The Economics of Self-Help and Self-Defense in Cyberspace

Last Friday George Mason University Law School held a symposium called “The Economics of Self-Help and Self-Defense in Cyberspace.” It was an excellent event with a cutting-edge topic – technological self-help – that deserves more study. Self-help dominates our entire legal system, as influenced by Thomas Hobbes and John Locke. Self-help arrangements, either contractual or self-defense – occur everday. Society permits, even encourages, self-help when the legal remedy is less available or less efficient. But what about a virtual “repo man“?

I immediately hit Richard Epstein with the direct question of whether digital media copyright holders should be able to engage in self-help by invading computers and searching for pirated media (as in the Berman bill, or more perniciously, when Sen. Hatch actually said that he favors using technology to remotely destroy the computers of those who illegally download music on the net.). He indicated that any regime of self-help, as opposed to legal help through the courts or law enforcement, must have net positive benefits to society.

One of the risks in engaging in self-help is misidentification, and he perceived that to be the large reason he would not be in favor of a Berman-like bill right now. But he said that if technology changes to reduce error, perhaps in cooperation with an ordering system (maybe government sponsored) that “tags” each song for easy determination of piracy, then such technological self-help is acceptable.

The harder question of self-help deals with sending out “good” viruses to kill bad ones, or even more aggressive security counter-attacks. Bruce Smith at the Univ. of Illinois College of Law spoke of a company called Symbiot that has a product to strike back at computers that attack its customers (see their white paper called The Case for Countermeasures). This brings into question liability and duty of care issues. Smart attackers always go through compromised or “zombie” computers, so if A starts an attack, and it goes through B to attack C, and C notifies B of the attack, does B have a legal duty to track down A, the originator of the attack? If C sends a countermeasure to B, does B have a claim against C or does B have “unclean hands” because it was compromised and presumably has lax security.

One case that was mentioned throughout was Intel v. Hamidi (the “spamming” of Intel employees by ex-employee) as an example of contrasting trespass claims and nuisance claims and how the law and policy rationales for self-help come into play. I really agreed with the analysis of David McGowan of the Univ. of Minnesota Law School. He said he’s on the few IP lawyers that actually believes Intel should have won on its trespass claim. The analysis is more complex than I had previously thought, taking into consideration the Restatement of Torts on trespass to chattel, the role of equitable remedies when self-help is not available, and whether it is wise to think of trespass on the internet only in terms of disrupting physical hardware. I think Intel should have won that case.

The conference ended with Dan Burk at Univ of Minnesota Law School giving a lefty analysis for how DRM will be mostly bad for consumers unless the government steps in and sets limits that preserve fair use. I had to challenge him on this one, and asked where is the market failure here? Consumers will get what they demand, and if some DRM is overly restrictive there will be companies that will provide more to consumers. He said that the consumers of DRM technology are not the general public, but the recording companies, and because society-at-large is not properly represented in this debate the government needs to play a larger role. BTW, I’m not sure if DRM is really considered to be self-help anyway. Isn’t it more like digital packaging? Maybe it depends on one’s baseline perspective of whether the glass is half-full or half-empty.

SHARE: