given without restriction, but did not show enough of the product for someone to copy it.
3. Jostens v National Computer System:
a. Common material in the software for the two CAD/CAM systems may have been from off the shelf modules, so it does not prove copying.
b. It is not clear what Jostens claimed the secret was, since most of what went into their system was well known in the industry.
c. There were no precautions to keep it secret--Jostens permitted the employee to give a presentation, write an article on it. There was public access to plant (for a while)
d. No misappropriation: Jostens did not make it clear to employees what was protected.
e. Is there a problem if Titus was the manager of his own program? If the employee who might appropriate a trade secret is also the only person in the firm who understands the subject well enough to know what needs to be protected how (because he is their computer expert), should failure to protect leave him free to leave and take the secret with him?
f.There was inadequate (no) consideration for Titus's non-disclosure contract (he was required to sign it well after hiring and received no additional benefit for doing so).
4. Data General v Digital Computer Controls:
a. Protection by contract of a "secret" that could not be protected in fact.
b. Customers signed the agreement, documentation had warning label on it.
B. It must have been misappropriated (but Dupont v Christopher is a counter-example)
1. Reverse engineering is legal.
2. Copying with no wickedness is legal (unlike the case in copyright law).
3. Employees have a duty of loyalty even if they have not signed any special agreement, but employer must make it obvious what are secrets.
4. Q-Co Industries v Hoffman: The distinction between employee's skills and previous employer's trade secret may be a fine line. The defendant was producing a PC program from an Atari program that he wrote for the plaintiff.
III. Why use trade secret to protect your idea instead of copyright or patent?
A. You might not be sure it qualified for the other forms of protection, especially as the relevant law was changing.
B. You might be worried about foreign or covert pirating.
C. You might want longer protection--but that seems unlikely to matter in the computer context.
A. by Patent law? What does implicit preemption mean? Does a state, by hiring people as policemen who might otherwise become marines, interfere with the purpose of congress in authorizing the Marine corps? Why is this different from a state that provides protection to intellectual property beyond that offered by congress?
1. Sears v Steiffel, Compco v Daybright. State protection that is the equivalent of a patent for something unpatentable under federal law is barred.
2. Kewanee v Bicron--state trade secret protection in general is not barred. The Court attempts to make the answer obvious, by claiming that trade secret protection would practically never cause someone with a patentable invention to keep it secret instead of patenting it.
B. By Copyright law: [[section]] 301 explicitly preempts "All legal or equitable rights that are equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106 ... and come within the subject matter of copyright as specified by sections 102 and 103..." but not "activities violating legal or equitable rights that are not equivalent to any of the exclusive rights within the general scope of copyright as specified by section 106."
1. C.A . v Altai, the question was whether the trade secret claims were preempted. The district court said yes. The appeals court said no, both because trade secret claims might be broader (violation of trade secrets that were not copyrightable) and because they were different (telling Altai the secret violated trade secret law, and if Altai should have suspected it then Altai was at fault even before the copyright was infringed).
2. M. Bryce and Associates v Gladstone: Not preempted in the general case. 1909 copyright act governs the case, 1976 act provides some evidence of congressional intent.
V. Employment contracts
A. Non-competition agreement as a substitute for trade secret protection
1. Why would you ever prefer to use non-competition agreements?
2. Because it may be hard to prove the trade secret violation.
B. Why they would be efficient re contracting parties.
1. Signing a non-competition agreement is a cost to the employee, since it limits his future mobility. So if he would just accept a salary offer of $X without a non-competition agreement, he will decline it with a non-competition agreement. Employer will have to pay $X+$E in order to get him, where E is the cost to the employee of being bound by the agreement.
2. So the agreement will be signed only if it is worth more to the employer than it costs the employee.
3. This makes it efficient with regard to them, but not necessarily if one includes effects on others--especially customers who might buy from the competing firm if it got started. One might view a non-competition agreement as a sort of ex ante cartel among the people (firm and top employees) who might otherwise compete with each other.
C. History of non-competition agreements, 18th c. to present:
1. Initially enforcable only if limited in time and space and for reasonable consideration.
2. By the late 19th century the limits were almost entirely gone, at least in England.
3. The 20th century reversed this trend. Currently in the U.S.:
a. The protection must be the minimum required for employer's legitimate purpose.
b. The restriction must not be unduly costly to the employee.
c. It must not be unduly costly to public via restriction of competition. This seems, from an economic standpoint, the most defensible restriction. It is also, legally, the least important.
1. C-E-I-R, Inc. v. Computer Dynamics Corp.
a. The employees clearly used their position to set themselves up to start a new, competing firm."
b. Is what they were doing merely "preparation to leave" or "solicitation of customer?
c. Is their secrecy evidence of bad faith, or just reasonable prudence?
d. There was a confidentiality agreement but no non-competition agreement. They lost anyway for violating their obligation of loyalty to their employer.
2. Business Intelligence Services, Inc. v. Hudson
a. On the face of it, the restriction is a reasonable one; limited in time but not space. Nordenfeldt (British 19th c. case) held that a contract unlimited in space was reasonable where the firm did business all over the world.
b. Was the contract fraudulently obtained? The court decided maybe not and enforced it.
3. Evans Newton Inc. v Chicago Systems Software: Adapting a program from calcualtors to micro-computers.
a. Who owns the work? The author unless he is an employee making the work within the scope of his employment or the work was specially ordered or commissoned--which requires specific agreement.
b. Employee here has a broader meaning than in common use, may include a subcontractor.
c. The court canceled punitive damages and award of attorney fees, because the infringement occurred before (c) registration.
4. BPI Systems, Inc. v. Leith: Contract programmer produces a program for pay, then produces his own copy. It was not a work for hire, so he retains the copyright. Whether the purchaser has the copyright depends on supervision (which makes a subcontractor count as an employee), or written agreement.
5. Amoco Production Company v. Lindley: Employee produces a program despite opposition by employer--who owns it?
a. What is "invention" as included in the contract? A program is not an invention because not patentable???
b. Company did not pay, as specified, for assignment.
c. No evidence that it was treated as a secret (unlike the company's competing design).
d. Form contracts are construed against the author. Amoco loses.
6. Institutional Management Corporation v. Translation Systems Inc.: Translating stenotype tapes.
a. Is this a joint venture? If so, replevin is inappropriate since the property is owned jointly.
b. The existence of a joint venture may be implied rather than explicit, but it requires sharing profits and losses, also sharing control. Not the case here.
Contracting for Software and Systems: February 3, 1993
I. Distinguishing goods from services--different law often obtains.
A. Conceptual problem.
1. A program seems like a good, but programming like a service.
2. Is it like a consultant's report--a service embodied in a good?
3. As in that case, what you buy is really information not an object--you are paying for what is on the disk or the paper.
4. Often a contract involves both hardware and programming.
B. RRX Industries v. Lab-Con Inc.: The program is a good, even if bundled with services. California Commercial Code applies only to goods.
C. Data Processing Services, Inc. v. L.H. Smith Oil Corporation: The trial court found that the custom program was a good. The appeals court found that the programming was a service. But it upheld the trial court's verdict on the grounds that "DPS breached its implied promise of having the reasonable skill and ability to do the job for which it contracted." Is that a new "computer malpractice" doctrine?
D. Leasco v. Starline: Leasco was lender holding security interest, not a real seller. Therefore it is not responsible for defects under UCC and the clause in the contract disclaiming responsibility is not unconscionable. The Dissent argues that Leasco is like a seller for UCC purposes.
E. Most states impose sales tax for goods but not for services. So the parties have a tax interest in treating the contract, so far as possible, as one for services.
II. Terms of the contract.
A. Is drawing up a contract simply a matter of buyer vs seller, with each side trying to insist on terms that favor it? Not quite ...
B. The price will be affected by the terms. A change that makes one party $10,000 better off and the other $5,000 worse off is in the interest of both--if price is adjusted by at least $5000 in the right direction.
1. Why is limitation of consequential damages non-negotiable? Because it is almost always worth much more to the seller than it costs the buyer.
2. So a lawyer negotiating a contract has two jobs. He wants to know what terms are in his client's direct interest (in order to favor them unless the other side is willing to give up something in exchange for getting its way) and he wants to know what terms are efficient--so that he can suggest including them, with appropriate price adjustments to at least compensate his client for any resulting loss.
C. Who owns the copyright in a computer program? Who should own it?
1. Who owns it was discussed last week. Who should own it? ...
2. If the reason to own it is to sell or license additional copies, who can best resell? If the program is specialized to an industry and the programmer knows nothing about marketing things to that industry, the customer for whom the program was written is probably the one who should end up with the copyright. But ...
3. If the program, or elements of it, can best be used in some entirely different industry, the programmer may be the one who can best resell and should retain the copyright. This is especially likely if reselling involves integrating copyrighted material into a new program.
4. The copyright might be worth more to the customer for monopolistic reasons. If the programmer owns it, he might license it to a competitor of the original buyer without taking account of the resulting loss to the original buyer. So the first buyer may be willing to pay more for exclusive rights to the program (i.e. copyright ownership) than the seller can get from the second (and third and ...) buyer.
D. Who owns the source code? It is necessary in order to modify the program or fix bugs. Even if the firm is willing to have the programmer keep the source code (and maintain the program), what happens if he goes out of business? One solution is to keep a copy of the source code in escrow--but if the programmer's firm goes bankrupt, the trustee may be able to claim the code.
E. It is important to define carefully the terms of the contract, especially because of problems with a new technology and associated new law. Arbitration is likely to give more expert decision making than the courts.
1. Until acceptance has occurred, buyer may insist on a perfect tender.
2. So it is important to define when acceptance occurs.
a. NCR v. Marshall Savings and Loan: NCR says it is installed and ready for use, Marshall does not deny it, it is.
b. SHA-I v S.F. The parties define by contract what counts as satisfactory behavior of the program. In drawing up such contracts, realistic tests are more relevant than benchmarks but harder to define objectively. If SF had had more realistic tests, it might have gotten away with its attempt to renig on its contract--a reason for seller to oppose such tests.
1. Fargo v Kearney & Trecker Corp.
a. What are the requirements for excluding implied warranties? "Conspicuousness."
b. What is "free from defects?" Not perfect, but "does what the trade expects it to do."
c. Can Fargo argue from breach of warrantee to revocation of acceptance? They did not act appropriately for a buyer who wanted to revoke--kept using the machine. No.
2. Sperry Rand v. Industrial Supply Corp.
a. Does an integration clause exclude implied warranties?
b. Does New York (where the contract was signed) or Florida (where everything else happened) law apply? Answer--Florida.
c. Under Florida law, there is an implied warranty for the particular use intended if the seller knows of the use and is more knowledgable than the buyer.
d. Industrial Supply leased for a few months, than bought. Does this count as inspection? Not enough.
e. The integration clause only bars implied warranties that are inconsistent with express warranties; it does not bar ones on a different subject that are not inconsistent with it.
f. The written warranty trumps any verbal warrantee (given an integration clause), but does not trump implied warranties that happen to have also been made verbally.
3. CSI v. NCR: The problem is how to measure damages. The disclaimer limiting liability was not enforced because the contract remedy was irrelevant--NCR was unable to make the system perform as promised.
a. expectation damages are calculated as if price = value.
b. The calculation adds in the cost of employees who should not have been needed if the system performed as claimed. But saving those employees was one of the things CSI expected to get for the price of the system, so giving them back both the price and the cost of the employees is double counting.
4. Second round: Disclaimer of consequential damages enforced, of damages for breach not enforced.
a. The former was enforced because it was an allocation of risk between equal parties.
b. Fair market value vs contract value--buyer is entitled to the benefit of the bargain.
c. Are the numbers the court came up with believable?
G. Tort bases of action. Common law fraud or innocent misrepresentation.
1. Black, Jackson and Simmons v. IBM: IBM recommended hardware and software which turned out not to be compatible with each other.
a. Court: Economic losses normally cannot be recovered under tort, since permitting such recovery prevents the parties from settling the terms of their agreement by contract. but ...
b. Exceptions: fraud or negligent misrepresentation.
c. Seller must be in the business of selling information. Not here.
d. Can BJS recover for non-economic damage (their president was very upset about it all)? "A corporation cannot sustain emotional distress."
2. Accusystems v. Honeywell: Equipment and software did not perform as claimed, had not been tested as claimed. The former might be an honest mistake, the latter ... .
a. There was no negligence--Honeywell did its best to fix the (unfixable) defects.
b. There was fraud, since Honeywell knew that testing assertions were false.
c. Contractual time bar in contract does not apply to fraud in inducement to sign.
d. The customer finally got a straight answer when he talked to one of the engineers who had helped design the system. Conjecture: The executives did not know the system didn't work, and did not want to know. It looks like organizational failure within Honeywell.
III. Licensing: ordinary licensing, shrink wrap licensing.
A. Customer licensing agreements:
1. In Re Select-a-seat corp. Fenix Cattle Co. v. Silver--bankruptcy case.
a. A license is an executory contract if some payments and performance are still to be made.
b. Was the exclusive licensing right property, which bankruptcy court could not set aside the transfer of? Physical property and license yes, exclusivity no.
2. Will v. Comprehensive Accounting: Tying contracts (customer who buys software agrees to use seller's hardware, or vice versa) are still questionable outside of the Seventh Circuit.
B. Shrink-wrap licensing.
1. Burke & Van Heusen, Inc. v. Arrow Drug, Inc.: (c) holder licensed production of records to be used as premiums with sale of shampoo. Shampoo Co. sold the records separately. Does this infringe (c) law?
a. Plaintiff is trying to use copyright law to enforce contractual obligations.
b. No--first buyer has satisfied (c) law, although not necessarily abided by his contract.
c. The question is not whether the first buyer is liable for breach of contract, but whether the second buyer is liable for copyright infringement. The answer is no.
d. This is relevant to computer software, because shrink wrap licenses are a similar attempt to use copyright law to enforce a contract.
2.Vault v. Pro-Lok: Combining trade secret law with shrink wrap licensing.
a. Is reverse engineering an improper means when it violates a shrink-wrap license?
b.Under Sears and Compco, the use of state law to ban reverse engineering is preempted.
c. SLEA is preempted by copyright act when it prohibits all copying (contradicts (c) ) and when it preempts the making of derivative works (covered by (c) ).
d. The licensing restriction on disassembly of the code etc. goes to the software manufacturer who buys Pro-lok diskettes--does it bind his customer? Sounds like Burke & Van Heusen.
3. Is the transfer of software a license or a sale? Is licensing an attempt to get around the UCC?
4. Posting copyrighted program on bulletin board for downloading. Is it illegal? Why?
a. One could argue that making the program available is a "performance," and covered under the parts of the copyright act that regulate performing copyrighted works.
b. One could argue that the bulletin board owner is guilty of contributory infringement. Is there a legitimate non-infringing use? Trying the program on the host computer?
c. Of course, the people who download are violating copyright--but it is much harder to enforce your rights against a thousand downloaders than against one bulletin board.
C. General Issue: Why is the law reluctant to enforce complicated forms of property (shrink wrap licenses, real property with encumbrances, ...)?
1. Because it is too much trouble for the courts to keep track of complicated bundles of rights.
2. Because the courts consider those bundles positively undesirable.
a. Shrink wrap licensing as a way of enforcing a perfectly legal right--making illegal copying harder. Do we ever want to make it hard to enforce legal rights?
b. Is one argument against the death penalty that it makes punishment too cheap and easy?
c. Dawson Chemical Co. v. Rohm and Haas Co. A patent on a process (use of propanil as an herbicide in rice cultivation) was enforced against farmers by only licensing those who bought Propanil from Rohm and Haas and suing other sellers for contributory infringement. Propanil a "nonstaple" (i.e. no legitimate, non-infringing uses). R&H won.
d. Fancy license provisions might be devices for discriminatory pricing. One could view a license restricting use to one machine as a a way of getting a high price from customers who value the program highly because they have several machines. Discriminatory pricing may or may not be a bad thing--the economic question is a complicated one.
2/10/93: Computer Torts
I: Computer torts--non-privacy issues.
A. Liability for computer error (frequently human error in fact):
1. Johnson v. Continental Insurance Co. Error by firm, using a computer, but not a willful error.
2. Price v. Ford Motor Credit Co. Defendant often paid late. Error by Ford made defendant appear to be 2 months late when she was not. Ford said it would check claimed payments before repossessing, made no effort to do so. Are punitive damages appropriate?
a. Punitive damages are for "Wilful, wanton or malicious misconduct." "wrongful act intentionally committed and without just cause or excuse." Having merely made a good faith mistake is a defense.
b. Ford's individual agents did not know they were in the wrong, but ...
c. Ford as a unit did--if you combine information held by several agents.
d. One agent acted in bad faith as well.
e. Punitive damages affirmed.
3. Pompeii Estates, Inc. v. Con Ed of NY, Inc. Turned off electricity in an empty house for nonpayment.
a. Con Ed mailed out notice--to the empty house. Met the letter of the law, but ...
b. Should have known it was an empty house, thus was negligent, given the potential damage.
4. Gulf Life Insurance v. Folsom: "An action for money had and received." Folsom collected cash value of life insurance twice, second time due to computer error by Gulf. Asked for it a third time, Gulf noticed error and asked for their money back. State law has two sections covering such mistakes, one of which seems to say they do not get the money back, one that they might.
a. District court--Gulf loses the money, must pay third time too!!!
b. Is a computer error analogous to a person "forgetting" something, so not knowing it?
c. Is the computer error negligent? (This does not seem to affect the result under either section, but may effect the "balance of equities.")
d. Was the defendant (Folsom) acting in good faith? With due diligence?
e. Court concludes that plaintiff, even if negligent, should get the money back if the other party will not be prejudiced thereby--subject to a weighing of the equities.
f. Partial Dissent: Plaintiff should always recover if defendant is not prejudiced thereby.
g. "Prejudiced" here seems to mean "worse off than if he had never received the money."
h. This is analogous to requiring a party who innocently received and used a misappropriated trade secret to stop using it, unless that makes him substantially worse off than if he never had it (as where he has just built a new factory using the secret).
B. Strict liability for injury under modern product liability law usually does not apply to services. Aetna Casualty and Surety Co. v. Jeppesen & Co.
C. Computer malpractice? Should such a tort exist?
D. What about liability for not using a computer, or not using it properly?
1. The T. J. Hooper: the same issue with an older technology (using radios to get weather news).
2. Torres v. N. American Van Lines: Is failure to use a computer to check compliance of employees to a safety regulation (not driving too many hours) negligence? Yes. Is it important that the firm may have wanted to evade the safety regulation?
3. Hermes v. Pfizer (1988). Duty to warn of a possible permanent side effect of an antidepressant. There seems to have been evidence of a temporary side effect, possibly not of a permanent one. How much is the drug company obligated to know?
4. Akins v. District of Columbia: Plaintiff was wounded by an armed robbery; the perpetrator was out on bond because judges did not have complete information on his record due to computer error (and the failure to get the records manually).
a. D.C. is clear because, for neglect of a public duty, officer is amenable to the public, punishable by indictment but not by civil suit.
b. IBM is clear because the act was not highly foreseeable, which is a required condition for liability when a criminal act is an intermediate cause of the damage.
III. Computer torts--informational issues
A. Injury to reputation by computer error
1. Datacon, Inc. v. Dun & Bradstreet: D&B erroneously reported Datacon was out of business, corrected the error when pointed out to them.
a. Is the standard negligence or malice?
b. D&B has conditional privilege as a seller of information to subscribers, so malice is required for liability. Datacon loses.
2. Thompson v. San Antonio Retail Merchants Association.
a. Credit agency erroneously confused two people with similar names.
b. Plaintiff was denied credit at Wards because of false bad credit report.
c. Credit agency did not notify Wards of its mistake until about four months after the error was pointed out--and after Thompson sued.
d. Credit agency was ruled negligent in the original error, liable.
e. All of this was under federal statute, not common law. 1970 Fair Credit Reporting Act
3. General issue of information, libel. Why is it the libelled person who counts as injured--he has no right to credit, job, customers, etc? One answer is market failure on the information market--dispersed harm to hearers. So purchased information may be a special case.
B. Privacy (should there be limitations on true information? Probably true info?)
1. Is privacy more or less of a problem now than in the past?
a. Much less--consider small town vs city. The computer only partly reverses this ...
b. The modern credit agency knows less about you than your neighbors would have known.
c. Does freedom and autonomy include a right to commit fraud? What about "social fraud"--being friendly with people who would not be if they knew the truth about you?
d. Is having information with some errors more unfair than if the information was not there at all, so that people would be treated the same independent of the truth about them?
e. Does a right not to have misleading information in your file improve the accuracy of the reporting system? There may be useful information that they cannot prove is true.
2. Tureen v. Equifax, Inc. Report said insured had applied for a lot of life insurance in the past.
a. No snooping--the source of the information was the company's own records.
b. Collecting and retaining the information had a legitimate use, not invasion of privacy.
c. No publicity--information went only to the client who asked for it. Plaintiff loses.
d. Dissent: Holding the report in company's files, from which the report might be sent to many others who requested it, is sufficiently public.
e. No real damage was done by the report, although the court does not discuss that.
3. Robert P. Whalen v. Richard Roe. Can NY state maintain a file of names and addresses of those who have gotten a prescription for controlled substances?
a. Precautions by state--barbed wire, locks, 17 people have access, 24 might get it.
b. After 20 months, data had been used in two investigations.
c. District court enjoined enforcement of that part of the statute as a needlessly broad infringement on the privacy of patients.
d. Supreme Court: Legislation that has some effect on liberty or privacy need only be a reasonable attempt to achieve a legitimate state goal; it cannot be enjoined just because the court thinks it is unnecessary.
4. Paul v. Davis: Police chiefs publicly described someone as a shoplifter who had been charged but not convicted; the charge was eventually dropped.
a. Davis was warned by his employer to stay out of further trouble; he sued police chiefs, asked damages and an injunction. District court granted a defense motion to dismiss.
b. Appeals court held that he was denied due process of law. Publishing a description of him as a shoplifter was punishment without trial.
c. Supreme Court: This should be a defamation case under state law, not a federal case.
d. Supreme Court: Davis' position implies that almost any injury inflicted under color of law violates the 14th amendment. He loses.
e. Dissent: the 14th amendment and the related statute were designed to keep state officials from violating individual rights under color of law--which this is.
f. Query: Is there an important difference here between violating someone's rights by arresting him (which only the state can do) and by libelling him (which anyone can do)?
February 17, 1993: Privacy and Encryption
I. Two Approaches to Privacy: So far we have been considering protecting privacy by regulating the ways in which people who have information can use it. An alternative approach is for people to control information they want kept secret.
A. This is analogous to two approaches to freedom of speech:
1. Consider a centrally planned economy, where presses, paper, etc. belong to the state. It could try to maintain freedom of speech by laws requiring government run publishers to be open to dissenting books, etc.
2. The alternative is to give people strong rights to say things, have the necessary property widely dispersed.
3. Method 1 has been used widely for broadcast media (BBC, FCC, etc.) and published media in communist countries. Method 2 seems to give a lot more diversity. Free speech v "Fair speech."
B. Real control over information means that you can prevent others from getting it, not just sue them if they use it in ways the law says they should not.
C. Computer technology can provide such control, via encryption.
D. The same government that passes laws to protect privacy by method 1 tries to prevent or slow down the developments that are implementing method 2.
1. By using restrictions on export of products involving cryptography to slow the development of cheap, good, widely available products.
2. The FBI has proposed legislation to require networks, phone companies, etc. to provide facilities for tapping, or to only use setups preapproved as tappable (two different proposed bills, neither of which has been introduced so far).
E. Possibly with reason. As we will see, strong privacy enforced by technology has bad as well as good uses. These developments weaken the power of the state (and others) to know what people are doing--which may be good or bad.
1. If you believe the state only does good, then the benefit of such technologies is protection against private snooping, the cost is limiting the state's ability to do good.
2. If you believe the state has its own purposes, not identical to yours, then the restriction on its ability is in part a benefit.
3. This roughly corresponds to the distinction between the "philosopher king" view of government and the "public choice" view--although the latter is not the only example of a view sceptical of the benevolence of government.
II. Encryption: The technology
A. One time pad.
1. Unbreakable in principle.
2. Requires exchange of pads. With modern technology (optical disk?) one such exchange could provide for tens of thousands of pages of messages.
B. Public Key Cryptography.
1. Generates two keys, each of which can decrypt messages encrypted by the other.
2. It is believed that there is no practical way of deducing one key from the other.
3. It is believed that, if the key is sufficiently long, decryption is not practical--although it is theoretically possible given enough time and computing resources.
C. Concealing the origin of messages:
1.Anonymous remailers (Mixes). Encode the forwarding address using the remailer's public key; only he can decode it (and forward); he cannot decode the (encoded) message.
2. Anonymous return address. Inside your message (encoded with the recipient's public key) is the address of a remailer and your address encoded with the public key of that remailers.
2. Dining cryptographers. If everyone is sending a continuous signal, it is possible to arrange things so as to conceal which of them is the source of the message (read the article).
III. Encryption--weaknesses of.
A. Cracking a code. May be possible (except 1 time pad)
1. Either with enough computer power (our unbreakable code may be child's play in twenty years)
2. Or by being very clever. Sometimes there is an ingenious way to solve a particular decryption problem that nobody has thought of before.
3. Or by deliberately designing the encryption algorithm to be vulnerable to a trick only you know of, then getting other people to use that algorithm. It has been suggested that the official algorithm promoted by the government may be of this sort.
B.The code is only as safe as the key.
1. A one-time pad is no use if the snoop somehow got a copy.
2. Your private key must be somewhere (an 80 digit string of numbers and letters is hard to memorize). A snoop might find it in your computer, or your desk drawer.
C. Spoofing the system
1. Someone who wants to read your mail for the next few days sends out a message claiming to come from you, with your return address, but with his public key. He intercepts return mail to you and reads it--until you notice either missing messages or messages you cannot decode.
2. The solution to this is a physical exchange of keys, or the use of trusted intermediaries, or a published "phone book" with public keys in it.
3. Someone could pretend to be an anonymous remailer and keep track of what gets forwarded to him.
4. The solution is to use a series of anonymous remailers. As long as one is real, who sent what to whom stays secret.
IV. Uses of the technology:
A. Ordinary privacy.
1. Why EMail needs privacy more than mail, phone.
a. Reading mail requires physically getting the mail and tampering with it.
b. A phone message is going from one place to another, can be tapped only by sticking a wire where it is not supposed to be, or the electronic equivalent. But ...
c. An EMail message on the Internet is relayed from one computer to another until it reaches the recipient. Someone controlling any one of those comptuters could read the message en route.
d. So something like public key cryptography may be the only way of getting privacy with EMail.
2. Everyone has his public key in the phone book. Any time you want to send a message you easily and routinely encrypt it with the recipient's private key. Now nobody, with any tapping technology, court order, or anything else, can read my mail.
3. Is this a good or bad thing?
a. It provides strong privacy for ordinary citizens.
b. It makes it possible for firms, which require some secrecy to protect internal information, to use EMail on something like the internet. But ...
c. It also makes it possible for illegal firms to communicate privately with each other and customers.
B. Digital signature to verify identity: Encode your message and name with your private key. If it makes sense when decoded with your public key, you must be the one who sent it.
1. Useful for banking, broker's transactions, etc. Pay by computer.
2. Also useful for illegal firms.
C. Digital cash--Can one get the anonymity of regular cash for something to be used on a computer net?
1. Bank encrypts with private key "pay the bearer $1. Serial # ..... ."
2. Anyone can check, using the bank's public key, that that is what it says. But ...
3. This is a check, not cash. The bank can match withdrawal and return, thus observing my transactions (unlike cash). I can spend it three times--like bouncing checks.
4. How can one do better? There is apparently an answer, but a complicated one.
D. Brand name reputation on illegal markets. Get out public key once, it defines the firm.
1. Firm can send out messages, define protocols for payment, etc. using anonymous remailers. No secrecy, since anyone can decrypt the message with the firm's public key, but since only the firm could have encrypted it, the message must be from that firm, not the police.
2. Firm can receive messages without interception risk, but ...
3. How do you manage a secure mailbox for receiving mail from potential customers?
a. Foreign EMail address.
b. Create new addresses, use them as remailers. Can customers use them faster than enforcement closes down?
c. Messages published--bulletin board, NY Times ad, etc., but ...
d. Enforcement may try to block such, since protocols are public.
4. How do you keep the police from identifying sender? Dining Cryptographers? But being on that is suspicious. Anonymous remailers.
V. Computer Crime: A recent news story reported on the closing down of "Rusty and Edie's"--a computer bulletin board supposedly used to make available a large number of commercial programs for illegal copying. According to the story there were 14,000 subscribers, each paying $89/year, for about $1 million/year revenue.
A. Before drawing numerical conclusions, note that such news stories come from the prosecution; we do not know Rusty and Edie's side of the story.
B. It is worth contrasting the early stories on the Steve Jackson and other Operation Sun Devil cases with what the truth turned out to be. The reported value of the file that Craig Neidorff stole from Bell South went from $79,000 to $13 in the course of litigation.
C. Does this raise the question we discussed--whether the bulletin board (as opposed to the customers) is doing anything illegal. Suppose the operators said they kept the programs available so that people who legitimately owned them would not have to worry about keeping backups?
Back to my home page.