Sunday, December 23, 2007

Happy festive dispute-season and a litigational new year..

.. well what DO you wish a bunch of IT lawyers for Xmas?? World peace? An end to spam, malware and windows Vista? But then what would we do for a job??

Panglos is back from Beijing and Thailand but has not yet had time to clear all the yuan and bhat out of her purse, let alone absorb the apparently daily accounts of government departments giving personal data away with ten free gallons of petrol plus Green Shield Stamps.

Meanwhile, exposure to the street markets of Beijing, Bangkok and Phuket has persuaded her that any attempt to assert globalised IP rights against Asia ls a lost cause. Pirate DVDS of every quality from perfect to dodgy sold for c 50-70 baht - less than a pound - including Futurama, not yet out in the UK, and The Golden compass, not yet out on DVD legally ANYWHERE, yet possesed of utterly convincing cover artwork and copy.. Pangloss may have purchased some of these but only with which to thrill her classes, nota bene. Meanwhile knock off designer goods are so commonplace that frankly I came back covetous more of a Tescos set of napkins than a Gucci handbag. Dilution? Yes, I am very diluted:)

Serious Content will resume after Xmas.

In the meantime , have two nice images for the season.

One, a postgraduate class on cybersecurity I taught at the Beijing University of Telecommunications, in English, without translator (only days after producing a report accusing China of being the main player in cyber-terrorism :-). The class, all Mandarin-speaking, were attentive and excited and asked incisive questions. No developing country lag at all there. When we tried to look up something on Wikipedia and found it blocked by the Great Firewall, a student lackadaisically simply punched in a proxy server address. Censorship? What censorship?



Secondly, yesterday I was proud to attend the wedding of my PhD`student Rowena Rodrigues, herself an IT law blogger. Congratulations to Rowena and Jovito, and I hope for a long and happy marriage and bouncing baby PhD thesis in the years to come!

Sunday, December 02, 2007

MI5 warn of chinese hacking theat too

Only a day after the McAfee report warned of the possibility of Chinese hackers attacking states around the world including the UK, MI5 has, unconnectedly, sent out a confidential letter warning of exactly that. the Chinese embassy has of course denied the allegations - just as they did in response to the original report.

More over at Blogzilla.

And Pangloss goes to China Tuesday to give a paper entitled "Chinese zombies or Japanese worms? What can the law do about cyber-security?". Synchronicitous times..

Meanwhile on the domestic security front, fall out from the great child benefit disc scandal continues. Contactpoint, the database to combine data on most the country's children for multi-agency communication purposes , has been put on hold for five months.

Shadow Children’s Minister Maria Miller said: "The government should also use this opportunity to see whether it really is necessary to have a database for every single child in the country, accessible to 330,000 people, given the significant amount of concern that this could overload the system and lead to a dumbing down of information.

Pangloss just turned in a somewhat critical chapter on Contactpoint for a book on social work, privacy and confidentiality; perhaps by the time it is printed it will already be a dead letter?

First, Contactpoint: next the ID Database? Watch this space.

Thursday, November 29, 2007

Macafee VCR 2007

No, not VCR as in video recorder (how lo tech!) but Macafee Virtual Criminology Report 2007. (Pronounced MAC-afee. I've been getting that wrong all day, while doing 17, count em, SEVENTEEN radio interviews!) And available in English, French, Spanish, German and Italian no less.

Anyway Ian Brown of Blogzilla and myself are happy to announce the launch of a bouncing ten pound report, on a whole loada stuff including the rise of cyber-terrorism since the Estonia attacks in April; the evolving shape of malware and the cut-price cyber-market for phishing, spamming and DDOS tools, complete with customer service and on-line tutorials for budding young Russian mafiosi ; the legality of the exploit market, white and black; and, as they say, much much more..

Producing this has been a real interesting experience. I got to interview some very intriguing people, like Sharon Lemon at E-Crime in SOCA, David Vaile at AUSTLII and andrea Matwyshwn at Wharton/Penn, and security experts at places like iDefense and Carnegie Mellon Japan. I learnt an awful lot. I also got an insight into corporate politics and the PR industry which has DEFINITELY been an eye opener :-)

So have a look. You have to fill in a registration form to download unfortunately, but I'm sure you're all quite capable of unticking boxes as relevant :-p

EDIT: Hmm. China not happy. Pangloss goes to Beijing Tuesday. Pangloss not entirely happy :-)

Sunday, November 25, 2007

Post Childbenefitgate - Facebook is still bad for your wealth

While the world continues to fail to comprehend how a government could casually lose the personal data of half its population by putting a DISC in the POST , my colleague Ian Brown (Blogzilla) is right to note that personal data is still just as likely to be compromised by commercial actors as government departments. And we- especially the younger part of our population - just keep giving the stuff away.

In particular the ICO has just issued a warning about the dangers for youth of giving away personal data which might well be used for identity theft on sites like MySpace, Facebook, etc.

"As many as four and a half million* young people (71%) would not want a
college, university or potential employer to conduct an internet search on
them unless they could first remove content from social networking sites,
according to new research by the Information Commissioner’s Office (ICO).
But almost six in 10 have never considered that what they put online now
might be permanent and could be accessed years into the future.

The research findings are unveiled as the ICO launches a new website at
www.ico.gov.uk/youngpeople to help young people understand their
information rights. The first section contains tips and advice on safe social
networking.

As well as not thinking ahead before posting information on the web, the
survey of Britons aged 14-21** also revealed that youngsters’ online
behaviour is a gift to potential fraudsters. Two thirds (eight in 10 girls aged 16-
17) accept people they don’t know as ‘friends’ on social networking sites and
over half leave parts of their profile public specifically to attract new people.
More than seven in 10 are not concerned that their personal profile can be
viewed by strangers and 7% don’t think privacy settings are important and
actively want everyone to see their full profile. "


Meanwhile, back at governmental data leaks, it's worth noting that the ICO was hastily given "stop and search" powers by Gordon Brown to audit government departments dealing with personal data in the immediate wake of Childbenefitgate.

But this really just isn't good enough. We desperately need decent penalty powers for the ICO - the current enforcement notice procedure is simply not adequate - but more than that, we also need mandatory security breach notification, the very measure which was strongly recommended by the House of Lords Personal Internet Security Report, and then rejected by the Government only weeks ago as completely unnecessary. And Richard Thomas, quite rightly, is calling for security breaches of this magnitude to be made a criminal offense.

Tiffany v eBay

A tip off from WOIP blog that the long awaited suit by Tiffany's against eBay for trademark infringement - basically, stocking counterfeit Tiffany goods - is about to kick off.

http://woip.blogspot.com/2007/11/tiffany-versus-ebay.html

Given recent cases in France and Germany which have tentatively pointed towards a trend towards European judges not finding the EC E Commerce Directive Art 14 a complete defense for user generated content sites, this one could be very interesting :)

Sunday, November 11, 2007

Meanwhile..



Pangloss has bronchitis :((

But also an antibiotic so you can hold off on all those giant bouquets of roses..

In lieu of actual content, this , I have to say, does remind me of elements of modern academe..

Thursday, November 01, 2007

HL Report Takes Road to Nowhere

Along with most my colleagues in IT law, I was excited at the vision and comprehension shown by the HL Report on Personal Internet Security released in the summer.

Last week, the UK government basically rejected every recommendation on the ground that, well, there really wasn't a problem, and it would be a bit hard on industry to place regulatory burdens on them, wouldn't it?.

This really won't do. Even the Lords themselves are muttering about heads and sand.

Meanwhile Richard Clayton, who had a large amount of input into the report as Special Adviser is deeply unimpressed.

"The bottom line is that the Select Committee did some “out-of-the-box thinking” and came up with a number of proposals for measurement, for incentive alignment, and for bolstering law enforcement’s response to eCrime. The Government have settled for complacency, quibbling about the wording of the recommendations, and picking out a handful of the more minor recommendations to “note” to “consider” and to “keep under review”.

A whole series of missed opportunities."

New frontiers in spam..

Wonderful news from Bruce Schneier.


"Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.

The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.

By getting people to type in the text the spammers can take over the accounts and use them to send junk mail."


How utterly fab. How does it feel to be Pavlov's dog, oh slavering mankind? And do we girlies (and possibly gay men?) get naked pix of John Barrowman?

Next: we cut out the need for naked pix, by incorporating CAPCHA decryption into online Sudoku? Oh it's all just SOOO Philip K Dick!!

Bloodspell and the Rise of Machinima

Organized by the London Metropolitan Business School and the Open Rights Group, the world-first feature-length machinima, Bloodspell, will have a special showing in London on 22 November 2007. (starting at 5:15PM), followed by a panel of specialists addressing the issues that this new film genre encompasses.

Pangloss is chairing and speakers will include Andres Guadamuz (Technollama), Hugh Hancock and reps from the film and games industries.

The venue is the London Metropolitan University Graduate Centre (the Libeskind-designed building).

For those new to the topic, machinima, in very basic form, involves the use of software that has been designed to create computer games, to produce original films with their own script and narrative. The word “machinima” was coined some time ago by Hugh Hancock, who has also written and directed Bloodspell. The event will be started with Hugh introducing what machinima is and the story behind Bloodspell, followed by the film, panel discussion and free drink!.

There are more details at Electromate which also has the link to the facebook group where you can RSVP. Many thanks to the wonderful Fernando Barrio who is coordinating this event.

Wednesday, October 31, 2007

Back in the USSA

Interesting snippet from Computing Weekly

"The proposed sale of 3Com to Bain Capital Partners and China's Huawei Technologies has drawn the attention of U.S. lawmakers because it involves sensitive security technology.

Legislation has been introduced in the U.S. House of Representatives to block the acquisition of 3Com by Bain Capital Partners and affiliates of Huawei Technologies of China.

Earlier in October, the two companies entered into a definitive merger agreement that set a price of £1.1bn for 3Com."


What eez zees "sensitive security technology", you ask? Well Pangloss of course knows nothing, but one suggestion is that 3Com own Tipping Point - who happen to be one of a very select handful of companies in the world peddling a certain trade - they buy and sell zero day exploits - potentially disastrous software vulnerabilities.

And word on the street as it that the US has been a bit touchy about the idea of a company like that coming under potential Chinese state er influence - especially since the reports earlier this year of Chinese attacks on the Pentagon.

Nice to have a bit of gossip in with the cyberlaw huh?


Web 2.0 liability hits Europe - delete those borrowed cartoons fast, folks..

Rather more sensibly, via my dear colleague Judith Rauhofer.. interesting case reports of two summer French decisions on Web 2.0 liability, summarised by Bird and Bird in their EU IT law bulletin. I have been meaning to note these, so am indebted to both sources.

MySpace


In the first decision, on 22 June 2007, a French humorist successfully sued MySpace before the Paris first instance tribunal for infringement of his author’s rights and personality rights, as his name, image and some of his sketches were published on a MySpace webpage without his authorisation.

The court found that MySpace performed the role of an Internet host. However it also did other things: it provided "a presentation structure with frames, which is made available to its members" and significantly, it also "broadcasts advertising upon each visit of the webpage, from which it profits".

As a result MySpace did not benefit from the hosting immunity of the EC Electronic Commerce Directive, Art 14 , implemented in Article 6.I.2 of the French law “on Confidence in the Digital Economy” (dated 21st June 2004) . The French law provides that a hosting provider:

may not be held civilly liable for the activities or information stored at the request of a recipient of these services if they are effectively unaware of the illegal nature thereof or of the facts and circumstances revealing this illegality or if, as soon as they become aware of them, they have acted promptly to remove these data or make access to them impossible"

MySpace were however deemed not a host but a "publisher". Lacking immunity, MySpace were thus ordered to pay substantial damages.

Dailymotion

The second decision concerns Dailymotion, who appear to be a kind of You Tube equivalent site.

In April 2007, the director and the producer of a French film entitled “Joyeux Noel” sued Dailymotion on the ground of copyright infringement, because their film could be viewed on Dailymotion’s website.

In a decision dated 13 July 2007, the Tribunal de Grande Instance of Paris ruled that Dailymotion, although classed as a hosting provider, under the French law quoted above, was still liable for providing internet users with the means to commit copyright infringement.

On the plus side for Dailymotion, the court agreed that it was a hosting provider, and so in principle entitled to the immunity above. This was so even though it operated a commercial activity supported by advertising revenues - factors which had lead earlier French courts (as in the MySpace case, above) to declare sites like Dailymotion, not hosts , but "publishers".

On the down side however, the court held that DM

"had still acted unlawfully in providing internet users with the means to commit copyright infringement. Indeed, the Tribunal de Grande Instance considered that the success of Dailymotion’s website depended upon the broadcast of famous works because, according to the judge, these works captured larger audiences and ensured greater advertising revenues. Moreover, the court specified that even if there is no general obligation for hosting providers to actively seek out illegal activities, this limitation does not apply where these activities are created or induced by the provider."

The Bird and Bird report also suggests the court found that DM were "necessarily aware" of the copyright infringing material on their site.

As a result the court appears to have found that DM should have exerted prior restraint on giving access to copyright infringing works - in other words, installed effective filtering tools. Since they had not, they were liable. DM has appealed.


Pangloss sez

The Bird and Bird commentaries by (one asumes) French lawyers, suggest that the two cases are incompatible. This is formally true, in that MySpace were found to be a publisher, while DM was, it seems , not.

However from a UK/ECD perspective the two cases can be seen as pretty much on all fours at least as relating to liability and immunity. ECD Art 14 immunity from civil law liability requires three elements
  • being a host
  • not having actual notice (or taking down on receiving such notice)
  • not having constructive notice (awareness of fact and circumstances such that they should have known copyright infringement was going on)(or take down as above)
Whether this analysis makes Daily Motion and MySpace "hosts", who nonetheless fail to gain immunity because of having constructive notice; or not hosts at all, but "publishers" , seems to Pangloss to not be of the essence (though no doubt the French do not feel that way).

The real and very exciting or worrying aspects of the case (depending on whether you are a content industry maven or a web 2.0 entrepeneur) are two fold.

First, these are judgments on the interpretation of a transposition of Art 14 of the ECD which seem to indicate (as Pangloss has suspected for some while) that a European court - perhaps even a UK court - would take one look at the My Space/You Tube etc business model, and fail to apply hosting immunity to them.

It seems more and more unreasonable that these sites' business model should be built around content much of which is clearly known to be infringing, and that they nonetheless escape all liability because that content was provided by third parties. This model was reasonable when applied to ISPs in the old days, who genuinely had little or no financial interest in what their users stuck on their server as long as it wasn't virus-ridden - it is not when applied to Web 2.0 and the user generated content business model.

Since these sites undoubtedly do perform a function as Internet hosts (tho quare how significant the streaming vs downloading model is here) a court thinking as above has to find a way to disapply the hosting immunity. And that way is via constructive knowledge - "they should have known".

Second and perhaps even more important, is the suggestion of the Dailymotion court that DM's knowledge or awareness was such that anti-infringement filters should have been installed.

This is now becoming familar as a remedy that has been ordered in P2P infringement cases: in the US in the Grokster case, and in Australia in the Kazaa case. But as many commentators have noted, in Europe, it seems to fly in the face of the ECD Art 15 injunction that service providers (including hosts and ISPs) cannot have obligations of prior active monitoring imposed on them.

The Dailymotion court was not unaware of this : the Bird and Bird report says that

"the court specified that even if there is no general obligation for hosting providers to actively seek out illegal activities, this limitation does not apply where these activities are created or induced by the provider." [Pangloss's bold added]

Leaving aside translational coincidences, this also has a ring of familiarity. In Grokster, the US Supreme Court, unlike the Court of Appeals, decided effectively that a Sony defense of "capable of substantial non infringing use" , even where there was no actual knowledge of infringement by the site, could not stand as a complete defence where there was out and out inducement of copyright infringement by the site. Thus Grokster was eventually found liable.

So where does this leave us in the UK? Interestingly, Art 15 was never transposed into UK law. This leaves it potentially even more open to the UK courts to come up with a formulation such as the French court did in Dailymotion. That leaves the normative question : should a finding of constructive knowledge also entitle a court to run against the clear words of the ECD in Article 15?

Clearly copyright owners would rather have proactive filtering than retrospect damages. But they want something even more: a share of the cake. The whole argument may thus soon become moot. As heavily covered on this blog, perhaps the technologically leading web 2.0 site, You Tube, has finally rolled its out long awaited copyright content filtering solution, Video Identification (RIP Claim Your Content?)

Instead of suing You Tube, or endlessly issuing take down notices, copyright owners can now ask YT to put their works onto its proactive filter database, or better still, leave its copyright content available on the YT site, but ask for a share of the revenue from the ads surrounding it.

The possible demise of Art 15 leaves other worries however. The UK government has been dropping hints hither and thither about imposing general obligations on ISPs in the UK to filter out everything from child porn, to terrorist material, to P2P traffic. If Art 15 is to be interpreted out of existence - or quietly ignored - there will be nothing to stop this. And although Google and You Tube may have come up with a tentative solution which may work for them (it is not yet tested) , there is no real evidence that rolling out large scale filters at ISP level is either technically feasible, or constitutionally desirable.

Let's face it, the law on hosting liability, as Trev Callaghan of Google put in the summer, is simply broken. It is time to reconsider everything in the upcoming review of the ECD.

In fact I very much doubt we will see a root and branch re-analysis. But that is clearly what is needed if Web 2.0 is not to entirely founder in Europe.

These Newfangled Tubes of Yours

Or, posting from my sick bed, YET AGAIN. Grumf.

Colleagues have recently brought to my attention this delightful video which is a parody by some colonial types of the case Donoghue v Stevenson put to the backing of the Police's Message in a Bottle (a popular beat combo, m'lud.)

Which inspired thoughts elsewhere of what other famous cases could be set to songs. Bolam v Friern Hospital, eg, could be set to "Doctor, Doctor" by the Thompson Twins. And the Microsoft anti-competition case could rather roughly be transcribed as "I Want My MTV",

Any better suggestions?

GeekLawyerEss

Monday, October 22, 2007

UK Linking Site Closed Down

An interesting if rather sketchy report from The Guardian that UK-based TV Links site has been closed down after a raid by a combination of Trading Standards officials, Gloucester police and FACT (Federation Against Copyright Theft). The question is what were the grounds? The report says merely that

""Sites such as TV Links contribute to and profit from copyright infringement by identifying, posting, organising, and indexing links to infringing content found on the internet that users can then view on demand by visiting these illegal sites," said a spokesman for Fact. "

The case is interesting because TV Links site is an ordinary website giving links to content which constituted (in some cases) infringing copies of copyright works eg Dr Who, Buffy et al. The site is not a host nor is it obviously "inciting" or "inducing" users to infringe as say Kazaa/Grokster did. It could be argued in fact that it does little more than what Google routinely does - makes links available to infringing copies and leaves the user to decide what to do next.

The most obvious ground of copyright infringement would be authorisation of infringement under s 16(2) of the CDPA 88 - but the UK courts have not been entirely keen on expanding the interpretation of this phrase - see CBS v Amstrad ([1988] 2 All ER 484 . The nearest we have in UK case law is the very early discussion of a link made by one newspaper (Shetland News) to another's headline stories (Shetland Times) which were "passed off" as its own - but even that case only reached the stage of interim interdict (Injunction for you Southerners :) and was based on law about cable progranmmes which has since been amended.

Interestingly also, the E Commerce Directive does NOT currently exempt even "innocent" sites from liability for hyperlinking - an issue which was raised but left unchanged in a UK DTI review a year or so back. The issue may be reconsidered during the upcoming revision of the ECD. Of course it might well be claimed that a site like TV LInks had at least constructive if not actual notice that it was linking to infringing material .

Another interesting point is that some of the materials linked to - British BBC TV progs of recent vintage, like Dr Who - are probably freely available under the new BBC iPlayer distribiution scheme. Is there not something inconsistent in terms of policy, if not law, in encouraging viewers to download copies by one legal means, but raid and close down other parties who provide the same material in a more user friendly (ie not DRM-locked) form?

Of course it is possible the raid was conducted under criminal law grounds other than copyright law at all. One suggestion Pangloss has heard is that there may have been money laundering offences attached to organised crime involved. It would be good to hear more details on this case soon. (It has considerable implications for the UK liability of BitTOrrent torrent sites as well.)

EDIT: the Guardian, clearly pleased with their scoop, has already blogged it : http://blogs.guardian.co.uk/technology/2007/10/20/tv_links_shut_down_for_linking_.html

EDIT 2: and the beat goes on.. a lovely example of the Internet routing around "damage" - http://tvteddy.blogspot.com/2007/10/tv-links-replacements.html .

While others take flight driven by the uncertainty of the legal liability for linking - http://uk.techcrunch.com/2007/10/21/testcardtv-taken-down-as-police-swoop-on-tv-links/

IPKat also now has comment. AS does FACT. And Struan Robertson of OUTLAW writing in the Register is as bemused as Pangloss is.
"We don't have a simple offence of facilitating infringement in the UK," he told us. "Though we do have offences concerned with distributing or offering infringing copies or communicating works to the public... to such an extent as to affect prejudicially the owner of the copyright. The maximum penalty is 10 years. However, I've never heard of links being characterised in this way in a British court."

EDIT THE FINAL: And then it turned out that they were actually being sued for trademark infringement!! Good grief.. Full coverage on Lex Ferenda, Technollama et al.

Thursday, October 18, 2007

ILAWS launch

ILAWS is now duely launched, and even hads a fair wind, appropriate metaphors for a maritime city like Suthampton; we broke bubbly on its virtual hull, courtesy of our very generous sponsors Thomas Eggar, after hearing a marvellous lecture from the indomitable Chris Reed on "Doing Business Online" which managed to combine invaluable practical advice (eg don't change planes at New York airport if you're running an online gambling firm) with serious academic speculation (will on-line virtual worlds be governed wholly by contracts imposed by the world-owners or will the evolving norms of the communities that live here have to have a say too?)

A podcast will be up soon on the ILAWS and TE sites.

Thanks go to Chris and Thomas Eggar of course, but also to the many people who helped within the law school, including my colleagues in ILAWS Caroline Wilson and Stephen Saxby, and to those who came to form an enthusiastic audience. I hope ILAWS can work with some of you in the future.

Reports already up at

http://electromate.blogspot.com/2007/10/ilaws-southampton.html
https://www.blogger.com/comment.g?blogID=8802856&postID=1059604499228390161


Meanwhile as a result of Googling ILAWS reports, Pangloss has discovered a UK law blog aggreagator called Infolaw - how handy! - at http://www.infolaw.co.uk/lawfeeder/allfeeds.asp?lwfct=Information+Technology.

Tuesday, October 02, 2007

I Knew Him Before he Was Famous :)

I've known Charlie Stross for around twenty mumble years, back since he lived in Leeds, was resolutely trying to start a writing career, and trying to sell short stories in the pub to my then boyfriend.

Nowadays he lives in Edinburgh, is a multi award winning prolific sf novelist and gets reported in evangelical tones in Boing Boing like this.

Wow time flies :)

I now have to admit publicly that I've never actually read any of Charlie's novels - hard post-Singularity sf is not quite my thing - but this one looks so relevant to some of my current lines of research that I may have to read it just to use as a class text :)

Post GikII sensible service resumes shortly!

Wednesday, September 26, 2007

ILAWS launch, October 17 2007

The official press release!!

If anyone reading is in the area, or fancies coming out to quaint ol Hants do register as described below - or email me if you'd like a pesonalised invite :) There will be free drink!

Investigating the internet’s impact on business


The role of the internet in today's business world and the creation of new business models, in particular the impact of websites such as Facebook, are explored at the launch of the
University of Southampton’s Institute for Law and the Web at Southampton (ILAWS) Annual Lecture.

Professor Chris Reed, Chair of Electronic Commerce Law at Queen Mary College London, will give the inaugural lecture ‘Doing business online—how to avoid the legal pitfalls’ at the Turner Sims Concert Hall on Wednesday 17 October at 6pm.

The lecture marks the start of innovative new partnership between the University and Thomas Eggar LLP, a leading law firm in the South.

The School of Law at the University of Southampton founded ILAWS in 2006 to explore the legal issues and opportunities associated with the internet, the web and digital technology.

ILAWS is a unique interdisciplinary research centre that combines legal expertise in key areas such as information technology law, e-commerce, IT law and public policy, and intellectual property law. The Institute looks at the crucial current issues for commerce and government, alongside cutting-edge ‘future-gazing’ to discover what the legal issues of the future will be.

Quote

To register your place at this free event, please visit

www.thomaseggar.com/ilaws or

email simon.bomford@thomaseggar.com

For further information on the work of ILAWS please visit: www.soton.ac.uk/ilaws

Chieftain of the Pudding race

Via Thomas Otter

The strangest business model yet - get telephone calls for free if people can listen in and append ads.

"There's a new Skype competitor, dubbed ThePudding, on the Web. And ThePudding is completely free*. All you have to do is agree to let Pudding Media listen in on your calls. To compensate users for the breach of privacy, the company claims, "ThePudding uses breakthrough technology that makes your conversations fun and interesting." In other words, anyone using ThePudding will be served contextual ads based upon topics overheard in your conversation! "

Both Thomas and Pangloss agree that it may be legal, but wow, it's just damn weird. In some ways, it's just Gmail for phones - people already seem moderately happy with a model of free email storage in return for content of emials being scanned and ads appended.
But telephone conversations are so much more personal and intimate that, well, Pangloss would not sign up.

We seem to be approaching the furthest limits of the "it's ok if consent given" privacy model here - a model which already seems in the web 2.0 context to be entirely broken.

Monday, September 24, 2007

GikII 2 ppts: I'm in your legal system eating your brain

The GikII 2 presentation powerpoints are now all up and available and there is some fabulous stuff there.

It would be impossible and invidious for the chair to pick the best paper, but it is worth mentioning what was surely the best powerpoint - namely Daithi Mac Sithigh, Trinity College Dublin: “I’m in ur tube blocking ur internets: The Politics, Perception and Parody of Network Neutrality Legislation” which invents a whole new genre of "LawL Cats" (c. L Edwards, 2007) and manages to do an amazing job of explaining the magnificently difficult topic of Net Neutrality in Europe using cat macros.



Line of the day : "I baked you a constitution, but I ated it".

Jordan Hatcher's exegesis on “Drawing in Permanent Ink: A Look at Copyright Law and Tattoos”, has already been picked up by Boing-Boing .

I'd also recommend looking for sheer novelty and unexploredness around

- my colleague Caroline Wilson of Southampton's future gaze into 5-sense virtual worlds and how trademark law might deal with protecting smells, tastes and feelings;“Trade mark Law in an online future – coming to its senses?

- Thomas Otter's thoughtful consideration of how in the rush to Web 2.0 the issues of accessibility are. as usual , being left way behind - “Web 2.0 and Accessibility

- and Judith Rauhofer of UCLAN's fascinating linking of the risk-averse society of late modernity we now live in and the dangerous calculus that is emerging between security,

privacy and risk ; UCLAN, "Privacy is dead – get over it: Art. 8 and the dream of a risk-free society" .

Sunday, September 23, 2007

Dawkins v You Tube and the World

More trouble with You Tube and the DMCA.

Let's see if we can get this one straight.

Dawkinsites ("Rational Response Squad") post videos anti-creationism on You Tube.

Creationists get said Videos taken down by claiming NTD - that said vids contained their copyright material.

Dawkinsites plead fair use to no avail.

You Tube pull Dawkinsites YT account for making repeated complaints (says Wired).

Wow, I'm glad I'm not YT's Press agents ..

This is a good example though of why You Tube's much awaited Claim Your Copyright technology will NOT solve all problems relating to copyright and NTD - specificially where fair use, fair comment, freedom of expression etc are involced.

Whither the public domain and critical journalism in a world of fully water marked and automated copyright-material takedown?

Thursday, September 20, 2007

Web 3,0 arise

Via Rowena Rodrigues' e-identity blog - a very interesting piece bringing together some thoughts on web 2.0, the semantic Web , social software (not just social networking software) and a possible new approach for defining web 3.0 (or web thingy as Chris Reed has now famously christened it).

"For those of you who don't like terms like Web 2.0, and Web 3.0, I also want to mention that I agree --- we all want to avoid a rapid series of such labels or an arms-race of companies claiming to be > x.0. So I have a practical proposal: Let's use these terms to index decades since the Web began. This is objective -- we can all agree on when decades begin and end, and if we look at history each decade is characterized by various trends. I think this is reasonable proposal and actually useful (and also avoids endless new x.0's being announced every year). Web 1.0 was therefore the first decade of the Web: 1990 - 2000. Web 2.0 is the second decade, 2000 - 2010. Web 3.0 is the coming third decade, 2010 - 2020 and so on. Each of these decades is (or will be) characterized by particular technology movements, themes and trends."

A Manifesto for Inertia in a Web 2.0 World

After three days of running conferences, firstly the SCL/Herbert Smith sponsored "Law 2.0" event, and then the glorious GikII, I am currently too braindead to do much other than stare into space, vaguely respond to my stacked up email, and make virtual glub glub goldfish noises (coming soon, no doubt, to a Facebook app near you.)

Many thanks to all involved in speaking, participating, watching ,asking questions and administering ; you were all magnificent. More thoughts may follow.

In the meantime however, I have been deputised by the ever-wonderful Chris Reed of Queen Mary to publish the below on his behalf, as he has no blawg of his own. (During the course of a discussion on Tuesday, Chris opined that he does not blog, not as any normal person might have expected, because he is too busy, but because he thinks he can influence policy better by fully formed argument in articles and books, than by hasty scribbles on a blog. Probably right. I personally blog as I said, both to organise the legal information deluge to my own advantage (instant tagging, summary and first critical thoughts, to be come back to later) - and because it's a great way to get in touch with interesting people, have fun, and incidentally build a reputation :)

Take it away, Chris.

"A MANIFESTO FOR RADICAL INACTION

To: All those concerned with the regulation of Web 2.0 who know enough
to know that they know nothing.

1. When, as they will, politicians take up the cry of commentators that "This is awful. Something must be done!" we must resist them to our last breath. Laws about the internet made this way have consistently failed to achieve their aims and produced unintended, unfavourable consequences. It always ends in tears.

2. For the time being we must preserve the liberties of online intermediaries so that Web 2.0 can continue to evolve. One day we will understand what responsibilities they can fairly be asked to shoulder. Meanwhile we must muddle along, extending and adapting our current laws to new problems as best we can. If something really must be done, we should question and question again until satisfied that it will not do more harm than good.

3. So far as we are able, we must divert lawmakers into fixing problems that we at least vaguely understand. The most pressing of these are online privacy and intellectual property rights in the new Web 2.0 creations. Fortunately both these require years of international negotiation, which will give us time to identify the best solutions.

We owe it to the future to prevent the mistakes of the past. Aux armes
Netoyens!"

Comments, questions? :-)

EDIT: Rowena Rodrigues has created a neat back-of-a-credit-card version of Reed's Rules here.

"1. LEGISLATE NOT IN HASTE, NOR GET CARRIED AWAY BY THOSE THAT KNOW NOT WHAT TO DO (BUT LIKE TO PRETEND THEY DO!)

2. LET WEB 2.0 BLOSSOM

3. WHAT (LAW THERE) IS, MUST BE EXTENDED AND APPLIED.

4. AND WHILE WE FIGURE OUT THE BEST SOLUTION, IP AND PRIVACY MUST TAKE CENTRESTAGE!"


Ps other comments on legal blogging from the participants of the SCL Law 2.0 blogging debate :

- "Just say no."
- "Choose life."
- "I can't believe how obsessed you guys are with your Technorati ratings. I don't even know what mine is." - me
- "..Oh, you're about, maybe, no 40..?" (Technollama)
- "Since I started blogging my sex life has ended". (Anon , but see above.)
- "I don't know what you guys are complaining about, I got laid by blogging!" (GeekLawyer - naturellement).

Don't let this put you off , guys and gals..!

Wednesday, September 05, 2007

Facebook and privacy returns

Facebook are opening up their site to being Google-searchable. Hark! I hear a million privacy activists screaming.

But wait - they're actually doing it RIGHT.

a. They're only allowing name and profile pictures to appear in search results - not all the rest which tends to include highly personal material.

b. everyone appears to be getting prominent notice IN ADVANCE that they can opt out of their info being released onto Google

c. most impressively, if like me (and I imagine rather rarely) you'd already opted to "hide" on facebook, ie, not be searchable by name in their listing, you are automatically opted out of the Google release.

This appeared at the top of my FB profile this morning:

"Facebook now enables anyone to search for Facebook users who have public search listings from our Welcome page. In a few weeks we will allow users to make these public search listings visible to search engines like Google. Public Search Listings only include names and profile pictures.

Because you have restricted your search privacy settings your public search listing will not be shown. If you want friends who are not yet on Facebook to be able to search for you by name, you can change your settings on the Search Privacy page.

No privacy rules are changing; if you do choose to make this public search listing available, anyone who discovers your public search listing must sign up and login to contact you via Facebook. "

This strikes me as for once a good example of how privacy on line in web 2.0 ought to be handled - congrats to FB.

You could argue that a site like FB should not open itself to Google at all (in the interests of default privacy, etc etc) but the fact is that sites like Spock.com are already begining to scrape social networking sites like FB and make the data they contain searchable with no user opt-out or notice, and dubious supervision - so this at least pre-empts such attention, and gives the user some control.

It's also interesting that this is a case of the market dovetailing with privacy-enhancing code. FB WANT you to sign up for FB and go to their site to read that highly personal stuff - not read it on Google away from their adverts and apps (or on Spock.com).

LiveJournal, by comparison, an open source blogging site normally regarded as fairly privacy conscious, don't care (much) about ads (they make money from paid subs and are run by volunteers), so they also don't stop you allowing spiders to grab your whole blog. User choice prevails and as we all know by now, user choice when the default is no privacy, usually means disclosure by inertia. (You can opt out of spiders on LJ too, of course - but the option is distinctly not that obvious.)

Friday, August 17, 2007

My Brilliant Career :-P

Pangloss has been a bit lax in not indicating that the programme for GikII 2 is now up. It is very packed and should be very fun.

Similarly the provisional programme for the adjoining SCL/Herbert Smith Law 2.0 workshop is also up.

Both these events are now pretty much full, but if you are so inclined it may be possible to squeeze in.

We now return to our scheduled last 3 days of holiday:-)

AllOfMP3.com not Illegal- Official! (but do we care?)

This seems sufficiently remarkable to record without comment:

"A Russian court found the former boss of music download Web site www.allofmp3.com not guilty of breaching copyright on Wednesday in a case considered a crucial test of Russia's commitment to fighting piracy.

The allofmp3.com Web site angered Western music companies by undercutting the price of downloads in deals they said breached copyright law.

"The prosecution did not succeed in presenting persuasive evidence of his involvement in infringing copyright law," said judge Yekaterina Sharapova.

..

Kvasov [owner of AllOFMP3.com} always said he was within the law because the site paid part of its income to ROMS, a Russian organisation which collects and distributes fees for copyright holders.

The judge agreed with his defence.

"Everybody who uses soundtracks has to pay a certain amount of their income to the rights holders and this company has done that," she said. "MediaServices has paid a certain amount of money to ROMS."


Any Russian copyright experts out there care to comment?

And how far if at all does this affect the liability of those who download tracks in the UK from AllOfMP3.com's successor site www.mp3sparks.com in Russia? Rome II, which was recently finalised, indicates that in a transnational tort, the governing law is "the law of the country in which the damage occurs or is likely to occur , irrespective of the country in which the event giving rise to the damage occurred" (Art 4) .

Unfortunately this relatively clear provision is not the one that applies - instead Art 8 provides that the governing law in the case of non-Community-wide IP rights is instead " the law of the Member State in which the act of infringement is committed". Which is um, as clear as mud. The recitals however confirm that this is intended to mean the traditional IP IPL standard of the lex loci protectionis. "Traditionally in Private international law, disputes concerning national IP rights are governed by the lex loci protectionis. That is the law of the country where protection is sought. Where there is an infringement, this law coincides which the law of the country where the acts of infringement were committed." (stolen from the helpful IP-Kat.) Pangloss is still uncertain what that means that if a work in which UK copyright exists (eg a Kaiser chiefs song) is downloaded from a Russian server to a UK PC. One assumes it means that if the case is raised in UK courts, UK copyright law is applied hence there is still an unauthorised copy made and hence infringement.

So despite this court case, the answer "oh it's OK but it's legal in Russia!" appears to remain somewhere between a red herring and a red rag to a BPI bull :)

Wednesday, August 15, 2007

Summer Survey Time!

My colleague Jordan Hatcher asks me to pass the below on..

"**New survey on open content licences**

==Use of open content licences by cultural heritage organisations==

The Eduserv Foundation is funding a study into the use of Creative
Archive, Creative Commons and similar open content licences by
cultural heritage organisations in the United Kingdom. The study is
being led by legal consultant Jordan Hatcher of
opencontentlawyer.com. The survey is available here:

https://www.surveymonkey.com/s.aspx?sm=L3x_2b1lQJxqu7KdfK587AeA_3d_3d

This survey is open to UK-based cultural heritage organisations such
as museums, libraries, galleries, archives, film and video
organisations, broadcasters, and other organisations that conduct
cultural heritage activities.

The goal of this study is to provide information on the actual use of
Creative Archive, Creative Commons, and similar licences. This
information will be useful to decision makers and interested
professionals in the cultural heritage sector, and for local and
national government and the HE and FE sector. The study will be
conducted from now through to the middle of September and a report
will be made available in October.

If you are a member of a cultural heritage organisation, whether or
not you currently use Creative Commons or Creative Archive licences
(or even know what they are!), your participation is needed to make
this study a success.

Again, the survey is available at:
https://www.surveymonkey.com/s.aspx?sm=L3x_2b1lQJxqu7KdfK587AeA_3d_3d"

Saturday, August 11, 2007

HL Report on Personal Internet Security

Pangloss is on holiday at the Edinburgh festival and will be for a bit to come (feckless academics I hear you murmur) but is breaking radio silence to announce that the above much-awaited report is out.

Analysis to follow but right now you can see what my mate Ian says over on Blogzilla. As Ian notes, the Report's proposals seem to point along the lines that academics including myself have been suggesting for some while eg increased responsibilities to implement and encourage security on the Internet on inter alia banks, software writers and ISPs, with the aim of creating a shared "security commons". Encouraging stuff.

Monday, July 23, 2007

Life Is What Happens


Pangloss is one day back from a fantastic weekend in Leicester which had absolutely nothing to do with IT Law or even web 2.0 (yes this is possible, although you do have to swim to get there) and is packing again(or rather adding clothes to unpacked bag!) before she sets off at unearthly hour to the Berlin Law and Society Conference - where she is rapporteur to a multinational panel on privacy and security. If you are reading this and attending (and lord knows , it has 40 concurrent streams, so I expect to meet everyone I've ever known in academe..) then do say hi.

GikII 2 abstracts, meanwhile, are now closed: we have been (delightfully) imundated and I hope to get back to all who sent in submissions shortly after my return on 30 July. There may however be slight hiatus as I have 2 cats to transport to Cambridge and then Edinburgh..

Which all makes me think rather of the above :)

We are on at 8.15am Wed (back to Berlin) which was a time I thought I needed to know no more of post primary school:( Strong coffee will be required.
I am talking about privacy, security and convenience, the lesser spoken-of trio rather than dilemma; my colleagues are speaking on everything from Puerto Rican constitutional law and protection of privacy, to security defaults, to corporate data breaches. Should be fun.

There is also now a flyer for Pangloss's next venture at http://www.scl.org/event.asp?i=1582,which is the SCL workshop on Law 2.0 spoken of before, with limited low rate places for academics and students - hurry if you want to attend, as places are going fast!

Finally, a date for your diaries: ILAWS, the Institute for Law and the Web at Southampton, will be officially launched on October 10 2007 with a lecture by the ever entertaining Professor Chris Reed of QM College London, and following reception - do let me know if you are interested in coming and I'll put you on the list for more details nearer the time.

Real Comment, including German and French You Tube-style cases, and the ECJ ruling that ISPs cannot be required to filter out P2P traffic, follows soon!

Wednesday, July 18, 2007

Harry Potter and the Subtle Hand of Surveillance

My very smart colleague Judith Rauhofer of UCLAN has made the Telegraph web section today on the back of the upcoming Potterdamerung (the best coinage of the current media drench). What she's actually talking about is the paper she gave at last year's GikII (inter alia) and very good it was too. It is now published as "Defence against the Dark Arts: How the British Response to the Terrorist Threat Is Parodied in J K Rowling’s “Harry Potter and the Half Blood Prince” (2007) International Journal of Liability and Scientific Enquiry (inaugural issue).

I feel very proud:)

Tuesday, July 17, 2007

And yet more Facebook

Fascinating piece from Wired as counterpoint to previous post, via Andrew Ducker.

"For longtime users, the influx of grownups means that information once intended for a circle of fellow students is now available for anyone to see. That has introduced a new social conundrum: Deciding whose invites should be accepted -- and how much of your profile they should be able to see.

"You can't really unfriend your mom," says Hillary Woolley, a junior at the University of California at Davis. "So I've been upping my privacy settings."

Facebook lets users specify what data is displayed in searches, and users can customize a "limited" view for select friends. But it's time-consuming to set up customized views for individuals, so most people are simply walling off their profiles to non-friends. "

Combined with the post below, and similar incidents worldwide, I'm betting on FB moving from a default of "openness" - based on a core audience of high school kids who want to share as much as POSSIBLE with each other - to a default of "open only to Friends" - based on a norm of networking with chosen persons. At the very least, I expect to see the notion that everyone in your Network - where a Network is a town not a school/university - seeing everything you have by default , to disappear.

OR, alternately, a divesification of the sociual networking sites of choice (My Space for music, FB for real friends, Linked IN for business - tho no one in the UK seems to like Linked In?)OR, migration of the herd to a better FB with a better/easier privacy-friendly interface.

Is privacy finally a feature not a bug? Interesting times..

And more facebook..

So what does everyone think of this story?

http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2087306.ece

Leaving aside whether Oxford should or should not have conceivably antiquated rules forbidding students from celebrating (oh f'heavens sake!), who is most in the wrong here?

Should the girl who has been caught have checked to make sure her Facebook "privacy" settings actually stopped everyone seeing her pix of drunken devastation? One assumes, as my colleague Technollama has pointed out, that she did not necessarily reasonably have to know she was under surveillance - if she had joined the Oxford University network, then anyone else in that network (which I suspect, though do not know for sure, would embrace anyone who signed up with an ox.ac.uk email address, student or staff)would be able to see all her posts, contacts, photos, etcf etc - even if they were not known to her as a "Friend". To exclude that surveillance, she would have to have taken explicit privacy steps which anecdotally few people (particularly maths and philosopy graduates:) on Facebook seem aware.

Or to look at it another way; were her "reasonably expectations" of privacy met?

Should Facebook themselves have offered privacy to my-Friends-Only as the default, not leaving it up to the sense of people who think sparying each other with champagne and flour is the height of wit?

Should info gathered on Facebook in such circumstances be regarded as de jure "private" and therefore inadmissable as evidence (like evidence gathered in private houses when police break in without a warrant) - or is that as silly as saying that if the proctors had seen flour battles in the street they shouldn't have been able to use the evidence of their own eyes? Should evidence from facebook be not used, rather as insurnace companies have been asked not to use evidence of genetic testing? But what about a comparison to the case of people who are sacked from their jobs because they say daft things about their employers on their blogs? it seems difficult to disticnguish the two types of case.

If pictures existed on her site which showed the flour/champagne battles, is it so res ipsa loquitur that to talk of privacy and evidence and default settings is just silly and she should take her lumps?

Is Facebook a "private" or "public" space??

I think this is going to be my paper for the Berlin Law and Society Conference next week.It's meant to be on privacy and security but hell, I'm sure I can twists it round :)

Monday, July 02, 2007

GikII 2

In September 2006, Technollama and yours truly organised the first GikII workshop, a tremendously entertaining gathering of like-minded people willing to discuss the interface between geek culture and the law. The resulting workshop provided a look at the virtual personality of avatars; legal aspects of fandom, anime and even hentai; privacy in the novels of Harry Potter; technophobia as a drive for regulation; the ecological impact of computing; and more mentions to the three laws of robotics than you could ever expect in a legal workshop.

We are now officially announcing the venue for GikII 2 on September 19 2007 : University College London. Very many thanks to Ian Brown for arranging this. The workshop is free to speakers who have abstracts accepted, but a (very) limited number of non-speaker places are available at a nominal £30 GBP. There will be a conference dinner arranged at a nearby Italian restaurant which will again be free to speakers only and at reasonable costs to others. There is a very limited amount of money available to subsidise attendance - please contact me on l.edwards@soton.ac.uk for details - preference will be given to those with no home institutional funding, especially PhD students.

There is an online registration form here. Preference wil however be given to those whose abtrsacts are accepted. Because we're trying to be all Web 2.0, you can also join the group GikII on Facebook, which already has 24 members and rising!.

There is still time to get in abstracts but only just!!! The deadline is July 15 and as we already have a large number of submissions it is unlikely to be extended so get your marvellous ideas in NOW. 500 words max, to myself as above or to a.guadamuz@ed.ac.uk .

THIS IS GIKII!!

Thursday, June 28, 2007

SCL: Web 2.0 Conference

Aha! My mate Simon Deane-Johns, the CEO of Zopa the innovative P2P lending company, has come good on his stated intention to start a blog in the wake of the enthusiasm generated by the SCL conference (and not all of it about FaceBook and virtual detachable genitalia, either.)

His write up is here.

Nick Holme's of Binary Law has one here. I particularly like his reminder of the phrase of the conference: Tom Ilube's daughter describing her father's efforts to keep up on the social network scene as "so January".

Pangloss took lots of notes - and will try to transcribe some of them before it becomes Too Late.

Wednesday, June 27, 2007

Extreme porn bill

Busy day today; after this, no more spodding:)

The Extreme Pornography law has been published, tucked away in the Criminal Justice and Immigration Bill.

The key section is the definition of an "extreme" image, possession of which will be a crime, and which is as follows:
s 64(6) "An “extreme image” is an image of any of the following—

(a) an act which threatens or appears to threaten a person’s life,

(b) an act which results in or appears to result (or be likely to result) in
serious injury to a person’s anus, breasts or genitals,

(c) an act which involves or appears to involve sexual interference with a
human corpse,
(d) a person performing or appearing to perform an act of intercourse or
oral sex with an animal,

where (in each case) any such act, person or animal depicted in the image is or
appears to be real."

In an age where "torture porn" is not just the height of chic but appearing in a multiplex near you as I write (Hostel 2, anyone?) frankly I do not think this is unreasonable. (Classified films are in any case excluded from s 64 so no one is attempting to make possession of a Casino Royale DVD illegal because it involves images of murder and torture.) The usual suspects are however predictably upset.

Phew

For some reason (OK, to avoid writing about data protection, let's admit it) Pangloss has FINALLY after about a year, re-organised her blogroll, including many of the blogs of the great speakers I've met here and there over the last year, in particular at GikII last year.

If you think I've unjustly ignored your pride and joy, please comment and let me know! I'm not attempting to blogroll every blog in the universe, more the ones which reflect the British scene and especially those focusing on my own current obsessions: privacy, security, virtual worlds, Google and "law 2.0".

FaceBook Brought to Book?

My colleague Ian Brown of Blogzilla reports on an interesting post on why Facebook may be violating European privacy law.

The article reveals that creating an "exploit" in FaceBook - ie hacking the privacy of unsuspecting users - is trivially easy. All you have to do is use Advanced Search and you can search across controversial (and in European DP language, "sensitive") pieces of data such as Religion and Sexuality in apparently unlimited numbers of profiles. This is true even if the user has taken steps to protect the privacy of their data (see below). As Ian comments this is a security failure on FB's part, which should have been trivially easy to fix in their code.

Having just returned from the SCL Conference where it was revealed that over 3 million people in the UK are on Facebook (including apparently nearly every corporate lawyer in the UK.. and definitely at Allen and Overy :-) and it is growing in the UK at 6% per WEEK, this is serious, er, excrement.

Pangloss's own experimentation proves that in fact hacking FaceBook is even easier than this. Suppose you want to stalk person X who you know lives in London. All you have to do is set up an FB profile, join the London network - which requires NO validation, certainly not a University of London email address or the like - and suddenly you can see all their personal details - some of which (on brief inspection) are highly revealing , of social and sexual data that many people would not want public. Of course they may not have joined the London network - but very often it will be very easy to guess what network the stalkee is in.

Of course, will say FaceBook, you, the stalkee, can stop this. You can in fact change all your privacy defaults on FB so no one can see ANYTHING on your profile site unless they are people you have accepted as "Friends". (Pangloss has just gone and done this, with a vengeance.) Fair enough, except that the default privacy settings on FB are almost entirely in favour of disclosure and there is very little direction or instruction on the site to "change these defaults for heaven's sake, 300,000 people can see who you want to sleep with".

As the blogger above, Quiet Paranoia (great name) comments, "Users cannot be expected to know that the contents of their private profiles can be mined via [advanced] searches, and thus, very few do set the search permissions associated with their profile."

I agree. If an er um respected professor of privacy law can take some while to realise how exposed her data is on FaceBook, then it is unreasonable to expect children of 16 or 17 (FB is associated with high school students but the T & C say 13 up) to make these kind of difficult judgment calls, when what they are really concerned about is popularity and finding out about the good parties?

FB will say that they have provided opt-in to privacy, and anyone who does not avail themselves of the tools available is impliedly giving consent to processing of their data. They wil also point to their privacy policy which does not give the impression of overwhelming concern about the remarkably weak default privacy protection and indeed, security, offered by FaceBook.

"You post User Content (as defined in the Facebook Terms of Use) on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content."

Even Pangloss, who is no privacy fundamentalist, does not think this is good enough, particularly in relation to "sensitive personal data" where "explicit consent" to processing by third parties is required. (Is searching via key words "processing"? Almost certainly - see Art 2 of the Data Protection Directive which includes "retrieval" whether or not by automatic means. )

But FB will again say : Everyone who signs up to FB assents to the T & C. Does that mean they have given the requisite explicit consent to processing of sensitive data even by "unauthorised third parties"? Even if in pure contract law the T & C can be read this way, at this point both DP law and the Unfair Contract Terms Directive should surely both converge to make such a clause either void or unenforceable?

In comparison, another social networking site where Pangloss hangs out, Live Journal, has not only very sophisticated privacy controls, but also a culture of discussion and awareness that privacy and openness can be manipulated by the software. Of course privacy breaches do still occur (via "cut and paste fairies" for example) but they are pretty rare.

Do we need a legal solution? Is there a case for extension of DP law to cover the setting of defaults on social network sites? Should privacy not be the default, by law (perhaps with some exceptions to preserve functionality, such as name and network) and openness the opt-out, rather than the reverse? Maybe. Maybe all that is needed is an Industry Code of Practice combined with some upping of awareness of the issue. However with the number of people - especially young pre-employment proto-citizens - involved in web 2.0 sites rising by the minute, this really does seem an issue which is not merely knee jerk alarmism and should not be swept under the carpet. First year students may not care now about spilling their sexuality and contacts to the world: they may when they are older, wiser and looking for employment :)

Another suggestion might be the automatic expiry of social networking data after say six months unless the user chooses to opt in to keeping their data out there. Viktor Mayer-Schoenberger has made this kind of suggestion recently. In social networking sites where the whole business model is based around large databases of personal data, data is routinely retained apparently forever. Data retention is another area where the DPO authorities might want to have a bit of a look at whether the law needs tweaked.

E-Commerce Meets Terrorism

Via Naked Law, belated but important:

"A new anti-terror law has come into effect as of 21 June 2007 : the Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007. Under these new provisions (which operate in conjunction with the Terrorism Act 2006), encouraging acts of terrorism and the dissemination of terrorist publications is an offence, including where such actions occur online. If a third party posts material which is an offence under these provisions, the police may notify a blog operator and require them to take the offending material down promptly (within two days). Failure to do so without cause could result in the Directors going to prison."

The most interesting part of this to me is the 2 day takedown. My own as yet unofficial research indicated that takedown periods for ISPS and hosts varied between about 24 hours up to a week, depending on the legal risk associated with the material (child porn might be removed more quickly than alleged libels, for example.) One wonders if "2 days" for terrorist material may create a nascent standard of 2 days as the outside edge for "expeditious" removal under the general E-Comm Regs?? Could this have informed the rather mysterious decision of the defendants, already blogged here, that Mumsnet might not have taken down expeditiously when they removed in about 24 hours??

Good News for Every Blogger!!

Apparently, law students are picking what law school to go to via blogs..

So when do we acdemic bloggers get paid extra for it huh? :-P

Monday, June 25, 2007

YouTubeWatch

.. should probably be the new name for this blog. But it is an endlessly fascinating time for intermediary lawyers...

Anyway just a note that people seem to think that Google has won the first round, not against Viacom itself but in Tur v YouTube, an earlier launched case. Robert Tur is the photojournalist who sued YouTube in July when his videos of the L.A. riots and O.J. Simpson's slow-speed chase appeared on the video-sharing Web site.

Now the judge in the lawsuit has denied both sides' motions for summary judgment, ruling that more evidence is necessary to determine whether Google's video-sharing giant is shielded from liability by the Digital Millennium Copyright Act, s 512(C),

As this is the point I've been debating through three papers in two different countries over the last mont or so, I'm rather keen to see this one fully explored myself; can't wait in fact.

Tur's claim can be found here,
As I myself have previously discussed, his claim rests on the claim that YouTube does not qualify for DMCA safe-harbor protection because it derives a direct financial benefit by displaying advertising opposite his videos. Under s 512, the claim to immunity is lost if "direct financial benefit" is made. But there is a strong argument from the policy papers that preceded the DMCA, that "direct" benefit was not intended to apply to the kind of indirect profit YT may make by selling ads on its site next to videos which are both downloaded and uploaded for free. Furthermore, there are rumours that YT in fact makes no money at all at present, and therefore "financial benefit" may in reality be hard to prove.

Judge Cooper issued an order for further discovery, saying that she needed more factual evidence to establish if there was a case to answer. "There is insufficient evidence regarding YouTube's knowledge and ability to exercise control over the infringing activity on its site .. There is clearly a significant amount of maintenance and management that YouTube exerts over its Web site, but the nature and extent of that management is unclear."

Cooper also wants more information about YouTube's internal screening procedures.

"YouTube also asserts that while it is able to remove clips once they have been uploaded and flagged as infringing, its system does not have the technical capabilities needed to detect and prescreen allegedly infringing videotapes," Cooper wrote. "However, there is insufficient evidence before the Court concerning the process undertaken by YouTube from the time a user submits a video clip to the point of display on the YouTube Web site."

These quotes highlight that YT's liability (or non-immunity) is dependent not just on whether it makes "financial benefit" but also on whether it has the "right and ability" to control the infringing files. This may depend on a number of factors, including YT's terms and conditions, its policies, and crucially what filtering, both pre-and post-upload it employs. As previously documented here, YT has been developing the ability to pre-filter infringing files using code called ClaimYourContent. Until that is ready, goes their story, they not not have the "ability" required by the legal test in 512(c). Indeed, even when CYC is ready, it may still require collaboration from rightsholders before individual infringing clips or videoes can be "tagged" and recognised.

Again, watch this space!

Tuesday, June 19, 2007

Why Not Sue You Tube in the UK?

.. thought Pangloss when it was announced on May 4 that the English Premier League were suing You Tube in respect of alleged copyright infringement of Premier League clips - whose business value as sold rights is worth some $2.7 m.

The answer now becomes aparent - by suing in NY, the Football League can bring in other heavy hitters in a class action; indeed a website has been organised for this very purpose. Joining the EPL, it seems , are a number of international music publishers as well as France's top football legue and tennis association.

What still remains to be discovered is, as with the original Viacom/You Tube suit, what the litigants are really after. Proactive filtering, via the long awaited Claim Your Content technology? Plain old damages? A favourable licensing agreement? Or all three?

Watch this space. Meanwhile , have yet another announcement (as of June 6 07) that You Tube are nearly there with Claim Your Content.

Lessig Moves on

This seems worth recording, although I doubt I have anything to add that 100s if not 1000s of other commentators will not say.

Lessig has decided to withdraw as active leader of the Creative Commons movement over the next year or so to address what he regards as the underlying problem: "Corruption" , or the way in which public policy is driven (in the USA, though he does not say that) by the money of sectoral lobbying interests.

Well, one wishes him luck. It's become clear over the last few years that Lessig is no longer a law professor , no longer even a lawyer really ; he is a political animal , a camapigner, a rock star of the movement, and so this move makes perfect sense.

For myself, I'm not very excited. The Lessig who is still my hero is the Lessig who invented "code as code", still the most useful insight ever to have arrived in Internet law and one which has pervaded and informed my own work ever since. (And yes I know Reidenberg was there first , and probably others - but sometimes it takes a genius to crystalise things just right, standing on the shoulders of giants, etc etc.) I'm a little bored with CC and IP, to be absolutely honest, and it sounds like Lessig is too.

Vale atque ave; farewell and hail.

Monday, June 18, 2007

HumanLaw Blog Book

Pangloss is interested to discover a book in train via Wiki about aspects of blogging from (for once) a UK perspective. the excellent Naked Law people are doing the legal stuff: but I'm sure some of my readers might want to join in..

In other news, an unlikely segment of the User Generated Content world have just mounted yet another rebellion (cf AACS and Digg; LiveJournal and Strikethrough) - lawyers. After FaceBook was banned at Allen and Overy, the IT department was bombarded with complaints until they were forced to climb down.

Pangloss is not very surprised , following recent anecdotal discoveries that every respectable IT and law professional she knows appears to have joined FaceBook in the last month and a half. It is now officially CyberStalking 2.0 central (TM: Ian Brown). FB now seems to be becoming the first really major Web 2.0 site to transition from kiddy site full of tagged pictures of drunken debauchery, to grown up networking site essential for your everyday lawyer, banker or journalist. (One might argue that Second Life also vies for this title - but despite the discovery that it fuill of private islands hosting the creme de la creme of global capitalism, Pangloss still thinks its current interface is too crummy for world domination.)

More on this from myself and others at the SCL conference this Friday!

Thursday, June 14, 2007

Google Pot Shots

As has been true for some time, it seems to be open season on Google. With great innovation, comes great.. um.. legal liability? Here's a very quick round up..

OUT-LAW restrainedly report "Google's Street View could be unlawful in Europe".

"Well, you can't say fairer than that " said an unamed source at Google..

The question here seems to be whether you view Google Street View as more like looking at the world with your own eyes, say from the top of a double decker bus (unconditionally legal) or as more like CCTV (regulated, at least in the EU, by DP law, and also by some case law of the ECHR, such as Peck). AS OUT-LAW note, if the latter paradigm is applied, then Google need to give adequate notice that surveillance is in operation to anyone who might be caught on STreet View and identifiable a a living person. Will we see 40 feet high billboards over London announcing "YOu are now on Google Maps. Be very afraid."? It reminds Pangloss of the old suggestion that London streets should be painted with the squares of the London A-Z for easy navigation.. One way out of this not identified by the otherwise excellent Struan Robertson, is the Durant v FSA get-out - it might be argued that no particular person is the focus of the attention of Google Street View and therefore no particular person has DP rights. Of course, Durant may not last forever:-)

More seriously, Google's privacy practice is apparently worse than Microsoft's. Yes, really Jemima - at least according to the much respected Privacy International, who surveyed a variety of Internet businesses. Results:

Privacy-friendly and privacy-enhancing. Nobody...

Generally privacy-aware: BBC, Ebay, last.fm, LiveJournal, Wikipedia

Notable lapses of privacy: Amazon, Bebo, Friendster, Linkedin, Myspace, Skype

Serious Lapses: Microsoft, OrKut, Xanga, YouTube

Substantial Threat to privacy: AOL, Apple, Facebook, Hi5, Reunion.com, Windows LiveSpaces, Yahoo

Hostile to privacy, comprehensive consumer surveillance: Google

Not everyone is convinced - see rebuttal at http://searchengineland.com/070610-100246.php .

(With thanks to Pete Fenelon for tip off.)

Wednesday, June 13, 2007

WEIS 2007

The best conference Pangloss went to last year was not a law conference, not even a policy conference, but the Workshop on the Economics of Information Security, which presents actual empirical work by economists and information seciurity specialists on what factors in the real world affect privacy and security. What a joy to actually encounter "evidence based" policy in the wild!!

So this year's papers are now up at http://weis2007.econinfosec.org/program.htm . Sadly i couldn't make it this time but my attention has already been drawn to "
The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study
Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, Carnegie Mellon University , in which researchers found that if information about privacy advantages and disadvantages of a range of products was displayed to consumers, the privacy pros and cons did affect their decision on which to buy; but only up to the point of paying a maximum of about 60 cents - or 30 p - on items worth up to about £7, for better privacy.

Many more papers also available, on how far law enforcement does deter hacking; on the sale of zero day exploits; on strategies to manage phishing attacks - and much more as they say. I fervently hope this annual event comes back to the UK soon.

EDIT: Aha, a simpler BBC version at http://news.bbc.co.uk/1/hi/technology/6729565.stm .

Tuesday, June 12, 2007

Rate My Blog, no, Hang On..

Interesting new German case reported by Tobias Escher of the Oxford II. Sadly Pangloss has no German at all (stoopid Brit) so has to rely on Tobias's word for the quoted comment.

Scurrilous remarks on the German version of the web 2.0 site, Rate My Professor (or MeinProf.de) (an innovation which luckily does not seem to have penetrated Southampton law School yet:-) lead to demands from one particularly annoyed professor that certain posts be removed. Although the website took down hastily, the professor in question then went to court demanding the operators pay 3,000 Euros (about £2,000) for any similar comments about him that might appear on the site in the future. The court demurred.

"The court has decided that a general “cease and desist” for unacceptable comments is against the law. As a professor one has to face public criticism that cannot be prohibited ex ante. ..."

and Tobias comments

"Several things have to be noted: In general this is a positive outcome for web sites that leverage the wisdom of the crowds as it offers some protection for the often not-for-profit operators of these sites. However, this does not justify defamatory comments on those sites and the court has emphasized the operators’ duty to remove those entries as soon as they are recognized. Last but not least, the subject under public scrutiny does matters as professors might well be made to face personal criticism in their role as public figures while teachers and nurses might have to be treated differently. "

Interesting but not radical: it is apparent that the E-Commerce Directive Art 14 should protect websites like Rate My Etc Etc from liability for defamatory words posted by a third party. The ECD does not, however, as is well known, prevent the seeking and gaining of injunctions or interdicts to stop such posting; it merely immunises host sites or ISPs against damages. But the ECD does provide in Art 15 that web hosts cannot be commanded by law to monitor pro-actively on a blanket basis, which seemsd to be what was being demanded here. That rule was explicitly not implemented in the UK, interestingly, but only because it was understood to already exist at common law.

In the US as Wendy Seltzer notes, the site could not even have put on notice by the professor, due to the blanket immunity granted by the CDA. Rate My P could have kept the posting up without fear of suit. Whether in this case, as Wendy suggests, free speech should trump the desire of a scholar not to have his reputation casually trashed without any comeback but the self same Internet "right of reply" .. well, Pangloss will go back to her marking :-)

On the other other hand this decision is rather good news for eBay in its continuing desire to have no duty to check pre-emptiovely on the legality of the goods it sells on its various European sites, even where there is a known history and pattern of , say, the sale of Gucci counterfeit goods .. and Pangloss has said before that she is uncertain whether THAT is fair.