iamsteve.in

Category: Internet Law

Everything related to the world of law online.

  • Private Internet Access VPN on the Draft Surveillance Bill

    With the upcoming draconian Digital Surveillance Bill in the UK, that has been described as ‘worse than scary’ by the UN’s Privacy Chief, I’ve again resorted to sending all of my web traffic over VPN.

    The VPN I use is Private Internet Access (PIA), for their stance on user privacy. I was curious to see what they had to say about the new Bill, so dropped them an e-mail. I got two separate responses, one from their tech support, and one from their legal team. They’re worth reproducing publicly.

    Here they are. First off, the more general position from their tech team:

    Hello,

    Thank you for contacting us. It is our current interpretation that the EU Data Retention Directive 2006/24/EG is not applicable to private VPN services such as ours and instead applies to larger public communications networks. The law requires that telephone and internet providers temporarily store data about a user such as assigned Internet Protocol (“IP”) addresses, timestamps, and more to assist law enforcement and investigations. Private VPN providers do not fall within the purview of the European definition of a public communications network, so it is our position that the EU Data Retention Directive 2006/24/EG does not apply to our business organization.

    PIA absolutely does not keep any logs, of any kind, period. While this does make things harder in some cases, specifically dealing with outbound mail, advanced techniques to handle abuse issues, and things of that nature, this provides a high level of security and privacy to all of our users. Logs are never written to the hard-drives of any of our machines and are specifically written to the null device, which simply acts if the data never existed.

    The Mandatory Data Retention logs in the EU and many areas applies to Telecommunications and Internet Service Providers as they are a “Public Communications Network”. This is not applicable to our VPN service as we are a private network.

    Due to this, we’re unable to provide information on our customers usage of our service under any circumstance, including subpoenas and court orders, which are extremely closely reviewed before we make any response by our experienced legal team.

    PrivateInternetAccess.com is a business that strives to protect privacy and the privacy rights of our clients. Although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the “spirit” and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought.

    Moreover, when it is possible and a valid option we will provide the user an opportunity to object to any requested disclosures. We cannot provide information that we do not have. PrivateInternetAccess.com will not participate with any request that is unconstitutional.

    https://www.privateinternetaccess.com/pages/privacy-policy/

    and secondly, the more direct answer from the legal team:

    Thanks for the email. We are aware of this proposed law pending in the UK. First, the law has to actually go into effect first before we will consider making any changes. We are paying close attention to this proposed law and we will make any adjustments as necessary to maintain the privacy of our users. Second, PIA will not maintain logs because we do not believe that we will be classified as an ISP under the new law. The log keeping requirements are specific to ISPs and we do not fall under that definition. We hope that helps answer your questions.

    Help fight back against the Bill with the Open Rights Group:

    https://www.openrightsgroup.org/blog/2015/investigatory-powers-bill-published-and-now-the-fight-is-on

  • Real Punishments Needed for DMCA Takedown Abuse

    Note: The opinions expressed within are mine, and mine alone – not necessarily endorsed by Automattic or WordPress.com.

    Last week Automattic released an update to our transparency report, detailing the number of takedown and information requests that were received between January and the end of June this year – as well as the number that had been acted upon, or rejected. There has been some good coverage of what’s included in the report by TorrentFreak, ARSTechnica, and TechDirt.

    One area that’s particularly interesting is that relating to the DMCA notification and takedown process, regarding instances of alleged copyright infringement. The full figures are available on the page itself, but here are the highlights:

    WordPress.com Transparency Report

    If you’re like me, it can be difficult to pull out something meaningful from a table of figures, at least at first glance. The important thing to note here is that 43% of the total notices received were rejected – either for being incomplete, or abusive. This figure rises to 67% if you remove sites that were ultimately suspended for a terms of service violation from the ‘Percentage of notices where some or all content was removed’ column.

    Incomplete notices can be anything from the complainant not including a signature; failing to specify the content that they are claiming copyright over; or not including the required statements ‘under penalty of perjury’. Abusive notices include those that target material which is not copyrightable (such as trademarks or allegedly defamatory content); where the complainant misrepresents their copyright; or attempts to prevent fair use of the material – protected by US copyright law.

    Many complainants simply want to get content removed from the web, irrespective of which route they have to take to get it. As a result, a variety of different tactics are deployed, particularly when a third party agent is engaged to carry out the task. For example, the wording of takedown demands may be fudged in order to give them the appearance of a valid DMCA takedown notification, whilst failing to substantively fulfil the statutory requirements. In other cases, claims regarding alleged copyright infringement are mingled together with threats concerning trademark infringement or defamation – obfuscating the invalidity of the DMCA takedown itself in the process. Web Sheriff in particular have been known to adopt this practice, with ‘kitchen sink’ takedown demands listing what seems like every law passed in the last 20 years incase one of them might apply in any given scenario. The Pirate Bay have infamously mocked Web Sheriff in the past for some of their tactics:

    Pirate Bay Web Sheriff Mockery

    It can be a difficult process to manually review and untangle exactly what a complaint relates to, and whether or not it is a valid DMCA takedown. Clarification e-mails often go ignore, something that is particularly true in cases where the notifications are being generated by bots. Replying to point out that a notification is incomplete, or that the material is actually hosted elsewhere in many cases is met by nothing except a deaf ear, and a duplicate takedown demand the following day.

    Whilst the DMCA’s safe harbor provisions are designed to provide protection for third party intermediaries as well as the rights of copyright holders, the phenomenon of automated takedown demands has resulted in a massively lopsided burden on those service providers who take their responsibilities seriously, and do not just acquiesce to every single takedown notification automatically.

    Complainants are able to submit grossly inaccurate DMCA takedowns on a massive scale, routinely through the use of automated systems that indiscriminately target particular keywords across the web – all without any real fear of legal consequence. The sheer volume notices generated means that the vast majority of service providers simply remove content immediately and automatically, without scrutinising them for their formal completeness or legal validity. The few that do choose to go through them manually in order to protect their users (like WordPress.com), end up facing a huge burden.

    Without stronger statutory consequences for those who abuse the DMCA’s notification and takedown system, the battle for freedom of expression online will be increasingly difficult. The majority of service providers will inevitably default to censorship in the first instance, as the number of notifications (and therefore the resources required to push back effectively) increases.

  • How to Submit (Valid) DMCA Takedown Notices

    How to Submit (Valid) DMCA Takedown Notices

    So you’ve discovered that a website is using something you’ve created without permission, and you want them to stop. The quickest route to make this happen is to submit a ‘DMCA takedown notice’, though the process itself can seem daunting if you’re not familiar with the language involved.

    In short: The Digital Millennium Copyright Act, or ‘DMCA’ is a piece of American law that provides a mechanism for copyright holders to have allegedly infringing material taken down speedily from the Internet without having to resort to legal action – whilst also protecting the online service providers from liability for the actions of their users.

    Should you wish to follow up on the unauthorised use of your works online, this guide will give an idea of what’s involved, and how to submit a formally valid notice. Having seen thousands of these takedown notices as part of my job, I know a fair bit about the quirks that are involved.

    Things to Consider

    Before submitting a DMCA takedown notice, there are some general things to bear in mind:

    • The DMCA is American lawAs a result, online service providers located outside of the US are not bound by its contents. There are similar provisions enacted in different jurisdictions, but generally the DMCA is seen as the industry standard. It is often the case that hosts will comply with valid takedown notices even if they technically are not required to by their local laws, but don’t expect bank on this.
    • Takedown notices do not prevent the spread of the material. Just because you manage to get something removed from one host, doesn’t mean that it won’t pop up again somewhere else – much like the ‘whac-a-mole’ game you see in American films. Sometimes giving attention to one instance of infringement can lead to a multiplication of the problem, rather than a solution. As a result, you need to question whether taking action will be worthwhile, or whether sleeping lions are best left undisturbed. This is relevant.
    • Not every use of copyrighted material is actionable. People are entitled to use copyrighted material without permission in certain circumstances, such as for the purpose of research, criticism, education, or news reporting; known as the ‘fair use’ doctrine. You have an obligation to consider this possibility before submitting a takedown notice for the use of content in which you hold a copyright interest.

    The Takedown Notice

    The DMCA takedown notice itself isn’t very complicated, but it does require a number of specific elements in order to be considered formally valid. It’s amazing how often people screw this up.

    They are:

    • A signature from the copyright holder, or somebody who they have authorised to act on their behalf. This can either be a physical, or electronic signature.
    • An identification of the material that is being used without permission. In other words, what photograph, text, or other content is it?
    • An identification of where the infringing material is located. Where exactly is the content being used without permission? Include a direct link to the page where it exists, and be careful not to include dynamic URLs, as this can delay the process.
    • Details to allow the service provider to contact the complainant, such as address, telephone number, or e-mail address.
    • A ‘good faith belief’ that the material’s use is not authorised by the copyright owner, agent, or the law.
    • A statement that the notice is ‘accurate, and under penalty of perjury, that the complaining party is authorised to act on behalf of’ the copyright holder.

    That’s all. There are various examples available on the web that add in a whole lot of extraneous information about the obligations of service providers and so forth, but legally this is not required. Whilst some smaller hosts may be intimidated this approach, the extra verbiage more often than not can seem as if the complainant is clutching at straws in a desperate bid to have material taken offline.

    Some things that are worth noting:

    • You can have somebody submit the DMCA takedown notice on your behalf, if you would rather.
    • The signature must be of a person. This sounds obvious but in other words, you can’t sign your company name – it must be either yours or the third party acting as your agent for the submission.
    • Though some service providers specifically ask for it, the DMCA does not require you to provide all of your contact details. As a general rule, I would only supply the minimum necessary, and avoid giving up personal phone numbers and addresses This is particularly true as a copy of the notice can often then forwarded on to the user who published the material in the first place (depending on the policies of the host in question). An e-mail address should suffice.
    • If you do not want to supply your own details, the DMCA allows for you to submit a takedown notification through a third party agent, acting on your behalf.

    A sample DMCA takedown notice is as follows:

    Subject: DMCA Takedown Notification

    To whom it may concern,

    This e-mail is notification under USC 17 §512, the Digital Millennium Copyright Act (DMCA), of instances of copyright infringement operating on site(s) under your control.

    The copyrighted work at issue is as follows:

    ** INSERT DESCRIPTION OF COPYRIGHTED WORK **

    The unauthorized, and infringing copy is available the following URL(s):

    ** INSERT URLs WHERE THE COPYRIGHTED WORK CAN BE FOUND **

    I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.

    I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

    I demand that you expeditiously remove or disable access to the material in question.

    I may be contacted on:

    ** NAME **
    ** ADDRESS **
    ** TELEPHONE NUMBER **
    ** E-Mail Address **

    The following should be considered my electronic signature for the purposes of §512(c)(i):

    ** TYPE OUT FULL LEGAL NAME **

    This can be downloaded over on Github.

    PROTIP:

    • Don’t submit these DMCAs by post, or in PDF format. Unless you want to be really, really annoying (which you might!), this will only serve to slow down the actual process of getting your material removed, which should really be the priority.

    The Process – What Happens Now?

    Once you have submitted a valid DMCA takedown notice, the process is as follows:

    • The online service provider must act ‘expeditiously’ to ‘remove or disable access to’ the material that you have identified as infringing upon your copyrights.
    • The user who published the material has the option to submit a counter notice, asserting their right to legally use the material. At this point you will be notified, and if you do not give notification of beginning legal proceedings, the content in question will be restored between 10 and 14 days after the submission of the counter notice.

    So there are a number of possibilities for what could happen:

    • Nothing. The service provider ignores your takedown notice, which can happen for a variety of reasons (such as their location outside of the US). At this point you are left with little option but to undertake legal action to have the material removed.
    • The material is removed by the service provider, and stays offline. The best possible outcome.
    • The material is removed by the service provider, but a counter notice is received shortly thereafter, leading to it being restored within the 10-14 day window unless you pursue legal action.

    NB: This is not to be taken as legal advice.

  • Blow Struck by WordPress.com Against Fraudulent DMCAs

    Blow Struck by WordPress.com Against Fraudulent DMCAs

    Abuse of the American online copyright takedown system (DMCA) is rife. People frequently submit fraudulent notifications to online service providers in order to censor views that they disagree with, curbing legitimate freedom of expression. Examples include those trying to stifle negative reviews about their businesses or products, preventing political satire, and even inappropriately targetting the normative use of a trademark.

    All too often, OSPs simply shrug their shoulders when confronted with these scenarios, and process the notices anyway in order to avoid losing their safe harbor protections. Even when alerted to what’s going on in specific circumstances, many choose a policy of non-intervention, rather than to defend their users.

    The result of one of two cases which were filed by Automattic in response to fraudulent takedown notifications submitted concerning material posted by WordPress.com was released a few days ago, Westlaw citation: 2014 WL 7894441. The judgement concerned a notice sent by a group called ‘Straight Pride UK’, who objected to the publication of an e-mail interview which a journalist Oliver Hotham had conducted. Under §512(f) of the DMCA, Automattic were awarded a total of just over $25,000 in damages – $960 of which was for Hotham’s time.

    The outcome was a ‘default judgement’, as the defendant’s (unsurprisingly) didn’t turn up to the hearing, despite being served properly through the standard international processes. It’s unlikely that either Automattic or Hotham will ever see any of the money, so it is largely a symbolic victory. However, it should not be dismissed too quickly, as the case highlights a number of important issues:

    • The DMCA is frequently abused, with few consequences for those who misrepresent their copyrights
    • Taking action against this abuse is expensive, and happens extremely infrequently
    • Enforcing damages against those from outside the US is difficult, and so there is a hole in the remedies available where those who abuse the system fall into this category
    • Even where organisations or individuals are resident in the US, major online service providers do nothing about the fraudulent notices they receive that could be actionable
    • In order for damages to be awarded, material must be removed as the result of a misrepresentation. There are no consequences for fraudulent notifications that are caught by diligent service providers first – at their own risk

    The DMCA is a blunt tool that has an incredible power to silence dissenting voices without recourse. The only way in which this is going to change is if service providers begin to stand up against the abuses, using the considerable resources as their disposal – both to further the conversations in this area, and also to take legal action where possible.

    Transparency: I am a Community Guardian for WordPress.com.

     

  • DMCA Rejection Retaliation

    Every day WordPress.com receive a sizeable number of DMCA takedown notifications, and every day I personally reject a fair number of them for being incomplete, invalid, or fraudulent.

    Many of those who find their takedown notifications being rejected are displeased with the decision, used to service providers choosing to automatically process them, shifting the burden of proof onto the user, rather than take on the risk of liability for themselves. Unsurprisingly, this displeasure is often most aggressively expressed by dedicated third party agents whose sole business model is based on scouring the web for potentially infringing acts, and who get paid per removal. Some people may say that with a results-driven financial incentive to have material taken offline, that there is more of a chance for the DMCA process to be used inappropriately – but that’s something you’ll need to make your minds up on independently.

    Yesterday a colleague let me know about one such organisation that had evidently found some of their notifications rejected in the past, who had then chosen to take to Twitter to voice their displeasure about me doing my job.

    Screen Shot 2015-02-24 at 23.49.14

    The image they linked to was of me, lying on the grass clutching a bottle of Buckfast – the weekend of the Queen’s Jubilee, if memory serves correctly.

    The one they used wasn’t really very good quality though, so here’s a higher resolution one incase they want to try again:

    crail

    I’m not entirely sure what they were trying to achieve to be honest. It’s not as if pictures of me intoxicated are really all that hard to find, after all. My occasional penchant for Buckfast isn’t exactly a secret at Automattic either, given that I did my first annual ‘flash talk’ at the all-company Grand Meetup in Utah on the ol’ tonic wine.

    Somebody (who shall remain nameless) suggested we reply to say:

    Even smashed on Bucky, Clicky Steve knows more about the DMCA than RemoveYourMedia

    Which is so beautiful it almost brought a tear to my eye.

    That wasn’t the only tweet they aimed at me though.

    Screen Shot 2015-02-24 at 23.49.26

    It’s pretty bizarre that they would choose to use that case about Napster to illustrate the potential liability for service providers guilty of contributory infringement, since there are far more recent, compelling, and relevant judgements they could have made their point with. Ah well, better luck next time, eh? As far as I’m aware they never actually sued after these bold statements on social media, but maybe they’re still preparing the paper work.

    At the end of the day, whilst this has given me a hearty chuckle before I turn in for the night, there’s no getting away from the fact that it’s not only petty, but ridiculously unprofessional. Making ad hominem attacks on employees of a company for rejecting your legal demands is pretty sad. If I was a copyright holder, I wouldn’t be too impressed to find the agency I had employed to protect my intellectual property deploying tactics like this. Then again, it might be a bigger deal if they had more than 1200 followers…

    In the world of the DMCA, there’s only one thing dumber than submitting bogus takedown notifications, and that’s having a tantrum on Twitter when your bogus takedowns are rejected.

  • Hyperlinks, Copyright Infringement, and the DMCA

    Hyperlinks, Copyright Infringement, and the DMCA

    Hyperlinks are a fundamental part of the core fabric of the web. As the basic tool used to connect pieces of information together, it’s difficult to imagine how the Internet could function without them. 

    Despite its critical nature, the role of hyperlinks has attracted the attention of those seeking to prevent particular kinds of information from being shared. One of the prime examples relates to copyright, and efforts to disrupt the dissemination of materials without authorisation. As part of this, the delivery mechanism of the hyperlink – as well as the infringing act itself – has come under fire.

    Hyperlinks and Case Law

    There is not a sizeable wealth of case law available that directly relates to the question of whether a hyperlink can constitute copyright infringement. As a result, discussions concerning potential liability often draw upon analogies taken from older cases – sometimes with judgements over a century old – in order to apply established legal principles to the uncertainties thrown up by technological evolution.

    In the case of Hird v. Wood from 1984, the defendant was seated near to a sign on which defamatory messages were displayed. Despite not having created the sign, it was held that he incurred liability simply through the act of drawing attention to it. In the later case of Byrne v. DeanHird was referenced, the judge noting the following:

    If defamatory matter is left on the wall of [a] premises by a person who has the power to remove the defamatory matter from the wall he can be said to have published the defamatory matter to the persons who read it.

    Applied to our topic, it would appear that this principle would impose an obligation on the operators of websites (as well as their hosts) to remove hyperlinks that led to illegal material.

    The Supreme Court in Crookes v. Newton did not completely accept the above analogy. Instead, they found the argument put forward by the respondent to be more persuasive: a comparison between hyperlinks and footnotes. In other words, both are ‘content neutral’, communicating the existence of something, but not necessarily commenting on the content. This view is one also supported by Tim Berners-Lee, credited with the creation of the World Wide Web:

    The intention […] was that normal links should simply be references, with no implied meaning.

    However, the court also recognised that the Internet is ‘a potentially powerful vehicle’ for defamation, and that the context itself was important in establishing possible liability. In the words of the court:

    Individuals may attract liability for hyperlinking if the manner in which they have referred to content conveys defamatory meaning.

    Analogy is one instrument that can be used when considering the relationship between the use of hyperlinks and the law; powerful, albeit imprecise. The issues involved in real life situations are more complex than can be addressed by analogy alone, and courts have often taken differing approaches in making their determinations.

    One of the first cases to directly challenge the legality of the use of hyperlinks, and their potential to constitute an infringement of copyright concerned their use on the website of a Scottish newspaper named the ‘Shetland News’.

    The links in question were published on the Shetland News website. They took the form of headlines copied from the site of a rival paper: the ‘Shetland Times’. By visiting the Shetland News website and clicking on these links, visitors were taken to the corresponding articles on the Shetland Times website. Confused yet? The way things were set up meant it was possible to completely avoid having to visit the Shetland Times’ homepage, and therefore missing out on its advertising. As a result, the Shetland News website was receiving ad-based income for providing direct links to articles that they themselves had not authored. 

    Understandably, the Shetland Times weren’t too pleased about this, and succeeded in having the use of the links halted through the use of an interim interdict. The reasoning for the decision was that the links came in the form of headlines that had been copied verbatim from the other site, and so there was potential copyright infringement. Disappointingly from an academic point of view, the case was settled out of court, with no final judgement made on the actual liability arising from the use of the links.

    One of the first significant cases in the US regarding the status of hyperlinks was that of Kelly v. Arriba Soft Corp. This concerned the display of thumbnail images from a professional photographer’s website in search results. The images were available both as resized thumbnails, and full sized previews, which is akin to the functionality provided by Google Images. Arriba was sued for copyright infringement, and the appeal judgement from the Ninth Circuit Court in San Francisco found that the thumbnails were protected under the doctrine of fair use. However, there was liability incurred for the displaying of the images in a new display window – a practice known as ‘in-line linking’. After an amicus brief filed by the EFF, the judgement was revised; the concerns about the in-line linking removed, with the fair use affirmation standing. 

    In the case of Intellectual Reserve, Inc. v. Utah Lighthouse Ministry, Inc., the court found that hyperlinks pointing towards illegally distributed material could in of themselves be considered to be contributory copyright infringement. In this particular situation, the facts were complicated because the owner of the website in question had originally stored copies of the protected content on their own servers, before replacing them with hyperlinks to copies stored elsewhere. It was the context of these actions that was important – echoing the ratio decidendi in Hird.

    One of the more commonly cited cases in this area is the infamous Grokster case, in which the Supreme Court introduced a new potential for liability: that of inducement. It was held that where technology is created for the intended or actual purpose of encouraging its users to breach copyright, then the creators themselves could be held liable for contributory copyright infringement. Ultimately, Grokster was shut down. Despite the concern by service providers over the precedent of this case, the facts were very particular to this situation, with the platform actively fostering the ‘blatant and overwhelming’ infringing activity of their users. It is extremely unlikely that the same definition would be applied to the majority of contemporary online intermediaries.

    Hyperlinks, the DMCA, and Contributory Infringement

    Online service providers often receive DMCA takedown notifications that target hyperlinks leading to allegedly infringing material, rather than material that resides on their servers. They are faced with an interesting quandary as a result: whether or not to remove the link.

    On the one hand, hyperlinks generally do not constitute copyright infringement. However, it is the context that is the determining factor when considering potential for liability. A link created by a user to illegal material may well be infringing, but where does this leave the service provider?

    Service providers are afforded safe harbor immunity from the infringing actions of their users, provided they ‘remove or disable access to’ material upon receipt of a valid DMCA takedown notification. However, it is unclear how this would apply in the case of hyperlinks. In our example, the infringing material itself is located on servers out-with their control, but there is still potentially infringing activity taking place on their platform. Would a host be liable for a failure to remove a hyperlink to material, where that hyperlink was found to be an infringing act, based on the context?

    We can take some insight into how the decisions of future courts may fall in this scenario by considering the ‘server test’ discussed in the Perfect 10 cases. Here, the facts concerned the display of websites in Google’s Image search that were infringing upon the copyright interests of the plaintiff. It was found that Google was not liable for direct infringement on the basis that the material at issue did not reside on their servers, and was served up from another host through their use of framing, or ‘in-line linking’. With regards to contributory infringement specifically, the court held that there was no liability, as the infringing activity itself would still exist irrespective of whether or not Google Images existed. In other words, they were not found to be encouraging the copyright infringement.

    In Flava, the defendants were operators of a ‘social bookmarking’ service called myVidster that allowed users to share videos from different locations around the web, which were then embedded on their platform, served up from the original locations. They were sued for contributory copyright infringement, based on the actions of users that were sharing clips that had been uploaded without authorisation.

    The service provider had already received a number of takedown notifications regarding the material, and it was argued that they had not taken enough action as required to qualify for safe harbor protections. However, that is not the be all and end all. In the words of the court: ‘a non-infringer doesn’t need a safe harbor.’ The parties who uploaded the videos in the first place were the ones whose activity was infringing, and the question is whether myVidster had encouraged their infringing activity to an extent that constituted contributory infringement. The court did not find this to be the case, holding that myVidster was neither a direct or contributory infringer. In other words, they were too far removed from the infringing activity, 

    My View

    Irrespective of the potential for individuals to incur liability based on the context of hyperlinks which they create, the application of the DMCA should not extend to their removal.

    Part of the criticism of the DMCA is that there is a substantial burden placed on copyright holders to track down and report instances of infringement across the web. Much like the mythological Hydra, as one falls, more spring up to take its place. Slaying the beast requires attacking the root of the problem; treating hyperlinks as valid subjects of takedown notifications is to mis-understand the task, and only serves in the creation of extra conceptual heads to pursue.

    Rather than target hyperlinks, the focus of enforcement efforts should be on the actual source of the infringing material: the host. Take out the location pointed to by hyperlinks, and they are instantly rendered obsolete. This is not only a far more effective approach in tacking infringing activity, but one that also avoids creating extra and unnecessary work. Financially, this means less is paid to third party agents such as DMCA.com, whose revenue is based on successful takedown notifications.

    The DMCA is already a blunt, and powerful tool. Abuse of the system is rife, and often deployed for the purposes of censoring legitimate expression, rather than to curb copyright infringement. To extend its remit to include the removal of hyperlinks is a dangerous step, that fundamentally alters our relationship with a core structural element of the web, and risks a (further) chilling effect on freedom of speech.

    Despite recent case law seeming to support this principle, the judgements have been extremely dependent on the circumstances involved, and there has been no definitive authorities. As a result, it is up to online service providers to shape the approach to the issue, rejecting DMCA notification takedowns that concern hyperlinks. Policy decisions such as this create the normative frameworks that have the power to help ensure or hinder a free and open web, and it’s critical that tech companies lead the charge, rather than taking a minimum risk stance.

  • Facebook’s Real Name Policy is Back

    Facebook’s Real Name Policy is Back

    Facebook have pushed ahead with the enforcement of their ‘real name’ policy, which requires users to use their real, or ‘authentic’ name.

    This comes after a previous attempt stalled, following an uproar from the community which forced Facebook to give a rare apology.

    Here’s the gist of the requirements:

    Screen Shot 2014-11-27 at 12.26.07

    Source: https://www.facebook.com/help/112146705538576

    Sounds fair enough on the surface of it, and gives enough room for interpretation to allow aliases or nicknames – precisely what appeased the criticisms from last time. However, the practical implementation seems quite different.

    Screen Shot 2014-11-27 at 12.26.23

    Again, these additional requirements don’t seem too restrictive. If anything, they seem fairly flexible, whilst retaining some sort of continuity. However, the practical implementation has been completely different.

    Today, there have been reports that users have been locked out of their accounts, after Facebook has deemed their names to not be ‘authentic’ enough. This included a determination that the name ‘Daz’ (a common offshoot of Darren) was not acceptable, and ‘Nikki’ should be changed to ‘Nicola’ – despite the insistence that shortened nicknames (like ‘Bob’ in the case of Robert) are fine.

    Now comes the kicker. In order to get back into your account, you either need to provide a ‘real’ name, or some sort of ‘acceptable identification’ to prove that you are known by the name or alias you had beforehand.

    Let’s take a look at what the acceptable forms of identification are, according to Facebook:

    Screen Shot 2014-11-27 at 12.44.06

    Uhm, sorry… what? Despite their warning that you should be sure to blank out any other personal information, there is no reason in hell that anybody should ever be giving copies of the above documents to Facebook. The idea that this would ever be requested is completely ridiculous. If Facebook demanded I send a copy of my passport – redacted or otherwise – then they would be politely told where to shove it.

    But hey! Should you not wish to share such an important piece of sensitive ID with a social network based in a different country, you have another option. You can provide two bits of ID from the following list:

    Screen Shot 2014-11-27 at 12.46.29

    This just becomes more ludicrous. Here’s why:

    • There is no way for Facebook to verify any of the above properly.
    • All of this ‘evidence’ can easily be doctored by any muppet.
    • Even if you are known by a certain name in your everyday life, you won’t have that alias on official documents that require your legal name. In which case, how on earth are you meant to prove the existence of a nickname?
    • WTF is a ‘permit’ anyway?

    There are plenty of reasons why people would legitimately want to avoid using their full, legal name online (those in teaching, or the health service, or…); those who have already lost the ability to remain hidden in searches thanks to previous changes, with the process to use a nickname or alias instead verging on the impossible. But there’s something far more fundamental here: That it’s absolutely fuck all to do with Facebook what name you choose to go by. Making determinations about what is and isn’t ‘authentic’ is evidence of an organisation that has no concern for its users other than its own commercial interests.

    We need to find a better way to communicate than this by using this lot.

  • Groupon: Trademark Bullies

    Groupon: Trademark Bullies

    Groupon: The wealthy business empire that has made its fortune from selling weekend trips and products like the ‘Purple Tickler Dildo’ directly to your e-mail inbox.

    They’ve had their troubles in the past, with people apparently no longer feeling the magic of the often bizarre choices made by the virtual coupon giant.

    groupon dildo
    One of the fine products on offer through Groupon

     

    However, today saw them coming under fire again. This time for not playing nicely with trademarks.

    In a posting on their website, the open source software Foundation GNOME has issued a cry for financial help to oppose a list of trademark registrations that Groupon have filed with the US Patent and Trademark Office, which conflict with those that the Foundation have held since 2006.

    It appears that Groupon wish to use these trademarks for the name of a new product that will be used as part of an electronic point of sale application. The scope of the usage described is pretty wide:

    Providing use of cloud-based non-downloadable software for processing point of sale transactions, payment transactions, voucher redemption, appointment scheduling, customer relationship management, customer location detection and awareness, inventory management, analyzing merchant transactions, and for evaluating and managing information on business performance and customers; providing temporary use of non-downloadable software that enables users to send and receive pricing, financial transaction, customer information, and payment processing information directly to and from a mobile device and a cloud-based server; software as a service (SAAS) services featuring software that enables users to send and receive pricing, financial transaction, customer information, and payment processing information directly to and from a mobile device and a cloud-based server; providing use of cloud-based non-downloadable software for payment services, merchant analytics, and for evaluating and managing information on business performance and customers; technical support services, namely, troubleshooting in the nature of diagnosing computer hardware problems and troubleshooting of computer software problems; installation and maintenance services for computer software for processing point of sale transactions, payment transactions, voucher redemption, appointment scheduling, customer relationship management, customer location detection and awareness, inventory management, analyzing merchant transactions, and for evaluating and managing information on business performance and customers

    (source)

    As you can see, that’s pretty similar to the description of activities covered in the trademark held by the Foundation:

    Downloadable computer software tools and libraries used for the development of other software applications; downloadable computer software development tools; downloadable computer software for creating and managing a computer desktop; downloadable computer software for use as a graphical user interface; downloadable computer software for word processing, database management, and use as a spreadsheet

    The Internet were none too pleased about this, especially as Groupon has waxed lyrical about their admiration of open source software in the past. In an attempt to calm the waters, they gave the following statement:

    Groupon is a strong and consistent supporter of the open source community, and our developers are active contributors to a number of open source projects. We’ve been communicating with the Foundation for months to try to come to a mutually satisfactory resolution, including alternative branding options, and we’re happy to continue those conversations. Our relationship with the open source community is more important to us than a product name. And if we can’t come up with a mutually acceptable solution, we’ll be glad to look for another name.

    (source)
    (second source with slightly different wording on Groupon’s Engineering blog)

    On the face of it, this largely looks like it might have had the desired effect, with people considering the matter to be closed. However, it seems like nothing better than PR spin. Here’s why:

    • It is inconceivable that Groupon would not know about the prior existence of the GNOME Foundation’s trademark. If they didn’t, it should have come up in the course of proper due diligence.
    • Applying for identical trademark registrations in such a similar area is an aggressive move
    • If Groupon really was in talks with the Foundation, why did they go ahead and submit trademark applications anyway?
    • If the recent statement from Groupon really was serious, they should have announced an intention to retract the pending applications

    Open source communities do not have the same resources to defend their intellectual property as large businesses do, which can make them seem like an easy target for organisations who wish to trade off of their established goodwill. Any defensive legal action would be hugely costly to pursue, and if the GNOME Foundation are forced to go down that route it will be a loss to the open source community as a whole. Thousands of Dollars that could be spent on further development and innovation will be used up fighting a needless battle with a company that can afford it.

    Groupon should stand by its words, respect the GNOME Foundation’s intellectual property rights, and withdraw their outstanding applications. Otherwise they will be confirmed as nothing more than trademark bullies.

    Update: Groupon have just posted the following statement:

    UPDATE: After additional conversations with the open source community and the Gnome Foundation, we have decided to abandon our pending trademark applications for “Gnome.” We will choose a new name for our product going forward.

    Those were some pretty quick ‘additional conversations’.

     

  • WordPress.com Legal Hall of Shame

    Every day people make attempts to censor bits of the Internet they don’t like.

    Working at WordPress.com, we get our fair share of these. We’ve published a list of some of the worst offenders in our Hall of Shame.

    hallofshame_0001_heart

    Take a look here:

    http://transparency.automattic.com/hall-of-shame/

  • Sorry Ms. Jackson.

    At WordPress.com part of my job is to push back against those who seek to abuse the law to censor blogs that they don’t like or agree with. Complainants commonly make claims using the process of trademark and copyright law to intimidate sites into doing what they want, even where they have no valid right to do so. Sadly, many people don’t have the knowledge or resources to fight against this sort of thing, and will remove content after being on the receiving end.

    Recently we (the Terms of Service team) received correspondence from someone claiming to act on behalf of Janet Jackson. They had submitted a trademark complaint about the use of the phrase ‘Janet Jackson’ on a particular website. Effectively, they wanted the article removed for an alleged violation of their trademark, despite the fact that the page only mentioned Janet once. This is clearly not what trademark law is meant to be used for – something any law student would be able to tell, and so was clearly just a cynical ploy to have the content removed.

    We refused to take action against the site, and notified the owner about what was going on. She has posted up a great response over on her blog. Here are some excerpts:

    Allow me to convey my gratitude as both a fan and a corresponding legal target. I recently received the most flattering letter from your IP lawyers in which they allege that I committed a federal crime of TM infringement by mentioning your name in a blog post. That they would devote time and energy to catching my blog in their social media dragnet and do me the honor of writing a cease and desist letter is thrilling.

    You see, humble as it may be, I take my writing very seriously (as, apparently do your lawyers). I have a Ph.D. in English, teach college writing and literature courses in Boston, and am working on my first novel manuscript. For anyone to allege lightly and insubstantially that my writing infringes on any kind of TM, IP, Copyright, is personally insulting and slanderous. WordPress’s lawyers have proven their worth by establishing promptly that your lawyer’s charges against me are entirely unfounded. I will not burden this article any further regarding the ins and outs of IP law and this case. WordPress understands the importance of protecting independent writers and free speech from corporate legal bullies.

    Click through to read the full thing.