In a fit of nostalgia, Pangloss feels like posting that the 3rd Scottish Information Commissioner Report has been published (even though Pangloss now does not live in Scotland and tries to avoid FOI like the plague.)
Still, it does seem kinda remarkable though that:
"1082 appeals [have been] received in the two years since the inception of the Freedom of Information (Scotland) Act (including 511 appeals in 2006) – twice as many applications as the Information Commissioner in England and Wales.
By the end of 2006 the Scottish Information Commissioner had completed 781 cases, with 326 decisions covering 350 separate applications. 328 applications were closed without investigation and 103 settled or withdrawn."
Twice as many as in England? Which has 10 times the population? What? Are Scots just naturally nosy? :-) What am I missing?
Also
"65 per cent of appeals came from ordinary members of the public
• 236 decision notices issued by the Commissioner
• The Court of Session has upheld the Commissioner’s decisions in all four of the appeals it has considered so far"
- which is a pretty good showing too.
Monday, June 04, 2007
Want to be a Porn Star?
.. no? well who said you got a choice?
"A 17-year-old college student is taking legal action against a pornographic film company after it "stole" a photograph of her and used it on the front cover of one of its productions."
One wonders what her threatened cause of action is. Data processing without consent? Breach of confidence? Or breach of publicity rights in the US where the porn company is based (now THAT would be a fun choice of law case under Rome II if action raised in the UK..)?
Ah if only these cases didn't always settle ! :-)
The porn film company optimistically opine that they were "entitled to use the picture because Lara had put it in the ''public domain'' ". Would be nice to see that one laid to rest in UK case law.
(Thanks to Steve Green for the tip.)
"A 17-year-old college student is taking legal action against a pornographic film company after it "stole" a photograph of her and used it on the front cover of one of its productions."
One wonders what her threatened cause of action is. Data processing without consent? Breach of confidence? Or breach of publicity rights in the US where the porn company is based (now THAT would be a fun choice of law case under Rome II if action raised in the UK..)?
Ah if only these cases didn't always settle ! :-)
The porn film company optimistically opine that they were "entitled to use the picture because Lara had put it in the ''public domain'' ". Would be nice to see that one laid to rest in UK case law.
(Thanks to Steve Green for the tip.)
Thursday, May 31, 2007
Mum's The Word
Another late catch up from my hols, mainly for own benefit. Mumsnet, the non-profit site run part-time by single mothers to advise on parenting, has capitulated to Fearsome Lawyers without going to court. Pangloss is rather sad.
From OUT-LAW:
"Mumsnet was sued by Gina Ford, who is famous for espousing strictly regimented baby routines, over comments made in the site forums. The long-running case has been settled with a Mumsnet apology and a payment to Ford, but Mumsnet founder Justine Roberts has asked the DCA to reform the law.
In the US, the moderator of a mailing list or website forum is exculpated under s 230 (c) of the CDA in respect of the content of posters- see Batzel v Cremers. Although s 230(c) is often seen as over wide, this is a ruling we could emulate, especially where the moderator makes no commercial gain from the site; it could always be subject perhaps to a removal of immunity where there is egregious breach of care (eg the email posted is forwarded from someone else and says DO NOT DISTRIBUTE in large capital letters.) Moderators of "public advice" websites are more like archivists than publishers; they rarely if ever make money from adverts or subs and do a good public service.
(It is fun to look back at this case today and compare it to whether Live Journal should be held liable in respect of members posting fiction containing under age rape. ISP liability is a wonderful area.)
From OUT-LAW:
"Mumsnet was sued by Gina Ford, who is famous for espousing strictly regimented baby routines, over comments made in the site forums. The long-running case has been settled with a Mumsnet apology and a payment to Ford, but Mumsnet founder Justine Roberts has asked the DCA to reform the law.
"Though we don't accept that any of the comments made on Mumsnet were defamatory, we took the decision to settle at least in part because of the distinct lack of clarity about how the defamation law applies to web forums," [said Roberts]..
The main problem seems to have been uncertainty about what "expeditious" removal on notice means under the EC E-Commerce Regulations.
"Roberts explained her dilemma: "How expeditious is expeditiously?" she asked. "We settled because there were some comments left up there for longer than 24 hours – though not much longer than 24 hours."
This is madness. My own recent empirical (as yet unpublished) research has shown a wide variation in time taken to remove content among UK ISPs and websites , from about 24 hours to a week, depending on the type of content, the urgency of the request and who is doing the asking. Pangloss agrees that more guidance is vital, in code of practice if not in law.In the US, the moderator of a mailing list or website forum is exculpated under s 230 (c) of the CDA in respect of the content of posters- see Batzel v Cremers. Although s 230(c) is often seen as over wide, this is a ruling we could emulate, especially where the moderator makes no commercial gain from the site; it could always be subject perhaps to a removal of immunity where there is egregious breach of care (eg the email posted is forwarded from someone else and says DO NOT DISTRIBUTE in large capital letters.) Moderators of "public advice" websites are more like archivists than publishers; they rarely if ever make money from adverts or subs and do a good public service.
(It is fun to look back at this case today and compare it to whether Live Journal should be held liable in respect of members posting fiction containing under age rape. ISP liability is a wonderful area.)
AVMS DIrective also finally passed
Good god the EU people really want their hols don't they? This one also seems to have been going as long as I can recall..
"The new proposal is called the Audiovisual Media Services (AVMS) Directive and will replace the TV Without Frontiers Directive. It will permit product placement as long as warnings are screened and will extend TV regulation to audiovisual material on the internet or on on-demand networks.
No time for real comment but Pangloss plans to look see what the line IS between Internet and TV (if it can be drawn) - what of this, for example?
The Directive covers audiovisual services as defined in Art 1(a):
"‘audiovisual media service’ appears to be defined by responsibility, purpose, and service provision:
=" a service as defined by Articles 49 and 50 of the Treaty which is under the editorial
responsibility of a media service provider and the principal purpose of which is the
provision of programmes in order to inform, entertain or educate, to the general public by electronic communications networks within the meaning of Article 2(a) of Directive 2002/21/EC of the European Parliament and of the Council. Such audiovisual media
services are either television broadcasts as defined in paragraph (c) of this Article or ondemand services as defined in paragraph (e) of this Article." [bold added]
(aa) 'programme' means a set of moving images with or without sound constituting an individual
item within a schedule or a catalogue established by a media service provider and whose form
and content is comparable to the form and content of television broadcasting. Examples of programmes include feature-length films, sports events, situation comedy, documentary, children’s programmes and original drama."
If anyone wants to interpret all that for me I'm all ears. Oh what the hell I'll have a go..
At very first blush it looks like You Tube do inded provide "programmes" (individual videos accessed in a catalogue) . "Editorial responsibility' means "the exercise of effective control both over the selection of the programmes and over their organisation ... in a catalogue, in the case of on-demand services. (AND) Editorial responsibility does not necessarily imply any legal liability under national law for the content or the services provided." (Art 1(ab)). That also seems to fit, the final sentence being crucial. So YT are a media service provider because they take editorial reponsibility (Art 1(b))
So - continuing the worked example - Is You Tube an ondemand service? Looks like it:
"'on-demand service' (i.e. a non-linear audiovisual media service) means an audiovisual media service provided by a media service provider for the viewing of programmes at the moment chosen by the user and at his/her individual request on the basis of a catalogue of programmes selected by the media service provider". (Art 1(e)). Tick.
So YT does seem to fall under the AVMSD in its pure Internet form, even before its content gets as far as Apple TV. But will Apple TV be a television broadcast, which would mean the same content would fall under two different regimes of regulation within the AVMSD? Nope, because acc to Art 1(c), that is a "a linear audiovisual media service" ie "an audiovisual media service provided on the basis of a programme schedule."
Which has the happy result of meaning that YT videoes whether on the Net or the Apple TV don't have to comply with Art 22 of the AVMS
BTW- I think this Directive has the best definitions section I've ever seen actually: anyone for a "‘surreptitious audiovisual commercial communication'? It means a web bug, I think.
In fact this is one of the topics of the panel I'll be moderating at the upcoming SCL Conference so hopefully I'll learn something to report!
"The new proposal is called the Audiovisual Media Services (AVMS) Directive and will replace the TV Without Frontiers Directive. It will permit product placement as long as warnings are screened and will extend TV regulation to audiovisual material on the internet or on on-demand networks.
Though there is some regulation of on-demand services, the regulatory burden is far lighter than it is on scheduled services."
No time for real comment but Pangloss plans to look see what the line IS between Internet and TV (if it can be drawn) - what of this, for example?
The Directive covers audiovisual services as defined in Art 1(a):
"‘audiovisual media service’ appears to be defined by responsibility, purpose, and service provision:
=" a service as defined by Articles 49 and 50 of the Treaty which is under the editorial
responsibility of a media service provider and the principal purpose of which is the
provision of programmes in order to inform, entertain or educate, to the general public by electronic communications networks within the meaning of Article 2(a) of Directive 2002/21/EC of the European Parliament and of the Council. Such audiovisual media
services are either television broadcasts as defined in paragraph (c) of this Article or ondemand services as defined in paragraph (e) of this Article." [bold added]
(aa) 'programme' means a set of moving images with or without sound constituting an individual
item within a schedule or a catalogue established by a media service provider and whose form
and content is comparable to the form and content of television broadcasting. Examples of programmes include feature-length films, sports events, situation comedy, documentary, children’s programmes and original drama."
If anyone wants to interpret all that for me I'm all ears. Oh what the hell I'll have a go..
At very first blush it looks like You Tube do inded provide "programmes" (individual videos accessed in a catalogue) . "Editorial responsibility' means "the exercise of effective control both over the selection of the programmes and over their organisation ... in a catalogue, in the case of on-demand services. (AND) Editorial responsibility does not necessarily imply any legal liability under national law for the content or the services provided." (Art 1(ab)). That also seems to fit, the final sentence being crucial. So YT are a media service provider because they take editorial reponsibility (Art 1(b))
So - continuing the worked example - Is You Tube an ondemand service? Looks like it:
"'on-demand service' (i.e. a non-linear audiovisual media service) means an audiovisual media service provided by a media service provider for the viewing of programmes at the moment chosen by the user and at his/her individual request on the basis of a catalogue of programmes selected by the media service provider". (Art 1(e)). Tick.
So YT does seem to fall under the AVMSD in its pure Internet form, even before its content gets as far as Apple TV. But will Apple TV be a television broadcast, which would mean the same content would fall under two different regimes of regulation within the AVMSD? Nope, because acc to Art 1(c), that is a "a linear audiovisual media service" ie "an audiovisual media service provided on the basis of a programme schedule."
Which has the happy result of meaning that YT videoes whether on the Net or the Apple TV don't have to comply with Art 22 of the AVMS
BTW- I think this Directive has the best definitions section I've ever seen actually: anyone for a "‘surreptitious audiovisual commercial communication'? It means a web bug, I think.
In fact this is one of the topics of the panel I'll be moderating at the upcoming SCL Conference so hopefully I'll learn something to report!
Google faces EU Regulation?
FInally today (honest), the Art 29 WP has issued a significant letter criticising Google's privacy protection of personal data. Google is now to be the subject of an Art 29 report.
Google's recent olive branch of increasing privacy protection by anonymising server logs older than 18-24 months old is dismissed as insufficient data minimisation for EU law. In particular the 30 year duration of a Google cookie (!) is mentioned as disproportionate.
Interesting to compare our cousins over the pond.. where this blogger is suggesting that Google can be seen as the Transparent Society in action. Since everyone, including commerce and the state already collects far more data about us than we know of or can control, isn't a way to fight back to have all that data openly available to everyone not just the state - as collected by a private and semi neutral organisation, ie Google?
"On the one side is that massive data integration by the State - and if you think you'll see much data from that, you'll be waiting a long time. On the flip side all the other data, just put out there for people to use. The State's default mode is to hide everything, Google's is to put it out there for everyone to use.
I know which society I'd prefer to live in."
I don't agree, at all, but it's an interesting angle. Especially in the age of the shadow of the ID database..
Back at market regulation, Web 2.0 is already beginning to provide us with companies whose business model is to allow you to track down what data people hold about you (a right you have in law under DP but how the hell do you do it in aggregate in practice) - try looking at Garlik for example.
ps More from the Beeb on this with an emphasis on Google's recent acquisition of DoubleClick.
Google's recent olive branch of increasing privacy protection by anonymising server logs older than 18-24 months old is dismissed as insufficient data minimisation for EU law. In particular the 30 year duration of a Google cookie (!) is mentioned as disproportionate.
Interesting to compare our cousins over the pond.. where this blogger is suggesting that Google can be seen as the Transparent Society in action. Since everyone, including commerce and the state already collects far more data about us than we know of or can control, isn't a way to fight back to have all that data openly available to everyone not just the state - as collected by a private and semi neutral organisation, ie Google?
"On the one side is that massive data integration by the State - and if you think you'll see much data from that, you'll be waiting a long time. On the flip side all the other data, just put out there for people to use. The State's default mode is to hide everything, Google's is to put it out there for everyone to use.
I know which society I'd prefer to live in."
I don't agree, at all, but it's an interesting angle. Especially in the age of the shadow of the ID database..
Back at market regulation, Web 2.0 is already beginning to provide us with companies whose business model is to allow you to track down what data people hold about you (a right you have in law under DP but how the hell do you do it in aggregate in practice) - try looking at Garlik for example.
ps More from the Beeb on this with an emphasis on Google's recent acquisition of DoubleClick.
Rome II
Less exciting than LJ censorship, and slightly late, but still significant: Rome II which seems to have been trundling on All My LIfe has finally reached a common agreement as of May 15 2007. the full text of the agreement does not yet seem to be available but many details are on Diana Wallis MEP's site.
As I'm sure you all know, Rome II deals with harmonising choice of law rules in cross-jurisdiction tort (delict) cases just as Rome I did for contracts.
Some interesting parts of the (very complicated) agreement for IT lawyers:
"Violation of privacy or rights relating to the personality:
It sounds to Pangloss , however, like this "final" agreement is not that final!
(with thanks to Gerrit Betlem for tip off.)
As I'm sure you all know, Rome II deals with harmonising choice of law rules in cross-jurisdiction tort (delict) cases just as Rome I did for contracts.
Some interesting parts of the (very complicated) agreement for IT lawyers:
"Violation of privacy or rights relating to the personality:
While it was agreed that legal actions connected with those rights will be excluded from the scope of this Regulation, the Commission was asked through a review clause to present, not later than 31 December 2008, a study on the situation in the field of the law applicable to non-contractual obligations arising out of violations of privacy and rights to relating to personality, taking into account rules relating to freedom of the press and freedom of expression in the media. Violations of privacy resulting from the handling of personal data will be also dealt with in the Commission’s study."
"Unfair competition and acts restricting free competition:
A compromise solution was found. It will allow for the application of one single law, while at the same time limiting, as far as possible, “forum shopping” by claimants."
It also seems that a similar report to the one on privacy related torts will be prepared on defamation rules by end 2008. This is has been a particular bugbear: the Commission excluded defamation altogether from Rome II but in January 2007 the MEPS voted to put it back in. This is of course highly significant for Internet libel cases. Previously when defamation was turfed out of Rome II, review would only have taken place four years after the passing of the Regulation.
It sounds to Pangloss , however, like this "final" agreement is not that final!
(with thanks to Gerrit Betlem for tip off.)
And More LJ..
Interesting climbdown.
I guess that one can be chalked up as another, albeit belated, victory for the users in web 2.0 culture - rather as with AACS and Digg.
It also makes it fairly plain that LJ's main worry was probably the appearance of locked communities to advertisers (where the visble content is mainly the "interests" - such as rape or paedophilia - rather than serious legal worries. Or perhaps that's too cynical.)
"We have always been strong supporters of free speech and at the same time we believe deeply that children deserve special protections as well as the victims of violence and hate. ... One could say that no matter what we did we would either be accused of opposing free speech or endangering children but I am sure we should and could have done this much better. "
I have a lot of sympathy:-)
I guess that one can be chalked up as another, albeit belated, victory for the users in web 2.0 culture - rather as with AACS and Digg.
It also makes it fairly plain that LJ's main worry was probably the appearance of locked communities to advertisers (where the visble content is mainly the "interests" - such as rape or paedophilia - rather than serious legal worries. Or perhaps that's too cynical.)
"We have always been strong supporters of free speech and at the same time we believe deeply that children deserve special protections as well as the victims of violence and hate. ... One could say that no matter what we did we would either be accused of opposing free speech or endangering children but I am sure we should and could have done this much better. "
I have a lot of sympathy:-)
Wednesday, May 30, 2007
Live Journal Attacked by Inocents (?)
A massive web 2.0-type censorship farrago has (yet again) engulfed Live Journal, probably the social blogging and networking site most popular with "fandom" - which includes the loose and vast collection of communities where people write slash fiction about under-age characters (as in Harry Potter and his cronies, for example.)
A rather shady outfit called Warriors for Innocence ("hunting pedophiles where they fester") appear to have either cajoled or threatened Live Journal (or its corporate owners, Six Apart) into taking down and/or deleting entries on a number of journals and communities whose "interests" keywords included terms like rape, teen, child and incest. In response , accusations are being made that some of these communities were for people who simply liked writing fan fiction and had absolutely no intention of encouraging or participating in sex with minors in "real life"; while other communities were actually doing positive good in that they were there to support incest survivors.
The usual web 2.0 battleground has now been thoroughly drawn up, with various calls for class actions for breach of contract against LJ, libel suits against WFI, claims WFI are actually an anti-LGBT group, and calls for symbolic one-day deletion of journals and user migration to other sites like GreatestJournal (which uses the same software as LJ and has been an alternative home in previous episodes of disenchantment with LJ, such as when default user icons showing breatfeeding and naked nipples (!) were banned).
The law as to LJ's possible liability seems at first clear, but has the odd wrinkle. First, no one seems very convinced that writing pedophilic literature (as opposed to taking, making, selling or distributing pictures of under age sex) is in fact any sort of criminal offence in any US state. Secondly, it is even less clear if publishing or facilitating the publication of such is a crime ("inducing pedophilia" anyone?). Thirdly, even if one assumes it is, would LJ be in any way criminally liable or would they be protected from liability? At first blush, this seems exactly the kind of situation the safe harbor of CDA was designed for. LJ , under the CDA, s 230 (c), as a service provider, should not be liable in respect of third party content.
However as every half awake blawger knows, the impact of s 230(c) on Web 2.0, user generated content sites has become steadily more blurry. As recently reported here, the social site Roommates.com was recently found liable by the Sixth Circuit for, in effect, publishing room listings placed by third parties which were in breach of anti-discrimination renting laws. Rommmates.com did not benefit from s 230 (c) because by providing a rigid template for entry of text, they had effectively become content providers, not just content platform provider.
It seems unlikely this would apply to LJ where almost all text is provided free form. On the other had, LJ does supply a "template" for journallers and communities to list their "interests" which are then used in searches. And it is these "interests" which are at the heart of LJ's current attempts at censorship. Could they have thought that Roommates.com left them at risk?
A rather more likely rumour is that LJ at first held firm, confident they were protected by the CDA, but panicked when WFI began going round their advertisers suggesting that LJ was not a nice place to hang out. This seems to have lead to a rather panicky surge of deletions of communities and journals. A more helpful approach would probably have been to have identified, before deletion or suspension, which communities were at least devoted to incest survivor support, and spared them the trouble of protest. Much of the furore also seems to surround accusations that LJ unilaterally changed its Terms of Service - yet it is completely clear that they reserved the right (sensibly) to do this at any time (clause 13, Revisions, of ToS).
Sparing "Fan" sites also seems a rather more difficult call: as Warren Ellis, the comics writer put it, "The outcome .. has been pure comedy, with comments that read very much like “I love spending all day reading about forced underage incestuous sex with squirrel fisting on top, but of course I’m not interested in that in real life — that’d make me a pervert!”
Some "fan" writers have declared volubly that there is a vast difference between those who like to write fantasies of underage sex and those who'd ever wish to take part in them. PanGloss finds this a rather difficult call to expect a court, let alone a bunch of technohippies to make: surely every paedophile writer in the world would simply declare that oh no, they are merely a rampant Harry Potter slash fan?
Pangloss herself finds the degree of fan hysteria round this type of event a bit hard to stomach. LJ is a private site. It is not a state nor a common carrier nor a "public broadcaster" with positive obligations as to content, like the BBC in the UK. It is basically a business, one which rather oddly and sweetly does not seem to try to make maximum profits when it could (charge everyone, or show everyone ads.) The overwhelming majority of people using LJ still get their accounts and the extremely sophisticated functionality for free (and without advertising - ads are only given on consent, in return for which the user gets extra functionality, like being able to set up polls or have more user icons).
Yet in return for zero consideration, LJ seems to be expected by its clientele to take on a high dgree of risk in an uncertain area of law and to resist censorship at all costs. Yet in principle the situation is exactly as if Walmart had decided not to stock (say) Hello Kitty vibrators. Whether they are legal or not, it's Wallmart's store and Walmart's call. And if Walmart think those vibrators are a bit dodgy, either legally or in terms of alienating or annoying certain customers, then so be it. If they were stocking stuff they thought might or might not be legal, there isn't a lawyer in the world who wouldn't advise them to dump that stuff; and that's WALMART - who have millions of dollars and lawyers to fight prosecutions or civil suits.
An LJ or other web 2.0 site has the right to protect itself against the risk of being sued or prosecuted out of existence for taking on risk in an uncertain legal area. Would you rather have a world with LJ in it, albeit mildly policing the most extreme and likely to be dodgy of its boundaries, or a world with no LJ? Taking normal business steps to reduce legal risk is not the same as going over to the forces of censorship, fascism, illiberality and darkness.
It is interesting that many LJ users seem to feel LJ has a moral (not legal) duty to defend free speech over and above that of a normal business. PanGloss is not sure why. Isn't it good enough that they provide a global speech platform for free, and make efforts, it seems, not to "censor" (ie reduce legal risk) until someone with an agenda,like WFI, makes waves too big to ignore? In some ways , the web 2.0 social sites seem to have inherited the mantle of comforting and morally upright parent which we no longer expect of conventional nation states (?).
See also: Boing Boing
Useful links from LJ
Sample LJ Abuse team Letter
A rather shady outfit called Warriors for Innocence ("hunting pedophiles where they fester") appear to have either cajoled or threatened Live Journal (or its corporate owners, Six Apart) into taking down and/or deleting entries on a number of journals and communities whose "interests" keywords included terms like rape, teen, child and incest. In response , accusations are being made that some of these communities were for people who simply liked writing fan fiction and had absolutely no intention of encouraging or participating in sex with minors in "real life"; while other communities were actually doing positive good in that they were there to support incest survivors.
The usual web 2.0 battleground has now been thoroughly drawn up, with various calls for class actions for breach of contract against LJ, libel suits against WFI, claims WFI are actually an anti-LGBT group, and calls for symbolic one-day deletion of journals and user migration to other sites like GreatestJournal (which uses the same software as LJ and has been an alternative home in previous episodes of disenchantment with LJ, such as when default user icons showing breatfeeding and naked nipples (!) were banned).
The law as to LJ's possible liability seems at first clear, but has the odd wrinkle. First, no one seems very convinced that writing pedophilic literature (as opposed to taking, making, selling or distributing pictures of under age sex) is in fact any sort of criminal offence in any US state. Secondly, it is even less clear if publishing or facilitating the publication of such is a crime ("inducing pedophilia" anyone?). Thirdly, even if one assumes it is, would LJ be in any way criminally liable or would they be protected from liability? At first blush, this seems exactly the kind of situation the safe harbor of CDA was designed for. LJ , under the CDA, s 230 (c), as a service provider, should not be liable in respect of third party content.
However as every half awake blawger knows, the impact of s 230(c) on Web 2.0, user generated content sites has become steadily more blurry. As recently reported here, the social site Roommates.com was recently found liable by the Sixth Circuit for, in effect, publishing room listings placed by third parties which were in breach of anti-discrimination renting laws. Rommmates.com did not benefit from s 230 (c) because by providing a rigid template for entry of text, they had effectively become content providers, not just content platform provider.
It seems unlikely this would apply to LJ where almost all text is provided free form. On the other had, LJ does supply a "template" for journallers and communities to list their "interests" which are then used in searches. And it is these "interests" which are at the heart of LJ's current attempts at censorship. Could they have thought that Roommates.com left them at risk?
A rather more likely rumour is that LJ at first held firm, confident they were protected by the CDA, but panicked when WFI began going round their advertisers suggesting that LJ was not a nice place to hang out. This seems to have lead to a rather panicky surge of deletions of communities and journals. A more helpful approach would probably have been to have identified, before deletion or suspension, which communities were at least devoted to incest survivor support, and spared them the trouble of protest. Much of the furore also seems to surround accusations that LJ unilaterally changed its Terms of Service - yet it is completely clear that they reserved the right (sensibly) to do this at any time (clause 13, Revisions, of ToS).
Sparing "Fan" sites also seems a rather more difficult call: as Warren Ellis, the comics writer put it, "The outcome .. has been pure comedy, with comments that read very much like “I love spending all day reading about forced underage incestuous sex with squirrel fisting on top, but of course I’m not interested in that in real life — that’d make me a pervert!”
Some "fan" writers have declared volubly that there is a vast difference between those who like to write fantasies of underage sex and those who'd ever wish to take part in them. PanGloss finds this a rather difficult call to expect a court, let alone a bunch of technohippies to make: surely every paedophile writer in the world would simply declare that oh no, they are merely a rampant Harry Potter slash fan?
Pangloss herself finds the degree of fan hysteria round this type of event a bit hard to stomach. LJ is a private site. It is not a state nor a common carrier nor a "public broadcaster" with positive obligations as to content, like the BBC in the UK. It is basically a business, one which rather oddly and sweetly does not seem to try to make maximum profits when it could (charge everyone, or show everyone ads.) The overwhelming majority of people using LJ still get their accounts and the extremely sophisticated functionality for free (and without advertising - ads are only given on consent, in return for which the user gets extra functionality, like being able to set up polls or have more user icons).
Yet in return for zero consideration, LJ seems to be expected by its clientele to take on a high dgree of risk in an uncertain area of law and to resist censorship at all costs. Yet in principle the situation is exactly as if Walmart had decided not to stock (say) Hello Kitty vibrators. Whether they are legal or not, it's Wallmart's store and Walmart's call. And if Walmart think those vibrators are a bit dodgy, either legally or in terms of alienating or annoying certain customers, then so be it. If they were stocking stuff they thought might or might not be legal, there isn't a lawyer in the world who wouldn't advise them to dump that stuff; and that's WALMART - who have millions of dollars and lawyers to fight prosecutions or civil suits.
An LJ or other web 2.0 site has the right to protect itself against the risk of being sued or prosecuted out of existence for taking on risk in an uncertain legal area. Would you rather have a world with LJ in it, albeit mildly policing the most extreme and likely to be dodgy of its boundaries, or a world with no LJ? Taking normal business steps to reduce legal risk is not the same as going over to the forces of censorship, fascism, illiberality and darkness.
It is interesting that many LJ users seem to feel LJ has a moral (not legal) duty to defend free speech over and above that of a normal business. PanGloss is not sure why. Isn't it good enough that they provide a global speech platform for free, and make efforts, it seems, not to "censor" (ie reduce legal risk) until someone with an agenda,like WFI, makes waves too big to ignore? In some ways , the web 2.0 social sites seem to have inherited the mantle of comforting and morally upright parent which we no longer expect of conventional nation states (?).
See also: Boing Boing
Useful links from LJ
Sample LJ Abuse team Letter
Wednesday, May 23, 2007
Blogzilla: Generation Y and privacy
Blogzilla has an interesting post on Generation Y and privacy.
I am in fact usually one of the doom sayers who argues that privacy norms and by extension, regulation, will have to change as the current Web 2.0 generation grows up. But perhaps I'm wrong? My very dear colleague Judith Rauhofer will be tackling the privacy "dark side" of Web 2.0 at my upcoming workshop in September (website coming soon.)
I am in fact usually one of the doom sayers who argues that privacy norms and by extension, regulation, will have to change as the current Web 2.0 generation grows up. But perhaps I'm wrong? My very dear colleague Judith Rauhofer will be tackling the privacy "dark side" of Web 2.0 at my upcoming workshop in September (website coming soon.)
Tuesday, May 22, 2007
AllOfMP3.com declared fraudulent
Interesting story - the IFPI raid an agent of AllOfMP3.com, the infamous Russian-based illegal download service, in London.
"The individual was allegedly the UK-based European agent for allofmp3.com, facilitating the sale of digital downloads by advertising and selling vouchers through auction sites such as eBay and the website allofmp3vouchers.co.uk. That website has now been taken down from the internet. The vouchers contained a code that allowed UK and European consumers to access and download music illegally from the allofmp3.com website.
The legal liability of these payment intermediaries for providing funds access to AllOfMP3.com of course remains untested, as far as Pangloss knows. Would they be secondary infringers in UK copyright law, or "inducers" of copyright infringement in the US, a la Grokster? This must be the fear , but it would be nice to have had it judicially examined.
Secondly, the 2006 Fraud Act provisions were, it was thought, introduced to deal more effectively with "phishing", not copyright infringement - but it seems they have now been appropriated to that context. In Scotland where the 2006 Act does not operate, it is likely the existing common law of fraud would cover similar action. Is it fraud to take money in exchange for illegal services? One might argue that the punters were not being defrauded as they were getting exactly what they asked for , namely, downloads of music. Compare phishing where there is clear deception. The police/BPI argument would be that the punters are being deceived that what they are buying is legal in the UK. That, to Pangloss, seems in itself, rather deceptive:-)
"The individual was allegedly the UK-based European agent for allofmp3.com, facilitating the sale of digital downloads by advertising and selling vouchers through auction sites such as eBay and the website allofmp3vouchers.co.uk. That website has now been taken down from the internet. The vouchers contained a code that allowed UK and European consumers to access and download music illegally from the allofmp3.com website.
Charging £10 per voucher, the suspect was believed to be taking payment from European customers and transferring the cash into various offshore accounts operated by the site's Russian owners.
Metropolitan Police officers seized computer equipment and paperwork for further investigation. Early indications suggest the pirate operation may have generated criminal proceeds for the Russian website running into tens of thousands of pounds."
It is worth noting that the police executed the raid not under copyright law per se, but under Section 2 of the Fraud Act 2006 - legislation introduced into UK law in January 2007 specifically to combat online fraud. IPRED 2 was *not* involved. The 2006 Act makes it a criminal offense to dishonestly make a false representation for gain. A fales representation is one that is untrue or misleading and the person making it knows this. This is reportedly the first time the new fraud legislation has been used in a copyright-related case.
Interesting on two counts therefore. First, this is a good example of how even operating in a law haven like Rusia cannot necessarily save your business model in more lawful jurisdictions, when payment intermediaries are squeezed - Visa, Mastercard and even PayPal had ceased "laundering" payments to AllOfMP3.com from the UK making it almost unuseable by the average UK punter. (One wonders about Google Checkout?) . Similar strategies have been adopted successfully by the US to throttle online offshore gambling services offered to US nationals by countries like Antigua.The legal liability of these payment intermediaries for providing funds access to AllOfMP3.com of course remains untested, as far as Pangloss knows. Would they be secondary infringers in UK copyright law, or "inducers" of copyright infringement in the US, a la Grokster? This must be the fear , but it would be nice to have had it judicially examined.
Secondly, the 2006 Fraud Act provisions were, it was thought, introduced to deal more effectively with "phishing", not copyright infringement - but it seems they have now been appropriated to that context. In Scotland where the 2006 Act does not operate, it is likely the existing common law of fraud would cover similar action. Is it fraud to take money in exchange for illegal services? One might argue that the punters were not being defrauded as they were getting exactly what they asked for , namely, downloads of music. Compare phishing where there is clear deception. The police/BPI argument would be that the punters are being deceived that what they are buying is legal in the UK. That, to Pangloss, seems in itself, rather deceptive:-)
Thursday, May 17, 2007
Web 2.0 sites beware!
Interesting decision from the States yesterday on immunity of hosts ("service providers") under CDA s 230 (c).
The Ninth Circuit Court of Appeals just determined that Roommates.com - a networking site for people looking for, housesharers, did not deserve immunity under Section 230 of the US Communications Decency Act for information that users of the site provide on questionnaires during registration.
This is rather reminiscent of the debate in the UK before the E Commerce Directive about whether sites were "editors" under the Defamation Act 1996 s 1 if they undertook any kind of filtering or editing of content - and the even earlier debate in the US about whether ISPs like Prodigy were putting themselves at risk of liability by undertaking similar editorial work to create "family-safe" content. Basically, if you are a user-generated content site, do you dare to mess with the content at all, even if the result is a better or more searchable/manageable/less offensive product for your users? Section 230 (c) was designed to put an end to such worries, as was in Europe, the ECD. From that perspective this is a very regressive step.
On the other hand, it has become increasingly clear that s 230(c) was too widely drawn in giving absolute immunity to ISPs/hosts in respect of criminal liability and non-copyright-related torts (cf the later DMCA, whose scheme is akin to the EU ECD in allowing limited immunity subject to notice and take down and other requirements) - and a series of cases have attempted to rein in that immunity by, eg, re-introducing distributor liability.
This case is a logical progression, but it is unfortunate. (A better solution would be legislative reform of s 230 (c) - but that ain't going to happen.) As the Register point out, what will the implications be for all the sites which "facilitate" or "edit" or "structure" or "filter" or even perhaps "tag" user-generated content - the MySpaces , Facebooks, and even the Googles? MySpace and Facebook both "structure" (some) information via menus and questions. So do many dating sites. What if some of this content is defamatory or obscene? In particular the word "categorized" is worrying. What might this do to the liability of new tagging sites like Digg and Delicio.us so valuable to the Internet at large?
In most these cases - especially the Diggs and Delicio.us es - I think the argument can be developed that they do not "thin down" or restrict or impose structure on the information generated by a third party content provider - which seems the nuance of the case - but merely add value to it separate from the actual text of the third party content. (What will AACS be thinking reading this, I wonder?) Similarly Google can argue that they do not themselves filter content but merely respond to user (ie third party) instruction. Nonetheless Google is usually made available with default on Safe Search, ie filtering out obscene content - so the position is not all that clear.
I await the appeal:-)
The Ninth Circuit Court of Appeals just determined that Roommates.com - a networking site for people looking for, housesharers, did not deserve immunity under Section 230 of the US Communications Decency Act for information that users of the site provide on questionnaires during registration.
The Register reports that "Section 230 of the CDA gives providers of an interactive computer service, such as a website, immunity from lawsuits relating to the publication of information on the site by a person other than the site's provider. Thus, information posted to a blog's comments or on an online forum won't put the site provider on the hook for damages if the publication of the content happens to break the law someplace.
Someone who, in whole or in part, creates or develops the published information, however, qualifies as a "content provider," and falls outside the bounds of the immunity. The Ninth Circuit panel determined that Roommates.com, by filtering the kind of information that visitors to the site would see, had developed the information provided, and could not claim immunity for the publication of the information...
The key quote from J Kozinski is "By categorizing, channeling and limiting the distribution of users’ profiles, Roommate provides an additional layer of information that it is “responsible” at least “in part” for creating or developing." [bold added]
In other words, Rommmates .com were, it seems, held to have "created" , in part though not in whole, the information that users themselves supplied via structured drop down menus; (eg "do you want to live with [options] straight men/gay men/straight women/gay women/anyone")but not information supplied by users themselves in freeform comments. That information was then held to have breached the anti-discrimination provisions of the Fair Housing Act.This is rather reminiscent of the debate in the UK before the E Commerce Directive about whether sites were "editors" under the Defamation Act 1996 s 1 if they undertook any kind of filtering or editing of content - and the even earlier debate in the US about whether ISPs like Prodigy were putting themselves at risk of liability by undertaking similar editorial work to create "family-safe" content. Basically, if you are a user-generated content site, do you dare to mess with the content at all, even if the result is a better or more searchable/manageable/less offensive product for your users? Section 230 (c) was designed to put an end to such worries, as was in Europe, the ECD. From that perspective this is a very regressive step.
On the other hand, it has become increasingly clear that s 230(c) was too widely drawn in giving absolute immunity to ISPs/hosts in respect of criminal liability and non-copyright-related torts (cf the later DMCA, whose scheme is akin to the EU ECD in allowing limited immunity subject to notice and take down and other requirements) - and a series of cases have attempted to rein in that immunity by, eg, re-introducing distributor liability.
This case is a logical progression, but it is unfortunate. (A better solution would be legislative reform of s 230 (c) - but that ain't going to happen.) As the Register point out, what will the implications be for all the sites which "facilitate" or "edit" or "structure" or "filter" or even perhaps "tag" user-generated content - the MySpaces , Facebooks, and even the Googles? MySpace and Facebook both "structure" (some) information via menus and questions. So do many dating sites. What if some of this content is defamatory or obscene? In particular the word "categorized" is worrying. What might this do to the liability of new tagging sites like Digg and Delicio.us so valuable to the Internet at large?
In most these cases - especially the Diggs and Delicio.us es - I think the argument can be developed that they do not "thin down" or restrict or impose structure on the information generated by a third party content provider - which seems the nuance of the case - but merely add value to it separate from the actual text of the third party content. (What will AACS be thinking reading this, I wonder?) Similarly Google can argue that they do not themselves filter content but merely respond to user (ie third party) instruction. Nonetheless Google is usually made available with default on Safe Search, ie filtering out obscene content - so the position is not all that clear.
I await the appeal:-)
ps other views: Eric Goldman ; Eugene Volokh - neither happy.
Oysters Reopened
Anonymous (which is not a very helpful name for a correspondent) asked me "Just a quick question, why are you linking to a story that is over 12 months old saying 'look no further'?"
Well, in utter truth because I had Googled that story before I was referred to it by Andy, and caught the tag date "15 may 2007" and thought ah good, developments. Of course that was the date Google last spidered it not the actual date of the article which was very similar except one year earlier.. I blame 33 hours on a fery from Bilbao:-)
The ongoing story, as my anonymous corespondent pointed out, is that "TfL has already signed a deal with Barclaycard and Visa to launch a range of Oyster-branded credit and debit cards, which are also expected in the autumn."
However this isn't very exciting news. As already recorded here, Visa have already made it first into the contactless credit market in the EU with their payWave technology. The same article says that Mastercard and Amex are also on this route. A dual purpose Oyster card/credit card wil howeevr no doubt be a killer app (I'd get one myself).
But the real story for me here is the apparent death of the multipurpose stored value card. "Digital cash" of the 90s is dead ; long live contactless credit/debit (pace the nascent security problems no doubt about to emerge). I always had my doubts that in an era of bountiful credit, consumers could be persuaded to put cash up front in stored value AND carry an extra card around, whose loss, stored value and all, would (like cash) not be recoverable; this appears to have been the case. And the chances of Visa, Mastercard et al going bust are rather lower than with a pioneering digicash supplier. Interesting how the future is not always what we expect.
Well, in utter truth because I had Googled that story before I was referred to it by Andy, and caught the tag date "15 may 2007" and thought ah good, developments. Of course that was the date Google last spidered it not the actual date of the article which was very similar except one year earlier.. I blame 33 hours on a fery from Bilbao:-)
The ongoing story, as my anonymous corespondent pointed out, is that "TfL has already signed a deal with Barclaycard and Visa to launch a range of Oyster-branded credit and debit cards, which are also expected in the autumn."
However this isn't very exciting news. As already recorded here, Visa have already made it first into the contactless credit market in the EU with their payWave technology. The same article says that Mastercard and Amex are also on this route. A dual purpose Oyster card/credit card wil howeevr no doubt be a killer app (I'd get one myself).
But the real story for me here is the apparent death of the multipurpose stored value card. "Digital cash" of the 90s is dead ; long live contactless credit/debit (pace the nascent security problems no doubt about to emerge). I always had my doubts that in an era of bountiful credit, consumers could be persuaded to put cash up front in stored value AND carry an extra card around, whose loss, stored value and all, would (like cash) not be recoverable; this appears to have been the case. And the chances of Visa, Mastercard et al going bust are rather lower than with a pioneering digicash supplier. Interesting how the future is not always what we expect.
Wednesday, May 16, 2007
The Oyster is hard to Prise Open..
Re yesterday's query about when Oyster Card would finally roll out as a multi purpoe contactless small payments card.. look no further.
Interestingly, no mention of legal difficulties round becoming an EMI - only commercial problems with revenue sharing.
Interestingly, no mention of legal difficulties round becoming an EMI - only commercial problems with revenue sharing.
Tuesday, May 15, 2007
PayPal plays with the big boys
My colleague Technollama and I have long subscribed to the view that PayPal does not really fit the model of an Electronic Money Issuer under Euro law , despite the fact that the UK and other EU countries have agreed to accredit it as such. PayPal itself has now taken the interesting step of declaring that it plans to move to Luxembourg and become a proper bank, for apparently commercial rather than legal reasons. This certainly demonstrates the growing mainstream strength of the mobile payments market. But what does it mean for other emergent digital payment forms? Not all will have the cash reserves of PayPal, necessary to achieve accreditation under existing EU banking capitalisation and risk rules. The EMI Directive probably still needs revisited if innovation is really to get going in this market.
Interestingly, the market now supports credit cards used as a contactless payment card (Visa's new payWave); the mobile phone used as an easy billing mechanism for micro-payments (prevalent in many EU countries, though not yet the UK); niche RFID pre-paid payment cards (eg Oyster Card for London tube) and now a major "bank" which uses agency techniques and existing credit institutions, rather than a stored value card, to provide mobile credit. What has never actually taken off is real omni-purpose stored value debit cards - "digital cash" - as predicted throughout the early 2000s , and which the EMI Directive was specifically tailored to regulate.
I still wonder when (if ever?) we will see the long awaited roll out of OysterCard as a multipurpose small payments contactless stored value card mechanism? And what form of regulation it will then opt for?
Interestingly, the market now supports credit cards used as a contactless payment card (Visa's new payWave); the mobile phone used as an easy billing mechanism for micro-payments (prevalent in many EU countries, though not yet the UK); niche RFID pre-paid payment cards (eg Oyster Card for London tube) and now a major "bank" which uses agency techniques and existing credit institutions, rather than a stored value card, to provide mobile credit. What has never actually taken off is real omni-purpose stored value debit cards - "digital cash" - as predicted throughout the early 2000s , and which the EMI Directive was specifically tailored to regulate.
I still wonder when (if ever?) we will see the long awaited roll out of OysterCard as a multipurpose small payments contactless stored value card mechanism? And what form of regulation it will then opt for?
Wednesday, May 02, 2007
OK v Hello!
OK v Hello! has finally been decided in the House of Lords (thanks to Loveandgarbage for the tip-off.) This is NOT, it should be stressed, about whether Michael Douglas and C. Zeta-Jones had their privacy invaded at their wedding (that one's been and gone in a shower of legal fees); it is about whether Hello! stole confidential information from OK, the information not being "about" OK, but about the aforesaid starlets and their so-called "private life".
According to the Beeb, "what the Law Lords were asked to decide was this: Did Hello magazine breach commercially confidential information in publishing unauthorised photos of the wedding of Michael Douglas and Catherine Zeta Jones?
And by a majority of three-to-two, yes, they did. So much , so duh. What we really wanted to know was: does this create a new property right, a right in your own image caught in photos, in videos, on tee shirts etc? And enforceable against the world, not just persons in a contractual relationship, or a relationship of confidence? Lord Hoffman says no: but it is clear the Max Cliffords of this world will waste no time in trying to turn it into one (especially given the tacit but acknowledge acceptance of such rights already in celebrity contracts and finacial planning affairs.)
I haven't had time to read it properly yet but am slightly heartened by one para that already caught my eye:
"118. It is first necessary to avoid being distracted by the concepts of privacy and personal information. In recent years, English law has adapted the action for breach of confidence to provide a remedy for the unauthorized disclosure of personal information: see Campbell v MGN Ltd [2004] 2 AC 457. This development has been mediated by the analogy of the right to privacy conferred by article 8 of the European Convention on Human Rights and has required a balancing of that right against the right to freedom of expression conferred by article 10. But this appeal is not concerned with the protection of privacy. Whatever may have been the position of the Douglases, who, as I mentioned, recovered damages for an invasion of their privacy, OK!'s claim is to protect commercially confidential information and nothing more. So your Lordships need not be concerned with Convention rights. OK! has no claim to privacy under article 8 nor can it make a claim which is parasitic upon the Douglases' right to privacy. The fact that the information happens to have been about the personal life of the Douglases is irrelevant. It could have been information about anything that a newspaper was willing to pay for. What matters is that the Douglases, by the way they arranged their wedding, were in a position to impose an obligation of confidence. They were in control of the information."
So we have not recognised , it appears, that X can sell their private life to Y, and Y can use privacy remedies to defend it. This is a good thing in my book. On the other hand, we have it seems in essence created a new form of intellectual property which can be defended against infringement by all comers, rather than merely against those who were in a contractual relationship. Celebrities and their lawyers and the crappy celebrity culture will all be very happy; and that can only be bad.
Intellectual prioperty rights are not awarded simply because it's a nice thing to so; they strike a balance between the need to incentivise creation and inovation, and the public interest in not allowing monopoly property rights over information.
Why should this balance be struck *at all* in relation to celebrity "image rights"? Do we want to incentivise the creation or more celebrities, or more celebrity activity? Would people not become celebrities even if the image right revenue stream was not available? As far as I'm concerned , the answers are no and yes. But what's done is done.
According to the Beeb, "what the Law Lords were asked to decide was this: Did Hello magazine breach commercially confidential information in publishing unauthorised photos of the wedding of Michael Douglas and Catherine Zeta Jones?
And by a majority of three-to-two, yes, they did. So much , so duh. What we really wanted to know was: does this create a new property right, a right in your own image caught in photos, in videos, on tee shirts etc? And enforceable against the world, not just persons in a contractual relationship, or a relationship of confidence? Lord Hoffman says no: but it is clear the Max Cliffords of this world will waste no time in trying to turn it into one (especially given the tacit but acknowledge acceptance of such rights already in celebrity contracts and finacial planning affairs.)
I haven't had time to read it properly yet but am slightly heartened by one para that already caught my eye:
"118. It is first necessary to avoid being distracted by the concepts of privacy and personal information. In recent years, English law has adapted the action for breach of confidence to provide a remedy for the unauthorized disclosure of personal information: see Campbell v MGN Ltd [2004] 2 AC 457. This development has been mediated by the analogy of the right to privacy conferred by article 8 of the European Convention on Human Rights and has required a balancing of that right against the right to freedom of expression conferred by article 10. But this appeal is not concerned with the protection of privacy. Whatever may have been the position of the Douglases, who, as I mentioned, recovered damages for an invasion of their privacy, OK!'s claim is to protect commercially confidential information and nothing more. So your Lordships need not be concerned with Convention rights. OK! has no claim to privacy under article 8 nor can it make a claim which is parasitic upon the Douglases' right to privacy. The fact that the information happens to have been about the personal life of the Douglases is irrelevant. It could have been information about anything that a newspaper was willing to pay for. What matters is that the Douglases, by the way they arranged their wedding, were in a position to impose an obligation of confidence. They were in control of the information."
So we have not recognised , it appears, that X can sell their private life to Y, and Y can use privacy remedies to defend it. This is a good thing in my book. On the other hand, we have it seems in essence created a new form of intellectual property which can be defended against infringement by all comers, rather than merely against those who were in a contractual relationship. Celebrities and their lawyers and the crappy celebrity culture will all be very happy; and that can only be bad.
Intellectual prioperty rights are not awarded simply because it's a nice thing to so; they strike a balance between the need to incentivise creation and inovation, and the public interest in not allowing monopoly property rights over information.
Why should this balance be struck *at all* in relation to celebrity "image rights"? Do we want to incentivise the creation or more celebrities, or more celebrity activity? Would people not become celebrities even if the image right revenue stream was not available? As far as I'm concerned , the answers are no and yes. But what's done is done.
Thursday, April 26, 2007
Why oh why oh why
Blogger took my blog away again. Now I have it back (it's like a children's tale of woe) but my entries have vanished since Nov 06.
Watch this space. It may be dull, but at least it's there:)
Some announcements.
GikIII 2 : the Comeback is GO. See CFP at http://www.law.ed.ac.uk/ahrc/gikii/ . THIS IS GIKIII!!! September 19, London.
THis will follow a much more serious and Constructive workshop on "Law 2.0" - or possibly Law 3.7 - the jury is stil out on this one. Anyway , it is being sponsored by the SCL and the very kind Herbert Smith Solicitors, London, chaired by moi and will explore the legal aspects of WEb 2.0 - user generated content, mash ups, C2C business models, the Semantic Web, eScience, blogs and open source/open content. It should be very very interesting. September 17-18, London.
Also - Geeklawyer has organised a first UK meeting of law blawgers on 18th May in LOndon. See http://blog.geeklawyer.org/uk-legal-blogging-conference/. Pangloss hopes to go, if only for the curry in the evning - she probably doesn't deserve any better given her recent miserable show on blogging (though not as bad as Blogger would make out - grr.)
BILETA in Hertfordshire in April was as usual enormous fun. Full papers will be up soon so worth a visit. Pangloss is now on the BILETA Exec for the third time - this time on retirement I get a gold watch - or something. Guess when the first meeting of the Exec is? Yup, 18th May..
Similarly, Pangloss had already signed up to go the OxII day on global Internet filtering which judging by the sign up WikI will be attended bya cast of IT gliterati. Guess when it is? Yup, May 18.
Which will Pangloss go to? Write in with your suggestion (if this was Live Journal it would be a poll.)
Watch this space. It may be dull, but at least it's there:)
Some announcements.
GikIII 2 : the Comeback is GO. See CFP at http://www.law.ed.ac.uk/ahrc/gikii/ . THIS IS GIKIII!!! September 19, London.
THis will follow a much more serious and Constructive workshop on "Law 2.0" - or possibly Law 3.7 - the jury is stil out on this one. Anyway , it is being sponsored by the SCL and the very kind Herbert Smith Solicitors, London, chaired by moi and will explore the legal aspects of WEb 2.0 - user generated content, mash ups, C2C business models, the Semantic Web, eScience, blogs and open source/open content. It should be very very interesting. September 17-18, London.
Also - Geeklawyer has organised a first UK meeting of law blawgers on 18th May in LOndon. See http://blog.geeklawyer.org/uk-legal-blogging-conference/. Pangloss hopes to go, if only for the curry in the evning - she probably doesn't deserve any better given her recent miserable show on blogging (though not as bad as Blogger would make out - grr.)
BILETA in Hertfordshire in April was as usual enormous fun. Full papers will be up soon so worth a visit. Pangloss is now on the BILETA Exec for the third time - this time on retirement I get a gold watch - or something. Guess when the first meeting of the Exec is? Yup, 18th May..
Similarly, Pangloss had already signed up to go the OxII day on global Internet filtering which judging by the sign up WikI will be attended bya cast of IT gliterati. Guess when it is? Yup, May 18.
Which will Pangloss go to? Write in with your suggestion (if this was Live Journal it would be a poll.)
Saturday, March 17, 2007
Law and Society Conference 2007
Paper at a conference I'm going to in Berlin in July. I'm quite intrigued actually, so there to the undoubted cynics out there :-P
The Gendering and Sex of Online Information
In Session: The Morality and Politics of Search Engines and User-Generated Content 1236
Author:*Ann Bartow (University of South Carolina)
Abstract: Drawing from feminist legal theory, research into computer intermediated discourse, and cultural studies, this paper looks at the impact of search engines and user generated Internet content on the construction of gender and sex in cyberspace. Ways in which the structures and norms of Internet searching and content generation may ultimately re-order specific areas of the law in will be addressed, as will the impact of anonymously or pseudonymously authored source material, and online activities colloquially termed "astroturfing" and "sockpuppeting," with an explicit focus on important issues of gender and sexuality.
Er, what is "astroturfing"????
I'm going as the speaker and rapporteur on a panel on privacy and security with my esteemed colleagues Andrea Matwyshwn, Jennifer Chandler, Jay Kesan and Hiram Juarbe. The conference looks remarkable - everything from gendering of Israeli legal culture to whether there are IP rights in tarot cards and yoga positions - I don't think I've ever been to such a jamboree. If any of my readers are also going, do let me know!! there wil be more posts on this nearer the time no doubt.
The Gendering and Sex of Online Information
In Session: The Morality and Politics of Search Engines and User-Generated Content 1236
Author:*Ann Bartow (University of South Carolina)
Abstract: Drawing from feminist legal theory, research into computer intermediated discourse, and cultural studies, this paper looks at the impact of search engines and user generated Internet content on the construction of gender and sex in cyberspace. Ways in which the structures and norms of Internet searching and content generation may ultimately re-order specific areas of the law in will be addressed, as will the impact of anonymously or pseudonymously authored source material, and online activities colloquially termed "astroturfing" and "sockpuppeting," with an explicit focus on important issues of gender and sexuality.
Er, what is "astroturfing"????
I'm going as the speaker and rapporteur on a panel on privacy and security with my esteemed colleagues Andrea Matwyshwn, Jennifer Chandler, Jay Kesan and Hiram Juarbe. The conference looks remarkable - everything from gendering of Israeli legal culture to whether there are IP rights in tarot cards and yoga positions - I don't think I've ever been to such a jamboree. If any of my readers are also going, do let me know!! there wil be more posts on this nearer the time no doubt.
Monday, January 22, 2007
BILETA 2007
BILETA is the gathering of the tribes of IT law in the UK and Europe: the must-be-seen-at conference for the old lags (or lagettes) of the Internet law game. It's been going for over 20 years and is always enormous fun. This year's is on 16-17 April at the University of Hertfordshire.
I, (for my sins) am organising what was described as a "GikII-like" (or GikII-lite?) stream at this event -
"Stream 2 - Horizon scanning
Looking somewhat speculatively into the future, this stream asks the question, where technology will go from here and also what the legal response should be to these suggested changes. The legal reality of science fiction meets BILETA!
Email submission to: stream2@bileta2007.co.uk "
The abstract deadline (c 500 words) has just been extended to Friday 2 March 2007, so plenty of time to get your world-upturning contribution in. (Plenty of other streams too - see http://www.bileta2007.co.uk/papers/streams.html ). I'll be there (though not so much scanning the horizon as furrowing my brow in worry at it) with , hopefully, a paper on the empirical work on ISPs, notice and takedown, notice and disconnection and disclosure of IDs by ISPs I've been working on with the AHRC Centre at Edinburgh.
I, (for my sins) am organising what was described as a "GikII-like" (or GikII-lite?) stream at this event -
"Stream 2 - Horizon scanning
Looking somewhat speculatively into the future, this stream asks the question, where technology will go from here and also what the legal response should be to these suggested changes. The legal reality of science fiction meets BILETA!
Email submission to: stream2@bileta2007.co.uk "
The abstract deadline (c 500 words) has just been extended to Friday 2 March 2007, so plenty of time to get your world-upturning contribution in. (Plenty of other streams too - see http://www.bileta2007.co.uk/papers/streams.html ). I'll be there (though not so much scanning the horizon as furrowing my brow in worry at it) with , hopefully, a paper on the empirical work on ISPs, notice and takedown, notice and disconnection and disclosure of IDs by ISPs I've been working on with the AHRC Centre at Edinburgh.
Friday, January 19, 2007
A Swedish-Trojan tale
According to the Beeb
"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.
"What is important is that none of our customers will have lost their money," said a bank spokesman. "
Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?
It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.
I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!
"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.
"What is important is that none of our customers will have lost their money," said a bank spokesman. "
Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?
It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.
I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!
Wednesday, December 06, 2006
Curtains for DRM?
As I'm spending the evening wading through a PhD thesis on the dreadful wrongs of DRM, it seems mildly amusing to note in passing that where the shock troops of Creative Commons have failed, the market might just decide that DRM isn't a selling point anyway. The article makes the concise point (from the Wall St JOurnal) that pirate files get out via P2P or burned CDs anyway; so DRM doesn't stop illegal piracy, it just makes buying legal downloads more awkward - thereby alienating exactly the customers you most want to pander to.
Back to the battlefield..
Back to the battlefield..
More on Gower : ISP copyright cops are coming?
On the briefest of further scans, one item of particular interest to anyone who has been following the rather covert debate about how far ISPs can or should be enrolled to assist the state (or the BPI, etc) in cutting down on on line piracy.
Recommendation 39: Observe the industry agreement of protocols for sharing data between ISPs and rightsholders to remove and disbar users engaged in ‘piracy’. If this has not proved operationally successful by the end of 2007, Government should consider whether to legislate.
This is about whether ISPs should have to hand over logs of material downloaded automatially , or perhaps on request, to rightsholder groups so they can spot possible pirates. Should the user have a right to privacy or at least such a right prior to obtaining a court order or perhaps showing reasonable suspicion? Currently some ISPs are known to reveal anonymised logs of especially heavy downloades or uploaders, leaving it to the rightsholder then to come back and ask for disclosure on grounds permitted by the Data Protection Act. Some ISPs will only give away *any* details after court order, arguing that they may breach data protection rules otherwise and owe their clients confidentiality both by law and by contract. Others may feel that the public are entitled to presumption of innocence til proven guilty. Still others feel that they are merely ISPs , not mandated to act as judge and policemen in such cases where rightsholders might well ask for particular identified downloaders to be summarily disconnected.
Gower however signals a definite governmental backing both of voluntary disclosure by ISPs and of "notice and disconnection" (discussed before on this blog.)
ISPs "should assist rights holders by providing a procedure through which automatic action in courts will be avoided and would allow greater scrutiny on the actions of users. BCP [a model best common practice document] is an ideal way to proceed if an agreement can be brokered between the ISPs and the copyright owners and would respect safe harbour provisions for ISPs which were set up in good faith. If there is a failure to agree, the Government should look towards establishing an appropriate statutory protocol."
So there you go.
Incidentally I've changed my mind. The press may seize on 10 year sentences for downloaders, and Lessig and Cliff Richard may be (differently( excited about no term extensions; but my bet for Most Controversial Recomendation (possibly tieing with the already mentioned limited new introduction of private copying rights) is this one:
Recommendation 11: Propose that Directive 2001/29/EC be amended to allow for an
exception for creative, transformative or derivative works, within the parameters of the
Berne Three-Step Test.
Alrighty!! Who's going to be the first to create a sampled rap praising the Gower Report? maybe they can finance the implementation with the royalties from a few Snoopy Dog or Doggy Snop , records..
Recommendation 39: Observe the industry agreement of protocols for sharing data between ISPs and rightsholders to remove and disbar users engaged in ‘piracy’. If this has not proved operationally successful by the end of 2007, Government should consider whether to legislate.
This is about whether ISPs should have to hand over logs of material downloaded automatially , or perhaps on request, to rightsholder groups so they can spot possible pirates. Should the user have a right to privacy or at least such a right prior to obtaining a court order or perhaps showing reasonable suspicion? Currently some ISPs are known to reveal anonymised logs of especially heavy downloades or uploaders, leaving it to the rightsholder then to come back and ask for disclosure on grounds permitted by the Data Protection Act. Some ISPs will only give away *any* details after court order, arguing that they may breach data protection rules otherwise and owe their clients confidentiality both by law and by contract. Others may feel that the public are entitled to presumption of innocence til proven guilty. Still others feel that they are merely ISPs , not mandated to act as judge and policemen in such cases where rightsholders might well ask for particular identified downloaders to be summarily disconnected.
Gower however signals a definite governmental backing both of voluntary disclosure by ISPs and of "notice and disconnection" (discussed before on this blog.)
ISPs "should assist rights holders by providing a procedure through which automatic action in courts will be avoided and would allow greater scrutiny on the actions of users. BCP [a model best common practice document] is an ideal way to proceed if an agreement can be brokered between the ISPs and the copyright owners and would respect safe harbour provisions for ISPs which were set up in good faith. If there is a failure to agree, the Government should look towards establishing an appropriate statutory protocol."
So there you go.
Incidentally I've changed my mind. The press may seize on 10 year sentences for downloaders, and Lessig and Cliff Richard may be (differently( excited about no term extensions; but my bet for Most Controversial Recomendation (possibly tieing with the already mentioned limited new introduction of private copying rights) is this one:
Recommendation 11: Propose that Directive 2001/29/EC be amended to allow for an
exception for creative, transformative or derivative works, within the parameters of the
Berne Three-Step Test.
Alrighty!! Who's going to be the first to create a sampled rap praising the Gower Report? maybe they can finance the implementation with the royalties from a few Snoopy Dog or Doggy Snop , records..
Ho hum! The view after Vista
David Utter, who left a nice comment re my rebutal of his article over at SecurityProNews, has also turned out some interesting security news items of his own, including evidence that although the majority of current malicious code may be defeated by the new security controls of Vista it can fairly swiftly be adapted to infect it by skilled operators. Indeed, three of the current top ten major viruses can already evade Vista's improved security.
Ah well! It's almost Xmas!!
Ah well! It's almost Xmas!!
Gower Report
No time right now but this is the summary of the recommendations for making copyright work in the digital age:
On the other hand a stiff approach to IP crime, including sentences up to 10 years for music & film piracy.
Something for everyone then. In principle it mostly looks like damn sensible stuff. Lessig has already pulled out the most rallying-cry quote:
"Policy makers should adopt the principle that the term and scope of protection for IP rights should not be altered retrospectively."
Let the battle commence!
To ensure the correct balance in IP rights the review recommends:
ensuring the IP system only proscribes genuinely illegitimate activity. The Review recommends introducing a strictly limited 'private copying' exception to enable consumers to format-shift content they purchase for personal use. For example to legally transfer music from CD to their MP3 player;
enabling access to content for libraries and education establishments - to ensure that the UK's cultural heritage can be adequately stored for preservation and accessed for learning. The Review recommends clarifying exceptions to copyright to make them fit for the digital age;
and
recommending that the European Commission does not change the status quo and retains the 50 year term of copyright protection for sound recordings and related performers' rights.
On the other hand a stiff approach to IP crime, including sentences up to 10 years for music & film piracy.
Something for everyone then. In principle it mostly looks like damn sensible stuff. Lessig has already pulled out the most rallying-cry quote:
"Policy makers should adopt the principle that the term and scope of protection for IP rights should not be altered retrospectively."
Let the battle commence!
Tuesday, December 05, 2006
Ps - late egoboo:)
I was in New Scientist a few weeks back , rather curtailedly extolling my theories-in-progress of how a security commons might be created to reduce the insecurity currently caused by zombified home computers. As many of you know, zombies or "bot networks", computers emslaved by viruses unknown to their owners, are the leading cause of everything from spam, phishing and spyware to keylogging, ID theft, click-fraud and probably, dandruff. In particular almost all denial of service attacks are now carried out as distributed attacks via enslaved bot networks. By a"security commons", I meant joint action and joint responsibility by all p[artioes involved in a safer Internet: users, software writers, hosts and ISPs.
Illness intervened in my reporting (cof, cof) but here is the link for you my loyal readers :) Unfortunately New Scientist printed only the smallest part of what I told them over the phone (sigh) so it looked like I was suggesting that ISPs ONLY should be liable where a denial of service attack is carried out. Whereas in fact I continue to advocate that ISPs should take a positive role in (a) identifying zombified machines, not necessarily by deep packet inspection, as NS reported, but possibly only by external changes in patterns of traffic or congestion analysis (b) making available secured ISP services to consumers as well as businesses - as some companies like Nildram do already, thus protecting customers who don't know a firewall from a firelighter; and (c) where necessary, isolating identified zombies until they can be cleaned out.
ISPs would not necessarily be "held legally liable" if they failed to provide these services; they could be provided as competitive market price services, with users held liable if they did not avail themselves of them. Other methods such as compulsory "home computer user insurance" (like motor insurance) could be employed to reach the same reult.
Rather gratifyingly, there has already been a hostile response (always nice to know someone's listening.) David Utter suggests that if I had my way, ISPs might be held liable for hosting sites like Slashdot, which post links which often bring down sites by their sheer popularity. I was not in any way suggesting simple vicarious liability for ISPs hosting sites responsible for DOS attacks - for a start, the EU E Commerce Directive would currently probably forbid that. I have my own concerns about how the CMA amendments in the Police and Justice Act deal with inadvertent "slashdots" - given the late amendment to s 3 to allow recklessness as sufficient for "intention to impair the operation of a computer", it seems quite possible that innocent slashdotting is now prosecutable as denial of service in the UK. (Of course from a sysop point of view, whether a server goes down because of malice or carelessness is irrelevant - so maybe this was deliberate?) But it won't be the ISP that carries the can, even if this is true.
More interesting points are raised by a George Scriban on a blog called Global Nerdy
"Surely the ISPs of the world aren't the most responsible party in a DDoS attack? What of the companies who provide vulnerable operating systems? The customers who misuse, misconfigure, or undermaintain those systems, making them ideal zombie targets? ISVs whose software defects render systems vulnerable? And, of course, we have the criminals conspiring to commit these crimes themselves. There's enough blame to go around that it seems strange to focus the blunt instrument of government regulation on ISPs in particular."
But the whole point is that we're looking at here isn't moral retribution - ie, allocation of blame. What's the good of tinkering with the criminal law to punish DoSers when they're usually tidily hidden away in Moldova, Estonia or similar hi tech law enforcement havens? Or untraceable , because they've worked through a network of a million bots, enslaved via a Trojan virus sent by a third party? Or have their assets stashed in still another country?
Better to try to actually secure the Internet so it doesn't fall over, taking our hospitals and air traffic controllers with it - and worry about wreaking punishment on the guilty afterwards. The people the police forces (or civil courts, or insurance companies) of the US, EU and the rest of the developed world can usually get to are the users - you and me- and the ISPs. Regulation that would persuade the Microsofts of this world to produce less buggy software would also be good. Creating a safe Internet has to be done , right now, either by building it differently from scratch - which may have catastrophic effects for generativity, innovation and privacy and will take decades - or by regulating those three sets of people. Forget the Russian mafiosi, for every one you catch you will tie up the UK's entire National Hi Tech Crime Unit-as-was for months if not years . We need to move from blame to gain.
Illness intervened in my reporting (cof, cof) but here is the link for you my loyal readers :) Unfortunately New Scientist printed only the smallest part of what I told them over the phone (sigh) so it looked like I was suggesting that ISPs ONLY should be liable where a denial of service attack is carried out. Whereas in fact I continue to advocate that ISPs should take a positive role in (a) identifying zombified machines, not necessarily by deep packet inspection, as NS reported, but possibly only by external changes in patterns of traffic or congestion analysis (b) making available secured ISP services to consumers as well as businesses - as some companies like Nildram do already, thus protecting customers who don't know a firewall from a firelighter; and (c) where necessary, isolating identified zombies until they can be cleaned out.
ISPs would not necessarily be "held legally liable" if they failed to provide these services; they could be provided as competitive market price services, with users held liable if they did not avail themselves of them. Other methods such as compulsory "home computer user insurance" (like motor insurance) could be employed to reach the same reult.
Rather gratifyingly, there has already been a hostile response (always nice to know someone's listening.) David Utter suggests that if I had my way, ISPs might be held liable for hosting sites like Slashdot, which post links which often bring down sites by their sheer popularity. I was not in any way suggesting simple vicarious liability for ISPs hosting sites responsible for DOS attacks - for a start, the EU E Commerce Directive would currently probably forbid that. I have my own concerns about how the CMA amendments in the Police and Justice Act deal with inadvertent "slashdots" - given the late amendment to s 3 to allow recklessness as sufficient for "intention to impair the operation of a computer", it seems quite possible that innocent slashdotting is now prosecutable as denial of service in the UK. (Of course from a sysop point of view, whether a server goes down because of malice or carelessness is irrelevant - so maybe this was deliberate?) But it won't be the ISP that carries the can, even if this is true.
More interesting points are raised by a George Scriban on a blog called Global Nerdy
"Surely the ISPs of the world aren't the most responsible party in a DDoS attack? What of the companies who provide vulnerable operating systems? The customers who misuse, misconfigure, or undermaintain those systems, making them ideal zombie targets? ISVs whose software defects render systems vulnerable? And, of course, we have the criminals conspiring to commit these crimes themselves. There's enough blame to go around that it seems strange to focus the blunt instrument of government regulation on ISPs in particular."
But the whole point is that we're looking at here isn't moral retribution - ie, allocation of blame. What's the good of tinkering with the criminal law to punish DoSers when they're usually tidily hidden away in Moldova, Estonia or similar hi tech law enforcement havens? Or untraceable , because they've worked through a network of a million bots, enslaved via a Trojan virus sent by a third party? Or have their assets stashed in still another country?
Better to try to actually secure the Internet so it doesn't fall over, taking our hospitals and air traffic controllers with it - and worry about wreaking punishment on the guilty afterwards. The people the police forces (or civil courts, or insurance companies) of the US, EU and the rest of the developed world can usually get to are the users - you and me- and the ISPs. Regulation that would persuade the Microsofts of this world to produce less buggy software would also be good. Creating a safe Internet has to be done , right now, either by building it differently from scratch - which may have catastrophic effects for generativity, innovation and privacy and will take decades - or by regulating those three sets of people. Forget the Russian mafiosi, for every one you catch you will tie up the UK's entire National Hi Tech Crime Unit-as-was for months if not years . We need to move from blame to gain.
Oh, the anti-ci-pation..
Just a heads up that Tomorrow is Gower Day.
"The Report of the Gowers Review of Intellectual Property is due be published on Wednesday,6 December.
It will be available on the Treasury website from 08.00:
http://www.hm-treasury.gov.uk/independent_reviews/gowers_review_intellectual_property/gowersreview_index.cfm
We expect the Chancellor to refer to it during his pre-budget statement to the House of Commons, starting at 12.15."
Will private copying and sharing of mix tapes be legalised? Will term in sound recordings be left as it is? will Cliff Richard turn green and burst out of his leather trousers? only the Shadow knows!!
"The Report of the Gowers Review of Intellectual Property is due be published on Wednesday,6 December.
It will be available on the Treasury website from 08.00:
http://www.hm-treasury.gov.uk/independent_reviews/gowers_review_intellectual_property/gowersreview_index.cfm
We expect the Chancellor to refer to it during his pre-budget statement to the House of Commons, starting at 12.15."
Will private copying and sharing of mix tapes be legalised? Will term in sound recordings be left as it is? will Cliff Richard turn green and burst out of his leather trousers? only the Shadow knows!!
GikII ppts etc
I'm gratified to discover (though someone could have TOLD me, heh, Andres!!) that the powerpoints from the (she says nonchalantly) successful cutting edge blue skies cyberlaw workshop, GikII, are now available.
Talks are also underway towards turning GikII into a book on Geek Law and finding a home for GikII 2: This Time It's Personal. If you too want to be absorbed into the Geek Collective, contact Pangloss at the editorial address.
Talks are also underway towards turning GikII into a book on Geek Law and finding a home for GikII 2: This Time It's Personal. If you too want to be absorbed into the Geek Collective, contact Pangloss at the editorial address.
Monday, November 20, 2006
Saturday, November 18, 2006
Here we go, here we go, here we go..
After months of anticipation, it's happening: Universal is suing MySpace, one of the leading "social networking" sites, for copyright infringement - or as the Beeb puts it:
"Universal's lawsuit, lodged in a US district court, claims that MySpace "encourages, facilitates and participates in the unauthorised reproduction, adaptation, distribution and public performance". "
Interesting that Universal's suit, as here quoted, does not mention the weasel word "inducement", as their attack must surely be based on MGM v Grokster and its new test for third party copyright infringement. My Space obviously know this since they reply:
""We provide users with tools to share their own work - we do not induce, encourage, or condone copyright violation in any way."
So draw up your seats, guys and gals, and watch the Titans fight.
In European law, MS might well claim that it had a good defense under the safe harbour of the E-Commerce Directive, as hosts under Art 14, so long as they removed copyright videos expeditiously on notice and take down (which, as a rule, such sites do).
In US law, however, it's much less clear and will depend how far the court wants to stretch the Grokster dictum. Two principles are going to come into full opposition for the first time: the Grokster dicta on inducement and third party liability for copyright, and the 'safe harbor' provisions of the US Digital Millennium Copyright Act, which are similar to Art 14 of the ECD, and which have been regarded in the past as adequately protecting the likes of YouTube and My Space from suits arising from copyright content posted by third parties. Napster, in the first of the major P2P cases way back when, attempted to plead the DMCA hosting safe harbor, but had it rejected on the grounds , in essence, that they were not a hands-off third party "host", since they were knowingly exerting control over the music files they indexed. My Space may be a much more difficult case for rejection, since they resemble a conventional host providing physical storage for files provided without their knowledge by a third party, just as with a hosting ISP, far more closely than Napster did.
The even bigger issue here may be : if MySpace goes down, what happens to the other blogging and user-content based sites like Bebo, FaceBook , Live Journal etc all of which depend to a lesser or larger extent on users sharing "cool" copyright material as well as self generated material? In particular, it will have huge implications for You Tube, where a copyright battle has been anticipated ever since Google bought it and made sure $200m of the price was put away as a "copyright warchest". Google are currently trying to head off the You Tube battle by negotiating with major publishers for permission to stream their works. For smaller or more "open source" sites like LiveJournal which run to cover costs and not to make money via ads, such a licensing arrangement would probably be uneconomic; which might lead to the folding of all but the most commercial and media-controlled blog/networking/web 2.0 user-content sites - a disastrous outcome.
One key point in YT's favour differentiating it from MYSpace et al is that YT streams its video, and does not host it, hence does not readily provide a free source of permament downloads: and has also, interestingly, made extensive efforts to suppress code provided by third parties to turn YT's stream into downloadable content. YT , unlike Napster and Grokster/KaZaa, has also gone out of its way to make clear it is not condoning copyright infringement as part of "sticking it to the man", hence resisting an obvious claim of inducement. Furthermore YT only allows very short videoes to be streamed, not entire TV programmes or albums as the P2P networks do - however it is also well known that some TV shows, eg, are in fact put up on YT in short chunks.
At root, there is a real problem here that may not be superable in the current legal structure. When Grokster was brought down, it was clear the court felt that its business model was mainly built on flagrantly delivering copyright content without rightsholder permission; even though it was shown Grokster was shown to be also used to deliver content like free software and out of copyright archive material, these were a relatively insignificant part of its payload (or business model).
With the web 2.0 sites, there is a spectrum. You Tube originally built its name on user generated and owned content : videos of cute cats on iPOds and art school degree exam animations. Yet now it clearly carries some, but perhaps not a majority , of "mainstream" media content used without permission of rightsholders among its millions of videos delivered today. Similarly My Space built its brand as the home for new and unsigned bands delivering their own copyright content; but now has a mixed business model. Universal claim "Our music and videos play a key role in building the communities that have created hundreds of millions of dollars of value for the owners of MySpace. " and they may not be exaggerating (well, not too much.)
Kill the baby of copyright infringement and you throw out the bathwater of the most popular medium for encouraging self created and owned creativity we have ever seen; MySpace has 90 million users alone and then look at all the other blogs, the Flickrs (and perhaps the eBays, where a similar problem prevails - among a million legitimate listings there will be a thousand for copyright infringing material). Notice and take down is one answer but it already exists in both the US and EU as a legal right and it is not satisfying the rightsholders, who want pre emptive blocking by the social sharing sites. Filtering for copyright material may be a better answer (as the Australian settlement compells KaZaa to do) but My Space were already developing tools to do this and yet it has not stopped this suit. What a US court could do is retreat from the "inducement" theory of Grokster and return to the "substantially non infringing uses" test of Sony: certainly My Space should attempt to push it that way.
Let's hope for all us blogger's sakes that an answer can be found that suits all parties. Simple defiance of the rightsholders by the anti-copyright crowd will not hold back the sea forever.
"Universal's lawsuit, lodged in a US district court, claims that MySpace "encourages, facilitates and participates in the unauthorised reproduction, adaptation, distribution and public performance". "
Interesting that Universal's suit, as here quoted, does not mention the weasel word "inducement", as their attack must surely be based on MGM v Grokster and its new test for third party copyright infringement. My Space obviously know this since they reply:
""We provide users with tools to share their own work - we do not induce, encourage, or condone copyright violation in any way."
So draw up your seats, guys and gals, and watch the Titans fight.
In European law, MS might well claim that it had a good defense under the safe harbour of the E-Commerce Directive, as hosts under Art 14, so long as they removed copyright videos expeditiously on notice and take down (which, as a rule, such sites do).
In US law, however, it's much less clear and will depend how far the court wants to stretch the Grokster dictum. Two principles are going to come into full opposition for the first time: the Grokster dicta on inducement and third party liability for copyright, and the 'safe harbor' provisions of the US Digital Millennium Copyright Act, which are similar to Art 14 of the ECD, and which have been regarded in the past as adequately protecting the likes of YouTube and My Space from suits arising from copyright content posted by third parties. Napster, in the first of the major P2P cases way back when, attempted to plead the DMCA hosting safe harbor, but had it rejected on the grounds , in essence, that they were not a hands-off third party "host", since they were knowingly exerting control over the music files they indexed. My Space may be a much more difficult case for rejection, since they resemble a conventional host providing physical storage for files provided without their knowledge by a third party, just as with a hosting ISP, far more closely than Napster did.
The even bigger issue here may be : if MySpace goes down, what happens to the other blogging and user-content based sites like Bebo, FaceBook , Live Journal etc all of which depend to a lesser or larger extent on users sharing "cool" copyright material as well as self generated material? In particular, it will have huge implications for You Tube, where a copyright battle has been anticipated ever since Google bought it and made sure $200m of the price was put away as a "copyright warchest". Google are currently trying to head off the You Tube battle by negotiating with major publishers for permission to stream their works. For smaller or more "open source" sites like LiveJournal which run to cover costs and not to make money via ads, such a licensing arrangement would probably be uneconomic; which might lead to the folding of all but the most commercial and media-controlled blog/networking/web 2.0 user-content sites - a disastrous outcome.
One key point in YT's favour differentiating it from MYSpace et al is that YT streams its video, and does not host it, hence does not readily provide a free source of permament downloads: and has also, interestingly, made extensive efforts to suppress code provided by third parties to turn YT's stream into downloadable content. YT , unlike Napster and Grokster/KaZaa, has also gone out of its way to make clear it is not condoning copyright infringement as part of "sticking it to the man", hence resisting an obvious claim of inducement. Furthermore YT only allows very short videoes to be streamed, not entire TV programmes or albums as the P2P networks do - however it is also well known that some TV shows, eg, are in fact put up on YT in short chunks.
At root, there is a real problem here that may not be superable in the current legal structure. When Grokster was brought down, it was clear the court felt that its business model was mainly built on flagrantly delivering copyright content without rightsholder permission; even though it was shown Grokster was shown to be also used to deliver content like free software and out of copyright archive material, these were a relatively insignificant part of its payload (or business model).
With the web 2.0 sites, there is a spectrum. You Tube originally built its name on user generated and owned content : videos of cute cats on iPOds and art school degree exam animations. Yet now it clearly carries some, but perhaps not a majority , of "mainstream" media content used without permission of rightsholders among its millions of videos delivered today. Similarly My Space built its brand as the home for new and unsigned bands delivering their own copyright content; but now has a mixed business model. Universal claim "Our music and videos play a key role in building the communities that have created hundreds of millions of dollars of value for the owners of MySpace. " and they may not be exaggerating (well, not too much.)
Kill the baby of copyright infringement and you throw out the bathwater of the most popular medium for encouraging self created and owned creativity we have ever seen; MySpace has 90 million users alone and then look at all the other blogs, the Flickrs (and perhaps the eBays, where a similar problem prevails - among a million legitimate listings there will be a thousand for copyright infringing material). Notice and take down is one answer but it already exists in both the US and EU as a legal right and it is not satisfying the rightsholders, who want pre emptive blocking by the social sharing sites. Filtering for copyright material may be a better answer (as the Australian settlement compells KaZaa to do) but My Space were already developing tools to do this and yet it has not stopped this suit. What a US court could do is retreat from the "inducement" theory of Grokster and return to the "substantially non infringing uses" test of Sony: certainly My Space should attempt to push it that way.
Let's hope for all us blogger's sakes that an answer can be found that suits all parties. Simple defiance of the rightsholders by the anti-copyright crowd will not hold back the sea forever.
Tuesday, November 14, 2006
Where I've Been and Hello I'm Back
For everyone who's written in the last three months to ask where I've gone: the answer was in order:
- recovering from GikII - which was generally judged a huge succes (ahem) and which I now need to think about in terms of what we do next: a mailing list, a book on geek law and a second workshop all seem likely.
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! (On the third try ..) And overwhelmed with London events, not quite all of which I am or have spoken at..
No rest for the wicked huh?
All this and Law 2.1 rrrepeater to come :)
- recovering from GikII - which was generally judged a huge succes (ahem) and which I now need to think about in terms of what we do next: a mailing list, a book on geek law and a second workshop all seem likely.
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! (On the third try ..) And overwhelmed with London events, not quite all of which I am or have spoken at..
- I spoke spoke on spam at the very intriguing SCL Workshop on Regulation (patiently organised by my mate Andy Charlesworth of Bristol);
- attended the DTI/KTN workshop on locational data service providers - which was fascinating.
- and spoke on legal and policy aspects of denial of service at the DDOS/DTI Workshop , ably assisted by Chris Marsden of RAND. This gig was beautifully timed: 5 days after the Police and Justice Act 2006 , which amends the Computer Misuse Act 1990 to cover DDOS, had just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space).
A proper post to come on the amendments, which combined with the appeal decision in Lennon, appear to me to make it potentially possible to prosecute everything from supplying adware, to spamming, now as violations of s 3, punishable by up to 10 years in jail. Is this a sneaky one by the Information Commissioner to avoid the need to put up the penalties for breaches of the Data Protection Act? Perhaps we shall see.
- I also made it rather late and worse for wear :) to the ORG Release the Music extravaganza, with Jonathan Zittrain, someone from Blur (the drummer, I'm told) and my Soton colleague Caroline Wilson.
- I am also now happy and proud to be part of the ORG Advisory Board - and I'm thinking of going to the mass geek Christmas party (although unlike some I don't expect to find John Barrowman there.)
No rest for the wicked huh?
All this and Law 2.1 rrrepeater to come :)
Thursday, November 09, 2006
Hurrahh!!!
For everyone who's written to ask where I've gone: the answer was in order
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! And overwhelmed with london evenst, not quite all of which I am speaking at.. Too late to tell you to look out for me speaking on spam at the very intriguing SCL Workshop on Regulation (patiently by my mate Andy Charlesworth of Bristol); too late to find me at DTI/KTN worhshop on locational data service providers - which was fascinating.
But you can still look for me at the Police and Justice Act 2006 have just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space); and at the ORG Release the Music extravaganza that night, hopefully bopping the night away at the DJ set with Jonathan Zittrain, someone from Blur and my Soton colleague Caroline Wilson. (Come and watch the geeks at play!) Then it's the Tripartite Response To Terror day, and the ORG Advisory Board which I am now proud to grace.
No rest for the wicked huh?
All this and Law 2.0 to come :)
- moving job
- moving house
- moving cats (ah if only I had time to do an IPKat like cartoon here of a sad fat tabby hiding doggedly under the bath...)
and then, just when you thought it was safe to go back into the blogging water..
- Blogger sundered me from my very own Pangloss, gave it briefly to Technollama and then refused to give me it back AT ALL. I think I broke Blogger :(
But here I am restored!! And overwhelmed with london evenst, not quite all of which I am speaking at.. Too late to tell you to look out for me speaking on spam at the very intriguing SCL Workshop on Regulation (patiently by my mate Andy Charlesworth of Bristol); too late to find me at DTI/KTN worhshop on locational data service providers - which was fascinating.
But you can still look for me at the Police and Justice Act 2006 have just seen Royal Assent (Thanks to Malcolm Hutty from LINX for this intelligence - altho it's not yet up as a finalised Act on the Web - watch this space); and at the ORG Release the Music extravaganza that night, hopefully bopping the night away at the DJ set with Jonathan Zittrain, someone from Blur and my Soton colleague Caroline Wilson. (Come and watch the geeks at play!) Then it's the Tripartite Response To Terror day, and the ORG Advisory Board which I am now proud to grace.
No rest for the wicked huh?
All this and Law 2.0 to come :)
Monday, July 31, 2006
GikII programme
The programme for GikII is now finalised. However if you're interested in attending, a very limited number of places are available for a nominal £25 to cover costs. feel free to pass this on. I'm really looking forward to it :-)
Friday, July 28, 2006
Perceptive Peers Go Pervasive, Persuasively
The House of Lords debates pervasive computing. As IdentityBlog comments. an unelected second House may seem like an anchronism, but the standard of debate is invariably higgher, especially on specialised technical topics, than in the Commons. Note the concern not just for privacy generally, but also for whether the Data Protection Act applies, for patient rights, and for environmental damage.
Thursday, July 27, 2006
MySpace Caves
From Boing Boing
Billy Bragg's highly publicized campaign against MySpace's crummy, grabby terms of service has been successful. MySpace has revised its terms so that musicians who upload to the site retain control of their works, and MySpace/NewsCorp/Fox can't sell those songs without contracting with the musicians.
Bragg now declares:
"Now that the popularity of downloading has made physical manufacturing and distribution no longer necessary, the next generation of artists will not need to surrender all of their rights in order to get their music into the marketplace. It is therefore crucial that they understand, from the moment that they first post music on the internet, the importance of retaining their long term right to exploit the material that they create. This is doubly important on a networking site where many of the songs posted will be by unsigned artists. Ownership of the rights to such material is somewhat ambiguous. Thats why I hope that the groundbreaking decision of MySpace to come down on the side of the artists rights will be followed throughout the industry.
I also welcome the new wording of the terms and conditions in which MySpace clarify exactly why they require specific rights and how they intend to use them. Again, I hope more sites follow the lead of MySpace in ensuring the use of clear and transparent language in contracts. The last thing any of us wants to see is a situation in which everyone posting a song on the site has to have a lawyer sitting next to them. "
Interesting. MySpace is of course very vulnerable to anti-PR stirred up by a well known musician since its USP is that every wannabee band in the world as their home page there. I wonder if YouTube will follow suit? YT's conditions have been criticised for potentially grabbing rights to all amateur videos posted there. (Google Videos' are similarly ambiguous.)
Billy Bragg's highly publicized campaign against MySpace's crummy, grabby terms of service has been successful. MySpace has revised its terms so that musicians who upload to the site retain control of their works, and MySpace/NewsCorp/Fox can't sell those songs without contracting with the musicians.
Bragg now declares:
"Now that the popularity of downloading has made physical manufacturing and distribution no longer necessary, the next generation of artists will not need to surrender all of their rights in order to get their music into the marketplace. It is therefore crucial that they understand, from the moment that they first post music on the internet, the importance of retaining their long term right to exploit the material that they create. This is doubly important on a networking site where many of the songs posted will be by unsigned artists. Ownership of the rights to such material is somewhat ambiguous. Thats why I hope that the groundbreaking decision of MySpace to come down on the side of the artists rights will be followed throughout the industry.
I also welcome the new wording of the terms and conditions in which MySpace clarify exactly why they require specific rights and how they intend to use them. Again, I hope more sites follow the lead of MySpace in ensuring the use of clear and transparent language in contracts. The last thing any of us wants to see is a situation in which everyone posting a song on the site has to have a lawyer sitting next to them. "
Interesting. MySpace is of course very vulnerable to anti-PR stirred up by a well known musician since its USP is that every wannabee band in the world as their home page there. I wonder if YouTube will follow suit? YT's conditions have been criticised for potentially grabbing rights to all amateur videos posted there. (Google Videos' are similarly ambiguous.)
Thursday, July 20, 2006
More Fun with Ted and Alice but not the BPI
Not a great week for ISPs what with the BPI/Tiscali spat and this.
Also from OUT-Law :
"A music industry coalition has proposed that ISPs and others should pay a licence fee to compensate rights-holders for unlawful file-sharing by their customers. One critic called the plans, which would change copyright laws, "ill-conceived and grasping."
The group met in London yesterday. It did not represent the entire UK industry – notably, the BPI was not in attendance. But nearly 1,000 independent record companies and 50,000 songwriters, composers and music publishers were represented.
.. the groups represented yesterday do not want to target the individuals who infringe copyright in this way. Instead, they want to target the intermediaries. According to a joint statement issued after yesterday's meeting, ISPs, mobile companies and device manufacturers "profit extensively and reap wider value from the unauthorised distribution of music whilst being protected from liability by a series of legal immunities and safe harbours." There were no ISPs in attendance at the meeting."
So, the return of the ISPs' "dirty little secret", the idea that ISPs profit indirectly from downloading and therefore condone it (even though most broadband contracts are now flat rate rather than per MB). Somehow I can't see this one catching on with the UK Govt right now though. If ISPs got taxed for profiting from downloading and uploading, why they might stop co-operating with the IWF (and the police) in stopping access to child porn. Which voters like a lot less than they do the odd downloader.
My I'm cynical tonight.
Less obviously, ISPs already do quite often disconnect or at least cap the accounts of conspicuous bandwidth hogs. This doesn't give royalties back to the musicians but it does more quietly contribute to the control of filesharing in the UK, probably to quite a large extent.
Also from OUT-Law :
"A music industry coalition has proposed that ISPs and others should pay a licence fee to compensate rights-holders for unlawful file-sharing by their customers. One critic called the plans, which would change copyright laws, "ill-conceived and grasping."
The group met in London yesterday. It did not represent the entire UK industry – notably, the BPI was not in attendance. But nearly 1,000 independent record companies and 50,000 songwriters, composers and music publishers were represented.
.. the groups represented yesterday do not want to target the individuals who infringe copyright in this way. Instead, they want to target the intermediaries. According to a joint statement issued after yesterday's meeting, ISPs, mobile companies and device manufacturers "profit extensively and reap wider value from the unauthorised distribution of music whilst being protected from liability by a series of legal immunities and safe harbours." There were no ISPs in attendance at the meeting."
So, the return of the ISPs' "dirty little secret", the idea that ISPs profit indirectly from downloading and therefore condone it (even though most broadband contracts are now flat rate rather than per MB). Somehow I can't see this one catching on with the UK Govt right now though. If ISPs got taxed for profiting from downloading and uploading, why they might stop co-operating with the IWF (and the police) in stopping access to child porn. Which voters like a lot less than they do the odd downloader.
My I'm cynical tonight.
Less obviously, ISPs already do quite often disconnect or at least cap the accounts of conspicuous bandwidth hogs. This doesn't give royalties back to the musicians but it does more quietly contribute to the control of filesharing in the UK, probably to quite a large extent.
I KNow What You Did Last summer
.. well actually your credit card does. And your bank.
OUT-Law report that:
"New powers to allow banks and building societies to remove the credit cards of customers cautioned for or convicted of buying indecent images of children online were agreed in Parliament on Tuesday.
The Data Protection (Processing of sensitive personal data) Order of 2006 amends the Data Protection Act of 1998 to allow card issuers to process sensitive personal data provided to them by law enforcement authorities so that they can withdraw the card used to commit the offence.
The order results from collaboration between the Department for Constitutional Affairs, the Association for Payment Clearing Services (APACS), the Child Exploitation and Online Protection Centre (CEOP), law enforcement agencies, children's charities and the Home Office."
The OUT_LAW team have already objected to this rule, and you can see why. The breach of privacy might be justified if it achieved anything, but withdrawing one credit card? I can sign up for 4 tomorrow using the junk mail and email offers I get everyday - and get more Air MIles while I'm at it :-)
So if you're in a conspiracy mood,what are we being softened up for here? When will we see credit card details of those who pay for other, less heinous things, passed on to the issuers? On line gambling anyone? Or payments to AllofMP3.com??
And when will these factors be taken into acount in credit scoring for getting MORE credit cards?
So there you have it: this is either a very silly law, or a very clever one..
OUT-Law report that:
"New powers to allow banks and building societies to remove the credit cards of customers cautioned for or convicted of buying indecent images of children online were agreed in Parliament on Tuesday.
The Data Protection (Processing of sensitive personal data) Order of 2006 amends the Data Protection Act of 1998 to allow card issuers to process sensitive personal data provided to them by law enforcement authorities so that they can withdraw the card used to commit the offence.
The order results from collaboration between the Department for Constitutional Affairs, the Association for Payment Clearing Services (APACS), the Child Exploitation and Online Protection Centre (CEOP), law enforcement agencies, children's charities and the Home Office."
The OUT_LAW team have already objected to this rule, and you can see why. The breach of privacy might be justified if it achieved anything, but withdrawing one credit card? I can sign up for 4 tomorrow using the junk mail and email offers I get everyday - and get more Air MIles while I'm at it :-)
So if you're in a conspiracy mood,what are we being softened up for here? When will we see credit card details of those who pay for other, less heinous things, passed on to the issuers? On line gambling anyone? Or payments to AllofMP3.com??
And when will these factors be taken into acount in credit scoring for getting MORE credit cards?
So there you have it: this is either a very silly law, or a very clever one..
Uber-Code
From the Cyberprof mailing list : Microsoft's academic outreach officer has anounced that Microsft are adopting "Windows principles" for the future:
"Microsoft's new, voluntary "Windows principles."
The principles were announced today in a speech in DC by Brad Smith (Microsoft's general counsel). It is worth noting that they will apply to development of Windows Vista, and will continue to apply after major parts of the antitrust consent decree expire in November 2007.
The principles are divided into the following three general categories:
· Choice for Computer Manufacturers and Customers. Microsoft is committed to designing Windows and licensing it on contractual terms so as to make it easy to install non-Microsoft® programs and to configure Windows-based PCs to use non-Microsoft programs instead of or in addition to Windows features.
· Opportunity for Developers. Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for applications developers and Web site creators to build innovative products on the Windows platform — including products that directly compete with Microsoft's own products
. Interoperability for Users. Microsoft is committed to meeting customer interoperability needs and will do so in ways that enable customers to control their data and exchange information securely and reliably across diverse computer systems and applications.
I encourage you, if you are so inclined, to write about, blog about, or otherwise distribute your thoughts on the speech and the principles. Please feel free to contact me with questions or comments."
Whatever you think of both M$ and the above, (and cynically, the obvious thing to think is that M$ has just been smacked with a wacking great fine by the EU for failing to do some of or all of the above) this is an interesting deveopment.
Ever since Lessig kicked it all off, academics have talked about using some kind of set of principles to govern the creation of code by non-legislative coders. This is the first example I've seen of something more detailed than "Do no evil". Any other suggestions?
"Microsoft's new, voluntary "Windows principles."
The principles were announced today in a speech in DC by Brad Smith (Microsoft's general counsel). It is worth noting that they will apply to development of Windows Vista, and will continue to apply after major parts of the antitrust consent decree expire in November 2007.
The principles are divided into the following three general categories:
· Choice for Computer Manufacturers and Customers. Microsoft is committed to designing Windows and licensing it on contractual terms so as to make it easy to install non-Microsoft® programs and to configure Windows-based PCs to use non-Microsoft programs instead of or in addition to Windows features.
· Opportunity for Developers. Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for applications developers and Web site creators to build innovative products on the Windows platform — including products that directly compete with Microsoft's own products
. Interoperability for Users. Microsoft is committed to meeting customer interoperability needs and will do so in ways that enable customers to control their data and exchange information securely and reliably across diverse computer systems and applications.
I encourage you, if you are so inclined, to write about, blog about, or otherwise distribute your thoughts on the speech and the principles. Please feel free to contact me with questions or comments."
Whatever you think of both M$ and the above, (and cynically, the obvious thing to think is that M$ has just been smacked with a wacking great fine by the EU for failing to do some of or all of the above) this is an interesting deveopment.
Ever since Lessig kicked it all off, academics have talked about using some kind of set of principles to govern the creation of code by non-legislative coders. This is the first example I've seen of something more detailed than "Do no evil". Any other suggestions?
Tuesday, July 18, 2006
YouTube Goes Down the Tube (Not?)
As most the blogverse has noted, a certain Mr Tur, owner of Los Angeles News Service, is suing YouTube, the free and very popular video hosting site, for hosting a video he claims infringes his copyright.
While YouTube is perhaps best known for hosting user's own home vids (like the famous cat and Apple Powerbook video) it is also well known to host copyright material that fans or critics choose to upload - eg you can find the concluding segments of both the recent Dr Who and Green Wing series there. You can also find a middle ground of fan/user "mash ups" - songvids and the like - eg a very amusing parody of the end of that self same Dr Who series.
But YouTube is a host, not a P2P intermediary and so, oddly, it has the law on its side. The Digital Millennium Copyright Act provides that hosts who have no knowledge of hosting copyright infringing materail are immune from liability for it, as long as they respond to notices for take-down delivered in the style approved by the DMCA. (Furthermore, and even better, YouTube are protected from an action by a disgruntled user if they do so take down in good faith.) Nor is this just a USA oddity - the EC E Commerce Directive has a very similar regime for hosts in Art 14 of that instrument. (It's that provision that allows eBay in Europe, as previously discussed here, to get away with hosting trademark infringing goods so long as it removes them on notice, and expediently.)
These laws were drafted in the late 90s, before the P2P revolution but after the beginning of the dot.com boom, to protect ISPs , so as to encourage ISPs to collaborate with both the music industry and other such industry bodies in taking down pirate material on an NTD basis. Before they were introduced, following the late unlamented Prodigy case, ISPs were scared that if they touched illegal content, even to monitor or it or remove it, they immediately became liable for that content themselves.
But the amusing thing, now, in 2006, is that YouTube in many ways looks way more like (non legal) Napster than AOL or CompuServe. It's used extensively by a very large number of users to download pirate copies (c 100 million videos served per week, according to Technollama, of which a large number must be infringing), It's a free service, which makes its money on ads. And it has that cool , anti-the-man chic about it.
But because YouTube only hosts material provided by third parties, and doesn't put up its own materials (as MP3.com did), it's protected by the DMCA and ECD safe harbors. (Unless a US or European court can be convinced that it had "constructive" notice of illegality - ie it should have known what was going on or as the DMCA and ECD put it, was "aware of facts or circumstances from which infringing activity is apparent" - which is not altogether impossible but perhaps unlikely.) While the Napsters of this world fell foul of secondary copyright infringement, because their central database pointed at illegal copies hosted by other users. They didn't get the benefit of the DMCA because they weren't seen as a host who could respond to NTD notices and were aware of infringing activity. This seems, in retrospect, mildly curious.
As for a Grokster analysis - as Technollama also points out, it's hard to argue that YouTube "induced" copyright infringement. Their site unlike Grokster's is free of anti-copyright rhetoric and their ToS are impeccable (not that that helped Grokster!) - plus YouTube can calmly say the site was mainly set up to allow users to host their own amateur copyright material, and , I think, prove it.
So this one looks like a no-brainer.
So what if YouTube was serving, not videos, but pithy quips from popular novels, and acute chapters of contemporary academic works? Would the scenario be the same? What, in other words, if it was Google Library slightly differently conceived? Is this a way forward?
EDIT: Chris Marsden helpfully points out that You Tube merely streams video, and does not enable actual download - this of course makes it look far less like Napster/Grokster etc.
While YouTube is perhaps best known for hosting user's own home vids (like the famous cat and Apple Powerbook video) it is also well known to host copyright material that fans or critics choose to upload - eg you can find the concluding segments of both the recent Dr Who and Green Wing series there. You can also find a middle ground of fan/user "mash ups" - songvids and the like - eg a very amusing parody of the end of that self same Dr Who series.
But YouTube is a host, not a P2P intermediary and so, oddly, it has the law on its side. The Digital Millennium Copyright Act provides that hosts who have no knowledge of hosting copyright infringing materail are immune from liability for it, as long as they respond to notices for take-down delivered in the style approved by the DMCA. (Furthermore, and even better, YouTube are protected from an action by a disgruntled user if they do so take down in good faith.) Nor is this just a USA oddity - the EC E Commerce Directive has a very similar regime for hosts in Art 14 of that instrument. (It's that provision that allows eBay in Europe, as previously discussed here, to get away with hosting trademark infringing goods so long as it removes them on notice, and expediently.)
These laws were drafted in the late 90s, before the P2P revolution but after the beginning of the dot.com boom, to protect ISPs , so as to encourage ISPs to collaborate with both the music industry and other such industry bodies in taking down pirate material on an NTD basis. Before they were introduced, following the late unlamented Prodigy case, ISPs were scared that if they touched illegal content, even to monitor or it or remove it, they immediately became liable for that content themselves.
But the amusing thing, now, in 2006, is that YouTube in many ways looks way more like (non legal) Napster than AOL or CompuServe. It's used extensively by a very large number of users to download pirate copies (c 100 million videos served per week, according to Technollama, of which a large number must be infringing), It's a free service, which makes its money on ads. And it has that cool , anti-the-man chic about it.
But because YouTube only hosts material provided by third parties, and doesn't put up its own materials (as MP3.com did), it's protected by the DMCA and ECD safe harbors. (Unless a US or European court can be convinced that it had "constructive" notice of illegality - ie it should have known what was going on or as the DMCA and ECD put it, was "aware of facts or circumstances from which infringing activity is apparent" - which is not altogether impossible but perhaps unlikely.) While the Napsters of this world fell foul of secondary copyright infringement, because their central database pointed at illegal copies hosted by other users. They didn't get the benefit of the DMCA because they weren't seen as a host who could respond to NTD notices and were aware of infringing activity. This seems, in retrospect, mildly curious.
As for a Grokster analysis - as Technollama also points out, it's hard to argue that YouTube "induced" copyright infringement. Their site unlike Grokster's is free of anti-copyright rhetoric and their ToS are impeccable (not that that helped Grokster!) - plus YouTube can calmly say the site was mainly set up to allow users to host their own amateur copyright material, and , I think, prove it.
So this one looks like a no-brainer.
So what if YouTube was serving, not videos, but pithy quips from popular novels, and acute chapters of contemporary academic works? Would the scenario be the same? What, in other words, if it was Google Library slightly differently conceived? Is this a way forward?
EDIT: Chris Marsden helpfully points out that You Tube merely streams video, and does not enable actual download - this of course makes it look far less like Napster/Grokster etc.
Thursday, July 13, 2006
Google regulation in Germany?
One idea that's been discussed and repelled here before is that search engines are important actors in cyberspace and that Google has in some markets a dominant position - does this mean therefore that it should have legal duties to the public eg, not to censor, or to list all sites, or to ue a certain algorithm for listing?
A German search engine conference has some interesting recent comments.(via The Register)
"German experts at a Berlin seminar this week argued that search engines need to be more regulated. They want companies such as Google, Microsoft, and Yahoo! to exercise editorial control over their search results and filter out sites with x-rated content or that glorify aggression.
"Mechanisms have to be developed to deal with illegal content and to protect children online," Marcel Machill, a lecturer in journalism at Germany's Leipzig and Dortmund universities, told the Search Engine Workshop run by the Friedrich Ebert Foundation this week."
Google and other search engines can however argue that they offer a safe search option voluntarily - though of course this can be turned off by the user. And it is well known that Google already do block listings which violate local law in (at least) China, France and Germany. But another speaker argued that a "voluntary obligation" is nothing more than a "weak regulation without any sanctions".
More interestingly perhaps though -
"Machill is also clearly troubled by the strong market position of some of the search engines. Google already accounts for 90 per cent of German web searches. In the classic media sector this kind of concentration would be absurd, he says.
"It is important not to let this power develop unnoticed." Machill hopes that Germany will establish a public corporation to build its own search engine with "editorial responsibility" to compete with Google."
Building a national search engine will be a preferable response to regulation of the private sector for many economists and regulators. But national attempts to build search engines (a French effort was documented here a while back) seem inevitably to lag behind market driven efforts Vive la capitalisme!
A German search engine conference has some interesting recent comments.(via The Register)
"German experts at a Berlin seminar this week argued that search engines need to be more regulated. They want companies such as Google, Microsoft, and Yahoo! to exercise editorial control over their search results and filter out sites with x-rated content or that glorify aggression.
"Mechanisms have to be developed to deal with illegal content and to protect children online," Marcel Machill, a lecturer in journalism at Germany's Leipzig and Dortmund universities, told the Search Engine Workshop run by the Friedrich Ebert Foundation this week."
Google and other search engines can however argue that they offer a safe search option voluntarily - though of course this can be turned off by the user. And it is well known that Google already do block listings which violate local law in (at least) China, France and Germany. But another speaker argued that a "voluntary obligation" is nothing more than a "weak regulation without any sanctions".
More interestingly perhaps though -
"Machill is also clearly troubled by the strong market position of some of the search engines. Google already accounts for 90 per cent of German web searches. In the classic media sector this kind of concentration would be absurd, he says.
"It is important not to let this power develop unnoticed." Machill hopes that Germany will establish a public corporation to build its own search engine with "editorial responsibility" to compete with Google."
Building a national search engine will be a preferable response to regulation of the private sector for many economists and regulators. But national attempts to build search engines (a French effort was documented here a while back) seem inevitably to lag behind market driven efforts Vive la capitalisme!
Tuesday, July 11, 2006
The ISP Strikes Back
Further to this post, one of the ISPs involved, Tiscali has now refused to comply with what Cory Doctorow has neatly christened notice-and-disconnection.
This is very interesting too. As Cory points out, when the device used by the rightsholder organisations like the BPI was notice-and-takedown, the economics were in favour of going along with it; it is cheaper and easier to take down content, than to get involved in possible legal proceedings. But it costs far far more to connect a paying customer up to the Internet; so the economics work the other way, for holding fast. This happens also to favour what might be seen as the civil society position, ie, that those accused of copyright violation deserve trial by due process before being presumed guilty on the BPI's say-so, and thrown off the Net. But digital rights are probably not the major motivation driving Tiscali's stance.
Nonethless this is a cheering development.
NIcely put summary from Tiscali's letter: "It is not for Tiscali, as an ISP, nor the BPI, as a trade association, to effectively act as a regulator or law enforcement agency and deny individuals theright to defend themselves against the allegations made against them."
This is very interesting too. As Cory points out, when the device used by the rightsholder organisations like the BPI was notice-and-takedown, the economics were in favour of going along with it; it is cheaper and easier to take down content, than to get involved in possible legal proceedings. But it costs far far more to connect a paying customer up to the Internet; so the economics work the other way, for holding fast. This happens also to favour what might be seen as the civil society position, ie, that those accused of copyright violation deserve trial by due process before being presumed guilty on the BPI's say-so, and thrown off the Net. But digital rights are probably not the major motivation driving Tiscali's stance.
Nonethless this is a cheering development.
NIcely put summary from Tiscali's letter: "It is not for Tiscali, as an ISP, nor the BPI, as a trade association, to effectively act as a regulator or law enforcement agency and deny individuals theright to defend themselves against the allegations made against them."
The New Statesman, on Living in the Silicon Cul de Sac
I love it:the New Statesman on why the UK Digerati are never going to be as sexy as their US counterparts (and look, ma, ORG has Americans in it too! shoot at will! hi , Jordan :-)
"[Cory} Doctorow leaves in his wake a newly formed UK advocacy team, the Open Rights Group. But there is one lingering question: why does Britain need "outreach" from North America when it comes to campaigning for digital rights? After all, it was a British man who invented the worldwide web. Why, when the US gets Silicon Valley with all its alt:latte cool and laptop-toting liberalism, are we stuck with the Silicon Corridor, nestled in the UK's debt heartland, Reading?
.. We British don't like to brag about it, but this country is still a home for some of the world's best open-source coders - Ben Laurie, who coded the security software that deals with most credit card transactions online, and Alan Cox, until recently second lieutenant in coding and maintaining a core part of the open-source operating system Linux, among others. So it seems silly that we should need help from the US to keep the digital future fair.
The truth is, it's the politics that keeps digital-rights campaigning so unsexy on this side of the Atlantic. In America, lawyers such as Lawrence Lessig can swan in and out of the Supreme Court at leisure, filing suits against the state for offences to free speech with the help of the good old US constitution. In Britain, we have to rely on legislation from Brussels. There have been significant victories on digital-rights issues in Europe, most notably the European Parliament's decision to reject the idea of extending patent law to cover software code and business models. But the lack of understanding about Europe's political processes and values makes campaigning on digital rights that much harder. "
Leaving aside the small matter that the European Convention on Human Rights is NOT legislation from Brussels, actually I think the problem is that we Brits just can't make grand statements with a straight face the way the Americans can. We haven't got the evangelical upbringing, the oral rhetoric of US culture. We're far less likely to be found saying things like "Digital rights are essential if we are to avoid being the DRM-ed slaves of the next Microserf generation" and more "That last episode of Dr Who last night was good wasn't it? Now, how about a cuppa, and er, about this ID cards business.."
(via Ben Lauries's blog)
"[Cory} Doctorow leaves in his wake a newly formed UK advocacy team, the Open Rights Group. But there is one lingering question: why does Britain need "outreach" from North America when it comes to campaigning for digital rights? After all, it was a British man who invented the worldwide web. Why, when the US gets Silicon Valley with all its alt:latte cool and laptop-toting liberalism, are we stuck with the Silicon Corridor, nestled in the UK's debt heartland, Reading?
.. We British don't like to brag about it, but this country is still a home for some of the world's best open-source coders - Ben Laurie, who coded the security software that deals with most credit card transactions online, and Alan Cox, until recently second lieutenant in coding and maintaining a core part of the open-source operating system Linux, among others. So it seems silly that we should need help from the US to keep the digital future fair.
The truth is, it's the politics that keeps digital-rights campaigning so unsexy on this side of the Atlantic. In America, lawyers such as Lawrence Lessig can swan in and out of the Supreme Court at leisure, filing suits against the state for offences to free speech with the help of the good old US constitution. In Britain, we have to rely on legislation from Brussels. There have been significant victories on digital-rights issues in Europe, most notably the European Parliament's decision to reject the idea of extending patent law to cover software code and business models. But the lack of understanding about Europe's political processes and values makes campaigning on digital rights that much harder. "
Leaving aside the small matter that the European Convention on Human Rights is NOT legislation from Brussels, actually I think the problem is that we Brits just can't make grand statements with a straight face the way the Americans can. We haven't got the evangelical upbringing, the oral rhetoric of US culture. We're far less likely to be found saying things like "Digital rights are essential if we are to avoid being the DRM-ed slaves of the next Microserf generation" and more "That last episode of Dr Who last night was good wasn't it? Now, how about a cuppa, and er, about this ID cards business.."
(via Ben Lauries's blog)
Don't shoot the messenger, use him to send a message back?
Fascianting stuff about the role of ISPs in the fight against file sharing, via ars technica:
"Stepping up its campaign against illicit file-swappers, the British Phonographic Industry (BPI) has moved from targeting individual users to putting pressure on their ISPs. The BPI has just announced that 59 accounts suspected of large-scale piracy have been reported to two ISPs, which are expected to deal with the issue. 17 requests went to Tiscali, while another 42 were sent to Cable & Wireless.
The ISPs offer no guarantee that anything will be done, but the BPI wants to move faster against suspected file-swappers than is possible in the court system. They also want to paint the ISPs as complicit with the swapping through their own inaction. As they put it, "While the BPI retains the right to pursue cases against individual uploaders, the move against ISPs who have so far failed to take effective steps to stop illegal filesharing marks a significant development in the BPI campaign—allowing the record industry to deal with a greater volume of cases more quickly and efficiently." "
Oh how interesting. What's the legal position if the ISP doesn't do anything? or to put it another way, is there more than an arguable ethical duty on the ISP to investigate and taken its own action against the alleged filesharers?
Well, if the ISP gets told often enough that it has filesharers on its network (with dates and filenames and megs uploaded etc etc), and doesn't take steps to remove them, could it have constructive knowledge of illegal activity, and could it thus lose the benefit of the general ISP immunity defnce under the E-Commerce Directive Regulations? This is much the same kind of argument I toyed with making against eBay some while back.
Of course, before an ISP could even be potentially liable in civil damages, if not in criminal law, theer would have to be liablity under copyright law. Could an ISP that gets told off often enough for harbouring fileshareres be "authorising" or "inducing" copyright violation, as was successfully argued against KaZaa and Grokster in Australia and the US?
Far fetched perhaps.. but an interesting thought..
And of course, in the real world, it's a lot easier to scare ISPs with far fetched theories of legal liability than it is to convince a court of it :-)
"Stepping up its campaign against illicit file-swappers, the British Phonographic Industry (BPI) has moved from targeting individual users to putting pressure on their ISPs. The BPI has just announced that 59 accounts suspected of large-scale piracy have been reported to two ISPs, which are expected to deal with the issue. 17 requests went to Tiscali, while another 42 were sent to Cable & Wireless.
The ISPs offer no guarantee that anything will be done, but the BPI wants to move faster against suspected file-swappers than is possible in the court system. They also want to paint the ISPs as complicit with the swapping through their own inaction. As they put it, "While the BPI retains the right to pursue cases against individual uploaders, the move against ISPs who have so far failed to take effective steps to stop illegal filesharing marks a significant development in the BPI campaign—allowing the record industry to deal with a greater volume of cases more quickly and efficiently." "
Oh how interesting. What's the legal position if the ISP doesn't do anything? or to put it another way, is there more than an arguable ethical duty on the ISP to investigate and taken its own action against the alleged filesharers?
Well, if the ISP gets told often enough that it has filesharers on its network (with dates and filenames and megs uploaded etc etc), and doesn't take steps to remove them, could it have constructive knowledge of illegal activity, and could it thus lose the benefit of the general ISP immunity defnce under the E-Commerce Directive Regulations? This is much the same kind of argument I toyed with making against eBay some while back.
Of course, before an ISP could even be potentially liable in civil damages, if not in criminal law, theer would have to be liablity under copyright law. Could an ISP that gets told off often enough for harbouring fileshareres be "authorising" or "inducing" copyright violation, as was successfully argued against KaZaa and Grokster in Australia and the US?
Far fetched perhaps.. but an interesting thought..
And of course, in the real world, it's a lot easier to scare ISPs with far fetched theories of legal liability than it is to convince a court of it :-)
Friday, July 07, 2006
ORG comes to town
panGloss has been cordially invited to join ORG, the new UK based Open Rights Group. ORG are hoping to host a social event at GikII, to encourage recruitment of, and communication between, members outside the London metropolis. (And so say all of us.)
ORG write:
"Recent successes for ORG include:-
In our immediate future will be a campaign on the public domain, which will lobby against the music industry's request for an extension of copyright term on phonographic recording.
Please do spread the word if you can, and help us reach our target of1000 members!"
It's good to see an organisation which realises that even in the transnational world of cyberspace and digital rights, national legal and cultural divisions make local organisation and input vital. The recent Net Neutrality debaters eg have, slightly annoyingly, entirely ignored the fact that in the EU the problem is a non starter. EDRI is a briliant example of an umbrella digital rights organisation which comprehends that different cultures have different responses to the the new information sociaty. Is ORG yet part of EDRI? I must find out!
ORG write:
"Recent successes for ORG include:-
- Submitting written and oral evidence to the All Party ParliamentaryGroup public inquiry into DRM, much of which made it into the finalreport.-
- Submitting written evidence to the Gowers Review of Intellectual Property-
- Raising awareness of the problems with DRM in the media, with several articles picking up on ORG's position
In our immediate future will be a campaign on the public domain, which will lobby against the music industry's request for an extension of copyright term on phonographic recording.
Please do spread the word if you can, and help us reach our target of1000 members!"
It's good to see an organisation which realises that even in the transnational world of cyberspace and digital rights, national legal and cultural divisions make local organisation and input vital. The recent Net Neutrality debaters eg have, slightly annoyingly, entirely ignored the fact that in the EU the problem is a non starter. EDRI is a briliant example of an umbrella digital rights organisation which comprehends that different cultures have different responses to the the new information sociaty. Is ORG yet part of EDRI? I must find out!
.. aaand it's g'buy to Google Checkout!
Further to my post on Google Checkout, Boing-Boing usefully reports that :
"A week after it was released, eBay has added Google Checkout to its list of online payment methods not permitted on eBay. A Google spokesperson says: "Google Checkout is not a beta product. Google has a long history in billing and payments for AdWords for premium services, such as Google Video". "
Oh what fun. This is what happens when money goes from being a coin of the realm to a proprietary product of course. What next? Will Google-friendly companies stop taking PayPal? Who will Amazon ally with? What does competition law say about all this, not to mention EU electronic money issuing rules? Do we need "clearing bank" rules for electronic wallet isuers? Don't miss next week's exciting episode!
"A week after it was released, eBay has added Google Checkout to its list of online payment methods not permitted on eBay. A Google spokesperson says: "Google Checkout is not a beta product. Google has a long history in billing and payments for AdWords for premium services, such as Google Video". "
Oh what fun. This is what happens when money goes from being a coin of the realm to a proprietary product of course. What next? Will Google-friendly companies stop taking PayPal? Who will Amazon ally with? What does competition law say about all this, not to mention EU electronic money issuing rules? Do we need "clearing bank" rules for electronic wallet isuers? Don't miss next week's exciting episode!
Thursday, July 06, 2006
Mobile Security :-)
Finally what the world needs - the phone that won't let you drink and dial your exes.
A Korean manufacturer has developed a phone that includes a breathalyser. It can be programmed so when you blood alcohol exceeds a safe level, certain numbers cannnot be phoned.
And the IT law element? Well, a commentator on Bruce Schneier's blog asks if you could combine the measurements taken by the phone with geospatial data to pin an unwilling motorist down for drunken driving. Maybe unlikely in the States - but in London with our comprehensive Congestion Charging surveillance system?? I wonder if the readings are date and time stamped? and if/how they're stored?
Maybe we should all start getting into the habit of removing stored data from our phones... just like people clear their cookies and their history lists!
A Korean manufacturer has developed a phone that includes a breathalyser. It can be programmed so when you blood alcohol exceeds a safe level, certain numbers cannnot be phoned.
And the IT law element? Well, a commentator on Bruce Schneier's blog asks if you could combine the measurements taken by the phone with geospatial data to pin an unwilling motorist down for drunken driving. Maybe unlikely in the States - but in London with our comprehensive Congestion Charging surveillance system?? I wonder if the readings are date and time stamped? and if/how they're stored?
Maybe we should all start getting into the habit of removing stored data from our phones... just like people clear their cookies and their history lists!
Saturday, July 01, 2006
Subscribe to:
Posts (Atom)