Separation of Ownership and the Authorization to Use Personal Computers: Unintended Effects of EU and U.S. Law on IT Security

It used to be that owners of personal computers typically had full and exclusive authorization to use their computers. This was primarily due to the open architecture introduced with the IBM Personal Computer in the 1980s and proliferated in the 1990s. Recent developments bear evidence of an increasing disconnection between the concept of ownership and that of authorization to use a personal computer (including mobile devices such as notebooks, sub-notebooks, cell phones, smartphones, and PDAs): Interference with the closed architecture employed by Apple's iPhone is claimed to constitute a violation under 17 U.S.C. § 1201. The EULA for Windows 7 supposedly grants Microsoft the right to disable a user's operating system if the user is deemed to be in violation of the license terms. The Google Chrome Terms of Service supposedly grant Google the right to install new versions of its product without notice. On July 17, 2009, Amazon remotely deleted certain titles, including Animal Farm and Nineteen Eighty-Four from its customers' ebook devices without consent or notice. This research analyzes the extent to which EU and U.S. contract law and (para-)copyright law disconnect the concepts of ownership and authorization and how that affects the security of personal computers.

This research was co-sponsored by the Stanford-Vienna Transatlantic Technology Law Forum (Stanford Law School/University of Vienna School of Law), the Stanford Center for E-Commerce, the Europe Center at the Freeman Spogli Institute for International Studies at Stanford University, as well as supported by the University of Vienna Research Grant 2010.