Wednesday, November 09, 2011

Why Google + is doomed


This analysis is so good it's worth quoting from not just retweeting.

But a social network isn’t a product; it’s a place. Like a bar or a club, a social network needs a critical mass of people to be successful—the more people it attracts, the more people it attracts. Google couldn’t have possibly built every one of Facebook’s features into its new service when it launched, but to make up for its deficits, it ought to have let users experiment more freely with the site. That freewheeling attitude is precisely how Twitter—the only other social network to successfully take on Facebook in the last few years—got so big. When Twitter users invented ways to reply to one another or echo other people’s tweets, the service didn’t stop them—it embraced and extended their creativity. This attitude marked Twitter as a place whose hosts appreciated its users, and that attitude—and all the fun people were having—pushed people to stick with the site despite its many flaws (Twitter’s frequent downtime, for example). Google+, by contrast, never managed to translate its initial surge into lasting enthusiasm. And for that reason, it’s surely doomed.

Friday, October 28, 2011

Wikileaks and intermediary ethics : the tunnel at the end of the light?

Pangloss is amused in a schadenfreude-ish way to see two developments this week she sort of predicted in big ongoing stories about Wikileaks and online copyright enforcement (Newzbin).

Back in February this year (and indeed, earlier), I commented that one of the most unsettling aspects of the Wikileaks affair was the power it had highlighted of intermediaries not part of the traditional media communities - hosts like Amazon Web Services , domain name providers like EveryDNS.com and payment intermediaries like PayPal, Mastercard et al - to close down possibly legitimate speech. (I noted also however that for these corporations to do so is currently entirely legal - raising a debate about the nature of corporate social responsibility and what ethical duties media and non-media organisations should have in the soon to arrive post hard-copy newspaper world).

Events since - Assange's extradition, Anonymous arrests, fights with the Guardian and unauthorised half -autobiographies, Anonymous taking up closing down child porn sites - have rather obscured the fact that in fact, Wikileaks may or may not have been winning the PR war for the hearts of the technoproletariat but they were losing to those self same intermediaries, who were, understandably and quietly, more interested in avoiding legal liability risks than defending access to knowledge.

So this week, Wikileaks announced they were suspending publication and concentrating only on fundraising as 95% of their assets have vanished or become inaccessible. The faceless intermediaries have it seems won after all.

Dan Gillmor is unhappy about this.

"Suppose you are the proprietor of an information service. Your customers buy what you sell using the major payment systems such as Visa, MasterCard, Western Union and PayPal. The information you provide is greatly upsetting to powerful people who would prefer to keep it a secret. You have been charged with no crime, much less convicted of one. But one day, you discover that all of these payment systems – quite obviously responding to pressure from the government but citing no actual legal authority – are refusing to accept money from your customers on your behalf.
This, sadly, is not a supposition. It is nearly the precise situation that WikiLeaks has encountered since late last year, stripping most of the revenue away and now, as reported this week, forcing the whistleblowing media operation to suspend all activity except fundraising in a struggle merely to survive.
If this was happening to any traditional media company, it would be a scandal, and the media in general would be screaming about the threat to free speech it represented. While the news media are covering the WikiLeaks situation, they are not offering serious support in ways that matter to an organisation with which they have much more in common than not."
I can't go as far as Gillmor, though, who suggests payment organisations like Paypal or Visa be treated like "common carrier"s ie akin to telcos and postal services , with a duty to accept and pass on payments to any customer who presents themselves in return for limitation of liability as to what messages they carry.
The analogy to the phone company is simply not right here (and is also, it should be noted, legally out of date, but let that pass): the phone company accepts relatively little economic as opposed to publication risk that is not compensated by immunity from publisher's liability. By dealing with all willy nilly, anyone might default on their bill, true, but it would probably be uneconomic to try to spot potential poor payers & discriminate anyway.
On the other hand, banks (say) run the risk of severe loss if they deal with payers or payees who are likely to be fraudsters or otherwise default - their risk is not just of liability for becoming connected to illegal activities. Constraining banks , PayPal etc to deal with all without any discretion would probably lead to them reducing the services they offered to reduce risk - eg reducing consumer offerings, excluding certain territories - to no one's benefit. It would also likely considerably benefit organized crime.
It is certainly time though for a debate on online intermediary corporate ethics as well as law in Europe - perhaps to accompany the potential draft review of the E-Commerce Directive this November , or the FCO's upcoming launch of yet another set of Internet Principles at the major Cyberlaw conference in London this week (featuring Ms Internet Freedom herself, Hillary Clinton!). I look forward to it.

oh and Ps as for Newzbin (no 2), read Francis Davey's great summary here . Executive summary : we now have a working system of court injunctions to secure web blocking of sites assisting in copyright infringement in the UK. Regardless of whether this is good or not, there is clearly now no need for s 16 of the DEA to stay on the statute books.
The main point is costs. These, as Francis says look boring to everyone but a lawyer - but in fact here they are where the action is. Newzbin was an unusually easy case for Fox and the rest of the plaintiffs to win on the matter of primary liability (see my earlier post) - which made it also relatively easy for the court to decide that yes, ISPs really ought to block it. Other case, involving sites which have significant non infringing use, will almost certainly not be as easy.
But if an ISP stands its ground and loses and then appeals, and still loses, as BT did, then the ISP now (it seems) pays. This is somehat different from the approach taken in Totalise v Motley Fool concerning whether an ISP should pay for its costs if opposing a Norwich Pharmacal order, and it is, in my view, the wrong decision. Why is it reasonable to demand the scrutiny of a court (para 53-4) but not to pursue an appeal if the ISP feels the instant court was wrong??
To date UK ISPs have resisted blocking on request (see Vaizey's talks in the summer on a secret council for voluntary ISP copyright blocking). Will they continue to demand a court order under the precedent Newzbin No 2 now sets? Or will they throw in the towel on the assumption the first court order will be a forgone conclusion and appeal too risky? I hope this latter is not what we see. Requests for blocking (see below) are so far getting fair bit of publicity at least in the geek press: but if they become more common such transparency will probably fade. (Anyone for hosting a Chilling Effects- type UK Block Requests Clearinghouse site?)

UPDATE 9/11/11 : Since writing this, plaintiff rightsholders have apparently demanded BT now block the Pirate Bay. Interestingly this is significantly different from Newzbin in that there is no existing finding of primary liability for copyright infringement. We are yet to see if BT will obtain a court order, though they say thay plan to before undertaking any blocking.
Most recently, Virgin and Talk Talk have also been asked to block Newzbin2. Again, it is not yet clear if they will see a court order though Virgin has gone further still & said they would like to see a quid pro quo for blocking of access to lawful content guarantees (Virgin of course have a notoriously long history of being stymied by rightsholders in their attempts to offer legal flatrate P2P.) Watch this space..

Tuesday, October 11, 2011

Digital IP job at Strathclyde

Following fast on the news about the PhD and Postdoc, here is stage 3 of the world domination plan..

Strathclyde is appointing 4-6 new jobs at Chair/Reader/SL/L depending on the nature and qualiy of applicants. While these jobs are open to any specialisation, we are very keen on acquiring a Digital IP specialist to teach on our expanding LLM and distance learning LLM in Internet Law and Policy as well as UG IP and IP Honours.

A candidate would also be encouraged to play a full research role in the new Centre for Internet Law and Policy.

Full details here and here .

Want to apply for a postdoc with me at Strathclyde University?

Full details at http://www.mis.strath.ac.uk/Personnel/open/r812011.htm but here's the gist..


POSTDOCTORAL RESEARCH ASSOCIATE

SALARY RANGE £29,099 - £35,788

(2 YEARS FIXED TERM)

SCHOOL OF LAW

1. NATURE OF APPOINTMENT

The Faculty of Humanities and Social Sciences is seeking to appoint a 2 year postdoctoral research fellow in Internet Law and Policy based in the Centre for Internet Law and Policy within its highly ranked Law School. Those with interests in the fields of privacy, media regulation, digital copyright, cybercrime, cybersecurity and social networks are particularly encouraged to apply. The appointee will be expected to work with the School’s other scholars in the field of Internet Law and Policy, contributing to the preparation of significant funded research bids, producing high quality research outputs and contributing to teaching on the LLM in Internet law and Policy.

2. APPLICATION PROCEDURE

·A letter of application telling us why you have the energy, skills, and knowledge to make a real difference in the post described.


LE: **A brief description of a proposed research project, and/or teaching module for the LLM in Internet Law and Policy, would also be useful.**

· A completed application form to which a full curriculum vitae should be attached. The names and addresses of three referees should be given on the application form. The referees may be contacted by the University without further permission from the candidate unless you indicate to the contrary.

Applications should be lodged with Human Resources, University of Strathclyde, McCance Building, 16 Richmond Street, Glasgow, G1 1XQ by 6 November 2011.

Informal enquiries regarding the post can be directed to Professor Lilian Edwards; lilian.edwards@strath.ac.uk.

Formal interviews for the post will be held on 22 November 2011.

Tuesday, September 13, 2011

Launching the Centre for Internet Law and Policy at Strathclyde

Pangloss is off to London tomorrow to chair the SCL Policy Forum: run don't walk if you still want to get a ticket as I believe there are a few still available! Which will be followed by an (I hope) well earned pre-term week away to foreign climes..

But before I disappear I want to start plugging my NEXT two big events, both of which are designed around launching the new Centre for Internet Law and Policy at Strathclyde, of which I am the Director. Please check out our new website, revamped LLM offerings and exciting news and events pages as well as our Twitter feed at @strathllmit! Small acorns, big oaks perhaps (well it makes a change from apples!) but we do have big plans. Meanwhile, having had a marvellous turn out for our Mark Stephens event, we hope you'll now sign up with equal enthusiasm for these two:

Scottish Launch of Centre for Internet Law and Policy
Scottish Phonehacking Symposium
to be reschedued in 2012 due to industrial action (sigh..)
A cracking panel of Mike Nellis, Lilian Edwards, Mark Poustie (all Strathclyde Law School, representing Internet law and sociology), Rachael Craufurd-Smith (Edinburgh Law School EC media law expert ), David Goldberg (media law consultant and free speech scholar) , Jack Irvine of Mediahouse, former editor of the Scottish Sun and Aamer Anwar, leading Scottish solicitor with extensive experience of the phonehacking scandals, especially most recently in relation to one of his better known clients, Tommy Sheridan.
These parrticipants will informally discuss recent events surrounding phone hacking, privacy, the Murdoch empire, and the possible end of newspapers as we know it, from legal, sociological, journalistic, media studies, Scottish and no doubt other perspectives! Watch our talkative panellists fight the clock as they'll only get 10 minutes each!
No fee but registration required: please contact Linda Nicolson to be put on list and for venue details not yet finalised.

University Launch of Centre for Internet Law and Policy

Tuesday, November 15th 6:00pm , Strathclyde University

Lecture by Alan Winfield, Roboticist, EPSRC Senior Media Fellow and Director of the Science Communication Unit, UWE Bristol and Lilian Edwards, Professor of E-Governance:

"Regulating Robots: Re-Writing Asimov's Three Laws in the Real World?

As robots emerge from the pages of science fiction into a world where they are already commonplace in industry and will soon be equally so on the battlefield and in domestic and public environments like homes, hospitals, schools and shops; where driverless cars already roam Nevada albeit under human escort and Japanese elderly are comforted by robot seals, hard legal questions are emerging which need answers soon or better still, now. Who is responsible for a robot? What happens to our privacy when robots share our homes? Do we need Asimov's Three Laws in real life?

Tea and coffee from 5.30pm, drinks reception after.

No fee but registration required: please contact Linda Nicolson to be put on list and for full venue details not yet finalised.


And yes, real blogging will resume now the summer is over :-)


Wednesday, August 03, 2011

An Interview with Mark Stephens at Strathclyde university!

“In Conversation with Mark Stephens”

Mark Stephens, CBE

Partner at Finers Stephens Innocent

The recent controversy surrounding Wikileaks and Julian Assange has raised many questions about freedom of information and the use of European arrest warrants. Mr Assange has been described as both a “hi-tech terrorist” and “beacon of information freedom” and his cases have wide ranging implications within the law and society as a whole.

In this unique ‘conversation’, Mark Stephens, partner at Finers Stephens Innocent, will be discussing a wide variety of topics including the law surrounding freedom of information and the European arrest warrant.

A specialist in international comparative media law and regulation, Mark Stephens has represented clients throughout the world. Described by the ‘Law Society Gazette’ as “the patron solicitor of previously lost causes”, it is this reputation for creativity with law that leads clients to his door.

The conversation with Mark Stephens will be chaired by Professor Peter Watson, Solicitor Advocate.

Date: Thursday 1 September 2011 at 6.00pm

Venue: Court/Senate Suite, Collins Building

Richmond Street, Glasgow

Strathclyde University

Glasgow

Tea/Coffee available from 5.30pm For more details: www.law.ac.uk

Reception 7.30pm – 8.00pm RSVP: carol.hutton@strath.ac.uk, 0141 548 3481

Monday, August 01, 2011

Want to do a PhD with me in what happens to your FB profile when you die?

I'm very happy to announce the below (and even happier to acknowledge the support here of the Horizons DTC and its Directors , Derek Macaulay and Tom Rodden. This should be fun :)

PhD Studentship in

Law

University of Strathclyde - Faculty of Humanities and Social Sciences – School of Law -– Legal Aspects of Transmission of Digital Assets on Death

The School of Law in the University of Strathclyde invites applications for a PhD studentship which will research the area of how the law regulates the transmission of digital assets on death, including notions of access, control, propertisation, and ownership. These assets might include: Facebook profiles, photos on Flickr, tweets, virtual assets in online game worlds such as Second Life, e-money, blog texts, eBay trading accounts, etc. This is a novel area where the student will be expected to research independently into appropriate areas of private law (eg property, succession, probate, contract) as well as intellectual property law, personality law and privacy law. A back ground in technology law is not essential, nor a technology qualification, but an interest in the information society is probably essential.

Applicants from any jurisdiction (including non-UK EU jurisdictions) are welcomed but English law will most likely form one of the jurisdictions of the study. Applicants should hold a first or upper second class Honours degree or equivalent in an appropriate discipline. A Masters qualification may be helpful. The studentship is funded by the Horizon Digital Economy Research Hub (https://www.horizon.ac.uk/) who are a major interdisciplinary centre for study of the Internet and ubiquitous computing funded by the RCUK Digital Economy programme and based at Nottingham University; the successful candidate will be based within the expanding Centre for Internet Law and Policy at Strathclyde Law School, but will have opportunities to participate in Horizons activities. The student will be supervised by the Director of CILP, Professor Lilian Edwards.

Applicants should submit, by SEPTEMBER 16 2011, a full CV, two academic references, evidence of academic qualifications to date and a covering letter detailing interest in the area of research to:

Janet Riddell (Horizon Digital Economy Scholarship), Graduate School Manager, Faculty of Humanities and Social Science, Room LT205, Livingstone Tower, 26 Richmond Street, Glasgow, G1 1XH

Or by e-mail to: hass-postgrad@strath.ac.uk

Successful applicants will have their fees at home/EU rates only ((sadly)) waived for three years together with an annual maintenance award for three years of £13,590. The scholarship is for one year in the first instance and subject to satisfactory progress, will normally be renewed up to the maximum of a further 2 years.


Visit www.strath.ac.uk/postgrad for general information on postgraduate research study at the University of Strathclyde and http://www.strath.ac.uk/humanities/courses/law/courses/lawbyresearch/ for further information on research degrees in the Law School.

Informal enquiries may be addressed to: lilian.edwards@strath.ac.uk

Closing date: Friday 16th September 2011

The University of Strathclyde is a charitable body, registered in Scotland, number SCO15263


Extra infro from Pangloss: applicants (esp those from private law not technology backgrounds, who are very welcome to apply) might like to check out some of the below:


my talk on death and digital assets (as given in various venues)

my video interview in HK about this

Devin Desai on this from US perspective


New piece by Molly Wilkens


PRIME-LIFE on digital assets and death


I'm happy to informally answer queries on lilian.edwards at strath.ac.uk. Feel free to pass this on.

Thursday, July 28, 2011

Newzbin 2: Landmark or Laughing Stock?

In answer to my own not so jocular question in the title, the answer is, I truely don't know..

So the long awaited decision in Newzbin 2 aka Twentieth Century Fox et al v BT [2011] EWHC 1981 (Ch) is out. Pangloss has not had time to read the details yet of this lengthy judgment (she is longing to, but has been doing boring stuff designing relaunched websites all day) but to some extent the big question is what the practical impact of the decision will be now, more than the implications for future legal interpretations.

Newsbin was (or is) a website which described itself as a "Usenet search site": while not a clasic P2P torrent site, or indeed a host of infringing content, it enabled extremely easy access to infringing copies of major movies. In the first Newzbin case, [2010] EWHC 608 (Ch), in March 2010, Kitchin J found that Newzbin knew the vast majority of the files so indexed were commercial products protected by, and infringing, copyright. As a result he held that Newzbin infringed the copyright of the complaining rightsholder film studios plaintiffs. It had not only authorised and procured infringement under the CDPA , which was perhaps the most likely counts of infringement, but it was also held to be a primary infringer in that it had communicated the the copyright works to the public without permission.

Newzbin 1 was a big win for rightsholders - or should have been. In fact of course what happened was the site moved offshore (apparently) , kept the same URL and fanbase (and subscription revenue stream) but went effectively outwith the jurisdiction.

Undaunted, the plaintiffs took approach 2: asking BT, the largest UK ISP and telco, to block access to Newzbin to its subscribers wherever it was physically located. The means of so doing was s 97A of the CDPA which existed long before the Digital Economy Act but whose scope has been in doubt.

Although the plaintiffs made it clear that if successful they would move on to suing other ISPs similarly, BT had the big advantage as a first test case in that it is the owner of what is commonly (and wrongly - cue annoyed email from Clive Feather) known as Cleanfeed. This is the blocking technology which is used by ISPs alerted by the Internet Watch Foundation to voluntarily block images of child sexual abuse . Cleanfeed is a reasonably effective form of blocking for child pornography because it can focus on one file or even one image: it does not block entire domains or entire keywords, as some blocking tools do, which might include substantial innocent material.

To cut to the chase, after much legal discussion of HRA, the E-Commerce Directive (I salivate as I write) , Promusicae, and the Digital Economy Act (be still my beating heart) and even in a deft flourish the new L'Oreal vs eBay ECJ case , Mr Justice Arnold agreed to make an order to block. The draft order sought is drafted in the following terms:

  1. "1. The Respondent shall adopt the following technology directed to the website known as Newzbin or Newzbin2 currently accessible at www.newzbin.com and its domains and sub domains. The technology to be adopted is:
(i) IP address blocking in respect of each and every IP address from which the said website operates or is available and which is notified in writing to the Respondent by the Applicants or their agents.
(ii) DPI based blocking utilising at least summary analysis in respect of each and every URL available at the said website and its domains and sub domains and which is notified in writing to the Respondent by the Applicants or their agents.
2.. For the avoidance of doubt paragraph 1(i) and (ii) is complied with if the Respondent uses the system known as Cleanfeed and does not require the Respondent to adopt DPI based blocking utilising detailed analysis.
3. Liberty to the parties to apply on notice in the event of any material change of circumstances (including, for the avoidance of doubt, in respect of the costs, consequences for the parties, and effectiveness of the implementation of the above measures as time progresses)." *

There are a number of points to be made here. First, this was an extremely clever test case to pick to establish the legality of blocking orders via s 97A. It is a bit like shooting fish in a barrel : first, a prior UK court had established Newzbin was overwhelmingly devoted to infringing and enabling infringement of copyright, and for obvious commercial gain (it was a premium subscription site.) Compare if an order to block a torrent P2P site had been sought: where content accessed may be infringing, or may be public domain, and where "knowledge" is much harder to pin down; and where revenue streams and thus again, illicuit intent may not be so obvious. Similar problems would arise with a host site like YouTube where there is at least as much UGC as infringing pirate content. Note also that Newzbin had already been found not just to be authorising infringement but actually primary infringers themselves.

Then, secondly, add in the fact that BT already had a tried and tested and relatively non-overblocking tool like Cleanfeed on their hands - and the outcome was something of a foregone conclusion. The judgment also notes carefully that this is not another SABAM (para 177) - where the ECJ (or at least so far , the AG) seems to have balked at the width and unimplementability of what was asked and refused to make a blocking order to stop access by ISP customers to P2P traffic. The order sought here is quite focused and, specifically, does not require what is conventionally thought of as DPI - monitoring and analysis of all subscriber traffic.

But, two important questions. First, is this, it as is often the way, a Pyrrhic victory for the plaintiffs? ie will it work? Second, what is the fallout of this decision? in other words, what are the bad consequences that may flow from what many - not even all working for the content industry - may regard as an obvious and sensible decision given the particular facts of the case?

On the first point, Twitter is full of the usual technorati shaking their heads in amazement at the gullibility of the English courts, thinking they can control the Internet in their quant Canute like ways. It is absolutely clear that this blocking cannot be effective against any moderately technically competent Internet user. Richard Clayton, a reliably sensible source, opines that
BT users will still of course be able to access Newzbin (though perhaps not by using https), but depending on the exact mechanisms which BT roll out it may be a little less convenient. The simplest method (but not the cheapest) will be to purchase a VPN service — which will tunnel traffic via a remote site (and access from there won’t be blocked). Doubtless some enterprising vendors will be looking to bundle a VPN with a Newzbin subscription and an account on a Usenet server.
The court was not, actually, unaware of this, in abstract if not in detail. Mr J Arnold explicitly accepted Malcolm Hutty's (also reliably sensible) evidence for BT that "the level of technical expertise required to circumvent" this kind of blocking was little more than was needed to use Newzbin and Usenet in the first place (para 193).

However he then still made the order. Why? Well, first it would require users to make some extra effort (however little) and some wouldn't (para 194). Second, users were having to pay to use Newzbin and probably needed a paid Usenet sub service too, and if they were going to have to fiddle around with VPNs as well, they might just give up and use legal services instead (para 196)

It is this final conclusion that is the one that makes me incredulous about this decision. Even leaving aside the Internet contrarianism factor (blocking a site is the surest way to make everyone go find it and use it) would an easier step for the hardened infringer not be to revert to free methods of obtaining the same content? Enough of them exist for me not to need to list them I am sure, nor are all illegal. It is already trite knowledge that more young people are streaming content than downloading it - as easy, less risk. In other words the conclusion of efficacy of blocking seems to have been based on effective diversion to other, mainly illicit, channels. In which case one wonders if the game is really worth the candle given the downsides of blocking - which takes us to point 2.

Here it is first worth noting that the court explicitly acknowledge that efficacy is not actually what they are about. In para 98, the final word is

Finally I agree with counsel for Studios that the order would be justified even if it only prevented access to Newzbin2 to a minority of users." [itals added]

Such a declaration of symbolic justice at all costs must surely be accompanied by some comprehension of the balance of gains and losses. It helps to ask how often will court blocking orders be made post Newzbin 2? Paradoxically , after two years of test case jousting, not many. The clue here is in para 189 where Arnold J warns helpfully that

Furthermore, although I cannot prejudge later arguments in this case, it is not inevitable that future applicants will recover all their costs even if successful: compare the practice in respect of Norwich Pharmacal orders, as to which see Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233. For these reasons, even if the present application is successful, I think it is clear that rightholders will not undertake future applications lightly." [itals added]

In other words, most applicants would get their costs back; just no guarantee of it. Under the English system of winner takes all, that means ISPs which opposed s 97A orders would fear to end up on the losing side with all the costs of both sides - a crippling financial burden to take on for love of freedom of speech or even just the good PR. Most would not. (Francis Davey has been making this point ever since s 18 of the DEA was conceived.) In Totalise itself, the courts agreed (eventually) that an ISP which insisted on a court order before agreeing to identify one of its subscribers in breach of its own privacy policy, did not necessarily have to pay all the costs of the plaintiff as well as its own as long as it was , basically, behaving reasonably. But this is an exception to the norm of English costs allocation, in a rather odd kind of court order, and there is no guarantee such a rule will be evolved in s 97A proceedings. ADDED: The two cases are rather different: ISPs are essentially bound by their own promises of confidenrtiality to their customers not to disclose their identitywithout court mandate; but no such restraint, one would think, pertains in relation to a website (like Newzbin) which has no contractual relationship with that ISP. Francis Davey, in correspondence, however adds that he expects an ISP might always feel it has to defend to get right the precise wording of the order - since all ISPs will have different technical capacities. On the other hand, it will take a while, absent legislation,before any ISP would know its potential costs liability - which might point towards not seeking to defend a court application, or even more likely, agreeing a voluntary protocol with no court involvement at all. This has the side benefit that no court order (even an undefended one) means no posibility of contempt of court for not meeting its requirements.

Assuming it is likely that the winner takes all costs rules persists, even while things shake dow, then, what the courts will have put in place then is what Ed Vaizey already said he wants: a system of extralegal "voluntary" blocking by ISPs of content which is alleged to be substantially copyright infringing, without all that boring and expensive checking of evidence. This will not be court based transparent justice; it will be private censorship by those industries with the most to gain from this, and without consideration of the public domain or the public interest, or the interests of those introducing new innovative products whose interaction with classic IP will be untested. Fun times.

But we need to do something to help the content industries; we've been told often enough. Are there alternatives to blocking that will on the one hand be circumvented by those who know, and on the other hand, create a structure for uncontrolled private censorship? Well, the usual litany - the same answer I give when people ask if there is an alternative to graduated response for maintaining the creative sector. Real, convenient, comprehensive legal alternatives that sell content and match the ease and the flexibility of the illicit model: legal P2P, levies, innovative bundles solutions. Everything Ian Hargreaves asked for in fact. But we've been here before. It's so much easier to stick yet another patch on a sinking ship than build a new one.

Finally and optimistically, it is worth pointing out that the website blocking provisions of the Digital Economy Act were introduced because the rightsholders claimed they were uncertain as to the workability of s 97A to defend their interests. Now we have a s 97A precedent in their favour, there should be no reason either to implement s 17, nor to go ahead with Vaizey's half-privatised alternative.

Secondly, if we are to have UK web censorship should we not have even-handed censorship? It is passingly strange that we now have an effective court ordered means to block sites which help infringe copyright, but nothing equivalent to block sites which host hate speech or jihad speech, or which host malware sites or phishing sites, or where libellous comments are posted. Even the IWF scheme to block child pornograophy is voluntary not court mandated. Shouldn't we be having a debate about even-handed censorship? What makes copyright so special here? Or would that remind us that we never had that debate about copyright to start with?

* EDIT: Further discussion seems to reveal the parties will be back in court in October to agree the final version of the order. This may not be the same as the draft above. Until then no blocking will be put in place. Further also to this BBC news story there appears to be a misapprehension: the court order will only apply to BT not the other ISPs - the fact they decided not to intervene is irrelevant. Also a High Ct decision will not act as binding precedent to other High Court applications. However unless other ISPs have substantially different arguments than BT (eg more technological or legal difficulties in blocking) they might choose not to defend court orders aimed at them, or to defend (as suggested above) only to argue the precise wording of the blocking order. However a court order is NOT the same as passing statute like the DEA; it is effective against the parties only not the world.

*EDIT added 3.08.11 : and today as Pangloss predicted, implementing web blocking via the DEA ss 17/18 is quietly dropped as, so we hear, "unworkable". One wonders how they knew the result of
Newzbin 2 before it came out? :)

EDIT 3: added 29.07.13 - note that Sky apparently gave in shortly after this and agreed to block Newzbin  without opposing the court order received even though there technical filtering capacity is very diferent to BTs - see http://www.zdnet.com/sky-blocks-newzbin2-following-court-order-4010025026/ , also http://www.sroc.eu/2011/12/sky-blocks-newzbin-important-legal-and.html where James Firth notes : "Newzbin will — and there's strong evidence they have done already, several times — change their IP address," Firth wrote. "It is well known that IP addresses have all but run out. Nearly all IP addresses allocated are recycled — they've been in use before. Pity the website owner who picks up Newzbin's old IP address."

Friday, July 08, 2011

The Idiot's Guide to Why Voicemail Hacking is a Crime

Not what I should be doing right now, but in the wake of the amazing News of the World revelations, there does seem to be some public interest in a quick note on why there is (some) controversy around whether hacking mesages in someone's voicemail is a crime.

Most of the longer version of this can be found in an excellent memo by Chris Pounder of Amberhawk from October 2010 and those of you with more legal background are therefore directed there.

RIPA

The first relevant provision is RIPA (the Regulation of Investigatory Powers Act 2000) which provides that interception of communications without consent of both ends of the communication , or some other provision like a police warrant is criminal in principle. The complications arise from s 2(2) which provides that:

“....a person intercepts a communication in the course of its transmission by
means of a telecommunication system if, and only if ... (he makes) ...some or all of the
contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication”. [my itals]

Section 2(4) states that an “interception of a communication” has also to be “in the course of its transmission” by any public or private telecommunications system. [my itals]

The argument that seems to have been been made to the DPP, Keir Starmer, on October 2010, by QC David Perry, is that voicemail has already been transmitted and is thus therefore no longer "in the course of its transmission." Therefore a RIPA s 1 interception offence would not stand up. The DPP stressed in a letter to the Guardian in March 2011 that this interpretation was (a) specific to the cases of Goodman and Mulcaire (yes the same Goodman who's just been re-arrested and inded went to jail) and (b) not conclusive as a court would have to rule on it.

We do not know the exact terms of the advice from counsel as (according to advice given to the HC on November 2009) it was delivered in oral form only. There are two possible interpretations of even what we know. One is that messages left on voicemail are "in transmission" till read. Another is that even when they are stored on the voicemail server unread, they have completed transmission, and thus accessing them would not be "interception".

Very few people I think would view the latter interpretation as plausible, but the former seem to have carried weight with the prosecution authorities. In the case of Milly Dowler, if (as seems likely) voicemails were hacked after she was already deceased, there may have been messages unread and so a prosecution would be appropriate on RIPA without worrying about the advice from counsel. In many other cases eg involving celebrities though, hacking may have been of already-listened- to voicemails. What is the law there?

When does a message to voicemail cease to be "in the course of transmission"? Chris Pounder pointed out in April 2011 that we also have to look at s 2(7) of RIPA which says

" (7)For the purposes of this section the times while a communication is being transmitted by means of a telecommunication system shall be taken to include any time when the system by means of which the communication is being, or has been, transmitted is used for storing it in a manner that enables the intended recipient to collect it or otherwise to have access to it."

A common sense interpretation of this, it seems to me (and to Chris Pounder ) would be that messages stored on voicemail are deemed to remain "in the course of transmission" and hence capable of generating a criminal offence, when hacked - because it is being stored on the system for later access (which might include re-listening to already played messages).

This rather thoroughly seems to contradict the well known interpretation offered during the debates in the HL over RIPA from L Bassam, that the analogy of transmission of a voice message or email was to a letter being delievered to a house. There, transmission ended when the letter hit the doormat.

There remains a little wiggle room in that at the dates some of the older hacking incidents may have occurred, the voice messages might plausibly have been physically stored on local answerphones, not, as is common with mobiles and mobile voicemail, on remote voicemail servers. This leaves a flicker of concern that the messages might not be "stored" on "the [same] system by means of which the communication is being, or has been, transmitted"

Against this quibble would be that a purposive interpretation of the law should not distinguish for no reason between (say) fixed phones with physical answerphones, and mobile phones with remotely stored voicemail. OTOH, criminal laws are always to be interpreted restrictively on the grounds that no one should find themselves accused of breaking a criminal law they were not deemed to know.

A person who is guilty of an offence under subsection (1) or (2) shall be liable on conviction on indictment, to imprisonment for a term not exceeding two years or to unlimited fine.

CMA

One of the strangest parts of this controversy though has been the relative absence of commentary - from the DPP or otherwise - that even if the most restrictive interpretation above of RIPA was adopted - computer hacking under the Computer Misuse Act, s 1 , could easily provide an alternative offence. (Nick Davies of the Guardian does mention it however in the same Memo to HC as quoted above from Amberhawk. )

CMA s 1 says that

"(1)A person is guilty of an offence if—

(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [or to enable any such access to be secured] ;

(b)the access he intends to secure [or to enable to be secured] is unauthorised; and

(c)he knows at the time when he causes the computer to perform the function that that is the case." [my italics]

Max sentence is 12 months jail but the aggregated version (eg unauthorised access plus raud under s 2) can now go up to 5 years jail. (s55 of the DPA (misuse of personal data, which would also apply)was also amended recently to allow for a jail sentence (following the HMRC scandals) - but Parliament has yet to bring this into force.)

Putting in a guessed-at PIN to access voicemail maps well to "causes a computer to perform any function". CMA makes no requirement that reasonable security is overcome, or anything of that kind. Nor does the material hacked have to be deleted or sold or anything of that kind, merely accessed.

But is an answerphone or a voicemail server or a mobile phone, a "computer"? The word was deliberately left undefined in the 1990 Act so it did not become outdated as technology progressed. (This has proved wise.) However the CPS guidance quotes "DPP v McKeown, DPP v Jones ([1997] 2Cr App R, 155, HL at page 163) [where] Lord Hoffman defined a computer as "a device for storing, processing and retrieving information". " This seems easily wide enough to include any or all of a mobile, a smartphone, an answerphone or a voicemail server.

The advice given the DPP may have taken into account other worries about prosecuting either the RIPA or CMA offences. It woukd be very good to know exactly what, if any. In the meantime however there seems no good reason why criminal prosecutions cannot be immediately brought against those factually proven to have taken part in voicemail hacking.

Corporate criminal liability

A final point is who would be liable for such a criminal offence. Just the reporter who put in the PIN, or, say, the proprietor of the newspaper in question, which benefited? This is an issue of corporate criminal liability where the relevant law in England & Wales is from Tesco v Nattrass [1972] AC 153 . The widely quoted test from that by L Reid is the "directing mind test" as follows:
The person who acts is not speaking or acting for the company. He is acting as the company and his mind which directs his acts is the mind of the company. If it is a guilty mind then that guilt is the guilt of the company.
This is regarded as, sometimes unfortunately (it has been amended for corporate manslaughter) , pretty restrictive, and likely to apply only to the most senior directors or managers. ?? as to say, the liability of Wade or Murdoch for NI.

Deleting the evidence

Finally if the rumours circulating that millions of emails have been deleted by NI to foil a criminal investigation are true, there would be an alternative of prosecuting attempt to pervert the course of justice - which as a common law offence has an unlimited sentence in Scotland and I think in England too. So burning the evidence is not a get out of jail free card :)

Thursday, June 23, 2011

WIPO slides

As promised, the ppt version of the report as below (slightly shorter!!)