Josh Work Professional Organizations Trip Reports Conference Report: 2001 LISA: Invited Talk:
What Sysadmins Need to Know About the New Intellectual Property Laws

Lee Tien, a lawyer from the EFF, spoke about what we as systems administrators have to know about intellectual property and copyright legislation, which has changed recently here in the United States. (I can hear the cries of "US cultural imperialism strikes again.") The short answer, according to the speaker, is "a lot." He provided a general overview of the issues, but when in doubt always contact your own lawyer, attorney, or counsel.

The theme of the legislation of late has been to figure out who controls the technology. Copyright law provides the creator or author or publisher of a work or expression fixed in some tangible medium, including electronic media such as RAM and disk storage, the right to exclusively copy, sell, distribute their work or expression, and the right to authorize others to do so. Copyright infringement is when someone does this — copies, sells, distributes, or whatever — without authorization. There are two kinds of infringement, direct and indirect. Direct infringements are those where you yourself are the violator. For example, if I were to give away copies of a tape or CD of music by Metallica, that's direct infringement. Indirect infrigements are when there is a direct infringement and you're involved intermediately. There are two types of indirect copyright infringements. The first is contributory, where you condone or help the direct violator, have knowledge (which has been extended to mean both "you know" and "you have reason to know"), and materially contribute to the violation, which includes the control of the facilities or the systems. The second type is vicarious, where you have direct infringement, the right to control, and a direct financial benefit. The example is of a tenant/landlord relationship. Since finiancial benefits are typically not present for systems administrators this probably doesn't appply to us. However, knowledge or reason-to-know do not apply to vicarios infringements.

So what can we as systems administrators do? Well, in smaller environments, we can avoid infringements. Unfortunately this doesn't scale well. There's the so-called betamax defense, which says if something can be used for substantial noncontributory use it's okay — but the courts aren't buying this argument yet, because it's only been applied successfully thus far to contributory, not vicarious, infringement.

What about Napster? They should have known there was infringement going on, and they provided the software and hardware (servers), so they've got contributory infringement. They also performed direct violations, and affected the right to control (vicarious) and cost the copyright owners revenue (vicarious). And even if only contributory infringement is involved, you can't foist it off and say it's someone else's problem once you have knowledge of it. So the advice here is to take cease-and-desist letters very seriously.

What about new legislation? Some case law shows that some knowledge is essential. The Digital Millenium Copyright Act (DMCA) Title II provides safe harbors for ISPs and other providers, though the safe harbors are very complicated. A safe harbor provides immunity for monetary damages only and is intended to limit the legal exposure of the provider. There are four of them defined: Transitory network passage, where all you do is deliver bits from one place to another, as in the Usenet model; system and caching, where you provide the hardware and OS but no monitoring; user stored files, where you provide the disk space; and search-and-retrieval tools, such as Yahoo! The definitions and requirements and exceptions are all very complex, written in legalese, and there's very little case law behind them. In general, though, you have to meet the specific criteria for a safe harbor, you must have an anti-infringement policy, you must accomodate and not interfere with standard technical measures to protect copyrighted works, and you must comply with notice and takedown requests. Unfortunately some of these terms are legally ambiguous, such as "standard technical measures" and "anti-infringement policies."

The big question becomes who controls the technology of the Internet? The RIAA and others want to control it because it can be used to copy and distribute works they own the copyrights to. The DMCA, in the opinion of the speaker, is qa strategy to control devices and it doesn't provide exceptions like the betamax rule, so it requires the right to control access and to make devices to circumvent access controls.

I have to admit that I wasn't thrilled with this talk. The speaker was fairly monotonic (not quite droning but close), had no slides (and therefore no visual interest to the talk), and no handouts or other material, making the dry legal details thoroughly uninteresting, even to a layperson interested in the law.



Back to my conference reports page
Back to my professional organizations page
Back to my work page
Back to my home page

Last update Jul16/05 by Josh Simon (<jss@clock.org>).