 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Prepared Witness Testimony The House Committee on Energy and Commerce
H.R. ___, the Database and Collections of Information Misappropriation Act of 2003
Subcommittee on Commerce, Trade, and Consumer Protection
Mr. Keith Kupferschmid
Chairmen Smith and Stearns, Ranking Members Berman and Schakowsky and members of both Subcommittees, I appreciate the opportunity to testify before you today on the need for legislation that adequately and effectively protects America's databases from piracy. I also welcome the opportunity to comment on your discussion draft, titled the "Database and Collections of Information Misappropriation Act," and would like to especially thank Chairman Sensenbrenner and Chairman Tauzin for their strong leadership on this important issue. We appreciate the commitment of the two committees to work together to produce and enact meaningful database protection legislation. I am Keith Kupferschmid, Vice President of Intellectual Property Policy and Enforcement for the Software & Information Industry Association. I am here today to testify on behalf of the Coalition Against Database Piracy (CADP). CADP is an ad hoc advocacy group that was formed for the sole purpose of pursuing enactment of a federal law to prevent misappropriation of databases. Its members include large and small database producers who devote substantial resources in compiling, organizing, and distributing database products and providing services that rely on databases. A listing of those companies and organizations that support meaningful database protection is attached. Database protection is a critical issue to America's database publishers. These companies and organizations have invested hundreds of millions of dollars to collect and organize information contained in thousands of databases. Database publishers not only collect, compile, and organize the information, they also keep it updated and reliable. These investments are worthy and deserving of protection. Investments in these databases have been made to provide easy-to-use valuable information to users in settings ranging from the general public to business and specialized user communities-information that is important in their work and everyday lives. The value of reliable and comprehensive databases that these companies make available to researchers, businesses, government officials, and citizens is immeasurable. Farmers use databases to get weather and soil information; lawyers, to rely on legal precedent; doctors, to determine safe and effective medical procedures; workers, to search for new jobs; pharmacists, to understand drug interactions; home buyers, to find the right house, and the list goes on. Given the important role that databases play in our capital markets, law enforcement, and science and research, it is critical that database producers be able to protect their investments from free-riders and pernicious commercial exploitation and that new investments in these important information resources be encouraged. Protection of database investments will stimulate the economy by creating incentives for investments in new databases and accelerating job growth in large and small businesses in our nation's vital U.S. information industry. U.S. database and directory publishers were estimated to generate $15.4 billion in annual revenue in 1999. Without effective statutory protection, private firms are deterred from investing in database production, resulting in fewer jobs and a shortfall of reliable, accurate and up-to-date information. Protection will promote investments in the creation of new jobs and information services, increase the pace of technological progress, and fulfill the economy's growth potential. While databases play a key role in supporting America's information based economy, they are also important in protecting our health and well-being. Databases ensure that our prescription medications are safe and will not adversely interact, provide healthcare professionals with vital information on countless topics such as proper antidotes for poisons, and serve as an important resource for mapping out cures for deadly diseases. Meaningful database protection legislation will also ensure that consumers and businesses have access to the most accurate and reliable information. While database producers are constantly updating their information, those who pirate databases cannot be relied on to do the same. As a result, consumers and businesses may end up relying on outdated information, in some cases to the detriment of their health. For example, a mother trying to find the contraindications for a particular medicine could get the incorrect or out-of-date information by unwittingly accessing a stolen outdated database rather than the original compiler's current database. Consumers need high quality databases which contribute to their ease, productivity, and innovation. Databases save consumers time and effort. Finding that needle in a haystack from diverse and unorganized sources could take an individual weeks or months. Fortunately, database publishers provide quick and easy answers in their databases. Misappropriation of databases threatens the availability of organized, timely, comprehensive information. If investments in databases continue to be destroyed, there will be fewer and fewer people willing to make the investment necessary to create and disseminate these valuable database. Moreover, those database compilers who decide to stay in the database business will be reluctant to expose their most valuable wares to a thieves' market on the Internet. They will keep tight technical or contractual security on their products and only make them available to smaller, more lucrative markets. Inevitably, this will result in fewer and less reliable databases and thus, less information to fuel the information age. Despite the acknowledged value provided by America's databases, there is presently a lack of meaningful national legal protection for these databases. While database producers rely on several potential legal theories, none adequately nor effectively deter or prevent database piracy. Depending on the facts of a particular case, database producers may consider raising claims under: U.S. copyright law, state misappropriation law, state trespass law, state contract law, the Computer Fraud and Abuse Act, federal or state trademark or unfair competition law, and trade secret law. However, none of these claims are sufficient. A list of possible claims and an explanation of their shortcomings is provided in the attached appendix, including references to examples where appropriate. The cases identified here are not an exhaustive list of cases illustrating the shortcomings of the current environment, nor do they capture the scores of instances in which the lack of adequate remedies has prevented database producers from bringing suit to combat known instances of piracy. In addition to the database piracy cases that have resulted in litigation, there are numerous other instances of piracy that never make it to the court room. Many database producers are unwilling to spend significant amounts of money litigating the questionable causes of action discussed above with the very real possibility that they will lose the case and, in the process, draw attention to the vulnerabilities of the company's databases. For example, National Ad Search (NAS), a Wisconsin-based company, takes and uploads employment classifieds from print newspapers in the top 60 markets and sells them to job seekers. It has no authorization to do so (by contract or otherwise). This type of piracy results in loss of good will of advertisers and customers. Newspapers get complaints from advertisers who place classified ads who continue to get harassed by phone calls long after the ad was published and the job has been filled. Cease and desist letters have failed to deter this company which continues to operate today -- NAS refuses to recognize the newspapers' copyright protection and the newspapers have not found a viable state to bring a misappropriation action. Furthermore, neither the Computer Fraud and Abuse Act nor section 1201of the Copyright Act would apply because the initial takings are both non-electronic and unencrypted. Based on the long list of database piracy cases that have occurred over the course of the past ten years or so there can be no doubt that there is a definite and significant need for database protection legislation. Moreover, the risk of potential future instances of database piracy and the adverse affects such piracy would have on investments in databases and consumer protection is certainly sufficient justification for Congress to enact database protection legislation. Congress has a long history of legislating to protect against potential future harms. In fact, just last session, Congress passed the TEACH Act creating a new exemption in the copyright law in order to encourage certain educational institutions to create distance education courses. There was no demonstrable evidence establishing that an exemption was necessary, but Congress chose to enact the law based on anticipated - rather than actual - problems using copyrighted works for these courses. There is no reason to think that database protection legislation should be treated any differently. To be clear, we are not seeking "copyright plus," to expand copyright law, to acquire exclusive rights in the database or to lock up information. We are merely trying to protect against free-riders taking our databases and making them available in a way that hurts our businesses. We think this is a reasonable request. If legislation passes that provides a meaningful legal foundation to fall back on when someone steals a database, companies will be more willing to provide widespread access to their databases and take the risk that it might be stolen. Without this legal basis they are forced to be more cautious about how they disseminate their databases, how much they should invest in maintaining their databases and, in many instances, whether to create a new database in the first case. We commend Chairman Sensenbrenner and Chairman Tauzin for their leadership in drafting legislation that seeks to address the problem of theft of our nation's databases. The discussion draft, the "Database and Collections of Information Misappropriation Act" -- reflects years of discussions and negotiations between the Judiciary and Energy & Commerce Committee staff and the stakeholders. The legislation they have developed takes a very targeted and narrow approach to addressing the problem of database piracy. Unlike prior bills that have addressed the problem of database piracy by providing database producer with exclusive rights to control the use and distribution of a database in any context, the draft legislation developed by the two Committee chairmen, is based on a misappropriation approach that only covers acts of making a database available that cause commercial harm to the database producer. More specifically, the draft legislation creates a narrowly focused prohibition that applies only if ten criteria are met: (1) plaintiff's database must contain a "large number of discrete items;" (2) it must be the result of a "substantial expenditure of financial resources or time;" (3) the defendant must make its database "available in commerce to others;" (4) the amount made available must be at least a "quantitatively substantial part of" the plaintiff's database; (5) the defendant must know that he is not authorized to make the database available; (6) the database is made available "in a time sensitive manner;" (7) the database must serve "as a functional equivalent" of the plaintiff's database; (8) in making the database available the defendant must have caused a loss in revenue to the plaintiff; (9) the loss in revenue must occur in the same market that the plaintiff's database seeks to exploit; and (10) letting this act of misappropriation go unpunished would substantially reduce the incentive of the plaintiff to produce (i.e., create and distribute) the database. These ten criteria - all of which must be satisfied for liability to accrue-- set a very high standard for establishing liability under the draft bill. This standard is even higher when one also considers the exceptions to liability contained in the draft legislation. We believe that some of the substantive provisions of the draft will provide protection against database piracy while also accounting for the legitimate concerns of database users through narrowly-crafted exceptions and limitations on liability. We also have concerns with the language used in some of the provisions of the draft. Most significantly, we believe the language in some of the provisions - notably the preemption and time sensitivity provisions, among others -- is somewhat ambiguous and could cause inadvertent consequences. Equally as disconcerting, is that the discussion draft does not recognize database thefts that cause noncompetitive harms that adversely affect ISPs and others that have commercial databases. We look forward to working with the Committees to ensure that any preemption of state law is narrowly tailored and does not impede effective licensing of databases or other measures that might otherwise be available, and seeking some appropriate clarifications of the text, including protection against database theft when carried out on behalf of parties other than direct competitors. We know that a few groups, many of whom were part of the process initiated by the two Committees to come up with a compromise text, have voiced their opposition to the discussion draft. In fact, the discussion draft has a very limited and targeted reach. It protects the database itself, not the information or facts in a database. The focus of the discussion draft is to protect against unauthorized distributions of a database that cause commercial harm, not to prohibit use or extraction of information from a database. The approach of the discussion draft - relying on a standard of "misappropriation" - is precisely the standard that was recommended by many of those writing now expressing concern. Their continued opposition amply demonstrates that they simply do not accept the conclusion that the Chairmen have both reached: that Congress should legislate to improve the legal protection available for databases Just as importantly, several of the letters sent opposing the discussion draft recognize that many of their concerns have been addressed. In particular, the draft will not affect the day-to-day activities of librarians, researchers, scientists, and educators or impede their ability to obtain and use facts. The legal standards to establish liability are extremely high. This is so that only database pirates fall within the draft's reach. The customary activities of a librarian, scientist, or educator would not fall within the reach of this draft legislation. As an additional safety valve, there is an additional exception in the legislation that ensures that nonprofit librarians, scientists, or educators are not swept up by the general prohibition in the discussion draft. Throughout the process initiated by Chairmen Sensenbrenner and Tauzin we have stated our intention to get narrowly targeted and meaningful legislation that addresses the problem of database piracy while also addressing the legitimate concerns of the database user community. To the extent that the opponents believe that the draft falls short of this goal, we continue to stand ready to address those concerns in exchange for their support for this important piece of legislation and their recognition that the bill must recognize database thefts that result in noncompetitive harms and address other concerns of the database publishing community on several of the provisions, including preemption of state laws. We look forward to working with the Congress and the other stakeholders to achieve a legislative solution that eliminates the unfairness we discussed today. Thank you again for all your work on these very complex issues that have arisen before the two Subcommittees and thank you for your commitment and work to address our concerns in this area. I will be happy to answer any questions. APPENDIX THE SHORTCOMINGS OF EXISTING LAW (1) Copyright Law: Copyright law does not provide adequate protection for most databases. Copyright law does not prevent a person from taking the non-copyrightable contents of a database, repackaging or reformatting those contents, and distributing the "new" database. As set forth in the Supreme Court decision of Feist Publications v. Rural Telephone Service Co., 499 U.S. 340 (1991), copyright law only protects a compilation (i.e., a database) if there is sufficient creativity in the selection, arrangement or coordination of the compilation. Most of the characteristics that make a database valuable and user-friendly-its comprehensiveness and its logical order (whether alphabetical in print products or random in electronic products)-are routinely deemed to involve no "creative" selection, arrangement or coordination by the courts. For example, (i) if a database includes all the facts on a given topic, the court will hold that there is no creativity in the selection because every item in that universe was selected; (ii) if a database is arranged in an order that is logical and useful to the user, the court will hold that there is no creativity in the arrangement because the order is typical; and (iii) if an electronic database is in random order and arranged by the user according to parameters established by the user, the court will hold that there is no creativity in the arrangement because there is no arrangement at all. Therefore, the more useful, complete, and up-to-date a database is (i.e., the qualities that benefit database users the most), the less likely it is to be protected by copyright. Even when courts find that a database contains elements of selection, arrangement or coordination that are creative enough to warrant copyright protection, the scope of protection afforded has been extremely narrow. For instance, the usual standard for determining copyright infringement is whether there is "substantial similarity" between the allegedly infringing work and the copyrighted work. However, where databases are involved, the standard is heightened to a "virtually identical" standard. That standard has led many courts to hold that a copyrighted database is not infringed even when the differences between the original database and the copied database are trivial. Courts have also ruled that no infringement occurs when any elements of selection, coordination, or arrangement of the database that was copied did not constitute creative authorship. Accordingly, while some databases may receive copyright protection in theory, in practice the scope of this protection has proven to be minimal. It has been suggested that Section 1201 of the U.S. Copyright Act would provide a sufficient remedy against database piracy. There is no legal or factual support for this conclusion. Section 1201 was enacted as part of the Digital Millennium Copyright Act (DMCA). It prohibits both the act of circumventing technological protection measures to gain unauthorized access to copyrighted works and the trafficking in any anticircumvention tools that permit unauthorized access. This provision does not come remotely close to addressing the real problem of database piracy because, most significantly, it only applies when the underlying work that is protected by the technological safeguard is a copyrighted work. As noted above, many databases are not protected by copyright and, therefore, could not receive the protections afforded by Section 1201. In sum, the same problems that exist with regard to protecting databases under copyright apply to database providers seeking to assert claims under Section 1201. In fact, those difficulties are elevated in a Section 1201 claim because not only does the database producer have to successfully leap the hurdle of proving that the database was protected by copyright, but also must prove that a technical measure was circumvented in violation of the criteria set forth in Section 1201. In addition, section 1201 provides no remedy against a person who distributes a pirated database that was received from a person who circumvented a technical measure to get it. Furthermore, access control measures protected under the DMCA, like other technology-based solutions, are, at best, only a partial solution. Technical measures do not work at all where the database is in nonelectronic form, such as classified ads in print newspapers, or directories, such as the McGraw-Hill Companies' World Aviation directory. Similarly, it would not apply to Internet companies, such as eBay, Reed-Elsevier and ExpertPages.com, that elect to allow their customers and users to have open access to some or all of their databases. So, while technological protections may be useful in some business models, in many others they are not. (2) State Misappropriation Law: State misappropriation law does not provide meaningful national protection to databases. First, each state's misappropriation law -- which is usually a common law doctrine -- is different. In the Internet environment this proves problematic. For example, when a company makes its database available over the Internet, should it prevent persons from states without misappropriation laws or with inadequate misappropriation laws from accessing its database? Even if it wanted to prevent such access, how would it do so? National uniformity is clearly needed in this area. Second, many state misappropriation laws are restricted to "hot news". Under these regimes, a database might be protected if it contains "hot news," but only for a short period of time, such as the first fifteen minutes after its inception. The great majority of databases, however, have a value long after the fifteen minutes have expired. Third, because state misappropriation laws are largely common law, many courts have held their respective state's misappropriation laws to be preempted by federal copyright law. Thus, there must be federal legislation that addresses the misappropriation of databases. (3) State Trespass Law: State trespass law provides a remedy against database piracy only in the rarest of cases. A significant limitation on state trespass claims is that they do not apply to non-electronic databases or databases distributed on CD-ROM. Also, trespass claims will likely only be successful where a plaintiff can prove server or network damage. Most database publishers are not likely to be able to prove this. In addition, because of the novelty of applying state trespass claims to the Internet, there is no guarantee that other states will interpret these claims the same way that the district courts in California and New York did. As in other cases of reliance on state law, there are substantial variations among states, and national uniformity is needed. Once again, this highlights the need for a uniform federal law providing meaningful database protection. (4) State Contract Law: Contracts are only effective against the people who assent to them. Sometimes the database pirate is a customer. But more often the pirate is an unrelated third party. If a database producer has no contractual relationship with the database pirate, there is no way for the database producer to bring a case against the database pirate for breach of contract under state law. The other problem with state contract law is that because it differs from state to state, database providers and users may find themselves faced with different results in different jurisdictions. (5) Computer Fraud and Abuse Act, 18 U.S.C. 1030: The Computer fraud and Abuse Act is an anti-hacking statute that offers little protection against database piracy. It does not apply to printed compilations, or to compilations stored on CD-ROM or other similar media. Thus, while Section 1030 may work for some business models, for many others it does not. Finally, similar to the state trespass claims discussed above, section 1030 would only apply where a system or network itself is harmed. It would not apply where the market for or value of the database is harmed as opposed to the network or system on which the database resides being harmed. (6) Federal or State Trademark or Unfair Competition Law: Existing trademark and unfair competition laws are insufficient because they require that a database producer prove a likelihood of confusion. If there is no confusion, there is no cause of action. (7) Trade Secret Law: Few databases can be protected by trade secret. In virtually all cases the contents of the database are available to the public and therefore are not protected by trade secret law. Assuming trade secret law does provide a measure of protection for non-public databases, relying on it to protect databases in general creates incentive for database producers to privatize their databases in order to protect them as trade secrets. That incentive is contrary to the notion that databases should be shared with the public
|
|||||||||||
|
