25.3 Criminal Subject Matter

Possession and/or distribution of some kinds of information is criminal under U.S. law. If you see suspicious information on your computer, you should take note. If you believe that the information may be criminal in nature, you should contact an attorney first?do not immediately contact a law enforcement officer, as you may indirectly admit to involvement with a crime merely by asking for advice.

25.3.1 Access Devices and Copyrighted Software

Federal law (18 USC 1029) makes it a felony to manufacture or possess 15 or more access devices that can be used to obtain fraudulent service. The term access devices is broadly defined and is usually interpreted as including cellular telephone activation codes, account passwords, credit card numbers, and physical devices that can be used to obtain access.

Federal law also makes software piracy a crime, as well as possession of unlicensed copyrighted software with the intent to defraud. The rental of software without the permission of the copyright holder is also illegal.

25.3.2 Pornography, Indecency, and Obscenity

Pornography thrives on the Internet. With millions of customers and billions of dollars transferred every year, pornography is currently one of the main drivers of e-commerce and broadband residential connections. Pornography has stimulated the development of age verification systems, credit card verification systems, and even forms of electronic currency. Today, pornography is one of the main sources of revenue on the Internet for some businesses.

The Internet is a global network. By design, the Internet's content can be accessed from anywhere on the network. But this global feature is at odds with the way that pornography and prostitution have traditionally been regulated in human societies?through local regulation, zoning, and registration. Stories, photographs, sounds, and movies that are considered pornographic or obscene in some communities have long been socially accepted in others, and distributed only to adults in still others.

Thus, there is a tension between the Internet's global nature and the global availability of pornography. Amateur Action

In 1993, Robert and Carleen Thomas were operating a bulletin board system called the Amateur Action Bulletin Board System (AABBS) in Milpitas, California. The system was accessed by telephone, not the Internet. The BBS contained a wide range of adult fare, and had numerous login screens and banners that clearly indicated that the information the system contained was sexually explicit. To gain access to the system, potential subscribers needed to send AABBS a photocopy of their driver's licenses (to prove their ages) and pay a membership fee of $55 for six months.

In July 1993, a Tennessee postal inspector named Dirmeyer downloaded a number of sexually explicit files from AABBS, after first registering (using an assumed name) and paying the membership fee. The postal inspector was apparently responding to a complaint from a person in his jurisdiction. On the basis of the information that he downloaded, the Thomases were charged with a violation of 18 USC 1465, "knowingly transport[ing] in interstate or foreign commerce for the purpose of sale or distribution . . . any obscene . . . book, pamphlet, picture, film . . . or any other matter."

The outcome of the trial hinged on whether the information that the postal inspector had downloaded was actually obscene or merely sexually explicit. But the standard for obscenity is not defined in U.S. law. In 1973, the United States Supreme Court instead said that obscenity was best judged by local "community standards." And while the information distributed by AABBS may not have violated the community standards of Milpitas, California, or the standards of the community of dial-up bulletin board systems, on July 29, 1994, a jury in the Federal District Court for Western Tennessee ruled that the downloaded images did violate the community standards of Western Tennessee.[5] (As it turns out, the Thomas' BBS had been previously raided by the San Jose Police Department in 1991; following that investigation, local law enforcement had concluded that the BBS had been acting in a legal manner?at least in California.)

[5] More details about the Amateur Action case can be found at http://www.eff.org/Legal/Cases/AABBS_Thomases_Memphis/Old/aa_eff_vbrief.html, http://www.spectacle.org/795/amateur.html, and http://www.loundy.com/CDLB/AABBS.html. Communications Decency Act

In 1996, the U.S. Congress passed the Communications Decency Act (CDA) as an amendment to the Telecommunications Act of 1996. The purpose of the act was allegedly to protect minors from harmful material on the Internet. But civil libertarians complained that the act was overly broad and that it would actually result in significant limitations for adult users of the network.

Shortly after the act was passed, a coalition of civil liberties groups filed suit against Attorney General Janet Reno, asking the court to enjoin Reno from enforcing the law. The case, American Civil Liberties Union v. Reno, was "fast tracked" to a special three-judge court in Philadelphia. That court ruled that two key provisions of the law were an unconstitutional abridgment of rights protected under the First and Fifth Amendments. The first provision struck down was a part of the law that criminalized the "knowing" transmission of "obscene or indecent" messages to any recipient under 18 years of age. The second was a provision that prohibited the "knowin[g]," sending, or displaying to a person under 18 of any message "that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs."

The Clinton Administration appealed the ruling in the case Reno v. ACLU. The case went to the U.S. Supreme Court, which ruled against the Clinton Administration and the law.[6] At the time of the ruling, one of the key issues that the Court focused on was the increasing availability of filtering software that could be used to prevent children from accessing pornography. The argument was that if parents wanted to "protect" their children from pornography, all they had to do was equip their computers with the requisite software; there was no need to restrict everybody else who used the Internet.

[6] For details on the CDA, see http://www.epic.org/cda/ and http://www.eff.org/Censorship/Internet_censorship_bills/.

Realizing that it could not regulate the Internet itself, Congress subsequently passed a law requiring that federally supported schools and libraries install filtering software on computers to prevent children from accessing pornography at these places. That law has been challenged in some jurisdictions as overly broad. The overall issue is likely to be a topic of legislation and litigation for years to come. Mandatory blocking

Numerous laws now require that schools and libraries install mandatory filtering software on their Internet connections. Of these, the most important is the Children's Internet Protection Act (Pub. L. 106-554), which requires that schools receiving discounted communications services have in place technology that prevents access through computers to visual depictions that are "(I) obscene, (II) child pornography, or (III) harmful to minors." Child pornography

Today, the harshest punishments in the U.S. legal system for possession of contraband information are reserved for pornography that involves the sexual depiction of children or pornography that uses children in its creation. The prohibition against child pornography is based on the need to protect children from sexual exploitation. Because the child pornography regulations criminalize the mere possession of child pornography, you can be in serious legal trouble simply by receiving by email an image of a naked minor, even if you don't know what the image is at the time you fetch it.

Child pornography laws are often applied selectively. In several cases, individuals have been arrested for downloading child pornography from several major online service providers. Yet the online service providers themselves have not been harassed by law enforcement, even though the same child pornography resides on the online services' systems.

In recent years, there has been a move to expand the definition of child pornography to include simulated acts of child pornography, computer animations of child pornography, and even textual descriptions of child pornography. Proponents of these expansions argue that besides any harm that may be caused to children in the creation of child pornography, the mere existence of child pornography is harmful and should therefore be criminal.

25.3.3 Copyrighted Works

Passed in 1999, the Digital Millennium Copyright Act (DMCA) makes it a crime to circumvent technical measures that are used to control access to copyrighted works. It also makes it a crime to distribute certain kinds of technical information that may be used to disable copyright control mechanisms.

The DMCA was pushed through the U.S. Congress very quickly by the Clinton Administration at the request of the publishing and entertainment industry, which has long argued that copyright control systems are needed to prevent piracy, and that information regarding the disabling of these systems should be controlled.

But the result of the DMCA's passage means that there is now a whole class of contraband programs?programs that, in many cases, simply allow people to exercise their rights to access copyrighted material under the "fair use" provisions of copyright law. For example, if you rent a copy of The Matrix on DVD, take it home, and play it on a Mac or on a PC running the Windows operating system, you are not in violation of any law. But if you play it on a PC running the Linux operating system, you are breaking the law. Operating the Linux DVD player is a violation of the DMCA because it was not licensed by the Motion Picture Association of America (MPAA) to decrypt the encrypted bitstream on the DVD that decrypts to the MPEG-2 files that contain The Matrix. Not only is it a violation of the DMCA to run the Linux DVD player, but it may also be a violation to have the program on your hard disk or to distribute it on a web page. And in 2000, a federal court prohibited the magazine 2600 from posting a link on its web site to a second web site that may have had a copy of the program.

The Chilling Effects Clearinghouse (http://www.chillingeffects.org) archives a wide variety of "cease and desist" letters received by web sites pertaining to the DMCA.

It's hard to believe that the DMCA won't be found to be a violation of the U.S. Constitution's First Amendment. But until it is, the DMCA is the law of the land. Be careful about the anticopyright programs that are on your web server.

The DMCA is not the last word in silly, overbroad laws being enacted to satisfy the entertainment industry. As the third edition of this book goes to press, there are several pieces of legislation proposed and under consideration by Congressional committees. One, the Consumer Broadband and Digital Television Promotion Act (CDBPTA), would effectively outlaw the use of any noncommercial operating system. Another pending bill would allow content providers to hack into your computer system and disable it if they suspect it is being used to exchange or store copyrighted material.

Until the courts and the general public assert themselves, the money behind the lobbyists all but ensures that the various companies making up the entertainment and commercial software industries will continue to dictate the legislative initiatives. Thus, you need to be aware of the pending and current laws in this general realm. We suggest the ACM's U.S. Public Policy Committee as one informed, relatively nonpartisan source of information; check out http://www.acm.org/usacm/.

25.3.4 Cryptographic Programs and Export Controls

Although U.S. policy on cryptography was liberalized in 1999 and again (less dramatically) in 2002, export of cryptographic technology to certain countries is prohibited for reasons of U.S. national security. As of September 2002, these countries consisted of Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.

Some cryptographic technologies (including open source cryptographic source code) can now be exported after notifying the Bureau of Industry and Security (BIS) of the URL where the code is available. Many other technologies can be legally exported after review by BIS (and possibly "other agencies"). For the gory details, visit http://www.bxa.doc.gov.

    Part VI: Appendixes