Articles by Ryan Radia

Ryan is associate director of technology studies at the Competitive Enterprise Institute, where his work focuses on adapting law and policy to the unique challenges of the information age. His research areas include privacy, IP telecommunications, competition policy, and media regulation.


The Stop Online Piracy Act (SOPA), a controversial bill before the House of Representatives aimed at combating “rogue websites,” isn’t just about criminal, foreign-based sites that break U.S. intellectual property laws with impunity. Few dispute that these criminal websites that profit from large-scale counterfeiting and copyright infringement are a public policy problem. SOPA’s provisions, however, extend beyond these criminal sites, and would potentially subject otherwise law-abiding Internet intermediaries to serious legal risks.

Before moving forward with rogue websites legislation, it’s crucial that lawmakers take a deep breath and appreciate the challenges at stake in legislating online intermediary liability, lest we endanger the Nozickian “utopia of utopias” that is today’s Internet. The unintended consequences of overbroad, carelessly drafted legislation in this space could be severe, particularly given the Internet’s incredible importance to the global economy, as my colleagues have explained on these pages (123456)

To understand why SOPA could be a game-changer for online service providers, it’s important to understand the simmering disagreement surrounding the Digital Millennium Copyright Act (DMCA) of 1998, which grants certain online service providers a safe harbor from liability for their users’ copyright infringing actions. In exchange for these protections, service providers must comply with the DMCA’s notice-and-takedown system, adopt a policy to terminate users who repeatedly infringe, and meet several other conditions. Service providers are only eligible for this safe harbor if they act to expeditiously remove infringing materials upon learning of them. Also ineligible for the safe harbor are online service providers who turn a blind eye to “red flags” of obvious infringement.

The DMCA does not, however, require providers to monitor their platforms for infringing content or design their services to facilitate monitoring. Courts have held that a DMCA-compliant service provider does not lose its safe harbor protection if it fails to act upon generalized knowledge that its service is used for many infringing activities, in addition to lawful ones, so long as the service provider does not induce or encourage users’ infringing activities.

Defenders of the DMCA safe harbor argue that it’s helped enable America’s Internet-based economy to flourish, allowing an array of web businesses built around lawful user-generated content — including YouTube, Facebook, and Twitter — to thrive without fear of copyright liability or burdensome monitoring mandates.

Conversely, some commentators, including UCLA’s Doug Lichtman, argue that the DMCA inefficiently tips the scales in favor of service providers, to the detriment of content creators — and, ultimately, consumer welfare. Pointing to a series of court rulings interpreting the safe harbor’s provisions, critics argue that the DMCA gives online intermediaries little incentive to do anything beyond the bare minimum to stop copyright infringement. Critics further allege that the safe harbor has been construed so broadly that it shields service providers that are deliberately indifferent to their users’ infringing activities, however rampant they may be.

What does SOPA have to do with all of this? Buried in the bill’s 78 pages are several provisions that run a very real risk of effectively sidestepping many of the protections conferred on online service providers by the DMCA safe harbor.

Continue reading →

This afternoon the Stop Online Piracy Act (H.R. 3261) was introduced by Rep. Lamar Smith of the House Judiciary Committee. This bill is a companion to the PROTECT IP Act and S.978, both of which were reported by the Senate Judiciary Committee in May.

There’s a lot some to like about the bill, but I’m uneasy about some quite a few of its provisions. While I’ll have plenty to say about this bill in the future, for now, here are a few preliminary thoughts:

  • The bill’s definition of “foreign infringing sites” at p. 10 borrows heavily from 18 U.S.C. § 2323, covering any site that commits or facilitates the commission of criminal copyright infringement and would be subject to civil forfeiture if it were U.S.-based. Unfortunately, the outer bounds of 18 U.S.C. § 2323 are quite unclear. The statute, which was enacted only a few years ago, encompasses “any property used, or intended to be used, in any manner or part to commit or facilitate” criminal copyright infringement. While I’m all for shutting down websites operated by criminal enterprises, not all websites used to facilitate crimes are guilty of wrongdoing. Imagine a user commits criminal copyright infringement using a foreign video sharing site similar to YouTube, but the site is unaware of the infringement. Since the site is “facilitating” criminal copyright infringement, albeit unknowingly, is it subject to the Stop Online Piracy Act?
  • Section 103 of the bill, which creates a DMCA-like notification/counter-notification regime, appears to lack any provision encouraging ad networks and payment processors to restore service to a site allegedly “dedicated to theft of U.S. property” upon receipt of a valid counter-notification and when no civil action has been brought. The DMCA contains a safe harbor protecting service providers who take reasonable steps to take down content from liability, but the safe harbor only applies if service providers promptly restore allegedly infringing content upon receipt of a counter notification and when the rights holder does not initiate a civil action. Why doesn’t H.R. 3261 include a similar provision?
  • The bill’s private right of action closely resembles that found in the PROTECT IP Act. Affording rights holders a legal avenue to take action against rogue websites makes sense, but I’m uneasy about creating a private right of action that allows courts to issue such broad preliminary injunctions against allegedly infringing sites. I’m also concerned about the lack of a “loser pays” provision.
  • Section 104 of the bill, which provides immunity for entities that take voluntary actions against infringing sites, now excludes from its safe harbor actions that are not “consistent with the entity’s terms of service or other contractual rights.” This is a welcome change and alleviates concerns I expressed about the PROTECT IP Act essentially rendering certain private contracts unenforceable.
  • Section 201 of the bill makes certain public performances via electronic means a felony. The section contains a rule of construction at p. 60 that clarifies that intentional copying is not “willful” if it’s based on a good faith belief with a reasonable basis in law that the copying is lawful. Could this provision cause courts to revisit the willfulness standard discussed in United States v. Moran, in which a federal court found that a defendant charged with criminal copyright infringement was not guilty because he (incorrectly) thought his conduct was permitted by the Copyright act?

Hot-tempered police offers, pushover judges, and vague laws make for a dangerous combination. In July, a controversy erupted in Renton, Washington (a Seattle suburb) when the town’s police department launched a legal assault on an anonymous YouTube user for merely uploading a few sarcastic videos poking fun at the department’s scandals.

In an op-ed in The Seattle Times, Nicole Ciandella and I explain what happened in Renton and discuss the saga’s implications for constitutional rights in the digital age:

According to Washington state law, a person is guilty of criminal “cyberstalking” if he makes an electronic communication using lewd or indecent language with the intent to embarrass another person. In other words, a Washingtonian who creates a raunchy email message, blog post or Web video to embarrass a foe isn’t just playing dirty; he’s technically breaking the law. One YouTube user recently learned this lesson the hard way.

Last month, the scandal-ridden Renton Police Department launched a criminal cyberstalking investigation against a YouTube user known only as “MrFuddlesticks.” The user had uploaded a series of lewd, animated videos poking fun at recent allegations of wrongdoing by Renton police officers. In one video, a character talks about his civilian superior’s lack of law-enforcement experience; in another, characters discuss the impropriety of a police officer who slept with a murder suspect.

Even though none of MrFuddlesticks’ videos mention the city of Renton or any police officers by name, Renton police managed to convince a county judge to issue a warrant to compel Google, YouTube’s parent company, to disclose identifying information about MrFuddlesticks’ accounts, including credit-card details and even contents of Gmail messages.

You can read the rest of the essay here. (For more on the controversy, see Jacob Sullum at Reason’s Hit & Run; also see Mike Masnick at Techdirt. For an exploration of the case’s constitutional implications, see Eugene Volokh at The Volokh Conspiracy.)

Here on the TLF, we’ve repeatedly cautioned lawmakers about the dangers of criminalizing cyberstalking  (1234). Back in 2006, CNET’s Declan McCullagh explained why all Internet users should be worried about vague, overbroad cyberstalking laws. As the troubling actions of Renton’s finest illustrate, the potential for such laws to be abused is very real. Let’s hope lawmakers in Washington and in the numerous other states with cyberstalking laws on the books take a hard look at their laws.

 

Last week’s blockbuster LinkedIn IPO valued the company at nearly $9 billion, surprising many investors, especially given the company’s initial valuation of about $4 billion. While some analysts have pointed to LinkedIn’s valuation as evidence that we may be headed into another tech bubble (a la 2000), it’s important to remember that major tech IPOs remain far less frequent in comparison to their heyday in the dot com boom. While there are many good reasons behind the recent reduction in IPO frequency, ill-conceived public policies have distorted the decision-making process of thriving startups.

In an op-ed in tomorrow’s Investor’s Business Daily, Jacque Otto and I elaborate on this argument:

Silicon Valley is teeming with budding startups whose user bases and valuations are skyrocketing. As these companies seek breathing room to grow, they will face a tough decision: stay private, seek out a buyer or go public.

Making this complex choice all the more challenging is government uncertainty. Filing for an initial public offering is harder than ever due to the onerous regulations and burdensome laws Washington has handed down over the past decade. Microsoft’s $8.5 billion purchase of Skype surprised analysts, many of whom had predicted Skype would seek an IPO or a deal with Facebook or Google.

Meanwhile, Facebook has kept quiet in face of speculation over whether it might file for an IPO. So far, the social networking giant has focused on raising capital privately. Given the risks of going public in this environment, Facebook’s decision is understandable.

While some tech firms — including LinkedIn, Kayak and Demand Media — have gone public or filed for IPOs in the past year, many others — including Hulu, Zynga, and Twitter — are reportedly leaning against going public this year. Some of these may be acquired, as happened with AdMob, a mobile advertising startup rumored to be pondering an IPO until Google bought it for $750 million in 2009.

Why do tech companies appear more reluctant to go public today than they were during the tech sector’s heyday of the early 2000s?

Continue reading →

Social widgets, such as the now-ubiquitous Facebook “Like” button and Twitter “Tweet” button, offer users a convenient way to share online content with their friends and followers. These widgets have recently come under scrutiny for their privacy implications. Yesterday, The Wall Street Journal reported that Facebook, Twitter, and Google are informed each time a user visits a webpage that contains one of the respective company’s widgets:

Internet users tap Facebook Inc.’s “Like” and Twitter Inc.’s “Tweet” buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting. These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don’t click on the buttons, according to a study done for The Wall Street Journal.

It wasn’t exactly a secret that social widgets “phone home.” However, the Journal’s story shed new light on how the firms that offer social widgets handle the data they glean regarding user browsing habits. Facebook and Google reportedly store this data for a limited period of time — two weeks and 90 days, respectively — and, importantly, the data isn’t recorded in a way that can be tied back to a user (unless, of course, the user affirmatively decides to “like” a webpage). Twitter reportedly records browsing data as well, but deletes it “quickly.”

Assuming the companies effectively anonymize the data they glean from their social widgets, privacy-conscious users have little reason to worry. I’m not aware of any evidence that social widget data has been misused or breached. However, as Pete Warden reminded us in an informative O’Reilly Radar essay posted earlier this week, anonymizing data is harder than it sounds, and supposedly “anonymous” data sets have been successfully de-anonymized on several occasions. (For more on the de-anonymization of data sets, see Arvind Narayanan and Vitaly Shmatikov’s 2008 research paper on the topic).

Continue reading →

Last November, I penned an essay on these pages about the COICA legislation that had recently been approved unanimously by the U.S. Senate Judiciary Committee. While I praised Congress’s efforts to tackle the problem of “rogue websites” — sites dedicated to trafficking in counterfeit goods and/or distributing copyright infringing content — I warned that the bill lacked crucial safeguards to protect free speech and due process, as several dozen law professors had also cautioned. Thus, I suggested several changes to the legislation that would have limited its scope to truly bad actors while reducing the probability of burdening protected expression through “false positives.” Thanks in part to the efforts of Sen. Ron Wyden (D-Ore.), COICA never made it a floor vote last session.

Today, three U.S. Senators introduced a similar bill, entitled the PROTECT IP Act (bill text), which, like COICA, establishes new mechanisms for combating Internet sites that are “dedicated to infringing activities.” I’m glad to see that lawmakers adopted several of my suggestions, making the PROTECT IP Act a major improvement over its predecessor. While the new bill still contains some potentially serious problems, on net, it represents a more balanced approach to fighting online copyright and trademark infringement while recognizing fundamental civil liberties.

Continue reading →

POLITICO reports that a bill aimed at combating so-called “rogue websites” will soon be introduced in the U.S. Senate by Sen. Patrick Leahy. The legislation, entitled the PROTECT IP Act, will substantially resemble COICA (PDF), a bill that was reported unanimously out of the Senate Judiciary Committee late last year but did not reach a floor vote. As more details about the new bill emerge, we’ll likely have much more to say about it here on TLF.

I discussed my concerns about and suggested changes to the COICA legislation here last November; the PROTECT IP Act reportedly contains several new provisions aimed at mitigating concerns about the statute’s breadth and procedural protections. However, as Mike Masnick points out on Techdirt, the new bill — unlike COICA — contains a private right of action, although that right may not permit rights holders to disable infringing domain names. Also unlike COICA, the PROTECT IP Act would apparently require search engines to cease linking to domain names that a court has deemed to be “dedicated to infringing activities.”

For a more in-depth look at this contentious and complex issue, check out the panel discussion that the Competitive Enterprise Institute and TechFreedom hosted last month. Our April 7 event explored the need for, and concerns about, legislative proposals to combat websites that facilitate and engage in unlawful counterfeiting and copyright infringement. The event was moderated by Juliana Gruenwald of National Journal. The panelists included me, Danny McPherson of VeriSign, Tom Sydnor of the Association for Competitive Technology, Dan Castro of the Information Technology & Innovation Foundation, David Sohn of the Center for Democracy & Technology, and Larry Downes of TechFreedom.

CEI-TechFreedom Event: What Should Lawmakers Do About Rogue Websites? from CEI Video on Vimeo.

User-driven websites — also known as online intermediaries — frequently come under fire for disabling user content due to bogus or illegitimate takedown notices. Facebook is at the center of the latest controversy involving a bogus takedown notice. On Thursday morning, the social networking site disabled Ars Technica’s page after receiving a DMCA takedown notice alleging the page contained copyright infringing material. While details about the claim remain unclear, given that Facebook restored Ars’s page yesterday evening, it’s a safe bet that the takedown notice was without merit.

Understandably, Ars Technica wasn’t exactly pleased that its Facebook page — one of its top sources of incoming traffic — was shut down for seemingly no good reason. Ars was particularly disappointed by how Facebook handled the situation. In an article posted yesterday (and updated throughout the day), Ars co-founder Ken Fisher and senior editor Jacqui Cheng chronicled their struggle in getting Facebook to simply discuss the situation with them and allow Ars to respond to the takedown notice.

Facebook took hours to respond to Ars’s initial inquiry, and didn’t provide a copy of takedown notice until the following day. Several other major tech websites, including ReadWriteWeb and TheNextWeb, also covered the issue, noting that Ars Technica is the latest in a series of websites to have suffered from their Facebook page being wrongly disabled. In a follow-up article posted today, Ars elaborated on what happened and offered some tips to Facebook on how it could have better handled the situation.

It’s totally fair to criticize how Facebook deals with content takedown requests. Ars is right that the company could certainly do a much better job of handling the process, and Facebook will hopefully re-evaluate its procedures in light of this widely publicized snafu. In calling out Facebook’s flawed approach to dealing with takedown requests, however, Ars Technica doesn’t do justice to the larger, more fundamental problem of bogus takedown notices.

Continue reading →

Consumers are buying more and more stuff from online retailers located out-of-state, and state and local governments aren’t happy about it. States argue that this trend has shrunk their brick and mortar sales tax base, causing them to lose out on tax revenues. (While consumers in most states are required by law to annually remit sales taxes for goods and services purchased out of state, few comply with this practically unenforceable rule).

CNET’s Declan McCullagh recently reported that a couple of U.S. Senators are pushing for a bill that would require many Internet retailers to collect sales taxes on behalf of states in which they have no “nexus” (physical presence).

In his latest Forbes.com column, “The Internet Tax Man Cometh,” Adam Thierer argues against this proposed legislation. He points out that while cutting spending should be the top priority of state governments, the dwindling brick and mortar tax base presents a legitimate public policy concern. However, Thierer suggests an alternative to “deputizing” Internet retailers as interstate sales tax collectors:

The best fix might be for states to clarify tax sourcing rules and implement an “origin-based” tax system. Traditional sales taxes are already imposed at the point of sale, or origin. If you buy a book in a Seattle bookstore, the local sales tax rate applies, regardless of where you “consume” it. Why not tax Net sales the same way? Under an origin-based sourcing rule, all sales would be sourced to the principal place of business for the seller and taxed accordingly.

Origin-based taxation is a superb idea, as my CEI colleague Jessica Melugin explained earlier this month in the San Jose Mercury News in an op-ed critiquing California’s proposed affiliate nexus tax:

An origin-based tax regime, based on the vendor’s principal place of business instead of the buyer’s location, will address the problems of the current system and avoid the drawbacks of California’s plan. This keeps politicians accountable to those they tax. Low-tax states will likely enjoy job creation as businesses locate there. An origin-based regime will free all retailers from the accounting burden of reporting to multiple jurisdictions. Buyers will vote with their wallets, “choosing” the tax rate when making decisions about where to shop online and will benefit from downward pressure on sales taxes. Finally, brick-and-mortar retailers would have the “even playing field” they seek.

Congress should exercise its authority over interstate commerce and produce legislation to fundamentally reform sales taxes to an origin-based regime. In the meantime, California legislators should resist the temptation to tax those beyond their borders. Might we suggest an awards show tax?

Continue reading →

Like Milton, I’m very worried about the political vulnerabilities that might arise if the wireless sector grows more concentrated. Still, I think it’s a big mistake to legitimize one repressive incarnation of coercive state power (antitrust intervention) to reduce the likelihood that another incarnation (information control) will intensify. This approach is not only defeatist, as Hance argues, but it also requires a tactical assessment that rests on several dubious assumptions.

First, Milton overestimates the marginal risk that the AT&T – T-Mobile deal will pave the way for an information control regime. The wireless market isn’t static; the disappearance of T-Mobile as an independent entity (which may well occur regardless of whether this deal goes through) hardly means we’re forever “doomed” to live with 3 nationwide wireless players. With major spectrum auctions likely on the horizon, and the possibility of existing spectrum holdings being combined in creative ways, the eventual emergence of one or more nationwide wireless competitors is quite possible — especially if, as skeptics of the AT&T – T-Mobile deal often argue, the wireless market underperforms in the years following the acquisition.

More importantly, network operators, like almost all Internet gatekeepers, face mounting pressure from their users not to facilitate censorship, surveillance, and repression. Case in point: AT&T is a leading member of the Digital Due Process coalition (to which I also belong) that’s urging Congress to substantially strengthen the 1986 federal statute that governs law enforcement access to private electronic communications. Consider that AT&T’s position on this major issue is officially at odds with the official position of the same Justice Department that’s currently reviewing the AT&T – T-Mobile deal. Would a docile, subservient network operator challenge its state overseers so publicly?

Continue reading →