We’ve shared many examples of “Lego Art” in previous blog posts (see here). This spring, 13 new works of LEGO art are on display at Leu Gardens in Orlando, Florida. These works are by Lego artist Sean Kenney. (Check out his website here.) The peacock pictured below contains 68,827 Lego bricks.
Image Credit: F. E. Guerra-Pujol
The Computer Fraud and Abuse Act (CFAA) is a federal law that imposes criminal and civil penalties on computer hackers. The original version of this law made it a federal crime to access government computers without authorization or in excess of authorization. The scope of the law has subsequently been expanded by Congress to include all “protected computers”, broadly defined as any computer connected to the Internet. Here are some relevant links:
According to the 2010 film “The Social Network” (see page 27 of the movie script), the Harvard Ad Board accused Zuckerberg of “violating copyrights” (among other things) when he created Facemash. Really? This allegation may sound plausible. After all, creators of original works (including photographs and even selfies!) own the exclusive legal rights to their works the moment those works are created. But before we can conclude that someone is engaged in copyright infringement, we must ask what copyrights did he infringe? In the case of Facemash, since Zuckerberg did not have the express or implied permission to use the I.D. photos of his fellow students, he may have committed copyright infringement when he took those pictures from Harvard’s databases and posted them up to Facemash, but that begs the question: who owns the legal rights–i.e. the copyright–to those pictures? Harvard or the students themselves? (Why is the question of ownership so crucial? Because it is the owner who retains the right to sue for damages for any copyright infringement.)
To keep this analysis simple, let’s say Harvard owns the rights to those student I.D. photos. (Perhaps students are required to assign their legal rights to Harvard when they submit their photos to the university.) The next question is: did Harvard at any time formally register those pictures with the U.S. Copyright Office? Without formal registration, a copyright owner’s enforcement rights are very limited, since federal copyright law preempts State law in this area. (See here, for example.) For the sake of argument, let’s say Harvard took the precaution of registering those student I.D. photos with the Copyright Office the moment it realized those photos were hacked. What next? In theory, Harvard could sue the hacker in federal court and request statutory damages under the Copyright Act, but in this case, the hacker was one of its own students! If Harvard is not going to expel him over this conduct, is it really going to incur the expense or risk of negative publicity by suing him?
Thus far, we have wondered whether Harvard sophomore Mark Zuckerberg may have committed a tort when he created Facemash back in ’03. Broadly speaking, whether an act or omission constitutes a civil tort depends on the common law of the place in which the alleged tort occurred. But remember: the United States is a federal system! There are two levels of government in the USA–the States and the feds–and each level has its own laws and operates its own separate legal system. As a result, in addition to local tort law, there are a number of federal laws that could have applied to Facemash. In particular, Facemash may have crossed the following three federal legal lines:
Frankly, we should just ignore FERPA because this toothless federal privacy law is all bark and no bite. In theory, the Secretary of the U.S. Department of Education could have brought a FERPA enforcement action against Harvard (perhaps on the theory that Harvard did not do enough to protect sensitive student information from hackers), but FERPA applies only to “educational records”, so a strong argument can be made that Facemash did not run afoul of FERPA. But even if student I.D. photos are considered “educational records”, the U.S. Supreme Court ruled in Gonzaga University v. Doe, a case decided in 2002, that private parties may not sue for damages under FERPA. (By the way, it’s also worth noting that the feds have never brought an enforcement action under FERPA!)
That still leaves copyright infringement and the CFAA, two federal laws that do allow private causes of action, i.e. private parties may sue for money damages under the Copyright Act and the CFAA if certain conditions are met. In addition, copyright law and the CFAA also establish severe criminal penalties (!) for copyright infringement and for unauthorized access to a protected computer, so we will take a closer look at these two laws in our next two blog posts.
Credit: Elaine Daniels
In my previous post, we considered Facemash from Harvard’s perspective, so we asked whether Mark Zuckerberg–the Harvard hacker and creator of Facemash–committed the tort of conversion or the tort of trespass to chattels when he hacked into the University’s computer network. In this post, let’s consider Facemash from the perspective of the “Facemash Girls”–the co-eds whose pictures were posted to the Facemash website without their consent. In particular, couldn’t some or all of the Facemash Girls have sued Zuckerberg for invading their privacy or for intentional infliction of emotional distress? (This is not a crazy question; a lot of the students at Harvard have powerful parents.)
Let’s consider the common law right to privacy first. In brief, there are four ways of proving that an unlawful “invasion of privacy” occurred: intrusion of solitude, public disclosure of private facts, false light, and appropriation of name or image. But however we slice and dice it, there are two big problems with all these privacy theories of liability in the case of Facemash: (1) what are the damages, and (2) is there a reasonable expectation of privacy in semi-public I.D. photos? To begin with, a tort plaintiff is required to allege and prove an injury or damages to win her case, but what damages did the Facemash Girls suffer when their pictures were posted to Facemash? Now, for the sake of argument, let’s suppose the Facemash Girls can prove damages. (After all, those pictures were posted to Facemash without the Facemash Girls’ consent. In other words, the injury here is that Zuckerberg did not ask for anyone’s permission first.) The plaintiff will also have to show that she had a reasonable expectation of privacy in her college I.D. photo. The problem, however, is that those I.D. photos are meant to be seen! How can one say that one has a reasonable expectation of privacy in something that is meant to be seen by your classmates?
What about the tort of intentional infliction of emotional distress or IIED? To recover under this theory of tort liability, a plaintiff will have to prove two things: (1) that the defendant acted in an “extreme and outrageous” way, and (2) that she, the victim, suffered “severe emotional distress” because of the defendant’s extreme and outrageous behavior. So, was Facemash really all that “extreme and outrageous”? It’s hard to say, especially given the fact that people judge each other based on their physical appearance all the time. Plus, even if Facemash was extreme and outrageous, how could it cause any severe emotional distress? Remember, the website was up only for a short period of time before the University shut it down.
This concludes our legal analysis of Facemash (and hacking generally) from a common law perspective. In our next two blog posts, we will consider two federal laws that might apply to Facemash.
A major source of local (i.e. State) law in the USA is judge-made common law. In fact, major areas of local law–including torts, contracts, and property–are based on well-established common law principles. Here, we will focus on the law of torts. A tort is a wrongful act, such as assault, battery, and trespass, and a tortfeasor is a person who commits a tort. (Note: a tortfeasor could be an LLC or a corporation.) When someone is injured by the commission of a tort, he or she may have a legal right to sue the tortfeasor for money damages under one or more theories of tort liability. So, did Zuckerberg commit a tort when he hacked into Harvard’s computers and launched Facemash?
In our view, at least three or four theories of tort liability could apply to Facemash: (1) conversion, (2) trespass, (3) invasion of privacy, and perhaps (4) intentional infliction of emotional distress. Let’s start with common law conversion, which is a fancy word for theft. There is no doubt that Zuckerberg did not have a legal right to use the student I.D. pictures in Harvard’s computer databases when he created Facemash, so one could argue that the Facemash hack constituted an act of conversion. But there are big two problems with this theory of liability. First, in the case of Facemash, who would have standing to sue under such a theory? That is, since only the owner has legal standing to enforce his property rights, we must ask: who owns the legal rights to the student I.D. pictures that were posted to Facemash? Each individual student or Harvard? But beyond legal standing, the more fundamental problem with this legal theory is that it’s not at all obvious that a “conversion” really occurred in this case. After all, Zuckerberg did not try to prevent anyone else from using the photos; that is, he didn’t really steal or convert those pics; he just made digital copies of them!
What about trespass? For example, the tort of trespass to chattels–what the famed torts scholar William Prosser once called conversion’s “little brother”–occurs when a person interferes with another person’s property rights. Alas, courts are divided whether this tort applies to such online activities as “screen scraping“. Most courts will require the plaintiff (the person who is suing the alleged trespasser) to prove actual damages or monetary losses. In the movie “The Social Network,” Facemash causes Harvard’s computer system to crash, so Harvard might be able to prove damages, but it wasn’t the actual hacking of the student I.D. photos that caused the system to crash; it was Facemash’s popularity among users. That is, Harvard’s system crashed after the network was hacked! Further, does Harvard really want to sue one of its own students? Also, doesn’t the fact that Harvard did not expel Zuckerberg hurt Harvard’s ability to sue for trespass? In any case, besides trespass and conversion, two other common law theories of legal liability could apply to Facemash: invasion of privacy and intentional infliction of emotional distress (“IIED”). Stay tuned; we will consider these two tort theories in our next blog post.
In a previous post, we reviewed the ethics of Facemash and saw that not all hackers are “bad.” (From a moral perspective, whether hacking is “good” or “bad” depends in large part on the internal motivation of the hacker.) Now, let’s consider the legal regulation of computer hacking. To jump into this complex territory, let’s first identify the three main sources of Anglo-American law: (1) legislative enactments, including regulations and administrative law, (2) the common law, and (3) and natural law. Let’s ignore natural law for now; instead, let’s focus on “positive” or man-made law: legislation, regulation, and the common law. Legislation refers to “the laws on the books” — i.e., to actual laws or statutes enacted by a legislature and codified (i.e. written down) in publicly-available law books. (By the way, regulations are laws enacted by executive or independent government agencies, but the authority of an agency to enact a regulation must be specifically granted by a prior act of legislation, so we can subsume regulations/administrative law under the broader category of legislation.)
The common law, by contrast, refers to long-established judge-made legal doctrines (like the doctrine of consideration in contract law) and to judge-made legal principles (like “negligence” in tort law). In addition, judges (especially appellate judges — judges who review the legal decisions of lower court judges) often have to interpret the meaning of the laws on the books when they decide cases, and these judicial interpretations can then become binding precedent through the judge-made doctrine of stare decisis on future courts in the same jurisdiction. As a result, there are two major sources of positive law in the United States: cases and legislation. Furthermore, because the United States is a “federal” system consisting of 50 sovereign States as well as a national government, there are multiple legal systems in the U.S.: the legal systems of the States and the federal legal system. (In theory, all these legal systems are supposed to be co-equal.)
So, when we look to see what laws might apply to Facemash, we will have to consider all relevant federal legislation (like the Copyright Act of 1976 and the Computer Fraud and Abuse Act of 1984) as well as any relevant cases interpreting the scope of these federal laws. In addition, because Harvard College is located in the Commonwealth of Massachusetts (one of the original 13 colonies!), we will also have to consider State legislation as well as State common law. It turns out that Massachusetts enacted an anti-hacking law in 1994 and that many possible common law theories of liability — like trespass, conversion, and invasion of privacy — could apply to Facemash. We will review some common law theories of tort liability in our next two posts.
Image Credit: Sabrina Thomas
Below are five essays and articles discussing various ethical aspects of hacking or the ethics of teaching how to become a computer hacker:
Welcome to the online home of the IASS
Hopefully It’s Interesting.
In Conversation with Legal and Moral Philosophers
Relitigating Our Favorite Disputes
PhD, Jagiellonian University
Inquiry and opinion
Life is all about being curious, asking questions, and discovering your passion. And it can be fun!
Books, papers, and other jurisprudential things
Ramblings of a retiree in France
BY GRACE THROUGH FAITH
Natalia's space
hoping we know we're living the dream
Lover of math. Bad at drawing.
We hike, bike, and discover Central Florida and beyond
Making it big in business after age 40
Reasoning about reasoning, mathematically.
I don't mean to sound critical, but I am; so that's how it comes across
remember the good old days...
"Let me live, love and say it well in good sentences." - Sylvia Plath
a personal view of the theory of computation
Submitted For Your Perusal is a weblog wherein Matt Thomas shares and writes about things he thinks are interesting.
Logic at Columbia University
Just like the Thesis Whisperer - but with more money
the sky is no longer the limit
Technology, Culture, and Ethics
Just like the horse whisperer - but with more pages
Poetry, Other Words, and Cats
prior probability 