The First Amendment and Mandated Creation of Computer Code

From CDK Global LLC v. Brnovich, decided last week by Judge Grant Murray Snow (D. Ariz.):

Plaintiffs CDK Global LLC and Reynolds and Reynolds Company … develop, own, and operate proprietary computer systems known as dealer management systems (“DMSs”) that process vast amounts of data sourced from various parties. Automotive dealerships hold licenses to DMSs to help manage their business operations, including handling confidential consumer and proprietary data, processing transactions, and managing data communications between dealers, customers, car manufacturers, credit bureaus, and other third parties…. Plaintiffs … contractually prohibit dealers from granting third parties access to their DMSs without Plaintiffs’ authorization.

In March 2019, the Arizona Legislature passed the Dealer Data Security Law …. The Dealer Law regulates the relationship between DMS licensers like Plaintiffs and the dealerships they serve. Under the Dealer Law, DMS providers may no longer “[p]rohibit[] a third party [that has been authorized by the Dealer and] that has satisfied or is compliant with … current, applicable security standards published by the standards for technology in automotive retail [ (STAR standards)] … from integrating into the dealer’s [DMS] or plac[e] an unreasonable restriction on integration….”

The Dealer Law also requires that DMS providers “[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]” that is compatible with STAR standards and that they “[p]rovide access to open application programming interfaces to authorized integrators.” Finally, a DMS provider may only use data to the extent permitted in the DMS provider’s agreement with the dealer, must permit dealer termination of such agreement, and “must work to ensure a secure transition of all protected dealer data to a successor dealer data vendor or authorized integrator” upon termination….

Plaintiffs have sufficiently alleged that the Dealer Law abridges their freedom of speech … by requiring that Plaintiffs draft code to facilitate disclosure …. It is well-established that “computer code, and computer programs constructed from code can merit First Amendment protection.” Universal City Studios, Inc. v. Corley (2d Cir. 2001); see also United States v. Elcom Ltd. (N.D. Cal. 2002) (“[c]omputer software is … speech that is protected at some level by the First Amendment”).

However, not all code rises to the level of protected speech under the First Amendment. Rather, there are “two ways in which a programmer might be said to communicate through code: to the user of the program (not necessarily protected) and to the computer (never protected).” Further, even where code communicates to the user of a program, it still may not constitute protected speech under the First Amendment if it “commands ‘mechanically’ and ‘without the intercession of the mind or the will of the recipient.'”

Plaintiffs have sufficiently alleged that the code they must draft to comply with the Dealer Law communicates substantively with the user of the program. The Amended Complaint alleges “Plaintiffs must draft code to receive and respond to requests from ‘authorized integrators’ … who will interact with the code by commanding it to communicate the information they choose to request.” It also states that the code will express the creative choices of the software developers and communicate those choices “to those who would access the Plaintiff’s DMSs, as well as to other third-party programmers.” Taken as true, these allegations sufficiently allege a protected interest in the content of the code.

Defendants argue the Dealer Law cannot compel speech because it does not dictate what Plaintiffs’ code must say, only that dealers must adopt a framework to share data from their DMSs. Ariz. Rev. Stat. Ann. § 28-4654 (requiring that Dealers “[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from dealer data systems with authorized integrators and the retrieval of data by authorized integrators using the star standards or a standard that is compatible with the star standards.”). They contend that, by mandating only access, the Dealer Law regulates Plaintiffs’ conduct, not speech.

Corley acknowledged this possibility, clarifying that the mere “functional capability” of a code did not implicate First Amendment Protection. But Plaintiffs’ allegations go beyond the functional capability of their code because they claim users will interact with their program in a substantive way. Defendants’ arguments that the Dealer Law is more properly considered a regulation on conduct therefore amount to disagreements about the factual consequences of the law and the drafted code. Such a contention cannot be resolved at the Motion to Dismiss stage.

{Moreover, the mere assertion that the law regulates conduct does not establish failure to state a claim under the First Amendment. Even where a law is aimed only at conduct, an incidental burden on speech triggers scrutiny—it must be “no greater than essential.” Rumsfeld v. Forum for Acad. & Institutional Rights, Inc. (2006) (finding that a burden is no greater than essential when “neutral regulation promotes a substantial government interest that would be achieved less effectively absent the regulation.”).}

I’m not sure what I think about this, but I thought some of our readers would find it interesting.

from Latest – Reason.com https://ift.tt/3p3inVI
via IFTTT

Leave a Reply

Your email address will not be published. Required fields are marked *