01/13/98 RMIUG Meeting Minutes - Legal Issues on the Internet

Dan Murray called the meeting to order at 7:00 pm and introduced the other RMIUG Executive Committee members present at the meeting (Alek Komarnitsky, Art Smoot, Tom Bresnahan). He commented that RMIUG was back in the NCAR auditorium after a stint at the NIST auditorium. Dan also conveyed thanks to NDA for sponsoring refreshments, and to XOR for their sponsorship of the RMIUG Web site and mailing lists.

This month's topic was Legal Issues on the Internet. Each lawyer presented a short talk, followed by questions from the audience directed to the panel. Minutes are sent to the rmiug-announce list, which has 1494 subscribers. To get information about subscribing to any of the RMIUG lists, send e-mail to rmiug@rmiug.org.

Dan then opened the floor to announcements from the audience. Michael Rabb mrabb@usvoice.com of the Colorado ISDN Interest Group (CIIG) announced that the next meeting would cover ISDN and the NT Remote Access Server. The meeting will be held January 21 from 7:00 to 9:00 pm at In-Touch Internet Education & Services, 2930 W 80th, Westminster. See http://www.ciig.org for details.

Next, Dan conducted an audience survey.

• Most of the audience were from Boulder, most of the rest from Denver.
• Most people use Netscape as their default browser, and a few use Microsoft Internet Explorer. A couple still use Lynx.
• Everyone admitted to having gotten spam (unsolicted e-mail) in the past week, with most also getting some during the past 24 hours.
• No one first heard the outcome of the Broncos - Steelers game from the Internet.
• About 10% had consulted a lawyer about Internet issues.
• A couple of people had found their lawyer through the Internet.
• More than half the audience maintained Web sites.

Next Dan introduced the first speaker.

1. Shirley Sostre (shirley@sostre.com, http://www.sostre.com), of The Sostre Law Office in Boulder began the presentations with a discussion of the legal implications of unsolicited e-mail, or "spam". She noted that the current law defines unsolicited fax to include email, but this hasn't gone to court to test the definition yet. Some states are contemplating banning or regulating unsolicited email, but none have gone through with passing a law. Colorado was going to, then took it out at the last minute. Is it really as intrusive as an unsolicited fax? Senders use someone else's email address as their reply-to address, so they won't have to deal with complaints. At first they used invalid domain names, but that was too easy to filter out, so they switched to a valid domain name, but not their own address. One example used flowers.com as their reply-to address, and the anti-spam complaints tied up the flowers.com server for 2-3 hours. Flowers.com got a judgment of $18,000.

Q. Unsolicited faxes aren't stopped even if they are illegal. They get around it with text like, "Here's the information that you requested".
Shirley: You're right, a law doesn't stop the act. Murder has been illegal since Moses and there are still murder's being committed. The technological barriers haven't stopped the spammers either.

Q. What if someone uses your SMTP as a relay? Is that a crime?
Shirley: I haven't seen any cases that judge whether that is trespass, but I think it would be. Unauthorized access is a criminal statute in Colorado, but you would have to convince the district attorney to prosecute.

Q. Is the law clear on the murder of spammers? :) ha ha.

Q. Anti-spam is most visible on AOL. Will they set a precedent?
Shirley: I think so. They've started the process of bringing the law to cyberspace. They set the groundwork by establishing the constitutional issues surrounding cyberspace and ISP's. It's not a free-for-all with equal rights to speak. There was even a terrorist threat to publish AOL email addresses. AOL says, "It's my house, so I set the rules." I have the right to have ads and spam, like the "No Thanks" ads you have to click on to get to the main service, but not others.

Q. ISP's can cut you off for spamming because it's not a free speech issue.
Shirley: AOL and CompuServe both have done that. Mostly they settle out of court, but AOL did go all the way to get a judgment. Every ISP needs an acceptable use policy and has to enforce it, but not in a discriminatory manner. If they don't enforce it, they could lose market share as customers leave to escape spam.

Q. What about the poor college student getting reverse spammed?
Shirley: It's very expensive both financially and emotionally to pursue the problem in court. Unless you have criminal action, then you have to convince the district attorney to pursue it.

Q. I think the "Make $50,000" type spam will be taken care of, but what about the other unsolicited email, like registering for a product and giving your email address, and you start receiving ads and announcements? Who's working out the definition of spam?
Shirley: That's one of the most problematic areas. It needs to meet a strict standard, not an overly broad definition. So that means laws aren't passed at all. Nevada and Colorado had bills that did not pass. Having a pre-existing business relation would not be defined as spam. They should list their real business name and a way to get off the mailing list. The responsibility may shift to the user, who will have to ask to be taken off the mailing list. The fax statute is strict, awarding $500 or actual damages, which ever is more, to the plaintiff.

Q. What about the issue of identifying who truly sent the spam? Individuals don't always have the resources to track, so should the ISP be required to track?
Shirley: That's an interesting concept. Should the ISP be the gatekeeper? Regulation of ISP's could be really bad, so ISP's will jump on any available technology to filter out spam to avoid regulation.

Q. With junk faxes you can use Caller ID to track the caller?
Shirley: You will still need to prove that the person you accuse is the one who sent it. You have to find them, serve papers, find the right jurisdiction, then win, then collect.

Q. If we can identify them, then we won't need to go to court, just reverse spam them.
Shirley: You probably won't be able to identify them.

Q. If they move offshore, then it doesn't matter what the US law is.

Q. Most ISP's won't want to filter everyone's mail.

2. Dan then introduced Carl Oppedahl (carl@oppedahl.com, http://www.patents.com/index.sht), a Summit County lawyer of Oppedahl & Larson who was written up in a recent Internet World magazine. Carl's topic was Internet intellectual property issues, including domain name/trademark issues and meta-tag issues.

He announced that an administrative law judge recently denied US West's request to quit offering LADS (Local Area Data Service) in Colorado. LADS can be used for data transfer like a T1 line, only it costs much less. See http://www.panix.com/~oppedahl/lads.

Moving on to his main topic, domain names, he feels that they are incredibly important to a company, and could a ruin a business if it lost its domain name. One example is roadrunner.com in New Mexico. They are an Internet service provider (ISP) that has customers with email addresses like, name@roadrunner.com. Network Solutions Inc. (NSI) wrote them a letter to say they were taking away the roadrunner.com domain and no longer making it available. The ISP sued NSI two and a half years ago and got to keep their name.

Another example is clue.com, being handled by Phil Dubois, who also handled the Pretty Good Privacy (PGP) case. Hasbro has a game called Clue, and they want to take the clue.com domain name away from the current holder.

Q. What's the difference between the two cases (clue.com and roadrunner.com)?
Carl: Warner Brothers chose to settle privately, but Hasbro won't negotiate in a meaningful way. One way to settle the loss-of-business issue is to provide cross-links on the web site to point people who are looking for the Clue game to the Hasbro site.

Q. Where do you draw the line to prevent using other forms of a name?
Carl: The Internet is set up so there can only be one patents.com. There's nothing to prevent the use of patents2.com by another company.

Q. So I can buy all those other domain names and sell them and get rich?
Carl: There are a lot of other extensions, like .ca and .au, but some countries only let you register a name if it's part of your company name. Plus there are a lot more top level domains on the way, like .store and .firm.

The other end of the spectrum involves a case of a person registering the domain panavision.com. The word panavision is a coined unique name, so the judge ruled that he did not have the rights to that name, especially when he announced that it was his intent to sell the name back to the company.

Regarding meta-tags, these tags are normally text used to help search engines index a site. Carl found that by doing a search on his firm's name, some other sites were putting his firm's name in meta-tags, titles, comments, and other non-printing areas of a Web page. He found a total of three sites using this practice, and sued eight defendents at the three sites. Six settled, and two others never answered and are in default.

Some people wonder why he didn't just write them a letter first asking them to remove the references, but this was their fourth intellectual property case and they were tired of writing nice letters that were not answered.

Q. What did you sue them for?
Carl: Unfair competition for one. Be sure to add a copyright notice to every Web site that you administer. See also http://www.patents.com/ac and http://www.patents.com/copyrigh.sht.

3. The next speaker was Richard Macklin (rmacklin@worldnet.att.net), a Denver attorney. His topic was encryption, sales tax, pornography, copyright, and legislative initiatives such as making ISP's responsible for hosted sites.

Richard reported that there is currently federal legislation in the House and Senate regarding encryption. The administration's version will require mandatory key recovery. Who knows what will happen in Congress. HR 695 will probably not have mandatory key recovery, but the Senate version will, so it probably will not pass.

Q. How would that stand up to the first amendment?
Richard: Congress can regulate interstate communication and exports, so it's not a first amendment issue.

Q. With mandatory key recovery, does that mean they can get anyone's private key?
Richard: Key escrow entities would probably be set up to handle it. The FBI wants to be able to get a key at one court as long as there is an ongoing criminal investigation. This is much less restrictive than getting a phone tap, which requires probable cause. The NSA doesn't require probable cause.

There is currently a plan for a six-year moratorium on new Internet and electronic commerce taxation to stimulate. The plan was going well until mayors and governors complained Fort Collins and Broomfield wanted to tax e-commerce. Some states want to tax Internet access fees. Colorado's Governor Romer is against the moratorium. This does not absolve companies in Colorado from paying tax on sales by their company. The sales tax goes by the shipping address of hard goods.

Q. Doesn't the Secretary of State maintain a list of business addresses?
Richard: Only if the business has registered, as legally required.

Trade Secrets - The issue is getting enjoined or sued for quitting a company and selling your information. The US Attorney can stop you from use of knowledge developed in your previous job. You should understand what is a trade secret. Know what is yours and what belongs to your company.

Regulation of Content - pornography, obscenity. This is an election year, so politicians are excited about this. Cable TV provides a commercial activity basis for regulation. They can't regulate access, except for minors. They can regulate pornography and obscenity based on community standards, but for which community?

Willful Violation of Copyright - Fines have been increased or added, mostly for distribution of audio through the Internet.

Panel Q&A --------- Q. How does the legal profession keep up with the fast rate of change on the Internet?
Carl: Mostly they don't. Some still insist on using dictation machines when typing is faster for the computer-savvy.

Q. What about the judicial decision to announce the au-pair case via the Internet, and it didn't make it due to a "power failure"?
Carl: Judges have law clerks that are new grads and are up on the technology. For example, the judge that countered Microsoft's claim that the Internet Explorer browser was an integral part of Windows. When he said he removed IE in 90 seconds, that was probably thanks to his clerk.
Shirley: It's true in many fields that it's hard to keep up. People specialize in one area, like real estate, then get up to speed in other areas.

Q. How are trademark disputes handled, e.g. "Sun Orange Juice" and Sun Microsystems?
Carl: NSI is the one who decides, but other domain name registrars will probably use the courts to decide. NSI says that the one with more money gets to keep the domain name.

Q. What about trademarks vs. prior use, e.g. Clue Consulting and clue.com?
Carl: First one to use it wins in court.

Q. What's the proper way to register a trademark?
A. Federal Trademark Office in DC. You should get every domain name registered.

Q. What about your own given name as a trademark?
Carl: May be able to register it, if someone hasn't got it first, e.g. McDonald's.

Q. What is the jurisdiction in cyberspace?
A. Any act conducted within the US makes it a US jurisdiction. And you have to be able to serve them to connect them with that jurisdiction.

Q. Can they extradite a spammer to trial in the US?
Richard: It has to be serious like terrorism to get extradited.
Carl: Long distance Internet and CompuServe has drastically increased the number of jurisdiction cases. It would be difficult to sue someone outside the US. However, your web site content could annoy someone in Canada or Massachusetts, and you could be forced to defend yourself in those jurisdictions.

Q. What if someone tells their horror story on the Internet about their experiences with a company. What is the liability?
Richard: They could be sued without any penalty for frivolous suit.
Carl: If you can prove the horror story is true, that's different. But if they sue you, you can tell that story too.
Richard: McDonAld's won a nominal suit in England. It was bad publicity, but it was a hassle for the plaintiffs to go to court.

Q. Can you prevent someone from calling their site patents2.com and copying your content?
Carl: Copying text from a web site is big trouble, especially if you register the content with the Federal Copyright Office for $20. The domain name patents2.com can't be stopped.

Q. If you change content, do you re-register?
Carl: Yes, if there are major changes. You also have to disclose in the registration if there is a mix of new and old content.

Dan thanked the panel, and the meeting was adjourned at 9:00 pm.

RMIUG appreciates the ongoing support from XOR Network Engineering (http://www.xor.com) for administration of RMIUG's electronic discussion lists & WWW site. Thanks also to NDA (http://www.nda.com) for sponsoring refreshments for our group.

Tentative schedule of the next RMIUG meeting:

Mar 10: Mapping on the Internet, a panel discussion of mapping issues as related to the Internet. Local offices of MapQuest, ESRI, InfoNow and possibly others will be presenting their ideas.

(To suggest a topic, send your idea to rmiug-comm@rmiug.org)

Respectfully submitted by Tom Bresnahan tbrez@rmiug.org.