The Law and the Net
The rapid pace of technology is forcing legal eagles to play catch up
Laws surrounding the Internet are still hazy, but they're slowly panning out. We cut through the confusion and controversy and give you the latest lowdown on legal issues involving trademarks, domain names, and copyright infringement. See the digital signature sidebar for more on this related subject. (1,700 words)
Ask an average Internet user about legal issues and there is a good chance he or she will focus on the Computer Decency Act, enacted together with telecommunications reforms early this year. We will skip that issue here. In the case of pornography, at least the Internet and legal community have statutes in place. However distasteful some may find them, the lay of the land is being defined in statute and soon by case law.
There are other significant questions to which the Internet and legal communities do not have clear direction. Among them are copyright and liability issues, and the application of trademark law to Internet domain names.
These and a plethora of other issues can be complex to work out due to the basic paradigm conflict between the law and the Net. The law assumes jurisdiction and geography. The Net defies them. Take a simple example of someone publishing pro-Nazi material on a Web server in Canada, which Germany finds so offensive that it is banned.
It is highly unlikely that a convention will be developed where country A accepts country B passing judgment on the activities of its citizens, so this may be inconsequential for individuals and smaller firms. Larger firms, however, may have tangible assets in many countries, and those assets could be at risk in some circumstances, said David Post, associate professor of law at Georgetown University's Law Center.
"Fundamentally the question is whether something you do in one country should put you or your assets at risk in another country. The assets may have nothing to do with your Internet publishing activities, for instance. We have to ask ourselves if that is a rational way to look at the issue," Post said. Rational or not, it is unclear how these issues will be handled.
Trademarks and domain names
The issue of domain names and trademarks illustrates the confusion that can arise due to the paradigm conflict between jurisdictional-based law and the inherent borderless nature of cyberspace.
The issue is particularly complex in the commercial domain name space. A "com" domain is global. It not only transcends borders, it transcends business endeavors. In the U.S. alone, "Nationwide" may be a valid trademark for insurance, and an equally valid mark for say, a rental car company, because there is little likelihood of confusion. Regardless, there can be only one "nationwide.com" domain. To make matters worse, what if nationwide.com is already taken by a bookstore chain in Australia?
The InterNIC had no rules in place to resolve competing claims until July 1995. As far as the InterNIC and Network Services Inc. was concerned, it was first come, first served.
According to Carl Oppedahl, an attorney with the intellectual property law firm of Oppedahl & Larson, who has published a series of articles on the legal implications of InterNIC rules, the July rule making activity sent firms scurrying to selected foreign countries to quickly obtain a national trademark certificate.
This was necessary because the InterNIC said that a national trademark certificate was the key piece of evidence firms would have to produce if their domain registrations were challenged by another party.
In November, the InterNIC updated its rules to eliminate two or three serious flaws, including the ability of a challenger to register a trademark after a domain name was issued, and successfully take the domain away from its previous user.
InterNIC rules are now much clearer. To challenge a domain name registration, the challenging party must show a national trademark registration certificate that predates the use of the domain name. The party in possession of the domain name is expected to be able to produce a similar certificate, identical to the domain name, to fend off the challenge.
The problem with all this is the InterNIC ignores the validity of state trademark certificates. U.S. trademark registrations generally take one to two years to complete. By contrast, says Oppedahl, with a good foreign legal agent, his firm has obtained foreign national certificates in two weeks.
But what does all this have to do with the law? The answer may be, very little. Domain name owners are now in the position of having to satisfy one set of administrative rules written by the InterNIC, with the likelihood that they may have little to do with the way courts decide these issues. And if the InterNIC rules against either the challenger or the domain name holder, that party can always sue the InterNIC.
"I think it is not in the power of a U.S. court -- state or federal -- to grant or take away U.S. rights based on some rights that someone may have in a jurisdiction outside the U.S.," said Breffni Baggot, a patent, copyright, and trademark attorney in Storrs, CT.
The bottom line is a U.S. court is likely to ignore foreign domain registrations, so the holder of a U.S. Patent and Trademark Office certificate has a big advantage. That is doubly true since the InterNIC and Network Services Inc. reside in the U.S. and could be compelled by a U.S. court to comply with its orders.
"I think it is clear that NSI waffled on trademark issues and washed their hands of it," said Georgetown's Post. "They ask everybody to promise [when they register their domain names] that they are not infringing any trademark anywhere in the world. And if you're wrong about that, we reserve the right to take the domain back from you."
"There is nothing in the NSI rules that indicate they have any better idea what to do about this mess than we do. The situation is crying out for some kind of global scheme that is designed for the Net and not tied to the trademark registration in any particular country," Post said.
Now that you are wondering whether your domain name is safe from a challenger, consider whether you might be on the hook for real money, due to copyright infringement, or for violating the distribution rites of a copyright holder.
Set the issue of geography aside for the moment, and think about the practical problem that arises from applying rules designed to limit copying, to a technology predicated on the idea of making copies, such as the Usenet.
Is a firm or Internet service provider (ISP) at risk for the actions of others? What if the ISP knew the nature of a customer's activities? What if it did but stood by idlely?
Take the bookseller model, for instance. According to Post, if a bookstore sells a book that infringes upon someone else's copyright, even if they have no knowledge of the infringement, they are liable for violating the distribution rights of the valid copyright holder. To protect themselves, smart bookstore owners generally require publishers to "indemnify" them against third-party claims. In short, the publisher pays if the bookstore gets sued. The publishers, in turn, require authors to indemnify them, so financial liability is pushed up the chain.
That model breaks down where the Internet is concerned, Post said. In the case of the Usenet, it may be hard to track down who posted the infringing material, and then thousands of computers are copying and redistributing the contents of thousands of newsgroups.
Web pages are a bit easier to control, but in order for the indemnification to carry much weight, it must be backed up by real assets. It is questionable, therefore, whether there would be effective protection from indemnification agreements.
The White House task force on the National Information Infrastructure produced a white paper that does address copyright liability, Post said, but it does little more than admit this is a tough problem and a potential cost of doing business. A bill before the U.S. House (HR 2441) holds out a little more help, said Andy Oram of O'Reilly and Associates, who is keeping tabs on the issue for the Computer Professionals for Social Responsibility.
"The law repeatedly says that unapproved `transmission' of a copyrighted document is a crime, and that clearly means sending something over the Internet in a newsgroup, Web site, etc.," Oram said.
HR 2441, as proposed, Oram said, contains a little help, in the following language:
(5) Innocent violations- The court in its discretion may reduce or remit altogether the total award of damages in any case in which the violator sustains the burden of proving, and the court finds that the violator was not aware and had no reason to believe that its acts constituted a violation.
That's still scary, Oram said, because everything is left up to the judge's "discretion."
Post's number one recommendation is for Internet providers and users to get on the phone to Washington D.C. and lobby for more sensible legislation. Requiring indemnification agreements from people posting Web pages to your server is also worth the trouble, Post said, even though it may not offer a lot of protection.
A third strategy is trying to prevent infringing material from staying on your computers. Due diligence does not technically waive any liability, but will probably be taken into account in calculating any damage awards, if a case every makes it that far.
If you have technical problems with this magazine, contact firstname.lastname@example.org
The Net community expects proliferation of easy to use digital signature packages to take e-mail and electronic document exchange to a new level. The rationale is clear. Now that there is a way to ensure the identity of the sender, recipients can be confident they can act on orders and instructions and not be left holding the bag. The horizon of Internet-based communication and commerce expands greatly -- electronic contracts, voting by e-mail, submitting forms to local and state governmental offices.
But are we taking something for granted? Like so many things where the law is concerned, the answer is a resounding... "that depends!"
Take a technical look at the issue, and things may be clear cut. Well managed digital signatures either do or don't work, and the consensus is that they do. But from the legal perspective, electronic documents violate some of the core characteristics defining a legally binding document.
It is ironic that if you scratch a note on a bar room napkin and sign it you could well have a legally binding agreement. But send a carefully crafted, digitally-signed agreement, and you may not be able to introduce it as evidence in many courts, said Richard L. Field, an attorney in private practice (Cliffside Park, N.J.). Field is an expert who worked on drafting the American Bar Association's Digital Signature Guidelines, as well as model EDI payments agreements, and chaired an electronic commerce payment committee for the ABA.
Many are ignoring the ambiguities, he said.
There are at least four fundamental legal presumptions that make widespread reliance on digital signatures problematic. They are:
To emphasize what may now be more obvious, technical feasibility may not be legally practical -- at least not yet. Signatures are typically defined as marks put on to paper for the purpose of identifying a particular person. The content and the signature must be put down on paper, and then the original copy must be used in court proceedings. Moreover, some states may define the precise size and number of original documents required for specific purposes, before the data is admissible into evidence.
Bits, bytes, and digital signature flies in the face of much of this, so it is important for states to enact enabling legislation for digital signatures, Field said. That is only beginning to happen.
Only three states, including Utah, have digital signature statues on the books, according to Alan Asay, an attorney that helped draft the ground-breaking Utah statute and now works for Banker's Trust. Washington State passed and signed into law a bill modeled after Utah, but both still have work to do on implementation details.
California passed a limited, vague bill in 1995. The bill says the State of Calfornia will accept digital signatures, says little or nothing about private transactions, and leaves it up to the Secretary of State to figure out all the details.
Asay said Virginia and Georgia have introduced statutes loosely modeled on Utah; and Florida and Arizona have other bills in the works. Asay also noted pending legislation in Chile and Germany.
Even where the law is catching up to the technology, all is not well, said Michael Froomkin, associate professor of law at the University of Miami.
"The Utah statue is not very flexible. It is overly specific regarding how signatures must be administered, so an effort is already underway to modify it," Froomkin said. "The overall scheme is good, but they should have permitted more decisions to be made administratively."
Two potential problems concern Froomkin -- the lack of uniformity in proposed legislation and the lack of consumer protection.
Even if a majority of states do enact legislation, that may not settle the issues. Most transactions in the U.S. are interstate, so what happens if the two states have different rules, or one has a rule and the other does not, Froomkin asked. "Until we have national uniformity in some meaningful sense, things are going to be a mess," he said.
Of greater concern for individuals, Froomkin said, is that the legislative work he's seen thus far is not very consumer friendly. In transaction law, for example, consumer liability is far more limited than corporate liability. The law assumes corporations have the expertise to protect themselves well, while consumers may not be as knowledgeable and thus need greater protections, Froomkin said.
Take credit cards, for instance. If you lose one and report it fairly promptly, your liability is limited to the first $50 of fraudulent charges. Vendors eat the rest of the loss.
That model is not reflected in proposed digital signature laws. Both the Utah statutes and the ABA guidelines hold the possibility of tremendous consumer liability, Froomkin said.
Companies that chose to operate digital signature certificate authorities in this legal vacuum face uncertain liabilities. In most cases, companies are likely to disclaim most or all liability in contracts with their clients, but those disclaimers may not hold water, Froomkin said, depending on state liability statues.
There are at least three classes of persons to whom a certificate authority could be liable: a client, a third party that is harmed, and the party impersonated by a client.
Regardless of whether the state accepts a liability disclaimer between a certification authority and a client, there is still third-party liability because they know nothing of the contract or the disclaimer.
The bottom line, Froomkin said, is a certification authority needs to do their job well.
As far as electronic transactions and contracts go, it is so easy to execute paper contracts, it is irresponsible not to do so, Froomkin said. For the near term, signing on the dotted line is likely to require pen and paper. --Barry D. Bowen
About the author
Barry D. Bowen is an industry analyst and writer with the Bowen Group Inc., based in Bellingham, WA. Reach Barry at email@example.com.