Filtering round up: French filtering, Ireland backs off, UK sidesteps?

Bit of a round up here on some interesting stories of last few weeks on aspects of filtering that I've been accumulating.

Increasingly, stories as to filtering out illegal content such as child porn; blocking infringing downloads of copyright material by deep packet inspection and disconnection; and filtering to fight the "war on terror" are converging. For all of these, the same issues come up again and again: privacy; proof, transparency and other aspects of due process; and scope creep. These 3 stories illustrate this well. For my own recent take on the issue of Net filtering, as I said before, see my Internet pornograohy chapter on SSRN, which suggests the need for a Free Speech Impact Assessment before non transparent stateNet filtering schemes are introduced, for whatever purpose.

Filtering of illegal content in France

Thanks to @clarinette on Twitter (whose real name I am not absolutely sure of!!) for pointing me to another important European move towards non transparent Internet filtering - this time in France. From La Quadrature de Net:

Paris, February 11th, 2010 - During the debate over the French security bill (LOPPSI), the government opposed all the amendments seeking to minimize the risks attached to filtering Internet sites. The refusal to make this measure experimental and temporary shows that the executive could not care less about its effectivity to tackle online child pornography or about its disastrous consequences. This measure will allow the French government to take control of the Internet, as the door is now open to the extension of Net filtering.

The refusal to enact Net filtering as an experimental measure is a proof of the ill-intended objective of the government. Making Net filtering a temporary measure would have shown that it is uneffective to fight child pornography.

As the recent move1 of the German government shows, only measures tackling the problem at its roots (by deleting the incriminated content from the servers; by attacking financial flows) and the reinforcement of the means of police investigators can combat child pornography.

Moreover, whereas the effectivity of the Net filtering provision cannot be proven, the French government refuses to take into account the fact that over-blocking - i.e the "collateral censorship" of perfectly lawful websites - is inevitable2. Net filtering can now be extended to other areas, as President Sarkozy promised to the pro-HADOPI ("Three-Strikes" law) industries3."

LQN are never exactly ones to mince their words:-) so the strong nature of this statement should perhas be taken with some care - but Pangloss intends to go investigate this story further.

Ireland, Eirecom, disconnection and DP

Meanwhile in a surprising twist, Eirecom have apparently pulled out of the negotiated settlement they reached in January 2009 to disconnect subscribers "repeatedly" using P2P for (alleged) illicit downloading. This was the result of the Irish court case brought against them by various parts of the music industry for hosting illegal downloads, and appeared to open up a route to "voluntary" notice and disconnection schemes on the part of the ISP industry; a worrying trend both for advocates of free speech, privacy, due process, ISP immunity and net neutrality.

Now however according to the Times:

As part of the agreement, Irma said it would use piracy-tracking software to trace IP addresses, which can identify the location of an internet user, and pass this information to Eircom. The company would then use the details to identify its customer, and take action.

But the office of the Data Protection Commissioner (DPC) has indicated that using customers’ IP addresses to cut off their internet connection as a punishment for illegal downloading does not constitute “fair use” of personal information. Irma and Eircom have asked the High Court to rule on whether these data-protection concerns mean the 2009 settlement cannot be enforced.

This is very, very interesting. A court case on this might settle a number of outstanding DP legal issues: whether IP addresses are "always" personal data (on which see also a recent EU study demonstarting the disharmny across Europe on this) and if not, when; what the scope of the exemmptions for preventing and investigating crime are; and what"fair" means in the whole context of the DP principles, purpose limitation and notice for processing.

Not only that but as the Times indicate, the human rights issues which have been repeatedly aired in debate around "three strikes" generally, would also come into play as well, as the straight DP law. Is use of a customer's personal data to cut them off from the Internet a proportionate response to a minor civil infringement? Does it breach a fundamantal right of freedom of expression or association? Does it breach due process? This could be the DP case of the decade. Pangloss is geekily excited. If anyone out there is involved in this case, do let me know.

UK cops don't terrorise the IWF?

Finally , as widely reported, the UK Home Office has introduced a website hotline for the public to report suspected terrorist or hate speech sites. Reports are then vetted by ACPO, the Association of Chief Police Officers, who it appears can then take action, not only by investigating in normal way, but also by asking the relevant host site to take down. The official press release notes : "If a website meets the threshold for illegal content, officers can exercise powers under section 3 of the Terrorism Act 2006 to take it down." Indeed on serving such a notice, the host only has 2 days to take down or loss immunity under the UK ECD Regs.

As TJ McIntyre also notes, this is a rather significant development, not just in itself but for sidestepping use of the Internet Watch Foundation (IWF). There have been persistent rumours since and before then-Home Sec Jacqui Smith's famous speech in Jan 2008, that theUK government was attempting to pressurise the IWF into adding reports of hate speech/terror to its block- or black-list; and that the IWF was as strongly resisting this, hate speech being a somewhat more ambiguous and controversial matter than adjudicating on child sexual imagery.

It seems then that the IWF has held fast and the Home Office have backed off and created their own scheme, which embraces only take down in the UK, not access blocking to sites abroad (?). Whether this is ideal remains to be seen. The IWF, at least until recently had the services of esteemed law prof Ian Walden as well as a lot of accumulated experience, and may have been a better informal legal tribunal, than a bunch of chief constables, to decide on the illegality of sites under terror legislation. Who knows. On the other hand , adding alleged terror URLs to an invisible, encrypted, non public blocklist defeats every concept of transparency and public debate regarding restrictions on freedom of political speech, and Pangloss is glad to see it avoided.

Pangloss's view remains that such difficult non-objective issues are best decided by the body long set up to deal with questions of hazy legal interpretation: namely, the courts. The definition of "terrorist" material for the urposes of s 3 of the 2006 Act is as follows (s 3(7)):

"(a) something that is likely to be understood, by any one or more of the persons to whom it has or may become available, as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism or Convention offences; or

(b) information which—

(i) is likely to be useful to any one or more of those persons in the commission or preparation of such acts; and

(ii) is in a form or context in which it is likely to be understood by any one or more of those persons as being wholly or mainly for the purpose of being so useful."

Well I hope that clears everything up :-) Still confused? Try s 3(8)).

"(8) The reference in subsection (7) to something that is likely to be understood as an indirect encouragement to the commission or preparation of acts of terrorism or Convention offences includes anything which is likely to be understood as—

(a) the glorification of the commission or preparation (whether in the past, in the future or generally) of such acts or such offences; and

(b) a suggestion that what is being glorified is being glorified as conduct that should be emulated in existing circumstances."

Er give me that last line again?

As with previous contested IWF rulings, the same questions come up again: what is the appeal from a take down notice under s 3 to the regular courts? What notice if any is given to the site owner and the public of therfact of and reasons for take down? What safeguards are there for freedom of speech? None of these are mentioned in ss 1-4 of the 2006 Act. Nor does there seem to be a general provision in the Act for Part 1 or the whole of the 2006 Act for appeals or review. Since the police are a public body however, one imagines that judicial review might be competent. EDIT However I am helpfully informed that ACPO is a company limited by giuarantee and regards itself as not a public body at least for the purpose of FOI requests. Clarity on this would be very desirable. And as noted above record keeping of take down for terror reasons seems to be poor due to voluntary compliance by ISPs.

Finally why introduce these powers if they are to be circumvented anyway? The Register reported on 12 November 2009 that so far no notices had been issued under s 3 anyway, because the UK ISPs involved had agreed to take down voluntarily, and no record has been kept of how many sites this involved. Furthermore if a site is taken down in the UK it won't be hard to resurrect it in a foreign country, where most extremist sites will be based anyway: El Reg reports that one site the police allegedly have their eye on, al-Fateh, a Hamas anti-Jewish kids site, is in fact hosted in Russia. One imagines this will continue to increase pressure on the IWF to expand the block list despite the latest moves.

France v eBay, part deux & the future of online intermediary immunity

France continues to be an entertaining source of Internet law. The Guardian reports (13 May 2009) that

"The world's largest online auctioneer, eBay, was today claiming a "victory for consumers" after a court in Paris ruled that it was not liable for counterfeit L'Oreal perfumes for sale on its website.

The perfume and cosmetics company has taken legal action against eBay in four other countries, but today's ruling is a major victory in France for eBay, which was fined €38.6million (£34.7million) in a similar case against the luxury goods manufacturer LVMH (Moet Hennessy Louis Vuitton) group and €20,000 against Hermès. The ruling reflects a Belgian court's decision last August, and a ruling is expected shortly on a similar case being brought in the UK.

L'Oreal has claimed that the eBay website profits from the sale of fake products and that brand owners are expected to help police online auctions. The cosmetics company told the hearing in Paris it believed that as many as 60% of the perfumes sold on eBay under its luxury brand names were fakes.

But the court ruled that eBay was meeting its obligations to combat the sale of fake products, and urged the companies to use mediation to develop a plan which would enable them to work together on the issue."

This is fascinating as yet another example of how completely the hosting immunity provisions of Art 14 of the EC E-Commerce Directive are failing to be interepreted in a harmonised manner across Europe. As the Guardian report notes, only a few months ago we saw a completely opposite ruling emerging from the French courts, which are regarded as the toughest courts in Europe on intermediaries "assisting" in IP violation (see eg previous DailyMotion and MySpace cases).

The problem is also not only about IP; in Italy, Google is being sued for allowing the posting of defamatory videos on its site, while in France also, several cases have held user-generated content sites liable for posting of private photos. Only in the UK, of the large commercial EU countries, are we yet to see a case holding a major web 2.0 intermediary liable in respect of user generated content.

The immunity provisions of the ECD in Arts 12-15 desperately need reviewed and reformed, yet the Comnmission shows no signs of wishing to initiate such a process. Pangloss, suprise, suprise, is currently rewriting her chapter on this whole area for Law and the Internet 3rd edn. My provisional conclusions are that a bright line of no liability on intermediaries for content provided by third party content providers, unless or until notice is given to take down (as in Art 14) can no longer be sustained.

We are seeing instead a move towards a new system, by court if not legislative creation, which

• uncouples the current horizontal scheme of immunities to reflect the very different pressures in the fields of , notably, copyright and pornographic material, as opposed to defamatory or private material
• recognises the increased demands both of IP rightsholders and law enforcement agencies for pre emptive filtering rather than ex ante takedown, possibly by taking advantage of the ECD's exemption of injunctive relief from the immunity provisions
• responds to the increased blurring between the notions of "intermediary" and "content provider", especially in the world of web 2.0 intermediaries such as eBay and YouTube etc, by removing immunity from such hybrid intermediaries, or imposing extra obligations
  
• in particular, relies heavily on looking at what financial gain an intermediary makes from hosting or linking activities, thus moving to a far more case by case assessment of immunity, which will be difficult to predct for intermediaries and hard to implement in automated take down or filtering systems
  
• finally, regulatory intervention may be needed to bolster public interest values like freedom of speech and privacy against defensive or industry-required take down, monitoring and/ or filtering by intermediaries.
  

The sweet smell of success

OUT-Law reports (inter alia) that perfume seller LVMH has won its action against eBay for allowing resales of its luxury prfume brands:

"Online auction site eBay has been fined £31.5 million and ordered to forbid the sale of some luxury perfumes in a French court order designed to battle the sale of counterfeit luxury goods.
Handbag, clothing and perfume company Louis Vuitton Moët Hennessy (LVMH) sued eBay in the French courts, claiming that the company did not do enough to combat the sale of counterfeits of its goods.

EBay claims that it cannot police all the sales through its site and that it makes no guarantee that goods are genuine, and that it suspends counterfeit auctions when notified of them.

The French court, though, found "serious faults" in eBay's processes [the VeRo procedure] that led to auctions of counterfeit goods going ahead. By allowing the sales, it said, eBay had damaged the reputation of luxury brands such as Louis Vuitton and Christian Dior.
EBay said that it would appeal the verdict."

As Pangloss has noted many times before, this is yet another strike against the once prevalent assumption that eBay would be a host under Art 14 of the EC E-Commerce Directive and thus not liable for content related infringements of the law where others were the authors. At the moment eBay are required to remove listings only upon actual notice; what Louis Vuitton, and Tiffany and all the rest want is for eBay to do the work of filtering out those listings in advance, by filters or however.

Combined with the "3 (1?) strikes and you're out - well, we told you so" campaign (see next) and the anti-child porn brigade, it has to be said that the ECD immunities of Art 13-15 - including the requirement that the state not ask ISPs or hosts to proactively monitor or filter in Art 15 - look increasingly like dead ducks.

Things look to be going the same way in the US as well, with both the CDA s 230c immunity under fire in the US Tiffany litigation, and DMCA immunity attacked in the ongoing Viacom v You Tube battle, which seems to have re awakened into violent life. Wow. Interesting times. This combination of factors is what Chris Marsden of Essex has insightfully been calling the "perfect storm" which is sooner rather than later going to overwhelm the 2000 consensus on immunity for online intermediaries, as well as net neutrality (plug - see chapter in upcoming 3rd edn Law and the Internet!).

Perhaps the debate should start to be not about what Art 14 means, but about what is to replace it when as expected proposals for reform of the ECD start to appear in the autumn. The content industries wil have all their arguments marshalled already: those of us who worry about freedom of expression, surveillance by DRM, loss of private data and promotion of innovation should start thinking about ours too. Judging by the Telecoms Framework Dirctive amedndments (see next), significant EU reform may arrive when we least expect it with little time for debate.