A group of Swarthmore students has published a damning series of internal memos from electronic-voting vendor Diebold. The memos appear to document cavalier treatment of security issues by Diebold, and the use of non-certified software in real elections. Diebold, claiming that the students are infringing copyright, has sent a series of DMCA takedown letters to Swarthmore. Swarthmore is apparently shutting off the Internet access of students who publish the memos. The students are responding by finding new places to report the memos, setting up what Ernest Miller calls a “whack-a-mole game”. (See, for example, posts from Ernest Miller and Aaron Swartz.)
Here is my question for the lawyers: Is this really copyright infringement? I know that copyright attaches even to pedestrian writings like business memos. But don’t the students have some kind of fair use argument? It seems to me that their purpose is noncommercial; and it can hardly be said that they are depriving Diebold of the opportunity to sell the memos to the public. So the students would seem to have a decent argument on at least two of the four fair-use factors. So it might be fair use.
Even if the students are breaking the law, what Diebold is doing in trying to suppress the memos certainly doesn’t further the goals underlying copyright law. A trade secret argument from Diebold would seem to make more sense here, although the students would seem to have a free-speech counterargument, bolstered by the strong public interest in knowing how our votes are counted.
Can any of my lawyer readers (or fellow bloggers) help clear up these issues?
I think there would be a reasonably strong fair use argument. However, fair use is notoriously fuzzy, so it is by no means a slam dunk. Here’s a quick and dirty analysis:
(1) nature of use – non-commercial (I am assuming), so that helps. Also for purposes of criticism, so that helps. But non-transformative, so that hurts (unless the memos were accompanied by commentary).
(2) nature of work – probably a factual work, so that helps. But also unpublished, so that hurts, since as a rule, unpublished works get more protection.
(3) amount of work copied – 100% (again, I’m assuming), so this hurts. True, not dispositive (see, e.g., Sony Betamax), but still, this counts against.
(4) impact on market – probably none, so that helps.
On balance, I think that the critical purpose plus lack of market harm would support a finding of fair use. But again, this is a very fuzzy area, so no assurances.
In some ways, this case is similar to the Netcom case, which involved someone posting, for purposes of criticisim, copyrighted scientology materials on usenet. In that case, the court found no fair use. But in that case, there was a stronger argument for market harm.
The issue, for the Swarthmore students, (and therefore the danger) is less an issue of copyright/fair use, than it is an issue of the Computer Fraud and Abuse Act. 18 USC 1030. (a)(2)(C).
Here how it goes: If they, the students, are accessing the net via Swathmore’s network they must do only as that school’s computer use policy allows. If they, the students, access the net, via the school’s network, in violation of the school’s policy, they could be charged with accessing, a “protected computer” in an “unauthorized manner”, and as a result are “obtaining information” (ANY information, I repeat “any”) see section (e) of the CFAA for the definition of a “protected computer”, they are likely committing a violation of the CFAA. You can certainly argue that the school would never bring a civil action (see subsection (g) of the CFFA dealing with private rights of action) against the students for such a ‘technical violation’. But make no mistake…it is within the school’s power whether their lawyers understand that or not.
In other words….the default setting for students, and the rest of society, is UNAUTHORIZED. There must be some mechanism, some mediating device, a terms of service agreement, an employer’s computer use policy, a school’s, and end user licensing agreement, a web pages terms and service agreement, that ‘grants’ access. Violate it and you are outside the law. I hope people will ponder the implications of this.
I just finished doing my dissertation on the CFAA for my Master’s in Law degree. I would be glad to answer, or, rather, to try and answer, any questions on this issue. What I conclude above is back up by case law.
The issue, for the Swarthmore students, (and therefore the danger) is less an issue of copyright/fair use, than it is an issue of the Computer Fraud and Abuse Act. 18 USC 1030. (a)(2)(C).
Here how it goes: If they, the students, are accessing the net via Swathmore’s network they must do only as that school’s computer use policy allows. If they, the students, access the net, via the school’s network, in violation of the school’s policy, they could be charged with accessing, a “protected computer” in an “unauthorized manner”, and as a result are “obtaining information” (ANY information, I repeat “any”) see section (e) of the CFAA for the definition of a “protected computer”, they are likely committing a violation of the CFAA. You can certainly argue that the school would never bring a civil action (see subsection (g) of the CFFA dealing with private rights of action) against the students for such a ‘technical violation’. But make no mistake…it is within the school’s power whether their lawyers understand that or not.
In other words….the default setting for students, and the rest of society, is UNAUTHORIZED. There must be some mechanism, some mediating device, a terms of service agreement, an employer’s computer use policy, a school’s, and end user licensing agreement, a web pages terms and service agreement, that ‘grants’ access. Violate it and you are outside the law. I hope people will ponder the implications of this.
I just finished doing my dissertation on the CFAA for my Master’s in Law degree. I would be glad to answer, or, rather, to try and answer, any questions on this issue. What I conclude above is back up by case law.
Actually, it can be fair use to copy an entire work. The Copyright Act lists four factors that a judge is supposed to evaluate in considering whether a use is fair. The portion of the work copied (as compared to the total size of the work) is one of the factors, but the other three factors can outweigh that one.
I think you’re spot on saying the Diebold should be following this as a trade secret issue. However, it’s never fair use to use the entire work. Selected quotes, on the other hand, are fair game.
Of course, now that these documents have come to light, interested parties in precincts using these infernal machines should ask for Diebold to turn them over, and failing that, they should file suit to force Diebold’s hand.
See my posting
Diebold Election Systems memos, DMCA, and copyright infringement
At least one set of your lawyer readers thinks you’re right on with the fair use analysis. Fair use and the First Amendment plainly protect our right to use these documents to comment on the mechanisms of our democracy.
EFF sent this response to Diebold on behalf of Online Policy Group, conveying OPG’s refusal of Diebold’s cease-and-desist demand. OPG has not removed IndyMedia’s links to the memos.