DeCSS case may have legal ramifications for Web hyperlinks beyond the realm of multimedia or hacking.
Judge Kaplan's decision in the DeCSS case may have legal ramifications for the use of hyperlinks, an essential characteristic of publishing content on the Web. The judge has established a three-part test to serve as guidelines for appropriate use, but critics are dissatisfied with the criteria.
One issue, which primarily concerns journalists, is whether and how the decision will impair their ability to report the news.
"Hyperlinks are the engine of the Web, allowing rapid connections to be made between people and information," reads a friend of the court brief filed in the case, on behalf of a number of major news organizations. "Without hyperlinks, the Web's extraordinary ability to facilitate the rapid, global dissemination of information would be severely impaired."
But it's not just journalists who are concerned. Web-site owners worry that they may place themselves in legal jeopardy if they put links on their site.
A Three-Part Test Early in the case, the MPAA sought and received a preliminary injunction from Judge Lewis Kaplan, restricting the defendants from posting the DeCSS software on their sites.
Later, when Kaplan issued his final decision on the case, he ruled that 2600 had distributed the DeCSS software in violation of parts of the DMCA, which prohibit trafficking devices that circumvent encryption. As such, Kaplan permanently prohibited 2600 from posting the program on its site.
But Kaplan didn't stop there. The judge, writing that posting the software and linking to another site that posts it is "very much the same thing," also forbade the magazine from linking to other sites that host the program.
Here, the judge knew he was walking on dangerous ground, potentially limiting the defining characteristic of the Web. "The possible chilling effect of a rule permitting liability for injunctions against Internet hyperlinks is a genuine concern," he wrote in his decision.
So he set out a three-part test. "There may be no injunction against, nor liability for, linking to a site containing circumvention technology," he wrote, "absent clear and convincing evidence that those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not lawfully be offered, and (c) create or maintain the link for the purpose of disseminating that technology."
Essentially, Kaplan's decision requires an analysis of intent. Under his model, it's OK for an academic running a cryptography Web site or for the New York Times to link to a site that has the DeCSS code, because their reasons are purely academic or journalistic. But 2600, Kaplan believes, links to the code for the purpose of disseminating a tool so people can break encryption--and under the DMCA, that's illegal.
That's the move that's raising critics' hackles. It's dangerous, they say, to assign intent to such a fundamental feature of the Web.
"I think what's troubling here is that we had a court who jumped the gun and created a test," said Jonathan Hart, an attorney with Dow Lohnes and Albertson, at a panel discussion on linking held in early June. "We had a judge who was mad as hell at someone who was flouting his authority, and entered a bad judgement."
But Kaplan does have his supporters. "It was not an attack on linking," said panel member and MPAA attorney Charles Sims. "There is a difference between speech, which provides information to the public, and providing them with an unlawful tool."
Another problem critics have with the ruling is being raised thanks to persistent efforts on the part of 2600 to test the limits of the law. After Kaplan forbade the magazine from linking to sites that posted DeCSS, the editors changed their page of links to a simple list of Web addresses. The addresses weren't links, but still provided the explicit locations of where to find the program. This list isn't prohibited by the decision, and critics say it points out the silliness of Kaplan's ruling.
"I can't imagine that there is any constitutional difference between a reader copying that Web address into the browser or clicking on a link," said Hart. "The mistake that the judge made was to look at a link as functional, rather than expressive, because it's just a pointer."
The legal issues surrounding linking go beyond the DeCSS case. Businesses may soon find themselves on the receiving end of lawsuits because of site links. "One of these days, there is going to be a case where one person sues another because they don't want them linking to them," said panel member Carl Kaplan, a lawyer and Cyber Law columnist for the New York Times.
With the DeCSS case currently under appeal, the eventual decision will ultimately say a great deal about the legal limits of linking. Other risks and issues probably won't be resolved until a legal action tests them.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.