Showing posts with label blocking. Show all posts
Showing posts with label blocking. Show all posts

Thursday, July 28, 2011

Newzbin 2: Landmark or Laughing Stock?

In answer to my own not so jocular question in the title, the answer is, I truely don't know..

So the long awaited decision in Newzbin 2 aka Twentieth Century Fox et al v BT [2011] EWHC 1981 (Ch) is out. Pangloss has not had time to read the details yet of this lengthy judgment (she is longing to, but has been doing boring stuff designing relaunched websites all day) but to some extent the big question is what the practical impact of the decision will be now, more than the implications for future legal interpretations.

Newsbin was (or is) a website which described itself as a "Usenet search site": while not a clasic P2P torrent site, or indeed a host of infringing content, it enabled extremely easy access to infringing copies of major movies. In the first Newzbin case, [2010] EWHC 608 (Ch), in March 2010, Kitchin J found that Newzbin knew the vast majority of the files so indexed were commercial products protected by, and infringing, copyright. As a result he held that Newzbin infringed the copyright of the complaining rightsholder film studios plaintiffs. It had not only authorised and procured infringement under the CDPA , which was perhaps the most likely counts of infringement, but it was also held to be a primary infringer in that it had communicated the the copyright works to the public without permission.

Newzbin 1 was a big win for rightsholders - or should have been. In fact of course what happened was the site moved offshore (apparently) , kept the same URL and fanbase (and subscription revenue stream) but went effectively outwith the jurisdiction.

Undaunted, the plaintiffs took approach 2: asking BT, the largest UK ISP and telco, to block access to Newzbin to its subscribers wherever it was physically located. The means of so doing was s 97A of the CDPA which existed long before the Digital Economy Act but whose scope has been in doubt.

Although the plaintiffs made it clear that if successful they would move on to suing other ISPs similarly, BT had the big advantage as a first test case in that it is the owner of what is commonly (and wrongly - cue annoyed email from Clive Feather) known as Cleanfeed. This is the blocking technology which is used by ISPs alerted by the Internet Watch Foundation to voluntarily block images of child sexual abuse . Cleanfeed is a reasonably effective form of blocking for child pornography because it can focus on one file or even one image: it does not block entire domains or entire keywords, as some blocking tools do, which might include substantial innocent material.

To cut to the chase, after much legal discussion of HRA, the E-Commerce Directive (I salivate as I write) , Promusicae, and the Digital Economy Act (be still my beating heart) and even in a deft flourish the new L'Oreal vs eBay ECJ case , Mr Justice Arnold agreed to make an order to block. The draft order sought is drafted in the following terms:

  1. "1. The Respondent shall adopt the following technology directed to the website known as Newzbin or Newzbin2 currently accessible at www.newzbin.com and its domains and sub domains. The technology to be adopted is:
(i) IP address blocking in respect of each and every IP address from which the said website operates or is available and which is notified in writing to the Respondent by the Applicants or their agents.
(ii) DPI based blocking utilising at least summary analysis in respect of each and every URL available at the said website and its domains and sub domains and which is notified in writing to the Respondent by the Applicants or their agents.
2.. For the avoidance of doubt paragraph 1(i) and (ii) is complied with if the Respondent uses the system known as Cleanfeed and does not require the Respondent to adopt DPI based blocking utilising detailed analysis.
3. Liberty to the parties to apply on notice in the event of any material change of circumstances (including, for the avoidance of doubt, in respect of the costs, consequences for the parties, and effectiveness of the implementation of the above measures as time progresses)." *

There are a number of points to be made here. First, this was an extremely clever test case to pick to establish the legality of blocking orders via s 97A. It is a bit like shooting fish in a barrel : first, a prior UK court had established Newzbin was overwhelmingly devoted to infringing and enabling infringement of copyright, and for obvious commercial gain (it was a premium subscription site.) Compare if an order to block a torrent P2P site had been sought: where content accessed may be infringing, or may be public domain, and where "knowledge" is much harder to pin down; and where revenue streams and thus again, illicuit intent may not be so obvious. Similar problems would arise with a host site like YouTube where there is at least as much UGC as infringing pirate content. Note also that Newzbin had already been found not just to be authorising infringement but actually primary infringers themselves.

Then, secondly, add in the fact that BT already had a tried and tested and relatively non-overblocking tool like Cleanfeed on their hands - and the outcome was something of a foregone conclusion. The judgment also notes carefully that this is not another SABAM (para 177) - where the ECJ (or at least so far , the AG) seems to have balked at the width and unimplementability of what was asked and refused to make a blocking order to stop access by ISP customers to P2P traffic. The order sought here is quite focused and, specifically, does not require what is conventionally thought of as DPI - monitoring and analysis of all subscriber traffic.

But, two important questions. First, is this, it as is often the way, a Pyrrhic victory for the plaintiffs? ie will it work? Second, what is the fallout of this decision? in other words, what are the bad consequences that may flow from what many - not even all working for the content industry - may regard as an obvious and sensible decision given the particular facts of the case?

On the first point, Twitter is full of the usual technorati shaking their heads in amazement at the gullibility of the English courts, thinking they can control the Internet in their quant Canute like ways. It is absolutely clear that this blocking cannot be effective against any moderately technically competent Internet user. Richard Clayton, a reliably sensible source, opines that
BT users will still of course be able to access Newzbin (though perhaps not by using https), but depending on the exact mechanisms which BT roll out it may be a little less convenient. The simplest method (but not the cheapest) will be to purchase a VPN service — which will tunnel traffic via a remote site (and access from there won’t be blocked). Doubtless some enterprising vendors will be looking to bundle a VPN with a Newzbin subscription and an account on a Usenet server.
The court was not, actually, unaware of this, in abstract if not in detail. Mr J Arnold explicitly accepted Malcolm Hutty's (also reliably sensible) evidence for BT that "the level of technical expertise required to circumvent" this kind of blocking was little more than was needed to use Newzbin and Usenet in the first place (para 193).

However he then still made the order. Why? Well, first it would require users to make some extra effort (however little) and some wouldn't (para 194). Second, users were having to pay to use Newzbin and probably needed a paid Usenet sub service too, and if they were going to have to fiddle around with VPNs as well, they might just give up and use legal services instead (para 196)

It is this final conclusion that is the one that makes me incredulous about this decision. Even leaving aside the Internet contrarianism factor (blocking a site is the surest way to make everyone go find it and use it) would an easier step for the hardened infringer not be to revert to free methods of obtaining the same content? Enough of them exist for me not to need to list them I am sure, nor are all illegal. It is already trite knowledge that more young people are streaming content than downloading it - as easy, less risk. In other words the conclusion of efficacy of blocking seems to have been based on effective diversion to other, mainly illicit, channels. In which case one wonders if the game is really worth the candle given the downsides of blocking - which takes us to point 2.

Here it is first worth noting that the court explicitly acknowledge that efficacy is not actually what they are about. In para 98, the final word is

Finally I agree with counsel for Studios that the order would be justified even if it only prevented access to Newzbin2 to a minority of users." [itals added]

Such a declaration of symbolic justice at all costs must surely be accompanied by some comprehension of the balance of gains and losses. It helps to ask how often will court blocking orders be made post Newzbin 2? Paradoxically , after two years of test case jousting, not many. The clue here is in para 189 where Arnold J warns helpfully that

Furthermore, although I cannot prejudge later arguments in this case, it is not inevitable that future applicants will recover all their costs even if successful: compare the practice in respect of Norwich Pharmacal orders, as to which see Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233. For these reasons, even if the present application is successful, I think it is clear that rightholders will not undertake future applications lightly." [itals added]

In other words, most applicants would get their costs back; just no guarantee of it. Under the English system of winner takes all, that means ISPs which opposed s 97A orders would fear to end up on the losing side with all the costs of both sides - a crippling financial burden to take on for love of freedom of speech or even just the good PR. Most would not. (Francis Davey has been making this point ever since s 18 of the DEA was conceived.) In Totalise itself, the courts agreed (eventually) that an ISP which insisted on a court order before agreeing to identify one of its subscribers in breach of its own privacy policy, did not necessarily have to pay all the costs of the plaintiff as well as its own as long as it was , basically, behaving reasonably. But this is an exception to the norm of English costs allocation, in a rather odd kind of court order, and there is no guarantee such a rule will be evolved in s 97A proceedings. ADDED: The two cases are rather different: ISPs are essentially bound by their own promises of confidenrtiality to their customers not to disclose their identitywithout court mandate; but no such restraint, one would think, pertains in relation to a website (like Newzbin) which has no contractual relationship with that ISP. Francis Davey, in correspondence, however adds that he expects an ISP might always feel it has to defend to get right the precise wording of the order - since all ISPs will have different technical capacities. On the other hand, it will take a while, absent legislation,before any ISP would know its potential costs liability - which might point towards not seeking to defend a court application, or even more likely, agreeing a voluntary protocol with no court involvement at all. This has the side benefit that no court order (even an undefended one) means no posibility of contempt of court for not meeting its requirements.

Assuming it is likely that the winner takes all costs rules persists, even while things shake dow, then, what the courts will have put in place then is what Ed Vaizey already said he wants: a system of extralegal "voluntary" blocking by ISPs of content which is alleged to be substantially copyright infringing, without all that boring and expensive checking of evidence. This will not be court based transparent justice; it will be private censorship by those industries with the most to gain from this, and without consideration of the public domain or the public interest, or the interests of those introducing new innovative products whose interaction with classic IP will be untested. Fun times.

But we need to do something to help the content industries; we've been told often enough. Are there alternatives to blocking that will on the one hand be circumvented by those who know, and on the other hand, create a structure for uncontrolled private censorship? Well, the usual litany - the same answer I give when people ask if there is an alternative to graduated response for maintaining the creative sector. Real, convenient, comprehensive legal alternatives that sell content and match the ease and the flexibility of the illicit model: legal P2P, levies, innovative bundles solutions. Everything Ian Hargreaves asked for in fact. But we've been here before. It's so much easier to stick yet another patch on a sinking ship than build a new one.

Finally and optimistically, it is worth pointing out that the website blocking provisions of the Digital Economy Act were introduced because the rightsholders claimed they were uncertain as to the workability of s 97A to defend their interests. Now we have a s 97A precedent in their favour, there should be no reason either to implement s 17, nor to go ahead with Vaizey's half-privatised alternative.

Secondly, if we are to have UK web censorship should we not have even-handed censorship? It is passingly strange that we now have an effective court ordered means to block sites which help infringe copyright, but nothing equivalent to block sites which host hate speech or jihad speech, or which host malware sites or phishing sites, or where libellous comments are posted. Even the IWF scheme to block child pornograophy is voluntary not court mandated. Shouldn't we be having a debate about even-handed censorship? What makes copyright so special here? Or would that remind us that we never had that debate about copyright to start with?

* EDIT: Further discussion seems to reveal the parties will be back in court in October to agree the final version of the order. This may not be the same as the draft above. Until then no blocking will be put in place. Further also to this BBC news story there appears to be a misapprehension: the court order will only apply to BT not the other ISPs - the fact they decided not to intervene is irrelevant. Also a High Ct decision will not act as binding precedent to other High Court applications. However unless other ISPs have substantially different arguments than BT (eg more technological or legal difficulties in blocking) they might choose not to defend court orders aimed at them, or to defend (as suggested above) only to argue the precise wording of the blocking order. However a court order is NOT the same as passing statute like the DEA; it is effective against the parties only not the world.

*EDIT added 3.08.11 : and today as Pangloss predicted, implementing web blocking via the DEA ss 17/18 is quietly dropped as, so we hear, "unworkable". One wonders how they knew the result of
Newzbin 2 before it came out? :)

EDIT 3: added 29.07.13 - note that Sky apparently gave in shortly after this and agreed to block Newzbin  without opposing the court order received even though there technical filtering capacity is very diferent to BTs - see http://www.zdnet.com/sky-blocks-newzbin2-following-court-order-4010025026/ , also http://www.sroc.eu/2011/12/sky-blocks-newzbin-important-legal-and.html where James Firth notes : "Newzbin will — and there's strong evidence they have done already, several times — change their IP address," Firth wrote. "It is well known that IP addresses have all but run out. Nearly all IP addresses allocated are recycled — they've been in use before. Pity the website owner who picks up Newzbin's old IP address."

Monday, January 10, 2011

Welcome to 2011!

Happy new year, gentle readers, slightly belatedly, and for Pangloss it's all new indeed: new job, new title (Professor of E-Governance), new workplace (Strathclyde Law School) and new abode (back in Auld Reekie). All of this makes me very happy if in the short term, slightly, dishevelled, abandoned, hyper and well, fill in the adjective of your own choice :)

Please note AGAIN my new email address is lilian.edwards@strath.ac.uk and my snail address should you conceivably need it is

School of Law

Faculty of Humanities and Social Sciences

Graham Hills Building, Level 7 (GH 7.13)

50 George Street

Glasgow G1 1QE


If any of you can remember the achingly long time ago before the festive season, the burst pipes (oh so don't ask) and the Snowpocalypse, you may remember we were a little exercised about Wikileaks. The nice people at Practical Law Company (PLC) asked me to write a briefing on what issues might be involved for the UK legal system, and you too can read it for free here. Basically I think the key issues are:

- were criminal offences committed of DDOS by UK residents? (almost certainly yes)
- is merely downloading a tool which can be used to help commit DDOS a crime? (yes, though proof of intent may be tricky)
- can IP addresses of attackers be captured & UK ISPs be asked to help identify such persons (yup)
- can ISPs in UK conceivably be asked to block Wikileaks sites or domain names? (A. probably not, unless by some back door means such as invoking copyright laws under s 97A of the CDPA, or by some hitherto latent common law power which would need at least a High Court application in England & Wales or Court of Session in Scotland, and still be pretty uncertain).

The last point, though it seems farfetched, is a topical one given the ill judged comments by Ed Vaizey just before Christmas suggesting that all online "adult sexual materials" sites should be blocked "at source" by UK ISPs , with only adults then allowed to opt back in. Beyond the obvious difficulties of definition of such sites, over blocking, under blocking, the herculean task of assembling such a list, most of which will be overseas, evasion, ULL-jumping, VPNs, proxy servers, the fact that kids are better than adults at hacking this, etc ad nauseam, the simple fact is that such blocking solutions don't work and don't scale on practical terms unless you're willing to devote the resources and the Stalinist control of a country like China to such a pursuit. Just look at Australia for the trouble it has caused there in a smaller country with far fewer ISPs and far more history of state censorship than here.

I'm all for thinking of the children, really (actually, to be honest, as a child's rights lawyer on the side I also wonder if anyone has paid attention to the emergent minor child's right to autonomy, see Gillick, see future possible ECHR applications..?) but right now this seems like an expensive, embarrassing, largely pointless red herring to go down. IF parents want to stop kids accessing porn, there are many good products out there to allow them to do it at home eg |Net Nanny and its ilk. The Daily Mail will like it though :-)

But more than ALL that, what worries me is the huge possibility for scope creep here. As I have noted often, often before, once you have one scheme for blocking huge amounts of URLS without transparency or accountability in place, what is the temptation to start adding other URLs to it you don't like? High , in my cynical opinion. (And whatever the government means by blocking sites "at source" this will have to involve an Internet Watch Foundation style blocklist - because every single adult site closed down by its host service in UK will simply shift to a host abroad in under 24 hours. Indeed the Telegraph story seems to clearly indicate an IWF type list would be used : "Ministers now want companies to use the same technology to stop children accessing adult images".)

So on a brighter more positive start to the new year, here's a few events I plan to be at, be running , be speaking at, and so forth:

Workshop on Free and Open Communication on theInternet (FOCI), to be held February 24-25, 2011 at Georgia Tech in Atlanta,Georgia (invited expert speaker)

BILETA, Manchester Metropolitan University, 11th-12th April

3rd Web Science Conference, Koblenz, Germany - June 15-17

GikII in Gothenberg, Sweden!! GikII goes Scandinavian hardcore:) , contact Matthias Klang for info - 27-28 June

SCL Policy Forum, London, Herbert Smiths, September 15-16th - I'm curating this one on a theme of the new shape of European regulation as the DPD, ECD and other major instruments head for reform.

Wednesday, December 01, 2010

Veni Vidi Wikileaks

Since every other blogger in the universe has discussed how the US is going to stop Wikileaks, perhaps it's time for Pangloss to enter the fray, with the not terribly unexpected news that Amazon (in its cloud hosting services capacity) have indeed decided to stop acting as new temporary host to Wikileaks which moved there following the devastating DDOS attacks on its own server (thanks to Simon Bradshaw for pointing me at this news).

This is interesting in all kinds of ways.

First, the initial move to Amazon was a clever one. In the old days, a concerted and continuing DDOS attack on a small site might have seen them off - nowadays there are plenty of commercial reasonably priced or free cloud hosts. So cloud computing can be seen as a bulwark for freedom of speech - vive les nuages!

Second, though of course, what strokes your back can also bite it, and here we have Amazon suddenly coming over shy. This appears to be entirely the sensible legal thing for them to do and anyone accusing them of bad behaviour should be accused right back of utter naivete. Amazon are now on notice from the government of hosting material which breached US national security and so would according to the US Espionage Act as quoted in the Guardian piece, fairly clearly have been at risk of guilt as a person who "knowingly receives and transmits protected national security information" if they had not taken down. (Though see a contrary view here.)

While Assange as an Australian not a US citizen, and a journalist (of sorts) might have had defences against the charges quoted also ( as canvassed in the Grauniad piece) Amazon, interestingly, would, it seems, not. They are American and by definition for other useful purposes (eg CDA s 230 (c) - see below and ye ancient Prodigy case) , not the sort of publisher who gets First Amendment protections. And Amazon has its CEO and its major assets in the US, also unlike Assange. I think that makes take down for Amazon a no-brainer. (And also interestingly, CDA s 230(c) which normally gives hosts complete immunity in matters of liability which might affect press freedom (such as defamation by parties hosted) does not apply to federal criminal liability.)

But as Simon B also pointed out, there are lots of other cloud suppliers , lots in Europe even. What if Wikileaks packs and moves again? Would any non US`host be committing a crime? That would depend on the local laws: but certainly it would be hard to see if the US Espionage Act could apply, or at any rate what effective sanctions could be taken against them if a US court ruled a foreign host service was guilty of a US crime.

Which leaves anyone wanting to stop access to Wikileaks, as Technollama already canvassed, the options of, basically, blocking and (illegal)DDOS (seperating the existence of the Wikileaks site from any action against Assange as an individual). Let's concentrate, as lawyers, on the former.

Could or would the UK block Wikileaks if the US`asked?

Well there is an infrastructure in place for exactly such. It is the IWF blacklist of URLs which almost all UK ISPs are instructed to block, without need for court order or warrant - and which is encrypted as it goes out, so no one in public (or in Parliament?) would need to know. This is one of the reasons I get so worked up about the current IWF when people are asking me if I won't think of the children.

There is also the possibility, as we saw just last week, of pressure being exerted not on ISPs but on the people who run domain name servers and the registrars that keep domain names valid. Andres G suggests that the US might exert pressure on ICANN to take down wikileaks.org for example. Wikileaks doesn't need a UK domain name to make itself known to the world, but interestingly only last week we also saw a suggestion from SOCA (not very well reported) that they should have powers effectively to force Nominet, the UK registry, to close down UK domain names being used for criminal purposes. Note though if you follow the link that that power could only be used if the doman was breaking a UK criminal law.

But there is a really simply non controversial way to allow UK courts the power to block Wikileaks. Or there may be soon.

Section 18 of the Digital Economy Act 2010 - remember that? - allows for regulations to be made for "the granting by a court of a blocking injunction in respect of a location on the internet which the court is satisfied has been, is being or is likely to be used for or in connection with an activity that infringes copyright."

Section 18, at present, needs a review and regulations to be made before it can come into force. This may in the new political climate perhaps never happen - who knows. But what if that had been seen to?

Wikileaks documents are almost all copyright of someone , like the US government, and are being used ie copied (bien sur) without permission. Hence almost certainly, a s18 fully realised could be used to block the Wikileaks site.Of course there is some possibility from the case of Ashcroft v Telegraph Group [2001] EWCA Civ 1142`that a public interest/freedom of expression defense to copyright infringement might be plead - but this is far less developed than it is in libel and even there it is not something people much want to rely on.

So there you go : copyright, the answer to everything, even Julian Assange :-)

Oh and PS - oddly enough the US legislature is currently considering a bill, COICA, which would also allow them to block the domain name of sites accused of encouraging copyright infringement. Handy, eh? (Though on this one point, the UK DEA s 18 is even less restrictive than COICA, which requires the site to be blocked to be "offering goods and services" in violation of copyright law - which is not even to a lawyer a description that sounds very much like Wikileaks.)

EDIT: Commenters have pointed out that official government documents in the US, unlike in the UK do not attract copyright. Howver the principle stands firm: embarrassing UK docs leaked by Wikileaks certainly would be prone to attack on copyright grounds, including DEA s 18, and it is quite possible some of the current Wikileaks documents could quote extensively from material copyright to individuals (and Wikileaks prior to the current batch of cables almost certainly contain copyright material).

Interestingly Amazon did in fact, subsequent to this piece, claim they removed Wikileaks from their service, not because of US pressure, but on grounds of breach of terms of service : see the Guardian 3 December 2010

"for example, our terms of service state that 'you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity.' It's clear that WikiLeaks doesn't own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren't putting innocent people in jeopardy. Human rights organisations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments."

The copyright defense is alive and well :-)