The Laboratorium
February 2011

This is an archive page. What you are looking at was posted sometime between 2000 and 2014. For more recent material, see the main blog at

Known and Unknown, Property and Contract

Last spring, I went to a wonderful symposium on Data Security and Data Privacy in the Payment System at Brooklyn Law School. It was organized by Ted Janger and the Brooklyn Journal of Corporate, Financial, and Commercial Law, and featured a wide-ranging conversation on the hard problem of keeping your credit card information safe from identity thieves. I say “conversation” because it really was one; it was organized around presentations, but the back-and-forth among the dozen or so of us was rich and unforced. Putting all of us around three sides of a single large table was an inspired move; it broke down the wall between “panel” and “everyone else.”

My role was to comment on two of the presentations: Chris Hoofnagle’s Internalizing Identity Theft and Juliet Moringiello’s Warranting Data Security. Afterwards, Ted did what a good conference organizer should: gently coaxed and cajoled me into writing up my remarks as a short piece for the symposium issue. That issue is now out, so I’m pleased to present you with Known and Unknown, Property and Contract: Comments on Hoofnagle and Moringiello. Here’s the abstract:

In addition to gerund-noun-noun titles and a concern with the misaligned incentives of businesses that handle consumers’ financial data, Chris Hoofnagle’s Internalizing Identity Theft and Juliet Moringiello’s Warranting Data Security share something else: hidden themes. Hoofnagle’s paper is officially about an empirical study of identity theft, but behind the scenes it’s also an exploration of where we draw the line between public information shared freely and secret information used to authenticate individuals. Moringiello’s paper is officially a proposal for a new warranty of secure handling of payment information, but under the surface, it invites us to think about the relationship between property and contract in the payment system. Parts I and II, respectively, of this brief essay will explore these hidden themes in Hoofnagle’s and Moringiello’s articles. I hope the exercise will tell us something interesting about these two papers, and also about the problems of privacy and security in the payment system. A brief conclusion will add a personal note to the mix.

I recommend reading to Part III. Feel free to skip ahead.

Be an Expert Witness, Go to Jail?

Dean Boland is a lawyer who specializes in technology issues. He was an expert witness for the defense in a child pornography case, United States v. Shreck. Part of the argument was that the defendant couldn’t have “knowingly” viewed child porn because it’s impossible to distinguish images of actual children having actual sex from a good Photoshop job. To prove his point, Boland created some synthetic child porn: he took a stock photo of a 5-year-old girl eating a doughnut, deleted the doughnut, and replaced it with a penis.

Bad move. Last month, the Sixth Circuit allowed a lawsuit against Boland for violating the federal child pornography laws to go forward. In the course of trying to show that his client didn’t possess child pornography, Boland wound up possessing some himself. He pleaded guilty to criminal charges, and opened himself up to civil lawsuits.

It’s hard to feel much sympathy for Boland himself. The lawsuit was brought by the parents of the children whose photos he used. And, as the court points out, he could have used photos of adults, or used Photoshop to change one innocent picture of a kid into a different picture of a kid: replaced the doughnut with a scone, for example. He did something stupid, which understandably caused serious distress to the children’s’ parents.

Still, this case—and others like it—are troubling. The trial court had tried to let Boland off the hook because he was using the fake child pornography as part of Shreck’s defense. The appeals court said no dice: you can’t commit one crime in order to help in the defense of another:

Otherwise, an individual on trial for a murder-by-stabbing charge could try to prove that the knife was not long enough to kill someone by using it to stab someone else in the middle of the trial. Or individuals on trial for counterfeiting or manufacturing drugs might be able to make more of the contraband as part of a defense.

That sounds reasonable. But it comes dangerously close to preventing a defendant from demonstrating that what he did was not a crime at all. In a 2002 case, Ashcroft v. Free Speech Coalition, the Supreme Court held that a federal law on “virtual child pornography” violated the First Amendment. The law in question any “visual depiction” that “is, or appears to be, of a minor engaging in sexually explicit conduct.” The problem for the Court was the “appears to be” prong: the law prohibited pornography produced using young-looking adults or entirely with computers. But the principal reason that child pornography is treated as contraband that’s never legal to possess is because of the serious harm it inflicts on children who are forced to participate in it. If the images were produced without the participation of any actual children, that rationale goes away.

Back to Boland. If your expert witness will be thrown in jail himself for trying to help you prove that you were looking at virtual child porn rather than actual child porn, there goes much of your practical ability to defend yourself. And the Sixth Circuit’ rationale in the Roberto hypothetical—you’re not allowed to commit one crime to defend against another—doesn’t apply if the expert is also dealing in wholly virtual pornography. Saying that Boland possessed child pornography comes dangerously close to circularity; what is or is not constitutionally punishable “child pornography” is the very question the defense centered on.

I think in the end that the prosecution and parents’ lawsuit against Boland are constitutionally permissible. One of the harms the Supreme Court cited from actual child pornography is that “each new publication of the speech would cause new injury to the child’s reputation and emotional well-being.” That applies to Boland, who used photos of real children. They weren’t actually engaged in sexual acts, but he made it appear that they were. It’s less severe a harm to the children, but it’s one the Supreme Court has recognized, and one that parents are quite right to be upset about.

My point is really that we’re on treacherous ground here. Child pornography is, as Eric Goldman describes it, legally “toxic”: even one download is an incurable crime. Unfortunately, it’s also toxic to our legal system, which sometimes seems to suspend all of the ordinary rules when a child pornography prosecution is involved. The War on Child Porn may be the Internet’s version of the War on Drugs or the War on Terror: a noble-sounding cause that unhinges otherwise sane people and undermines important civil rights.

Which Would Mean the Libraries Are the Slaveholders?

Moreover, as to the question of fair use, I have difficulty regarding a use as fair, when a user benefits as extensively from the copyrighted material as this one does, yet adamantly refuses to make any contribution to defray the publisher’s cost, or compensate for the author’s effort and expertise, except the nominal subscription price of two copies of each periodical. Defendant’s libraries, and others, have attempted to exercise a measure of self-restraint hitherto, but there is nothing in the majority decision to induce them to continue, that is not more than counterbalanced by other material that will encourage unrestricted piracy. However, hedged, the decision will be read, that a copyright holder has no rights a library is bound to respect. We are making the Dred Scott decision of copyright law.

Williams & Wilkins Co. v. United States, 487 F.2d. 1345, 1387 (Ct. Claims 1973) (Nichols, J. dissenting)

A Brief Colloquy on Memory

Siva Vaidhyanathan writes, at page 177 of The Googlization of Everything:

In his short story “Funes, His Memory,” Jorge Luis Borges writes of the misery of young Ireneo Funes of Argentina, who is cursed with the inability to forget. … With his inability to forget, Funes simply can’t make sense of everything. He can’ think abstractly. He can’t judge facts by relative weight or seriousness. He is lost in details, and can’t discriminate between the important and the trivial, the old and the new. Painfully, Funes cannot rest.

So far, this might have come straight from Viktor Mayer-Schöenberger’s Delete. Memory oppresses us; forgetting makes us human. Mayer-Schönberger argues that digital technologies, by perpetually storing every fact, have precisely this effect on us. The past is always present, in every last detail. We are all Funes now, we the memory-haunted.

But that is not how Vaidhyanathan continues:

Google is not just our memory machine; it is also our forgetting machine, because it filters abundance for us.

Vaidhyanathan takes another commonplace of digital media theorizing—call it the “Google Is Making Us Stupid” argument—and shows its surprising consequence for Mayer-Schönberger’s position. When we offload our memories into our devices, we are forgetting. If so, then perhaps digital technologies save us from Funes’s fate, rather than condemning us to it.

The Googlization of Everything, by the way, is the book Vaidhyanathan was born to write, and his best work to date. Everyone will find something profound in it, as well as something to infuriate.

Yes, I Know That Comment Previewing Is Broken

Unfortunately, WMD, the wonderful WYSIWYG Markdown editor that I was using to give live real-time comment preview, is no longer working. The site that was hosting it has simply disappeared. I’ve discovered that the original author stopped maintaining it shortly after posting it, but it seems that the domain didn’t fall over until just now. Others reverse engineered the JavaScript and have been working on open-source forks of the project, so I hope to be able to grab one of those and re-enable the functionality. As so often happens, though, in the urge to generalize and “improve” a piece of software, some of its newer developers seem to have made it substantially harder to use. I hope to have good news soon.

Sealand, HavenCo, and the Rule of Law

I have posted a draft of my newest paper, Sealand, HavenCo, and the Rule of Law. I revisit the strange story of HavenCo, an early-2000s attempt to set up an Internet hosting site where no country on Earth could get at it, leading to complete freedom from censorship. The place they chose was a former World War II anti-aircraft platform in the North Sea, which had been occupied since the 1960s by a former pirate radio broadcaster, Roy Bates, who declared it the independent Principality of Sealand.

I’ve been fascinated by the story ever since reading Simson Garfinkel’s classic 2000 article on it for Jonathan Zittrain’s Internet law class. In the paper, I delve deep into Sealand and HavenCo’s history to reconstruct what happened. It wasn’t, as some have claimed, a simple story about existing nations triumphing over the upstart Internet. Instead, HavenCo’s ultimate failure had as much to do with the very strange place it set up shop. Sealand may be a great place to visit, but you wouldn’t want your business to live there. The paper asks what the rule of law looks like in an Internet age, as seen through the lens of HavenCo. I’ve had great fun writing it, and I hope you’ll enjoy reading it.

I’ll also be guest-blogging at the Volokh Conspiracy this coming week about the paper. Please drop by and join the discussion.

Here is the abstract:

In 2000, a group of American entrepreneurs moved to a former World War II anti-aircraft platform in the North Sea, seven miles off the British coast, and launched HavenCo, one of the strangest start-ups in Internet history. A former pirate radio broadcaster, Roy Bates, had occupied the platform in the 1960s, moved his family aboard, and declared it to be the sovereign Principality of Sealand. HavenCo’s founders were opposed to governmental censorship and control of the Internet; by putting computer servers on Sealand, they planned to create a “data haven” for unpopular speech, safely beyond the reach of any other country. This article tells the full story of Sealand and HavenCo — and examines what they have to tell us about the nature of the rule of law in the age of the Internet.

The story itself is fascinating enough: it includes pirate radio, shotguns and .50-caliber machine guns, rampant copyright infringement, a Red Bull skateboarding special, perpetual motion machines, and the Montevideo Convention on the Rights and Duties of State. But its implications for the rule of law are even more remarkable. Previous scholars have seen HavenCo as a straightforward challenge to the rule of law: by threatening to undermine national authority, HavenCo was implacably opposed to all law. As the fuller history shows, however, this story is too simplistic. HavenCo also depended on international law to recognize and protect Sealand, and on Sealand law to protect it from Sealand itself. Where others have seen HavenCo’s failure as the triumph of traditional regulatory authorities over HavenCo, the article argues that in a very real sense, HavenCo failed not from too much law but from too little. The “law’ that was supposed to keep HavenCo safe was law only in a thin, formalistic sense, disconnected from the human institutions that make and enforce law. But without those institutions, law does not work, as HavenCo discovered.

A Classic Rant, Apropos of Nothing

Adam Mathes, Fecalmarketing, (Sept, 29, 2003):

My views on this theoretical job loss among telemarketers is this: if companies employed “fecalmarketers” to throw feces at people’s homes in order to get their attention to then sell them aluminum siding, see if they might be interested in finding out more about financial services, or if they wanted to change their long distance service provider, and then the government stepped in and said, hey, wait, you know throwing feces at somebody’s home is really not cool and you’re not allowed to do it to people who have signed up for this “do not throw shit at my house list,” would anybody really argue about putting people who hurl feces for a living out of a job?

Compare and Contrast

Fairport Convention, “Now Be Thankful”:

The Grateful Dead, “Black Muddy River”: