Skip to content

Laws which may apply to our application

Jump to bottom
Evan Vander Hoeven edited this page Sep 18, 2019 · 6 revisions

Objective

  • Applications which involve communication between devices are subject to a plethora of laws. The purpose of this wiki-page is to provide a list of those laws which could apply to this application, both in the United States and the rest of the world.
  • This page will also include a whitelist of countries where it is reasonable to believed that running this application as an open source project is legal.
  • In no case should this document be used as legal advice. Nor should anybody use this as a definitive guide to laws relating to chat / messaging applications or peer to peer communication applications. This assembly of legal concepts was written by computer scientists, not lawyers.

Summary, or the TL;DR version of this document

Any country where peer to peer networks (such as the Tor network) are allowed are countries where it is safe to use this app. There are privacy considerations when using this application, and that varies by country. Know your privacy rights where you live.

Some of the privacy laws govern the app's behavior, but since this application is built around the notion of making completely private wireless device to device communication, this application does not apply to those concerns. If this application began to involve a server (which would mean that the app's purpose has changed fundamentally), then certain laws would apply, requiring the app to change its behavior to comply.

Countries where this app is confirmed to be compliant with the law

  • The United States of America
  • Canada
  • Member nations of the European Union

Countries where use of this app could be illegal

  • Belarus
  • China
  • Iran
  • Iraq
  • Oman
  • North Korea
  • Russia
  • Turkey
  • Turkmenistan
  • Uganda
  • United Arab Emirates
  • Venezuela
  • Vietnam

Laws and Considerations for the United States

Terms of note when trying to understand laws from the United States:

The Financial Industry Regulatory Authority (FINRA) declared in December of 2007 that "electronic communications", "email", and "electronic correspondence" are terms that may be used interchangeably in laws and includes messaging applications such as P2P chat.

Privacy Laws

  • The United States does not protect text messages under the fourth amendment based on the notion of control. Commonly cited precedent includes but is not limited to STATE OF OKLAHOMA v. Marcum and United States v. Jones although the later ought not be confused with the other United States v. Jones, which dealt with privacy issues relating to GPS trackers on cars, not text messages.
  • The Notion of Control in the context of the fourth amendment states that when you hit "send" on a text message, you relinquish control of that text message, including the ability to keep that message private. This is based under the premise that once a message is sent to its recipient, while the form of communication may have been private, the recipient has the ability to share the messages, via screenshots or by any other means. In layman's terms, once you hit send, that message is no longer private and could be used against you in a United States court of law.
  • In order for someone to use text messages in a court of law, they have to prove who wrote and sent the messages.
  • The fourth amendment still prevents law enforcement from arbitrarily reading your text messages. They will require a warrant to acquire your text messages unless given willingly by the person you sent your messages to (this may be referred to as one-party consent law, and federally applies, however state agencies are subject to state laws which naturally vary by state).
  • Magistrate Judge Kandis Westmore of the U.S. District Court in Oakland, California, issued a ruling denying a search warrant that dealt with both Fourth and Fifth Amendment rights which means that law enforcement cannot force you to use biometric data to unlock your device. However, if they can gain access to your phone via other means, they could read all the data stored on this application.

California

  • Assembly Bill number 370 states that in the event that a website or mobile application collects personal information, then it is required to have a "conspicuous privacy policy" which covers the following topics (this section is ripped directly from the law, worded to make more sense in context):
    • Identify the categories of personally identifiable information that the application owners collects about individual consumers who use the application and the categories of third-party persons or entities with whom the application owners may share that personally identifiable information.
    • If the application owner maintains a process for an individual consumer who uses the application to review and request changes to any of his or her personally identifiable information that is collected through the application, provide a description of that process.
    • Describe the process by which the application owner notifies consumers who use their application of material changes to the owner’s privacy policy for that application.
    • Identify the effective date of the privacy policy.

The legal issue of peer to peer (P2P) applications in the United States

This section could be its own academic paper, because the legal history is tremendous. There are a number of issues stemming from P2P applications. The two main areas of the law P2P applications have concerns involve the distribution of copyrighted material and net neutrality.

The issue of copyrighted materials is simple for the purposes of this application. In the past, people have used peer to peer networks to distribute and download copyrighted materials without the permission of the copyright owner. While the distribution of copyrighted materials is illegal, the Peer to Peer delivery method has no laws explicitly written against it. In other words, you can use this app for communication, but you can't use this app to share copyrighted materials with your friends.

In the line of net neutrality, with the end of certain Net Neutrality laws in 2018, this area of the law is subject to change. The primary legal scope resides in peer to peer networks, such as the Tor network, which has a history of being used for distributing illegal content. While attempts have been made by internet service providers to make peer to peer networks illegal, they have failed, instead resorting to throttling the bandwidth of such networks. However, this legal battle has no bearing on the legality of this application, since it is using a device to device communication framework, and is not communicating with internet service providers.

Laws and Considerations for Canada

Privacy Laws

  • The Supreme Court of Canada has decided in 2017 that text messages are considered private, even after being sent and received by the recipient. This was an overturning of the 2016 decision. This means that text messages have a reasonable expectation of privacy under The Canadian Charter of Rights and Freedoms, furthermore that privacy extends after the message leaves the sender, which is a difference from laws in the United States.

Peer-to-peer networking in Canada

Canada's legal system has experience much of the same issues as the United States in regards to the illegal distribution of copyrighted media over peer-to-peer networks, but not to the same extent that the United States has. Canada has come to the same conclusion that the United States has, while copyright infringement is illegal regardless of the use of a peer-to-peer network, merely running a peer-to-peer connection is not illegal.

Laws and Considerations for member nations of the European Union

Privacy Laws

  • The biggest factor of all privacy laws in the European Union are the GDPR regulations which includes 99 different articles protecting user privacy. Any mobile application must follow a few essential rules to comply with GDPR regulations:
  • Any application that wishes to access personal data must do so only with the explicit permission of the app user. Personal data includes but is not limited to: contacts, photos, name and address of the user, genetic data, biometric data, and even the mac or IP address has been included in the definition of personal data.
  • Data protection must be included in an apps design, and settings must be configured for maximum data protection by default.
  • The user has the right to be forgotten.
  • All data collection requirements must be opt-in rather than opt-out, before a user can opt-in for any data collection, they must be made aware of what data is being collected and to what extent. This information also must be written in plain, easy to understand text rather than complex legal terms. The burden of proof for this opt-in system resides with the app maker.
  • To simplify that last point as much as possible, all apps must acquire active and informed consent before collecting personal data.
    • You cannot pre-select a consent checkbox or button, users must select all checkboxes or buttons manually.
    • Apps cannot assume that if a user continues to use the app they are providing consent (a common practice in the United States). A phrase like "by creating an account, you agree to company's conditions of use and privacy policy." would be an example of failing to meet the requirement of that GDPR article.
    • The application must explain what each kind of data they are collecting is being used for. For example, the app's explanation as to why it needs access to your contacts must be separate to the app's explanation as to why it would need access to the phone number of the user.
  • Users cannot be blocked from features of the app if they choose to not opt-in to data collection.
  • If we stored user data on a server, or anywhere other than on the user's phone, the user has the right to request all of their information, and the app owner has one month to comply with said request. This will not be a concern with this application because it's intent is to have all data be limited to the devices.
Clone this wiki locally