A VRM-y system would presumably alert you if you didn’t meet the age requirements for some web site you wished to join or subscribe to. Considering that under the CFAA doing so would be a felony in the US, you’d hope VRM would alert you to these things, right? Is it relevant? You betcha. Check it out:
Until Today, If You Were 17, It Could Have Been Illegal To Read Seventeen.com Under the CFAA
If you are 17 or under, a federal prosecutor could have charged you with computer hacking just for reading Seventeen magazine online—until today.
It’s not because the law got any better. Earlier today, we wrote about news sites that alarmingly prohibit their youth audiences from accessing the news and the potential criminal consequences under the Computer Fraud and Abuse Act. In response, the Hearst Corporation modified the terms of service across its family of publications, including the Hearst Teen Network, which notably includes titles like Seventeen, CosmoGirl, Teen and MisQuince.
Seventeen highlights the absurdity of giving terms of service the force of law under the CFAA. It boasts a readership of almost 4.5 million teen readers with an average age of 16 and a half, and yet, until today, the average reader was legally banned from visiting Seventeen.com. That’s right, for a magazine dedicated to teen fashion, the publisher’s terms explicitly restricted online access to readers 18 and older. What’s worse, the Justice Department could choose to bring the might of the government to enforce this contract against a Seventeen reader who may never have even seen the agreement.
The rest of the article is here:
So why did I think this is about VRM? I’ve argued that the move from atoms to bits, from analog to digital, removes physical constraints so that the cost of surveillance drops to near zero and never-before-seen capabilities become possible. The corresponding development in the legal world is that we are increasingly bound by licenses and the role of law is shifting to become the thing which grants authority and enforcement to licenses. Under the CFAA, if the TOS says that you cannot record or use transactional data generated by doing business with a web site, then you really don’t own your own data and you can face felony charges for keying your own purchase history into a database.
Sound farfetched? I wanted to get my Audible purchases loaded into Goodreads. But they are listed by ASIN and Goodreads knows them by ISBN. So I figured I’d use Amazon’s Web Services API to convert between them. When I contacted Goodreads, I was told that they were happy to load audiobooks to the site – as long as they were not Audible. (More on this in their forum.) When I contacted Amazon and asked for help, they threatened legal action if I proceeded to use their API in that way. I asked how they’d know the difference between me using the API versus me manually looking up each book and I was told it didn’t matter because that was prohibited too. Amazon really doesn’t want to cede it’s “social” features to Goodreads, even to the point of telling me I can’t use transactional data to which I’m a first party.
I don’t care whether Average Joe knows what he’d do with his data if we gave it to him or not. In order to claim our sovereignty we need some ground in which to plant a flag. VRM as an example of a substantial non-infringing use of our own data. It doesn’t have to be mainstream, it merely needs to be significant to meet this threshold. That’s where we plant our flag.