Sunday, February 21, 2016

The FBI, Apple, and the Importance of Jurisdiction

Jurisdiction is important when dealing with the law.  Courts as a rule do not have the power to decide every issue brought before them.  A small claims court can’t decide a million-dollar contract dispute.  An Alaskan state court can’t evict a tenant living in Manhattan.  A federal court typically does not have jurisdiction over purely state law criminal prosecutions.  Jurisdiction, in other words, is extremely meaningful.  And jurisdiction just might play an important role in deciding the present dispute between the FBI and Apple about the San Bernardino shooter’s iPhone.

The scenario reads like a thorny law school exam fact pattern.  The FBI holds a seized iPhone used by one of the terrorists who killed 14 of his co-workers in San Bernardino in December 2015.  The phone belongs to his employer, which has given its consent to a search of the phone and its data.  The data on the phone is encrypted, and cannot be read by the FBI.  The phone is password-protected, and if the FBI makes more than 10 incorrect password guesses, there is a very strong danger that the current encryption key will be destroyed and the phone’s data will, for all practical purposes, become unrecoverable. 

Apple owns the phone’s operating system.  It is uniquely positioned to help the FBI by revising the phone’s software to disable the 10-or-dead feature.  The FBI has requested Apple’s help; Apple has refused, and the FBI has secured a court order directing Apple to assist the FBI.  Apple, in an open letter to its customers, indicated it will challenge the order, citing its concerns about building what it says is a currently-nonexistent “backdoor” into its iOS operating system that could compromise security for its millions of users worldwide. 

In its application to the court, the FBI argued that the proposed software would only be usable for this one iPhone, because it would be keyed to the specific hardware id associated with that iPhone.  Apple quite clearly disagrees: “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

Apple’s concern for the privacy of its users appears to be reasonable.  If it is forced to develop software designed to defeat the 10-or-dead feature on this one iPhone, that software could work on any iPhone, provided that iPhone’s unique id is substituted for that of the phone used by the San Bernardino shooter – a relatively trivial change.  A flood of court orders compelling Apple to use the same software for other locked iPhones could follow.   

The dispute shines a spotlight on important privacy issues that affect all of us.  Tech companies and the government have been arguing for years about encryption.  The tug-of-war between the need to keep user information private and the government’s need to investigate crimes has been the subject of ongoing debate.  The recent revelations about the extent of warrantless government surveillance has shone a spotlight on what many believe are abuses by the government of citizen privacy, and has resulted in stronger encryption regimes for consumer communications devices and systems.

In the Apple case, the order sought by the FBI (read the FBI's application here) was signed the very same day the FBI asked for it, which suggests that the court simply accepted the FBI’s argument without giving it too much scrutiny.  (The order was sought ex-parte, without Apple’s participation.)  The FBI relies on the All Writs Act, a law dating from our nation’s infancy, to support its request.  The act is sort of a catch-all for federal courts, providing that “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”  The government argued, and the district court agreed, that the act empowered the court to issue its order directing Apple to help the government defeat the 10-or-dead feature on the San Bernardino iPhone so that the government may attempt to crack the phone’s password. 

Apple has not yet filed its opposition to the court’s order.  There are a number of arguments it can be expected to raise; some of them were highlighted in its customer letter: “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

One potential argument not mentioned by Apple is that the court’s grant of the FBI’s request is an impermissible application of the All Writs Act because the order was not “necessary or appropriate in the aid of” the court’s jurisdiction.  This argument formed the basis of the dissent to one of the key cases the FBI relies upon,  United States v New York Telephone Co., 434 US159 (1977)

In New York Telephone, the Supreme Court in a 5-4 decision held that the district court had the power to issue an order under the All Writs Act directing New York Telephone to lease certain phone lines to the FBI to permit it to secretly install a pen register to record phone numbers dialed by a suspected gambling operation in New York City.  In his dissent, Justice  Stevens argued that this was an improper extension of the act’s scope because the order requested by the FBI in that case was not one that would “be in the aid of [the court’s] duties and [the court’s] jurisdiction.”  434 US at 189.  “The fact that a party may be better able to effectuate its rights or duties if a writ is issued never has been, and under the language of the statute cannot be, a sufficient basis for issuance of the writ.” Id. (my emphasis).    

The following paragraph from the dissent could have been written to cover this very situation: 

Nowhere in the Court's decision or in the decisions of the lower courts is there the slightest indication of why a writ is necessary or appropriate in this case to aid the District Court's jurisdiction. According to the Court, the writ is necessary because the Company's refusal "threatened obstruction of an investigation . . . ."  Concededly, citizen cooperation is always a desired element in any government investigation, and lack of cooperation may thwart such an investigation, even though it is legitimate and judicially sanctioned.  But unless the Court is of the opinion that the District Court's interest in its jurisdiction was coextensive with the Government's interest in a successful investigation, there is simply no basis for concluding that the inability of the Government to achieve the purposes for which it obtained the pen register order in any way detracted from or threatened the District Court's jurisdiction. Plainly, the District Court's jurisdiction does not ride on the Government's shoulders until successful completion of an electronic surveillance.
Id. at 190 (my emphasis). 

Admittedly, this was the losing side’s argument in the New York Telephone case.  But it has the attractiveness of being rooted in the actual language of the All Writs Act.  Given recent revelations about the extent to which the government has abused the privacy rights of its citizens, Justice Stevens’s prescient concern in the New York Telephone dissent is apt today:  “Nevertheless, the order is deeply troubling as a portent of the powers that future courts may find lurking in the arcane language of Rule 41 [covering Search and Seizure] and the All Writs Act.”

Saturday, November 14, 2015

Using Public WiFi? Use a VPN - or Else

We all use public WiFi. Coffee shops, hotels, public spaces, even the New York subway system offer easy and free WiFi connections that allow us to stay connected to the Internet while away from the office. The vast majority of these public WiFi networks are insecure, however, meaning that an unknown third party using easily-available tools can snoop on our conversations with relative ease. And while many email providers and some websites will secure (that is, encrypt) your communications for you (look for the "https" at the top of your browser), that doesn't cover everything you're typically doing on the Internet.

Enter the Virtual Private Network, or VPN.

A VPN is a secure, encrypted connection between your computer and the VPN provider's server, which can be located anywhere but most certainly is not located on the laptop of that sketchy-looking guy camped out two tables over.  It protects all of your communications with the Internet, making it much more difficult for nefarious snoopers like Mr. Sketchy to see what you're up to while, for example, you're searching for prior art or doing legal research at your local Peets (alright, it's probably a Starbucks but I've always liked Peet's).

Using a VPN requires subscribing to a VPN service.  I use VPNLand, because the BoingBoing store offered a good deal ($24.99) on a lifetime subscription and it seemed to have good reviews.  There are many, many other providers, so do your homework and look for one with favorable reviews.  Once you sign up, you'll download a VPN app that you access after you've made your insecure WiFi connection. VPN apps are also available for smartphones, but I do most of my heavy lifting on my laptop, so that was not important to me.  

With my VPNLand app installed, I connect to the Internet, open it up, select my encryption level, and then select my server location. For most work, any encryption level will do and server location isn't all that important; I typically select a server located in New Jersey, simply because of a probably-naive belief that a shorter connection might mean marginally faster service. I click connect, and in a matter of less than a minute my Internet connection is securely routed through a VPNLand server in the Garden State.

Of course, you can geek out with a VPN - select an encryption protocol that is more secure than another, pick a server located in another country - but for the vast majority of us, any type of encryption and any server location is going to be good enough.  There are many benefits of a VPN that go beyond the scope of this post.  Three worth briefly noting here: (1) If you're traveling in a country that restricts Internet access, you can select a server located in a more open jurisdiction; (2) many countries block Skype, and a VPN will help you get around that, and (3) If you are outside of the US and can't access a particular site (Netflix, for example) because you are not in the US, you can use a US-based server to connect. Finally, for the small subset of us who have clients with particularly good reasons for secure communications (international human rights, for example), a VPN connection might be something you want to use even when working from a more secure office setting.  

For lawyers working on client matters, there is no excuse for not using a VPN.  For anyone else interested in keeping their communications secure, it's a must.


Saturday, October 24, 2015

Fairly Unsurprising - the Google Books Decision

With its recent Google Books decision, the Second Circuit hasn’t necessarily broken new ground so much as – doing what courts from time immemorial have always done – applied existing law to a new situation.  The result, within this very discrete set of facts, can be summarized thus: 

- Full-text imaging and OCR-ing of books is okay if you do it for someone who owns a copy of that book and won’t use the scanned version to infringe the author’s rights.  Permitting the public to search the full text of the book falls within the fair use doctrine, provided the search results you provide are of only small portions of the book, do not substantially harm the market for the book (such as when an entire recipe is revealed from a cookbook), and you don't make money from the process.  

This all seems quite reasonable, and may provide some new guidance for fair use advocates.  Its very reasonableness, however, makes it a wee bit suspect, since much of the existing law of copyright has very little to do with reasonableness and very much to do with what major content owners think it should be.  

If the Supreme Court considers and upholds the Second Circuit decision, look for content owners to lobby Congress for a legislative “fix” that will close what I’m sure many will consider to be an undesirable result.  

In the meantime, my personal takeaway from the Google Books decision is the existence of the Google Ngram viewer, which charts the frequency of word use over time among the many books that Google has scanned.  In the interest of scholarship, I offer the results of my own thoughtful exploration of this feature below.  

Sunday, October 11, 2015

And to Your Right - the TTIP

With all the news about the Trans-Pacific Partnership (TTP) and debate about its effects on intellectual property and Internet user rights, we should also keep in mind another huge trade deal that is in mid-negotiation: the Transatlantic Trade and Investment Partnership, or TTIP, between the US and the EU.  The TTIP is not nearly as far along as the TPP, but because of its similar potential to have a huge impact the US it also bears watching.

The TTIP has inspired huge protests in the EU, with hundreds of thousands of people gathering to protest it this past week in Berlin and other cities in Europe, and more than 3.2 million people signing an anti-TTIP petition that was delivered last week to the European Commission.  Many of the protestors' concerns relate to the TTIP's potential effect on European food safety and environmental laws, which are generally viewed to be tougher than those imposed in the US.

The TTIP isn't all about GMO and fracking, however.  It is intended to include provisions relating to intellectual property, and while they haven't been solidified yet, the Electronic Frontier Foundation nonetheless prepared a piece back in January of 2015 that nicely highlights some areas of potential concern.  

In any event, when that many people claim to oppose a trade deal that directly involves the US, it bears keeping an eye on what's going on.  The US media has been relatively quiet about the TTIP, so if you want to follow along you'll be best served to see what the international press has to say about it.


Good Points on the TPP from the EFF

The Electronic Frontier Foundation has penned an excellent analysis of the IP provisions of the Trans-Pacific Partnership text that you can read in full here.

Something that I did not appreciate when I read the leaked language of the IP section was how the restrictions applied to users tend to be mandatory, while the rights given to them tend to be discretionary.  Which of course makes sense if you accept the contention that major content providers significantly influenced the (secret) negotiations the led to the TPP.  

Frankly, much of the IP language of the TPP tends to impose the regimes currently in place in the US, which is why it may be harder for me to be shocked to see them in this document.  At any rate, the EFF's analysis offers a fresh perspective on what the appropriate limits should be on both content owner rights and user rights.  Good reading.

Saturday, October 10, 2015

Let's Take Our Time Before We Freak Out About the TPP

While I am not a big fan of the way the Trans-Pacific Partnership Agreement was negotiated or has been ballyhooed by the Obama administration, the fact remains that it is the text of the TPP that needs to be the focus of our attention going forward.
Wikileaks has just released a the IP Rights Chapter of the TPP, or at least the version that existed as of October 5, 2015. 
Based on the version released by Wikileaks, The Guardian article linked here says that the TPP will "give signatories the ability to curtail legal proceedings if the theft of information is 'detrimental to a party’s economic interests, international relations, or national defense or national security' – in other words, presumably, if a trial would cause the information to spread."
I'm not sure I agree. The text in question (Article Q.Q.H.8.3) says that "a Party (any of the countries who sign on to the TPP) may, where appropriate, limit the availability of such criminal procedures [to prosecute trade secret theft], or limit the level of penalties available, TO one or more of the following cases: . . . . (e) the acts are detrimental to a Party's economic interest, international relations, or national defense or national security."
Note the "TO," which I highlighted. This suggests that a country may limit its criminal prosecution of trade secret theft TO situations where the theft is detrimental to the country's economic interest.
The Guardian's interpretation effectively replaces the word "TO" with the word "IN." Doing so substantially changes the meaning of this section. If a country can "limit the availability of such criminal procedures . . . IN . . . one or more of the following cases," then the country can restrict application of existing laws in situations where "the acts are detrimental to a Party's economic interest" etc.
But I don't think that's what the provision is trying to say.
Certainly this is one area that could use some clarification before it's up for ratification.

Tuesday, April 09, 2013

Selling a Jayne Cobb hat? Keep selling!

The short-lived Fox series "Firefly" has developed a cult following that has given life to any number of t-shirts, character statues, and other fan tributes.  Among them are a certain silly knit cap worn by the character Jayne Cobb (supposedly knit for him by his mother).  Fans have been able to buy "Jayne Cobb" hats from Etsy sellers and others for years.

(This is an official "Jayne Cobb" hat, available via ThinkGeek.  Attractive, no?) 

Until now. Apparently, Fox has been threatening these independent producers of lookalike hats with all manner of perdition.  But here's the problem - unless the sellers are calling them "Jayne Cobb" or "Firefly" or "Serenity" (the name of the ship and a follow-on feature film) hats, Fox really has little legal basis to stop third parties from making and selling these hats.

That's because hats are "useful articles" under US Copyright Law - and so can't be protected by copyright.  This peculiarity of copyright law has bedeviled fashion designers for years, and while there has been some chipping away of the concept (costumes, for example, can be protected), in general an article of clothing can't be.

So if you've received a cease-and-desist letter because you are selling "Jayne Cobb" hats, give me a call.  I'm a big "Firefly" fan and will be happy to review your situation and give you some idea of where you stand.   Browncoats do need to stick together, after all.  Especially when the Alliance comes a calling.  

(Update: The folks at ThinkGeek have decided to donate profits from the sales of officially-licensed Jayne Cobb hats to the Firefly-inspired "Can't Stop the Serenity" charity.  Well-played, Geeks, well-played!)

Monday, April 08, 2013

Bittorrent Subpoena Notice? Check the Case Status!

These pesky bittorrent lawsuits continue to propagate themselves throughout the court system.  Content owners -- which frankly may have a legitimate beef with having their films distributed for free -- persist in using them as tools to issue subpoenas seeking the identity of alleged file sharers.  If you receive a notice from your ISP that it has received a subpoena and that your personal information will be disclosed to the plaintiff unless you take steps to stop that from happening, don't despair.

One of the first things you should do is check the status of the lawsuit.  Many of these cases are getting dismissed by judges who are increasingly skeptical of both the methods used by the plaintiffs, and the quality of the rights they claim to hold.  If your case has recently been dismissed, then you may have a great argument that the subpoena is no longer valid.  Even the most compliant of ISPs will be nervous about disclosing customer information in response to a subpoena that has no legal force.

Those of us who handle these cases can quickly let you know what the status of the underlying lawsuit is.  Make sure you double check that before deciding how to respond to the ISP notice.