Actually, there's Federal Law on this. The Fair Debt Collection Practices Act, 15 U.S.C. 1692 et. seq. At a previous law firm I worked at, there was a paralegal who used to work for debt collection agency, and she talked about how restrictive this law is. Basically, they can only call within certain hours, they are required to give specified notices, and there are a lot of things they can't do. Screaming at you is one of them. Violations can involve punitive damages (which are paid to the complaining party, i.e., you), so it's worth it to pursue a claim. Some attorneys will even take this type of claim on a contingency basis.
Actually, this is a true statement. The doctrine of sovereign immunity protects the government from being sued unless it allows the suit.
This is a pretty complex subject, so I'll try to make this as "user-friendly" as I can.
The Federal Government and the governments of the individual states are protected from suit unless they allow it. In order to allow the suit, the legislative body (Congress, state assembly, etc.) has to pass a law allowing the suit. Most states and the Federal Government have passed statutes that allow you to sue them under specified circumstances, i.e., for specified types of claims (civil rights violations, tort claims, breach of contract claims), but only if you comply with strict notice requirements. If you don't comply with the requirements of the statute, your case gets thrown out because of sovereign immunity.
So I guess the answer really is "You can sue the government, but only if they let you."
"As an non-American I'm baffled by the practise of having voters register which party they prefer in a government database. The basic principle of an election is the secret ballot. Why is this done? Why isn't it widely condemmed? Why do people cooperate instead of all claiming to prefer the monster raving loony party?"
For those who don't understand American elections, it's done here because this is a primary election. The purpose of the primary election is to determine who the candidates for each party will be in the general election (which will be in November). In order to do that, you need to vote on the right ballot, i.e., Democrats need to vote on the Democrat ballot, and Republicans need to vote on the Republican ballot, Greens need to vote on the Green ballot.
In the general election, they just check you in as a registered voter. There's no registration as to what party you're with, other than what's in your voter registration. That information is not, however, linked with your actual vote.
First, the opinion can be found here: http://pacer.cadc.uscourts.gov/docs/common/opinion s/200312/03-7015a.pdf
The basic holding here is that the subpoena provisions of the DMCA only apply to an ISP who is actually storing the allegedly infringing material on its (the ISP's) servers.
They base this holding on a finding that, in the case of file-sharing between users, the ISP is simply acting as a conduit for the transfer of information, and has no control over the transfer or the information sent. Since the subpoena provision has a notice provision in it that requires that the content-provider give the ISP enough information to be able to prevent access to the offending material. Since preventing access is impossible without terminating the offender's internet access, a remedy the court dismissed as inappropriate, the court found satisfaction of the notice provision to be impossible.
The court also ruled that the text of the statute and the legislative history (i.e., comments made and written by Congress as they debated the DMCA before passing it) indicated no awareness of P2P file sharing.
The court ends by stating that it is "not unsympathetic" to the RIAA's "plight", but it leaves the burden on Congress to change the law, if they think it really needs changing. Rough translation: Start winding up the lobbyists, they have work to do.
I'm not a techie, but I've been looking at Athlon 64s, and the best deal I've seen is ABS. (www.abspc.com). Their PCs price just a bit more than what it would cost to built it yourself after buying the parts from NewEgg (and the parts are brand-name parts rather than the mystery meat you find in an eMachine), and you get at least a year's warranty and onsite service. I priced out an acceptable Athlon 64 system at around $1400.
I checked out their reputation, and it turns out that I have a more-tech-savvy-than-I-am buddy who bought a system from them a couple of years ago, and liked what he got. He said if he wasn't building his own now, he'd probably go with them. From what I can tell, their performance reputation is close to expensive machines like Alienware and Falcon NW, but because they don't do custom cases and the like, they're much cheaper.
Still, if I didn't have anti-tech powers (Machines around me break for no reason. I have no clue why. Tech support hates me.), I would build my own. As it is, tech support is essential for me, as I guarantee at least one component will simply fail because I am near it. Therefore, I guess I go with ABS.
Malls are generally not public places. They are considered private property, at least for free speech concerns (Mall owners can exclude you from their property if they don't like what you say or do). Assuming that that determination carries over to who owns the trash (a reasonable assumption, since both are matters of constitutional law and a consistent application would make sense, but an assumption nonetheless), the application would have been private property at the time it was trashed. However, it was private property owned by whoever owns the mall, and it would be their option to permit the credit card company to go dumpster diving.
Whether that has any effect on the company's liability for providing your personal information to others, however, is anybody's guess. Generally, you have to agree before they can do that, and you never agreed. Any privacy lawyers reading this? My area is municipal and real estate law, so I'd love to hear an expert's take on this.
Whoops, sorry bout that... Track is right. Yahoo got away in this case. However, it was not for lack of jurisdiction. They were released because the French law violated Yahoo's constitutional rights (Corporations have constitutional rights? I'll be damned!). Had there not been a constitutional right involved, it likely would have come out the other way. Country's do have a hard time enforcing the laws of another country against their citizens when the law sought to be enforced directly violates the rights of its citizens under that nation's constitution.
Note, though, that because Yahoo had a business presence in France, they complied as best they could with the court's order.
That said, I do need to modify what I said earlier: A judgment from another country will be enforced unless it violates the fundamental rights of the defendant under the laws of the host country.
And Track, while you're right when you say that Yahoo is a big difference from a small 100 hit per day site, it all depends on how paranoid the plaintiff is. If he's absolutely paranoid about pursuing any and all claims, he might still come after you.
I'm not sure about the valid in only two states part. Some courts have set a standard that actually makes sense by which software agreements' validity under contract law is tested. The key is whether the customer had both a reasonable opportunity to inspect the terms of the contract (the EULA) and a reasonable opportunity to rescind the contract after that inspection. Note that the customer doesn't actually have to read the terms, they merely need the opportunity to. In other words, the software company has to give you a refund if you return the product after you read the terms. The retailer doesn't have to, mind you, merely the software company.
Of course, this is all moot if you're in the US and you live in Virginia or Washington state, because they have enacted UCITA. Without going into a long list of the problems with UCITA, I'll just try to sum it up: Under UCITA, consumers have no rights.
A court will be able to take personal jurisdiction (power over a defendant) and be able to render judgment against them if the defendant's actions cause reasonably forseeable harm in the forum (place where the court is).
In other words, if you are in Germany, and you link to and display copyrighted pictures in your frames, and the copyrighted pictures are the work of someone in... say, Maryland in the US, the plaintiff can proceed against you in the Maryland court because the injury, loss of sales/advertising/etc. was caused to the plaintiff in Maryland. OK, you say, but what if I never go to Maryland? What if I don't show up, and never enter the US? How can the plaintiff enforce the judgment against me? Well, most nations have signed treaties that basically say "If your courts have rendered a valid judgment against a defendant, our courts will enforce it." The US Constitution has the Full Faith and Credit Clause which pretty much does the same thing between US states, so that California would have to enforce that Maryland judgment. What that means is that, sure, you can ignore the US proceeding against you, but if Germany, or whatever country you're from, has signed such a treaty with the US, all the plaintiff has to do is take his judgment to your local German court to have it enforced. They slap a lien on your car, and the local law enforcement officers come out and auction it off to pay the judgment. The reciprical of this is what got Yahoo in trouble with France. Sure, Yahoo is an American company, and they could have told the French court to go to hell, but if they did, and then the French court rendered a judgment against them, the French judgment would probably be enforced by an American court.
The long and the short of this is, don't assume that just because you are outside of a nation's borders, you can violate their laws to your heart's content. If you injure someone in that country, it's pretty likely that they will be able to drag your ass into court.
I am a law student and I recently took a class on e-commerce. In that class, we discussed electronic signatures, and the subset of electronic signatures known as digital signatures. I admit at the beginning that I know very little about the technology here, so please be gentle if I get the tech wrong. This is more of a post about how the law views this type of signature.
In the U.S., with the exception of the states of Utah, Minnesota, and Washington, the state law Uniform Electronic Transactions Act (UETA) and the Federal E-Sign Act both define what an electronic signature is. Federal law normally supercedes state law, but in this case, it was written so that it parallels UETA and only takes effect if a state has no legislation in the area. Both UETA and E-Sign define an electronic signature as a sound, symbol, or process logically associated with the record executed by a person (this is the identity issue) with the intent to adopt (identity + intent) and authenticate (sign) the record (electronic substitute for a writing). This law is designed to make it so that electronic contracts can pass the statute of frauds, which require that a contract be in writing and signed by the party against which enforcement of the contract is sought.
German law is different, as I understand it (If there are any Germans out there, please reply and correct any misstatements I make here). In Germany, a contract is not valid until it is notarized, giving it the backing of the state. The notary serves the purpose of actually seeing the person sign the written contract. In the U.S., very few types of contracts are required to be notarized (deeds transferring real estate, for example), but a notarized document is presumed to be valid. A digital signature, such as the Public Key Infrastruction (PKI) is similar to the notary function, because it brings in a third party (I tend to think of Verisign here, because the professor who taught this portion of the class was at one point an attorney for Verisign) to verify the identity of the person authenticating the document.
PKI works like this (I apologize to those who know the technological details... this is an incredibly simplistic explanation, but for non-techies like me, it should suffice): Third party provides a private key to A. A creates a record and then authenticates it by using the private key to encrypt the message. The private key encrypts the message, and adds one line of non-encrypted text directing the receiver (B) to contact the third party. The third party provides B with the public key to decrypt the message sent by A. The decrypted message will only be readable if the message sent by A has not been tampered with.
It's not surprising, then, given the German preference to have a contract verified by a notary, that the German government (and the EU, I might add) would prefer using PKI. Your third party acts as a notary verifying that it really was person A who sent the message.
Earlier I mentioned that in the U.S., the law was UETA or E-sign, except in Minnesota, Utah, and Washington. The reason is is that those states enacted laws favoring PKI.
Internationally, the United Nations Commission on International Trade Law (UNCITRAL) passed a model law that favors PKI. Under the model law, an electronic signature (under UETA, for example) is still usable, but if you use PKI, there is a presumption that the document is valid (which means that you had better have damn good evidence that it's not if you hope to prove it invalid).
Since security is more of a technological issue, I'll leave that to wiser heads to discuss, although I will leave with a quotation from a good friend: "Locks are for honest people. If someone wants your stuff bad enough, they'll find a way in."
Jurisdiction is the power of a court to enforce its decision over the defendant. There has to be a rationale basis for a court to do that.
What a lot of people don't understand is that not only does the U.S. have federal law, each state has its own laws, and there exists a question of whether a person from California can be hauled into a court in Maryland to answer for their actions. I know, it seems silly, but that's the way it is. It's similar when you are dealing internationally. There are usually two key issues in most courts: 1) whether the defendant caused an actual injury in the forum state/country, and 2) whether that harm was reasonably foreseeable?. If both of these are present, then the court will likely find jurisdiction. If the first is present, but not the second, it's a toss-up, but don't be surprised if the court finds jurisdiction.
That is probably (note: PROBABLY) the standard a court will use with websites. In fact, if I remember correctly, that was the standard the French court used in the Yahoo nazi case.
There have been a lot of comments about how the laws of a foreign country don't apply to nonresident noncitizens. That's not entirely true, though. Many nations have treaties with other nations that say they will enforce the judgments of each other's courts. In the U.S., we have the Full Faith and Credit clause of the Constitution that says judgments from the courts of a different state will be enforced. Many treaties have a similar clause. For an example of what this means, let's look at the Yahoo case. Several groups in France sued Yahoo for violating French laws pertaining to the sale of hate parephenalia (auctions of nazi stuff) to French citizens. If Yahoo had simply told the French court to go to hell and not showed up, and there existed a treaty between the U.S. and France recognizing each other's judgments (I think there is, but I'm not sure), the French court could issue a judgment, and then the plaintiff's could bring that judgment to a U.S. court to enforce. Bottom line: Don't be so sure you're out of reach until you do your research!
My final point: most of the discussion here seems to focus on criminal law, but there are a lot of civil claims that could arise from the operation of a website, not the least of which are libel and intellectual property claims, as well as violations of some nations limits on publication of certain types of content.
Slashdot Mirror
Actually, there's Federal Law on this. The Fair Debt Collection Practices Act, 15 U.S.C. 1692 et. seq. At a previous law firm I worked at, there was a paralegal who used to work for debt collection agency, and she talked about how restrictive this law is. Basically, they can only call within certain hours, they are required to give specified notices, and there are a lot of things they can't do. Screaming at you is one of them. Violations can involve punitive damages (which are paid to the complaining party, i.e., you), so it's worth it to pursue a claim. Some attorneys will even take this type of claim on a contingency basis.
Actually, this is a true statement. The doctrine of sovereign immunity protects the government from being sued unless it allows the suit. This is a pretty complex subject, so I'll try to make this as "user-friendly" as I can. The Federal Government and the governments of the individual states are protected from suit unless they allow it. In order to allow the suit, the legislative body (Congress, state assembly, etc.) has to pass a law allowing the suit. Most states and the Federal Government have passed statutes that allow you to sue them under specified circumstances, i.e., for specified types of claims (civil rights violations, tort claims, breach of contract claims), but only if you comply with strict notice requirements. If you don't comply with the requirements of the statute, your case gets thrown out because of sovereign immunity. So I guess the answer really is "You can sue the government, but only if they let you."
"As an non-American I'm baffled by the practise of having voters register which party they prefer in a government database. The basic principle of an election is the secret ballot. Why is this done? Why isn't it widely condemmed? Why do people cooperate instead of all claiming to prefer the monster raving loony party?"
For those who don't understand American elections, it's done here because this is a primary election. The purpose of the primary election is to determine who the candidates for each party will be in the general election (which will be in November). In order to do that, you need to vote on the right ballot, i.e., Democrats need to vote on the Democrat ballot, and Republicans need to vote on the Republican ballot, Greens need to vote on the Green ballot.
In the general election, they just check you in as a registered voter. There's no registration as to what party you're with, other than what's in your voter registration. That information is not, however, linked with your actual vote.
First, the opinion can be found here: http://pacer.cadc.uscourts.gov/docs/common/opinion s/200312/03-7015a.pdf
The basic holding here is that the subpoena provisions of the DMCA only apply to an ISP who is actually storing the allegedly infringing material on its (the ISP's) servers.
They base this holding on a finding that, in the case of file-sharing between users, the ISP is simply acting as a conduit for the transfer of information, and has no control over the transfer or the information sent. Since the subpoena provision has a notice provision in it that requires that the content-provider give the ISP enough information to be able to prevent access to the offending material. Since preventing access is impossible without terminating the offender's internet access, a remedy the court dismissed as inappropriate, the court found satisfaction of the notice provision to be impossible.
The court also ruled that the text of the statute and the legislative history (i.e., comments made and written by Congress as they debated the DMCA before passing it) indicated no awareness of P2P file sharing.
The court ends by stating that it is "not unsympathetic" to the RIAA's "plight", but it leaves the burden on Congress to change the law, if they think it really needs changing. Rough translation: Start winding up the lobbyists, they have work to do.
I'm not a techie, but I've been looking at Athlon 64s, and the best deal I've seen is ABS. (www.abspc.com). Their PCs price just a bit more than what it would cost to built it yourself after buying the parts from NewEgg (and the parts are brand-name parts rather than the mystery meat you find in an eMachine), and you get at least a year's warranty and onsite service. I priced out an acceptable Athlon 64 system at around $1400. I checked out their reputation, and it turns out that I have a more-tech-savvy-than-I-am buddy who bought a system from them a couple of years ago, and liked what he got. He said if he wasn't building his own now, he'd probably go with them. From what I can tell, their performance reputation is close to expensive machines like Alienware and Falcon NW, but because they don't do custom cases and the like, they're much cheaper. Still, if I didn't have anti-tech powers (Machines around me break for no reason. I have no clue why. Tech support hates me.), I would build my own. As it is, tech support is essential for me, as I guarantee at least one component will simply fail because I am near it. Therefore, I guess I go with ABS.
Malls are generally not public places. They are considered private property, at least for free speech concerns (Mall owners can exclude you from their property if they don't like what you say or do). Assuming that that determination carries over to who owns the trash (a reasonable assumption, since both are matters of constitutional law and a consistent application would make sense, but an assumption nonetheless), the application would have been private property at the time it was trashed. However, it was private property owned by whoever owns the mall, and it would be their option to permit the credit card company to go dumpster diving.
Whether that has any effect on the company's liability for providing your personal information to others, however, is anybody's guess. Generally, you have to agree before they can do that, and you never agreed. Any privacy lawyers reading this? My area is municipal and real estate law, so I'd love to hear an expert's take on this.
Whoops, sorry bout that... Track is right. Yahoo got away in this case. However, it was not for lack of jurisdiction. They were released because the French law violated Yahoo's constitutional rights (Corporations have constitutional rights? I'll be damned!). Had there not been a constitutional right involved, it likely would have come out the other way. Country's do have a hard time enforcing the laws of another country against their citizens when the law sought to be enforced directly violates the rights of its citizens under that nation's constitution.
Note, though, that because Yahoo had a business presence in France, they complied as best they could with the court's order.
That said, I do need to modify what I said earlier: A judgment from another country will be enforced unless it violates the fundamental rights of the defendant under the laws of the host country.
And Track, while you're right when you say that Yahoo is a big difference from a small 100 hit per day site, it all depends on how paranoid the plaintiff is. If he's absolutely paranoid about pursuing any and all claims, he might still come after you.
I'm not sure about the valid in only two states part. Some courts have set a standard that actually makes sense by which software agreements' validity under contract law is tested. The key is whether the customer had both a reasonable opportunity to inspect the terms of the contract (the EULA) and a reasonable opportunity to rescind the contract after that inspection. Note that the customer doesn't actually have to read the terms, they merely need the opportunity to. In other words, the software company has to give you a refund if you return the product after you read the terms. The retailer doesn't have to, mind you, merely the software company. Of course, this is all moot if you're in the US and you live in Virginia or Washington state, because they have enacted UCITA. Without going into a long list of the problems with UCITA, I'll just try to sum it up: Under UCITA, consumers have no rights.
A court will be able to take personal jurisdiction (power over a defendant) and be able to render judgment against them if the defendant's actions cause reasonably forseeable harm in the forum (place where the court is).
In other words, if you are in Germany, and you link to and display copyrighted pictures in your frames, and the copyrighted pictures are the work of someone in... say, Maryland in the US, the plaintiff can proceed against you in the Maryland court because the injury, loss of sales/advertising/etc. was caused to the plaintiff in Maryland. OK, you say, but what if I never go to Maryland? What if I don't show up, and never enter the US? How can the plaintiff enforce the judgment against me? Well, most nations have signed treaties that basically say "If your courts have rendered a valid judgment against a defendant, our courts will enforce it." The US Constitution has the Full Faith and Credit Clause which pretty much does the same thing between US states, so that California would have to enforce that Maryland judgment. What that means is that, sure, you can ignore the US proceeding against you, but if Germany, or whatever country you're from, has signed such a treaty with the US, all the plaintiff has to do is take his judgment to your local German court to have it enforced. They slap a lien on your car, and the local law enforcement officers come out and auction it off to pay the judgment. The reciprical of this is what got Yahoo in trouble with France. Sure, Yahoo is an American company, and they could have told the French court to go to hell, but if they did, and then the French court rendered a judgment against them, the French judgment would probably be enforced by an American court.
The long and the short of this is, don't assume that just because you are outside of a nation's borders, you can violate their laws to your heart's content. If you injure someone in that country, it's pretty likely that they will be able to drag your ass into court.
I am a law student and I recently took a class on e-commerce. In that class, we discussed electronic signatures, and the subset of electronic signatures known as digital signatures. I admit at the beginning that I know very little about the technology here, so please be gentle if I get the tech wrong. This is more of a post about how the law views this type of signature. In the U.S., with the exception of the states of Utah, Minnesota, and Washington, the state law Uniform Electronic Transactions Act (UETA) and the Federal E-Sign Act both define what an electronic signature is. Federal law normally supercedes state law, but in this case, it was written so that it parallels UETA and only takes effect if a state has no legislation in the area. Both UETA and E-Sign define an electronic signature as a sound, symbol, or process logically associated with the record executed by a person (this is the identity issue) with the intent to adopt (identity + intent) and authenticate (sign) the record (electronic substitute for a writing). This law is designed to make it so that electronic contracts can pass the statute of frauds, which require that a contract be in writing and signed by the party against which enforcement of the contract is sought. German law is different, as I understand it (If there are any Germans out there, please reply and correct any misstatements I make here). In Germany, a contract is not valid until it is notarized, giving it the backing of the state. The notary serves the purpose of actually seeing the person sign the written contract. In the U.S., very few types of contracts are required to be notarized (deeds transferring real estate, for example), but a notarized document is presumed to be valid. A digital signature, such as the Public Key Infrastruction (PKI) is similar to the notary function, because it brings in a third party (I tend to think of Verisign here, because the professor who taught this portion of the class was at one point an attorney for Verisign) to verify the identity of the person authenticating the document. PKI works like this (I apologize to those who know the technological details... this is an incredibly simplistic explanation, but for non-techies like me, it should suffice): Third party provides a private key to A. A creates a record and then authenticates it by using the private key to encrypt the message. The private key encrypts the message, and adds one line of non-encrypted text directing the receiver (B) to contact the third party. The third party provides B with the public key to decrypt the message sent by A. The decrypted message will only be readable if the message sent by A has not been tampered with. It's not surprising, then, given the German preference to have a contract verified by a notary, that the German government (and the EU, I might add) would prefer using PKI. Your third party acts as a notary verifying that it really was person A who sent the message. Earlier I mentioned that in the U.S., the law was UETA or E-sign, except in Minnesota, Utah, and Washington. The reason is is that those states enacted laws favoring PKI. Internationally, the United Nations Commission on International Trade Law (UNCITRAL) passed a model law that favors PKI. Under the model law, an electronic signature (under UETA, for example) is still usable, but if you use PKI, there is a presumption that the document is valid (which means that you had better have damn good evidence that it's not if you hope to prove it invalid). Since security is more of a technological issue, I'll leave that to wiser heads to discuss, although I will leave with a quotation from a good friend: "Locks are for honest people. If someone wants your stuff bad enough, they'll find a way in."
Jurisdiction is the power of a court to enforce its decision over the defendant. There has to be a rationale basis for a court to do that. What a lot of people don't understand is that not only does the U.S. have federal law, each state has its own laws, and there exists a question of whether a person from California can be hauled into a court in Maryland to answer for their actions. I know, it seems silly, but that's the way it is. It's similar when you are dealing internationally. There are usually two key issues in most courts: 1) whether the defendant caused an actual injury in the forum state/country, and 2) whether that harm was reasonably foreseeable?. If both of these are present, then the court will likely find jurisdiction. If the first is present, but not the second, it's a toss-up, but don't be surprised if the court finds jurisdiction. That is probably (note: PROBABLY) the standard a court will use with websites. In fact, if I remember correctly, that was the standard the French court used in the Yahoo nazi case. There have been a lot of comments about how the laws of a foreign country don't apply to nonresident noncitizens. That's not entirely true, though. Many nations have treaties with other nations that say they will enforce the judgments of each other's courts. In the U.S., we have the Full Faith and Credit clause of the Constitution that says judgments from the courts of a different state will be enforced. Many treaties have a similar clause. For an example of what this means, let's look at the Yahoo case. Several groups in France sued Yahoo for violating French laws pertaining to the sale of hate parephenalia (auctions of nazi stuff) to French citizens. If Yahoo had simply told the French court to go to hell and not showed up, and there existed a treaty between the U.S. and France recognizing each other's judgments (I think there is, but I'm not sure), the French court could issue a judgment, and then the plaintiff's could bring that judgment to a U.S. court to enforce. Bottom line: Don't be so sure you're out of reach until you do your research! My final point: most of the discussion here seems to focus on criminal law, but there are a lot of civil claims that could arise from the operation of a website, not the least of which are libel and intellectual property claims, as well as violations of some nations limits on publication of certain types of content.