Having taken a cyber crime class, the first thing I wanted to do with my newfound understanding and appreciation of the issues inherent in legislating and policing the internet is examine the proposed internet regulation legislation that is a hot topic right now, at least among those of us who use the internet for more than email and ordering things from websites. In short, Geeks.
The Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), or CISPA for short, is being proposed as a way to enable the government to better secure networks against attacks and enforce copyrights and patents. The text addressing copyrights and patents was tacked on after the failure of the wildly unpopular SOPA (Stop Internet Piracy Act). While some internet sources claim that CISPA will be undergoing revisions before it is debated or voted upon, as the text currently reads I find it to be vague to the point of giving the government carte blanche to spy upon citizens and to interfere with the social culture that has emerged on the internet among those who typically are branded or assume the identity of ‘Geek.’
I mean of course those people who can be found on websites and message boards devoted to comic books, genre television, and the like. While in the days before the internet, we Geeks were limited to infrequently published fan magazines and conventions to interact with one another, the greater reach and connectivity of the internet has allowed us to build communities where we can discuss and share fan media centering around our interests. This is, of course, why attempts to regulate and perhaps censor this intangible neighborhood where we’ve made our home deeply concern us. Wanting to understand the legal issues surrounding this phenomenon that has allowed me personally to connect with so many people with similar interests is what made me want to take cyber crime classes in the first place.
INTERNET REGULATION
Before we get into CISPA and the problems it presents specifically, let’s take a broader view of internet regulation. The laws and policies we have on the books are piecemeal, inconsistent, and obviously written by people who don’t understand internet culture or even the internet itself. For example, let’s take the principle of third party liability. We have two distinctly different approaches: One that websites that allow users to post their own content are not liable for the content users post, and another that websites that allow users to post their own content are liable for the content users post.
What’s the key difference? The first principle holds when the objectionable content is hate speech or bullying – for example someone using Facebook to harass another person. And the second holds when the user is posting copyrighted content – for example people sharing video files on the recently shut down site, Mega Upload. This difference can be interpreted in two ways. Either we value copyright protection more than we value protection of individuals from harassment and aggressive behavior – which I don’t think is true as a society, or at least I would hope it isn’t; or the victims in the two crimes are vastly different. In the first instance, a victim of bullying has relatively little power to influence legislation, and in the second, the victim is usually a corporation of some sort.
This inconsistency, in my opinion, spawns not from sound legal theory, but is instead predicated by who has money and who does not. The majority of things that are pirated are media that is held by a corporation, a production company, and so on. They have the money to send lobbyists to Washington, to try to influence legislation at the federal and state level. But take the average victim of targeted threats and bullying through social media: They are the quintessential Little Guy. While the populace may stop and say ‘what a pity’ when cases are pushed to an extreme, for example in United States v. Lori Drew, 259 F.R.D. 449 (C.D. Cal. 2009) in which a girl was harassed until she hung herself in her bedroom, ultimately, in the end, we don’t care. They don’t have money, so we don’t require the social website that gave the aggressor a platform to attack this person to be held responsible.
That is the message the current principle of third party liability on the internet sends. Pirating a DVD is a greater crime than harassment of a person, because we, as a country, value money over human life - only one example of inconsistencies in the law of internet regulation that seem contrary to sound public policy. A reform is needed – but not the reform that is proposed.
THE CYBER INTELLIGENCE SHARING AND PROTECTION ACT
CISPA is a proposed amendment to the National Security Act of 1947. It would add provisions concerning cyber crime to the National Security Act, which does not currently address cyber crime at all. As stated in the introduction above, it is designed to combat what it refers to as cyber threats, defined as “vulnerability of, or threat to, a system or network from either ‘efforts to degrade, disrupt, or destroy such system or network’; or ‘theft or misappropriation of private government information, intellectual property, or personally identifiable information.” It aims to achieve this goal by facilitating and encouraging the sharing of cyber threat intelligence with the private sector.
PRIVACY CONCERNS
To understand just how frightening the carte blanche CISPA provides in regards to information sharing is, it is important to recognize that using the internet is not like opening a book. Every time you visit a webpage, a stream of information is being exchanged between the website and your computer (or other internet surfing device). At the risk of being prosecuted under CISPA’s vaguely defined copyright infringement provisions, let me draw a comparison to Harry Potter: Surfing the internet is an interactive experience. Imagine, if you will, that you are Harry Potter, and every book you read is Tom Riddle’s Diary. You not only read it, it reads you back. It gathers personal information you don’t remember telling it and holds onto things that you didn’t even mean to tell it. And those are just the websites that are engaging in legal information gathering technologies. Taking into account spyware and phishing, and there is a whole host of ways information can be mined from a computer. And now, thanks to CISPA, Tom Riddle’s Diary doesn’t have to keep the things it knows secret. In fact, the diary is encouraged to go around telling other books about it.
But wait, there’s more! Not only is Tom Riddle’s Diary encouraged to go around sharing everything it knows with other diaries, it is now protected from punishment for sharing things that ought not be shared! § 1104(b)(3)(A) and § 1104(b)(3)(B) of CISPA read as follows:
“EXEMPTION FROM LIABILITY- No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith--
`(A) for using cybersecurity systems or sharing information in accordance with this section; or
`(B) for not acting on information obtained or shared in accordance with this section.”
To put it in simpler (and far more colorful) terms, Tom Riddle’s Diary got you down? Well too bad! There is no way to destroy this horcrux! This provision of the CISPA would grant immunity from lawsuit and criminal punishment for those companies and government entities who shared information under this act. So the mismanagement of this shared information carries no penalty – not that it’s easy to tell just what, if anything, constitutes mismanagement of the information under the act.
PIRACY
Let us turn our attention to what will constitute copyright infringement under CISPA. There is no definition provided. So what principle will govern? I think we can all agree that offering free downloads of entire television shows and movies obviously qualifies. But what else? Will sharing screen captures (images captured from a piece of media while watching it, for those not quite in the Geek class) be enough to constitute infringement? Will fan artists, those who use such screen captures to create entirely new images, purely out of love of the media, be subject to liability? What about YouTube videos that use small segments of footage from shows or movies? Will ‘fanvidders’ find themselves fined or imprisoned? I don’t know, because the bill does not specify.
I should hope that things like fan created media which uses portions of media would fall outside the bill’s definition of copyright infringement. Creations like fanvideos, fanfiction, gif images (images that move, displaying one moment from the media over and over)create their own word of mouth advertising, not to mention an environment in which a book series, movie, or show can continue to be popular long after the series itself has been concluded. You don’t have to be a genius to realize that a series staying popular means of course more sales of the source material itself, as well as associated merchandise. Author Charlie Stross has the right idea. His policy is that he doesn’t care about people writing fanfiction about his characters, so long as they are not making a profit on it. He explains, “I am not a precious sparkly unicorn who is obsessed with the purity of his characters — rather, I am a glittery and avaricious dragon who is jealous of his steaming pile of gold. If you do not steal the dragon’s gold, the dragon will leave you alone. Offer to bring the dragon more gold and the dragon will be your friend.”
For example, I myself began watching the HBO show Game of Thrones after seeing fan made media like gifs and fanvideos that made me curious. This resulted in not only my purchase of the first season on DVD, but in several t-shirts and the soundtrack CD from the HBO website. Had I never seen the fan produced media, I most likely would not have watched the show. In another example of fan media leading the way to the source material, an online Geek contemporary of mine once shared with me that the reason she began watching the television show Legend of the Seeker was because she saw a fan created YouTube video highlighting the character of Darken Rahl. Now this particular geek is one of the most present Legend of the Seeker fans online – but would she have ever even seen the show without fan created media?
But all of these attempts at persuasion on my part are beside the point: because we don’t know exactly what the CISPA bill targets. It simply doesn’t say – leaving it up to the courts, as it often is in internet regulation, to try to interpret a vaguely worded bill poorly written by people who have absolutely no idea about the real world use and culture of the thing they are attempting to regulate.
REFORM
Clearly, there need to be changes made to address the issues of piracy and the uneven approach to internet regulation. The answer to both, I feel, lies in polling and forming committees of people who actually understand what the internet is, what it’s used for in various contexts, and what it has the potential to be. Rather than legislators who can barely check their email, the Geeks are the ones we should turn to for guidance on internet regulation. You wouldn’t ask a legislator to formulate standards of accepted practice among doctors or architects without consulting professionals who understand the in and outs of those professions – and so neither should you attempt to regulate the internet without consulting the people who essentially are the internet.
I am by no means here to defend piracy. The public policy behind copyrights and patents is sound as far as I am concerned. Yes, we need to encourage people to create new works by protecting said works, and allowing the creator to earn money for their works. What I propose is not a disregard of the copyright and patent principles of law, but a restructuring of the business model of the entertainment industry. The answer to minimizing piracy lies not in putting the internet in a strangle hold, but rather in entertainment distributers adapting to the new market. What entertainment lobbyists currently propose amounts to an attempt to force the market to conform to them, rather than the other way around – something not in keeping with America’s precious capitalistic model of economy.
In my opinion, the entertainment industry as a whole fails to recognize that people are lazy. It takes effort to pirate. If they instead offered their media in an easy to download format, most people would be willing to pay simply because the legitimate download is safer and easier. And it takes into account a fundamental truth that the proposed reforms ignore: it is not about the money. Hard to believe, but true. The majority of the Geek community doesn’t pirate because they don’t want to spend the dough – it’s about convenience and immediacy. We don’t like to leave our houses. We’re computer Geeks for a reason. Maybe the show we want to see isn’t on television where we live, or comes on at a time that we’re at work and we can’t afford to buy TiVo. So things are pirated. But you wouldn’t know this if you weren’t a member of the Geek community. And now I ask this: If you don’t know enough to understand or function in a community, do you know enough to write laws for that community?
In conclusion, let me say that the full text of the proposed CISPA amendment can be found HERE and the petition you can sign to oppose it can be found HERE.