Technology and the Guilty Mind: When Do Technology Providers Become Criminal Accomplices?

This is new story art for my article examining when the proprietors of technology with criminal uses aid and abet their users’ crimes. The aim is to help courts, prosecutors, and technologists draw the line between joining a criminal enterprise and merely providing technology with criminal uses. The article explains the legal doctrines underlying this type of liability and provides examples of at-risk technologies, including spam software, file-sharing services, and anonymity networks like Tor.

Lessig on the charges against Dotcom and Megaupload

kim dotcomThis morning, Kim Dotcom, accused by the Department of Justice of criminal copyright infringement, is in a New Zealand court to see if he will be extradited to the United States.

One of the things in Dotcom’s corner is testimony from Lawrence Lessig, a preeminent U.S. copyright scholar, and current presidential candidate. He argued to the court that the DOJ doesn’t have a legitimate case against Dotcom. Of course Lessig isn’t exactly a neutral party. As he acknowledged to the court, on top of being retained by Dotcom’s defense, he’s also advocated for copyright reform, co-founding Creative Commons.

But how’s his argument stack up? His first argument strikes at the heart of the DOJ’s theory, contending that the DOJ is improperly seeking to import the concept of secondary liability, recognized in MGM Studios Inc. v. Grokster, Ltd., to criminal law. This is “improper,” he contends, “because, in the United States, crimes must be clearly defined by the legislature and prosecutions are confined within express criminal statutes.” There is a fair argument to be made that this importing of principles from civil law violates the rule of lenity.

Lessig then takes aim at one specific allegation against Megaupload: that it failed to comply with DMCA take-down requests. Lessig explains that, if multiple users uploaded the same file, Megaupload would retain only one copy of the file, but would generate multiple URLs for each user who uploaded it. When Megaupload received take-down requests for one URL, Lessig argues, it should not have needed to take down all URLs linked to the same file, and even if it did, it should not face criminal liability for that action.

Lessig also takes on an even more controversial issue: whether U.S. copyright law extends to parties acting in other countries. Megaupload in fact had leased servers in the United States. But Lessig asserts that the Superseding Indictment doesn’t discuss this fact. Nor, he claims, does it allege that a directly infringing act occurred in this country.

Lessig then turns to what I believe is the core of Megaupload’s defense if it ultimately goes to trial in the United States: whether any of the defendants willfully violated copyright law. He notes that the willfulness standard “requires a stronger showing in a criminal copyright claim than in a civil claim.” (That is why claims of compliance with DMCA rules is a red herring in the Megaupload prosecution.) Lessig suggests that U.S. prosecutors are merely “[a]ttacking an ISP for generally bad or negligent policies or alleging how the ISP could be better, faster, or more precise in its takedown or repeat infringer policies is not enough.” And that, he contends, is not proper fodder for a criminal case.

Not all U.S. copyright scholar agree. James Grimmelman has observed that “If proven at trial, there’s easily enough in the indictment to prove criminal copyright infringement many times over.”

In a 2013 article, a co-author and I also suggested that, “if the facts alleged in the indictment are proved, the willfulness requirement will likely be met,” for the following reasons:

According to the indictment, the operators of Megaupload were just as intentional in their copyright infringement as The Pirate Bay, collecting advertising revenues generated by infringing content and exchanging incriminating emails showing that they knew about the infringement on their service. One operator joked to another that they “have a funny business . . . modern days pirates :),” to which his co-conspirator responded, “we’re not pirates, we’re just providing shipping services to pirates :).” Megaupload similarly sold premium access to unlimited streaming of uploaded content and financially rewarded users—even those previously caught uploading infringing material—for uploading popular content and for posting links to that same content on other websites. This practice not only increased traffic but also allowed Megaupload to avoid listing infringing videos directly on the site, concealing the scope of the infringing content on its servers. To rebut claims of infringement, Megaupload had instituted an “Abuse Tool,” allowing copyright holders to report, and purportedly remove, infringing content. But the indictment alleges that the company received millions of requests to remove infringing content and, “at best, only deleted the particular URL of which the copyright holder complained, and purposefully left the actual infringing copy of the copyrighted work on the Mega Conspiracy-controlled server and allowed access to the infringing work to continue.”

Lessig does a good job of showing the other side of these facts. But whether it is enough to defeat extradition is yet to be seen.

Also lurking in the background is the idea floated in the 2013 piece: just because prosecutors can, doesn’t mean they should.

Megaupload has not been convicted, and may never be, yet its business has been shut down, its assets frozen, its customers left unable to retrieve even lawfully stored data. Some of this smacks of the treatment of the King’s Messenger: punishment first, with trial after. … [W]hen the alleged conduct is egregious, and civil lawsuits are ineffective, then a criminal prosecution, with all its attendant hardships for the accused, may be warranted. But [those guidelines] are intended as limitations, not as a call to pursue more prosecutions. Because the powers of federal prosecutors are great, a reluctance to use those powers is a virtue that preserves liberty.

If the case survives today, then the court might consider employing the “substantial unoffending uses” test suggested here for evaluating the secondary criminal liability of providers of technology that has both criminal and non-criminal uses.

Five Tips for Plea Negotiations

Training for Bargaining,” a new draft article by Jenny Roberts and Ronald Wright, of American University, persuasively argues that “[a]lthough public defenders may be dealt a weak hand in many cases, training focused on negotiation skills could help them get the best results from those cards.” I took away five tips from the article:

1. Stay positive. As Roberts and Wright note, research shows that “fostering a positive mood in a negotiation through tone can make the parties more creative and more likely to use negotiation strategies that seek to meet both parties’ interests.”

2. Prepare with peers and supervisors. Roberts and Wright hammer the point that many defense attorneys put much more effort into preparing for trial than for plea negotiations, even though pleas are the more common outcome. They suggest running negotiation strategy by peers or bosses, or even “mooting” negotiations.

3. Research the best alternative to a negotiated agreement, or BATNA.  On this point, Roberts and Wright emphasize the three-step approach described in the popular book, Getting to YES: Negotiating Agreement Without Giving In“brainstorming a list of actions to be taken if there is no agreement; converting the most promising into tangible alternative; and selecting the best alternative.” In particular, Roberts and Wright argue that defenders should spend more time at step two by doing more factual research about the case before negotiating. They quote an earlier, empirical study of plea negotiations by Marty Lieberman as finding that “[d]efense attorneys who interviewed prosecution witnesses and conducted extensive fact investigations would, . . . in a great majority of cases, improve the bargaining position of their clients involved in plea negotiations.” This is, perhaps, the most resource intensive recommendation.

4. Remember anchoring and make the first offer when possible. “Anchoring or focalism is a cognitive bias that describes the common human tendency to rely too heavily on the first piece of information offered (the ‘anchor’) when making decisions. ” See Anchoring, Wikipedia. Thus, the best negotiators try to set the tone in their favor by being the first to set a value, and making that valuation as favorable as possible. Roberts and Wright concede that defenders are often not in a good position to make the first move, since the prosecutor has charging discretion. Nonetheless, it’s worth keeping this concept in mind.

5. Keep data on past plea negotiations. Roberts and Wright point out that it is hard to evaluate the “going rate” for a situation if—as is common—there is little data maintained regarding plea bargaining. They suggest that offices “might collect data about offers on particular offenses from particular prosecutors to defendants with similar criminal histories.”

h/t Doug Berman @ Sentencing Law and Policy

Rosemond v. United States & technology providers

Yesterday, the Supreme Court issued its decision in Rosemond v. United States, which addresses the culpability of a man who was charged with aiding and abetting another person’s use of a gun in relation to a drug offense.  The court decided that he is liable if he knew ahead of time that one of the people he drove to a drug deal with had brought a gun.

In reaching that result, Justice Kagan, writing for the majority, re-addressed some fundamental principles of aiding and abetting law (Rory Little at SCOTUSblog calls the decision “a primer on aiding and abetting law”). Since I recently co-authored an article on the aiding and abetting liability of technology providers, this decision was of particular interest.

The article addresses the lingering confusion over whether the mens rea for aiding and abetting is “shared purpose” or “knowing assistance.” Justice Kagan serves up a sort of blending of the two ideas, which is common among appellate courts. Justice Alito, in dissent, writes that he wishes the court would have addressed the two differing standards, but instead “refers interchange­ably to both of these tests and thus leaves our case law in the same, somewhat conflicted state that previously existed.”  Justice Alito also says, however, that he thinks the difference between the tests is “slight.”

The point in our article is that this slight distinction can have important implications for technology providers who may be at risk of being considered accomplices of their users’ crimes. Rosemond certainly adds to the conversation about that topic, but doesn’t do much to answer the question. In fact, the Court, in footnote 8, expressly takes no view on “defendants who incidentally facilitate a criminal venture rather than actively participate in it,” as with “the owner of a gun store who sells a firearm to a criminal, knowing but not caring how the gun will be used.” This hypothetical strikes at the heart of the concerns faced by technology providers.

Interestingly, Justice Scalia joined the majority opinion except for footnotes 7 and 8. The Volokh Conspiracy has an interesting discussion about how, and why, that happened, as does DailyKos.)

In other news, our article, and its title, are featured on BookForum’s Omnivore blog today.

Update on Kim Dotcom Extradition

Kim Dotcom crowdThere’s been two significant developments this week in the ongoing effort to extradite Kim Dotcom (the CEO of the now-defunct Megaupload) from New Zealand to the United States to face criminal charges of copyright infringement. I’ve been following the proceedings since co-authoring Criminal Copyright Enforcement Against Filesharing Services, 15 North Carolina Journal of Law and Technology 101 (2013).

First, there is a development in regard to fallout from the January 2012 raid on Dotcom’s mansion conducted by New Zealand police, at the request of U.S. authorities.  Dotcom audaciously mocked the raid at the launch event for his new service “Mega” in January 2013 by staging “a raid re-enactment complete with helicopters marked ‘FBI,’ and dancing girls clad in military-style dress (but with miniskirts).”

Meanwhile, Dotcom has challenged the search warrant underlying the raid in New Zealand courts. This had some success. First, the Prime Minister apologized to Dotcom for the government spying on him. Then, in November 2013, a New Zealand High Court Judge ruled that the search warrants used in the raid were not proper because they were just “general warrants” and thus “did not adequately describe the offences to which they related.”

This week, however, Dotcom has faced a set back. On February 19, an appellate court issued a decision disagreeing with the High Court Judge’s analysis and concluding that the warrants were valid. You can read the appellate decision here.  Dotcom has vowed on Twitter to appeal to the New Zealand Supreme Court. But as noted by the Independent, “[t]he decision will benefit US prosecutors who say the Megaupload website has cost film studios and record companies more than $500 million (£300 million) and generated more than $175 million in criminal proceeds by letting users store and share copyrighted material, such as movies and TV shows.”

Second, the extradition hearing for Dotcom that was scheduled for April 2014 was delayed on February 25, with a new date yet to be set. It’s already been delayed before. The delay is probably meant to allow time for the proceedings about the search warrant to resolve. But Dotcom, in his standard provocative manner, has”accuse[d] the New Zealand government of interfering in the judicial process, to delay the hearings until after the country’s election, due in either October or November,” according to The Register.

Third, as a bonus, Dotcom gave an interview this week to Complex Tech in which he mouths off about the charges against him. He complains that Google has had many more takedown requests related to pirated links than Megaupload ever had, but yet is still in business. Of course, as my paper explains, Megaupload’s real problem wasn’t the number of takedown requests it received, it’s that prosecutors allege that the company either ignored those requests or helped facilitate the re-posting of pirated material.

Finally, Dotcom also mentions in the interview some sort of tripped-out new file service “called Meganet, which is basically kind of like a fluid ocean of data where whatever glass of water you dump into it you can never extract from it anymore, and you kind of just meet the water in the ocean somewhere.” We’ll see where that goes.

The Hacker Ethic and Crime

CCCamp 2007 20
I’m working on a new piece about how criminal law deals with technology creators, especially when innovation leads to a certain lawlessness, as has occurred with the so-called Hacker Ethic. I’m posting some thoughts derived from Steven Levy’s book Hackers, to solicit any feedback the Internet might have to offer.

To understand the modern opposition to technologists as criminals, we must return to the dawn of the computer age, when a distinctly anti-authoritarianism view of technology emerged: the hacker ethic. In the early 60s, student programming hobbyists (later called “hackers”) at Massachusetts Institute of Technology developed a unique culture hailing the virtues of access to computer technology and freedom of information. These early hackers believed deeply in the ability to improve life through technology and resented barriers and bureaucracies that hindered their hands-on exploration and betterment of the world around them. This resentment came, in no small part, from contempt for the haughty guardians of MIT’s million-dollar mainframe IBM computers, the so-called “Hulking Giants,” from which they were prohibited with tinkering. Even computing time on less-valuable machines was precious, and the hackers were, in the early days, forced to scavenge time from “Officially Sanctioned Users.”

This mentality led to a veneration of decentralized experimentation, and a certain “willful blindness” to what hackers saw as inefficient restrictions.  In mischievous pursuit of exploration—though not malice—they probed flaws in MIT’s phone system, intentionally crashed the “Hulking Giants,” and ignored prohibitions on tampering with computer hardware. Having no concept of property rights, they often broke into university labs at night to sneak components, without ever considering it stealing. But in the same spirit, they shared their software creations without thought to passwords, royalties, or licenses, repeating their mantra that “information should be free.”

As the computer revolution spread, so did the hacker ethic. It first jumped coasts, where Californian “homebrew” computer enthusiasts, with an undercurrent of post-hippie activism, collaborated to bring computers to the people by hacking hardware and sharing software, even proprietary applications like Atari’s Pong. As the market for personal computers grew, some software creators began to complain; a young Bill Gates, in a widely circulated open letter to homebrew hackers, accused them of stealing. Although the hackers initially condemned Gates’s letter, many realized over time that selling computers and software could be immensely profitable, and a few, like Steve Wozniak with Apple Computer Company, used their hacker skills to become multi-millionaires. Eventually, the hacker ethic would be credited as inspiring the minds behind tech giants like Microsoft, Google, and Facebook.

Yet even as some hackers were becoming successful entrepreneurs, others entrenched themselves in the movement’s anticommercialism and disregard for property rights. This mentality was often expressed in noble (and perfectly legal) pursuits like Richard Stallman’s fervent evangelism about open-source software. But it also gave birth to a certain lawlessness that would land next-generation hackers in court and mar the term “hacker” with the connotation of “digital trespasser.”

Many times, this lawlessness took the form of antipathy toward copyright restrictions. A strong coalition of media companies and lawmakers, have pushed back on online filesharing, which they view as a significant threat to business. After a failed, high-profile attempt to criminally punish MIT student David LaMacchia for maintaining an online bulletin board with copyrighted software files, these forces successfully implemented strong prescriptions, embodied in the Digital Millennium Copyright Act, against the distribution of technology designed to circumvent Digital Rights Management technology. But peer-to-peer filesharing grew despite these efforts, propelled by hacker-led services, like Napster, many of which were eventually crushed by civil infringement lawsuits. These services typically tried to defend themselves on the grounds that they could not be liable for the infringing acts of their users merely by providing technology. But in Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., the Supreme Court rejected this argument concluding that “secondary” copyright infringers can be liable as long as they intended to promote infringement. This decision paved the way for criminal copyright actions against services like link-listing website NinjaVideo and cyberlocker Megaupload, both of which prosecutors alleged aided and abetted copyright infringement (see my forthcoming article on this topic).

Filesharing companies aren’t the only type of computer technology company to face criminal scrutiny. Programmer Robert Stuart was indicted in New York for violating a state law against gambling promotion by selling online-sportsbook software, even though his software is legal in other jurisdictions and he never accepted an illegal bet; his crime, if anything, is willful blindness to his customers’ activities. Other software providers have faced charges of aiding and abetting criminal activity by enabling users to generate spam emails in violation of the CAN-SPAM Act, facilitating child pornography and terrorism through distribution of digital currency, and allowing circumvention of copyright protections and paywalls for Internet service.

Hacker progenies also have pushed to its limit the notion that information should be free. In on ongoing, high-profile case, army intelligence analyst Bradley Manning was found guilty of severe criminal charges—and was charged (though found not guilty) of the capital charge of “aiding the enemy”—for leaking classified documents to the website WikiLeaks, which published them online. Another prominent, and controversial, example is hacker Aaron Schwartz, who committed suicide after his arrest and prosecution under the Computer Fraud and Abuse Act for using a computer program to download academic articles, which prosecutors alleged he intended to distribute, from the online repository JSTOR. The controversy surrounding both of these situations underscores the often fine line between hackerism and crime.

The Computer Fraud and Abuse Act, widely criticized as outdated, has caused particular trouble for hackers. Along with Aaron Schwartz was Andrew “weev” Auernheimer, found guilty under the Act for his role in discovering and informing the media about a flaw in AT&T’s security system. An appeal is ongoing, and many legal scholars believe he has a good chance of overturning his conviction.

I will continue to blog about this issue as I continue to research it. My goal, along with my coauthor, is to draw broad guidelines for courts to apply when addressing conspiracy and aiding and abetting charges brought against technology creators. Any thoughts?

 

New article on criminal prosecution of filesharing services

kim dotcomAlong with a coauthor, I’ve written an article about criminal enforcement actions against filesharing services, including the ongoing prosecution of the operators of Megaupload. The article also touches on the actions against the Pirate Bay and NinjaVideo. This area of law is important in defining how the federal government protects creators of copyrighted content without stifling innovation. Yet many questions remain about the extent of criminal liability of these services as “secondary” infringers. You can download the article here (and if you do, please let us know what you think). The abstract is below:

The high-profile prosecution of the popular online storage website Megaupload for criminal copyright infringement is the latest in a series of recent criminal prosecutions of online filesharing services. But what pushes a legitimate online file-storing business over the edge to criminal enterprise? How might criminal copyright enforcement differ materially from civil enforcement?This article answers these questions and suggests guidelines for prosecutorial discretion. After a condensed history of criminal copyright law, we explain why “secondary” theories of infringement apply in the criminal, as well as civil, context and why the DMCA “safe harbor” defense is a red herring in criminal copyright actions. We then propose guidelines for prosecutors to consider before bringing a criminal enforcement action against filesharing services: Limiting prosecutions to theories of liability already established in civil case law, and targeting only those filesharing-service operators that openly defy civil enforcement actions.