Requiring Creation of Computer Code Doesn't Violate the First Amendment

From Judge G. Murray Snow's decision Wednesday in CDK Global LLC v. Brnovich (D. Az.):

Plaintiffs CDK Global LLC and Reynolds and Reynolds Company … develop, own, and operate proprietary computer systems known as dealer management systems ("DMSs") that process vast amounts of data sourced from various parties. Automotive dealerships hold licenses to DMSs to help manage their business operations, including handling confidential consumer and proprietary data, processing transactions, and managing data communications between dealers, customers, car manufacturers, credit bureaus, and other third parties. Plaintiffs employ multiple technological measures—such as secure login credentials, CAPTCHA prompts, and comprehensive cybersecurity infrastructure, hardware, and software—to safeguard their DMS systems from unauthorized access or breach. Plaintiffs also contractually prohibit dealers from granting third parties access to their DMSs without Plaintiffs' authorization.

In March 2019, the Arizona Legislature passed the Dealer Data Security Law ("the Dealer Law")…. The Dealer Law regulates the relationship between DMS licensers like Plaintiffs and the dealerships they serve. Under the Dealer Law, DMS providers may no longer "[p]rohibit[] a third party [that has been authorized by the Dealer and] that has satisfied or is compliant with … current, applicable security standards published by the standards for technology in automotive retail [(STAR standards)] … from integrating into the dealer's [DMS] or plac[e] an unreasonable restriction on integration …." The Dealer Law also requires that DMS providers "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]" that is compatible with STAR standards and that they "[p]rovide access to open application programming interfaces to authorized integrators." Finally, a DMS provider may only use data to the extent permitted in the DMS provider's agreement with the dealer, must permit dealer termination of such agreement, and "must work to ensure a secure transition of all protected dealer data to a successor dealer data vendor or authorized integrator" upon termination….

Plaintiffs allege the Dealer Law abridges their freedom of speech in two ways.

First, Plaintiffs contend that because they are "not merely conduits facilitating the transmission of information between dealers and third-party integrators," but rather "organize[rs of] information belonging to dealers and others in their proprietary DMSs," the Dealer Law violates the First Amendment by requiring Plaintiffs to share "information, as they have organized it, with third parties." Plaintiffs describe this information sharing as "compelled … communicat[ion]." To the extent that Plaintiffs seek protection for any copyright they have in the organization of their DMS information, they have stated a claim to such protection that survives, as addressed in the above Copyright Act section. However, Plaintiffs have provided no relevant authority to support the claim that organization of otherwise unprotected information is subject to First Amendment protection.

At oral argument, Plaintiffs cited Arkansas Educational Television Commission v. Forbes, 523 U.S. 666 (1998), for the provision that the First Amendment protects the organization of material. Forbes held that a public broadcaster "engages in speech activity" when it "exercises editorial discretion in the selection and presentation of its programming"; however, that case is inapposite here, where, unlike the broadcaster in Forbes, Plaintiffs' organizational decisions do not result in a decision by Plaintiff as to what speech to disseminate. Forbes dealt with the organizing broadcaster's right to exclude a candidate for federal office from a televised debate—in other words, allowing the broadcaster the freedom to "speak" by running programming that did not include the candidate. Here, Plaintiffs' seek First Amendment protection not to "speak," but to protect information stored within the DMS from access by any others, relief more appropriately provided—if at all—through statute. Plaintiffs' first free speech arguments fails.

Plaintiffs' second First Amendment argument is that because they will be "compelled to write computer code if the Dealer Law goes into effect" and "the computer code Plaintiffs must write falls within the First Amendment's protection," the Dealer Law violates the First Amendment because it "necessarily alters the content of [Plaintiffs'] speech," demanding "exacting First Amendment scrutiny." Plaintiffs complaint does not sufficiently allege how writing code to make unprotected information accessible to third parties is subject to First Amendment scrutiny.

Computer code and computer programs constructed from code can constitute speech warranting First Amendment protection. Universal City Studios, Inc. v. Corley, 273 F.3d 429, 449 (2d Cir. 2001); see also United States v. Elcom Ltd., 203 F. Supp. 2d 1111, 1127 (N.D. Cal. 2002) ("[c]omputer software is … speech that is protected at some level by the First Amendment"). However, whether code rises to the level of speech under the First Amendment depends on whether "a programmer might be said to communicate through code to the user of the program (not necessarily protected)" or only "to the computer (never protected)." Corley, 273 F.3d at 449. And even when software communicates to a user, where it is "mechanical[]" and does not involve "second-guessing" or "intercession of the mind or the will of the recipient," such code is devoid of any constitutionally protected speech. Id. (describing the holding of Commodity Futures Trading Comm'n v. Vartuli, 228 F.3d 94 (2d Cir. 2000)).

The Dealer Law does not in fact mandate that a DMS provider write code. It only mandates that owners of DMS systems "[a]dopt and make available a standardized framework for the exchange, integration and sharing of data from [a DMS]," Ariz. Rev. Stat. Ann. § 28-4654, "[p]rovide access to open application programming interfaces to authorized integrators," id., and allow "third part[ies] that ha[ve] satisfied or [are] compliant with the star standards or other generally accepted standards that are at least as comprehensive as the star standards and that the dealer has identified as one of its authorized integrators [to] integrat[e] into the dealer's dealer data system," Ariz. Rev. Stat. Ann. § 28-4653. Given the nature of existing DMSs, it would not be surprising if the implementation of these provisions required DMS providers to write code. Nevertheless, as the statute makes plain, the purpose of the Dealer Law—and thus any such code—is merely to facilitate the sharing of the otherwise unprotected underlying information in the DMS. To the extent Plaintiffs comply with the Dealer Law by creating code, that code only tells a computer how to function; it has no other expressive purpose.

Junger v. Daley, 209 F.3d 481 (6th Cir. 2000), is not to the contrary. In that case, the plaintiff sought to distribute encryption source code to demonstrate how computers work—code that qualified as speech because it was "an expressive means for the exchange of information and ideas about computer programming." 209 F.3d at 485. Nor is this case like Bernstein v. U.S. Dep't of State, 922 F. Supp. 1426, 1429 (N.D. Cal. 1996), in which the regulation at issue prohibited the plaintiff's publication of code "articulat[ing] … mathematical ideas" so substantive they were also published in an academic paper. Plaintiffs cannot plausibly argue that the Dealer Law's regulation of Plaintiffs' code goes beyond the code's capacity "to instruct a computer" to give third parties access to dealer data, just as the Corley court held that the DMCA's prohibition on posting technology for circumventing DVD encryption on the internet was a functional and not a speech regulation. 273 F.3d at 454. The allegations of Plaintiffs' complaint establish that, unlike in Junger, Bernstein, and Corley, any code Plaintiffs create pursuant to the Dealer Law only instructs a computer to provide access to unprotected information contained in Plaintiffs' DMSs. Thus, as alleged in the complaint, the Dealer Law does not regulate speech under the First Amendment….

The court also rejected various other arguments made by the plaintiffs, but allowed their Takings Clause and Contracts Clause claims to go forward (at least until the motion for summary judgment stage; this was a decision on a motion to dismiss).