Overview of Policy Issues

• Current Policy Status
• Information Management
• Training Requirements

• Telecommunications Act and the CDA
• Communications Decency Act of 1996
• Child Online Protection Act (1998) (47 U.S.C. 231)
• Children's Internet Protection Act (Pub. L. 106-554)
• Copyright and Fair Use
• Electronic Communications and Privacy Act of 1986
• Institutional Records - FERPA, E-Mail
• Children’s Online Privacy Protection Act
• Computer Fraud and Related Activities

Current Policy Status

• World-wide connectivity and communication
• Anarchists versus Control Freaks - what rules apply?
• Money can be made!
• Netscape - largest initial public offering to date (9/95)
• Yahoo - 2 Stanford students - currently worth $83 billion
• Lycos - CMU and professor split $2 million
• Lehigh Student Examples
• Student run porn site charging $10/week or $100 per year with 230,000 accesses in 2 months
• Students leaving to become Internet Service Providers
• Connectivity & Communications
• Newspaper Headlines - July 1998
• "Librarians forced into police role"
• "Student suspended for cyber threat"
• "X-Rated e-mail: Web pornography a money-making nuisance"
• "Students face expulsion for computer threats"
• "Senate okays ban on Net gambling"
• Hacked Web sites
• Live Birth on the Internet
• www.ourfirsttime.com
• "Sexy Internet site has NYU officials seeing red"
• Internet Gambling
• Networks seen as electronic playgrounds
• Rules still in formative stages - commercial vendors still formulating policy
• Internet rules are not consistent (First Amendment is a local ordinance)

• Legal Liabilities
• Censorship
• Copyright & Fair Use
• Security

• Computers seized:
• at a northeastern university for distributing alleged child pornography
• at a Texas university based on copyright law (a felony to distribute copyrighted materials)
• Playboy wins $500,000 settlement from a copyright infringement lawsuit

• Do institutions have the right to censor information placed on their computers?
• Should standards be set for topics discussed?
• Answers vary by institution
• Institutions can delete messages and limit type of speech in public forums
• Clear, concise policy statement needed
• Censorship - examples
• Brigham Young monitors web sex sites. Access considered a violation of school's honor code
• Prohibit obscene or harassing messages in Policy statement
• Alt News groups unavailable for a variety of reasons.

• Fair Use vague on purpose
• Fair use guidelines
• Incorporate into policy
• Post notices on site
• Remove offending materials promptly

• Security Breach - Computing Center becomes detective bureau
• Legal issues impact entire institution
• Establish expectation of privacy (or lack thereof) - files, e-mail

• Train faculty, staff, and students on legal and ethical issues
• Provide faculty training on current issues
• Place policies on-line and include in student packets

• Telecommunications Act and the CDA
• Child Online Protection Act (1998) (47 U.S.C. 231)
• Children's Internet Protection Act (Pub. L. 106-554)
• Copyright and Fair Use
• Privacy and the ECPA
• Institutional Records - FERPA, E-Mail
• Children’s Online Privacy Protection Act
• Computer Fraud and Related Activities

• Amendments and repeals to the Communications Act of 1934
• Title I: Telecommunication Services
• Development of Competitive Markets
• Bell Operating Company Provisions
• Title II: Broadcast Services
• Broadcast Spectrum Flexibility
• Broadcast Ownership
• Direct Broadcast Satellite Service
• Title III: Cable Services
• Cable Reform Act
• Cable Services Provided by Telephone Companies
• Title IV: Regulatory Reform
• Title V: Obscenity and Violence
• Communications Decency Act of 1996
• Violence - Parental Choice in Television Programming
• Expedited Judicial Review
• Title VI: Effect on Other Laws
• Title VII: Miscellaneous Provisions

• Mostly Intact!
• Four Clauses Unconstitutional
• Obscene or Harassing Use of Telecommunications Facilities
• Scrambling of Sexually Explicit Cable TV
• Coercion and Enticement of Minors
• Online Family Empowerment

• Obscene material is not protected under the First Amendment "Obscene materials have been denied the protection of the First Amendment because their content is so offensive to contemporary moral standards." FCC v. Pacifica Foundation 438 U.S. 726 (1978).
• Indecent material is protected under the First Amendment "Though prurient appeal is an element of obscene, it is not an element of indecent, which merely refers to nonconformance with accepted standards of morality" FCC v. Pacifica Foundation 438 U.S. 726 (1978).
• Obscenity: Miller v. California 413 U.S. 15 (1973)
• the average person, applying contemporary community standards, would find that the work, taken as a whole, appeals to the prurient interest (def: "a shameful or morbid interest in nudity, sex, or excretion, which goes substantially beyond customary limits of candor in description or representation of such matters and is matter which is utterly without redeeming social importance.")
• depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law
• the work, taken as a whole, lacks serious literary, artistic, political, or scientific value
• Third Circuit Court of Appeals 6/11/96
• "223(a)(1)(B) and 223(a)(2) of the CDA are unconstitutional on their face to the extent that they reach indecency."
• The term "telecommunications device" in 223(a) does not include "the use of an interactive computer service"
• 47 U.S.C. 223(a) Whoever -- (1)(B)(ii) initiates the transmission of, any comment, request, suggestion, proposal, image, or other communication which is obscene or indecent, knowing that the recipient of the communication is under 18 years of age, regardless of whether the maker of such communication placed the call or initiated the communication; . . .
• 47 U.S.C. 223(a) Whoever -- (2) knowingly permits any telecommunications facility under his control to be used for any activity prohibited by paragraph (1) with the intent that it be used for such activity.
• "223(d)(1) and 223(d)(2) of the CDA are unconstitutional on their face."
• 223(d) applies to "the use of an interactive computer service"
• 47 U.S.C. 223(d) Whoever -- (1) in interstate or foreign communications knowingly (A) uses an interactive computer service to send to a specific person or persons under 18 years of age, or (B) uses any interactive computer service to display in a manner available to a person under 18 years of age, any comment, request, suggestion, proposal, image, or other communication that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs, regardless of whether the user of such service placed the call or initiated the communication;
• 47 U.S.C. 223(d) (2) knowingly permits any telecommunications facility under such person's control to be used for an activity prohibited by paragraph (1) with the intent that it be used for such activity.
• U.S. Supreme Court - Justice Stevens 6/26/98
• "At issue is the constitutionality of two statutory provisions enacted to protect minors from "indecent" and patently offensive" communications on the Internet. ... we agree with the three judge District Court that the statute abridges "the freedom of speech" protected by the First Amendment."

• Online Family Empowerment - amends the Communications Act of 1934 by adding 47 U.S.C. 230 entitled "Protection for Private Blocking and Screening of Offensive Material"
• (c) Protection for "good samaritan" blocking and screening of offensive material.
• (c)(1) Treatment of publisher or speaker. No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
• (c)(2) Civil Liability. No provider or user of an interactive computer services shall be held liable on account of--
• (c)(2)(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected
• (c)(2)(B) any action taken to enable or make available to information providers or others the technical means to restrict access to material described in paragraph (1).
• Religious Technologies Center (Church of Scientology) v. Netcom 907 F.Supp.1361
• "Netcom now warns users against posting proprietary material and will investigate complaints from copyright holders, while removing questionable items." - Interactive Daily 8/8/96 (c) Phillips Business Information, Inc.
• "Section 230, however, plainly immunizes computer service providers like AOL from liability for information that originates with third parties." - U.S. Forth Circuit Court of Appeals 11/12/97 No. 97-1523 Zeran v. America Online, Inc.

• Prohibits making available material that is harmful to minors including: Obscene communications, pictures, images, …, recordings, writings, … or, that which:
• the average person, applying contemporary community standards, would find, taking the material as a whole and with respect to minors, is designed to appeal to, or is designed to pander to, the prurient interest;
• depicts, describes, or represents, in a manner patently offensive with respect to minors, an actual or simulated sexual act or sexual contact, an actual or simulated normal or perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female breast
• taken as a whole, lacks serious literary, artistic, political, or scientific value for minors.
• Philadelphia Federal District Court (February 1999) - issued an injunction preventing enforcement. Held that it was invalid because there is no way for content providers to prevent minors from harmful material on the Web without also burdening adults from access to protected speech.
• Third Circuit Court of Appeals (June 22, 2000) - finding unconstitutional on a different ground. "Because of the peculiar geography-free nature of cyberspace, [COPA's] community standards test would essentially require every web communication to abide by the most restrictive community's standards."
• Supreme Court …

• Restricts the use of Universal Service discount program (E-rate) funding
• Requires libraries and schools to have and enforce Internet safety policies that include technology protection measures -
• For minors, limiting access to visual depictions that are
• obscene;
• child pornography; or
• harmful to minors
• For adults, limiting access to visual depictions that are
• obscene
• child pornography
• Harmful to minors - any picture, image, graphic image file, or other visual depiction that:
• taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion;
• depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and
• taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors.
• Currently before District Court of Eastern Pennsylvania…

• Enacted in 1947
• Entirely revised in 1976 (Public Law 94-553)
• Amended by No Electronic Theft (NET) Act in 1997
• Amended by Digital Millennium Copyright Act (10/28/98)
• Chapter 1: Subject Matter and Scope of Copyright
• Section 106: Exclusive Rights in Copyrighted Works
• Section 107: Limitations on Exclusive Rights: Fair Use
• Chapter 5: Copyright Infringement and Remedies
• Section 501: Infringement of Copyright
• Section 504: Remedies for Infringement: Damage and Profits
• Section 506: Criminal Offenses
• Section 512: Limitations on Liability Relating to Material Online
• Chapter 10: Digital Audio Recording Devices and Media
• Chapter 11: Sound Recording and Music Videos

• Exclusive Rights in Copyrighted Works
• to Reproduce the Work
• to Prepare Derivative Works
• to Distribute Copies - sell, rent, etc.
• to Perform the Work Publicly
• to Display the Work Publicly
• to Perform Publicly via Digital Audio Transmission

• Fair Use: Factors to be Considered …
• Purpose and Character of Use (commercial or nonprofit educational)
• Nature of the Copyrighted Work
• Amount and Substantiality of Portion Used in Relation to Work as a Whole
• Effect of Use Upon Market for Work

"Anyone who violates any of the exclusive rights of the copyright owner ... or of the author ... is an infringer of the copyright or right of the author, as the case may be."

Copyright Law - 17 U.S.C. 504 - Remedies for Infringement: Damages - Infringer of Copyright Liable for Either:

• Copyright Owner's Actual Damages and Any Additional Profits of the Infringer
• Statutory Damages - not less than $500 or more than $20,000
• Willful Infringement - up to $100,000

• (a)(1) Willful Infringement for 'commercial advantage or private financial gain’ - financial gain includes receipt, or expectation of receipt, of anything of value, including the receipt of other copyrighted works (17 U.S.C. 101)
• (a)(2) reproduction or distribution, including, by electronic means, during any 180-day period, of 1 or more copies ... of 1 or more copyrighted works which have a total value of more than $1000
• Up to 5 Year Imprisonment (3 Yr (a)(2)) or Fine (10 or more copies w/ retail value over $2,500)
• Up to 10 Year Imprisonment (6 Yr (a)(2)) or Fine (second offense)
• Any Case: Prison up to 1 Year or Fine

• (c) Fraudulent Copyright Notice (with fraudulent intent, fine up to $2,500)
• (d) Fraudulent Removal of Copyright Notice (with fraudulent intent, fine up to $2,500)
• (e) False Representation (in copyright application) (knowingly makes a false representation, fine up to $2,500)

• Transitory Communications
• System Caching
• System Information at Direction of Users
• Limitation on Liability
• Nonprofit Educational Institutions
• Good Faith Disabling of Materials

• Playboy Enterprises, Inc. v. Frena (subscription bulletin board)
• Sega Enterprises, Ltd. v. MAPHIA (bulletin board system)
• Playboy v. Russ Hardenburgh, Inc. (bulletin board system)
• Recording Industry Association of America (RIAA) SOUNDBYTING Campaign "A Campaign to Protect Music on the Internet" www.soundbyting.com
• Software & Information Industry Association (formerly, SPA) http://www.siia.net
• Business Software Alliance http://www.nopiracy.com/

• Public Law 99-508
• Extends the Wiretap Act of 1968 to Electronic Communications "electronic communication'' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce 18 U.S.C. 2510 (12)
• Interception/Disclosure of Electronic Communications (18 U.S.C. 2511)
• Prohibited, except to:
• protect the rights or property of the electronic communication service provider (2)(a)(i)
• assist law enforcement (court order) (2)(a)(ii)
• assist law enforcement when information pertains to a crime and is obtained inadvertently (3)(a)(iv)
• with consent of one of the parties (2)(c) (2)(d)
• Offenses:
• Fine and/or Imprisonment up to 5 years

• Unlawful Access to Stored Communications (18 U.S.C. 2701) Whoever intentionally accesses without authorization a facility through which an electronic communication service is provided exceeds an authorization to access that facility
• fine to $250,000 and/or imprisonment to 1 year ($5,000 and 1/2 year - no commercial gain or damage)
• Disclosure of Contents of Stored Communications (18 U.S.C. 2702) - Provider of electronic communication service to the public shall not knowingly divulge the contents of communications stored by that service
• Exceptions as per 18 USC 2511

"A governmental entity may require the disclosure by a provider of electronic communication service of the contents of an electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant" 18 U.S.C 2703 (a)

• Over 180 Days: "A governmental entity may require a provider of remote computing service to disclose the contents of any electronic communication..." 18 U.S.C 2703 (b)
• if the governmental entity obtains a warrant
• if the governmental entity uses (i) an administrative subpoena or (ii) court order

• Educational Records (99.3)
• Annual notification of rights (99.7)
• Written prior consent required to disclose information (99.30)
• Directory Information (99.3)
• Educational record information not considered harmful or an invasion of privacy if disclosed.
• Includes, but not limited to, student's name, address, telephone listing, date and place of birth, major field of study, dates of attendance, and degrees and awards received
• An educational institution may disclose directory information if it has given public notice to parents/students of personally identifiable information it has designated as directory information. Parent's/student's have right to refuse to allow disclosure. (99.37)
• Policy Implications: Privacy, On-line directories

• "Office E-Mail: It Can Zap You -- In Court" BusinessWeek 6/8/98
• "Old e-mail doesn't fade away" MS-NBC 7/2/98

• Pertains to the online collection of personal information from children under 13 years of age
• Aimed at commercial web sites directed to children
• Aimed at general commercial web sites who acknowledge collecting personal information from children
• Verifiable Parental Consent – reasonable efforts
• Internal Uses – email, letter, or phone
• Public Disclosures
• Signed form via postal mail or fax
• Accepting and verifying credit card number
• Phone calls through toll-free number to trained staff
• Email accompanied by digital signature
• Exceptions allow collection of child’s email address
• To provide notice and seek consent
• To respond to a one-time request from a child (and then deletes it)
• To respond more than once (e.g., newsletter)
• To protect the safety of the child – parent must be notified
• To protect the security of the site or to respond to law enforcement
• Teachers may act in place of a parent in deciding whether to give consent

• Obtain Information pertaining to National Defense
• Offenses - fine and/or imprisonment up to 10 years (20 years for 2nd offense)
• Obtain Financial Records of a Financial Institution
• Offenses - fine and/or imprisonment up to 1 year (10 years for 2nd offense)
• Obtain Access to a U.S. Government Computer
• Obtain Access to a "Federal Interest" Computer
• exclusively for use by a financial institution or the U.S. Government
• non-exclusive use, but offense affects the operation of the financial institution or Gov.
• one of two or more computers used in committing the offense, not all of which are located in the same state
• Traffic in Passwords

• knowingly and with intent to defraud, accessing and obtaining anything of value (other than the use of the computer)
• accessing and alters, damages or destroys information (causing loss of $1,000 or more or modifying medical records)
• Offenses - fine and/or imprisonment up to 5 years (10 years for 2nd offense)

• Keystroke Monitoring - internal staff involved in hacking . . .
• Anonymous Mail
• Forged Mail/Identity
• Students in Business (using YOUR resources)
• Computer Break-in to Foreign Country
• Obscenity and Minors

• Key Elements of a Policy Statement
• Guidelines for Developing Policies
• Developing Policies with the Internet
• Training Requirements

Policy Information: "Policies on the Use of Computer Systems and Facilities" - Lehigh University Information Resources

Applies to ALL Users - Violators subject to:

Lehigh: "... possible disciplinary action under standard University rules for misconduct and existing judicial, disciplinary, or personnel processes."

Keep it General

... policies include, but are not limited to ...

... may be subject to ...

... the following types of ...

... perform acts which are wasteful of resources including ...

Include Legal Aspects / State and Federal Criminal Law

Lehigh: "Offenders may be subject to criminal prosecution under federal or state law, and should expect [IR] to pursue such action."

Include Copyright Law and Software Licensing Agreements

Lehigh: "You must abide by the terms of all software licensing agreements and copyright laws."

Privacy Statement - do you conform to the Electronic Communications Privacy Act of 1986?

Lehigh: "Should the security of a computer system be threatened, under the direction of the Vice Provost for Information Resources the system may be monitored and user files may be examined."

Who owns programs developed using Institutional resources?

Can Institutional resources (including network bandwidth) be used for commercial purposes or personal gain?

Lehigh: "These resources are not to be used for personal or financial gain that is unrelated to a valid university function."

Apply policy to any system connected to an Institutional resource

Only the Institution can grant access to Institutional resources

Lehigh: "You must not use a computer or network ID that was not assigned to you by Information Resources. ... External computer or network ID's must be authorized by Lehigh University."

Include Limits

Individuals Responsible for Own Actions

Lehigh: "Information Resources should be notified about violations of computer law and policies, as well as about potential loopholes in the security of its computer systems and networks."

Monopolizing Equipment/Wasting Resources - multiple processes, multiple systems, mass mailings, chain letters, printing copies, etc.

Lehigh: "You must not deliberately perform acts which are wasteful of computing or networking resources or which unfairly monopolize resources to the exclusion of others."

Reflect the Culture of the Institution

• Lehigh: "The following ... cannot be placed on any University-owned computer system or on any system connected to ... network resources:
• That which infringes on the rights of another
• That which is abusive, profane, or sexually offensive to the average person."

Make Users Acknowledge the Policy

Sign an Agreement

On-line Acknowledgement

• Draw from Existing Policies
• Draw from Existing Guidelines
• Search the Internet for Ideas

• Train ALL Users on Policy Issues
• Consider Enforcing Understanding of Policy Issues - e.g., no access to network resources until proven familiarity with policy