3 Strikes And You're Out talk from LSE conference

Ray Corrigan, one of the finest IT law bloggers on the block, has, incredibly helpfully, while I frolicked for the long Easter weekend, written up an account of my talk on the dubious legality of the posited "3 strikes and you're out" legislation which, if passed, would mandate disconnection of repeat filesharers in the UK from the Internet.

See http://b2fxxx.blogspot.com/2008/03/3-strikes-copyright.html (thanks Ray.)

There is also a third ground of possible illegality of any proposed "notice and disconnection" regime, , other than its transgression of due process and lack of propartionality with respect to human rights. I did not have time to get to this at the conference so Ray has not mentioned it - namely that in order to prevent an "it wasnae me" defense (as we say in Glasgow), legislation might also require the mandating of secured wi-fi for every user who maintains a wireless router. Without such a rule, every uploader could theoreticaly claim it was not them but a wi-fi piggy-backer who committed the "offence".

Currently, users are usually advised to make their wi-fi network secure, and most ISP T & Cs theoretically demand it, but many prominent security experts, notably including Bruce Schneier, deliberately keep their networks open (while maintaining high quality virus checking ware and firewalls for the security of their own data). they do son mainly on the grounds that the mobile Internet ought to be a public resource for those in transit or in public areas, like toilets or water fountains. Breach of a term imposing secure wi-fi only by an ISP may currently be a breach of contract which might conceivably lead the particular ISP in question to , legitimately, disconnect the user; but it would not, as "3 strikes" would, mean that user is then sent to Internet Coventry by every ISP in the country.

Cutting off the choice of providing public wi-fi to the user on pain of banishment from the Internet, raises obvious issues itself of infringement of freedom of expression and association. Avaiability of unsecured wi-fi in public areas, say, in parks or on streets or at emergencies, is also arguably , as Schneier and co believe, a public good. Given that, it should be asked whether a proper balance is being maintained if we legislate to ban an asset of general public interest, in order to protect the legitimate property interests of one narrow commercial sector. It also raises the question of whether a wi-fi operator might be a "mere conduit" under the E-Commerce Directive, Art 12, and if so whether, in effect, strict liability for other people's misdeeds can be imposed on such operators without infringing EC law.

This point is dealt with in my powerpoint which I believe will be soon up on the relevant website along with other slides from the day. Will add URL shortly.

I think the best point raised during the day which I had not really considered at all before, was how long a general ban or disconnection after notice would last. (I think this came from Michelle Childs, but I am not totally sure.) Does a foolish upload or two by a teenager in your house mean that dad and/or mum is banned from the Internet forever? Even when we talk of true criminal sanctions (and copyright is at root a civil matter), jail terms (bar "life means life" for murder) have to be of defined length. Do we want a world where ISPs are ordered by the content industry to patrol indefinite lifetime bans from the Internet? Would legislation include provisions for appeals after a certain time and has anyone thought through the due process ramifications? The more you think about it, the more damningly flawed the whole idea is.

In France, at least, the whole process is going to be under the supervision of an independent tribunal given directions by a judge. If we do end up going down this route in legislation, the French system should be the minimum starting point for transparency and due process. I hope instead however that the UK government and BERR will, after due consideration, decide this approach, with all its capacity for disproportionate human right infringement and errors in proof and process, is not a suitable way to police filesharing, when so many other routes exist.

Phorm an orderly queue

It might easily be said that the British just love creating problens with Phorms..

Here is the press release for the FIPR official letter to the ICO on the current Phorm controversy. It has my full support as a lucid and explanatory response to a pressingly potential worrying incursion into consumer privacy (disclaimer: I am member of FIPR advisory board.)

FIPR Press Release

For Immediate Release: Monday 17th March 2008

Open Letter to the IC on the legality of Phorm's advertising system
-------------------------------------------------------------------

The Foundation for Information Policy Research (FIPR) has today released
the text of an open letter to Richard Thomas, the Information
Commissioner (IC) on the legality of Phorm Inc's proposal to provide
targeted advertising by snooping on Internet users' web browsing.

The controversial Phorm system is to be deployed by three of Britain's
largest ISPs, BT, Talk Talk and Virgin Media. However, in FIPR's view
the system will be processing data illegally:

* It will involve the processing of sensitive personal data: political
opinions, sexual proclivities, religious views, and health -- but it
will not be operated by all of the ISPs on an "opt-in" basis, as is
required by European Data Protection Law.

* Despite the attempts at anonymisation within the system, some people
will remain identifiable because of the nature of their searches and
the sites they choose to visit.

* The system will inevitably be looking at the content of some
people's email, into chat rooms and at social networking activity.
Although well-known sites are said to be excluded, there are tens or
hundreds of thousands of other low volume or semi-private systems.

More significantly, the Phorm system will be "intercepting" traffic
within the meaning of s1 of the Regulation of Investigatory Powers Act
2000 (RIPA). In order for this to be lawful then permission is needed
from not only the person making the web request BUT ALSO from the
operator of the web site involved (and if it is a web-mail system, the
sender of the email as well).

FIPR believes that although in some cases this permission can be
assumed, in many other cases, it is explicitly NOT given -- making the
Phorm system illegal to operate in the UK:

* Many websites require registration, and only make their contents
available to specific people.

* Many websites or particular pages within a website are part of the
"unconnected web" -- their existence is only made known to a small
number of trusted people.

The full text of the open letter can be viewed at:

http://www.fipr.org/080317icoletter.html

QUOTES

Said Nicholas Bohm, General Counsel, FIPR:

"The need for both parties to consent to interception in order for
it to be lawful is an extremely basic principle within the
legislation, and it cannot be lightly ignored or treated as a
technicality. Even when the police are investigating as serious a
crime as kidnapping, for example, and need to listen in to
conversations between a family and the criminals, they must first
obtain an authorisation under the relevant Act of Parliament: the
consent of the family is not by itself sufficient to make their
monitoring lawful."

Said Richard Clayton, Treasurer, FIPR:

"The Phorm system is highly intrusive -- it's like the Post Office
opening all my letters to see what I'm interested in, merely so that
I can be sent a better class of junk mail. Not surprisingly, when
you look closely, this activity turns out to be illegal. We hope
that the Information Commissioner will take careful note of our
analysis when he expresses his opinion upon the scheme."

CONTACTS

Nicholas Bohm
General Counsel, FIPR
01279 870285
nbohm@ernest.net

Richard Clayton
Treasurer, FIPR
01223 763570
07887 794090

NOTES FOR EDITORS

1. The Foundation for Information Policy Research (http://www.fipr.org)
is an independent body that studies the interaction between
information technology and society. Its goal is to identify
technical developments with significant social impact, commission
and undertaken research into public policy alternatives, and promote
public understanding and dialogue between technologists and policy-
makers in the UK and Europe.

2. Phorm (http://www.phorm.com/) claims that their "proprietary,
patent-pending technology revolutionises both audience segmenting
techniques and online user data privacy" and has recently announced
that it has signed agreements with UK Internet service providers BT,
TalkTalk and Virgin Media to offer its new online advertising
platform Open Internet Exchange (OIX) and free consumer Internet
feature Webwise.

3. In a statement released on 3rd March the Information Commissioner's
Office (ICO) said:

"The Information Commissioner's Office has spoken with the
advertising technology company, Phorm, regarding its agreement
with some UK internet service providers. Phorm has informed us
about the product and how it works to provide targeted online
advertising content.

"At our request, Phorm has provided written information to us
about the way in which the company intends to meet privacy
standards. We are currently reviewing this information. We are
also in contact with the ISPs who are working with Phorm and we
are discussing this issue with them.

"We will be in a position to comment further in due course."

-

Reminder of March 19th filesharing conference

From Ian Brown:

Hi all - a reminder that this Wednesday afternoon we have a great
selection of speakers for our free OII/LSE event on music and copyright
(including from the ORG posse Becky Hogge, Richard Clayton, Lilian
Edwards and Wendy Grossman). Come along to find out what the government,
music industry, publishers and independent experts are thinking about
ideas like 3-strikes-and-you're-disconnected; scanning ISP traffic for
copyright works; and notice and takedown regimes.

Full programme at:
http://www.oii.ox.ac.uk/events/details.cfm?id=186

From Pangloss: apologies for radio silence. Giving 6 talks in a month while also teaching and trying to edit a book not best recipe for Constant Blogger :( I have lots to say, believe me..

More March madness , sorry, talks

Wednesday 5 March brings a joint event with the European Law Forum and ILAWS, both centres at the Law School, University of Southampton.

Professors Gerrit Betlem and Lilian Edwards will speak on “Promusicae: Fundamental Rights of File Sharers and the Enforcement of Intellectual Property - EU and IT Perspectives.”

Staff Common Room of the Law Building on Highfield Campus, University of Southampton, 1-2pm. Contact me if you want details. This is an informal seminar but all welcome.

Materials: the ECJ’s judgement in Case C-275/06 of 29 January 2008 and the Opinion of A-G Kokott of 18 July 2007.

Fun, file sharers and the law

Pangloss is off speaking again :

2pm-5.30pm 19 March 2008
The Old Theatre, London School of Economics, Houghton Street, London WC2

Is home downloading killing music? Should Internet Service Providers monitor customers to try and spot copyright infringement, and disconnect downloaders? Do musicians need new laws to benefit from the opportunities of the Internet?

Join us at this FREE event to debate these questions and more with leading copyright thinkers from the music world, government, consumer groups and universities. Confirmed speakers include John Kennedy (CEO of IFPI), Becky Hogge (Open Rights Group), Lilian Edwards (Southampton University), Rufus Pollock (Cambridge University) and Michelle Childs (Knowledge Ecology International). Find out more and register here.

Pangloss is talking about the role of ISPs and other intermediaries in enforcing rules against filesharing and the impact this may have on citizens, users and consumers. THis is rather fun timing given both the Promusicae case discussed here recently and this much-blogged announcement yesterday - so I will save my commentary till March :)

Facebook

Just to document the press's continuing fascination that people are indeed monitoring Facebook, Bebo etc, and that despite this, other people are still stupid enough to leave confidential information there, this piece from the Indy ...

"Just ask the 27 workers at the Automobile Club of Southern California fired for messages about colleagues on their MySpace sites; the Florida sheriff's deputy whose MySpace page revealed his heavy drinking and fascination with female breasts – and swiftly found himself handing in his badge; the Argos worker in Wokingham fired for saying on Facebook that working at the firm was "shit"; the Las Vegas teacher at a Catholic school fired after he declared himself gay on his MySpace page; the staff of an Ottawa grocery chain fired for their "negative comments" on Facebook; the 19 Northampton police officers investigated for Facebook comments; and Kevin Colvin, an intern at Anglo Irish Bank, who told his employers he had a family emergency, but whose Facebook page revealed he had, in reality, been cavorting in drag at a Hallowe'en party."

However the piece does have a new(ish) point, that worries about social network sites may shift from the obvious paedophiles, stalkers and ID thieves t more "civil" observers:

"That something as ubiquitous as social network sites (they have 13.7 million UK users) are exploited by paedophiles and other serious criminals is not surprising. Happily, the numbers affected are small. But the use of personal page content in civil disputes, divorces, employment and legal actions will affect far more of the millions now innocently sharing their thoughts and intimate moments with the online world. "

Pangloss is, as usual, almost finished an article on all this :) Send donations of spare time to allow her to complete it!!

Ps while we're at it, two interesting recent comments on the ongoing facebook/SCrabulous affair - Jonathan Zittrain here and the irrepressible Daithi Mac Sithigh here.

Stokes Law Stokes Trouble for the National ID database

I love this:

"I propose new law, to go alongside Moore's Law and Reed's Law and all of our other useful tools for doing back-of-the-envelope projections of where things will be going in the short- to medium-term. I propose Stoke's Law, which is that

as the amount of data that the government collects grows, so will the number of people who are victims of crimes that were made possible by unauthorised access to government databases.
[From Analysis: Metcalfe's Law + Real ID = more crime, less safety "

So obvious yet so profound!

Also in today's mail - FIPR report an ICM survey that 25% of the UK population now "strongly" opposed to the national ID database - up from 17% last September.

EBay to ban negative feedback by sellers..

.. but not from buyers.

This is an interesting one. A small UK study Ashley Theunissen and I did in 2005/6 seemed to reveal that both sellers and buyers found leaving feedback by far the most useful and widely-used instrument they had at their disposal for resolving and avoiding disputes on eBay. Other options such as eBay's own on line mediation and negotiation procedures or Payer Protection Schemes were by contrast barely used, and both credit card and PayPal guarantee systems were often inappropriate to the dispute in question, either because a credit card was not used or in the case of PayPal, because the many qualifications for the scheme were not met or the account had been emptied.

However much game theory work since has also shown that feedback is highly unreliable as an index of trustworthiness of sellers, at least partly because negative feedback was very rarely given by buyers who were than one time eBay users for fear of retaliation. Feedback can also be gamed by sellers by a multitude of small value transations to build a shiney feedback profile, after which a large value no-delivery fraud is undertaken. Hence the preponderance of both sellers and buyers with 99.99% satisfaction ratings on eBay. eBay has been trying to address the second problem with its "Feedback 2.0" , which allowed a more granular breakdown of how an eBay seller had acquired a certain feedback score over multiple transactions, but clearly this has not been felt to be enough to provide trustworthy guidance to buyers.

Given also the growth of eBay as a site for Power Sellers, quasi professional sellers and the like, trying to turn feedback back into a true index of the trustworthiness of a seller by restricting retaliation tactics seems like a smart move. Sellers however are of course not best pleased, according to the Beeb report. In our small survey, 60% of sellers had left negative feedback, as opposed to 40% of buyers, so this looks like a big change in practice for UK sellers. It will be ve-ry interesting to see how this pans out. is eBay trying to forestall buyers leaving for other auction sites where they feel they are more likely to get good service from buyers, or at least have a better chance of picking a trustworthy merchant?? Or is it truely as reports say trying to provide a better "customer environment"? Pangloss would love to know if anyone has more info.

In the meantime, what we continue to need is a "true" non-gameable index of cross-site reputation - something from the distributed identity stable, perhaps. So far we are at the very early attempts stage in this field - see eg QDOS from the garlik folk, where Pangloss mysteriously finds herself compared to authors, footballers and Eastenders bit actors from time to time. Still, at least it's a start..

Promusicae in the ECJ

Pangloss has just grabbed a few minutes to consider this rather important new decision from the ECJ. Basically, the European court was asked to consider if it was legal for Spanish law to require telecoms providers, ISPs etc to retain traffic data relating to users for security or crime related purposes, but not to allow the use of that law for retrieval of evidence for OTHER (civil law) purposes, most obviously their use by IP rightsholders to uncover the identities of P2P filesharers.

The key provision here is Article 5(1) of Directive 2002/58 (the Privacy and Electronic Communications Directive, amending the Data Protection Directive 1995), which requires states to pass laws to ensure the confidentiality of traffic data. There can be exceptions to this obligation under Art 15(1) , but only where necessary to safeguard national security , defence, public security, or for the prevention, investigation, detection and prosecution of criminal offences - and to prevent "unauthorised use" of the electronic communications system, as referred to in Article 13(1) of Directive 95/46.

There was some dubiety in the ECJ that this last exception covered traffic data collection to get evidence for *civil* litigation - but the court were willing to more or less go along with that one. What they weren't willing to say was that this implied laws MUST be passed requiring disclosure of personal data to safeguard the rights of litigants in civil proceedings - ie, the PECD did NOT require automatic disclosure of P2P traffic data to help out the music industry, though such laws would not violate EC law.(para 56).

Several other IP-related Directives cited generally required states to provide for procedures for disclosure of information relating to pirate goods, after "justified and proportionate" applications by aggrieved rightsholders; however these did not take precedence over the specific obligation in the DPD and PECD to protect personal data.

And most importantly, as Cedric Manara has already mentioned elsewhere, the Court finally held that, turning to fundamental rights in the EC Charter, if the fundamental rights to property, and to privacy (which appear therein, as well as in the ECHR) appear to come into conflict when EC Directived are implemented in national laws , well, then , IP does not take precedence over privacy (or vice versa): instead, national courts must "make sure that they do not rely on an interpretation of [national laws] which which would be in conflict with these rights." (para 68) Put it plainly: IP rights do not trump DP rights, says the ECJ.

In other words also - my interpretation purely, now - although the ECJ have not said that laws requiring automatic disclosure of personal data to rights holders to protect IP rights would be illegal under the PECD, a serious warning has been issued to national legislatures not to be pushed into passing such laws, without considering first if rights of protection of personal data are being taken properly into account.

In the UK, this is serious stuff. The government is currently basically trying to shove through (as per Gower recommendation no 39) a model borrowed from France under which ISPs will disconnect and bar repeat P2P infringers via BCP codes, without ever going near a court. But this is probably only the tip of the iceberg. It is no surprise that the industry would far rather have automatic disclosure via industry codes of practice than, as currently, have to go for Norwich Pharmacal disclosure. This will be a very useful opinion for lobby groups fighting such a legal or "soft law" progression.

I'll be saying more about this at a conference in March :)More details when I have them.

Bloodspell

Blogzilla remins me that if you're interested in machinima you can now listen to Bloodspell director Hugh Hancock discussing his creation with Pangloss, Andres Guadamuz and Ian Brown last November. Thanks to Fernando Barrio (Electromate)for organising the event, and to Robin Scobey for the recording!

Facebook, the holiday romance

A rather nice comment on why Facebook will be a passing fling for 2008, not the love of our life :)

IP Addresses are Personal Data - official

Brief but important note, via the Asociated Press: the EU Art 29 Working Party group working on privacy, DP and Internet search engines (notably Google) has issued an early press release.

"Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.

He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data." "

Some may think this an obvious conclusion, but in fact a report on Personal Data commissioned by the UK ICO office a year or two back (and very sadly, no longer available on the ICO site) revealed considerable disparity on this across Europe; in many cases whether an IP adress was regarded as "identifying" depended on context, in the view of various Information Commissioners.

The significance is crucial; if IP addresses are personal data, then services which collect IP addresses but not actual names - as Google does when it collects search terms typed in by users from IP adresses - are still regulated by DP law.

Google's privacy chief Peter Fleischer has previously insisted IP addresses are should only be seen as personal data, if it is likely that a person can be identified from an IP address . (Despite this, Google recently caved in to EU pressure and reducing the duration of Google cookies from 30 years to 2 years.) He may now have to think again, at least in Europe. This should be no surprise however, as , as Fleischer himself admits, the ART 29 Working party gave the answer as far back as 2002, that if an IP address can be connected to a person (eg by the person's ISP), then it should be seen as personal data for all purposes, including use by other companies.

The UK's current law , by the way, is in Pangloss's opinion , rather nearer to Fleischer's interpretation than to Scharr's - see s 1 of the DPA 1998. So bad news may be coming not only for Google but for UK drafters and advisers.

EBay gets to the point..

BBC Radio Oxford have kindly informed me of concern by Oxford MEP Nirj Derva about the sale of flick knives on eBay to UK teens.

"Nirj Deva MEP has called on the internet auction site EBay to ban the sale of flick-knives online, following a dramatic increase in street crime in the UK.

...Whilst it is illegal for those under the age of sixteen to buy knives, a five-second search for the word "flick knife" on Ebay.co.uk offers visitors, without any form of background or age check, the chance to buy a range of 3.75 inch Buck Protege serrated flick-knives. All "flick knives" with a blade of in excess of 3 inches are illegal under British law. "

Indeed. Under the Restriction of Offensive Weapons Act 1959, s 1 as amended in fact. It is an offense already to sell, offer for sale or expose for sale flick knives in the UK. So why do we need new laws for eBay?

Well, according to concerned MEP Deva, because although eBay UK have flick knives on their list of banned sale items, in fact you can instantly find these items on ebay.co.uk nonethless. In fact on a cursory glance as of today , 21/1/08, a search on "flick knives" on eBay.co.uk gave a zero result, not surprising as "flick knives" sub nom "switchblade knives" are one of the items banned on ebay.co.uk.

However the page conveniently points you at the bottom to results that CAN be found -on ebay.com in the USA. In fact although only two items were so indicated when Pangloss went to look, a quick direct search on ebay.com reveals many thousands of knives that look prohibitively scarey for sale to rampant UK teens (the US term of art appearing to be more often "buck" knives than "flick" knives).

The real questions which arise out of this latest apparent attempt to hit the headlines are twofold.

First, can the UK effectively legislate for ebay.com in the USA? Basically, no. Well, no, in strict law; but yes the bad PR might have an effect on US ebay prohibited listings rules (though Pangloss doubts it; and in any event US eBay already bans some forms of knives which may or may not correspond directly to UK flick blades but are damn like them - "switchblades" (which are "any knife having a blade which opens automatically (1) by and pressure applied to a button or other device in the handle of the knife, or (2) by operation of inertia, gravity, or both.") and "butterfly knives".) .

We have been here before of course, with Yahoo!, the French government and Nazi memorabilia. (Moral panics have no memory - maybe we need a directory of them, just as we have snopes.com for urban myths?) The end of the Yahoo! saga was that Yahoo! (and in fact ebay) chose to ban the sale of Nazi paraphernalia to restrict bad press, in the US as well as in Europe. But how much of a result is that in more than symbolic terms??

We all know that eBay (.com or .co.uk) "banning" an item effectively means very little. Items can be hidden in more general categories of listings (eg "folding knives") or under synonyms, and eBay does not appear to police its listings other than automatically restricting certain listings under banned categories. Right now, eg, although "flick knives" gets you zero results on ebay.co.uk, "buck knives", the US term, gets you 50 results.

The second real issue underlying here is if duties should be placed on eBay to take pro active policing (or "filtering") action, without which liability will be imposed - or if , as at present, eBay's liability should be restricted to arising only if it fails to take action on notice and take down. See passim on this blog, discussion of the E-Commerce Directive, Arts 12-15 and the puzzling question of their applicability to UGC sites like eBay.

Art 14 of the EC Electronic Commerce Directive as implemented in the UK by the 2002 Regulations of the same name, reg 19 states that:

"Where an information society service is provided which consists of the storage of information provided by a recipient of the service, the service provider (if he otherwise would) shall not be liable for damages or ... for any criminal sanction as a result of that storage where -

(a) the service provider -
(i) does not have actual knowledge of unlawful activity or information and, where a claim for damages is made, is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful; or
(ii) upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information, and

(b) the recipient of the service was not acting under the authority or the control of the service provider.

Thus as regards criminal liability under the 1959 Act for "sale" or "exposure" of flick knives, eBay cannot it seems , be found liable "for any criminal sanction as a result of that storage" unless it has received actual notice - a reactive NTD paradigm. Whether this is right or not in ethics, it appears to be the law. (a really interesting question might be if a victim of a flick knife attack claimed civil damages against eBay for breach of duty under the 1959 attack. Pangloss does not know enough about the English law of title to sue in statutory duties, let alone causation, to follow that one further..)

A final interesting issue is if eBay is indeed the person doing the "sale" or "exposure for sale" under the 1959 Act. As in the previous contact lens dispute, it might well be argued by eBay that the "person" who should be criminally liable is each individual seller, not eBay the intermediary platform. Again the ethics - as well as the efficacy - if not the strict law of this result may be questioned.

However there would seem to be little Parliament can do about it until and unless the E Commerce Directive is amended in its upcoming review.

Second Life bans virtual banks..

.. reports the Register.

That's only banks practicing only in virtuality - LInden dollar lenders and investors - according to El Reg - "meatspace" licensed banks are allowed to continue to operate. The reason given is that virtual banks were proving unstable due to offering riunous rates of return on invested Linden dollars.

"Since the collapse of Ginko Financial in August 2007, Linden Lab has received complaints about several in-world 'banks' defaulting on their promises. These banks often promise unusually high rates of L$ return, reaching 20, 40, or even 60 percent annualized," wrote Ken D., yesterday.

"Linden Lab isn’t, and can’t start acting as, a banking regulator," he added.

Which is interesting given a question that floated my way over the holidays: are virtual worlds , like Linden Labs, which issue widely used in-game currencies, convertible to and purchasable with real-world currencies, issuers of "electronic money"? And if hould they be regulated as deposit-taking baks are - or alternately do they fall within specialised regulatory schemes like the well-known if under-used EC Electronic Money Issuer Directive?

The EMI Directive was originally clearly intended to regulate "digital cash" issued on stored-value smart cards, as with the MOndex scheme rolled out in the early 2000s. Such schemes have never really caught on (though are arising again in the form of transport stored value cards like Oyster) - but the EMI has since been used to regulate quite different paradigms of electronic money such as the Pay pal business.

One point, as the Register notes, is that Linden Labs themselves clearly do not intend to hold themselves out as an EMI (or in the US perhaps, simply a bank). Their own terms and conditions say:

""Linden Dollars are not money, they are neither funds nor credit for funds. Linden Dollars represent a limited license right to use a feature of the simulated environment. Linden Lab does not offer any right of redemption for any sum of money, or any other guarantee of monetary value, for Linden Dollars."

On the other hand it is a notable feature of both ordinary money and EMIDir "electronic money" that it can be redeemed for face value against the issuer at any time, and this is right ("claim" according to the EMI Dir). For more erasons why 2L is probably not an EMI, see the useful chapter by Guadamuz and Usher in (ahem) Edwards ed The New Legal Framework for e-commerce in Europe.

Pangloss wonders what each virtual bank's T & C say about redemption in the event of the bank being closed down involuntarily by the platform host virtual world. The point of both banking and EMI regulation is at least partially to ensure that in the event of bank failure or closure, capital reserves must be maintained such that users at least get their stakes back. If that matter is left purely to contract however, it might be quite legal for Virtual Bank of Third Life (say) to provide that in the event of closure by platform world, all reserves are void. Or it might simply have run out of money - a run on the banks will no doubt by now already have started - as El Reg add "Linden Labs has requested that the virtual banks settle up with investors by January 22, honoring withdrawals. That should be interesting." Indeed.

If banks do not pay up and Second Life will not intervene to protect their users, relying on their stance that they are neither a money issuer nor a bank regulator - Would real space governments be prepared to get involved ? Eat your heart out, Northern Rock:)

Happy festive dispute-season and a litigational new year..

.. well what DO you wish a bunch of IT lawyers for Xmas?? World peace? An end to spam, malware and windows Vista? But then what would we do for a job??

Panglos is back from Beijing and Thailand but has not yet had time to clear all the yuan and bhat out of her purse, let alone absorb the apparently daily accounts of government departments giving personal data away with ten free gallons of petrol plus Green Shield Stamps.

Meanwhile, exposure to the street markets of Beijing, Bangkok and Phuket has persuaded her that any attempt to assert globalised IP rights against Asia ls a lost cause. Pirate DVDS of every quality from perfect to dodgy sold for c 50-70 baht - less than a pound - including Futurama, not yet out in the UK, and The Golden compass, not yet out on DVD legally ANYWHERE, yet possesed of utterly convincing cover artwork and copy.. Pangloss may have purchased some of these but only with which to thrill her classes, nota bene. Meanwhile knock off designer goods are so commonplace that frankly I came back covetous more of a Tescos set of napkins than a Gucci handbag. Dilution? Yes, I am very diluted:)

Serious Content will resume after Xmas.

In the meantime , have two nice images for the season.

One, a postgraduate class on cybersecurity I taught at the Beijing University of Telecommunications, in English, without translator (only days after producing a report accusing China of being the main player in cyber-terrorism :-). The class, all Mandarin-speaking, were attentive and excited and asked incisive questions. No developing country lag at all there. When we tried to look up something on Wikipedia and found it blocked by the Great Firewall, a student lackadaisically simply punched in a proxy server address. Censorship? What censorship?



Secondly, yesterday I was proud to attend the wedding of my PhD`student Rowena Rodrigues, herself an IT law blogger. Congratulations to Rowena and Jovito, and I hope for a long and happy marriage and bouncing baby PhD thesis in the years to come!

MI5 warn of chinese hacking theat too

Only a day after the McAfee report warned of the possibility of Chinese hackers attacking states around the world including the UK, MI5 has, unconnectedly, sent out a confidential letter warning of exactly that. the Chinese embassy has of course denied the allegations - just as they did in response to the original report.

More over at Blogzilla.

And Pangloss goes to China Tuesday to give a paper entitled "Chinese zombies or Japanese worms? What can the law do about cyber-security?". Synchronicitous times..

Meanwhile on the domestic security front, fall out from the great child benefit disc scandal continues. Contactpoint, the database to combine data on most the country's children for multi-agency communication purposes , has been put on hold for five months.

Shadow Children’s Minister Maria Miller said: "The government should also use this opportunity to see whether it really is necessary to have a database for every single child in the country, accessible to 330,000 people, given the significant amount of concern that this could overload the system and lead to a dumbing down of information.

Pangloss just turned in a somewhat critical chapter on Contactpoint for a book on social work, privacy and confidentiality; perhaps by the time it is printed it will already be a dead letter?

First, Contactpoint: next the ID Database? Watch this space.

Macafee VCR 2007

No, not VCR as in video recorder (how lo tech!) but Macafee Virtual Criminology Report 2007. (Pronounced MAC-afee. I've been getting that wrong all day, while doing 17, count em, SEVENTEEN radio interviews!) And available in English, French, Spanish, German and Italian no less.

Anyway Ian Brown of Blogzilla and myself are happy to announce the launch of a bouncing ten pound report, on a whole loada stuff including the rise of cyber-terrorism since the Estonia attacks in April; the evolving shape of malware and the cut-price cyber-market for phishing, spamming and DDOS tools, complete with customer service and on-line tutorials for budding young Russian mafiosi ; the legality of the exploit market, white and black; and, as they say, much much more..

Producing this has been a real interesting experience. I got to interview some very intriguing people, like Sharon Lemon at E-Crime in SOCA, David Vaile at AUSTLII and andrea Matwyshwn at Wharton/Penn, and security experts at places like iDefense and Carnegie Mellon Japan. I learnt an awful lot. I also got an insight into corporate politics and the PR industry which has DEFINITELY been an eye opener :-)

So have a look. You have to fill in a registration form to download unfortunately, but I'm sure you're all quite capable of unticking boxes as relevant :-p

EDIT: Hmm. China not happy. Pangloss goes to Beijing Tuesday. Pangloss not entirely happy :-)

Post Childbenefitgate - Facebook is still bad for your wealth

While the world continues to fail to comprehend how a government could casually lose the personal data of half its population by putting a DISC in the POST , my colleague Ian Brown (Blogzilla) is right to note that personal data is still just as likely to be compromised by commercial actors as government departments. And we- especially the younger part of our population - just keep giving the stuff away.

In particular the ICO has just issued a warning about the dangers for youth of giving away personal data which might well be used for identity theft on sites like MySpace, Facebook, etc.

"As many as four and a half million* young people (71%) would not want a
college, university or potential employer to conduct an internet search on
them unless they could first remove content from social networking sites,
according to new research by the Information Commissioner’s Office (ICO).
But almost six in 10 have never considered that what they put online now
might be permanent and could be accessed years into the future.

The research findings are unveiled as the ICO launches a new website at
www.ico.gov.uk/youngpeople to help young people understand their
information rights. The first section contains tips and advice on safe social
networking.

As well as not thinking ahead before posting information on the web, the
survey of Britons aged 14-21** also revealed that youngsters’ online
behaviour is a gift to potential fraudsters. Two thirds (eight in 10 girls aged 16-
17) accept people they don’t know as ‘friends’ on social networking sites and
over half leave parts of their profile public specifically to attract new people.
More than seven in 10 are not concerned that their personal profile can be
viewed by strangers and 7% don’t think privacy settings are important and
actively want everyone to see their full profile. "


Meanwhile, back at governmental data leaks, it's worth noting that the ICO was hastily given "stop and search" powers by Gordon Brown to audit government departments dealing with personal data in the immediate wake of Childbenefitgate.

But this really just isn't good enough. We desperately need decent penalty powers for the ICO - the current enforcement notice procedure is simply not adequate - but more than that, we also need mandatory security breach notification, the very measure which was strongly recommended by the House of Lords Personal Internet Security Report, and then rejected by the Government only weeks ago as completely unnecessary. And Richard Thomas, quite rightly, is calling for security breaches of this magnitude to be made a criminal offense.

Tiffany v eBay

A tip off from WOIP blog that the long awaited suit by Tiffany's against eBay for trademark infringement - basically, stocking counterfeit Tiffany goods - is about to kick off.

http://woip.blogspot.com/2007/11/tiffany-versus-ebay.html

Given recent cases in France and Germany which have tentatively pointed towards a trend towards European judges not finding the EC E Commerce Directive Art 14 a complete defense for user generated content sites, this one could be very interesting :)

Meanwhile..

Pangloss has bronchitis :((

But also an antibiotic so you can hold off on all those giant bouquets of roses..

In lieu of actual content, this , I have to say, does remind me of elements of modern academe..

HL Report Takes Road to Nowhere

Along with most my colleagues in IT law, I was excited at the vision and comprehension shown by the HL Report on Personal Internet Security released in the summer.

Last week, the UK government basically rejected every recommendation on the ground that, well, there really wasn't a problem, and it would be a bit hard on industry to place regulatory burdens on them, wouldn't it?.

This really won't do. Even the Lords themselves are muttering about heads and sand.

Meanwhile Richard Clayton, who had a large amount of input into the report as Special Adviser is deeply unimpressed.

"The bottom line is that the Select Committee did some “out-of-the-box thinking” and came up with a number of proposals for measurement, for incentive alignment, and for bolstering law enforcement’s response to eCrime. The Government have settled for complacency, quibbling about the wording of the recommendations, and picking out a handful of the more minor recommendations to “note” to “consider” and to “keep under review”.

A whole series of missed opportunities."

New frontiers in spam..

Wonderful news from Bruce Schneier.


"Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.

The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.

By getting people to type in the text the spammers can take over the accounts and use them to send junk mail."

How utterly fab. How does it feel to be Pavlov's dog, oh slavering mankind? And do we girlies (and possibly gay men?) get naked pix of John Barrowman?

Next: we cut out the need for naked pix, by incorporating CAPCHA decryption into online Sudoku? Oh it's all just SOOO Philip K Dick!!

Bloodspell and the Rise of Machinima

Organized by the London Metropolitan Business School and the Open Rights Group, the world-first feature-length machinima, Bloodspell, will have a special showing in London on 22 November 2007. (starting at 5:15PM), followed by a panel of specialists addressing the issues that this new film genre encompasses.

Pangloss is chairing and speakers will include Andres Guadamuz (Technollama), Hugh Hancock and reps from the film and games industries.

The venue is the London Metropolitan University Graduate Centre (the Libeskind-designed building).

For those new to the topic, machinima, in very basic form, involves the use of software that has been designed to create computer games, to produce original films with their own script and narrative. The word “machinima” was coined some time ago by Hugh Hancock, who has also written and directed Bloodspell. The event will be started with Hugh introducing what machinima is and the story behind Bloodspell, followed by the film, panel discussion and free drink!.

There are more details at Electromate which also has the link to the facebook group where you can RSVP. Many thanks to the wonderful Fernando Barrio who is coordinating this event.

Back in the USSA

Interesting snippet from Computing Weekly

"The proposed sale of 3Com to Bain Capital Partners and China's Huawei Technologies has drawn the attention of U.S. lawmakers because it involves sensitive security technology.

Legislation has been introduced in the U.S. House of Representatives to block the acquisition of 3Com by Bain Capital Partners and affiliates of Huawei Technologies of China.

Earlier in October, the two companies entered into a definitive merger agreement that set a price of £1.1bn for 3Com."

What eez zees "sensitive security technology", you ask? Well Pangloss of course knows nothing, but one suggestion is that 3Com own Tipping Point - who happen to be one of a very select handful of companies in the world peddling a certain trade - they buy and sell zero day exploits - potentially disastrous software vulnerabilities.

And word on the street as it that the US has been a bit touchy about the idea of a company like that coming under potential Chinese state er influence - especially since the reports earlier this year of Chinese attacks on the Pentagon.

Nice to have a bit of gossip in with the cyberlaw huh?

Web 2.0 liability hits Europe - delete those borrowed cartoons fast, folks..

Rather more sensibly, via my dear colleague Judith Rauhofer.. interesting case reports of two summer French decisions on Web 2.0 liability, summarised by Bird and Bird in their EU IT law bulletin. I have been meaning to note these, so am indebted to both sources.

MySpace

In the first decision, on 22 June 2007, a French humorist successfully sued MySpace before the Paris first instance tribunal for infringement of his author’s rights and personality rights, as his name, image and some of his sketches were published on a MySpace webpage without his authorisation.

The court found that MySpace performed the role of an Internet host. However it also did other things: it provided "a presentation structure with frames, which is made available to its members" and significantly, it also "broadcasts advertising upon each visit of the webpage, from which it profits".

As a result MySpace did not benefit from the hosting immunity of the EC Electronic Commerce Directive, Art 14 , implemented in Article 6.I.2 of the French law “on Confidence in the Digital Economy” (dated 21st June 2004) . The French law provides that a hosting provider:

“may not be held civilly liable for the activities or information stored at the request of a recipient of these services if they are effectively unaware of the illegal nature thereof or of the facts and circumstances revealing this illegality or if, as soon as they become aware of them, they have acted promptly to remove these data or make access to them impossible"

MySpace were however deemed not a host but a "publisher". Lacking immunity, MySpace were thus ordered to pay substantial damages.

Dailymotion

The second decision concerns Dailymotion, who appear to be a kind of You Tube equivalent site.

In April 2007, the director and the producer of a French film entitled “Joyeux Noel” sued Dailymotion on the ground of copyright infringement, because their film could be viewed on Dailymotion’s website.

In a decision dated 13 July 2007, the Tribunal de Grande Instance of Paris ruled that Dailymotion, although classed as a hosting provider, under the French law quoted above, was still liable for providing internet users with the means to commit copyright infringement.

On the plus side for Dailymotion, the court agreed that it was a hosting provider, and so in principle entitled to the immunity above. This was so even though it operated a commercial activity supported by advertising revenues - factors which had lead earlier French courts (as in the MySpace case, above) to declare sites like Dailymotion, not hosts , but "publishers".

On the down side however, the court held that DM

"had still acted unlawfully in providing internet users with the means to commit copyright infringement. Indeed, the Tribunal de Grande Instance considered that the success of Dailymotion’s website depended upon the broadcast of famous works because, according to the judge, these works captured larger audiences and ensured greater advertising revenues. Moreover, the court specified that even if there is no general obligation for hosting providers to actively seek out illegal activities, this limitation does not apply where these activities are created or induced by the provider."

The Bird and Bird report also suggests the court found that DM were "necessarily aware" of the copyright infringing material on their site.

As a result the court appears to have found that DM should have exerted prior restraint on giving access to copyright infringing works - in other words, installed effective filtering tools. Since they had not, they were liable. DM has appealed.

Pangloss sez

The Bird and Bird commentaries by (one asumes) French lawyers, suggest that the two cases are incompatible. This is formally true, in that MySpace were found to be a publisher, while DM was, it seems , not.

However from a UK/ECD perspective the two cases can be seen as pretty much on all fours at least as relating to liability and immunity. ECD Art 14 immunity from civil law liability requires three elements

• being a host
• not having actual notice (or taking down on receiving such notice)
• not having constructive notice (awareness of fact and circumstances such that they should have known copyright infringement was going on)(or take down as above)
  

Whether this analysis makes Daily Motion and MySpace "hosts", who nonetheless fail to gain immunity because of having constructive notice; or not hosts at all, but "publishers" , seems to Pangloss to not be of the essence (though no doubt the French do not feel that way).

The real and very exciting or worrying aspects of the case (depending on whether you are a content industry maven or a web 2.0 entrepeneur) are two fold.

First, these are judgments on the interpretation of a transposition of Art 14 of the ECD which seem to indicate (as Pangloss has suspected for some while) that a European court - perhaps even a UK court - would take one look at the My Space/You Tube etc business model, and fail to apply hosting immunity to them.

It seems more and more unreasonable that these sites' business model should be built around content much of which is clearly known to be infringing, and that they nonetheless escape all liability because that content was provided by third parties. This model was reasonable when applied to ISPs in the old days, who genuinely had little or no financial interest in what their users stuck on their server as long as it wasn't virus-ridden - it is not when applied to Web 2.0 and the user generated content business model.

Since these sites undoubtedly do perform a function as Internet hosts (tho quare how significant the streaming vs downloading model is here) a court thinking as above has to find a way to disapply the hosting immunity. And that way is via constructive knowledge - "they should have known".

Second and perhaps even more important, is the suggestion of the Dailymotion court that DM's knowledge or awareness was such that anti-infringement filters should have been installed.

This is now becoming familar as a remedy that has been ordered in P2P infringement cases: in the US in the Grokster case, and in Australia in the Kazaa case. But as many commentators have noted, in Europe, it seems to fly in the face of the ECD Art 15 injunction that service providers (including hosts and ISPs) cannot have obligations of prior active monitoring imposed on them.

The Dailymotion court was not unaware of this : the Bird and Bird report says that

"the court specified that even if there is no general obligation for hosting providers to actively seek out illegal activities, this limitation does not apply where these activities are created or induced by the provider." [Pangloss's bold added]

Leaving aside translational coincidences, this also has a ring of familiarity. In Grokster, the US Supreme Court, unlike the Court of Appeals, decided effectively that a Sony defense of "capable of substantial non infringing use" , even where there was no actual knowledge of infringement by the site, could not stand as a complete defence where there was out and out inducement of copyright infringement by the site. Thus Grokster was eventually found liable.

So where does this leave us in the UK? Interestingly, Art 15 was never transposed into UK law. This leaves it potentially even more open to the UK courts to come up with a formulation such as the French court did in Dailymotion. That leaves the normative question : should a finding of constructive knowledge also entitle a court to run against the clear words of the ECD in Article 15?

Clearly copyright owners would rather have proactive filtering than retrospect damages. But they want something even more: a share of the cake. The whole argument may thus soon become moot. As heavily covered on this blog, perhaps the technologically leading web 2.0 site, You Tube, has finally rolled its out long awaited copyright content filtering solution, Video Identification (RIP Claim Your Content?)

Instead of suing You Tube, or endlessly issuing take down notices, copyright owners can now ask YT to put their works onto its proactive filter database, or better still, leave its copyright content available on the YT site, but ask for a share of the revenue from the ads surrounding it.

The possible demise of Art 15 leaves other worries however. The UK government has been dropping hints hither and thither about imposing general obligations on ISPs in the UK to filter out everything from child porn, to terrorist material, to P2P traffic. If Art 15 is to be interpreted out of existence - or quietly ignored - there will be nothing to stop this. And although Google and You Tube may have come up with a tentative solution which may work for them (it is not yet tested) , there is no real evidence that rolling out large scale filters at ISP level is either technically feasible, or constitutionally desirable.

Let's face it, the law on hosting liability, as Trev Callaghan of Google put in the summer, is simply broken. It is time to reconsider everything in the upcoming review of the ECD.

In fact I very much doubt we will see a root and branch re-analysis. But that is clearly what is needed if Web 2.0 is not to entirely founder in Europe.

These Newfangled Tubes of Yours

Or, posting from my sick bed, YET AGAIN. Grumf.

Colleagues have recently brought to my attention this delightful video which is a parody by some colonial types of the case Donoghue v Stevenson put to the backing of the Police's Message in a Bottle (a popular beat combo, m'lud.)

Which inspired thoughts elsewhere of what other famous cases could be set to songs. Bolam v Friern Hospital, eg, could be set to "Doctor, Doctor" by the Thompson Twins. And the Microsoft anti-competition case could rather roughly be transcribed as "I Want My MTV",

Any better suggestions?

GeekLawyerEss

UK Linking Site Closed Down

An interesting if rather sketchy report from The Guardian that UK-based TV Links site has been closed down after a raid by a combination of Trading Standards officials, Gloucester police and FACT (Federation Against Copyright Theft). The question is what were the grounds? The report says merely that

""Sites such as TV Links contribute to and profit from copyright infringement by identifying, posting, organising, and indexing links to infringing content found on the internet that users can then view on demand by visiting these illegal sites," said a spokesman for Fact. "

The case is interesting because TV Links site is an ordinary website giving links to content which constituted (in some cases) infringing copies of copyright works eg Dr Who, Buffy et al. The site is not a host nor is it obviously "inciting" or "inducing" users to infringe as say Kazaa/Grokster did. It could be argued in fact that it does little more than what Google routinely does - makes links available to infringing copies and leaves the user to decide what to do next.

The most obvious ground of copyright infringement would be authorisation of infringement under s 16(2) of the CDPA 88 - but the UK courts have not been entirely keen on expanding the interpretation of this phrase - see CBS v Amstrad ([1988] 2 All ER 484 . The nearest we have in UK case law is the very early discussion of a link made by one newspaper (Shetland News) to another's headline stories (Shetland Times) which were "passed off" as its own - but even that case only reached the stage of interim interdict (Injunction for you Southerners :) and was based on law about cable progranmmes which has since been amended.

Interestingly also, the E Commerce Directive does NOT currently exempt even "innocent" sites from liability for hyperlinking - an issue which was raised but left unchanged in a UK DTI review a year or so back. The issue may be reconsidered during the upcoming revision of the ECD. Of course it might well be claimed that a site like TV LInks had at least constructive if not actual notice that it was linking to infringing material .

Another interesting point is that some of the materials linked to - British BBC TV progs of recent vintage, like Dr Who - are probably freely available under the new BBC iPlayer distribiution scheme. Is there not something inconsistent in terms of policy, if not law, in encouraging viewers to download copies by one legal means, but raid and close down other parties who provide the same material in a more user friendly (ie not DRM-locked) form?

Of course it is possible the raid was conducted under criminal law grounds other than copyright law at all. One suggestion Pangloss has heard is that there may have been money laundering offences attached to organised crime involved. It would be good to hear more details on this case soon. (It has considerable implications for the UK liability of BitTOrrent torrent sites as well.)

EDIT: the Guardian, clearly pleased with their scoop, has already blogged it : http://blogs.guardian.co.uk/technology/2007/10/20/tv_links_shut_down_for_linking_.html

EDIT 2: and the beat goes on.. a lovely example of the Internet routing around "damage" - http://tvteddy.blogspot.com/2007/10/tv-links-replacements.html .

While others take flight driven by the uncertainty of the legal liability for linking - http://uk.techcrunch.com/2007/10/21/testcardtv-taken-down-as-police-swoop-on-tv-links/

IPKat also now has comment. AS does FACT. And Struan Robertson of OUTLAW writing in the Register is as bemused as Pangloss is.
"We don't have a simple offence of facilitating infringement in the UK," he told us. "Though we do have offences concerned with distributing or offering infringing copies or communicating works to the public... to such an extent as to affect prejudicially the owner of the copyright. The maximum penalty is 10 years. However, I've never heard of links being characterised in this way in a British court."

EDIT THE FINAL: And then it turned out that they were actually being sued for trademark infringement!! Good grief.. Full coverage on Lex Ferenda, Technollama et al.

ILAWS launch

ILAWS is now duely launched, and even hads a fair wind, appropriate metaphors for a maritime city like Suthampton; we broke bubbly on its virtual hull, courtesy of our very generous sponsors Thomas Eggar, after hearing a marvellous lecture from the indomitable Chris Reed on "Doing Business Online" which managed to combine invaluable practical advice (eg don't change planes at New York airport if you're running an online gambling firm) with serious academic speculation (will on-line virtual worlds be governed wholly by contracts imposed by the world-owners or will the evolving norms of the communities that live here have to have a say too?)

A podcast will be up soon on the ILAWS and TE sites.

Thanks go to Chris and Thomas Eggar of course, but also to the many people who helped within the law school, including my colleagues in ILAWS Caroline Wilson and Stephen Saxby, and to those who came to form an enthusiastic audience. I hope ILAWS can work with some of you in the future.

Reports already up at

http://electromate.blogspot.com/2007/10/ilaws-southampton.html
https://www.blogger.com/comment.g?blogID=8802856&postID=1059604499228390161


Meanwhile as a result of Googling ILAWS reports, Pangloss has discovered a UK law blog aggreagator called Infolaw - how handy! - at http://www.infolaw.co.uk/lawfeeder/allfeeds.asp?lwfct=Information+Technology.

I Knew Him Before he Was Famous :)

I've known Charlie Stross for around twenty mumble years, back since he lived in Leeds, was resolutely trying to start a writing career, and trying to sell short stories in the pub to my then boyfriend.

Nowadays he lives in Edinburgh, is a multi award winning prolific sf novelist and gets reported in evangelical tones in Boing Boing like this.

Wow time flies :)

I now have to admit publicly that I've never actually read any of Charlie's novels - hard post-Singularity sf is not quite my thing - but this one looks so relevant to some of my current lines of research that I may have to read it just to use as a class text :)

Post GikII sensible service resumes shortly!

ILAWS launch, October 17 2007

The official press release!!

If anyone reading is in the area, or fancies coming out to quaint ol Hants do register as described below - or email me if you'd like a pesonalised invite :) There will be free drink!

Investigating the internet’s impact on business

The role of the internet in today's business world and the creation of new business models, in particular the impact of websites such as Facebook, are explored at the launch of the University of Southampton’s Institute for Law and the Web at Southampton (ILAWS) Annual Lecture.

Professor Chris Reed, Chair of Electronic Commerce Law at Queen Mary College London, will give the inaugural lecture ‘Doing business online—how to avoid the legal pitfalls’ at the Turner Sims Concert Hall on Wednesday 17 October at 6pm.

The lecture marks the start of innovative new partnership between the University and Thomas Eggar LLP, a leading law firm in the South.

The School of Law at the University of Southampton founded ILAWS in 2006 to explore the legal issues and opportunities associated with the internet, the web and digital technology.

ILAWS is a unique interdisciplinary research centre that combines legal expertise in key areas such as information technology law, e-commerce, IT law and public policy, and intellectual property law. The Institute looks at the crucial current issues for commerce and government, alongside cutting-edge ‘future-gazing’ to discover what the legal issues of the future will be.

Quote

To register your place at this free event, please visit

www.thomaseggar.com/ilaws or

email simon.bomford@thomaseggar.com

For further information on the work of ILAWS please visit: www.soton.ac.uk/ilaws

Chieftain of the Pudding race

Via Thomas Otter

The strangest business model yet - get telephone calls for free if people can listen in and append ads.

"There's a new Skype competitor, dubbed ThePudding, on the Web. And ThePudding is completely free*. All you have to do is agree to let Pudding Media listen in on your calls. To compensate users for the breach of privacy, the company claims, "ThePudding uses breakthrough technology that makes your conversations fun and interesting." In other words, anyone using ThePudding will be served contextual ads based upon topics overheard in your conversation! "

Both Thomas and Pangloss agree that it may be legal, but wow, it's just damn weird. In some ways, it's just Gmail for phones - people already seem moderately happy with a model of free email storage in return for content of emials being scanned and ads appended.
But telephone conversations are so much more personal and intimate that, well, Pangloss would not sign up.

We seem to be approaching the furthest limits of the "it's ok if consent given" privacy model here - a model which already seems in the web 2.0 context to be entirely broken.

GikII 2 ppts: I'm in your legal system eating your brain

The GikII 2 presentation powerpoints are now all up and available and there is some fabulous stuff there.

It would be impossible and invidious for the chair to pick the best paper, but it is worth mentioning what was surely the best powerpoint - namely Daithi Mac Sithigh, Trinity College Dublin: “I’m in ur tube blocking ur internets: The Politics, Perception and Parody of Network Neutrality Legislation” which invents a whole new genre of "LawL Cats" (c. L Edwards, 2007) and manages to do an amazing job of explaining the magnificently difficult topic of Net Neutrality in Europe using cat macros.



Line of the day : "I baked you a constitution, but I ated it".

Jordan Hatcher's exegesis on “Drawing in Permanent Ink: A Look at Copyright Law and Tattoos”, has already been picked up by Boing-Boing .

I'd also recommend looking for sheer novelty and unexploredness around

- my colleague Caroline Wilson of Southampton's future gaze into 5-sense virtual worlds and how trademark law might deal with protecting smells, tastes and feelings;“Trade mark Law in an online future – coming to its senses?”

- Thomas Otter's thoughtful consideration of how in the rush to Web 2.0 the issues of accessibility are. as usual , being left way behind - “Web 2.0 and Accessibility”

- and Judith Rauhofer of UCLAN's fascinating linking of the risk-averse society of late modernity we now live in and the dangerous calculus that is emerging between security,

privacy and risk ; UCLAN, "Privacy is dead – get over it: Art. 8 and the dream of a risk-free society" .

Dawkins v You Tube and the World

More trouble with You Tube and the DMCA.

Let's see if we can get this one straight.

Dawkinsites ("Rational Response Squad") post videos anti-creationism on You Tube.

Creationists get said Videos taken down by claiming NTD - that said vids contained their copyright material.

Dawkinsites plead fair use to no avail.

You Tube pull Dawkinsites YT account for making repeated complaints (says Wired).

Wow, I'm glad I'm not YT's Press agents ..

This is a good example though of why You Tube's much awaited Claim Your Copyright technology will NOT solve all problems relating to copyright and NTD - specificially where fair use, fair comment, freedom of expression etc are involced.

Whither the public domain and critical journalism in a world of fully water marked and automated copyright-material takedown?

Web 3,0 arise

Via Rowena Rodrigues' e-identity blog - a very interesting piece bringing together some thoughts on web 2.0, the semantic Web , social software (not just social networking software) and a possible new approach for defining web 3.0 (or web thingy as Chris Reed has now famously christened it).

"For those of you who don't like terms like Web 2.0, and Web 3.0, I also want to mention that I agree --- we all want to avoid a rapid series of such labels or an arms-race of companies claiming to be > x.0. So I have a practical proposal: Let's use these terms to index decades since the Web began. This is objective -- we can all agree on when decades begin and end, and if we look at history each decade is characterized by various trends. I think this is reasonable proposal and actually useful (and also avoids endless new x.0's being announced every year). Web 1.0 was therefore the first decade of the Web: 1990 - 2000. Web 2.0 is the second decade, 2000 - 2010. Web 3.0 is the coming third decade, 2010 - 2020 and so on. Each of these decades is (or will be) characterized by particular technology movements, themes and trends."

A Manifesto for Inertia in a Web 2.0 World

After three days of running conferences, firstly the SCL/Herbert Smith sponsored "Law 2.0" event, and then the glorious GikII, I am currently too braindead to do much other than stare into space, vaguely respond to my stacked up email, and make virtual glub glub goldfish noises (coming soon, no doubt, to a Facebook app near you.)

Many thanks to all involved in speaking, participating, watching ,asking questions and administering ; you were all magnificent. More thoughts may follow.

In the meantime however, I have been deputised by the ever-wonderful Chris Reed of Queen Mary to publish the below on his behalf, as he has no blawg of his own. (During the course of a discussion on Tuesday, Chris opined that he does not blog, not as any normal person might have expected, because he is too busy, but because he thinks he can influence policy better by fully formed argument in articles and books, than by hasty scribbles on a blog. Probably right. I personally blog as I said, both to organise the legal information deluge to my own advantage (instant tagging, summary and first critical thoughts, to be come back to later) - and because it's a great way to get in touch with interesting people, have fun, and incidentally build a reputation :)

Take it away, Chris.

"A MANIFESTO FOR RADICAL INACTION

To: All those concerned with the regulation of Web 2.0 who know enough
to know that they know nothing.

1. When, as they will, politicians take up the cry of commentators that "This is awful. Something must be done!" we must resist them to our last breath. Laws about the internet made this way have consistently failed to achieve their aims and produced unintended, unfavourable consequences. It always ends in tears.

2. For the time being we must preserve the liberties of online intermediaries so that Web 2.0 can continue to evolve. One day we will understand what responsibilities they can fairly be asked to shoulder. Meanwhile we must muddle along, extending and adapting our current laws to new problems as best we can. If something really must be done, we should question and question again until satisfied that it will not do more harm than good.

3. So far as we are able, we must divert lawmakers into fixing problems that we at least vaguely understand. The most pressing of these are online privacy and intellectual property rights in the new Web 2.0 creations. Fortunately both these require years of international negotiation, which will give us time to identify the best solutions.

We owe it to the future to prevent the mistakes of the past. Aux armes
Netoyens!"

Comments, questions? :-)

EDIT: Rowena Rodrigues has created a neat back-of-a-credit-card version of Reed's Rules here.

"1. LEGISLATE NOT IN HASTE, NOR GET CARRIED AWAY BY THOSE THAT KNOW NOT WHAT TO DO (BUT LIKE TO PRETEND THEY DO!)

2. LET WEB 2.0 BLOSSOM

3. WHAT (LAW THERE) IS, MUST BE EXTENDED AND APPLIED.

4. AND WHILE WE FIGURE OUT THE BEST SOLUTION, IP AND PRIVACY MUST TAKE CENTRESTAGE!"


Ps other comments on legal blogging from the participants of the SCL Law 2.0 blogging debate :

- "Just say no."
- "Choose life."
- "I can't believe how obsessed you guys are with your Technorati ratings. I don't even know what mine is." - me
- "..Oh, you're about, maybe, no 40..?" (Technollama)
- "Since I started blogging my sex life has ended". (Anon , but see above.)
- "I don't know what you guys are complaining about, I got laid by blogging!" (GeekLawyer - naturellement).

Don't let this put you off , guys and gals..!

Facebook and privacy returns

Facebook are opening up their site to being Google-searchable. Hark! I hear a million privacy activists screaming.

But wait - they're actually doing it RIGHT.

a. They're only allowing name and profile pictures to appear in search results - not all the rest which tends to include highly personal material.

b. everyone appears to be getting prominent notice IN ADVANCE that they can opt out of their info being released onto Google

c. most impressively, if like me (and I imagine rather rarely) you'd already opted to "hide" on facebook, ie, not be searchable by name in their listing, you are automatically opted out of the Google release.

This appeared at the top of my FB profile this morning:

"Facebook now enables anyone to search for Facebook users who have public search listings from our Welcome page. In a few weeks we will allow users to make these public search listings visible to search engines like Google. Public Search Listings only include names and profile pictures.

Because you have restricted your search privacy settings your public search listing will not be shown. If you want friends who are not yet on Facebook to be able to search for you by name, you can change your settings on the Search Privacy page.

No privacy rules are changing; if you do choose to make this public search listing available, anyone who discovers your public search listing must sign up and login to contact you via Facebook. "

This strikes me as for once a good example of how privacy on line in web 2.0 ought to be handled - congrats to FB.

You could argue that a site like FB should not open itself to Google at all (in the interests of default privacy, etc etc) but the fact is that sites like Spock.com are already begining to scrape social networking sites like FB and make the data they contain searchable with no user opt-out or notice, and dubious supervision - so this at least pre-empts such attention, and gives the user some control.

It's also interesting that this is a case of the market dovetailing with privacy-enhancing code. FB WANT you to sign up for FB and go to their site to read that highly personal stuff - not read it on Google away from their adverts and apps (or on Spock.com).

LiveJournal, by comparison, an open source blogging site normally regarded as fairly privacy conscious, don't care (much) about ads (they make money from paid subs and are run by volunteers), so they also don't stop you allowing spiders to grab your whole blog. User choice prevails and as we all know by now, user choice when the default is no privacy, usually means disclosure by inertia. (You can opt out of spiders on LJ too, of course - but the option is distinctly not that obvious.)

My Brilliant Career :-P

Pangloss has been a bit lax in not indicating that the programme for GikII 2 is now up. It is very packed and should be very fun.

Similarly the provisional programme for the adjoining SCL/Herbert Smith Law 2.0 workshop is also up.

Both these events are now pretty much full, but if you are so inclined it may be possible to squeeze in.

We now return to our scheduled last 3 days of holiday:-)

AllOfMP3.com not Illegal- Official! (but do we care?)

This seems sufficiently remarkable to record without comment:

"A Russian court found the former boss of music download Web site www.allofmp3.com not guilty of breaching copyright on Wednesday in a case considered a crucial test of Russia's commitment to fighting piracy.

The allofmp3.com Web site angered Western music companies by undercutting the price of downloads in deals they said breached copyright law.

"The prosecution did not succeed in presenting persuasive evidence of his involvement in infringing copyright law," said judge Yekaterina Sharapova.

..

Kvasov [owner of AllOFMP3.com} always said he was within the law because the site paid part of its income to ROMS, a Russian organisation which collects and distributes fees for copyright holders.

The judge agreed with his defence.

"Everybody who uses soundtracks has to pay a certain amount of their income to the rights holders and this company has done that," she said. "MediaServices has paid a certain amount of money to ROMS."

Any Russian copyright experts out there care to comment?

And how far if at all does this affect the liability of those who download tracks in the UK from AllOfMP3.com's successor site www.mp3sparks.com in Russia? Rome II, which was recently finalised, indicates that in a transnational tort, the governing law is "the law of the country in which the damage occurs or is likely to occur , irrespective of the country in which the event giving rise to the damage occurred" (Art 4) .

Unfortunately this relatively clear provision is not the one that applies - instead Art 8 provides that the governing law in the case of non-Community-wide IP rights is instead " the law of the Member State in which the act of infringement is committed". Which is um, as clear as mud. The recitals however confirm that this is intended to mean the traditional IP IPL standard of the lex loci protectionis. "Traditionally in Private international law, disputes concerning national IP rights are governed by the lex loci protectionis. That is the law of the country where protection is sought. Where there is an infringement, this law coincides which the law of the country where the acts of infringement were committed." (stolen from the helpful IP-Kat.) Pangloss is still uncertain what that means that if a work in which UK copyright exists (eg a Kaiser chiefs song) is downloaded from a Russian server to a UK PC. One assumes it means that if the case is raised in UK courts, UK copyright law is applied hence there is still an unauthorised copy made and hence infringement.

So despite this court case, the answer "oh it's OK but it's legal in Russia!" appears to remain somewhere between a red herring and a red rag to a BPI bull :)

Summer Survey Time!

My colleague Jordan Hatcher asks me to pass the below on..

"**New survey on open content licences**

==Use of open content licences by cultural heritage organisations==

The Eduserv Foundation is funding a study into the use of Creative
Archive, Creative Commons and similar open content licences by
cultural heritage organisations in the United Kingdom. The study is
being led by legal consultant Jordan Hatcher of
opencontentlawyer.com. The survey is available here:

https://www.surveymonkey.com/s.aspx?sm=L3x_2b1lQJxqu7KdfK587AeA_3d_3d

This survey is open to UK-based cultural heritage organisations such
as museums, libraries, galleries, archives, film and video
organisations, broadcasters, and other organisations that conduct
cultural heritage activities.

The goal of this study is to provide information on the actual use of
Creative Archive, Creative Commons, and similar licences. This
information will be useful to decision makers and interested
professionals in the cultural heritage sector, and for local and
national government and the HE and FE sector. The study will be
conducted from now through to the middle of September and a report
will be made available in October.

If you are a member of a cultural heritage organisation, whether or
not you currently use Creative Commons or Creative Archive licences
(or even know what they are!), your participation is needed to make
this study a success.

Again, the survey is available at:
https://www.surveymonkey.com/s.aspx?sm=L3x_2b1lQJxqu7KdfK587AeA_3d_3d"

HL Report on Personal Internet Security

Pangloss is on holiday at the Edinburgh festival and will be for a bit to come (feckless academics I hear you murmur) but is breaking radio silence to announce that the above much-awaited report is out.

Analysis to follow but right now you can see what my mate Ian says over on Blogzilla. As Ian notes, the Report's proposals seem to point along the lines that academics including myself have been suggesting for some while eg increased responsibilities to implement and encourage security on the Internet on inter alia banks, software writers and ISPs, with the aim of creating a shared "security commons". Encouraging stuff.