Just a few days after the fifth anniversary of the wiki (on October 15, 2010), the 20,000th article was posted. While the group is pleased at reaching this milestone, and while the wiki is quite rich with content, it is clear to all involved that the growth of IT law globally means that the wiki still has a long way to go to be “complete.” Of course, no project of this sort can ever be considered finished, since there are new developments every day. And not just new case decisions and statutes, but entirely new fields of IT law. No one could have predicted the enormous growth in such cutting edge areas as the “smart grid” (Internet-based controls of the power grid) (80 articles), biometrics (287 articles), and cybercrimes (392 articles), or the impact that social media (in its “infant” stage five years ago) would have on all areas of the law (103 articles).

One of the attractive features of the wiki format is that it allows anyone to post materials or edit existing articles. We have had lawyers, law professors, law students and others contribute to the wiki. And we are gratified in having over 6,000 daily visitors to the site.

Our next goal is to reach 25,000 articles by the end of 2013. We welcome anyone who would like to be a part of this project to join us. We are particularly interested in expanding our non-U.S. coverage.

The IT Law wiki is located here.

Outsourcing has shifted jobs from countries with high standards of living to those with lower standards of living (and lower wages and costs of doing business). However, economists have long argued that outsourcing, while disruptive, arguably results in a net increase in the total number of jobs. This election has seen outsourcing as an important issue. But are we looking in the wrong direction?

More troubling for politicians is the growth of what is now being referred to as “desourcing.” Desourcing is the process of replacing workers with automation. These jobs, once lost, are gone forever. And yet, no one seems to be addressing this issue. As noted by one commentator, politicians “ignore the reality that both manufacturing and service jobs are dying. Robots, artificial intelligence, and the new information-at-scale industries all but assure that outcome.”

“Desourcing means reducing or eliminating humans from the production or service equation. Humans are friction points. More and more we can reduce those points of contact. We no longer need to send work to other humans.”

Desourcing is nothing new. Indeed, the Luddites

“were 19th-century English textile artisans who violently protested against the machinery introduced during the Industrial Revolution that made it possible to replace them with less-skilled, low-wage labourers, leaving them without work.”

But desourcing has grown quickly as companies try to climb out of the recession. Executives have asked themselves whether they should invest in adding new jobs, or buy technology to automate those jobs. Increasingly, they have decided to automate. That decision is one of the reasons that unemployment has remained high, despite the improving economy. And other companies, to stay competitive, will need to desource as well.

While outsourcing merely shifted jobs from one geographic region to another, desourcing will result in massive unemployment at all levels. And once these jobs are gone, they are not coming back. It is impossible to tell what the political, economic, social and legal impact of desourcing will be. But it is safe to say that desourcing will have an enormous impact on all aspects of society.

Last January we saw an upswell of concern by netizens over SOPA and PIPA. That concerted effort derailed those two bad pieces of legislation. Yet in the 6+ months since that event, politicians have not continued the dialogue with voters over important cyber issues: eroding privacy rights, overzealous efforts by the copyright industry to impose their view of über-copyright on the world through secret treaties like TPP, continued seizures of domain names in violation of constitutional rights, etc.

Of course the number one issue for most people is the economy. But politicians seem to be missing the big picture. The industry that is creating the most jobs, the most international trade and the most wealth today is not the entertainment industry, or the automobile industry or the traditional manufacturing industries, it is the high-tech industry. It is no fluke that the most highly valued company in the history of the world is Apple, Inc. At over $500 BILLION, Apple is worth more than the entire U.S. movie industry combined. Apple’s quarterly revenues are equal to the U.S. State Department’s budget. When you add in the values of Facebook, Microsoft and Google, you are over a TRILLION dollars.

This is an industry that politicians should be falling all over themselves to nurture and protect. Yet, they are not. And that is very shortsighted. There are many countries, particularly China, Japan and Korea, that support, subsidize and treasure their tech companies. They see in them the future of their economies. We need to do the same.

Is anyone listening?

While there have been numerous reported cyberattacks against various government entities (including a widely discussed cyberattack by Russian activists against the Estonia government in retaliation for its decision to relocate a Russian war memorial), there is little evidence of the ability of even the most sophisticated governments to engage in even limited-scale cyberwarfare.

The hype surrounding “cyberwar” reminds me of similar hype in the 1970s concerning the extent of “computer crime” in the United States. At that time the FBI and other state and federal agencies were angling for massive increases in funding. There was a widely circulated “fact” that computer crimes were costing U.S. businesses $100 million to $10 billion annually, and that new legislation and heightened funding were desperately needed to defend against this scourge. However, in an unbiased study of the sources of these alleged losses (Jim Taber, A Survey of Computer Crime Studies, 2 COMPUTER L.J. 275, 307 (1980)), Jim Taber of IBM showed that these numbers were both unverified and unreliable. His investigation showed that these numbers were simply pulled out of thin air by security consultants and FBI executives who stood to benefit if Congress and the public thought that computer crime was exploding. And it worked. Congress substantially increased funding for law enforcement agencies to fight “computer crime,” which included significant funds for contracts that were awarded to the same computer security consultants that promoted these fictitious figures in the first place.

Those using scare tactics to garner new funding for “cyberwarfare” seem to be taking pages directly from the “computer crime” playbook. Throw out a lot of scary rhetoric, claim that the underlying facts are either unknowable or classified, and then tell Congress and the American public that they should “trust us,” since we know better than they do. Congress seems to be falling for this once again without any critical analysis. However, as noted by James Rid, who has studied cyberwarfare in depth:

There was no and there is no Pearl Harbor of cyber war. Unless significantly more evidence and significantly more detail are presented publicly by more than one agency, we have to conclude that there will not be a Pearl Harbor of cyber war in the future either.

Before wasting untold billions to line the pockets of defense contractors, it would behoove Congress to look behind the scare tactics and determine whether cyberwarfare is real, how much of a threat is it to us, and how best to deal with the issue.

Flash forward to today. She is almost 3 years old and her love for the iPad has not diminished. Of course the choice of apps has changed. She is learning conversational French, watching ballet videos (ballet is her passion) and listening to all types of music. And no, she’s not a couch potato. She plays soccer, takes ballet lessons, and loves to jog/walk with her mother over a mile a day along the beach.

Her parents and I are very careful about the apps we download for her. And frankly I had thought little about the privacy issues that such apps might create until I read a recently report from the FTC titled “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” (Feb. 2012).

This staff report shows the results of a survey of mobile apps for children. The survey shows that neither the app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared, or who will have access to it.

The report recommends:

• All members of the “kids app ecosystem” — the stores, developers and third parties providing services — should play an active role in providing key information to parents.
• App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
• App stores also should take responsibility for ensuring that parents have basic information.

While we don’t plan to stop buying apps for my granddaughter, I suspect we will be more vigilant in reviewing the apps before we allow her to use them to make sure there are no hidden privacy problems.

There are so many “hot button” issues, it is hard to decide which ones to mention. So I’ll just mention the three that I find extremely interesting:

1. Network neutrality. The FCC issued regulations to prevent telcos and other ISPs from engaging in what supporters would call unfair and anticompetitive activities. On November 10, 2011, those regulations came up for a vote in the Senate. Republicans were attempting to overrule the regulations, but the Democrats were able to defeat the bill. Of course, that is only a temporary victory, since the regulations are also being challenged by Verizon in court, and if the Republicans take over the White House in the next election those regulations are likely to be thrown out.

2. Online sales tax. For many years, Amazon, and other online retailers have been able to avoid collecting sales taxes for their online sales. However, political pressure is mounting for Congress to change the law to compel these vendors to collect sales taxes. Much of this pressure is coming from states that are suffering with sagging tax revenues. If such a law passes, of course, there are bound to be constitutional challenges, eventually winding up in the U.S. Supreme Court.

3. Privacy and GPS devices. The U.S. Supreme Court recently heard oral arguments on whether the police can install a GPS device on a suspect’s car and “follow” him around by monitoring the device. Surprisingly, at least to me, the Supremes seemed receptive to the argument that such activities violated the Fourth Amendment. Next year’s decision will be interesting reading, particular if the Court upholds a right of privacy in these circumstances.

Let me know what your hot button issues for 2012.

The FTC previously reviewed the COPPA Rule in 2005 and retained it without change. In light of rapidly evolving technology and changes in the way children use and access the Internet, in 2010 the FTC initiated another review of the Rule on an accelerated schedule. On April 5, 2010, the FTC sought public comment on every aspect of the COPPA Rule, posing numerous questions for the public’s consideration. In addition, the FTC held a public roundtable and reviewed 70 comments received from industry representatives, advocacy groups, academics, technologists, and individual members of the public.

The Internet has clearly changed considerably since 2000 and it is clear that an updated Rule (if done properly) would be of enormous benefit both to parents (whose children are increasingly interacting with Internet on a daily basis) and website operators (who still seem to be unclear on how to comply with COPPA).

One of the most troublesome areas in complying with COPPA is the “verifiable parental consent” requirement. I am pleased to see that this is one area that the FTC is specifically looking at. Unfortunately, the FTC proposals appear to be increasing the burden on websites, not streamlining them as the proposal claims. The promulgation of the original Rule, with its “verifiable parental consent” requirement resulted in many child-oriented sites moving away from efforts by sites to “customize” the experience for each child-visitor, since the information required to do so fell within the strictures of COPPA. Instead, sites changed to provide the same “experience” to every child that came to them, which turned off a lot of kids.

As the number of interactive child-oriented sites decreased, many children starting exploring more adult-oriented sites that did not need to get “verifiable parental consent” as long as the site was not directed to children and the site operator did not ask for the age of the visitor. Under many lawyers’ reading of the COPPA, a Disney-sponsored site would be required to get consent to gather information from an eight year-old, but playboy.com would not. Certainly a perverse result!!

It will be interesting to see whether changes are actually made this time to the Rule, and whether those changes help or hurt websites that are directed at children.

What many people do not realize is that many newer cars (particularly those manufactured by GM and Ford) contain an “event data recorder” (a so-called “black box”) that is similar to those on airplanes. These devices generally are triggered by electronically-sensed problems in the engine (often called faults), a sudden change in wheel speed or airbag deployment, and store a variety of data, such as which seat belts were being worn at the time of the event and the vehicle’s speed, direction and location. The information contained in the black box can be invaluable in determining the cause of an accident.

The question is whether a driver (or car owner) has a legitimate expectation of privacy in the information stored in the black box or whether the police can download that information without a search warrant.

In a New York case, the court held that no search warrant was required for the recovery of black box data. In People v. Christmann, 3 Misc.3d 309, 776 N.Y.S.2d 437 (2004), the defendant was involved in a motor vehicle accident with a pedestrian. The police at the scene downloaded the data from the car’s black box without a warrant. The court held that exigent circumstances (“[e]vidence regarding the pre-accident conditions within Defendant’s automobile could easily be destroyed, either purposely or accidently, if the automobile was moved from the scene under its own power.” 3 Misc.3d at 315, 776 N.Y.S.2d at 441.) justified the data download at the scene without a warrant.

However, a recent California case, People v. Xinos, 192 Cal. App. 4th 637, 121 Cal. Rptr. 3d 496 (2011), review filed (Mar. 21, 2011), the court came to the opposite conclusion. In Xinos, the defendant was convicted of vehicular manslaughter, based in significant part on the data contained in an event data recorder (also called a “sensing and diagnostic module” or “SDM”) in his car. The defendant had filed a suppression motion regarding the SDM data, claiming that the downloading of the data without a warrant violated his Fourth Amendment rights. The lower court had rejected the motion. On appeal, however, the court reversed.

After an accident in which a pedestrian was killed, the defendant’s car was towed to a police impound lot. A year after the accident, at the request of the District Attorney’s Office, and without obtaining a warrant, police went to the impound lot and:

downloaded the data contained in the vehicle’s SDM. They accomplished the download using a cable connected to the diagnostic link connector (DLC), which was located underneath the vehicle’s dash area on the driver’s side. An SDM receives data from various inputs related to the vehicle’s restraint systems, seat belt pretensioners and airbags. The data includes information regarding engine speed, vehicle speed and deceleration, throttle percentage, braking, airbag deployment, and the restraint system. . . .
Using software, [the police] produced a crash data retrieval (CDR) report. It showed information captured during the five seconds before defendant’s vehicle experienced a change in velocity. It disclosed the vehicle’s speed during the five seconds before the incident. The data indicated that there had been brake activation but the braking “could just be covering the pedal” and was not necessarily hard braking.

Id. at 647, 121 Cal. Rptr. at 502-03.

In the trial court, the prosecutor argued that “no search warrant was required because defendant had no reasonable expectation of privacy in the SDM’s data, analogizing to electronic beepers and emphasizing the diminished expectation of privacy in vehicles. The People maintained that the year delay in conducting the download was immaterial.” Id. at 651, 121 Cal. Rptr. at 505. The trial court held that there was no Fourth Amendment violation:

In this matter the Court is satisfied that the police were permitted to conduct tests and discover data because the vehicle was an instrumentality of the crime of vehicular manslaughter as well as hit-and-run. Therefore, the retrieval of the data in the SDM was not a search within the meaning of the Fourth Amendment. Id.

It further stated that, even if downloading the information was “not a test or a diagnostic event” and it was a search, the search fell “within the automobile exception to the warrant requirement because the police officers had probable cause to believe that evidence pertaining to the crime was contained in the SDM.” Id. at 651, 121 Cal. Rptr. at 505.

The appellate court disagreed:

This case is fundamentally distinguishable from the cases where technology is used to allow law enforcement to capture information that a person is knowingly exposing to the public. . . .
[I]n this case, defendant could not have claimed any reasonable expectation of privacy with respect to governmental observations, including those using enhanced technology, of his driving on public roads. We are more familiar with the examples of law enforcement measuring vehicular speed with radar guns or recording failures to stop at red lights with automated cameras. But in this case, the government was not making any observations of conduct exposed to the public view. Here, defendant’s own vehicle was internally producing data for its safe operation. That exceedingly precise data was not being exposed to the public or being conveyed to any other person.

Id. at 654, 121 Cal. Rptr. at 508. The appellate court found no probable cause for the download:

[T]he scope of a legitimate warrantless search of a vehicle under the automobile exception “is defined by the object of the search and the places in which there is probable cause to believe that it may be found.” The scope of a warrantless search authorized by the automobile exception is “no broader and no narrower than a magistrate could legitimately authorize by warrant.” Moreover, probable cause to conduct a warrantless search must exist at the time the warrantless search is executed.
[I]n this case, the prosecution failed to show that the objective facts known to the police officers at the time of the download constituted probable cause to search the SDM for evidence of crime. The download occurred long after the collision and criminal investigation. The officers who conducted the download were merely complying with an unexplained request of the D.A.’s Office and believed no relevant data would be found. The download of the data was not supported by probable cause.

Id. at 661, 121 Cal. Rptr. at 513. Nor did the court find the SDM data to be lawfully seized evidence of a crime:

The Attorney General has not cited any Fourth Amendment authority permitting new intrusions into any internal part or component of a vehicle simply because the vehicle was seized as evidence. . . . The retrieval of raw data from a vehicle’s SDM not believed by police to hold any evidence of crime is not a reexamination or closer look at areas of a vehicle already reasonably believed to be or contain evidence of a crime; it is a new and different intrusion. The prosecution failed to show in this case that the download of data was justified by the circumstances warranting seizure of the vehicle and examination of its condition. Further, the download of raw data from a SDM does not qualify as a scientific test, similar to DNA or ballistics testing since downloading is merely the copying or retrieval of electronic data or information.

Id. at 663, 121 Cal. Rptr. at 515.

Clearly, the two cases can be factually distinguished. The New York case involved a download of data immediately after the accident versus the year delay in Xinos. The more important issue, however, is whether a driver has a legitimate expectation of privacy in the black box data at all, and if so, when a warrant based on probably cause should be required. As black boxes become ubiquitous in new cars, this issue is bound to be before the courts again.

Those early days in the growth of the Internet saw Congress passing several laws that freed the Internet from potential liability – the DMCA “safe harbors” provisions, Section 230 of the Communications Decency Act, and the Internet Tax Freedom Act of 1998 – to name just a few. And the Internet responded to this light touch by growing exponentially both within the U.S. and around the world – with almost two billion users today!

Unfortunately, during the last decade, the Internet has lost its luster – at least as far as politicians and the courts are concerned – and is being subjected to ever-increasing regulation and liability. Many politicians blame all of society’s ills on the Internet. (See here and here for just two examples.) As a result, they are openly hostile to the idea of an open, global forum for the exchange of information and ideas, as well as for global commercial activity, and seem intent on killing the “goose that laid the golden egg.” Just a look at today’s online news sites will confirm that the Internet is under increasing attack worldwide.

Fortunately, the Internet is extremely resilient – both from a technical, as well as a social and economic, perspective. So far the Internet (and those who dwell within it) have been able to “work around” many of these new laws and regulations or adapt to them without significant damage to the “business as usual” nature of the system. But it’s difficult to tell from our vantage point whether real, permanent damage is being done to the Internet – as both a communications medium and a platform for e-commerce. A decade from now analysts may look back at the Internet as a failed experiment – killed off by politicians, judges and self-serving business interests, who thought the Internet had to be “tamed,” and in doing so destroyed its ultimate potential.

Only time will tell….

However, after pressure from my friends and family (all of whom are devoted iPad users), I purchased an iPad for myself last Christmas. While I don’t use it as much as my kids do, or as some of my students do, I have warmed up to the device and have become a regular purchaser from the iPad app store. I use it mainly to do email and read ebooks. That is why I was very distressed to read about an emerging battle between Apple and the e-reader companies (Sony, Amazon and Google) over the nature of the e-reader apps they will be allowed to distribute through the app store in the future. See, e.g., Yukari Iwatani Kane and Stu Woo, “Apple Rejects Sony E-Book App,” Wall. St. j. (Feb. 2 2011).

In general, e-reader apps have been just that. They can be used to read e-books, but if you want to purchase an e-book, you need to go to the applicable website and pay for the e-book there. While it is somewhat inconvenient to have to leave the e-book app to buy a new e-book, it hasn’t been a major issue. At least for e-book readers. Apparently it has been a major issue for Apple, since Apple does not get a cut of the revenues generated by those e-book sales. As Apple stated in a recent press release:

We are now requiring that if an app offers customers the ability to purchase books outside of the app, that the same option is also available to customers from within the app with in-app purchase.

It is reported that Apple has rejected an e-reader app from Sony, demanding that Sony provide the means to purchase their e-books through the iTunes store – and pay Apple 30% of the revenues generated from such sales. Considering that many e-book sales are made with little or no profit already (various stories assert that Amazon loses money on the e-books it sells for $9.99 or less), having to give Apple 30% of revenues would make most e-book sales unprofitable – which might require e-book sellers to jack up the price of their titles across the board to cover Apple’s cut.

And there is no reason that Apple won’t expand that policy to other e-commerce areas. As one commentator recently stated:

Now that Apple has changed the business arrangement for e-books, you can bet it’s thinking about the terms for video-streaming apps like Netflix and Hulu Plus and music apps like Pandora, or even more general e-commerce apps like Amazon’s Windowshop. If Apple wants a 30 percent cut of my Kindle book today, I assume it will want a 30 percent cut when I try to buy an actual Kindle tomorrow.

Farhad Manjoo, “Ditch the App Store,” Slate.com (Feb. 1, 2011).

It will be interesting to see what Sony, Amazon and others do in response to Apple’s changing policies. And whether the FTC or various state attorneys general may get involved as well.