THE LEGAL ASPECTS OF TELECOMMUNICATIONS AND ELECTRONIC BULLETIN BOARD SYSTEMS By: James J. Spinelli, President VITRON Management Consulting, Inc. Sysop: Activity Bulletin Board Service (914) 779-4273 Compuserve: 76530,125 (c) Copyright 1989, VITRON Management Consulting, Inc. All Rights Reserved. ============================================================================= The easy access, low cost, and distributed intelligence of our modern means of communications present us with reasons for hope and for matters of concern. The lack of technical grasp by policy makers and law makers and their propensity to solve problems of conflict, privacy, and intellectual property by accustomed bureaucratic routines are the main reasons for concern. But, our commitment to pluralism, individual rights, and integrity provide reason for optimism, as do the pliancy and profusion of our electronic technology and those who provide it. We are about to embark on a journey, one that will take us into the forest of computer law. This forest is as interesting as it is elusive, as impressive as it is relatively unknown and unexplored, as evolving as it is potentially perilous. This forest is filled with many paths upon which we may traverse; yet, only recently, have we begun to attempt to determine just where all the paths may potentially lead. We need to view whatever it is that we do in a specific framework. It is the establishment of this framework that this report is intended to achieve. Each of us is engaged in an endeavor that has inherent responsibilities, accountabilities and, I dare say, liabilities. Sine the introduction of the first commercial computer in the 1950s, we humans have been striving to develop a symbiosis between ourselves and the enigmatic computer. From its embryonic stage to the present time, the computer has presented us with numerous opportunities and ever-expanding ingenious methods for doing things. However, nowhere else has this technological marvel made greater impact in our lives than in the area of communication. When we communicate, we partake in an interchange of ideas, with the objective of being understood and to understand -- we seek a connection between ourselves and others. Microcomputers have had a major impact in this area of connectivity. They bridge the gap between the availability of information and it dissemination. Geography and logistics are no longer constraints in our efforts to "reach out and touch someone." In time past, computer-based communications were typically performed by experienced programmers or very dedicated computer hobbyists who had both the knowledge and tenacity to forge ahead, sometimes armed with only a strong sense of adventure. Today, much has changed. Microcomputers are in the hands of non-experts, ordinary people. Many of these people do not possess the knowledge or understanding of the total scope and potential represented by the very machines they use for business and pleasure. Many of these people take great pleasure in communicating with others through their computers, and they do so readily and frequently, often times completely unaware of the underlying legal consequences involved. THE SYSOP --------- In order to meet both the demand and the need for such prolific communication, computerized information services -- information "utilities" -- have mushroomed. One of the most pervasive of these is the electronic bulletin board -- the BBS. Many of these services are owned and operated by home computer users. For many of these people, the extent of their computer knowledge is limited to their understanding of BBS operation only. Who and what is this individual who owns and operates the BBS? We call him the Systems Operators -- Sysop, for short. But, this Sysop is more than just a computer operator. He is: 1. An information broker; 2. A data center manager, and 3. An information resource manager. As an information broker, the Sysop obtains information from a variety of sources, stores it, and provides others access to it. He is responsible for updating the information and for maintaining the hardware and software needed for its storage and its access. As a data center manager, the Sysop provides assurances to users that the information, along with the hardware and software used to store and maintain it, are reliable, safe, and secure. One aspect that cannot be ignored in his role as data center manager is that which necessitates his providing for the integrity of not only the service itself, but of all who access it. What the Sysop provides is a service, one that is expected to promote a healthy, constructive, legal environment, from all users may derive information and enjoyment. As an information resource manager, the Sysop has the underlying commitment to integrate his role of information broker with his role as data center manager. This responsibility deals with the BBS in its totality, i.e., an information system that combines hardware, software, information, users, and Sysop into an integrated whole. We frequently make reference to the term, "Bulletin Board System," without fully comprehending just what such a system truly represents. A BBS, just like any other system, is a series, or group of integrated parts, elements, components, functions, that TOGETHER (hence the term "integrated") perform a specific function or achieve a specific purpose. Whether or not we are able to define or even understand what that purpose or function happens to be, may have little to do with the fact the we're taking about a system. Every system is composed of five integrated components. These are illustrated by the diagram below. ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º º º ÚÄÄÄÄÄÄÄÄÄÄÄ¿ º º ³ ³ º º ³ Control ³ º º ³ ³ º º ÀÄÄÄÄÄÄÄÄÄÄÄÙ º º º º ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄ¿ º º ³ ³ ³ ³ ³ ³ º º ³ Input ÃÄ ÄÄ´ Process ÃÄ ÄÄ´ Output ³ º º ³ ³ ³ ³ ³ ³ º º ÀÄÄÄÄÄÂÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÂÄÄÄÄÄÙ º º º º ³ ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ³ º º ³ ³ º º ÀÄ Ä Ä Ä Ä ´ Feedback Ã Ä Ä Ä Ä ÄÙ º º ³ ³ º º ÀÄÄÄÄÄÄÄÄÄÄÄÙ º º º º The FIVE System Components º º º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ Each component is an integral part of the overall system. Such a view can interpret Input as a stimulus, Output as a response, Process as that which "converts" the stimulus to a response. The Feedback component is the way in which we can evaluate the Output, and determine if it meet expectations. In many instances, the Output component is referred to as the system's overall objective. As such, Feedback permits us to inspect the output/objective, and make appropriate adjustments should the objectives not meet expectations, or should we find that we have set our sights too high, given the nature of the Input and Process components. The Control component is that which governs the overall system, allowing it to be the system that it is intended to be. Control may include such sub-components as policies, procedures, rules, guidelines, etc. What is significant about this representation is that should any of the components break down, the system becomes dysfunctional, i.e., it does not continue to operate properly, if it, indeed, operates at all. It is under this umbrella that Sysop performs his major tasks, recognizing that his BBS, in its entirety, is, indeed, an information system. As a result, the Sysop is also in the "construction" business, i.e., he builds the framework and foundation from which his BBS (a system in the true sense of the word) operates. He recognizes that all components are necessary, and must perform as intended. He inspects the results, and makes adjustments accordingly. The Control mechanism represents the entire legal, social and economic environment under which the system performs. In order to adequately fulfill his role as an information resource manager, the Sysop needs to recognize the many aspects of the total system he operates. However, many of the aspects are beyond the scope of this document. As result, we shall examine the legal aspects only. The first of these involves a brief encounter with the methods by which users access the information system. Our first method is the INVITATION. In a legal sense, an invitation to participate in a BBS may be defined as an act by which the Sysop solicits or incites others to make use of his system for the purposes he intends. An invitation may also include an inducement on the part of the Sysop to others that provide them with a reasonable belief that the Sysop expects them to access his system. As the INVITER, in legal terms, the Sysop owes reasonable care to all of his lawful visitors. In fulfilling his role as inviter, the Sysop should be aware of at least three legal concepts: 1. The Attractive Nuisance Doctrine 2. The Nature of the Invitee (the person invited) 3. Trespass 1. Attractive Nuisance Doctrine ------------------------------- Briefly put, this doctrine deals with the perception of the BBS as being a source of danger or harm to children. The Sysop, as an inviter, is under a legal duty to take appropriate precautions to prevent injury or harm to the children who he knows can or will access his system, or the children who will be attracted to access his system. A Sysop should consider this doctrine if and when he invites others to visit by expressing or implying the availability of pornography or "adult-only" material available on his BBS. 2. Nature of the Invitee ------------------------ The law defines an invitee condition when the following conditions are met: a. The visitor entered by invitation; b. The entry itself is connected with, in this instance, the BBS or connected with what the Sysop permits to be conducted on his BBS; and, c. Both the invitee and the Sysop derive a benefit, or, more importantly, just the Sysop derives a benefit from the invitation. Legal experts are in basic agreement that if and when the Sysop encourages others to access his system, particularly if it is intended to further the Sysop's own purposes -- as both hobbyist- and business-type-systems tend to do -- that the Sysop has exercised reasonable care to make the place safe and secure for all who visit. 3. Trespass ----------- Trespass provides for some interesting implications. The courts have generally interpreted trespass to be an "unlawful interference with one's person, property, or rights." In view of a BBS, trespass may be regarded as any unlawful act that damages the system itself, the reputation of the Sysop, or the reputation (or even the property, i.e., computer) of the user. The unlawful act may include actual or implied violence, such that the result caused injury or harm to befall a person, a person's property, or a person's relative rights. Consider this should the Sysop cause damage to a user's property, etc., by causing or permitting something harmful to be encountered by the user during the acceptance of the invitation. Of course, the same be said for the user as causing harm to the Sysop's, property, etc., during the exercise of the invitation. Our second alternative involving BBS access is the SUBSCRIPTION. Many of the concepts involved in an invitation are also encountered in a subscription access, with some important differences. A subscription is a contract. The Restatement of the Law of Contracts, Section 1, states that, "A contract is a promise or a set of promises for the breach of which the law gives a remedy, or the performance of which the law in some way recognizes a duty." The contract may be an express contract, in which both the Sysop and user demonstrate their mutual agreement through words, which may be either written or spoken. In addition, the contract may be implied-in-fact, in which both the Sysop and user demonstrate their mutual agreement based upon their conduct. In many instances, the act of inviting users to subscribe, i.e., pay for, a subscription BBS presents a clear intention on the part of the Sysop to contract. This is referred to as an "invitation to trade." This special type of invitation may be accepted in one of several way. A common approach is referred to as the "deposited-acceptance rule." Under this rule, an offer is considered accepted the moment the user, for example, places his acceptance into the same or better channel of communication as used by the Sysop to place the offer. The offer is considered accepted as soon as the acceptance leaves the control of the user. This may include the mailing of a check, or the sending of a message. Our third, and final access alternative is the LICENSE. A license is defined as the permission by a competent "authority" for someone else to do something, which, without such permission, would be illegal, a trespass, or a tort. This alternative is typical in many situations, though it may not be recognized as such. However, it is particularly appropriate in a network configuration. Under the network approach, a Sysop is granted "permission" to access another BBS system directly, for the purpose defined by the "license agreement." Such purposes typically include the exchange and transfer of mail and messages. The license agreement usually contains a set of procedures or guidelines that define the boundaries and policies of the network, and, in a sense, govern the manner in which the network is operated and accessed in at least an administrative sense. Violations of this agreement by a licensee may serve cause for the administrators of the network (the licensors) to seek various remedies. However, at least one area that is a bit muddy in a license arrangement for network access is the issue of liability, i.e., as pertains to the effects of malfeasance on the part of one network node and the exposure of the other network nodes. Some questions that arise include: a. Is the liability of one node assumable by another node? b. Are there possible or potential class actions that the network and nodes are exposed to? c. How does an identity relationship define the extent to which a node may lose its unique identity and be classified as merely a member of an overall networked system? For example, how does the user perceive the node's identity? Is it considered an individual BBS? Is it merely one area of contact, whereby one node is merely an extension of the overall network system? Or, something in between? In this regard, the Sysop's view and the user's view may not converge. In other words, is the node truly a node? Or is it merely an individual BBS that happens to be temporarily "plugged into" a larger structure or configuration? And, of course, what is used to define that structure and/or configuration? THE RESOURCES ------------- Now that we have briefly examined the idea of the Sysop as an information resource manager, we need to take a brief tour of those resources which the Sysop is managing. Our first resource is SOFTWARE. For legal purposes, software is defined as "the collection of materials that contains, expresses, and explains a computer program." This definition includes a program in machine-readable form contained on magnetic media, the printouts containing the source and object code, the programmer's notes and working papers, and the user manual. The rather unique nature of software has been a constant source of problems for the courts, who can't seem to decide consistently whether software is tangible or intangible, or something in between. If it is tangible, it is covered by the Uniform Commercial Code; otherwise, it is not. To date, the courts have defined software as tangible for some purposes and intangible for others, with different courts sometimes adopting conflicting positions. Another source of confusion is whether software is considered an artistic expression, something like a book, or a product of an engineering process. The courts seem to continue to have trouble deciding how to regard the process of software development. The result has been much debate and confusion over copyright and patent protection of software. In spite of these issues, computer software is still regarded by law as property that can be owned and transferred, like any product. Software is categorized as intellectual property since it is the result more of mental effort rather than a manufacturing process. However, additional confusion will no doubt ensue as the field of computer-assisted software engineering proliferates. It is important for Sysops to understand the nature of software and the various methods available to protect this resource. It is important because, in many instances, the Sysop is regarded as the provider and guardian of software stored in his BBS. In addition, many Sysops themselves are software authors. (In the world of the BBS, we call them "shareware" authors, among other things.) The owner of software has the exclusive right to control and use the software he produces. Any infringement of this right can be stopped through legal means. However, a software author will not make any money from his software unless he gives up some control. The author gives up control in one of two ways: 1. By the assignment of rights 2. By license On the one hand, it may be rather easy to determine who owns a particular piece of software. Let's say that you are unemployed or self-employed, and you develop a program entirely by yourself, in your own home. Here, it is clear who the owner is. However, if your friend is helping you with the programming, it is no longer so clear that you are the sole owner. There is an interesting sideline in the BBS arena. Many software authors use a select group of systems (and, therefore, other Sysops) to test and validate software. Some of these test sites respond by providing alternatives for program operation and ideas for additional features. Such enhancements and ideas may only serve to confuse the ownership issue, particularly if they are in writing and are well-documented, and are included in the finished product. Simple acknowledgments may not suffice for attributing possible or potential ownership rights. The key is that the particular method of expression is what is potentially copyrightable, not the ideas themselves. So, if a test site actually writes changes, such may be considered the expression of the ideas. In order to prevent possible problems, all agreements and understanding need to be defined and agreed to BEFORE a project commences. Here is where the assignment of rights and licenses come into play. The assignment of rights transfers all rights in the software to someone else. This can be done either by selling the software outright, for a price, or through a royalty arrangement. License for use, on the other hand, does not involve the transfer of ownership rights, but rather only the rights necessary for a more restricted purpose. Such purpose include the use of the software, under possible specific constraints. As such, the owner does maintain all of the rights that are not specifically granted or transferred by the actual license agreement. The ownership of software also concerns the right to protect against the infringement of rights. At times it may be suggested that this may be viewed to be more of an obligation rather than a right. However, in the legal sense, it is a right because no one else may intervene and do it for the owner. There are four methods that are used to protect software ownership: 1. Trade Secrets 2. Copyrights 3. Trademarks 4. Patents TRADE SECRET: this area of the law protects the information, devices, and processes that give the owner a competitive advantage over those who don't know what the owner knows about something. With software, this is usually applied during both the development and marketing stages. However, in order to be considered for a trade secret, the software needs to contain some unique aspect. A unique aspect is usually some method or group of methods that may be considered unique to the program's functioning. Some of the other items that may be subject to the trade secret include: customer lists, testing results, and even the names of the programmers who developed the program. COPYRIGHT: whereas trade secrets typically protect commercial ideas, regardless of the manner in which they are expressed, copyrights protect only the expression of the ideas, and not the ideas themselves. Before software can be copyrighted: a. it must be expressed in a tangible form b. it must be an original work by the author c. it must not be part of the public domain In this latter case, there are two ways in which software falls into the public domain: a. intentionally b. through negligence This negligence includes publishing the ideas without a copyright notice. It will remain in the public domain should the author not correct his error within five years from the date of original publication. Copyrights last for the life of the author plus 50 years. However, if the expression of ideas is classified as a "made for hire" work, the copyright lasts for 75 years from the date of first publication. If an owner can prove that someone infringed on his copyright, then he can take the violator to court, but ONLY IF the copyright is a registered copyright, i.e., on file with the Library of Congress. TRADEMARK: this is a word, symbol or phrase that is used to identify a product and that which sets it apart from other products. Yet, not every word or phrase or symbol qualifies for a trademark. Words, symbols or phrases that are deemed to be "of general use" that describe the nature of a product generally do not qualify. For example, recent concern over the possibility of applying a trademark to the term "shareware" may be successfully contested since it would appear to represent a term "of general use" that describes the nature of a product, i.e., software obtainable via the BBS arena for a "nominal" registration fee. Another important aspect that pertains to trademarks is that software trademarks cannot be considered too generic or too universally descriptive either. To establish a trademark, you select a name, but also make sure that the name is not being used by someone else. Yet, duplication of names may be permitted in certain instances, provided, for example, that confusion does not result, and/or the products are in different industries. Then, there's the LAW OF UNFAIR COMPETITION. These "laws" are defined on the state level, not the federal level. They protect honest business people from unscrupulous competitors, and also protect the general public from "intentional" deception. There are times when such laws may be applied in situations where one cannot apply the federal laws of trade secret, copyright, trademark and, of course, patent law. PATENT: of all of the various methods to protect one's property, patent law does provide the best protection. If one holds a patent, it is applicable for 17 years. Within this period, no one can duplicate you "creation." Unlike the other protection methods, patents protect against what is called "independent development of an invention." Regardless of whether someone else knows about the idea or not, if a person has a patent, the invention cannot be duplicated. But, there is a kicker: many, if not most, computer programs are not eligible for a patent. According to the Patent Office, you cannot patent something that is "based either on the laws of nature or upon mental processes." Computer programs contain algorithms -- mathematical formulas -- which are mental processes, and, therefore, may not be patentable. Yet, there are exceptions. The Supreme Court, in the Diamond v. Diehr case in 1981, stated that "programs may be patentable when they are an inseparable part of the process or device that is itself patentable." In addition, in 1981, Merill Lynch applied for and received a patent on their Cash Management System. (Most recently, Quarterdeck Software applied for and received a patent on their "windowing" product, DESQView.) There is another side of this coin. Programs on ROM chips are usually patentable since the program is considered part of the hardware (on the chip). But, such logic may be suspect because a program on ROM that may be replaced by a program on disk that is read into RAM, may not be patentable. The Patent Office states that a person cannot patent something "unless it is considered 'novel' or at least 'not obvious.'" Programs that are used to automate typical office functions previously performed manually, for example, generally do not qualify because the Patent Office does not consider them to be novel enough, or that they tend to be rather obvious. What about the methods available for distributing the software? There are several ways in which software may be marketed and distributed. As far as the BBS arena is concerned, the most prolific method is "direct distribution" to users. We are quite familiar with this method. But, what are the legal consequences involved, if any? Is a BBS that distributes software under any legal obligation? At first, one may respond, "Nope, no way." Yet, the issue may not be so cut and dry. Virtually all of the systems we are familiar with, for example, tend to designate a specific file area (directory) that contains "recent file uploads." These directories usually contain a "disclaimer" in the so-called "directory header" that states something like, "Untested" or "Not yet tested." One system that this writer observed had the following statement in the upload directory's header: "Programs in this directory have not yet been tested by the Sysop." What is interesting about this scenario is that rarely do we see, if at all, such a disclaimer in any of the other file areas (directories) on a BBS, i.e., the "download" directories. As such, there may very well be a legal implication in that the files in all of these other directories have, indeed, been tested. If there is an implied nature of having been tested, it might also be reasonable for the user to infer that such "tested" files pose no threat and/or will cause no problem. The next question is whether the Sysop is under any legal obligation to test all programs. Probably not. Yet, if the Sysop is making either an express or an implied statement that files in all of the download directories have been tested, there very well may be a legal obligation. Such a condition may be deemed to at least imply a difference between the files in the upload directory and those in the download directories. A reasonably prudent user may, therefore, believe that the Sysop is providing, if not an express warranty (or suitability), then possibly an implied warranty regarding the condition of the files available. Sysops generally recognize that reasonable care must be exercised whenever one downloads a file. However, many users are not Sysops, and will tend to be viewed as having less experience and expertise in such matters. Sysops must not assume that their users are well-versed in proper data security and integrity matters. In addition, Sysops, as mentioned earlier, are providing a service through some method of invitation, subscription, or license. As such, they may be under a legal obligation to ensure that the environment is safe and secure for all visitors. The key here is that Sysops need to protect all of their visitors from not only all dangers that the Sysops already know about, but also from dangers that, should the Sysops exercise reasonable care, they will discover. If a Sysop expresses or implies that files are tested, then it may be reasonably expected that such a procedure will uncover problems. As a result, the Sysop may be legally responsible for such an express or implied "warranty" regarding the files stored on and accessible through his BBS. OUTSIDE FORCES -------------- At this point in our tour of the forest of computer law, it is appropri- ate to devote a brief period to a discussion pertaining to taxes, and how they may impact the nature of your BBS, particularly if you are also a shareware author. Beginning in the 1985 tax year, the government began to tighten the screws a bit. First of all, there were new tax laws that limited the eligibility of home computer owners to take deductions for their home systems. If a person operates a separate business from his home, even if it is just a sideline to his regular job, he can still deduct all or part of the cost of the computer and of the supplies required to maintain and use it. But, deductions cannot be taken by employees who buy computers to do work they take home from the office, unless the computer is required by the employer. Computers and their associated expenses are precluded from any tax benefits for those people who operate their BBS as a hobby. The laws also crack down on mixed business and personal use of home com- puters. If you fall into this category, you must keep a log of computing time spent on different activities. Logs may be kept either manually or compiled by the computer. However, you will have to certify, in writing, that you are keeping the log. If you are audited, the IRS will request to examine your log. If everything is not in proper order, your deductions could be disallowed and penalties may be imposed. One additional items regarding taxes deserves mention -- that of sales taxes, particularly if you are a shareware author. When you sell your software, you may have to collect sales taxes from the buyers. There has been a lot of legislation, and many lawsuits, over the last several years concerning both sales and use taxes. State laws still vary a bit on whether to impose sales and use taxes on computer software, although the trend is toward a more uniform treatment of the issue. You are advised to consult an attorney, or your appropriate state agency, to learn about the rules in your own state. MAIL AND MESSAGING ------------------ We have now arrived at a very important juncture in the forest, that which concerns the next major resource that must be managed by the Sysop -- what one Sysop has called, "Our Information Bases," i.e., electronic mail and messaging. We shall examine this resource in a manner that is consistent with the Sysop being an information resource manager, and that views the BBS as a true information and communications medium. Not only is electronic communication growing faster than the traditional media of "publication," but also this mode of delivery is bringing the press, journals, and books into the electronic world. One question raised by these changes is whether some social features are inherent in the electronic character of the emerging media. Are electro- magnetic pulses simply an alternative conduit to delivery of whatever is wanted, or are there aspects of electronic technology that make it dif- ferent from print -- more centralized or more decentralized, more banal or more profound, more private or more government dependent? The electronic transformation of the media occurs not in a vacuum, but in a specific historical and legal context. Freedom for communication has been one of our proudest traditions, but, just what is it that the courts will protect, and how does it differ from how the courts will act when the media through which ideas flow are computers? What images do policy makers have of how computers work? How far are these images valid? What will happen to these images when the facts change? In each of the three parts of our communications system -- print, common carriers, and broadcasting -- the law has rested on a perception of tech- nology that is sometimes accurate, often inaccurate, and which changes as slowly as technology changes fast. Each new advance in the technology of communications disturbs a status quo. It meets resistance from those whose dominance it threatens. Initially, because it is new, the invention comes into use in a rather clumsy form. Technical laymen, such as judges and politicians, perceive the new technology in that early, clumsy form, which then becomes their image of its nature, possibilities, and use. The perception becomes an incubus on later understanding. The courts and regulatory agencies in our system enter as arbiters of the conflicts among entrepreneurs, interest groups, and political organiza- tions, all battling for control of the new technology. These arbiters, applying the familiar analogies from the past to their lay image of the new technology, create a partly old, partly new structure of rights and obligations. The legal system thus invented may in some instances be a tour de force of political creativity, but in other instances is much less worthy. In many instances, the system thus created turns out to be inappropriate to the more habile forms of the technology that gradually emerge as the technology progresses. Yet, within this context, and within the boundaries applicable to our BBS environment, two important legal issues are ever-present: libel and pri- vacy. (NOTE: A detailed discussion of libel is beyond the scope of this paper. However, it is the subject of a subsequent paper due out in approximately one month.) Libel, in it most fundamental form, deals with injury done to a person's reputation via the written word. Any study of libel will create a picture in the mind of the observer -- one that is heartening and at the same time appalling. We are heartened by the trend in law toward more freedom to speak out, particularly on public affairs. However, we are appalled by the possible use of that freedom to wreck havoc on an innocent person's reputation. There is no question that the danger of abuse exists, and that the BBS arena provides a forum that may be used to proliferate the potential for abuse. The New York Times rule arms the irresponsible as well as the re- sponsible "journalist" with a weapon of awesome power. The privilege of "publishing" is constantly being expanded. Fair comment is becoming easier and easier to invoke. Malice is harder and harder to prove. Undoubtedly, some people misuse their power. Untruths can lead to per- sonal injury; misstatements of facts do result in the adoption of unwise policies. Good people are sometimes maligned and bad people do sometimes prevail. Without question, writers, journalists (and Sysops) who want to destroy a person may have a good chance of doing so and getting away with it. But, the trend toward freedom must be considered in proper legal con- text. From its beginnings, the law of defamation has evolved by the balancing of conflicting interests -- the interest of the individual in the protec- tion of his reputation, the interest of the writer in communicating facts and ideas to his readers, and the interest of the public in information. However, we are not home free just because we may decide to erect a de- fense against libel. There is a growing trend in law that poses increas- ing dangers: the concept of privacy. Privacy of personal information, far from being an esoteric, intangible issue, is one that could significantly change your BBS operation. When it does, its effects will be felt throughout the BBS community. Information about a person is at the hear of the problem. Because of the special nature of personal information, it may be looked upon as having a new status. The most important attribute of this new class of data is that it may no longer be fully under your control. Underlying most of the privacy legislation is the realization that the individual has a propri- etary interest in this information. You cannot unilaterally decide what to do with it. Society, and the law, are there, leaning over your shoul- der, each and every time you access or use someone's personal informa- tion. Modern technology seems to be exhibiting all of the foibles that its de- tractors had hoped for. The result: a somewhat skeptical public. Users may have legitimate concerns about the amount and quality of personal in- formation you maintain in your system, and what you are doing with it. What seems to be more and more apparent is the reticence on the part of users to take part in an arrangement where they feel that the information collection process is infringing on their privacy. What happens if and when a user is dissatisfied with the way you are treating their informa- tion? You need to get personally involved, and unless you address the problem head on, you may end up fighting it out in court. Information is power. The leverage provided by information can be demon- strated in many ways. Therefore, a simplistic rule is that the more in- formation you have about someone, the more power you have over them. Of course, running contrary to this is the issue of privacy -- often viewed as diminishing one's power. Adding this all up, what it means is that more and more the individual is being perceived as a passive source of information for the automated sys- tem. With each new development or application put in place for the good of individuals will also come an assault on their personal freedoms. All of this represents new challenges to our current concepts and controls for privacy. A simple story will emphasize the point. Back in September, 1985, one of the computer trade journals, COMPUTERWORLD, reported the following: In an effort to identify people who fail to file tax returns, the Internal Revenue Service is matching its files against available lists of names and addresses of U.S. citizens who have purchased computers for home use. The IRS continues to seek out sources for such information. This information is matched against the IRS master file of taxpayers to see if those who have not filed can be identi- fied. Individuals who purchase computers for home use tend to represent a seg- ment of the population that may be classified as middle- to upper-class. In addition, the IRS wishes to "monitor" the deductions taken by these people. This plan raises a great deal of concern among privacy advocates who fear that this method of information-gathering, while perfectly legal, may dangerously increase IRS capabilities and put citizens in jeopardy of government investigation solely because of unverified life-style data supplied by third parties. As a Sysop, you maintain user files. Who is to say that the IRS will not approach you and somehow obtain your user-file data? What would you do? What may other, less scrupulous Sysops do? The right of privacy has been defined as the right to be let alone; the right of a person to be free from unwarranted publicity about his per- sonal life; the right to live without unwarranted interference by the public regarding matters that the public has no need to know. Victor Fredericks, a noted privacy expert, refers to the right of privacy as a principle designed to fill the breach in social justice formerly oc- cupied by the horsewhip. Though somewhat melodramatic, this description does provide a rather clear indication of the origins of privacy. Many Sysops have the presence of mind to compare their system with freedom of the press -- or at least with the rights inherent in publication. A little history, however, may provide a rather interesting parallel. It was not until the year 1890, when so-called yellow-journalism, with its sensationalized human interest stories, obsession with gossip, sex and murder, and unrestrained emotional advertising, was dominating the American press. At that time the privacy doctrine was given its philo- sophic underpinnings. The authors of the doctrine were Charles Warren and Louis Brandeis. They wrote a brilliant article in an early edition of the Harvard Law Review. Their thesis was that all the cases which they col- lected could be rationalized only through a privacy doctrine and they vigorously contended that public policy required a forthright recognition of a right to privacy. To buttress their argument, they criticized the press and, among other, things wrote: The press is overstepping in every direction the obvious bounds of propriety and decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade which is pursued with industry as well as effrontery. To satisfy a prurient taste, the details of...relations are spread broadcast in the columns of the daily paper. To occupy the indolent, column upon column is filled with idle gossip which can only be procured by intrusion upon the domestic circle. Sounds all too familiar. The full impact of this article was not felt for over half a century; but no law review article has had a greater cumula- tive effect on the law. The dangers we face are not of an electronic nightmare, but of human er- ror. It is not computers but policy that looms as a threat to freedom. The regulation of electronic communication is not entailed in its tech- nology, but is a reaction to it. THE PROFESSIONAL SYSOP ---------------------- The ranks of BBS service providers are expanding rapidly. Since a Sysop is a provider of computer services and products through his BBS, he is perceived by many to be a computer professional, or at least some sort of computer specialist. As such, the Sysop needs to be familiar with the circumstances under which he could be exposed to legal liability, and how he may limit that exposure. For subscription Sysops and for shareware authors, giving people their money back when they are dissatisfied with your product or your service may be a relatively minor concern. For all Sysops and authors, however, a much more potentially serious problem is the possibility of being forced to compensate a user for losses or injuries. There are four important legal conditions under which you might be con- sidered liable for a user's loss or injury: 1. Breach of warranty 2. Breach of contract 3. Ordinary negligence 4. Professional negligence (malpractice) Let's look at each of these briefly. What is breach of warranty? A warranty is a promise that a fact or state- ment about a product will turn out to be true. Warranties are governed by the Uniform Commercial Code, adopted in all states except Louisiana. The UCC-governed warranties apply only to the sale of goods, not to any pro- visions of services. How does breach of warranty effect you as a Sysop? If you are a shareware author, its implications are rather clear. How- ever, many of the BBSes carry a "For Sale" conference, where all sorts of products are offered to member of the public. Should you, by an express or implied statement, condone, sponsor or cer- tify the validity of legitimacy of items posted in your "For Sale" conference, you may share the liability along with the actual seller for breach of warranty. Custom software may or may not fit under the UCC war- ranty, depending on how closely the transaction resembles a sale of pack- aged software and on the decisions of the courts of the particular state. There are different types of warranties, and they can lead to some seri- ous liability issues. Warranties are either express or implied. Express warranties are promises made by the seller about the quality or characteristics of the product. For example, if you give a prospective customer a demonstration in which the program prepares a complete set of reports, or functions in a spe- cific way, there is an express warranty that the copy of the software purchased by the customer will do the same. For an implied warranty to be created, it is unnecessary for the seller to make a promise. Under the UCC, every sale of goods creates an implied warranty of merchantability. This warranty requires that the product per- forms as it would ordinarily be expected to perform. Another version of the implied warranty is the warranty of fitness for a particular purpose. This is created when a seller recommends a product as suitable for the buyer's needs. When a warranty is breached, the buyer can take legal action against the seller. Should consequential damages be involved, they can be quite high. (Note: We'll look at warranty disclaimers later. However, bear in mind that in several states, such disclaimers, particularly regarding soft- ware, may be precluded, i.e., may be disallowed regardless of their pre- sentment.) Our second legal condition, under which you might be considered liable for any loss to a user, is the breach of contract. When you are not sell- ing a product, UCC warranties do not apply. This legal theory is more ap- plicable to subscription systems, but even hobbyist systems may form the basis of a contract given that the four elements of a contract are present: a. offer and acceptance b. consideration c. legal competency of the parties d. legality of purpose If you are a Sysop, you should take care that your contracts do not con- tain vague promises that could be used against you in a dispute. You should also provide a detailed description of what is expected from you and your users. If you have any doubts, these doubts need to be communi- cated. Our third legal theory is ordinary negligence. Everyone needs to exercise reasonable care in his or her work. Careless mistakes can be the basis of a lawsuit. As long as you are reasonably careful in your role as a Sysop, chances are that mistakes or oversights will be forgiven. Last, but not least, is the legal theory of professional negligence, i.e., malpractice. If an injured party sues for professional negligence, the courts will not be so forgiving if you are found to be professionally negligent. Generally speaking, advice given and activities performed by certain pro- fessionals regarding their field of speciality are subject to a high standard of care. Up to now, for the most part, computer specialists as professionals were not held to a professional standard of care because at least two necessary elements in defining a professional for malpractice purposes were missing: 1. The computer professional did not have a standardized, well-defined body of knowledge that all members must know. 2. Examination and licensing procedures were not available. However, these missing elements are beginning to appear as part of the computer professional's stock-in-trade. For example, there are organiza- tions for shareware authors that claim to establish a standard of prac- tice for members; some computer professionals have become "certified." Colleges and universities are establishing a more standardized curriculum for computer studies. All of this may not necessarily lead to actual li- censing of all computer professionals, but it needs to be viewed as a step for creating a professional for legal purposes. Regardless, computer professionals do have knowledge and skills that other people do not have. Customers, clients, users often know little about computers, software, services, and such. They tend to rely on the advice of the computer specialist. Under such circumstances, the courts may begin to impose malpractice liability upon the computer professional. At the very least, all Sysops should be prepared to be held to a higher standard of care in their efforts than the ordinary person. This view is suggested because it appears likely that the courts will expand the con- ditions of liability in the electronic arena in the future. THE JOURNEY'S END ----------------- As we approach the end of our journey through the forest of computer law, we are left to address the means by which you can take appropriate steps to, if not eliminate entirely, at least substantially reduce your poten- tial exposure to liability. Here are some suggestions of the methods that are available to you. Quality Control --------------- Indeed, the best way to avoid legal liability is to make sure that noth- ing goes wrong in the first place. If you claim to maintain the privacy of private messages and of user data, you had better do just that. If you claim to monitor all conferences for inappropriate or illegal communica- tions (posts), you may need to be able to demonstrate that that is ex- actly what you do. If you claim, either expressly or by implication, that you test all programs uploaded to your system, you need to make sure that you do so. If you claim to verify the authenticity of all users, it may be something that you need to do. You will not have to worry about law- suits if there are no problems with what you do or with what you promise or imply that you do. Promises -------- Do not make promises that you cannot or will not keep. If you make a statement about results or conditions, it could be interpreted as a con- tractual obligation, or, if it involves a product, that you are express- ing or implying a warranty. If you advertise certain capabilities, you may be held bound by express or implied statements that you may not have really intended to make. Disclosure ---------- Disclose necessary information. There is little else that angers the courts more than a situation where an informed person has taken unfair advantage of an uninformed person. You may be held accountable for not only malpractice but also for fraud. Disclaimers ----------- To be effective, disclaimers have to be clear and conspicuous. If you put your disclaimers at the end of the manual, or off in some corner of your system, a court could consider them invalid. Disclaimers cannot be put just anywhere it is convenient, and especially not as an "afterthought," or as a "by-the-way." In addition, besides disclaiming warranties, Sysops should also disclaim responsibility for incidental or consequential damages. Remember that even if all warranties are disclaimed, you may still be sued for negli gence or malpractice. CONCLUSION ----------- We have arrived. Our brief journey is ended. We have explored a new con- cept in the nature of being a Sysop: you are an information resource man- ager. We have seen some of the resources under your tutelage. We have re- viewed the major methods available to protect intellectual property, and the best means for allocating and disseminating your software and your services. One final thought: In some times and places, the capacious new media will open wider the floodgate for discourse. But, in other times and places, in fear of that flood, attempts will be made to shut the gates. What will you words and actions do -- open the gates, or close them? X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: NIRVANAnet(tm) & the Temple of the Screaming Electron Jeff Hunter 510-935-5845 Salted Slug Systems Strange 408-454-9368 Burn This Flag Zardoz 408-363-9766 realitycheck Poindexter Fortran 415-567-7043 Lies Unlimited Mick Freen 415-583-4102 Tomorrow's 0rder of Magnitude Finger_Man 415-961-9315 My Dog Bit Jesus Suzanne D'Fault 510-658-8078 Specializing in conversations, obscure information, high explosives, arcane knowledge, political extremism, diversive sexuality, insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS. Full access for first-time callers. We don't want to know who you are, where you live, or what your phone number is. We are not Big Brother. "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X