June 28, 2017

Archives for July 2010

My Work at CITP This Year: Judicial Policy, Public Access, and The Electronic Court

Hi. My name is Ron Hedges. I am a Visiting Research Collaborator with the CITP for 2010-11.

Let me tell you a little about myself. I am a graduate of the University of Maryland and Georgetown University Law Center. I spent over twenty years as a United States Magistrate Judge and sat in Newark, NJ. I came to the Center through my work with the use and abuse of electronic information in civil litigation in the United States Courts. Several years ago, I wrote a decision on the subjects of “preservation” and “spoliation” electronic information. That led me to The Sedona Conference, a think-tank of academics, attorneys, and judges who focus on electronic information and other things. Today, I’m on a Sedona advisory board and work on, among other things, confidentiality, public access, and electronic information in criminal actions. For information on Sedona, go to www.thesedonaconference.org.

This year, I hope to work with the Center to update something Sedona did a few years ago on confidentiality and public access in civil litigation. Our society prizes two conflicting values: openness in our judicial system and protection for matters of personal privacy and “protected” information. Examples of the latter are trade secrets and personal medical information. How we as a society reconcile openness and protection in civil litigation was the theme of The Sedona Guidelines on Confidentiality and Public Access, published in March of 2007. This document is not focused on electronic information and offers only general guidance on access to electronic information managed by courts. I hope to use my time at CITP to conduct a symposium on confidentiality and access and to move The Sedona Guidelines forward.

Another project for 2010-11 would be to consider the automation of the review of electronic information for “relevance” and “privilege.” Relevance is a simple, but often misunderstood, concept. To be relevant, information must tend to either prove – or disprove – something. Privilege is also simple, but often misunderstood. To be privileged (in a broad sense), information must be either subject to either the “attorney client privilege” or “work product.” Privileged information need not be turned over to an adversary and, if it is turned over, there can be serious consequences. Not surprisingly, human review for privilege is estimated to account for about half of the cost of litigation.

The “holy grail” of litigation is to come up with an automated process or processes for relevance and privilege review that is reasonable. The process must also be something that can be explained to laypeople (i.e., judges and lawyers). Research is being spearheaded by NIST, and I hope to have CITP sponsor a program on automated search that would feature, among others, Jason Baron of NARA and Maura Grossman of the Wachtell firm. They have led the NARA initiative and are prominent exponents of automated review.

Finally, I hope to offer a symposium or class to introduce technology-oriented folks like you to the intricacies of the law as it deals with electronic information.

Please give me your thoughts as we move toward the Fall semester.

Jailbreaking Copyright's Extended Scope

A bit late for the rule’s “triennial” cycle, the Librarian of Congress has released the sec 1201(a)(1)(C) exceptions from the DMCA prohibitions on circumventing copyright access controls. For the next three years, people will not be ” circumventing” if they “jailbreak” or unlock their smartphones, remix short portions of motion pictures on DVD (if they are college and university professors or media students, documentary filmmakers, or non-commercial video-makers), research the security of videogames, get balky obsolete dongled programs to work, or make an ebook read-aloud. (I wrote about the hearings more than a year ago, when the movie studios demoed camcording a movie — that didn’t work to stop the exemption.)

Since I’ve criticized the DMCA’s copyright expansion, I was particularly interested in the inter-agency debate over EFF’s proposed jailbreak exemption. Even given the expanded “para-copyright” of anticircumvention, the Register of Copyrights and NTIA disagreed over how far the copyright holder’s monopoly should reach. The Register recommended that jailbreaking be exempted from circumvention liability, while NTIA supported Apple’s opposition to the jailbreak exemption.

According to the Register (PDF), Apple’s “access control [preventing the running of unapproved applications] does not really appear to be protecting any copyright interest.” Apple might have had business reasons for wanting to close its platform, including taking a 30% cut of application sales and curating the iPhone “ecosystem,” those weren’t copyright reasons to bar the modification of 50 bytes of code.

NTIA saw it differently. In November 2009, after receiving preliminary recommendations from Register Peters, Asst. Secretary Larry Strickling wrote (PDF):

NTIA does not support this proposed exemption [for cell phone jailbreaking]…. Proponents argue that jailbreaking will support open communications platforms and the rights of consumers to take maximum advantage of wireless networks and associated hardware and software. Even if permitting cell phone “jailbreaking” could facilitate innovation, better serve consumers, and encourage the market to utilize open platforms, it might just as likely deter innovation by not allowing the developer to recoup its development costs and to be rewarded for its innovation. NTIA shares proponents’ enthusiasm for open platforms, but is concerned that the proper forum for consideration of these public policy questions lies before the expert regulatory agencies, the U.S. Department of Justice and the U.S. Congress.

The debate affects what an end-user buys when purchasing a product with embedded software, and how far copyright law can be leveraged to control that experience and the market. Is it, as Apple would have it, only the right to use the phone in the closed “ecosystem” as dictated by Apple, with only exit (minus termination fees) if you don’t like it there? or is it a building block, around which the user can choose a range of complements from Apple and elsewhere? In the first case, we see the happenstance of software copyright locking together a vertically integrated or curated platform, forcing new entrants to build the whole stack in order to compete. In the second, we see opportunities for distributed innovation that starts at a smaller scale: someone can build an application without Apple’s approval, improving the user’s iPhone without starting from scratch.

NTIA would send these “public policy” questions to Congress or the Department of Justice (antitrust), but the Copyright Office and Librarian of Congress properly handled them here. “[T]he task of this rulemaking is to determine whether the availability and use of access control measures has already diminished or is about to diminish the ability of the public to engage in noninfringing uses of copyrighted works similar or analogous to those that the public had traditionally been able to make prior to the enactment of the DMCA,” the Register says. Pre-DMCA, copyright left room for reverse engineering for interoperability, for end-users and complementors to bust stacks and add value. Post-DMCA, this exemption helps to restore the balance toward noninfringing uses.

In a related vein, economists have been framing research into proprietary strategies for two-sided markets, in which a platform provider is mediating between two sets of users — such as iPhone’s end-users and its app developers. In their profit-maximizing interests, proprietors may want to adjust both price and other aspects of their platforms, for example selecting fewer app developers than a competitive market would support so each earns a scarcity surplus it can pay to Apple. But just because proprietors want a constrained environment does not mean that the law should support them, nor that end-users are better off when the platform-provider maximizes profits. Copyright protects individual works against unauthorized copying; it should not be an instrument of platform maintenance — not even when the platform is or includes a copyrighted work.

Private Information in Public Court Filings

Court proceedings are supposed to be public. When they are public and easily accessible, citizens know the law and the courts are kept accountable. These are the principles that underpin RECAP, our project to help liberate federal court records from behind a pay-wall.

However, appropriate restrictions on public disclosure are equally critical to democracy-enhancing information management by the judiciary. Without protections on personal data, trade secrets, the addresses of cooperating witnesses, or other harmful information the courts would become a frightening place for many citizens in need of justice. Peter Winn has described this challenge in detail.

Thus, somewhat counter-intuitively, it is important to restrict some legal information in order to set the rest free. That is why our courts have a strong legacy of sealing cases when, on balance, their disclosure would do more harm to justice than good. When the risks don’t require the entire case to be sealed, portions of documents can be redacted. Federal Rule of Civil Procedure 5.2 and Federal Rule of Bankruptcy Procedure 9037 define these instances.

But what happens when mistakes are made or negligence occurs? This has been a largely unexplored area to date. In a 2005 bankruptcy case in the US District of South Carolina, Green Tree Servicing included the debtors’ social security numbers in a public filing. The document was made available via the courts’ electronic public access system (PACER) for viewing by anyone who was willing to pay the fee. The debtors filed suit in 2008 against Green Tree for disclosing their personal information counter to the rules I mentioned above, as well as the Gramm-Leach-Bliley Act, and other provisions. This was to be an interesting case, but (unfortunately for scholars and perhaps fortunately for the parties) they settled.

However, this was not the end of Green Tree’s entanglement with these provisions. In 2009 they were servicing another pair of debtors, and they likewise included their social security numbers in the filing. The debtors filed suit against Green Tree under similar reasoning. This time, the parties didn’t settle. In its opinion, the US Bankruptcy Court for the Southern District of Indiana dismissed all claims that were based on a private right of action against Green Tree, but left open the possibility that a contempt of court claim could prevail:

The Debtors have pled sufficient facts to state a claim for contempt under §105 for Greentree’s failure to comply with Rule 9037. The act of limiting access to [the document containing SSNs] may be a sufficient remedy under Rule 9037, and a finding of contempt would require that Greentree was aware of its violation of Rule 9037. […] Greentree has “inadvertently” failed to redact social security numbers on proofs of claim forms in at least one other case in which the debtors alleged a claim for contempt. See, In re Petty, No. 08-34375 HCD (Bankr. N. D. Ind. September 21, 2009). Whether the failure to redact here was coincidence or something else is not for the court to decide at this juncture. Nonetheless, the Debtors have pled sufficient facts to establish their claim for contempt under §105(a) due to Greentree’s failure to comply with Rule 9037 and thus, that count survives Greentree’s motion to dismiss and will proceed to trial. All other counts shall be dismissed.

The outcome appears to hinge largely on the “willfulness” of Green Tree. Given the 2005 South Carolina case, it seems evident that Green Tree should have been quite aware of the federal rules of procedure regarding redaction. It will interesting to see how the case turns out.

In the context of these recent cases, the 4th Circuit issued a decision yesterday on a related matter. In Ostergren v. Cuccinelli, the court ruled that a third-party who downloaded public records (“land records”) from government-provided web sites would not be liable for damages when republishing those records online — even if that third-party knew that the records contained private information such as social security numbers.

The facts of the case are quite interesting. Betty Ostergren, a pro-privacy advocate, had for many years tried to get the State of Virginia to implement and then to improve its automatic redaction technology for these records. Virginia was making some effort to do so, but evidently the various counties were not working as fast as she would like, leaving many documents unredacted. Indeed, the original legislation setting the redaction system into motion would have required the task to have been completed by July 1, 2010, but it didn’t go into effect because the General Assembly failed to appropriate the necessary funds. Ostergren decided that the only way to motivate the necessary attentiveness was to begin publishing land records with unredacted SSNs on her own web site. For maximum effect, she chose land records from known public officials.

Virginia enacted a statute designed to stop this type of behavior, and Virginia filed suit under that statute. The Electronic Privacy Information Center filed an amicus brief in support of Ostergren. The 4th Circuit delivered a double-whammy to Virginia: not only did it uphold the district court’s ruling that Ostergren’s site warranted First Amendment protection, it ruled that the protection should extend even further than the district court had ruled. This interpretation was made even easier for the court given the fact that she was posting the materials for the explicit purpose of drawing attention to the problem — it was disclosure, critique, and commentary via simple transparency. As the court noted:

Under Cox Broadcasting and its progeny, the First Amendment does not allow Virginia to punish Ostergren for posting its land records online without redacting SSNs when numerous clerks are doing precisely that.19

19 For the same reason, Virginia could not punish Ostergren for publishing a SSN-containing land record that had accidentally been overlooked during its imperfect redaction process—having a one to five percent error rate—unless Virginia had first corrected that error. Even then, we leave open whether under such circumstances the Due Process Clause would not preclude Virginia from enforcing section 59.1-443.2 without first giving Ostergren adequate notice that the error had been corrected.

Thus, we have an intriguing reversal of the principle I set out above (that it is important to restrict some legal information in order to set the rest free). In this case, it was important to (hopefully temporarily) make more visible the very type of information that ultimately needed to be restricted.