HL Committee on the Digital Economy Bill

Yes, that again:-)

As Twitter and ORG resders may know, I'm meaning to write some kind of interim summary of what the Committee stage in the House of Lords has "fixed" in the Digital Economy Bill with respect to the file-sharing and copyright provisions (A: not a lot) and what still needs urgently brought up at Report Stage and if necessary all the way to and through the Commons (A: an awful lot). This despite the best efforts of some exceptionally knowledgeable and persistent Lords, including though not limited to Lord Lucas, L. Howard of Rising, Lord Clement-Jones and the Earl of Errol.

However it seems my job has possibly been done for me - by the Lords' own Human Rights Joint Committee. Their executive summary makes very, very interesting reading and is worth quoting in full:

"

The Digital Economy Bill has been introduced to update the regulation of the communications sector. Due to time-constraints we focus on a single issue in the Bill: illegal file-sharing.

Copyright infringement reports

The Bill establishes a mechanism whereby holders of copyright will be able to issue a 'copyright infringement report' to an ISP where it appears that the ISP's service has been used by an account holder to infringe copyright. ISPs will be required to notify account holders when a copyright infringement report is received in connection with their account. The ISPs will also be required to maintain a list of account holders who have been the subject of such reports.

We consider that it is unlikely that these proposals alone will lead to a significant risk of a breach of individual internet users' right to respect for privacy, their right to freedom of expression or their right to respect for their property rights (Articles 8, 10, Article 1, Protocol 1 ECHR). However, we call on the Government to provide a further explanation of why they consider their proposals are proportionate.

Technical measures

The Bill provides for the Secretary of State to have the power to require ISPs to take "technical measures" in respect of account holders who have been the subject of copyright infringement reports. The scope of the measures will be defined in secondary legislation and could be wide-ranging.

We do not believe that such a skeletal approach to powers which engage human rights is appropriate. There is potential for these powers to be applied in a disproportionate manner which could lead to a breach of internet users' rights to respect for correspondence and freedom of expression. We set out a list of points that the Government should clarify in order to reduce the risk that these proposals could operate in a manner which may be incompatible with the Convention.

Right to a fair hearing

The Bill provides for provisions for appeals in codes. There is little detail about the right to appeal in the case of copyright infringement reports or decisions about the inclusion of certain individuals' information on copyright infringement lists. We consider that statutory provision for a right to appeal to an independent body against inclusion on any infringement list would be a human rights enhancing measure.

Without a clear picture of the criteria for the imposition of technical measures it is difficult to reach a final conclusion on the fairness of the process for the imposition of technical measures. This is a further argument against the skeletal nature of the technical measures clauses. We ask for further information about the quality of evidence to be provided and the standard of proof to be applied to be provided on the face of the Bill.

Reserve powers

Clause 17 of the Bill provides the Secretary of State with the power to amend the Copyright, Designs and Patents Act 1988 by secondary legislation. The broad nature of this power has been the subject of much criticism. In correspondence with us, the Secretary of State explained that the Government intended to introduce amendments to limit the power in Clause 17 and to introduce a 'super-affirmative' procedure. The Government amendments would limit the circumstances in which the Government could use their powers to amend the Act by secondary legislation and would provide a system for enhanced parliamentary scrutiny.

Despite the proposed amendments we are concerned that Clause 17 remains overly broad and that parliamentary scrutiny may remain inadequate. We call for a series of clarifications to address these concerns."

Delightful to see such plain and clear and unadulterated good sense. I particularly applaud the second section: "We do not believe that such a skeletal approach to powers which engage human rights is appropriate." Put that on your tee shirt and smoke it.

In the meantime, all kinds of odd and eddying currents are flowing around the whole filesharing mess, here and abroad. In Blighty, we're seeing more and more sectors of industry, like the hoteliers, coming to the realisation of how bad the DEB will be for them as providers of public wi fi to the public; in Europe, the Belgian SABANE case, which imposed an impossible to fulfil filtering obligation on a Belgian ISP in the interests of rightsholders, is going on appeal to the European Court of Justice, with strong backing in evidence from trusted computer industry experts ; and the first Ozzie case on intermediaries and file sharing since KaZaa has been heard, and as with Oink in the UK ,the music industry have done themselves no favours by bringing it (though this case, being civil, includes no room for accusations of perverse juries).

More on all of these to come, I suspect, but on the last, I direct you meanwhile to my colleague Technollama's very helpful comments on the Australian case. From Pangloss, it is bonne nuit.

Google and China: the fallout continues

Since I wrote my last post suggesting (rather speculatively) that Google's apparent willingness to pull out of China might be linked to US state fears of (and pressure concerning?) cyber espionage against data held by Google about US citizens instead of/as well as Chinese dissidents, the world has become very interested in the succeeding revelation by Google that they are now working with the NSA to improve their cyber defenses.

This raises all kinds of further questions: doesn't Google have as much expertise in computer security itself as the Spooks? Or as someone put it even more conspiratorially on Twitter: hadn't we always assumed Google was working with the spooks? In which case what drove a public admission of it now?

All fun stuff and clearly far beyond the ken of a mere academic lawyer. But t0day's Grauniad has an interesting quote:

"Google is unlikely to be turning to the NSA for technical advice. Why then is it calling in the spooks? One reason could be that the world's dominant internet company is now in the crossfire of early skirmishes of the next cold war.

This thought was reinforced by Financial Times columnist Gideon Rachman. He'd been to the International Institute for Strategic Studies for a briefing on its annual survey, Military Balance. "The thing I found most interesting," he said, "was the confirmation that cyber-security is the hot issue … John Chipman, the head of the IISS, says the institute is about to launch a study of cyber-security which raises all sorts of issues. What if a country's infrastructure could be destroyed as effectively by a cyber-attack as by an invasion of tanks? How do you defend against that? How do you identify the culprits? What does international law have to say – might we have to revise our definitions of what constitutes an act of war?"

"Chipman argues, plausibly, that we are now at an equivalent period to the early 1950s. Just as strategists had to devise whole new doctrines to cope with the nuclear age, so they will have to come up with new ideas to cope with the information age."

I've noted before that I find it difficult to see how current international law can define cyber attacks and especially cyber espionage as armed attacks justifying, eg, the doctrine of self defense. But I've also now been to several events where military lawyers seemed to be if not saying then at least moving toeards exactly that. It is clear we are entering the era of what is sometimes called "justificatory discourse" regarding cyber war, or PR in less elevated circles. (The irony of the fact this is playing out as the Iraq inquiry goes on is not lost on Pangloss. Nor that MI5 appears to be trying to get in on the action by revealing what bad stuff Chinese cyber spies have been doing inthe UK too.) The same thing, is, of course, happening in China too: one report from there notes that the average Chinese citizen is mostly apathetic to the loss of Google but Chinese news coverage has " focused not on Google but on what is perceived as US "information imperialism." "

And meanwhile, the ever excellent Ray Corrigan points out (I think - lots of interesting stuff packed in here) that cyberwar may be becoming the latest bogeyman, following hard on pedophiles and alQuaeda to justify incursions into our civil liberties. And that we are hardly ones to condemn China's Great Firewall, when we do an awful lot of net censorship ourselves. (See further, dare I say, my own chapter here, which is the basis of the paper on cyber filtering and free speech I'm giving in a few days.)

OT: Looking at B2fxx reminds me I have been derelict of duty not to mention my collague Chris Marsden's much awaited book on 'Net neutrality: towards a co-regulatory solution' is not only just published by Bloomsbury but also available for free download under a creative commons licence at http://www.bloomsburyacademic.com/pdf%20files/NetNeutrality.pdf . Lordy lordy such wondrous times we live in!!

GikII 5!!!

Heads up GikII people; GikII 5 *will* be in Edinburgh June 28-29 2010. We have FINALLY managed to book a room!! More details soon. Already one paper offered on Gallifreyan legal procedure :-)

Google and China: Interesting Times?

So what do we think about the Google China affair then? For anyone who has been hiding under a rock on Pluto lately, Google announced on January 13th that it "may end its operations in China following a "sophisticated and targeted" cyber attack originating from the country." aimed apparently at gathering intelligence from Gmail accounts etc on human rights activits, dissidents and the like in China, and adding that in response they would no longer self censor their search database as they had since starting up in China in 2006. China, unsurprisingly, insisted that hacking was illegal in China and Google would have to toe the line and enforce local laws like other companies. Then perhaps slightly more surprisingly, the US government itself got involved in the form of a swinging speech by Hilary Clinton demanding that Beijing that should investigate the hack attacks on Google, and les directly, implying that China had a duty, like also-mentioned Tunisia, Uzbekistan, Vietnam and Egypt to stop restricting freedom of expression on the Internet. One commentator has compared this to Reagan demanding the pulling down of the Berlin Wall - only this time it was the Chinese Great Firewall. For China to back down wouldbe almost unprecedented; so at least China insider has said that in six months he expects there to be no Google.cn. Meanwhile information filters out that similar espionage hacks seem to have been mounted by Chinese hackers on other US companies in recent months , seeking economic espionage intelligence; two of the companies were major US oil companies.

The main response to this has been huzzah! In a world apparently dominated by bankers taking as many undeserved bonuses as they can sweep up, one can sense the eagernness of the world to believe that a big company can still want to do the right thing. Certainly even if Google's "Do no evil" motto has tarnished a little lately they do stand out as appearing in the world of corporate politics to give a damn about human rights. A Grauniad columnist wrote perhaps a little over excitedly yesterday:
"

we can now again unreservedly identify, politically as well as aesthetically, with Google. This is the spirit of liberal universalism. It says that there are some universal rights it is not the prerogative of any state or "civilisation" to curb; and that, as the Universal Declaration of Human Rights states, the right to information freedom is among them."

But is anything in life really this simple? As many have pointed out, China is a market where Google is not dominant, having only around 30% of the market. But pulling out of the world's largest emergent economy is still rather a bold step. Unless perhaps you consider the rather less publicised fact that Google only makes money by click through on ads; and reportedly, the Chinese don't yet bother to click through (Google don't reveal the turnover of their Chinese business as they do their US profits). Still it seems like either a very brave or a very foolhardy endeavour. (Bill Thompson comments that "Threatening to pull out of China is like threatening to spit on a whale".) (Unless you think it's all merely a very successful PR stunt.)

A braver woman than Pangloss might even sail into the world of conspiracy theories, and consider the Google response and the Clinton speech as part of a combined PR drive. China expert Orville Schell in this video recorded at Davos, notes that

"Google has become more like a nation than a company. By this he means that not only is Google closely connected to the Obama administration, but the company has a high resonance in the western world. Only a company like Google could take such a stance against China".

Why would the US want Google out of China, or at least, a very public fuss about the hack attacks on Gmail accounts by China? Well cybersecurity experts have long privately admitted that although rather more fuss has been publicly made about "cyberwar" denial of service attacks on critical infrastructure (as , famously, against Estonian and Georgian banks and media sites, etc), the foremost worry is actually about cyber espionage. Chinese keylogger code has been found before now on military computers; it is known that it is almost impossible to 100% protect against this. Google store invaluable information not just about Chinese dissidents but US citizens - and companies. If you were a Chinese espionage officer would you target the unprotected Gmail user or the more protected Google servers, or the very well protected servers carrying confidential military or corporate secrets?

For a cyber lawyer, the interest here is whether we are approaching the point where cyber espionage might begin to be characterised as "cyberwar". Just as with DDOS attacks, the current law is badly equippd, perhaps quite properly, to make this conceptual leap. I spoke on this in Estonia last summer, at the NATO backed CyberSecurity Centre. International treaties demand an "armed attack" by a "state" before rights of self defence or international humanitarian law can begin to apply. Is use of code to find out information an "armed attack"? Difficult to see (although there was some discussion of this back in the good ol' days of Star Wars defence.)

More significant still is the pained matter of attribution. No one can prove that attacks by Chinese hackers came from and with the authority of the Beijing government - and circumstantial evidence simply cannot be regarded as decisive here given the easy obfuscation of Internet traffic and addresses, and the flourishing private enterprise cyber black market. Much of the cybercrime in the world originates from networks of zombie machines run (apparently:-) by Russians with the machines scattered through every country from the UK to Brazil; this does not mean (necessarily) that Russia, the UK or Brazil is responsible as a state aggressor. The question of attribution will have to be far better discussed before we can go any further down this line. In the meantime however, it is interesting to note that there are reported American stirrings of interest in a cyberwar treaty to reduce cyber-attacks, as with munitions or poison gas weapons: such a treaty has long been resisted by the US, but now that position seems to be shifting - why?*

And meanwhile today brave little Twitter, hero of the Iran dissidents, announces they are sub contracting research to avoid being blocked by China. All in all very interesting times - in the Chinese sense?

*Well perhaps because as I discover the minute I finish writing this, 37% of US critical infrastructure firms think cyber attacks are growing and 2/5 expct a majot cyber security incient within the year - say McAfee at Davos.

Life, etc

Via my very lovely colleague Judith Rauhofer;

Quote of the week by Lord Clement-Jones:

" When a man is tired of the Digital Economy Bill, he is tired of life. I am sure this show will run for a long time."
And indeed, now the debates in HL Committee over the "three strikes" parts of the DEB have ended, watch this space for some thoughts on how the debates have gone, shortly. For now, interesting to note that legal process needs tweaking too: see the latest Which? report on the deluge of complaints against P2P ambulance chasing bully firm , ACS Law (creditably, much mentioned in the Lords debate.)

"

ACS:Law has sent thousands of letters to people claiming they have illegally downloaded material and offers them a chance to settle by paying around £500. 

Which? says it has been approached by some - including a 78 year-old accused of downloading pornography - who have no knowledge of the alleged offence.

ACS:Law said its methods were accurate.

The London-based firm said that it would send more letters soon."

In other news, I'd also like to comment on Google and China (interesting response here from the reliably interesting Bill Thompson, one of the few voices to be more realistic than triumphant here), connected cyberwar developments and public open data in the UK - to be continued!! (Oh and I'd really like to talk about whether full body airport scanning really constitutes distribution of child porn (eh?) as oposed to invading privacy (for sure). But chance would be a fine thing!

Also, the first review of Law and the Internet 3rd edn!! Thanks to Andrew Katz for preparing me, er, letting me know!!

ORG : Fight the Digital Economy Bill unconferences

Via ORG: a series of meet ups in Manchester, London, Edinburgh and Sheffield to learn more about how to effectively lobby your MP on digital rights matters, with current especial reference of course to the DEB, graduated response, disonnection etc.

This is a great and timely initiative and if you have any interest in learning how to actually participate in democracy and make your voice count, come along!! It's free!

I will be attending the Edinburgh one, and am happy to talk to people about what I've seen of the Lords debates on the amendments thus far - I'll also, time willing, be blogging in detail on this this week or next as we approach the end of the committee Lords stage. Hugh Hancock of Strange Co machinima fame will also be there and of course Jim Killock, director of ORG. (Will we have a Technollama, Andres??)

Details and sign up form here.

"The Open Rights Group wants to help you get your voice heard: by helping you to talk to your MP. Booking an appointment with your MP and saying what you think is easier than you might think.

At this event you will:

• Gain the confidence to talk and write to your MP
• Rehearse talking to your MP one on one
• Find out what MPs will ask you
• Learn how to write to your MP and get a response
• Meet other people campaigning against disconnection without trial in the Digital Economy Bill

Talking to your MP is the most effective way to make sure Parliament knows how unpopular and bad disconnection without trial really would be.

In these short sessions, you can try out talking to your ‘MP’ or watch someone else having a go, and learn how to get your points across in a way that an MP will understand."

Quote of the debate so far

Lord Lucas, Jan 12th, Committee Stage day 2

"Lord Lucas: I agree with what the noble Lord, Lord Mitchell, has just said. We have to be careful about setting out to criminalise, as he says, a large proportion of our population, particularly when it involves putting them not in the hands of the criminal law with all the safeguards, care and rationality that involves, but in the hands of firms of solicitors who are out to make a

12 Jan 2010 : Column 423

buck from the process. None of these people are nice to deal with. Even where the majors have been involved in prosecutions-there are not many cases of that-they are relentless. It is not at all nice to be on the receiving end of one of their prosecutions. They can take a long time, cost a great deal of money and go on, with unspecified consequences, for a period of years. It is not like a parking fine or some simple, reasonable but reasonably painful financial consequence of wrong-doing. This is putting people into the civil justice system with civil levels of proof. We should be careful about doing that and the circumstances in which we do it."

The DEB amendments; 1 in a series..

You might wonder where I've been this time. Well, Pangloss is currently signed off work with a prolapsed disc. Yes it's Ok, it wsn't fun, but I'm getting better now, thanks. Anyway, one thing I plan to do for **fun** this week now I have time on my hands is sit down and have a look at the hundreds of DEB amendments. Yes I know; I'm that sad.

As a starter, it's important to remember not all the DEB is about disconnection of filesharers and neither are all the amendments.

One amendment Pangloss might draw attention to in particular has had quite a warm reception in parts of the press, odd perhaps given recent Google/Murdoch fracas (or not so odd?:). The Telegraph note

Lord Lucas, a Conservative peer, has tabled several amendments to the Digital Economy Bill

that would settle a number of copyright and electronic publishing arguments once and for all.

The one that’s been catching the headlines is immunity for search engines from prosecution under copyright laws as they go about their normal business of searching the web. Every provider of a publicly-accessible website shall be presumed to give a standing and non-exclusive licence to search engines to copy their content for the purposes of searching. A machine-readable file (robots.txt, for example) can be used to demonstrate that such a licence is not granted, should the owners of the website prefer not to be indexed.

Brilliant. Immediately all of the rows and back-and-forth between ill-advised newspapers and publishers is given a clear legal footing. It would be legal to be a search engine, and you can tell them to keep out if you wish. A few sentences saves millions of pounds of court costs and clears the headaches of everyone involved."

while the Guardian adds

" it would, for example, give Google legal immunity with which to index News Corp content, settling that thorny topic once and for all. But all would not be lost for publishers who want to retain control. Lucas's amendment does make provision…

The presumption (of having an automatic license) may be rebutted by explicit evidence that such a licence was not granted. Such explicit evidence shall be found only in the form of statements in a machine-readable file to be placed on the website and accessible to providers of search engine services.

In other words, Google would be free to copy everything - but a publisher blocking search spiders with a robots.txt file would be taken as withholding that right. An explicit "fair use" provision, which Google often cites against copyright-abuse claims, does not exist in UK law."

Interesting stuff?

NOTE: fun summary of this week's first debate at the Register

Oink site owner cleared of conspiracy to defraud

Well I guess we didn't see that coming.

"A man who ran a music-sharing website with almost 200,000 members has been found not guilty of conspiracy to defraud at Teesside Crown Court.

Alan Ellis, 26, was the first person in the UK to be prosecuted for illegal file-sharing...

Oink facilitated the download of 21 million music files...During the trial, which lasted seven days, Teesside Crown Court heard that users were required to make a donation to be able to invite friends to join the site.e jury was also told that Mr Ellis received $18,000 (£11,000) a month in donations from people using his website."

Well this is interesting. Is this the UK's own homegrown Pirate Bay case only coming out in reverse, or is it merely a blip from a perverse jury probably stuffed full of students and ne'er do wells? We may not find out for some time..

Some very strange elements here. Users had to make "donations" - yet they, who were looking for free music, donated £11,000 a month? How good was this site? An earlier Beeb story tells us "The court heard that membership to Oink was free, but by invitation only, and anyone wishing to propose a friend had to make a five dollar payment." Er that's an entry fee NOT a donation..

Te money was alleged to be used to buy a new server. You can buy a decent server for about £1000 or less these days..not £11K per month. The site was designed not to "defraud" but to allow the owner to practice his skills to bcome employable, he claimed. Yet "the website was developed from a free template, which had a torrent file-sharing facility included in it". In other words, it came as a kit. Not terribly skill enhancing? And this unemployed worker wannabe had $300,000 in his bank account when the police raided. All this rather points to the perverse jury theory.

Why did the CPS go for conspiracy to defraud anyway? Why not as in Sweden, a criminal copyright offence, since given the "donations" and profits, surely there is as much evidence of commercial trading in copyright infringement as with any normal geezer selling CDs off the back of a van? Did they decide not to take that approach because it was a torrent site not a hosting site? That would be my guess (although of course the Pirate Bay was a torrent site too) - it would be great if someone out there knows more.

Not a good week for the music industry altogether, as BIS back peddles on clause 17 of the DEB as well! Perhaps the most interesting sociological point here is to wonder why the jury came in with such a strange verdict. Has the music industry dug their own grave by making their enforcement tactics so alienating that juries will turn their back on overwhelming evidence of guilt? Hubris, ate??

The Google Toilet

This is getting a lot of pass-round in ye olde blogosphere. As with some of the vids I post here about filesharing, it makes some good points evocatively but I do not endorse the overall conclusion for one simple (or maybe not so simple) reason; even if you effectively feel you have to use Google (and there are rivals, especially in the non search categories of services) you can delete your Google cookies. But - another fun one to show students!

Tell it to the Marines: 2010, same news at 10

And so as it ended, it begins.. (obvious reference to Dr Who's regeneration deleted , sadly..)

The Beeb reports a pre emptive attempt by Bono to get headlines when as we all know this the time of year with No News.

""The immutable laws of bandwidth tell us we're just a few years away from being able to download an entire season of '24' in 24 seconds," he wrote.

"A decade's worth of music file-sharing and swiping has made clear that the people it hurts are the creators...the people this reverse Robin Hooding benefits are rich service providers, whose swollen profits perfectly mirror the lost receipts of the music business."

Um yeh. Would that be the same rich ISPs who are going to have to pay an estimated £500m to prop up the failure to innovate of an entirely other industry?

As to:

In a move that drew significant criticism, Bono went on to suggest that the feasibility of tracking down file-sharers had already been proven.

"We know from America's noble effort to stop child pornography, not to mention China's ignoble effort to suppress online dissent, that it's perfectly possible to track content," he said."

...I really feel any comment is redundant.

Oh and happy new year!!

Facebook Privacy:: Fact or theory?

Xmas comes early for privacy advocates?!

The Register reports

"Facebook has ordered its 350 million users to sort out their privacy settings right now, before it throws the switch on its revamped security system.

The social networker farmer in chief Mark Zuckerberg, told its users last week that, "We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload." He also promised a simplified privacy page.

..In today's warning, coinciding with the actual launch of the tools, Facebook promised its new Publisher Privacy Control would allow users to set a privacy setting for each piece on content they create.

The firm is also removing its "regional networks", in favour of four basic control settings: friends, friends of friends, everyone and customised.

This will be allied with an "easy, intuitive and accessible" privacy settings page."

Well, hmm, let's see - but Blogzilla. looks like we may finally have to rewrite that FB paper!

Of course in other news today, Sophos, who discovered 2 years ago that most FB users would revel their most private details to cartoon frog, found that 2 years on, relicating the study in Australia, ... well, nothing had really changed.

"The survey found that 46% of users in a fictional 21 year old's age group accepted the offered friendship, while 41% of a fictional 56 year old's peers did.

On Facebook once someone has been accepted as your 'friend' they can see more information about you, but you can still choose to hide information from those friends or limit it to specific groups amongst your online friends....

"Both groups were very liberal with their email addresses and with their birthdays," said Sophos head of technology in Asia Pacific Paul Ducklin. "This is worrying because these details make an excellent starting point for scammers and social engineers.""

Ah well, you can't have everything!

Something Different for the Midweek: Google and Criminal Liability

Yesterday Pangloss was very happy to have a guest lecture for her Internet Law class given by Trevor Callaghan, Managing Product Counsel of Google UK. Trev gave a hilarious lecture on the law relating to search and copyright, which conbined legal insight, practical tips, and social responsibility with some Glasgow humour that would have put Armando Iannuci of The Thick Of It fame to shame (albeit with (slightly) less swearing). I enjoyed it, lots, and i think the students did too.

Anyway, this all reminded me that actually quite a few things are going on I should be talking about as well as (or perhaps even in combination with) the Digital Economy Bill. One of these, which has received suprisingly little press (even wonderful OUT-LAW hasn't mentioned it since February) , is that right now, four Google executives - including Privacy CEO Peter Fleischer- are on trial - yes, criminal trial - in Italy, in relation to a short phonecam video made by some school children of a bullying incident involving a child with learning disabilities, and then posted on Google Video.

In Italy, it appears that libel and , possibly, infringement of privacy laws, can be a matter of criminal as well as civil law. Google took down the video on notice within a day of receiving an official complaint from a consumer group, although the video had been online for about 2 months before that. Italian prosecutors investigated for two years but then decided to proceed.

For Pangloss this seems a not very difficult case that ought to be easily decided under the EC E-Commerce Directive safe harbours in Art 14 and 15, as often discused in this blog. If these aren't implemented into Italian law, then it would seem Italy must be in breach of EC law itself. Google was clearly a host here, and Art 14 provides that such sites are protected from criminal liability for the activity of users of the service, unless they receive actual notice, and fail to take down expediently. This is a case about criminal liability so there is no need even to move to the second branch of Art 14 (which is far more controversial) and discuss whether Google should have known - ie had constructive knowledge - of the activity or content. Injunctions would have been relevant, despite the safe harbours, but these are not the issue as Google already took down straightaway on notice.

So why on earth is this case coming to trial? Pangloss is perplexed. One possibility as noted above is that simply that Italy's domestic law is in breach of EC law (in which case Google should have a Francovich claim for damages against the Italian government, though that may not be much comfort to the men awaiting trial.) Another possibility, though rather an unlikely one, is that the Italian prosecutors have confused the activities of Google as a search engine, with Google as a host. The ECD does not give search engines , or hyperlinkers , a special immunity from liability as it does hosts and "mere conduits" : though a number of EC countries have in fact decidd to extend such an immunity, either under Art 12 or 14, or both. However in this case case it seems pretty clear Google was a host not a hyperlinker in terms of liability. So, what on earth quid iuris?

Another remote possibility is that the suggestion is that Google as a provider of free services does not gain the benefit of the Art 14 safe harbour. This uncertainty has been around for a long time, since only providers of "information society services"(ISSPs) get the benefit of Arts 12-15 and that definition is of an online service "normally provided for remuneration" (see recitals 17 and 18). Yet majority opinion has long felt that this particular point is no obstacle to the likes of Google (or Facebook, or Hotmail?) claiming safe harbours.

First, while renumeration might not come directly from users, it certainly does come in the form of the adverts Google place alongside its services. Second, search services are certainly something that would "normally" be paid for if they weren't, happily, often provided for free: they are of huge commercial value . Thirdly, it seems a strange policy in terms of public interest which would discriminate against services of great public value provided for free, in favour of those given purely for direct consideration.

There is no clear ECJ ruling on this yet but there is likely to be soon: in the upcoming Adwords conjoined referrals to the ECJ (Google France v Louis Vuitton, etc), the Advocate-General has already given a preliminary opinion in which he found:

"There is nothing in the wording of the definition of information society services to exclude its application to the provision of hyperlinks and search engines, that is to say, to Google’s search engine and AdWords. The element ‘normally provided for remuneration’ may raise some doubts as regards Google’s search engine, but, as has been pointed out, the search engine is provided free of charge in the expectation of remuneration under AdWords. (68) Since both services are also provided ‘at a distance, by electronic means and at the individual request of the recipient of services’, they fulfil all the requirements necessary to be regarded as information society services."(para 131)

And for what it is worth, a roughly similar finding was reached, albeit obiter and with an admission of some possibility of doubt , in the recent English libel case of Metropolitan v Designtechnica, where Eady J opined: "it would appear on balance that the provisions of the 2002 Regulations [defining an ISSP] are apt to cover those providing search engine services." (para 84)

So what does that leave? Well there is perhaps a clue in the New York Times account.

"Google and the prosecutors agree the video was uploaded Sept. 8 and removed Nov. 7, 2006. The prosecutors presented evidence showing that in early October, a month before the video’s removal, there were comments posted saying that it should be taken down. One of those messages read, “This is shameful! This should be taken down immediately.”

“It is reasonable to imagine that comments like this were followed by requests by these same people that the video be removed,” the prosecutors wrote in the document they presented to the judge."

So when are such shocked responses or "requests", "actual notice" as required by Art 14? Do comments on a video hosting site cut it, as opposed to an official request for takedown? To put it another way: does a hosting service have a duty to read comments about videos posted by, and probably of interest only to, their creators and viewers? Surely not.

Compare the situation to the original world Art 14 was designed to deal with, that of web 1.0. If Demon Internet hosted a basic site for (let's say) Anglers Magazine, and it contained a chatroom where libellous remarks were made about particular fly-fishers, would Demon be expected to monitor that chatroom for explicit or implied requests to take down those comments? Again, surely not. It would be up to the aggrieved angler to send his request for take down direct to Demon. The whole point of Art 14 was to reassure host providers they had no need to monitor the activities of those to whom they provided hosting services. Not only would this involve huge expenditure of effort and cost, but it might also be privacy invasive and chilling of free speech. Art 15 states this absolutely explicitly:

"Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity."

Still another way to put this is to ask , what are the minimum requirements for notice? This is a perennial problem. The US DMCA largely gets it right, with a statutory form which requires a complainant to give clear details including their own address and status as rightsholder, and provides sanctions for false accusations. The ECD, being a EC wide framework, is hopelessly vague. The UK's own regs help a little but not much - there is no DMCA type statutory notice but Reg 22 of our E Commerce Regulations does state that

"In determining whether a service provider has actual knowledge ... a court shall take into account all matters which appear to it in the particular circumstances to be relevant [including] whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c)" - ie, their official contact email address .

This stuff should be simple law (compared at least to issues like eBay and Louis Vuitton, Google and AdWords) but even it is not. The ECD deperately needs revised to get a few simple things right and harmonised across Europe: what form should "actual notice" take; what does "expediently" mean; what is constructive notice; when, if ever, can an obligation to filter proactively be placed on ISSPs; what immunities should search engines (and hyperlinkers and aggregators) have. Pangloss loves this stuff but even she is tired of writing the same stuff over and over again. It is time to review the ECD.

PS and in the interest of public policy but with just a hint of minx-itude, I have helped draft a proposed amendment to the Digital Economy Bill for ORG which would aim to clarify some of these very matters, at least for the UK. See you in the House of Lords! :-)