Cyberlaw Year in Review

Posted by Claude Aiken on Feb 13, 2009 in Breaking News, Tech Law, The Web | 0 comments

Eric Goldman at the Technology & Marketing Law blog has a great post reviewing of all the big cyberlaw happenings in this past year.  His top two neatly coincide with my top two picks of the past year: the Cablevision DVR case and the Lori Drew Myspace case. The former is a significant judicial weakening of copyright law, while the latter opens the door for criminal prosecution based on website terms of use.

Although the Supreme Court still may review it, the Cablevision case (pretty much) puts an end to the distinction between DVR as a service and DVR as a physical entity.  There are a number of significant aspects to the case that I don’t have the time or space to talk about, but it is most significant in that it shifts the responsibility for direct copyright infringement to the users.  The network is dumb, the users are not.  Most importantly though, in my mind, is it overturns the assumption that momentary fixation (i.e copying into RAM) is all that is required for copyright infringement.  Cablevision’s momentary split stream wasn’t sufficient for fixation, which is why the Authors Guild may want to stay away from the Second Circuit if it decides to sue Amazon over Kindle 2.0.

The other major development this year is turning a website’s terms of service into a quasi-criminal code, punishable under the Computer Fraud and Abuse Act.  The theory of the case applied the “exceeding authorized access” language in the CFAA to the Myspace terms of service.  Essentially (with several important layrs of nuance removed), a jury found Lori drew guilty of violating Myspace’s terms of service, and convicted her under the CFAA.  Why is this a bad thing?  Because people don’t even read the terms of service on websites, much less attach criminal importance to them.  Aside from the case’s uniquely terrible circumstances, which certainly were a major impetus, this opens the door to prosecution based on terms of service.  Many states also have similar “exceeding authorized access” language built into various computer-related criminal statutes.  Could this case open the floodgates for state prosecution on this issues?  Only time will tell.