The CDA provides immunity from the acts of users of online providers. For example, if a user provides defamatory content in a comment, a blog need not remove the comment to be immune, even if the blog receives notice that the content is defamatory, and even if the blog knows the content is defamatory.

I agree with most of my colleagues who believe this statute is a good thing for the internet. Where I part ways from most of my colleagues is how broadly to read  the statute.

Since this is a post about statutory interpretation, I’ll include the statute:

Section 230(c)(1) of the CDA states that:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

In turn, an interactive computer service is:

any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.

Further, an information content provider is:

any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.

So, where do I clash with others on this? The primary area is when the operators of the computer service make decisions to publish (or republish) content.  I’ll give three examples that courts have determined are immune, but that I think do not fall within the statute:

1. Web Site A pays Web Site B to republish all of B’s content on Site A. Site A is immune.
2. Web Site A selectively republishes some or all of a story from Web Site B on Site A. Site A is immune.
3. Web Site A publishes an electronic mail received by a reader on Site A. Site A is immune.

These three examples share a common thread: Site A is immune, despite selectively seeking out and publishing content in a manner that has nothing to do with the computerized processes of the provider. In other words, it is the operator, not the service, that is making publication determinations.

To address these issues, cases have focused on “development” of the information. One case, for example, defines development as a site that “contributes materially to the alleged illegality of the conduct.” Here, I agree with my colleagues that development is being defined too broadly to limit immunity. Development should mean that the provider actually creates the content that is displayed. For that reason, I agree with the Roommates.com decision, which held that Roommates developed content by providing pre-filled dropdown lists that allegedly violated the Fair Housing Act. It turns out that the roommate postings were protected speech, but that is a matter of substance, and not immunity. The fact that underlying content is eventually vindicated does not mean that immunity should be expanded. To the extent some think that the development standard is limited only to development of illegal content (something implied by the text of the Roommates.com decision), I believe that is too limiting. The question is the source of the information, not the illegality of it.

The burning issue is why plaintiffs continue to rely on “development” despite its relatively narrow application. The answer is that this is all they currently have to argue, and that is where I disagree with my colleagues. I believe the word “interactive” in the definition must mean something. It means that the receipt of content must be tied to the interactivity of the provider. In other words, receipt of the offending content must be automated or otherwise interactive to be considered for immunity.

Why do I think that this is the right reading? First, there’s the word “interactive.” It was chosen for a reason. Second, the definition of “information content provider” identifies information “provided through the Internet or any other interactive computer service.” (emphasis added). This implies that the provision of information should be based on interactivity or automation.

There is support in the statute for only immunizing information directly provided through interactivity. Section, 230(d), for example, requires interactive service providers to notify their users about content filtering tools. This implies that the information being provided is through the interactive service.  Sections 230(a) and (b) describe the findings and policy of Congress, which describe interactive services as new ways for users to control information and for free exchange of ideas.

I think one can read the statute more broadly than I am here. But I also believe that there is no reason to do so. The primary benefit of Section 230 is a cost savings mechanism. There’s is no way many service providers can screen all the content on their websites for potentially tortious activity. There’s just no filter for that.

Allowing immunity for individualized editorial decisions like paying for syndicated content, picking and choosing among emails, and republishing stories from other web sites runs directly counter to this cost saving purpose.  Complaining that it costs too much to filter interactive user content is a far cry from complaining that it costs to much to determine whether an email is true before making a noninteractive decision to republish it. We should want our service providers to expend some effort before republishing.

Great art, or, let’s just say, more modestly, original art is never created in the safe middle ground, but always at the edge. Originality is dangerous. It challenges, questions, overturns assumptions, unsettles moral codes, disrespects sacred cows or other such entities. It can be shocking, or ugly, or, to use the catch-all term so beloved of the tabloid press, controversial. And if we believe in liberty, if we want the air we breathe to remain plentiful and breathable, this is the art whose right to exist we must not only defend, but celebrate. Art is not entertainment. At its very best, it’s a revolution.

The whole piece is thought-provoking.  Rushie likely isn’t talking about copyright, but I can’t help but read his rant against censorship in light of copyright’s omnipresent threat to those who would borrow in creating the new, and in light of copyright’s trivializing the idea of real originality. Rushdie again:

Consider, if you will, the air. Here it is, all around us, plentiful, freely available, and broadly breathable. And yes, I know, it’s not perfectly clean or perfectly pure, but here it nevertheless is, plenty of it, enough for all of us and lots to spare. When breathable air is available so freely and in such quantity, it would be redundant to demand that breathable air be freely provided to all, in sufficient quantity for the needs of all. What you have, you can easily take for granted, and ignore. There’s just no need to make a fuss about it. You breathe the freely available, broadly breathable air, and you get on with your day. The air is not a subject. It is not something that most of us want to discuss.

Imagine, now, that somewhere up there you might find a giant set of faucets, and that the air we breathe flows from those faucets, hot air and cold air and tepid air from some celestial mixer-unit. And imagine that an entity up there, not known to us, or perhaps even known to us, begins on a certain day to turn off the faucets one by one, so that slowly we begin to notice that the available air, still breathable, still free, is thinning. The time comes when we find that we are breathing more heavily, perhaps even gasping for air. By this time, many of us would have begun to protest, to condemn the reduction in the air supply, and to argue loudly for the right to freely available, broadly breathable air. Scarcity, you could say, creates demand.

I am tempted, of course, to repost the whole thing. But I know The New Yorker’s lawyers, and I know how they feel about copyright.

I’d bet all the money in my pocket that Sweat has not been paying attention to the media coverage of the long-term professional and financial damage that can be done by going to law school…

Ironically, Andrew Sweat didn’t get into Ohio State’s Moritz College of Law. The schools he did get into are decent enough, but they’re not at the top of the heap. The Columbus Dispatch reports that Sweat got into law school at Pittsburgh, Duquesne, West Virginia, Florida and the University of Miami.

In other words:  Better to risk further concussions and permanent brain injury (and hope for the rookie minimum salary) than to play the odds at the law school where I teach, or at almost any other law school.  NFL football can’t wait; law school can.

• Benkler’s post
• Carr’s response (also posted as a comment to Benkler)

They disagree about the most basic terms of the wager (what are the right categories?  what are the right things?), so it’s no surprise that there is really no winner.

The debate — the substance, not the parties — reminded me of a scene in Cameron Crowe’s film Almost Famous.  Philip Seymour Hoffman, playing the music critic Lester Bangs, carries on:

“I’m telling you, you’re coming along at a very dangerous time for rock ’n’ roll. The war is over. They won. They will ruin rock ’n’ roll and strangle everything we love about it and then it just becomes an industry of cool. 99 percent of what passes for rock n roll, silence is more compelling.”

That flick was set in 1973.  Bangs = Carr?  Benkler = William Miller (the fictionalized Cameron Crowe, the film’s protagonist)?  Plus ça change ….

A certain bona fide identity having been confirmed, at that the driver first did what some people do when I say that I teach copyright law.  He metaphorically climbed into a protective stance, as if I were going to come after him for infringement.  I said no, it’s cool; I’m not going to bring anything down on him.   That let to a wide-ranging 30-minute conversation about sampling and local hip hop production.  My cab driver, it turned out, has a burgeoning career as a producer/engineer for local rappers, including his nephews and cousins, and he had a lot of thoughtful, musically educated questions about what’s OK and what’s not when it comes to being inspired by sources, to using sources, and to sampling sources.  He knows ASCAP and BMI and uses bandcamp.com, but he wanted to know how you go about making sample-based music and distributing it legally.

We didn’t come to any conclusions.  I left him with my business card and a note recommending Creative License, the recent book about sampling by Kembrew McLeod and Peter DiCola.  He left me with a new appreciation for just how deeply our screwed up music copyright system is affecting emerging artists.  (If you’re mixing something in your cousin’s basement, you’re not on a label, and you’re worried about clearing   rights to what you’ve borrowed or quoted, what do you do?)  He played some tracks from a mixtape (a burned CD, in truth) that he had produced for his cousin, a gospel rapper.  I emerged into the dark of my home newly frustrated by laws that are meant to enable creativity, and inspired by the extent to which the deep recesses of creative culture refuse to let those laws keep them down.

Facebook is top dog in social; Google in search. The thing they both (with MS lurking in the wings to make a big comeback (an odd thing given how well MS does as it is)) are doing is to take recommendations to a new level (with ads thrown in of course). I have tried logged in search. I must say I was surprised. To be clear, I find there is mainly rot in social network data just as there is in search. Whether I would have used Google+ had I not been at Google is unclear. Probably not. But I did. Then I searched for some law review articles and some basic technology information. WOW. The personal results at the top had links to blog posts by people whom I followed on Google + AND THEY WERE…RELEVANT. Blew my mind. My search time went down and I found credible sources faster. Will that last? Who knows? Someone may find ways to game the system, but the small experiences make me hopeful. Now to Facebook and Bing.

If Google can do well with a much smaller set of users for Google +, Facebook and Bing might do really well. After all, Facebook has the social piece and MS has some search computer science types. Whoever wins here may offer the next thing in search. I like conducting logged out searches and logged in. When logged in, I like the potential for seeing things from friends and people I trust. For example, if I start to be interested in cameras and search gives me posts by friends I’d ask anyway, that is a pretty cool result. I can read the post and call the friend for deeper advice or just use what they posted.

All in this space will, of course, cope with privacy concerns etc. But I think that this new level of relevance has the chance to co-exist with those concerns and users may flock to one of these services to have results well-beyond the current ones in search without social. In other words, let the games continue.

For the masochistic, Groklaw has compiled the expert reports in an accessible fashion here and here. Why do I look at the reports, and not the briefs? It turns out that lawyers will make all sorts of arguments about what the evidence will say, but what is really relevant is the evidence actually presented. The expert reports, submitted before trial, are the broadest form of evidence that can be admitted – the court can whittle down what the jury hears, but typically experts are not allowed to go much beyond their reports.

These reports represent the best evidentiary presentation the parties have on the technical merits. It turns out that as a factual matter, both reports overlap quite a bit, and neither seems “wrong” as a matter of technical fact. I would sure hope so – these are pretty well respected professors and, quite frankly, the issues in this case are just not that complicated from a coding standpoint. (Note: for those wonder what gives me the authority to say that, I could say a lot, but I’ll just note that in a prior life I wrote a book about software programming for an electronic mail API).

What level of abstraction was presented and argued to the jury? As far as I can tell from the reports, other than a couple or three routines that were directly copied, the Oracle’s expert found little or no similar structures or sequences in the main body source code – the part that actually does the work. The only similarity – and it was nearly identical – was in the structure, sequence and organization of the grouping of function names, and the “packages” or files that they were located in.

For computer nerds, also identical were function names, parameter orders, and variable structures passed in as parameters. In other words, the header files were essentially identical. And they would have to be, if the goal is to have a compatible system. The inputs (the function names and parameters) and the outputs need to be the same. The only way you can disallow this usage of the API is to say that you cannot create an independent software program (even one of this size) that mimics the inputs and outputs of the original program.

To say that would be bad policy, and as I discuss below, probably not in accordance with precedent. This is why the experts are both right. Oracle’s expert says they are identical, and Google copied because that was the best way to lure application developers – by providing compatibility (and the jury agreed, as to the copying part). Google’s expert says, so what? The only thing copied was functional, and that’s legal. It’s this last part that a) led to the hung jury, and b) the court will have to rule on.

In my last post, I assumed that the level of abstraction must have been at a deeper level than just the names of the methods. Why did I do that?

First, the court’s jury instructions make clear that function names are not at issue. But I guess the court left it to the jury whether the collection could be infringed.

Second, the idea that an API could be infringed is usually something courts decide well in advance of trial, and it’s a question that doesn’t usually make it to trial.

Third, based on media accounts, it appeared that there was more testimony about deeper similarities in the code. The copied functions, I argued in my prior post, supported that view. Except that there were no other similarities. I think it is a testament to Oracle’s lawyers (and experts) that this misperception of a dirty clean room shone through in media reports, because the actual evidence belies the media accounts.

This is why I decided to dig deeper, and why one should not rely on second hand reports of important evidence. Based on my reading of the reports (and I admit that I could be missing something – I wasn’t in the courtroom), I think that the court will have no choice but to hold that the collection of API names is uncopyrightable – at least at this level of abstraction and claimed infringement.

To the extent that there are bits of non-functional code, I would say that’s probably fair use as a matter of law to implement a compatible system. I made a very similar argument in an article I wrote 12 years ago – long before I went into academia.

Prof. Boyden asked in a comment to my prior post whether there was any law that supported the copying of APIs structure and header files. I think there is: Lotus v. Borland. That case is famous for allowing Borland to mimic the Lotus structure, but there was also an API of sorts. Lotus macros were based on the menu structure, and to provide program compatiblity with Lotus, Borland implemented the same structure. So, for example, in Lotus, a user would hit “/” to bring up the menus, “F” to bring up the file menu, and “O” to bring up the open menu. As a result, the macro “/FO” would mimic this, to bring up the open menu.

Borland’s product would “read” macro programs written for Lotus, and perform the same operation. No underlying similarity of the computer code, but an identical API that took the same inputs to create the same output the user expected.

Like the lower court here, the lower court there found infringement of the structure, sequence, and organization of the menu structure. Like the lower court here, the court there found it irrelevant that Borland got the menu structure from third-party books rather than Lotus’s own product. (Here, Google asserts that it got the API’s from Apache Harmony, a compatible Java system, rather than the Java documents themselves). There is some dispute about whether Sun sanctioned the Apache project, and what effect that should have on the case. I think that the Harmony is a red herring.The reality is that it does not matter either way – a copy is a copy is a copy – if the copy is illicit that is.

In Lotus, the lower court found the API creative and copyrightable, the very question facing the court here. On appeal, however, the First Circuit ruled that the API was a method of operation, likening it to the buttons on a VCR. I think that’s a bit simplistic, but it was definitely the right ruling. The case went up to the Supreme Court, and it was a blockbuster case, expected to — once and for all — put this question to rest.

Alas, the Supreme Court affirmed without opinion by an evenly divided court. And the circuit court ruling stood. And it still stands – the court never took another case, and the gist of Lotus v. Borland has been applied over and over, but rarely as directly as it might apply here.

Wholesale, direct compatibility copying of APIs just doesn’t happen very often, and certainly not on the scale and with the stakes of that at issue here. Perhaps that is why there is no definitive case holding that an entire API structure is uncopyrightable. You would think we would have by 2012, but nope. Lotus comes close, but it is not identical. In Lotus, the menu structure was much smaller, and the names and structure were far less creative. Further, the concern was macro programming written by users for internal use that would not allow them to switch to a new spreadsheet program. Java programs, on the other hand, are designed to be distributed to the public in most cases.

Then again, the core issue is the same: the ability to switch the underlying program while maintaining compatibility of programs that have already been written. Based on this similarity, my prediction is that Judge Alsup will say that the collection of names is not copyrightable, or at the very least usage of the API in this manner is fair use as a matter of law. We’ll see if I’m right, and whether an appeals court affirms it.

Here’s the short story of what happened, as far as I can gather.

1. Google needed an application platform for its Android phones. This platform allows software developers to write programs (or “apps” in mobile device lingo) that will run on the phone.

2. Google decided that Sun’s (now Oracle’s) Java was the best way to go.

3. Google didn’t want to pay Sun for a license to a “virtual machine” that would run on Android phones.

4. Google developed its own virtual machine that is compatible with the Java programming language. To do so, Google had to make “APIs” that were compatible with Java. These APIs are essentially modules that provide functionality on the phone based on a keywords (instructions) from a Java language computer program. For example, if I want to display “Hello World” on the phone screen, I need only call print(”Hello World”). The API module has a bunch of hidden functionality that takes “Hello World” and sends it out to the display on the screen – manipulating memory, manipulating the display, etc.

5. The key dispute is just how much of the Java source code was copied, if any to create the Google version.

The jury today held the following:

1. One small routine (9 lines) was copied directly – line for line. The court said no damages for this, but this finding will be relevant later

2. Google copied the “structure, sequence, and organization” of 37 Java API modules. I’ll discuss what this means later.

3. There was no finding on whether the copying was fair use – the jury deadlocked.

4. Google did not copy any “documentation” including comments in the source code.

5. Google was not fooled into thinking it had a license from Sun.

To understand any of this, one must understand the levels of abstraction in computer code. Some options are as follows:

A. Line by line copying of the entire source code.

B. Line by line paraphrasing of the source code (changing variable names, for example, but otherwise idential lines).

C. Copying of the structure, sequence and organization of the source code – deciding what functions to include or not, creative ways to implement them, creative ways to solve problems, creative ways to name and structure variables, etc.  (The creativity can’t be based on functionality)

D. Copying of the functionality, but not the stucture, sequence and organization – you usually find this with reverse engineering or independent development

E. Copying of just the names of functions with similar functionality – the structure and sequence is the same, but only as far as the names go (like print, save, etc.). The Court ruled already that this is not protected.

F. Completely different functionality, including different structure, sequence, organization, names, and functionality.

Obviously F was out if Google wanted to maintain compatibility with the Java programming language (which is not copyrightable).

So, Google set up what is often called a “cleanroom.” The idea is not new – AMD famously set up a cleanroom to develop copyrighted aspects of its x86 compatible microprocessors back in the early 1990’s. Like Google now (according to the jury), AMD famously failed to keep its cleanroom clean.

Here’s how a cleanroom works. One group develops a specification of functionality for each of the API function names (which are, remember, not protected – people are allowed to make compatible programs using the same names, like print and save). Ideally, you do this through reverse engineering, but arguably it can be done by reading copyrighted specifications/manuals, and extracting the functionality. Quite frankly, you could probably use the original documentation as well, but it does not appear as “clean” when you do so.

Then, a second group takes the “pure functionality” description, and writes its own implementation. If it is done properly, you find no overlapping source code or comments, and no overlapping structure, sequence and organization. If there happens to be similar structure, sequence and organization, then the cleanroom still wins, because that similarity must have been dictated by functionality. After all, the whole point of the cleanroom is that the people writing the software could not copy because they did not have the original to copy from.

So, where did it all go wrong? There were a few smoking guns that the jury might have latched on to:

1. Google had some emails early on that said there was no way to duplicate the functionality, and thus Google should just take a license.

2. Some of the code (specifically, the 9 lines) were copied directly. While not big in itself, it makes one wonder how clean the team was.

3. The head of development noted in an email that it was a problem for the cleanroom people to have had Sun experience, but some apparently did.

4.  Oracle’s expert testified (I believe) that some of the similarities were not based on functionality, or were so close as to have been copied. Google’s expert, of course, said the opposite, and the jury made its choice. It probably didn’t help Google that Oracle’s expert came from hometown Stanford, while Google’s came from far-away Duke.

So, the jury may have just discounted the Google cleanroom story, and believed Oracle’s. And that’s what it found. As someone who litigated many copyight cases between competing companies, this is not a shocking outcome. This issue will not doubt bring the copyright v. functionality issue to the forefront (as it did in Lotus v. Borland and Intel v. AMD), this stuff is bread and butter for most technology copyright lawyers. It’s almost always factually determined. Only the scope of this case is different in my book – everything else looks like many cases I’ve litigated (and a couple that I’ve tried).

So, what happens now in the copyright phase?  (A trial on patent infringement started today.) Judge Alsup has two important decisions to make.

First, the court has to decide what to do with the fair use ruling. Many say that a mistrial is warranted since fair use is a question of fact and the jury deadlocked. I’m not so sure. The facts on fair use are not really disputed here – only the legal interpretation of them; my experience is that courts are more than willing to make a ruling one way or the other when copying is clear (as the jury now says it is). I don’t know what the court will do, but my gut says no fair use here.  My experience is that failed cleanrooms fail fair use – it means that what was copied was more than pure functionality, and it is for commercial use with market substitution. The only real basis for fair use is that the material copied was pure functionality, and that’s the next inquiry.

Second, the court must determine whether the structure, sequence, and organization of these APIs can be copyrightable, or whether they are pure functionality. I don’t know the answer to that question. It will depend in large part on:

a. whether the structure, etc., copied was at a high level (e.g. structure of functions) or at a low level (e.g. line by line and function by function);

b. the volume of copied (something like 11,000 lines is at issue);

c. the credibility of the experts in testifying to how much of structure that is similar is functionally based.  On a related note, the folks over at groklaw think for the most part think this is not copyrightable. They have had tremendous coverage of this case.

I’ve been on both sides of this argument, and I’ve seen it go both ways, so I don’t have any predictions. I do look forward to seeing the outcome, though. It has been a while since I’ve written about copyright law and computer software; this case makes me want to rejoin the fray.

Now compare