BILETA is the gathering of the tribes of IT law in the UK and Europe: the must-be-seen-at conference for the old lags (or lagettes) of the Internet law game. It's been going for over 20 years and is always enormous fun. This year's is on 16-17 April at the University of Hertfordshire.
I, (for my sins) am organising what was described as a "GikII-like" (or GikII-lite?) stream at this event -
"Stream 2 - Horizon scanning
Looking somewhat speculatively into the future, this stream asks the question, where technology will go from here and also what the legal response should be to these suggested changes. The legal reality of science fiction meets BILETA!
Email submission to: stream2@bileta2007.co.uk "
The abstract deadline (c 500 words) has just been extended to Friday 2 March 2007, so plenty of time to get your world-upturning contribution in. (Plenty of other streams too - see http://www.bileta2007.co.uk/papers/streams.html ). I'll be there (though not so much scanning the horizon as furrowing my brow in worry at it) with , hopefully, a paper on the empirical work on ISPs, notice and takedown, notice and disconnection and disclosure of IDs by ISPs I've been working on with the AHRC Centre at Edinburgh.
Monday, January 22, 2007
Friday, January 19, 2007
A Swedish-Trojan tale
According to the Beeb
"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.
"What is important is that none of our customers will have lost their money," said a bank spokesman. "
Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?
It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.
I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!
"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.
"What is important is that none of our customers will have lost their money," said a bank spokesman. "
Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?
It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.
I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!
Wednesday, December 06, 2006
Curtains for DRM?
As I'm spending the evening wading through a PhD thesis on the dreadful wrongs of DRM, it seems mildly amusing to note in passing that where the shock troops of Creative Commons have failed, the market might just decide that DRM isn't a selling point anyway. The article makes the concise point (from the Wall St JOurnal) that pirate files get out via P2P or burned CDs anyway; so DRM doesn't stop illegal piracy, it just makes buying legal downloads more awkward - thereby alienating exactly the customers you most want to pander to.
Back to the battlefield..
Back to the battlefield..
More on Gower : ISP copyright cops are coming?
On the briefest of further scans, one item of particular interest to anyone who has been following the rather covert debate about how far ISPs can or should be enrolled to assist the state (or the BPI, etc) in cutting down on on line piracy.
Recommendation 39: Observe the industry agreement of protocols for sharing data between ISPs and rightsholders to remove and disbar users engaged in ‘piracy’. If this has not proved operationally successful by the end of 2007, Government should consider whether to legislate.
This is about whether ISPs should have to hand over logs of material downloaded automatially , or perhaps on request, to rightsholder groups so they can spot possible pirates. Should the user have a right to privacy or at least such a right prior to obtaining a court order or perhaps showing reasonable suspicion? Currently some ISPs are known to reveal anonymised logs of especially heavy downloades or uploaders, leaving it to the rightsholder then to come back and ask for disclosure on grounds permitted by the Data Protection Act. Some ISPs will only give away *any* details after court order, arguing that they may breach data protection rules otherwise and owe their clients confidentiality both by law and by contract. Others may feel that the public are entitled to presumption of innocence til proven guilty. Still others feel that they are merely ISPs , not mandated to act as judge and policemen in such cases where rightsholders might well ask for particular identified downloaders to be summarily disconnected.
Gower however signals a definite governmental backing both of voluntary disclosure by ISPs and of "notice and disconnection" (discussed before on this blog.)
ISPs "should assist rights holders by providing a procedure through which automatic action in courts will be avoided and would allow greater scrutiny on the actions of users. BCP [a model best common practice document] is an ideal way to proceed if an agreement can be brokered between the ISPs and the copyright owners and would respect safe harbour provisions for ISPs which were set up in good faith. If there is a failure to agree, the Government should look towards establishing an appropriate statutory protocol."
So there you go.
Incidentally I've changed my mind. The press may seize on 10 year sentences for downloaders, and Lessig and Cliff Richard may be (differently( excited about no term extensions; but my bet for Most Controversial Recomendation (possibly tieing with the already mentioned limited new introduction of private copying rights) is this one:
Recommendation 11: Propose that Directive 2001/29/EC be amended to allow for an
exception for creative, transformative or derivative works, within the parameters of the
Berne Three-Step Test.
Alrighty!! Who's going to be the first to create a sampled rap praising the Gower Report? maybe they can finance the implementation with the royalties from a few Snoopy Dog or Doggy Snop , records..
Recommendation 39: Observe the industry agreement of protocols for sharing data between ISPs and rightsholders to remove and disbar users engaged in ‘piracy’. If this has not proved operationally successful by the end of 2007, Government should consider whether to legislate.
This is about whether ISPs should have to hand over logs of material downloaded automatially , or perhaps on request, to rightsholder groups so they can spot possible pirates. Should the user have a right to privacy or at least such a right prior to obtaining a court order or perhaps showing reasonable suspicion? Currently some ISPs are known to reveal anonymised logs of especially heavy downloades or uploaders, leaving it to the rightsholder then to come back and ask for disclosure on grounds permitted by the Data Protection Act. Some ISPs will only give away *any* details after court order, arguing that they may breach data protection rules otherwise and owe their clients confidentiality both by law and by contract. Others may feel that the public are entitled to presumption of innocence til proven guilty. Still others feel that they are merely ISPs , not mandated to act as judge and policemen in such cases where rightsholders might well ask for particular identified downloaders to be summarily disconnected.
Gower however signals a definite governmental backing both of voluntary disclosure by ISPs and of "notice and disconnection" (discussed before on this blog.)
ISPs "should assist rights holders by providing a procedure through which automatic action in courts will be avoided and would allow greater scrutiny on the actions of users. BCP [a model best common practice document] is an ideal way to proceed if an agreement can be brokered between the ISPs and the copyright owners and would respect safe harbour provisions for ISPs which were set up in good faith. If there is a failure to agree, the Government should look towards establishing an appropriate statutory protocol."
So there you go.
Incidentally I've changed my mind. The press may seize on 10 year sentences for downloaders, and Lessig and Cliff Richard may be (differently( excited about no term extensions; but my bet for Most Controversial Recomendation (possibly tieing with the already mentioned limited new introduction of private copying rights) is this one:
Recommendation 11: Propose that Directive 2001/29/EC be amended to allow for an
exception for creative, transformative or derivative works, within the parameters of the
Berne Three-Step Test.
Alrighty!! Who's going to be the first to create a sampled rap praising the Gower Report? maybe they can finance the implementation with the royalties from a few Snoopy Dog or Doggy Snop , records..
Ho hum! The view after Vista
David Utter, who left a nice comment re my rebutal of his article over at SecurityProNews, has also turned out some interesting security news items of his own, including evidence that although the majority of current malicious code may be defeated by the new security controls of Vista it can fairly swiftly be adapted to infect it by skilled operators. Indeed, three of the current top ten major viruses can already evade Vista's improved security.
Ah well! It's almost Xmas!!
Ah well! It's almost Xmas!!
Gower Report
No time right now but this is the summary of the recommendations for making copyright work in the digital age:
On the other hand a stiff approach to IP crime, including sentences up to 10 years for music & film piracy.
Something for everyone then. In principle it mostly looks like damn sensible stuff. Lessig has already pulled out the most rallying-cry quote:
"Policy makers should adopt the principle that the term and scope of protection for IP rights should not be altered retrospectively."
Let the battle commence!
To ensure the correct balance in IP rights the review recommends:
ensuring the IP system only proscribes genuinely illegitimate activity. The Review recommends introducing a strictly limited 'private copying' exception to enable consumers to format-shift content they purchase for personal use. For example to legally transfer music from CD to their MP3 player;
enabling access to content for libraries and education establishments - to ensure that the UK's cultural heritage can be adequately stored for preservation and accessed for learning. The Review recommends clarifying exceptions to copyright to make them fit for the digital age;
and
recommending that the European Commission does not change the status quo and retains the 50 year term of copyright protection for sound recordings and related performers' rights.
On the other hand a stiff approach to IP crime, including sentences up to 10 years for music & film piracy.
Something for everyone then. In principle it mostly looks like damn sensible stuff. Lessig has already pulled out the most rallying-cry quote:
"Policy makers should adopt the principle that the term and scope of protection for IP rights should not be altered retrospectively."
Let the battle commence!
Tuesday, December 05, 2006
Ps - late egoboo:)
I was in New Scientist a few weeks back , rather curtailedly extolling my theories-in-progress of how a security commons might be created to reduce the insecurity currently caused by zombified home computers. As many of you know, zombies or "bot networks", computers emslaved by viruses unknown to their owners, are the leading cause of everything from spam, phishing and spyware to keylogging, ID theft, click-fraud and probably, dandruff. In particular almost all denial of service attacks are now carried out as distributed attacks via enslaved bot networks. By a"security commons", I meant joint action and joint responsibility by all p[artioes involved in a safer Internet: users, software writers, hosts and ISPs.
Illness intervened in my reporting (cof, cof) but here is the link for you my loyal readers :) Unfortunately New Scientist printed only the smallest part of what I told them over the phone (sigh) so it looked like I was suggesting that ISPs ONLY should be liable where a denial of service attack is carried out. Whereas in fact I continue to advocate that ISPs should take a positive role in (a) identifying zombified machines, not necessarily by deep packet inspection, as NS reported, but possibly only by external changes in patterns of traffic or congestion analysis (b) making available secured ISP services to consumers as well as businesses - as some companies like Nildram do already, thus protecting customers who don't know a firewall from a firelighter; and (c) where necessary, isolating identified zombies until they can be cleaned out.
ISPs would not necessarily be "held legally liable" if they failed to provide these services; they could be provided as competitive market price services, with users held liable if they did not avail themselves of them. Other methods such as compulsory "home computer user insurance" (like motor insurance) could be employed to reach the same reult.
Rather gratifyingly, there has already been a hostile response (always nice to know someone's listening.) David Utter suggests that if I had my way, ISPs might be held liable for hosting sites like Slashdot, which post links which often bring down sites by their sheer popularity. I was not in any way suggesting simple vicarious liability for ISPs hosting sites responsible for DOS attacks - for a start, the EU E Commerce Directive would currently probably forbid that. I have my own concerns about how the CMA amendments in the Police and Justice Act deal with inadvertent "slashdots" - given the late amendment to s 3 to allow recklessness as sufficient for "intention to impair the operation of a computer", it seems quite possible that innocent slashdotting is now prosecutable as denial of service in the UK. (Of course from a sysop point of view, whether a server goes down because of malice or carelessness is irrelevant - so maybe this was deliberate?) But it won't be the ISP that carries the can, even if this is true.
More interesting points are raised by a George Scriban on a blog called Global Nerdy
"Surely the ISPs of the world aren't the most responsible party in a DDoS attack? What of the companies who provide vulnerable operating systems? The customers who misuse, misconfigure, or undermaintain those systems, making them ideal zombie targets? ISVs whose software defects render systems vulnerable? And, of course, we have the criminals conspiring to commit these crimes themselves. There's enough blame to go around that it seems strange to focus the blunt instrument of government regulation on ISPs in particular."
But the whole point is that we're looking at here isn't moral retribution - ie, allocation of blame. What's the good of tinkering with the criminal law to punish DoSers when they're usually tidily hidden away in Moldova, Estonia or similar hi tech law enforcement havens? Or untraceable , because they've worked through a network of a million bots, enslaved via a Trojan virus sent by a third party? Or have their assets stashed in still another country?
Better to try to actually secure the Internet so it doesn't fall over, taking our hospitals and air traffic controllers with it - and worry about wreaking punishment on the guilty afterwards. The people the police forces (or civil courts, or insurance companies) of the US, EU and the rest of the developed world can usually get to are the users - you and me- and the ISPs. Regulation that would persuade the Microsofts of this world to produce less buggy software would also be good. Creating a safe Internet has to be done , right now, either by building it differently from scratch - which may have catastrophic effects for generativity, innovation and privacy and will take decades - or by regulating those three sets of people. Forget the Russian mafiosi, for every one you catch you will tie up the UK's entire National Hi Tech Crime Unit-as-was for months if not years . We need to move from blame to gain.
Illness intervened in my reporting (cof, cof) but here is the link for you my loyal readers :) Unfortunately New Scientist printed only the smallest part of what I told them over the phone (sigh) so it looked like I was suggesting that ISPs ONLY should be liable where a denial of service attack is carried out. Whereas in fact I continue to advocate that ISPs should take a positive role in (a) identifying zombified machines, not necessarily by deep packet inspection, as NS reported, but possibly only by external changes in patterns of traffic or congestion analysis (b) making available secured ISP services to consumers as well as businesses - as some companies like Nildram do already, thus protecting customers who don't know a firewall from a firelighter; and (c) where necessary, isolating identified zombies until they can be cleaned out.
ISPs would not necessarily be "held legally liable" if they failed to provide these services; they could be provided as competitive market price services, with users held liable if they did not avail themselves of them. Other methods such as compulsory "home computer user insurance" (like motor insurance) could be employed to reach the same reult.
Rather gratifyingly, there has already been a hostile response (always nice to know someone's listening.) David Utter suggests that if I had my way, ISPs might be held liable for hosting sites like Slashdot, which post links which often bring down sites by their sheer popularity. I was not in any way suggesting simple vicarious liability for ISPs hosting sites responsible for DOS attacks - for a start, the EU E Commerce Directive would currently probably forbid that. I have my own concerns about how the CMA amendments in the Police and Justice Act deal with inadvertent "slashdots" - given the late amendment to s 3 to allow recklessness as sufficient for "intention to impair the operation of a computer", it seems quite possible that innocent slashdotting is now prosecutable as denial of service in the UK. (Of course from a sysop point of view, whether a server goes down because of malice or carelessness is irrelevant - so maybe this was deliberate?) But it won't be the ISP that carries the can, even if this is true.
More interesting points are raised by a George Scriban on a blog called Global Nerdy
"Surely the ISPs of the world aren't the most responsible party in a DDoS attack? What of the companies who provide vulnerable operating systems? The customers who misuse, misconfigure, or undermaintain those systems, making them ideal zombie targets? ISVs whose software defects render systems vulnerable? And, of course, we have the criminals conspiring to commit these crimes themselves. There's enough blame to go around that it seems strange to focus the blunt instrument of government regulation on ISPs in particular."
But the whole point is that we're looking at here isn't moral retribution - ie, allocation of blame. What's the good of tinkering with the criminal law to punish DoSers when they're usually tidily hidden away in Moldova, Estonia or similar hi tech law enforcement havens? Or untraceable , because they've worked through a network of a million bots, enslaved via a Trojan virus sent by a third party? Or have their assets stashed in still another country?
Better to try to actually secure the Internet so it doesn't fall over, taking our hospitals and air traffic controllers with it - and worry about wreaking punishment on the guilty afterwards. The people the police forces (or civil courts, or insurance companies) of the US, EU and the rest of the developed world can usually get to are the users - you and me- and the ISPs. Regulation that would persuade the Microsofts of this world to produce less buggy software would also be good. Creating a safe Internet has to be done , right now, either by building it differently from scratch - which may have catastrophic effects for generativity, innovation and privacy and will take decades - or by regulating those three sets of people. Forget the Russian mafiosi, for every one you catch you will tie up the UK's entire National Hi Tech Crime Unit-as-was for months if not years . We need to move from blame to gain.
Oh, the anti-ci-pation..
Just a heads up that Tomorrow is Gower Day.
"The Report of the Gowers Review of Intellectual Property is due be published on Wednesday,6 December.
It will be available on the Treasury website from 08.00:
http://www.hm-treasury.gov.uk/independent_reviews/gowers_review_intellectual_property/gowersreview_index.cfm
We expect the Chancellor to refer to it during his pre-budget statement to the House of Commons, starting at 12.15."
Will private copying and sharing of mix tapes be legalised? Will term in sound recordings be left as it is? will Cliff Richard turn green and burst out of his leather trousers? only the Shadow knows!!
"The Report of the Gowers Review of Intellectual Property is due be published on Wednesday,6 December.
It will be available on the Treasury website from 08.00:
http://www.hm-treasury.gov.uk/independent_reviews/gowers_review_intellectual_property/gowersreview_index.cfm
We expect the Chancellor to refer to it during his pre-budget statement to the House of Commons, starting at 12.15."
Will private copying and sharing of mix tapes be legalised? Will term in sound recordings be left as it is? will Cliff Richard turn green and burst out of his leather trousers? only the Shadow knows!!
GikII ppts etc
I'm gratified to discover (though someone could have TOLD me, heh, Andres!!) that the powerpoints from the (she says nonchalantly) successful cutting edge blue skies cyberlaw workshop, GikII, are now available.
Talks are also underway towards turning GikII into a book on Geek Law and finding a home for GikII 2: This Time It's Personal. If you too want to be absorbed into the Geek Collective, contact Pangloss at the editorial address.
Talks are also underway towards turning GikII into a book on Geek Law and finding a home for GikII 2: This Time It's Personal. If you too want to be absorbed into the Geek Collective, contact Pangloss at the editorial address.
Monday, November 20, 2006
Saturday, November 18, 2006
Here we go, here we go, here we go..
After months of anticipation, it's happening: Universal is suing MySpace, one of the leading "social networking" sites, for copyright infringement - or as the Beeb puts it:
"Universal's lawsuit, lodged in a US district court, claims that MySpace "encourages, facilitates and participates in the unauthorised reproduction, adaptation, distribution and public performance". "
Interesting that Universal's suit, as here quoted, does not mention the weasel word "inducement", as their attack must surely be based on MGM v Grokster and its new test for third party copyright infringement. My Space obviously know this since they reply:
""We provide users with tools to share their own work - we do not induce, encourage, or condone copyright violation in any way."
So draw up your seats, guys and gals, and watch the Titans fight.
In European law, MS might well claim that it had a good defense under the safe harbour of the E-Commerce Directive, as hosts under Art 14, so long as they removed copyright videos expeditiously on notice and take down (which, as a rule, such sites do).
In US law, however, it's much less clear and will depend how far the court wants to stretch the Grokster dictum. Two principles are going to come into full opposition for the first time: the Grokster dicta on inducement and third party liability for copyright, and the 'safe harbor' provisions of the US Digital Millennium Copyright Act, which are similar to Art 14 of the ECD, and which have been regarded in the past as adequately protecting the likes of YouTube and My Space from suits arising from copyright content posted by third parties. Napster, in the first of the major P2P cases way back when, attempted to plead the DMCA hosting safe harbor, but had it rejected on the grounds , in essence, that they were not a hands-off third party "host", since they were knowingly exerting control over the music files they indexed. My Space may be a much more difficult case for rejection, since they resemble a conventional host providing physical storage for files provided without their knowledge by a third party, just as with a hosting ISP, far more closely than Napster did.
The even bigger issue here may be : if MySpace goes down, what happens to the other blogging and user-content based sites like Bebo, FaceBook , Live Journal etc all of which depend to a lesser or larger extent on users sharing "cool" copyright material as well as self generated material? In particular, it will have huge implications for You Tube, where a copyright battle has been anticipated ever since Google bought it and made sure $200m of the price was put away as a "copyright warchest". Google are currently trying to head off the You Tube battle by negotiating with major publishers for permission to stream their works. For smaller or more "open source" sites like LiveJournal which run to cover costs and not to make money via ads, such a licensing arrangement would probably be uneconomic; which might lead to the folding of all but the most commercial and media-controlled blog/networking/web 2.0 user-content sites - a disastrous outcome.
One key point in YT's favour differentiating it from MYSpace et al is that YT streams its video, and does not host it, hence does not readily provide a free source of permament downloads: and has also, interestingly, made extensive efforts to suppress code provided by third parties to turn YT's stream into downloadable content. YT , unlike Napster and Grokster/KaZaa, has also gone out of its way to make clear it is not condoning copyright infringement as part of "sticking it to the man", hence resisting an obvious claim of inducement. Furthermore YT only allows very short videoes to be streamed, not entire TV programmes or albums as the P2P networks do - however it is also well known that some TV shows, eg, are in fact put up on YT in short chunks.
At root, there is a real problem here that may not be superable in the current legal structure. When Grokster was brought down, it was clear the court felt that its business model was mainly built on flagrantly delivering copyright content without rightsholder permission; even though it was shown Grokster was shown to be also used to deliver content like free software and out of copyright archive material, these were a relatively insignificant part of its payload (or business model).
With the web 2.0 sites, there is a spectrum. You Tube originally built its name on user generated and owned content : videos of cute cats on iPOds and art school degree exam animations. Yet now it clearly carries some, but perhaps not a majority , of "mainstream" media content used without permission of rightsholders among its millions of videos delivered today. Similarly My Space built its brand as the home for new and unsigned bands delivering their own copyright content; but now has a mixed business model. Universal claim "Our music and videos play a key role in building the communities that have created hundreds of millions of dollars of value for the owners of MySpace. " and they may not be exaggerating (well, not too much.)
Kill the baby of copyright infringement and you throw out the bathwater of the most popular medium for encouraging self created and owned creativity we have ever seen; MySpace has 90 million users alone and then look at all the other blogs, the Flickrs (and perhaps the eBays, where a similar problem prevails - among a million legitimate listings there will be a thousand for copyright infringing material). Notice and take down is one answer but it already exists in both the US and EU as a legal right and it is not satisfying the rightsholders, who want pre emptive blocking by the social sharing sites. Filtering for copyright material may be a better answer (as the Australian settlement compells KaZaa to do) but My Space were already developing tools to do this and yet it has not stopped this suit. What a US court could do is retreat from the "inducement" theory of Grokster and return to the "substantially non infringing uses" test of Sony: certainly My Space should attempt to push it that way.
Let's hope for all us blogger's sakes that an answer can be found that suits all parties. Simple defiance of the rightsholders by the anti-copyright crowd will not hold back the sea forever.
"Universal's lawsuit, lodged in a US district court, claims that MySpace "encourages, facilitates and participates in the unauthorised reproduction, adaptation, distribution and public performance". "
Interesting that Universal's suit, as here quoted, does not mention the weasel word "inducement", as their attack must surely be based on MGM v Grokster and its new test for third party copyright infringement. My Space obviously know this since they reply:
""We provide users with tools to share their own work - we do not induce, encourage, or condone copyright violation in any way."
So draw up your seats, guys and gals, and watch the Titans fight.
In European law, MS might well claim that it had a good defense under the safe harbour of the E-Commerce Directive, as hosts under Art 14, so long as they removed copyright videos expeditiously on notice and take down (which, as a rule, such sites do).
In US law, however, it's much less clear and will depend how far the court wants to stretch the Grokster dictum. Two principles are going to come into full opposition for the first time: the Grokster dicta on inducement and third party liability for copyright, and the 'safe harbor' provisions of the US Digital Millennium Copyright Act, which are similar to Art 14 of the ECD, and which have been regarded in the past as adequately protecting the likes of YouTube and My Space from suits arising from copyright content posted by third parties. Napster, in the first of the major P2P cases way back when, attempted to plead the DMCA hosting safe harbor, but had it rejected on the grounds , in essence, that they were not a hands-off third party "host", since they were knowingly exerting control over the music files they indexed. My Space may be a much more difficult case for rejection, since they resemble a conventional host providing physical storage for files provided without their knowledge by a third party, just as with a hosting ISP, far more closely than Napster did.
The even bigger issue here may be : if MySpace goes down, what happens to the other blogging and user-content based sites like Bebo, FaceBook , Live Journal etc all of which depend to a lesser or larger extent on users sharing "cool" copyright material as well as self generated material? In particular, it will have huge implications for You Tube, where a copyright battle has been anticipated ever since Google bought it and made sure $200m of the price was put away as a "copyright warchest". Google are currently trying to head off the You Tube battle by negotiating with major publishers for permission to stream their works. For smaller or more "open source" sites like LiveJournal which run to cover costs and not to make money via ads, such a licensing arrangement would probably be uneconomic; which might lead to the folding of all but the most commercial and media-controlled blog/networking/web 2.0 user-content sites - a disastrous outcome.
One key point in YT's favour differentiating it from MYSpace et al is that YT streams its video, and does not host it, hence does not readily provide a free source of permament downloads: and has also, interestingly, made extensive efforts to suppress code provided by third parties to turn YT's stream into downloadable content. YT , unlike Napster and Grokster/KaZaa, has also gone out of its way to make clear it is not condoning copyright infringement as part of "sticking it to the man", hence resisting an obvious claim of inducement. Furthermore YT only allows very short videoes to be streamed, not entire TV programmes or albums as the P2P networks do - however it is also well known that some TV shows, eg, are in fact put up on YT in short chunks.
At root, there is a real problem here that may not be superable in the current legal structure. When Grokster was brought down, it was clear the court felt that its business model was mainly built on flagrantly delivering copyright content without rightsholder permission; even though it was shown Grokster was shown to be also used to deliver content like free software and out of copyright archive material, these were a relatively insignificant part of its payload (or business model).
With the web 2.0 sites, there is a spectrum. You Tube originally built its name on user generated and owned content : videos of cute cats on iPOds and art school degree exam animations. Yet now it clearly carries some, but perhaps not a majority , of "mainstream" media content used without permission of rightsholders among its millions of videos delivered today. Similarly My Space built its brand as the home for new and unsigned bands delivering their own copyright content; but now has a mixed business model. Universal claim "Our music and videos play a key role in building the communities that have created hundreds of millions of dollars of value for the owners of MySpace. " and they may not be exaggerating (well, not too much.)
Kill the baby of copyright infringement and you throw out the bathwater of the most popular medium for encouraging self created and owned creativity we have ever seen; MySpace has 90 million users alone and then look at all the other blogs, the Flickrs (and perhaps the eBays, where a similar problem prevails - among a million legitimate listings there will be a thousand for copyright infringing material). Notice and take down is one answer but it already exists in both the US and EU as a legal right and it is not satisfying the rightsholders, who want pre emptive blocking by the social sharing sites. Filtering for copyright material may be a better answer (as the Australian settlement compells KaZaa to do) but My Space were already developing tools to do this and yet it has not stopped this suit. What a US court could do is retreat from the "inducement" theory of Grokster and return to the "substantially non infringing uses" test of Sony: certainly My Space should attempt to push it that way.
Let's hope for all us blogger's sakes that an answer can be found that suits all parties. Simple defiance of the rightsholders by the anti-copyright crowd will not hold back the sea forever.
Tuesday, November 14, 2006
Where I've Been and Hello I'm Back
For everyone who's written in the last three months to ask where I've gone: the answer was in order:
- recovering from GikII - which was generally judged a huge succes (ahem) and which I now need to think about in terms of what we do next: a mailing list, a book on geek law and a second workshop all seem likely.
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! (On the third try ..) And overwhelmed with London events, not quite all of which I am or have spoken at..
No rest for the wicked huh?
All this and Law 2.1 rrrepeater to come :)
- recovering from GikII - which was generally judged a huge succes (ahem) and which I now need to think about in terms of what we do next: a mailing list, a book on geek law and a second workshop all seem likely.
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! (On the third try ..) And overwhelmed with London events, not quite all of which I am or have spoken at..
- I spoke spoke on spam at the very intriguing SCL Workshop on Regulation (patiently organised by my mate Andy Charlesworth of Bristol);
- attended the DTI/KTN workshop on locational data service providers - which was fascinating.
- and spoke on legal and policy aspects of denial of service at the DDOS/DTI Workshop , ably assisted by Chris Marsden of RAND. This gig was beautifully timed: 5 days after the Police and Justice Act 2006 , which amends the Computer Misuse Act 1990 to cover DDOS, had just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space).
A proper post to come on the amendments, which combined with the appeal decision in Lennon, appear to me to make it potentially possible to prosecute everything from supplying adware, to spamming, now as violations of s 3, punishable by up to 10 years in jail. Is this a sneaky one by the Information Commissioner to avoid the need to put up the penalties for breaches of the Data Protection Act? Perhaps we shall see.
- I also made it rather late and worse for wear :) to the ORG Release the Music extravaganza, with Jonathan Zittrain, someone from Blur (the drummer, I'm told) and my Soton colleague Caroline Wilson.
- I am also now happy and proud to be part of the ORG Advisory Board - and I'm thinking of going to the mass geek Christmas party (although unlike some I don't expect to find John Barrowman there.)
No rest for the wicked huh?
All this and Law 2.1 rrrepeater to come :)
Thursday, November 09, 2006
Hurrahh!!!
For everyone who's written to ask where I've gone: the answer was in order
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! And overwhelmed with london evenst, not quite all of which I am speaking at.. Too late to tell you to look out for me speaking on spam at the very intriguing SCL Workshop on Regulation (patiently by my mate Andy Charlesworth of Bristol); too late to find me at DTI/KTN worhshop on locational data service providers - which was fascinating.
But you can still look for me at the Police and Justice Act 2006 have just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space); and at the ORG Release the Music extravaganza that night, hopefully bopping the night away at the DJ set with Jonathan Zittrain, someone from Blur and my Soton colleague Caroline Wilson. (Come and watch the geeks at play!) Then it's the Tripartite Response To Terror day, and the ORG Advisory Board which I am now proud to grace.
No rest for the wicked huh?
All this and Law 2.0 to come :)
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! And overwhelmed with london evenst, not quite all of which I am speaking at.. Too late to tell you to look out for me speaking on spam at the very intriguing SCL Workshop on Regulation (patiently by my mate Andy Charlesworth of Bristol); too late to find me at DTI/KTN worhshop on locational data service providers - which was fascinating.
But you can still look for me at the Police and Justice Act 2006 have just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space); and at the ORG Release the Music extravaganza that night, hopefully bopping the night away at the DJ set with Jonathan Zittrain, someone from Blur and my Soton colleague Caroline Wilson. (Come and watch the geeks at play!) Then it's the Tripartite Response To Terror day, and the ORG Advisory Board which I am now proud to grace.
No rest for the wicked huh?
All this and Law 2.0 to come :)
Monday, July 31, 2006
GikII programme
The programme for GikII is now finalised. However if you're interested in attending, a very limited number of places are available for a nominal £25 to cover costs. feel free to pass this on. I'm really looking forward to it :-)
Friday, July 28, 2006
Perceptive Peers Go Pervasive, Persuasively
The House of Lords debates pervasive computing. As IdentityBlog comments. an unelected second House may seem like an anchronism, but the standard of debate is invariably higgher, especially on specialised technical topics, than in the Commons. Note the concern not just for privacy generally, but also for whether the Data Protection Act applies, for patient rights, and for environmental damage.
Thursday, July 27, 2006
MySpace Caves
From Boing Boing
Billy Bragg's highly publicized campaign against MySpace's crummy, grabby terms of service has been successful. MySpace has revised its terms so that musicians who upload to the site retain control of their works, and MySpace/NewsCorp/Fox can't sell those songs without contracting with the musicians.
Bragg now declares:
"Now that the popularity of downloading has made physical manufacturing and distribution no longer necessary, the next generation of artists will not need to surrender all of their rights in order to get their music into the marketplace. It is therefore crucial that they understand, from the moment that they first post music on the internet, the importance of retaining their long term right to exploit the material that they create. This is doubly important on a networking site where many of the songs posted will be by unsigned artists. Ownership of the rights to such material is somewhat ambiguous. Thats why I hope that the groundbreaking decision of MySpace to come down on the side of the artists rights will be followed throughout the industry.
I also welcome the new wording of the terms and conditions in which MySpace clarify exactly why they require specific rights and how they intend to use them. Again, I hope more sites follow the lead of MySpace in ensuring the use of clear and transparent language in contracts. The last thing any of us wants to see is a situation in which everyone posting a song on the site has to have a lawyer sitting next to them. "
Interesting. MySpace is of course very vulnerable to anti-PR stirred up by a well known musician since its USP is that every wannabee band in the world as their home page there. I wonder if YouTube will follow suit? YT's conditions have been criticised for potentially grabbing rights to all amateur videos posted there. (Google Videos' are similarly ambiguous.)
Billy Bragg's highly publicized campaign against MySpace's crummy, grabby terms of service has been successful. MySpace has revised its terms so that musicians who upload to the site retain control of their works, and MySpace/NewsCorp/Fox can't sell those songs without contracting with the musicians.
Bragg now declares:
"Now that the popularity of downloading has made physical manufacturing and distribution no longer necessary, the next generation of artists will not need to surrender all of their rights in order to get their music into the marketplace. It is therefore crucial that they understand, from the moment that they first post music on the internet, the importance of retaining their long term right to exploit the material that they create. This is doubly important on a networking site where many of the songs posted will be by unsigned artists. Ownership of the rights to such material is somewhat ambiguous. Thats why I hope that the groundbreaking decision of MySpace to come down on the side of the artists rights will be followed throughout the industry.
I also welcome the new wording of the terms and conditions in which MySpace clarify exactly why they require specific rights and how they intend to use them. Again, I hope more sites follow the lead of MySpace in ensuring the use of clear and transparent language in contracts. The last thing any of us wants to see is a situation in which everyone posting a song on the site has to have a lawyer sitting next to them. "
Interesting. MySpace is of course very vulnerable to anti-PR stirred up by a well known musician since its USP is that every wannabee band in the world as their home page there. I wonder if YouTube will follow suit? YT's conditions have been criticised for potentially grabbing rights to all amateur videos posted there. (Google Videos' are similarly ambiguous.)
Thursday, July 20, 2006
More Fun with Ted and Alice but not the BPI
Not a great week for ISPs what with the BPI/Tiscali spat and this.
Also from OUT-Law :
"A music industry coalition has proposed that ISPs and others should pay a licence fee to compensate rights-holders for unlawful file-sharing by their customers. One critic called the plans, which would change copyright laws, "ill-conceived and grasping."
The group met in London yesterday. It did not represent the entire UK industry – notably, the BPI was not in attendance. But nearly 1,000 independent record companies and 50,000 songwriters, composers and music publishers were represented.
.. the groups represented yesterday do not want to target the individuals who infringe copyright in this way. Instead, they want to target the intermediaries. According to a joint statement issued after yesterday's meeting, ISPs, mobile companies and device manufacturers "profit extensively and reap wider value from the unauthorised distribution of music whilst being protected from liability by a series of legal immunities and safe harbours." There were no ISPs in attendance at the meeting."
So, the return of the ISPs' "dirty little secret", the idea that ISPs profit indirectly from downloading and therefore condone it (even though most broadband contracts are now flat rate rather than per MB). Somehow I can't see this one catching on with the UK Govt right now though. If ISPs got taxed for profiting from downloading and uploading, why they might stop co-operating with the IWF (and the police) in stopping access to child porn. Which voters like a lot less than they do the odd downloader.
My I'm cynical tonight.
Less obviously, ISPs already do quite often disconnect or at least cap the accounts of conspicuous bandwidth hogs. This doesn't give royalties back to the musicians but it does more quietly contribute to the control of filesharing in the UK, probably to quite a large extent.
Also from OUT-Law :
"A music industry coalition has proposed that ISPs and others should pay a licence fee to compensate rights-holders for unlawful file-sharing by their customers. One critic called the plans, which would change copyright laws, "ill-conceived and grasping."
The group met in London yesterday. It did not represent the entire UK industry – notably, the BPI was not in attendance. But nearly 1,000 independent record companies and 50,000 songwriters, composers and music publishers were represented.
.. the groups represented yesterday do not want to target the individuals who infringe copyright in this way. Instead, they want to target the intermediaries. According to a joint statement issued after yesterday's meeting, ISPs, mobile companies and device manufacturers "profit extensively and reap wider value from the unauthorised distribution of music whilst being protected from liability by a series of legal immunities and safe harbours." There were no ISPs in attendance at the meeting."
So, the return of the ISPs' "dirty little secret", the idea that ISPs profit indirectly from downloading and therefore condone it (even though most broadband contracts are now flat rate rather than per MB). Somehow I can't see this one catching on with the UK Govt right now though. If ISPs got taxed for profiting from downloading and uploading, why they might stop co-operating with the IWF (and the police) in stopping access to child porn. Which voters like a lot less than they do the odd downloader.
My I'm cynical tonight.
Less obviously, ISPs already do quite often disconnect or at least cap the accounts of conspicuous bandwidth hogs. This doesn't give royalties back to the musicians but it does more quietly contribute to the control of filesharing in the UK, probably to quite a large extent.
I KNow What You Did Last summer
.. well actually your credit card does. And your bank.
OUT-Law report that:
"New powers to allow banks and building societies to remove the credit cards of customers cautioned for or convicted of buying indecent images of children online were agreed in Parliament on Tuesday.
The Data Protection (Processing of sensitive personal data) Order of 2006 amends the Data Protection Act of 1998 to allow card issuers to process sensitive personal data provided to them by law enforcement authorities so that they can withdraw the card used to commit the offence.
The order results from collaboration between the Department for Constitutional Affairs, the Association for Payment Clearing Services (APACS), the Child Exploitation and Online Protection Centre (CEOP), law enforcement agencies, children's charities and the Home Office."
The OUT_LAW team have already objected to this rule, and you can see why. The breach of privacy might be justified if it achieved anything, but withdrawing one credit card? I can sign up for 4 tomorrow using the junk mail and email offers I get everyday - and get more Air MIles while I'm at it :-)
So if you're in a conspiracy mood,what are we being softened up for here? When will we see credit card details of those who pay for other, less heinous things, passed on to the issuers? On line gambling anyone? Or payments to AllofMP3.com??
And when will these factors be taken into acount in credit scoring for getting MORE credit cards?
So there you have it: this is either a very silly law, or a very clever one..
OUT-Law report that:
"New powers to allow banks and building societies to remove the credit cards of customers cautioned for or convicted of buying indecent images of children online were agreed in Parliament on Tuesday.
The Data Protection (Processing of sensitive personal data) Order of 2006 amends the Data Protection Act of 1998 to allow card issuers to process sensitive personal data provided to them by law enforcement authorities so that they can withdraw the card used to commit the offence.
The order results from collaboration between the Department for Constitutional Affairs, the Association for Payment Clearing Services (APACS), the Child Exploitation and Online Protection Centre (CEOP), law enforcement agencies, children's charities and the Home Office."
The OUT_LAW team have already objected to this rule, and you can see why. The breach of privacy might be justified if it achieved anything, but withdrawing one credit card? I can sign up for 4 tomorrow using the junk mail and email offers I get everyday - and get more Air MIles while I'm at it :-)
So if you're in a conspiracy mood,what are we being softened up for here? When will we see credit card details of those who pay for other, less heinous things, passed on to the issuers? On line gambling anyone? Or payments to AllofMP3.com??
And when will these factors be taken into acount in credit scoring for getting MORE credit cards?
So there you have it: this is either a very silly law, or a very clever one..
Uber-Code
From the Cyberprof mailing list : Microsoft's academic outreach officer has anounced that Microsft are adopting "Windows principles" for the future:
"Microsoft's new, voluntary "Windows principles."
The principles were announced today in a speech in DC by Brad Smith (Microsoft's general counsel). It is worth noting that they will apply to development of Windows Vista, and will continue to apply after major parts of the antitrust consent decree expire in November 2007.
The principles are divided into the following three general categories:
· Choice for Computer Manufacturers and Customers. Microsoft is committed to designing Windows and licensing it on contractual terms so as to make it easy to install non-Microsoft® programs and to configure Windows-based PCs to use non-Microsoft programs instead of or in addition to Windows features.
· Opportunity for Developers. Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for applications developers and Web site creators to build innovative products on the Windows platform — including products that directly compete with Microsoft's own products
. Interoperability for Users. Microsoft is committed to meeting customer interoperability needs and will do so in ways that enable customers to control their data and exchange information securely and reliably across diverse computer systems and applications.
I encourage you, if you are so inclined, to write about, blog about, or otherwise distribute your thoughts on the speech and the principles. Please feel free to contact me with questions or comments."
Whatever you think of both M$ and the above, (and cynically, the obvious thing to think is that M$ has just been smacked with a wacking great fine by the EU for failing to do some of or all of the above) this is an interesting deveopment.
Ever since Lessig kicked it all off, academics have talked about using some kind of set of principles to govern the creation of code by non-legislative coders. This is the first example I've seen of something more detailed than "Do no evil". Any other suggestions?
"Microsoft's new, voluntary "Windows principles."
The principles were announced today in a speech in DC by Brad Smith (Microsoft's general counsel). It is worth noting that they will apply to development of Windows Vista, and will continue to apply after major parts of the antitrust consent decree expire in November 2007.
The principles are divided into the following three general categories:
· Choice for Computer Manufacturers and Customers. Microsoft is committed to designing Windows and licensing it on contractual terms so as to make it easy to install non-Microsoft® programs and to configure Windows-based PCs to use non-Microsoft programs instead of or in addition to Windows features.
· Opportunity for Developers. Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for applications developers and Web site creators to build innovative products on the Windows platform — including products that directly compete with Microsoft's own products
. Interoperability for Users. Microsoft is committed to meeting customer interoperability needs and will do so in ways that enable customers to control their data and exchange information securely and reliably across diverse computer systems and applications.
I encourage you, if you are so inclined, to write about, blog about, or otherwise distribute your thoughts on the speech and the principles. Please feel free to contact me with questions or comments."
Whatever you think of both M$ and the above, (and cynically, the obvious thing to think is that M$ has just been smacked with a wacking great fine by the EU for failing to do some of or all of the above) this is an interesting deveopment.
Ever since Lessig kicked it all off, academics have talked about using some kind of set of principles to govern the creation of code by non-legislative coders. This is the first example I've seen of something more detailed than "Do no evil". Any other suggestions?
Tuesday, July 18, 2006
YouTube Goes Down the Tube (Not?)
As most the blogverse has noted, a certain Mr Tur, owner of Los Angeles News Service, is suing YouTube, the free and very popular video hosting site, for hosting a video he claims infringes his copyright.
While YouTube is perhaps best known for hosting user's own home vids (like the famous cat and Apple Powerbook video) it is also well known to host copyright material that fans or critics choose to upload - eg you can find the concluding segments of both the recent Dr Who and Green Wing series there. You can also find a middle ground of fan/user "mash ups" - songvids and the like - eg a very amusing parody of the end of that self same Dr Who series.
But YouTube is a host, not a P2P intermediary and so, oddly, it has the law on its side. The Digital Millennium Copyright Act provides that hosts who have no knowledge of hosting copyright infringing materail are immune from liability for it, as long as they respond to notices for take-down delivered in the style approved by the DMCA. (Furthermore, and even better, YouTube are protected from an action by a disgruntled user if they do so take down in good faith.) Nor is this just a USA oddity - the EC E Commerce Directive has a very similar regime for hosts in Art 14 of that instrument. (It's that provision that allows eBay in Europe, as previously discussed here, to get away with hosting trademark infringing goods so long as it removes them on notice, and expediently.)
These laws were drafted in the late 90s, before the P2P revolution but after the beginning of the dot.com boom, to protect ISPs , so as to encourage ISPs to collaborate with both the music industry and other such industry bodies in taking down pirate material on an NTD basis. Before they were introduced, following the late unlamented Prodigy case, ISPs were scared that if they touched illegal content, even to monitor or it or remove it, they immediately became liable for that content themselves.
But the amusing thing, now, in 2006, is that YouTube in many ways looks way more like (non legal) Napster than AOL or CompuServe. It's used extensively by a very large number of users to download pirate copies (c 100 million videos served per week, according to Technollama, of which a large number must be infringing), It's a free service, which makes its money on ads. And it has that cool , anti-the-man chic about it.
But because YouTube only hosts material provided by third parties, and doesn't put up its own materials (as MP3.com did), it's protected by the DMCA and ECD safe harbors. (Unless a US or European court can be convinced that it had "constructive" notice of illegality - ie it should have known what was going on or as the DMCA and ECD put it, was "aware of facts or circumstances from which infringing activity is apparent" - which is not altogether impossible but perhaps unlikely.) While the Napsters of this world fell foul of secondary copyright infringement, because their central database pointed at illegal copies hosted by other users. They didn't get the benefit of the DMCA because they weren't seen as a host who could respond to NTD notices and were aware of infringing activity. This seems, in retrospect, mildly curious.
As for a Grokster analysis - as Technollama also points out, it's hard to argue that YouTube "induced" copyright infringement. Their site unlike Grokster's is free of anti-copyright rhetoric and their ToS are impeccable (not that that helped Grokster!) - plus YouTube can calmly say the site was mainly set up to allow users to host their own amateur copyright material, and , I think, prove it.
So this one looks like a no-brainer.
So what if YouTube was serving, not videos, but pithy quips from popular novels, and acute chapters of contemporary academic works? Would the scenario be the same? What, in other words, if it was Google Library slightly differently conceived? Is this a way forward?
EDIT: Chris Marsden helpfully points out that You Tube merely streams video, and does not enable actual download - this of course makes it look far less like Napster/Grokster etc.
While YouTube is perhaps best known for hosting user's own home vids (like the famous cat and Apple Powerbook video) it is also well known to host copyright material that fans or critics choose to upload - eg you can find the concluding segments of both the recent Dr Who and Green Wing series there. You can also find a middle ground of fan/user "mash ups" - songvids and the like - eg a very amusing parody of the end of that self same Dr Who series.
But YouTube is a host, not a P2P intermediary and so, oddly, it has the law on its side. The Digital Millennium Copyright Act provides that hosts who have no knowledge of hosting copyright infringing materail are immune from liability for it, as long as they respond to notices for take-down delivered in the style approved by the DMCA. (Furthermore, and even better, YouTube are protected from an action by a disgruntled user if they do so take down in good faith.) Nor is this just a USA oddity - the EC E Commerce Directive has a very similar regime for hosts in Art 14 of that instrument. (It's that provision that allows eBay in Europe, as previously discussed here, to get away with hosting trademark infringing goods so long as it removes them on notice, and expediently.)
These laws were drafted in the late 90s, before the P2P revolution but after the beginning of the dot.com boom, to protect ISPs , so as to encourage ISPs to collaborate with both the music industry and other such industry bodies in taking down pirate material on an NTD basis. Before they were introduced, following the late unlamented Prodigy case, ISPs were scared that if they touched illegal content, even to monitor or it or remove it, they immediately became liable for that content themselves.
But the amusing thing, now, in 2006, is that YouTube in many ways looks way more like (non legal) Napster than AOL or CompuServe. It's used extensively by a very large number of users to download pirate copies (c 100 million videos served per week, according to Technollama, of which a large number must be infringing), It's a free service, which makes its money on ads. And it has that cool , anti-the-man chic about it.
But because YouTube only hosts material provided by third parties, and doesn't put up its own materials (as MP3.com did), it's protected by the DMCA and ECD safe harbors. (Unless a US or European court can be convinced that it had "constructive" notice of illegality - ie it should have known what was going on or as the DMCA and ECD put it, was "aware of facts or circumstances from which infringing activity is apparent" - which is not altogether impossible but perhaps unlikely.) While the Napsters of this world fell foul of secondary copyright infringement, because their central database pointed at illegal copies hosted by other users. They didn't get the benefit of the DMCA because they weren't seen as a host who could respond to NTD notices and were aware of infringing activity. This seems, in retrospect, mildly curious.
As for a Grokster analysis - as Technollama also points out, it's hard to argue that YouTube "induced" copyright infringement. Their site unlike Grokster's is free of anti-copyright rhetoric and their ToS are impeccable (not that that helped Grokster!) - plus YouTube can calmly say the site was mainly set up to allow users to host their own amateur copyright material, and , I think, prove it.
So this one looks like a no-brainer.
So what if YouTube was serving, not videos, but pithy quips from popular novels, and acute chapters of contemporary academic works? Would the scenario be the same? What, in other words, if it was Google Library slightly differently conceived? Is this a way forward?
EDIT: Chris Marsden helpfully points out that You Tube merely streams video, and does not enable actual download - this of course makes it look far less like Napster/Grokster etc.
Subscribe to:
Posts (Atom)