A UK-based cyberlaw blog by Lilian Edwards. Specialising in online privacy and security law, cybercrime, online intermediary law (including eBay and Google law), e-commerce, digital property, filesharing and whatever captures my eye:-) Based at The Law School of Strathclyde University . From January 2011, I will be Professor of E-Governance at Strathclyde University, and my email address will be lilian.edwards@strath.ac.uk .
Sunday, December 12, 2010
Wikileaks drips on: some responses
The main thrust of the point I was making is that settling a dispute of major public consequence by covert and non-legitimate bully boy tactics - covert pressure on hosts, payment services and DNS servers, plus DDOS attacks on Wikileaks hosts from the US-sympathising side - and anonymous DDOS attacks on sites like Amazon, Mastercard and Assange's alleged rape victims' lawyer's site from the Wikileaks-sympathising side - are BOTH the wrong thing to do. The point of a civilised society is suposed to be that disputes are settled by transparent legitimate and democratic, judicial or political processes. This has not been a particularly popular point with almost anybody, but it seems to me that it may indeed be naive (as some commenters have accused), but it is also, I stil think, both correct and needing saying, in the current frenzy around the First Great Infowar etc (it's 1996 all over again, yet again..).
One commenter asks not entirely unreasonably why it is justified for Amazon to take down content without going to court but "Vigilanteism" if the forces of Anonymous take down content extra judicially by DDOS attacks. The confusion here is in the word "justified". Amazon are justified, I argue, because since they host the content, they could be held legally liable for it (on a variety of grounds) if they do not take down having been given notice. That could lead to damages against them, injunctions blocking their site to customers (at their busiest time of the year) or even a prison sentence for their CEO . As a (liberal-sympathisng) friend in industry said to me, that last does tend to focus the mind. To state the bleeding obvious, Anonymous by contrast are not liable for the content they bring down.
But that meant I was saying Amazon were justified in a risk-management sense, and a legal sense, not an ethical sense. Was it Amazon's highest ethical duty to defend freedom of speech or to be responsible to their shareholders and their employees? That's a harder question. Many used to feel companies had no ethical duties at all, though that is gone in an era of corporate social responsibility (though this is still rarely if ever a legal obligation). Amazon's role is perhaps confused because they are best known as a consumer site selling books ie complicit with freedom of expression. Would we feel as aggrieved if Wikileaks had gone to a cloud host known only for B2B hosting? Perhaps, but what reason would there then be for expecting a host to behave like a newspaper?
What this leads us to as many, many commentators have pointed out is a renewed understanding that freedom of speech online is worryingly dependent on the good intentions of intermediaries whose core values and business model is not based on journalistic ethics, as was true for traditional news outlets in the offine age. This is hardly news: it has been making headines since at least 1996 when a Bavarian court convicted the CEO of Compuserve for distributing Usenet newsgroups to Europe, some of which happened to contain pornographic files. That incident among many others, lead to rules restricting the liability of hosts and intermediaries, in both the EU and US, which did quite well till round the early 2000s but are now struggling (not least because of pressure from both the copyright and the chld safety lobbies for less, not more, immunity). Not uncoincidentally, these rules are now being actively reviewed by among others, the EU, the OECD and WIPO. The really interesting question now will be what effect Wikileaks as a case study has on those debates.
Wednesday, December 01, 2010
Veni Vidi Wikileaks
This is interesting in all kinds of ways.
First, the initial move to Amazon was a clever one. In the old days, a concerted and continuing DDOS attack on a small site might have seen them off - nowadays there are plenty of commercial reasonably priced or free cloud hosts. So cloud computing can be seen as a bulwark for freedom of speech - vive les nuages!
Second, though of course, what strokes your back can also bite it, and here we have Amazon suddenly coming over shy. This appears to be entirely the sensible legal thing for them to do and anyone accusing them of bad behaviour should be accused right back of utter naivete. Amazon are now on notice from the government of hosting material which breached US national security and so would according to the US Espionage Act as quoted in the Guardian piece, fairly clearly have been at risk of guilt as a person who "knowingly receives and transmits protected national security information" if they had not taken down. (Though see a contrary view here.)
While Assange as an Australian not a US citizen, and a journalist (of sorts) might have had defences against the charges quoted also ( as canvassed in the Grauniad piece) Amazon, interestingly, would, it seems, not. They are American and by definition for other useful purposes (eg CDA s 230 (c) - see below and ye ancient Prodigy case) , not the sort of publisher who gets First Amendment protections. And Amazon has its CEO and its major assets in the US, also unlike Assange. I think that makes take down for Amazon a no-brainer. (And also interestingly, CDA s 230(c) which normally gives hosts complete immunity in matters of liability which might affect press freedom (such as defamation by parties hosted) does not apply to federal criminal liability.)
But as Simon B also pointed out, there are lots of other cloud suppliers , lots in Europe even. What if Wikileaks packs and moves again? Would any non US`host be committing a crime? That would depend on the local laws: but certainly it would be hard to see if the US Espionage Act could apply, or at any rate what effective sanctions could be taken against them if a US court ruled a foreign host service was guilty of a US crime.
Which leaves anyone wanting to stop access to Wikileaks, as Technollama already canvassed, the options of, basically, blocking and (illegal)DDOS (seperating the existence of the Wikileaks site from any action against Assange as an individual). Let's concentrate, as lawyers, on the former.
Could or would the UK block Wikileaks if the US`asked?
Well there is an infrastructure in place for exactly such. It is the IWF blacklist of URLs which almost all UK ISPs are instructed to block, without need for court order or warrant - and which is encrypted as it goes out, so no one in public (or in Parliament?) would need to know. This is one of the reasons I get so worked up about the current IWF when people are asking me if I won't think of the children.
There is also the possibility, as we saw just last week, of pressure being exerted not on ISPs but on the people who run domain name servers and the registrars that keep domain names valid. Andres G suggests that the US might exert pressure on ICANN to take down wikileaks.org for example. Wikileaks doesn't need a UK domain name to make itself known to the world, but interestingly only last week we also saw a suggestion from SOCA (not very well reported) that they should have powers effectively to force Nominet, the UK registry, to close down UK domain names being used for criminal purposes. Note though if you follow the link that that power could only be used if the doman was breaking a UK criminal law.
But there is a really simply non controversial way to allow UK courts the power to block Wikileaks. Or there may be soon.
Section 18 of the Digital Economy Act 2010 - remember that? - allows for regulations to be made for "the granting by a court of a blocking injunction in respect of a location on the internet which the court is satisfied has been, is being or is likely to be used for or in connection with an activity that infringes copyright."
Section 18, at present, needs a review and regulations to be made before it can come into force. This may in the new political climate perhaps never happen - who knows. But what if that had been seen to?
Wikileaks documents are almost all copyright of someone , like the US government, and are being used ie copied (bien sur) without permission. Hence almost certainly, a s18 fully realised could be used to block the Wikileaks site.Of course there is some possibility from the case of Ashcroft v Telegraph Group [2001] EWCA Civ 1142`that a public interest/freedom of expression defense to copyright infringement might be plead - but this is far less developed than it is in libel and even there it is not something people much want to rely on.
So there you go : copyright, the answer to everything, even Julian Assange :-)
Oh and PS - oddly enough the US legislature is currently considering a bill, COICA, which would also allow them to block the domain name of sites accused of encouraging copyright infringement. Handy, eh? (Though on this one point, the UK DEA s 18 is even less restrictive than COICA, which requires the site to be blocked to be "offering goods and services" in violation of copyright law - which is not even to a lawyer a description that sounds very much like Wikileaks.)
EDIT: Commenters have pointed out that official government documents in the US, unlike in the UK do not attract copyright. Howver the principle stands firm: embarrassing UK docs leaked by Wikileaks certainly would be prone to attack on copyright grounds, including DEA s 18, and it is quite possible some of the current Wikileaks documents could quote extensively from material copyright to individuals (and Wikileaks prior to the current batch of cables almost certainly contain copyright material).
Interestingly Amazon did in fact, subsequent to this piece, claim they removed Wikileaks from their service, not because of US pressure, but on grounds of breach of terms of service : see the Guardian 3 December 2010
"for example, our terms of service state that 'you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity.' It's clear that WikiLeaks doesn't own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren't putting innocent people in jeopardy. Human rights organisations have in fact written to WikiLeaks asking them to exercise caution and not release the names or identities of human rights defenders who might be persecuted by their governments."
The copyright defense is alive and well :-)
Job opportunity
As advisory board meber of ORG, I was asked to help spread the word about a new job opportunity with the Open Rights Group, where for the first time we're looking to hire someone with some kind of legal background. If you’re a London-based law student, trainee in waiting, or other legal type with an interest in IT and/or IP law, then you may want to check the following new job at ORG:
The Open Rights Group, a fast-growing digital rights campaigning organisation, are looking for a Copyright Campaigner to take our campaigning on this fast moving area to a new level.
You will work as a full time campaigner to reform copyright and protect individuals from inappropriate enforcement laws like ‘three strikes’. We’re after someone with a passion for this area who has a proven ability to organise and deliver effective campaigns.
We are looking for someone with excellent communication skills, good organisational and planning skills, who works well in a team environment and is able to prioritise their own work without depending on line management. You will be able to demonstrate commitment to our digital rights.
The jobs is full time for one year, with the possibility of extension to a second year. Salary: £30,000.
Welcome back to me
So to kick off, a reprise of my annual not-very-serious predictions for next year, from the SCL journal site (where many more such can be found.)
"1. France will pass a law forbidding French companies from using cloud computing companies based anywhere other than France. Germany will ban cloud computing as unfair competition with German companies. Ireland will consider putting its banking in the cloud, but realise there's no point as they have no money left.
2. A Google off-shore water-cooled server farm will be kidnapped by Somali pirates, towed to international waters, repurposed as encrypted BitTorrent client and take over 95% of the world's traffic in infringing file-sharing (with substantial advertising revenue, of course) (thanks to Chris Millard for this one). (Meanwhile the Irish will attempt to nationalise all the Google servers they still host on shore to pay for bailing out the banks.)
3. TalkTalk will lose their judicial review case against the Digital Economy Act, but the coalition will find some very good reason to delay bringing in the Initial Obligations code, and the technical measures stage will quietly wither on the vine, as rights-holders realise it will cost them more to pay for it than they will gain in royalties.
4. 120% of people of the world including unborn children, all except my mother, will join Facebook. Mark Zuckerberg will buy Ireland and turn it into a Farmville theme park, with extra potatoes.
5. 4chan allied with Anonymous will hack Prince William's e-mail inbox on the eve of the Royal Wedding, revealing he is secretly in love with an older, plainer and less marriageable woman than Kate Middleton (possibly Irish), and also illicitly downloads Lady Gaga songs. In retaliation, the coalition passes emergency legislation imposing life imprisonment as the maximum penalty for DDOS attacks, and repeals the Digital Economy Act."
Lawrence Eastham kindly says that he can see at least 2 of these coming true.I imagine one of those is no 3, but which do you think the other was, dear readers?
As a final amuse-bouche beforeI return to Proper Things, have a picture of someone skiiing to the local shops this morning. yes. Not Seefeld. Sheffield. Merry Xmas!