Thursday, January 28, 2010
Google and China: Interesting Times?
So what do we think about the Google China affair then? For anyone who has been hiding under a rock on Pluto lately, Google announced on January 13th that it "may end its operations in China following a "sophisticated and targeted" cyber attack originating from the country." aimed apparently at gathering intelligence from Gmail accounts etc on human rights activits, dissidents and the like in China, and adding that in response they would no longer self censor their search database as they had since starting up in China in 2006. China, unsurprisingly, insisted that hacking was illegal in China and Google would have to toe the line and enforce local laws like other companies. Then perhaps slightly more surprisingly, the US government itself got involved in the form of a swinging speech by Hilary Clinton demanding that Beijing that should investigate the hack attacks on Google, and les directly, implying that China had a duty, like also-mentioned Tunisia, Uzbekistan, Vietnam and Egypt to stop restricting freedom of expression on the Internet. One commentator has compared this to Reagan demanding the pulling down of the Berlin Wall - only this time it was the Chinese Great Firewall. For China to back down wouldbe almost unprecedented; so at least China insider has said that in six months he expects there to be no Google.cn. Meanwhile information filters out that similar espionage hacks seem to have been mounted by Chinese hackers on other US companies in recent months , seeking economic espionage intelligence; two of the companies were major US oil companies.
The main response to this has been huzzah! In a world apparently dominated by bankers taking as many undeserved bonuses as they can sweep up, one can sense the eagernness of the world to believe that a big company can still want to do the right thing. Certainly even if Google's "Do no evil" motto has tarnished a little lately they do stand out as appearing in the world of corporate politics to give a damn about human rights. A Grauniad columnist wrote perhaps a little over excitedly yesterday:
"
A braver woman than Pangloss might even sail into the world of conspiracy theories, and consider the Google response and the Clinton speech as part of a combined PR drive. China expert Orville Schell in this video recorded at Davos, notes that
For a cyber lawyer, the interest here is whether we are approaching the point where cyber espionage might begin to be characterised as "cyberwar". Just as with DDOS attacks, the current law is badly equippd, perhaps quite properly, to make this conceptual leap. I spoke on this in Estonia last summer, at the NATO backed CyberSecurity Centre. International treaties demand an "armed attack" by a "state" before rights of self defence or international humanitarian law can begin to apply. Is use of code to find out information an "armed attack"? Difficult to see (although there was some discussion of this back in the good ol' days of Star Wars defence.)
More significant still is the pained matter of attribution. No one can prove that attacks by Chinese hackers came from and with the authority of the Beijing government - and circumstantial evidence simply cannot be regarded as decisive here given the easy obfuscation of Internet traffic and addresses, and the flourishing private enterprise cyber black market. Much of the cybercrime in the world originates from networks of zombie machines run (apparently:-) by Russians with the machines scattered through every country from the UK to Brazil; this does not mean (necessarily) that Russia, the UK or Brazil is responsible as a state aggressor. The question of attribution will have to be far better discussed before we can go any further down this line. In the meantime however, it is interesting to note that there are reported American stirrings of interest in a cyberwar treaty to reduce cyber-attacks, as with munitions or poison gas weapons: such a treaty has long been resisted by the US, but now that position seems to be shifting - why?*
And meanwhile today brave little Twitter, hero of the Iran dissidents, announces they are sub contracting research to avoid being blocked by China. All in all very interesting times - in the Chinese sense?
*Well perhaps because as I discover the minute I finish writing this, 37% of US critical infrastructure firms think cyber attacks are growing and 2/5 expct a majot cyber security incient within the year - say McAfee at Davos.
The main response to this has been huzzah! In a world apparently dominated by bankers taking as many undeserved bonuses as they can sweep up, one can sense the eagernness of the world to believe that a big company can still want to do the right thing. Certainly even if Google's "Do no evil" motto has tarnished a little lately they do stand out as appearing in the world of corporate politics to give a damn about human rights. A Grauniad columnist wrote perhaps a little over excitedly yesterday:
"
we can now again unreservedly identify, politically as well as aesthetically, with Google. This is the spirit of liberal universalism. It says that there are some universal rights it is not the prerogative of any state or "civilisation" to curb; and that, as the Universal Declaration of Human Rights states, the right to information freedom is among them."But is anything in life really this simple? As many have pointed out, China is a market where Google is not dominant, having only around 30% of the market. But pulling out of the world's largest emergent economy is still rather a bold step. Unless perhaps you consider the rather less publicised fact that Google only makes money by click through on ads; and reportedly, the Chinese don't yet bother to click through (Google don't reveal the turnover of their Chinese business as they do their US profits). Still it seems like either a very brave or a very foolhardy endeavour. (Bill Thompson comments that "Threatening to pull out of China is like threatening to spit on a whale".) (Unless you think it's all merely a very successful PR stunt.)
A braver woman than Pangloss might even sail into the world of conspiracy theories, and consider the Google response and the Clinton speech as part of a combined PR drive. China expert Orville Schell in this video recorded at Davos, notes that
"Google has become more like a nation than a company. By this he means that not only is Google closely connected to the Obama administration, but the company has a high resonance in the western world. Only a company like Google could take such a stance against China".Why would the US want Google out of China, or at least, a very public fuss about the hack attacks on Gmail accounts by China? Well cybersecurity experts have long privately admitted that although rather more fuss has been publicly made about "cyberwar" denial of service attacks on critical infrastructure (as , famously, against Estonian and Georgian banks and media sites, etc), the foremost worry is actually about cyber espionage. Chinese keylogger code has been found before now on military computers; it is known that it is almost impossible to 100% protect against this. Google store invaluable information not just about Chinese dissidents but US citizens - and companies. If you were a Chinese espionage officer would you target the unprotected Gmail user or the more protected Google servers, or the very well protected servers carrying confidential military or corporate secrets?
For a cyber lawyer, the interest here is whether we are approaching the point where cyber espionage might begin to be characterised as "cyberwar". Just as with DDOS attacks, the current law is badly equippd, perhaps quite properly, to make this conceptual leap. I spoke on this in Estonia last summer, at the NATO backed CyberSecurity Centre. International treaties demand an "armed attack" by a "state" before rights of self defence or international humanitarian law can begin to apply. Is use of code to find out information an "armed attack"? Difficult to see (although there was some discussion of this back in the good ol' days of Star Wars defence.)
More significant still is the pained matter of attribution. No one can prove that attacks by Chinese hackers came from and with the authority of the Beijing government - and circumstantial evidence simply cannot be regarded as decisive here given the easy obfuscation of Internet traffic and addresses, and the flourishing private enterprise cyber black market. Much of the cybercrime in the world originates from networks of zombie machines run (apparently:-) by Russians with the machines scattered through every country from the UK to Brazil; this does not mean (necessarily) that Russia, the UK or Brazil is responsible as a state aggressor. The question of attribution will have to be far better discussed before we can go any further down this line. In the meantime however, it is interesting to note that there are reported American stirrings of interest in a cyberwar treaty to reduce cyber-attacks, as with munitions or poison gas weapons: such a treaty has long been resisted by the US, but now that position seems to be shifting - why?*
And meanwhile today brave little Twitter, hero of the Iran dissidents, announces they are sub contracting research to avoid being blocked by China. All in all very interesting times - in the Chinese sense?
*Well perhaps because as I discover the minute I finish writing this, 37% of US critical infrastructure firms think cyber attacks are growing and 2/5 expct a majot cyber security incient within the year - say McAfee at Davos.
Life, etc
Via my very lovely colleague Judith Rauhofer;
Quote of the week by Lord Clement-Jones:
Quote of the week by Lord Clement-Jones:
" When a man is tired of the Digital Economy Bill, he is tired of life. I am sure this show will run for a long time."
And indeed, now the debates in HL Committee over the "three strikes" parts of the DEB have ended, watch this space for some thoughts on how the debates have gone, shortly. For now, interesting to note that legal process needs tweaking too: see the latest Which? report on the deluge of complaints against P2P ambulance chasing bully firm , ACS Law (creditably, much mentioned in the Lords debate.)
"
ACS:Law has sent thousands of letters to people claiming they have illegally downloaded material and offers them a chance to settle by paying around £500.Which? says it has been approached by some - including a 78 year-old accused of downloading pornography - who have no knowledge of the alleged offence.
ACS:Law said its methods were accurate.
The London-based firm said that it would send more letters soon."
In other news, I'd also like to comment on Google and China (interesting response here from the reliably interesting Bill Thompson, one of the few voices to be more realistic than triumphant here), connected cyberwar developments and public open data in the UK - to be continued!! (Oh and I'd really like to talk about whether full body airport scanning really constitutes distribution of child porn (eh?) as oposed to invading privacy (for sure). But chance would be a fine thing!
Also, the first review of Law and the Internet 3rd edn!! Thanks to Andrew Katz for preparing me, er, letting me know!!
Wednesday, January 20, 2010
ORG : Fight the Digital Economy Bill unconferences
Via ORG: a series of meet ups in Manchester, London, Edinburgh and Sheffield to learn more about how to effectively lobby your MP on digital rights matters, with current especial reference of course to the DEB, graduated response, disonnection etc.
This is a great and timely initiative and if you have any interest in learning how to actually participate in democracy and make your voice count, come along!! It's free!
I will be attending the Edinburgh one, and am happy to talk to people about what I've seen of the Lords debates on the amendments thus far - I'll also, time willing, be blogging in detail on this this week or next as we approach the end of the committee Lords stage. Hugh Hancock of Strange Co machinima fame will also be there and of course Jim Killock, director of ORG. (Will we have a Technollama, Andres??)
Details and sign up form here.
"The Open Rights Group wants to help you get your voice heard: by helping you to talk to your MP. Booking an appointment with your MP and saying what you think is easier than you might think.
At this event you will:
- Gain the confidence to talk and write to your MP
- Rehearse talking to your MP one on one
- Find out what MPs will ask you
- Learn how to write to your MP and get a response
- Meet other people campaigning against disconnection without trial in the Digital Economy Bill
Talking to your MP is the most effective way to make sure Parliament knows how unpopular and bad disconnection without trial really would be.
In these short sessions, you can try out talking to your ‘MP’ or watch someone else having a go, and learn how to get your points across in a way that an MP will understand."
Friday, January 15, 2010
Quote of the debate so far
Lord Lucas, Jan 12th, Committee Stage day 2
"Lord Lucas: I agree with what the noble Lord, Lord Mitchell, has just said. We have to be careful about setting out to criminalise, as he says, a large proportion of our population, particularly when it involves putting them not in the hands of the criminal law with all the safeguards, care and rationality that involves, but in the hands of firms of solicitors who are out to make a
12 Jan 2010 : Column 423
"Lord Lucas: I agree with what the noble Lord, Lord Mitchell, has just said. We have to be careful about setting out to criminalise, as he says, a large proportion of our population, particularly when it involves putting them not in the hands of the criminal law with all the safeguards, care and rationality that involves, but in the hands of firms of solicitors who are out to make a
12 Jan 2010 : Column 423
The DEB amendments; 1 in a series..
You might wonder where I've been this time. Well, Pangloss is currently signed off work with a prolapsed disc. Yes it's Ok, it wsn't fun, but I'm getting better now, thanks. Anyway, one thing I plan to do for **fun** this week now I have time on my hands is sit down and have a look at the hundreds of DEB amendments. Yes I know; I'm that sad.
As a starter, it's important to remember not all the DEB is about disconnection of filesharers and neither are all the amendments.
One amendment Pangloss might draw attention to in particular has had quite a warm reception in parts of the press, odd perhaps given recent Google/Murdoch fracas (or not so odd?:). The Telegraph note
while the Guardian adds
" it would, for example, give Google legal immunity with which to index News Corp content, settling that thorny topic once and for all. But all would not be lost for publishers who want to retain control. Lucas's amendment does make provision…
As a starter, it's important to remember not all the DEB is about disconnection of filesharers and neither are all the amendments.
One amendment Pangloss might draw attention to in particular has had quite a warm reception in parts of the press, odd perhaps given recent Google/Murdoch fracas (or not so odd?:). The Telegraph note
Lord Lucas, a Conservative peer, has tabled several amendments to the Digital Economy Billthat would settle a number of copyright and electronic publishing arguments once and for all.
The one that’s been catching the headlines is immunity for search engines from prosecution under copyright laws as they go about their normal business of searching the web. Every provider of a publicly-accessible website shall be presumed to give a standing and non-exclusive licence to search engines to copy their content for the purposes of searching. A machine-readable file (robots.txt, for example) can be used to demonstrate that such a licence is not granted, should the owners of the website prefer not to be indexed.
Brilliant. Immediately all of the rows and back-and-forth between ill-advised newspapers and publishers is given a clear legal footing. It would be legal to be a search engine, and you can tell them to keep out if you wish. A few sentences saves millions of pounds of court costs and clears the headaches of everyone involved."
while the Guardian adds
" it would, for example, give Google legal immunity with which to index News Corp content, settling that thorny topic once and for all. But all would not be lost for publishers who want to retain control. Lucas's amendment does make provision…
The presumption (of having an automatic license) may be rebutted by explicit evidence that such a licence was not granted. Such explicit evidence shall be found only in the form of statements in a machine-readable file to be placed on the website and accessible to providers of search engine services.
In other words, Google would be free to copy everything - but a publisher blocking search spiders with a robots.txt file would be taken as withholding that right. An explicit "fair use" provision, which Google often cites against copyright-abuse claims, does not exist in UK law."
Interesting stuff?
NOTE: fun summary of this week's first debate at the Register
Oink site owner cleared of conspiracy to defraud
Well I guess we didn't see that coming.
Some very strange elements here. Users had to make "donations" - yet they, who were looking for free music, donated £11,000 a month? How good was this site? An earlier Beeb story tells us "The court heard that membership to Oink was free, but by invitation only, and anyone wishing to propose a friend had to make a five dollar payment." Er that's an entry fee NOT a donation..
Te money was alleged to be used to buy a new server. You can buy a decent server for about £1000 or less these days..not £11K per month. The site was designed not to "defraud" but to allow the owner to practice his skills to bcome employable, he claimed. Yet "the website was developed from a free template, which had a torrent file-sharing facility included in it". In other words, it came as a kit. Not terribly skill enhancing? And this unemployed worker wannabe had $300,000 in his bank account when the police raided. All this rather points to the perverse jury theory.
Why did the CPS go for conspiracy to defraud anyway? Why not as in Sweden, a criminal copyright offence, since given the "donations" and profits, surely there is as much evidence of commercial trading in copyright infringement as with any normal geezer selling CDs off the back of a van? Did they decide not to take that approach because it was a torrent site not a hosting site? That would be my guess (although of course the Pirate Bay was a torrent site too) - it would be great if someone out there knows more.
Not a good week for the music industry altogether, as BIS back peddles on clause 17 of the DEB as well! Perhaps the most interesting sociological point here is to wonder why the jury came in with such a strange verdict. Has the music industry dug their own grave by making their enforcement tactics so alienating that juries will turn their back on overwhelming evidence of guilt? Hubris, ate??
"A man who ran a music-sharing website with almost 200,000 members has been found not guilty of conspiracy to defraud at Teesside Crown Court.Well this is interesting. Is this the UK's own homegrown Pirate Bay case only coming out in reverse, or is it merely a blip from a perverse jury probably stuffed full of students and ne'er do wells? We may not find out for some time..Alan Ellis, 26, was the first person in the UK to be prosecuted for illegal file-sharing...
Oink facilitated the download of 21 million music files...During the trial, which lasted seven days, Teesside Crown Court heard that users were required to make a donation to be able to invite friends to join the site.e jury was also told that Mr Ellis received $18,000 (£11,000) a month in donations from people using his website."
Some very strange elements here. Users had to make "donations" - yet they, who were looking for free music, donated £11,000 a month? How good was this site? An earlier Beeb story tells us "The court heard that membership to Oink was free, but by invitation only, and anyone wishing to propose a friend had to make a five dollar payment." Er that's an entry fee NOT a donation..
Te money was alleged to be used to buy a new server. You can buy a decent server for about £1000 or less these days..not £11K per month. The site was designed not to "defraud" but to allow the owner to practice his skills to bcome employable, he claimed. Yet "the website was developed from a free template, which had a torrent file-sharing facility included in it". In other words, it came as a kit. Not terribly skill enhancing? And this unemployed worker wannabe had $300,000 in his bank account when the police raided. All this rather points to the perverse jury theory.
Why did the CPS go for conspiracy to defraud anyway? Why not as in Sweden, a criminal copyright offence, since given the "donations" and profits, surely there is as much evidence of commercial trading in copyright infringement as with any normal geezer selling CDs off the back of a van? Did they decide not to take that approach because it was a torrent site not a hosting site? That would be my guess (although of course the Pirate Bay was a torrent site too) - it would be great if someone out there knows more.
Not a good week for the music industry altogether, as BIS back peddles on clause 17 of the DEB as well! Perhaps the most interesting sociological point here is to wonder why the jury came in with such a strange verdict. Has the music industry dug their own grave by making their enforcement tactics so alienating that juries will turn their back on overwhelming evidence of guilt? Hubris, ate??
Tuesday, January 05, 2010
The Google Toilet
This is getting a lot of pass-round in ye olde blogosphere. As with some of the vids I post here about filesharing, it makes some good points evocatively but I do not endorse the overall conclusion for one simple (or maybe not so simple) reason; even if you effectively feel you have to use Google (and there are rivals, especially in the non search categories of services) you can delete your Google cookies. But - another fun one to show students!
Monday, January 04, 2010
Tell it to the Marines: 2010, same news at 10
And so as it ended, it begins.. (obvious reference to Dr Who's regeneration deleted , sadly..)
The Beeb reports a pre emptive attempt by Bono to get headlines when as we all know this the time of year with No News.
Um yeh. Would that be the same rich ISPs who are going to have to pay an estimated £500m to prop up the failure to innovate of an entirely other industry?
As to:
The Beeb reports a pre emptive attempt by Bono to get headlines when as we all know this the time of year with No News.
""The immutable laws of bandwidth tell us we're just a few years away from being able to download an entire season of '24' in 24 seconds," he wrote.
"A decade's worth of music file-sharing and swiping has made clear that the people it hurts are the creators...the people this reverse Robin Hooding benefits are rich service providers, whose swollen profits perfectly mirror the lost receipts of the music business."
Um yeh. Would that be the same rich ISPs who are going to have to pay an estimated £500m to prop up the failure to innovate of an entirely other industry?
As to:
In a move that drew significant criticism, Bono went on to suggest that the feasibility of tracking down file-sharers had already been proven."We know from America's noble effort to stop child pornography, not to mention China's ignoble effort to suppress online dissent, that it's perfectly possible to track content," he said."
...I really feel any comment is redundant.
Oh and happy new year!!
Wednesday, December 09, 2009
Facebook Privacy:: Fact or theory?
Xmas comes early for privacy advocates?!
"Facebook has ordered its 350 million users to sort out their privacy settings right now, before it throws the switch on its revamped security system.
The social networker farmer in chief Mark Zuckerberg, told its users last week that, "We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload." He also promised a simplified privacy page.
..In today's warning, coinciding with the actual launch of the tools, Facebook promised its new Publisher Privacy Control would allow users to set a privacy setting for each piece on content they create.The firm is also removing its "regional networks", in favour of four basic control settings: friends, friends of friends, everyone and customised.
This will be allied with an "easy, intuitive and accessible" privacy settings page."
Well, hmm, let's see - but Blogzilla. looks like we may finally have to rewrite that FB paper!
Of course in other news today, Sophos, who discovered 2 years ago that most FB users would revel their most private details to cartoon frog, found that 2 years on, relicating the study in Australia, ... well, nothing had really changed.
"The survey found that 46% of users in a fictional 21 year old's age group accepted the offered friendship, while 41% of a fictional 56 year old's peers did.
On Facebook once someone has been accepted as your 'friend' they can see more information about you, but you can still choose to hide information from those friends or limit it to specific groups amongst your online friends....
"Both groups were very liberal with their email addresses and with their birthdays," said Sophos head of technology in Asia Pacific Paul Ducklin. "This is worrying because these details make an excellent starting point for scammers and social engineers.""
Ah well, you can't have everything!
Something Different for the Midweek: Google and Criminal Liability
Yesterday Pangloss was very happy to have a guest lecture for her Internet Law class given by Trevor Callaghan, Managing Product Counsel of Google UK. Trev gave a hilarious lecture on the law relating to search and copyright, which conbined legal insight, practical tips, and social responsibility with some Glasgow humour that would have put Armando Iannuci of The Thick Of It fame to shame (albeit with (slightly) less swearing). I enjoyed it, lots, and i think the students did too.
Anyway, this all reminded me that actually quite a few things are going on I should be talking about as well as (or perhaps even in combination with) the Digital Economy Bill. One of these, which has received suprisingly little press (even wonderful OUT-LAW hasn't mentioned it since February) , is that right now, four Google executives - including Privacy CEO Peter Fleischer- are on trial - yes, criminal trial - in Italy, in relation to a short phonecam video made by some school children of a bullying incident involving a child with learning disabilities, and then posted on Google Video.
In Italy, it appears that libel and , possibly, infringement of privacy laws, can be a matter of criminal as well as civil law. Google took down the video on notice within a day of receiving an official complaint from a consumer group, although the video had been online for about 2 months before that. Italian prosecutors investigated for two years but then decided to proceed.
For Pangloss this seems a not very difficult case that ought to be easily decided under the EC E-Commerce Directive safe harbours in Art 14 and 15, as often discused in this blog. If these aren't implemented into Italian law, then it would seem Italy must be in breach of EC law itself. Google was clearly a host here, and Art 14 provides that such sites are protected from criminal liability for the activity of users of the service, unless they receive actual notice, and fail to take down expediently. This is a case about criminal liability so there is no need even to move to the second branch of Art 14 (which is far more controversial) and discuss whether Google should have known - ie had constructive knowledge - of the activity or content. Injunctions would have been relevant, despite the safe harbours, but these are not the issue as Google already took down straightaway on notice.
So why on earth is this case coming to trial? Pangloss is perplexed. One possibility as noted above is that simply that Italy's domestic law is in breach of EC law (in which case Google should have a Francovich claim for damages against the Italian government, though that may not be much comfort to the men awaiting trial.) Another possibility, though rather an unlikely one, is that the Italian prosecutors have confused the activities of Google as a search engine, with Google as a host. The ECD does not give search engines , or hyperlinkers , a special immunity from liability as it does hosts and "mere conduits" : though a number of EC countries have in fact decidd to extend such an immunity, either under Art 12 or 14, or both. However in this case case it seems pretty clear Google was a host not a hyperlinker in terms of liability. So, what on earth quid iuris?
Another remote possibility is that the suggestion is that Google as a provider of free services does not gain the benefit of the Art 14 safe harbour. This uncertainty has been around for a long time, since only providers of "information society services"(ISSPs) get the benefit of Arts 12-15 and that definition is of an online service "normally provided for remuneration" (see recitals 17 and 18). Yet majority opinion has long felt that this particular point is no obstacle to the likes of Google (or Facebook, or Hotmail?) claiming safe harbours.
First, while renumeration might not come directly from users, it certainly does come in the form of the adverts Google place alongside its services. Second, search services are certainly something that would "normally" be paid for if they weren't, happily, often provided for free: they are of huge commercial value . Thirdly, it seems a strange policy in terms of public interest which would discriminate against services of great public value provided for free, in favour of those given purely for direct consideration.
There is no clear ECJ ruling on this yet but there is likely to be soon: in the upcoming Adwords conjoined referrals to the ECJ (Google France v Louis Vuitton, etc), the Advocate-General has already given a preliminary opinion in which he found:
So what does that leave? Well there is perhaps a clue in the New York Times account.
This stuff should be simple law (compared at least to issues like eBay and Louis Vuitton, Google and AdWords) but even it is not. The ECD deperately needs revised to get a few simple things right and harmonised across Europe: what form should "actual notice" take; what does "expediently" mean; what is constructive notice; when, if ever, can an obligation to filter proactively be placed on ISSPs; what immunities should search engines (and hyperlinkers and aggregators) have. Pangloss loves this stuff but even she is tired of writing the same stuff over and over again. It is time to review the ECD.
PS and in the interest of public policy but with just a hint of minx-itude, I have helped draft a proposed amendment to the Digital Economy Bill for ORG which would aim to clarify some of these very matters, at least for the UK. See you in the House of Lords! :-)
Anyway, this all reminded me that actually quite a few things are going on I should be talking about as well as (or perhaps even in combination with) the Digital Economy Bill. One of these, which has received suprisingly little press (even wonderful OUT-LAW hasn't mentioned it since February) , is that right now, four Google executives - including Privacy CEO Peter Fleischer- are on trial - yes, criminal trial - in Italy, in relation to a short phonecam video made by some school children of a bullying incident involving a child with learning disabilities, and then posted on Google Video.
In Italy, it appears that libel and , possibly, infringement of privacy laws, can be a matter of criminal as well as civil law. Google took down the video on notice within a day of receiving an official complaint from a consumer group, although the video had been online for about 2 months before that. Italian prosecutors investigated for two years but then decided to proceed.
For Pangloss this seems a not very difficult case that ought to be easily decided under the EC E-Commerce Directive safe harbours in Art 14 and 15, as often discused in this blog. If these aren't implemented into Italian law, then it would seem Italy must be in breach of EC law itself. Google was clearly a host here, and Art 14 provides that such sites are protected from criminal liability for the activity of users of the service, unless they receive actual notice, and fail to take down expediently. This is a case about criminal liability so there is no need even to move to the second branch of Art 14 (which is far more controversial) and discuss whether Google should have known - ie had constructive knowledge - of the activity or content. Injunctions would have been relevant, despite the safe harbours, but these are not the issue as Google already took down straightaway on notice.
So why on earth is this case coming to trial? Pangloss is perplexed. One possibility as noted above is that simply that Italy's domestic law is in breach of EC law (in which case Google should have a Francovich claim for damages against the Italian government, though that may not be much comfort to the men awaiting trial.) Another possibility, though rather an unlikely one, is that the Italian prosecutors have confused the activities of Google as a search engine, with Google as a host. The ECD does not give search engines , or hyperlinkers , a special immunity from liability as it does hosts and "mere conduits" : though a number of EC countries have in fact decidd to extend such an immunity, either under Art 12 or 14, or both. However in this case case it seems pretty clear Google was a host not a hyperlinker in terms of liability. So, what on earth quid iuris?
Another remote possibility is that the suggestion is that Google as a provider of free services does not gain the benefit of the Art 14 safe harbour. This uncertainty has been around for a long time, since only providers of "information society services"(ISSPs) get the benefit of Arts 12-15 and that definition is of an online service "normally provided for remuneration" (see recitals 17 and 18). Yet majority opinion has long felt that this particular point is no obstacle to the likes of Google (or Facebook, or Hotmail?) claiming safe harbours.
First, while renumeration might not come directly from users, it certainly does come in the form of the adverts Google place alongside its services. Second, search services are certainly something that would "normally" be paid for if they weren't, happily, often provided for free: they are of huge commercial value . Thirdly, it seems a strange policy in terms of public interest which would discriminate against services of great public value provided for free, in favour of those given purely for direct consideration.
There is no clear ECJ ruling on this yet but there is likely to be soon: in the upcoming Adwords conjoined referrals to the ECJ (Google France v Louis Vuitton, etc), the Advocate-General has already given a preliminary opinion in which he found:
"There is nothing in the wording of the definition of information society services to exclude its application to the provision of hyperlinks and search engines, that is to say, to Google’s search engine and AdWords. The element ‘normally provided for remuneration’ may raise some doubts as regards Google’s search engine, but, as has been pointed out, the search engine is provided free of charge in the expectation of remuneration under AdWords. (68) Since both services are also provided ‘at a distance, by electronic means and at the individual request of the recipient of services’, they fulfil all the requirements necessary to be regarded as information society services."(para 131)And for what it is worth, a roughly similar finding was reached, albeit obiter and with an admission of some possibility of doubt , in the recent English libel case of Metropolitan v Designtechnica, where Eady J opined: "it would appear on balance that the provisions of the 2002 Regulations [defining an ISSP] are apt to cover those providing search engine services." (para 84)
So what does that leave? Well there is perhaps a clue in the New York Times account.
"Google and the prosecutors agree the video was uploaded Sept. 8 and removed Nov. 7, 2006. The prosecutors presented evidence showing that in early October, a month before the video’s removal, there were comments posted saying that it should be taken down. One of those messages read, “This is shameful! This should be taken down immediately.”
“It is reasonable to imagine that comments like this were followed by requests by these same people that the video be removed,” the prosecutors wrote in the document they presented to the judge."
So when are such shocked responses or "requests", "actual notice" as required by Art 14? Do comments on a video hosting site cut it, as opposed to an official request for takedown? To put it another way: does a hosting service have a duty to read comments about videos posted by, and probably of interest only to, their creators and viewers? Surely not.
Compare the situation to the original world Art 14 was designed to deal with, that of web 1.0. If Demon Internet hosted a basic site for (let's say) Anglers Magazine, and it contained a chatroom where libellous remarks were made about particular fly-fishers, would Demon be expected to monitor that chatroom for explicit or implied requests to take down those comments? Again, surely not. It would be up to the aggrieved angler to send his request for take down direct to Demon. The whole point of Art 14 was to reassure host providers they had no need to monitor the activities of those to whom they provided hosting services. Not only would this involve huge expenditure of effort and cost, but it might also be privacy invasive and chilling of free speech. Art 15 states this absolutely explicitly:
"Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity."
Still another way to put this is to ask , what are the minimum requirements for notice? This is a perennial problem. The US DMCA largely gets it right, with a statutory form which requires a complainant to give clear details including their own address and status as rightsholder, and provides sanctions for false accusations. The ECD, being a EC wide framework, is hopelessly vague. The UK's own regs help a little but not much - there is no DMCA type statutory notice but Reg 22 of our E Commerce Regulations does state that
"In determining whether a service provider has actual knowledge ... a court shall take into account all matters which appear to it in the particular circumstances to be relevant [including] whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c)" - ie, their official contact email address .
This stuff should be simple law (compared at least to issues like eBay and Louis Vuitton, Google and AdWords) but even it is not. The ECD deperately needs revised to get a few simple things right and harmonised across Europe: what form should "actual notice" take; what does "expediently" mean; what is constructive notice; when, if ever, can an obligation to filter proactively be placed on ISSPs; what immunities should search engines (and hyperlinkers and aggregators) have. Pangloss loves this stuff but even she is tired of writing the same stuff over and over again. It is time to review the ECD.
PS and in the interest of public policy but with just a hint of minx-itude, I have helped draft a proposed amendment to the Digital Economy Bill for ORG which would aim to clarify some of these very matters, at least for the UK. See you in the House of Lords! :-)
Friday, December 04, 2009
Predictions 2010
The SCl Journal is as usual publishing pithy predictions for next year from the great, good and garrulous in IT Law (though they don't seem to have asked me this year - sob!
The best so far of course is from the wonderful Jeremy Phillips:
The best so far of course is from the wonderful Jeremy Phillips:
From Jeremy Phillips, IP Consultant, Olswang LLP
* 'Three strikes' proposals, even if enacted, will be shown to be feeble, cosmetic inconveniences. What's more, downloaders will assert they have a right to two free infringements.
* The Ministry responsible for IP/IT will change its name, its role and its Minister.
* The aggregated figure for victims of Data Protection Act data leak will exceed the population of the UK.
* The government will proclaim that innovation is ‘key’ to the country's well-being while further restricting its exploitation and taxing it to death.
* Some people will continue to believe in Santa Claus, a flat Earth and the Manchester Manifesto.
I particularly love the second point. One wonders if it's like the professor for DEfense against the dark Arts in each harry Potter novel - each government reshuffle, a new incumbent and name for the department required!
Less funy, but equally to point and often overlooked as we focus on three strikes, data breaches and e-commerce:
"From Jaron Lewis, Partner, Reynolds Porter Chamberlain LLP
2010 will be the year that our pre-internet libel laws are kicked into shape. Legislation is expected to prevent publishers being sued over archived web content. We will also see a consensus forming over the introduction of more streamlined - and cheaper - procedures for resolving libel disputes. Finally, our libel judges will continue to make clear that those providing the web infrastructure - such as ISPs and search engines - should not be liable for defamatory content, even when they are on notice of a complaint."
Having taught Internet libel law, substantive and jurisdictional for almost 20 years now, I really hope we are going to see real change here on the UK's antiquated libel magnet laws - Metropolitan v Google, which Pangloss really should have found time to blog properly, isalso an especially heartening and sensible decision. It is just a shame the current review of the single publication rule (still open till Dec 16th) is not looking at place as well as time.
Finally although not a prediction or even legal I must leave you with my favourite quote of the week for everyone out there who spends their life glued to a keyboard:
from Ben Goldacre on Twitter:"if anyone needs me i'm flying to america tonight so i can kill everyone involved in writing and marketing microsoft word."
Tuesday, December 01, 2009
The Death of Public Wi fi: Grauniad
I decided to write up a user friendly version of the wi fi story for the Grauniad, as you can see here. Many thanks to Francis Davey, inter alia counsel for Theyworkforyou.com, who pointed out the difficulties of the word "agreement" in terms of defining a subscriber and an ISP in the Digital Economy Bill.
Saturday, November 28, 2009
ZDNet, Wi Fi and the Digital Economy Bill
ZDNet is reporting , rather relevantly to Current Times, that a pub owner running an open wi fi hotspot has been "fined £8,000" for infringing downloads by its customers. The information was provided by the Cloud, who provided the hot spot capability (and who also, incidentally, do the same for McDonalds, my example for wi fi liability of a few days back on this blog.)
"Graham Cove told ZDNet UK on Friday he believes the case to be the first of its kind in the UK. However, he would not identify the pub concerned, because its owner — a pubco that is a client of The Cloud's — had not yet given their permission for the case to be publicised."
ZDNet asked me to comment on the story which I was happy to do, but unfortunately one major error has crept through the phone call process. EDIT - corrected! Thank you! Story also now specifies it was a civil case.
So what about the pub story? It sounds very odd. Basically, we need more details here. First it doesn't sound on first glance like a case where criminal copyright would be applicable. So that probably isn't a "fine", but damages . Even more likely is that the case settled rather than going to final judgment (in which case, wouldn't it be a novel enough decision to have an opinion, and be up on BAILII? I can't see it there). In that case the £8000 is just an estimate of damages both parties were willing to settle for, and, it should be stressed, not a legal precedent.
As for the crucial responsibility angle, one wonders if the issue was mainly one of proof. After all, if a publican was alleged to be regularly downloading without permission, and the defense was that wi fi users were using his IP address ("it wasnae me" as we say in Glasgow), and the wi fi was open, then there was no attributed log of downloads, and thus no proof of this beyond that mere assertion. In strict law, even in a civil case where the standard of proof was the balance of probabilities, the onus of proof should be on the plaintiffs ie the rightsholders. But in a settlement situation, I can conceivably see that the publican might decide to give up and settle without hard proof to back up his case, and cut his losses and the chance of losing the case and paying both side's costs.
The important point is if that if this is a settlement, that doesn't at alll translate into a theory of secondary liability for downloaders suing your open network, still less a legal precedent. If anyone has further details, I'd love to hear them.
I may as well now go on and quote the rest of myself :) (a bit odd I know)
"However, she said the measures that would be brought in under the Digital Economy Bill — measures that could include disconnection of the account holder — would not apply because the business could be classified as a public communications service provider, which would make it exempt. According to the terms of the bill, only "subscribers" can be targeted with sanctions**.
[** note for legally minded Pangloss readers: this is because the DigiEc Bill cl 16defines "subscribers" as excluding "communications providers", which can be traced back via the Communications Act 2003 to include providers of electronic communications services or networks. The pub hotspot would fall into that class, probably :-) ]
According to legal advice sent to The Cloud by the law firm Faegre & Benson on 17 August, "Wi-Fi hotspots in public and enterprise environments providing access to the internet to members of the public, free or paid, are public communications services".
A public communications service provider must, under the terms of the Data Retention Regulations that came into force in the UK in April of this year, retain records for 12 months on communications that have taken place over their network. This data includes user IDs, the times and dates of access, and the online destinations that were being accessed. The content of the communications cannot be retained without the user's permission, due to data-protection laws.
However, there is a get-out clause in the Data Retention Regulations, in that no public communications service provider has to keep such records unless they are notified by the government that they are required to do so.
According to Edwards, this is because "only the big six ISPs have the facilities to comply, and because the government agreed [in its legislation] to repay some of the costs [of retaining [[and accessing - Pangloss adds]] such records]". She noted that this clause might itself be non-compliant with the EU data-retention laws that were transposed into UK law in April.
Edwards pointed out that, even if the sanctions proposed in the Digital Economy Bill come into force, "no-one will know who [the downloader] was, because the IP address that will show up [upon investigation] will be of the hotspot". She added that the rights holder seeking infringers of their copyright would probably not know that the IP address in question was not that of a subscriber.
It would then be up to the hotspot operator to point out that they were not the end user downloading copyrighted material. "But when would they get to say that? Maybe straightaway, maybe not until after disconnection — it's not currently clear," Edwards said."
"Graham Cove told ZDNet UK on Friday he believes the case to be the first of its kind in the UK. However, he would not identify the pub concerned, because its owner — a pubco that is a client of The Cloud's — had not yet given their permission for the case to be publicised."
ZDNet asked me to comment on the story which I was happy to do, but unfortunately one major error has crept through the phone call process. EDIT - corrected! Thank you! Story also now specifies it was a civil case.
So what about the pub story? It sounds very odd. Basically, we need more details here. First it doesn't sound on first glance like a case where criminal copyright would be applicable. So that probably isn't a "fine", but damages . Even more likely is that the case settled rather than going to final judgment (in which case, wouldn't it be a novel enough decision to have an opinion, and be up on BAILII? I can't see it there). In that case the £8000 is just an estimate of damages both parties were willing to settle for, and, it should be stressed, not a legal precedent.
As for the crucial responsibility angle, one wonders if the issue was mainly one of proof. After all, if a publican was alleged to be regularly downloading without permission, and the defense was that wi fi users were using his IP address ("it wasnae me" as we say in Glasgow), and the wi fi was open, then there was no attributed log of downloads, and thus no proof of this beyond that mere assertion. In strict law, even in a civil case where the standard of proof was the balance of probabilities, the onus of proof should be on the plaintiffs ie the rightsholders. But in a settlement situation, I can conceivably see that the publican might decide to give up and settle without hard proof to back up his case, and cut his losses and the chance of losing the case and paying both side's costs.
The important point is if that if this is a settlement, that doesn't at alll translate into a theory of secondary liability for downloaders suing your open network, still less a legal precedent. If anyone has further details, I'd love to hear them.
I may as well now go on and quote the rest of myself :) (a bit odd I know)
"However, she said the measures that would be brought in under the Digital Economy Bill — measures that could include disconnection of the account holder — would not apply because the business could be classified as a public communications service provider, which would make it exempt. According to the terms of the bill, only "subscribers" can be targeted with sanctions**.
[** note for legally minded Pangloss readers: this is because the DigiEc Bill cl 16defines "subscribers" as excluding "communications providers", which can be traced back via the Communications Act 2003 to include providers of electronic communications services or networks. The pub hotspot would fall into that class, probably :-) ]
According to legal advice sent to The Cloud by the law firm Faegre & Benson on 17 August, "Wi-Fi hotspots in public and enterprise environments providing access to the internet to members of the public, free or paid, are public communications services".
A public communications service provider must, under the terms of the Data Retention Regulations that came into force in the UK in April of this year, retain records for 12 months on communications that have taken place over their network. This data includes user IDs, the times and dates of access, and the online destinations that were being accessed. The content of the communications cannot be retained without the user's permission, due to data-protection laws.
However, there is a get-out clause in the Data Retention Regulations, in that no public communications service provider has to keep such records unless they are notified by the government that they are required to do so.
According to Edwards, this is because "only the big six ISPs have the facilities to comply, and because the government agreed [in its legislation] to repay some of the costs [of retaining [[and accessing - Pangloss adds]] such records]". She noted that this clause might itself be non-compliant with the EU data-retention laws that were transposed into UK law in April.
Edwards pointed out that, even if the sanctions proposed in the Digital Economy Bill come into force, "no-one will know who [the downloader] was, because the IP address that will show up [upon investigation] will be of the hotspot". She added that the rights holder seeking infringers of their copyright would probably not know that the IP address in question was not that of a subscriber.
It would then be up to the hotspot operator to point out that they were not the end user downloading copyrighted material. "But when would they get to say that? Maybe straightaway, maybe not until after disconnection — it's not currently clear," Edwards said."
Thursday, November 26, 2009
OK I said I'd stop but..
.. then OUT-Law asked me to comment on the implications of the Digital Economy Bill, especially for organisations and businesses that provide wi fi networks; and this made me think a bit more about how unworkable this whole scheme is.
As I said to OUT-LAW, among the proposed new sections of the Bill is s 124A(1)(b) , which says that action can be taken not just against someone suspected of infringing copyright, but also against "a subscriber to an internet access service [who] has allowed another person to use the service, and that other person has infringed the owner’s copyright by means of the service". This might well be interpreted to mean that anyone who operated unsecured wi fi was "allowing" others to download using it; and be held responsible for it. BIS has indeed so indicated in previous press statements.
One solution to this , as I discussed with OUT-LAW would be an unfortunate one; to effectively prohibit unsecured wi fi networks. But actually, even locking down its network (wi fi or fixed) is not a solution for businesses and the like. A domestic user with a secure wi fi network knows the small number of people who might have infringed using that network, so perhaps responsibility is not so draconian an assumption. But what of corporate networks of thousands of employees, or "public" places like McDonalds Hamburgers , where thousands are currently attracted by the use of free wi fi? Giving a wi fi or network login and password (as McDonalds do, as required by their hotdpot provider, The Cloud) is still, it seems to me, "allowing" that person to access the network.
The network operator might well try to defend itself by proof it was not the person at fault; but the opportunity to put that case would not, in the current skeleton scheme, perhaps come until after disconnection - at which point there is an appeal to a tribunal and thence to the courts. This could take years - after which time evidence of IP addresses, logins, timestamps, and the like might be hard to reconstruct. There is an appeal of kinds available to a "named person" immediately after the "warnings" ; but the detail, grounds and scope of that appeal are vague in the extreme and it is clearly only a very interim process. It might, eg, prove to be an opportunity only to dispute the exact factual details of the IP address collected, or the timestamp.
So are businesses like McDonalds to be held responsible for the copyright infringements of all their customers? Are universities to be held liable for all their students? At the moment it looks like it. Even if the result was only temporary disconnection, this could have a crippling effect on many businesses.
BIS apparently suggest that " the problem be solved by Wi-Fi operators policing their networks. "Many premises that offer public Wi-Fi access already disallow access to unlawful file-sharing sites," said the BIS statement. "Software which limits or prevents access is freely available and easy to install and we would anticipate any responsible organisation offering Wi-Fi access would take action if it appears their connection is being misused." [from OUT-LAW]
Such software solutions do indeed exist, but anyone running a large, fast network will tell you they are far from a complete solution. McDonalds' free wi fi may be far to slow for practical downloading of MP3s (I haven't tried it, but I suspect so) but I bet IBM's or my own university's network isn't - because these networks get used by real employees for serious legitimate purposes. Even in cafes, it takes more to stop P2P than just blocking the URL of the Pirate Bay site. Universities have been trying to stamp out illegal P2P filesharing on their networks for years, if only because they overload the bandwidth(their Acceptable Use Policies nearly always make illegal dowloading a disciplinary offence), and have still generally failed. Blocking the P2P protocol entirely is also counter productive; as is now well known many legal products such as BBC iPLayer now use this protocol. Will I find one day I cannot show a BBC programme to my students because the university has had to block iPlayer?
The only apparent get out for businesses and public bodies may lie in the definitions section of the Digital Economy Bill (cl 16, amending the Communications Act 2003) which says that a "subscriber" (who receives warnings) does *not* include someone who received Internet access as a "communications provider" (CP) themselves. This is intended, I think to protect ISPs who themselves merely retail bandwidth wholesaled by larger ISPs , on the grounds they should be regarded as ISPs giving access to infringers, not infringers themselves. But can it apply further?
The definition of a CP already within the Communications Act 2003 is someone who provides (as per s 32 of that Act) either an "electronic communications network" or an "electronic communications service". Both definitions are quite complex, but without going into more detail. they seem intended to cover those who offer telecommunications services as their main or sole business - ISPs, phone companies, etc - not other kinds of businesses or premises which merely, as a "side order", offer a wi fi or fixed line network.
But even if the definition of a "communications provider" could be stretched to cover the likes of businesses likeMcDonalds, or universities, it would seem likely it could then also be stretched to cover any domestic consumer who offered his household or area wi fi access. This would contradict statements from BIS as above, which have seemed quite clearly to say that domestic wi fi is one of the targets of the legislation.
Also, to make a bad matter worse, if BIS did agree that a business (say) was to be regarded as a "communications provider" not a "subscriber", and thus be free of the risk of disconnection, it would also mean that business was to be subject to all the obligations placed on CPs by OFCOM under the Communications Act 2003; and even worse , if they qualified as a PUBLIC "electronic communications service" or "network" provider (see s 151 of the Comms Act 2003 - also somewhat controversial but very likely to apply at least to any open wi fi network), they would be caught under under the recent Data Retention Directive Regs , and required in principle to retain emails, traffic data and texts sent using their facilities, for later possible police access. I can't see this going down well with small businesses, or even small families.*
Can BIS simply stick in an exception, avoiding the whole CP farrago, that eg, "public and educational institutions providing not for profit wireless networks services to the public, or some section of the public" shall not be regarded as "allowing " access under s 124A(1)(b)? Well not without abandoning the whole point of the Bill. Because then, in essence, the Bill will only cover domestic users and domestic wi fi. Any infringing downloading at work, university, cafes, hotels etc will not be covered. Is there really much point in such legislation?
Alternately, BIS can stick to its guns and declare that businesses etc are covered by the Bill just as much as domestic subscribers , which will mean businesses, to defend themselves from disconnection, will have to (a) lock down all networks and (b) even then, spend their own money when they start to receive warnings, on internally allocating blame, by ascertaining who was using that login at that time etc etc : fiddly, expensive, fun in open plan offices with hot desking :-) and quite likely, sometimes simply impossible.
Tricky, isn't it? I welcome further responses from BIS.
*Reg 8 of the DRD Regs 2009 may be a get out for SMEs and individuals here - since it says these obligations only fall on PECS or PECN providers by notice : but (a) thus leaves room forlots of FUD and (b) the legality of thus rule in respect of the UK's obligations under the original Directive is more than dubious.
EDITED after comments : 27/11/09.
As I said to OUT-LAW, among the proposed new sections of the Bill is s 124A(1)(b) , which says that action can be taken not just against someone suspected of infringing copyright, but also against "a subscriber to an internet access service [who] has allowed another person to use the service, and that other person has infringed the owner’s copyright by means of the service". This might well be interpreted to mean that anyone who operated unsecured wi fi was "allowing" others to download using it; and be held responsible for it. BIS has indeed so indicated in previous press statements.
One solution to this , as I discussed with OUT-LAW would be an unfortunate one; to effectively prohibit unsecured wi fi networks. But actually, even locking down its network (wi fi or fixed) is not a solution for businesses and the like. A domestic user with a secure wi fi network knows the small number of people who might have infringed using that network, so perhaps responsibility is not so draconian an assumption. But what of corporate networks of thousands of employees, or "public" places like McDonalds Hamburgers , where thousands are currently attracted by the use of free wi fi? Giving a wi fi or network login and password (as McDonalds do, as required by their hotdpot provider, The Cloud) is still, it seems to me, "allowing" that person to access the network.
The network operator might well try to defend itself by proof it was not the person at fault; but the opportunity to put that case would not, in the current skeleton scheme, perhaps come until after disconnection - at which point there is an appeal to a tribunal and thence to the courts. This could take years - after which time evidence of IP addresses, logins, timestamps, and the like might be hard to reconstruct. There is an appeal of kinds available to a "named person" immediately after the "warnings" ; but the detail, grounds and scope of that appeal are vague in the extreme and it is clearly only a very interim process. It might, eg, prove to be an opportunity only to dispute the exact factual details of the IP address collected, or the timestamp.
So are businesses like McDonalds to be held responsible for the copyright infringements of all their customers? Are universities to be held liable for all their students? At the moment it looks like it. Even if the result was only temporary disconnection, this could have a crippling effect on many businesses.
BIS apparently suggest that " the problem be solved by Wi-Fi operators policing their networks. "Many premises that offer public Wi-Fi access already disallow access to unlawful file-sharing sites," said the BIS statement. "Software which limits or prevents access is freely available and easy to install and we would anticipate any responsible organisation offering Wi-Fi access would take action if it appears their connection is being misused." [from OUT-LAW]
Such software solutions do indeed exist, but anyone running a large, fast network will tell you they are far from a complete solution. McDonalds' free wi fi may be far to slow for practical downloading of MP3s (I haven't tried it, but I suspect so) but I bet IBM's or my own university's network isn't - because these networks get used by real employees for serious legitimate purposes. Even in cafes, it takes more to stop P2P than just blocking the URL of the Pirate Bay site. Universities have been trying to stamp out illegal P2P filesharing on their networks for years, if only because they overload the bandwidth(their Acceptable Use Policies nearly always make illegal dowloading a disciplinary offence), and have still generally failed. Blocking the P2P protocol entirely is also counter productive; as is now well known many legal products such as BBC iPLayer now use this protocol. Will I find one day I cannot show a BBC programme to my students because the university has had to block iPlayer?
The only apparent get out for businesses and public bodies may lie in the definitions section of the Digital Economy Bill (cl 16, amending the Communications Act 2003) which says that a "subscriber" (who receives warnings) does *not* include someone who received Internet access as a "communications provider" (CP) themselves. This is intended, I think to protect ISPs who themselves merely retail bandwidth wholesaled by larger ISPs , on the grounds they should be regarded as ISPs giving access to infringers, not infringers themselves. But can it apply further?
The definition of a CP already within the Communications Act 2003 is someone who provides (as per s 32 of that Act) either an "electronic communications network" or an "electronic communications service". Both definitions are quite complex, but without going into more detail. they seem intended to cover those who offer telecommunications services as their main or sole business - ISPs, phone companies, etc - not other kinds of businesses or premises which merely, as a "side order", offer a wi fi or fixed line network.
But even if the definition of a "communications provider" could be stretched to cover the likes of businesses likeMcDonalds, or universities, it would seem likely it could then also be stretched to cover any domestic consumer who offered his household or area wi fi access. This would contradict statements from BIS as above, which have seemed quite clearly to say that domestic wi fi is one of the targets of the legislation.
Also, to make a bad matter worse, if BIS did agree that a business (say) was to be regarded as a "communications provider" not a "subscriber", and thus be free of the risk of disconnection, it would also mean that business was to be subject to all the obligations placed on CPs by OFCOM under the Communications Act 2003; and even worse , if they qualified as a PUBLIC "electronic communications service" or "network" provider (see s 151 of the Comms Act 2003 - also somewhat controversial but very likely to apply at least to any open wi fi network), they would be caught under under the recent Data Retention Directive Regs , and required in principle to retain emails, traffic data and texts sent using their facilities, for later possible police access. I can't see this going down well with small businesses, or even small families.*
Can BIS simply stick in an exception, avoiding the whole CP farrago, that eg, "public and educational institutions providing not for profit wireless networks services to the public, or some section of the public" shall not be regarded as "allowing " access under s 124A(1)(b)? Well not without abandoning the whole point of the Bill. Because then, in essence, the Bill will only cover domestic users and domestic wi fi. Any infringing downloading at work, university, cafes, hotels etc will not be covered. Is there really much point in such legislation?
Alternately, BIS can stick to its guns and declare that businesses etc are covered by the Bill just as much as domestic subscribers , which will mean businesses, to defend themselves from disconnection, will have to (a) lock down all networks and (b) even then, spend their own money when they start to receive warnings, on internally allocating blame, by ascertaining who was using that login at that time etc etc : fiddly, expensive, fun in open plan offices with hot desking :-) and quite likely, sometimes simply impossible.
Tricky, isn't it? I welcome further responses from BIS.
*Reg 8 of the DRD Regs 2009 may be a get out for SMEs and individuals here - since it says these obligations only fall on PECS or PECN providers by notice : but (a) thus leaves room forlots of FUD and (b) the legality of thus rule in respect of the UK's obligations under the original Directive is more than dubious.
EDITED after comments : 27/11/09.
Tuesday, November 24, 2009
PS Digital Britain footnote
Time to leave this bone alone and do some proper work, but I can't resist noting the Digital Britain's team responses to criticisms, having been directed towards it by the Beeb. As it happens, despite the impression the BBC gives, these responses date from the summer so should hardly be regarded as the current BIS last word. But I can scarcely credit this:
3. You’re criminalising a generation of peopleGetting Copying* copyrighted material without permission or payment is already unlawful (it is a civil offence). Recognising that fact and enforcing existing rights is not criminalisation.
What in hell is a civil offence? There are civil infringements and criminal offences. This is the whole point: they demand diferent processes, different standards of proof and lead to different acceptable sanctions. It is in the interests of the music industry to attempt to blur the line between civil and criminal in relation to copyright - domestic copying is purely a civil infringement whereas commercial distribution may also be criminal - but the distinction is one that one would hope civil servants at least would understand, particularly when it would have helped them resist the original accusation! As the Beeb might say, Dear oh dear oh dear!.
Monday, November 23, 2009
Mandy and Me: some thoughts on the Digital Economy Bill
So, once more unto the breach, dear friends, once more, where the breach is of copyright of course. First a brief summary of the terrain.
Clauses 4-17 of the Digital Economy Bill introduce an “initial obligations” regime for ISPs, whereby subscribers accused of filesharing by rightsholders will be sent warnings of alleged copyright infringements, or “strikes”, by their ISPs; and a “technical measures” phase, to be green-lit only after evidence has been amassed that warnings do not work (but see below), which will allow sufficiently warned offenders who still seem not to have seen the error of their ways to be disconnected from the Internet. Traffic slowing and banning of access to certain sites eg the Pirate Bay, may also become available measures.
The Bill also, almost as an after thought, adds a “Henry VIII” clause, which allows the relevant Secretary of State (currently Lord Mandelson ofMordor sorry BIS) to make new copyright law in any area of Parts 1 and 7 of the Copyright, Design and Patents Act 1988 (CDPA), by statutory instrument (SI) not primary legislation, if justified by speed of technological developments (even ones that haven’t happened yet – see proposed new s 302A of the CDPA.) So essentially, new and important copyright laws (not exclusively to do with filesharing – DRM, fair dealing and user rights might all be affected) are to be made under the public radar, and without proper Parliamentary scrutiny. anytime, anywhere (hereafter, the “Martini clause”).
There has been a great deal of coverage of these matters – see eg here and here – so I will only point out a few matters of detail which have struck me as particularly worrying, on top of my, er, well-ventilated previous concerns about the principle of a regime of “three strikes” at all. Most of the press attention has focused on the posited disconnection regime, since of course the sanction is so far reaching. But the warnings regime, which if the Bill passes is likely to be of more immediate concern, is also staggeringly poorly drafted, and this is where my focus will lie.
Accusations and evidence
In the outline scheme we have, warnings are to be sent to subscribers solely on the say so of rightsholders. All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility.
“Allowing infringement”
The Bill also makes it clear that an infringement may be notified by a rightsholder if the subscriber “allowed another person to use the service and that other person has infringed”. What does “allowed” mean here? It seems clear it is intended to cover the case where an Internet service is used to download by any member of the household other than the subscriber eg by partners, children, flatmates and lodgers – but what of casual visitors, friends of children? Should such persons be routinely policed by the subscriber fearful of liability, their rooms and computers searched, guests interrogated about their laptops and smartphones? What of Art 8 ECHR guarantees of privacy (which, let us remember, apply to children as well as adults, especially in their own bedrooms)? This is however only the start. What of the school or university or business which gives access to the Internet to hundreds or thousands of people? These warnings will come to roost at their doors, or rather their IP addresses. Will we then see IBM, Oxford University and Standard Life (just say) subsequently banned from the Internet? Is it really feasible to expect such organisations to stamp out downloading among all their employees or attendees (especially given most already do their best to try) or to spend the resources on internally trying to attribute the warnings to individual employees etc?
The end of unsecured wi fi?
A connected issue Pangloss has raised before relates to wi fi. At present it is a subscriber’s choice whether to secure their wireless network or not. Despite the public panic about paedophile use etc, many still think leaving wi fi unsecured is a public service (see on this Daithi McSithigh’s excellent piece). Yet one can easily see that leaving a network unsecured will count as “allowing” another’s infringement (and note the mandatory requirement to notify alleged infringers about how to protect their wi fi in proposed new s 124(5)(f)). What we see therefore is constructive prohibition of unsecured wi fi by the back door, for both consumers, corporations and the public sector (think of the impact on digital inclusion?); a decision of huge significance, which itself deserves a major public debate.
Appeals
Appeals against allegations untested in court and based on evidence solely of one interested party, are vital. At the warnings stage, a single appeal is to be allowed, it seems, not to a full tribunal but merely to a “named person” who will be an arbiter of some type, independent of ISPs and rights holders, though not of OFCOM. Such an appeal is also vital to ensuring that this process meets the requirement of a “fair and impartial” hearing, under what was Amendment 138 to the now finalised Telecoms Package. But no grounds are named in the Bill for an appeal against an erroneous warning to be allowed (there are some in relation to the better drafted and seperate appeal against disconnection) , nor is it stated what disposal the “person” could make if an error was found to have been made. Strangely, there is not even any requirement for alleged infringers to be told of this right of appeal, even though they are required to be given an enormous number of other pieces of educational “information”. This is wholly unsatisfactory, especially in relation to Amendment 138.
Notification of warning
Finally on this part, note (see proposed s 124A (7)) that warnings are to be deemed “notified” if sent to “the electronic or postal address” held by the ISP. As someone who never uses or checks their nominal ISP-provided email address (mailto:something@virgin.net I guess) , I would strongly suggest this be altered to “and” rather than “or”. Of course this would cost substantially more to the rightsholders and ISPs, so possibly some midway solution should be found where an ISP is required to obtain a current used email address from its subscribers.
ISP liability?
ISPs hold an unfortunate piggy-in-the-middle position in all this, forced by the threat of a fine of up to £250,000 to co-operate with rightsholders, even though they gain nothing from the process but overheads and customer ill-will. I have said elsewhere that I do not think it is just or sensible to enrol ISPs as “copyright cops”, but if they are to be, they need strong protection from liability, ideally in the form of an indemnity from the rightsholders who actually plan to benefit from this whole stramash. ISPs face potential liability for sending out libellous allegations to subscribers, and again for disconnecting the wrong person on erroneous evidence, and in breach of contract, However currently all ISPs get by way of protection is the feather-light provision that an indemnity may – not must – be provided by the Code to be drafted (again, no further details now– see new s 124J(4)(b). If I were an ISP, I’d be going out now to price a shedload of legal liability insurance J - or to check out moving offshore.
The disconnection regime
Finally (gentle reader wipes brow), the present government has made a great deal of the assertion that the “disconnection” stage is a “nuclear deterrent” option – only to be implemented if all else has failed. One wonders why, three months before an election the current incumbents are likely to lose, it was not then simply left to the discretion of the next government whether to bring forward legislation, once the evidence was in. As it stands, the “disconnection” regime is supposed to be brought in, it has been widely reported, if a review by OFCOM shows (to some very vague timetable) that the “warnings and passing of ID details” approach is not working. However if you go and look, what s 124H(1)(b) actually says is that the Secretary of State may order that the “technical measures” stage may go ahead as appropriate in view of such a report OR “any other consideration”. In other words, you can forget evidence based policy making if times are tough, and donations from rightsholders are needed? Again Pangloss’s suggestion would be for that last sub-clause to go.
I could go on – for most of a PhD length thesis I suspect – but enough is enough. This legislation bears every hallmark of having been drafted in haste on the back of an envelope on a wet Tuesday. It’s so like The Thick Of It. Only without the jokes .
Ps if you are unhappy with any of the above, can I politely direct you towards http://petitions.number10.gov.uk/dontdisconnectus/ ?
Clauses 4-17 of the Digital Economy Bill introduce an “initial obligations” regime for ISPs, whereby subscribers accused of filesharing by rightsholders will be sent warnings of alleged copyright infringements, or “strikes”, by their ISPs; and a “technical measures” phase, to be green-lit only after evidence has been amassed that warnings do not work (but see below), which will allow sufficiently warned offenders who still seem not to have seen the error of their ways to be disconnected from the Internet. Traffic slowing and banning of access to certain sites eg the Pirate Bay, may also become available measures.
The Bill also, almost as an after thought, adds a “Henry VIII” clause, which allows the relevant Secretary of State (currently Lord Mandelson of
There has been a great deal of coverage of these matters – see eg here and here – so I will only point out a few matters of detail which have struck me as particularly worrying, on top of my, er, well-ventilated previous concerns about the principle of a regime of “three strikes” at all. Most of the press attention has focused on the posited disconnection regime, since of course the sanction is so far reaching. But the warnings regime, which if the Bill passes is likely to be of more immediate concern, is also staggeringly poorly drafted, and this is where my focus will lie.
Accusations and evidence
In the outline scheme we have, warnings are to be sent to subscribers solely on the say so of rightsholders. All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility.
“Allowing infringement”
The Bill also makes it clear that an infringement may be notified by a rightsholder if the subscriber “allowed another person to use the service and that other person has infringed”. What does “allowed” mean here? It seems clear it is intended to cover the case where an Internet service is used to download by any member of the household other than the subscriber eg by partners, children, flatmates and lodgers – but what of casual visitors, friends of children? Should such persons be routinely policed by the subscriber fearful of liability, their rooms and computers searched, guests interrogated about their laptops and smartphones? What of Art 8 ECHR guarantees of privacy (which, let us remember, apply to children as well as adults, especially in their own bedrooms)? This is however only the start. What of the school or university or business which gives access to the Internet to hundreds or thousands of people? These warnings will come to roost at their doors, or rather their IP addresses. Will we then see IBM, Oxford University and Standard Life (just say) subsequently banned from the Internet? Is it really feasible to expect such organisations to stamp out downloading among all their employees or attendees (especially given most already do their best to try) or to spend the resources on internally trying to attribute the warnings to individual employees etc?
The end of unsecured wi fi?
A connected issue Pangloss has raised before relates to wi fi. At present it is a subscriber’s choice whether to secure their wireless network or not. Despite the public panic about paedophile use etc, many still think leaving wi fi unsecured is a public service (see on this Daithi McSithigh’s excellent piece). Yet one can easily see that leaving a network unsecured will count as “allowing” another’s infringement (and note the mandatory requirement to notify alleged infringers about how to protect their wi fi in proposed new s 124(5)(f)). What we see therefore is constructive prohibition of unsecured wi fi by the back door, for both consumers, corporations and the public sector (think of the impact on digital inclusion?); a decision of huge significance, which itself deserves a major public debate.
Appeals
Appeals against allegations untested in court and based on evidence solely of one interested party, are vital. At the warnings stage, a single appeal is to be allowed, it seems, not to a full tribunal but merely to a “named person” who will be an arbiter of some type, independent of ISPs and rights holders, though not of OFCOM. Such an appeal is also vital to ensuring that this process meets the requirement of a “fair and impartial” hearing, under what was Amendment 138 to the now finalised Telecoms Package. But no grounds are named in the Bill for an appeal against an erroneous warning to be allowed (there are some in relation to the better drafted and seperate appeal against disconnection) , nor is it stated what disposal the “person” could make if an error was found to have been made. Strangely, there is not even any requirement for alleged infringers to be told of this right of appeal, even though they are required to be given an enormous number of other pieces of educational “information”. This is wholly unsatisfactory, especially in relation to Amendment 138.
Notification of warning
Finally on this part, note (see proposed s 124A (7)) that warnings are to be deemed “notified” if sent to “the electronic or postal address” held by the ISP. As someone who never uses or checks their nominal ISP-provided email address (mailto:something@virgin.net I guess) , I would strongly suggest this be altered to “and” rather than “or”. Of course this would cost substantially more to the rightsholders and ISPs, so possibly some midway solution should be found where an ISP is required to obtain a current used email address from its subscribers.
ISP liability?
ISPs hold an unfortunate piggy-in-the-middle position in all this, forced by the threat of a fine of up to £250,000 to co-operate with rightsholders, even though they gain nothing from the process but overheads and customer ill-will. I have said elsewhere that I do not think it is just or sensible to enrol ISPs as “copyright cops”, but if they are to be, they need strong protection from liability, ideally in the form of an indemnity from the rightsholders who actually plan to benefit from this whole stramash. ISPs face potential liability for sending out libellous allegations to subscribers, and again for disconnecting the wrong person on erroneous evidence, and in breach of contract, However currently all ISPs get by way of protection is the feather-light provision that an indemnity may – not must – be provided by the Code to be drafted (again, no further details now– see new s 124J(4)(b). If I were an ISP, I’d be going out now to price a shedload of legal liability insurance J - or to check out moving offshore.
The disconnection regime
Finally (gentle reader wipes brow), the present government has made a great deal of the assertion that the “disconnection” stage is a “nuclear deterrent” option – only to be implemented if all else has failed. One wonders why, three months before an election the current incumbents are likely to lose, it was not then simply left to the discretion of the next government whether to bring forward legislation, once the evidence was in. As it stands, the “disconnection” regime is supposed to be brought in, it has been widely reported, if a review by OFCOM shows (to some very vague timetable) that the “warnings and passing of ID details” approach is not working. However if you go and look, what s 124H(1)(b) actually says is that the Secretary of State may order that the “technical measures” stage may go ahead as appropriate in view of such a report OR “any other consideration”. In other words, you can forget evidence based policy making if times are tough, and donations from rightsholders are needed? Again Pangloss’s suggestion would be for that last sub-clause to go.
I could go on – for most of a PhD length thesis I suspect – but enough is enough. This legislation bears every hallmark of having been drafted in haste on the back of an envelope on a wet Tuesday. It’s so like The Thick Of It. Only without the jokes .
Ps if you are unhappy with any of the above, can I politely direct you towards http://petitions.number10.gov.uk/dontdisconnectus/ ?
Friday, November 20, 2009
Incredulity
.. is my new middle name.
The Digital Economy Bill will be released at 7.30am tomorrow and will, it seems, include not only the anticipated disconnection provisions, but also a clause to allow the Secretary of State to basically change copyright law at will in order to stop filesharing, without primary legislation and without proper public debate and democratic oversight.
Why is this?
So clearly every time things happen fast and the law might struggle to keep up with them, in future, well we should just junk ordinary democratic safeguards before anyone notices, and bow instead to the partisan interests who pay lobbyists the most to shout the loudest? I expect to see similar legislation introduced shortly so that SIs can be whipped out and shoved through to deal with every fast moving situation from Afghanistan to floods in Essex, banker bonuses in December and tone deaf twins winning X-Factor. Hey, democratic debate is for wimps. SOOOO last millennium.
The best thing one could say about this legislation is that it is so outrageous, it is hard to believe it could seriously have been included in the Queen's Speech if the current sadpack on the way out thought there was a real chance of getting it through before the election.
I could say a great deal more about this but I won't : Instead I'll quote in full the funniest thing on the Internet today by novelist Nick Harkaway.
"News I Made Up Which Would Arguably Be Less Bad Than The Actual News. (2)
The Digital Economy Bill will be released at 7.30am tomorrow and will, it seems, include not only the anticipated disconnection provisions, but also a clause to allow the Secretary of State to basically change copyright law at will in order to stop filesharing, without primary legislation and without proper public debate and democratic oversight.
Why is this?
It's reflecting the fact that technology is changing very fast," said Timms. "The existing [method] is quite cumbersome. We might need something else in the future."
So clearly every time things happen fast and the law might struggle to keep up with them, in future, well we should just junk ordinary democratic safeguards before anyone notices, and bow instead to the partisan interests who pay lobbyists the most to shout the loudest? I expect to see similar legislation introduced shortly so that SIs can be whipped out and shoved through to deal with every fast moving situation from Afghanistan to floods in Essex, banker bonuses in December and tone deaf twins winning X-Factor. Hey, democratic debate is for wimps. SOOOO last millennium.
The best thing one could say about this legislation is that it is so outrageous, it is hard to believe it could seriously have been included in the Queen's Speech if the current sadpack on the way out thought there was a real chance of getting it through before the election.
I could say a great deal more about this but I won't : Instead I'll quote in full the funniest thing on the Internet today by novelist Nick Harkaway.
"News I Made Up Which Would Arguably Be Less Bad Than The Actual News. (2)
The Business Secretary, Lord Mandelson, today announced the creation of a new post to deal with the nuanced and difficult issue of copyright in the digital era. The Batshit Tsar will have a mandate to seek out anyone, anywhere who does anything using a computer and set them on fire.
Candidates for the post include Lord Duckhouse of Cobbham, Baroness Fishwicket (formerly BPI President Martin Cleep) and Brian Dubblehand-Pryce, Witchfinder General to the Court of James I & VIth, although there is some doubt over the availability of Mr Dubblehand-Pryce, as he is believed to have been dead for four hundred years.
Civil liberties campaigners have expressed alarm at the plan to make an offense of ‘downloading copyright material’. It is unclear how anyone will be able to use the internet ever again without committing a crime. A Department of Health spokesman said this would have the positive effect of getting people out in the open air.
“The Internet is a middle class, elitist phenomenon which is ruining our atomised society with a sense of community and cooperation,” he said. “This will put a stop to that, and to the development of the nascent public sphere which has given us so much trouble recently.”
The much-debated ‘three strikes’ policy will require a massive monitoring operation, trawling through the logs of anyone who uses a high-bandwidth connection to get large amounts of data to see if they are doing anything wrong. This sort of ‘fishing expedition’ is generally considered inadmissible in court, but since there will be no court for this sort of crime, the government is confident the issue will not arise.
“If we don’t do this,” the spokesman said, “we’ll almost certainly have an outbreak of witches by Christmas. There will be rains of frogs and giant panthers in Surrey, and even my tinfoil hat will not protect me from the brainwaves of Satan which are transmitted down the tubes of the Internet by demonic monkeys. The public has to be protected.”
Lorrie Fingerhubble, of the British Association of Giant Nocturnal Lizards, welcomed the news.
“I think this is absolutely splendid,” Ms Fingerhubble said enthusiastically from her secret undersea base in Regent’s Park. “It’s ideal for the government to be able to make arbitrary, draconian changes to the law which won’t work, will cost money, and will criminalise everyone. It’s a traditional approach to law in the UK: we make a rule no one can hope to obey and then prosecute people when we want to but not otherwise, creating a sense of lurking guilt and suspicion at all times!”
Asked whether the law might conceivably be misused to stifle democratic debate or to spy on people, the government spokesman said:
“Antelopes.”
Thursday, November 19, 2009
here we go, here we go..
The Digital Economy Bill is nigh:
"Digital economy bill
Pangloss sees no full text of the Bill via Google - if it is out there, could somone point me at it?
Now we wait to see which happens first, the end if the world by Holywood apocalypse or the end of New Labour by election :-)
"Digital economy bill
Ensuring a world-class digital future following the Digital Britain White Paper , published on 16 June 2009, setting out the Government's ambition to secure the UK's position as one of the world's leading digital knowledge economies and take forward a new, more active industrial policy to maximise the benefits from the digital revolution by:
- delivering a universally available broadband in the UK by 2012 through a public fund, including funds released from the digital television switchover help scheme;
- giving the sectoral regulator, Ofcom, two new duties: first, to promote investment in infrastructure and content alongside its duties to promote competition; and second, to carry out a full assessment of the UK's communications infrastructure every two years; to ensure that the UK has a first class and resilient communications infrastructure;
- establishing the necessary enabling powers for new commissioning bodies providing strong multi media news in the Nations, regionally and locally and update the Channel 4 Corporation's remit. This would help create the environment for continued investment in, and creation of, high quality and innovative content, including necessary changes in relation to public service broadcasting;
- ensuring that all national broadcast radio stations are digital from the end of 2015, by making changes to the existing radio licensing regime to enable digital coverage to be extended, encourage investment by the commercial sector, alongside the BBC, in new digital content, and revise the existing regulatory and multiplex licences;
- creating a robust legal and regulatory framework to combat illegal file sharing and other forms of online copyright infringement and give Ofcom a specific new responsibility to significantly reduce this practice, including two specific obligations on Internet Service Providers: the notification of unlawful activity and, for alleged serial-infringers, collation of data to allow rights holders to obtain court orders to force the release of personal details, enabling legal action to be taken against them;
- implementing the recommendations of the Byron Review published in June 2008, to put age ratings of computer games on a statutory footing for ratings of 12 years and above. This will be achieved through the adoption of a new and strengthened system of classification for boxed video games with a strong UK based statutory layer of regulation, ensuring protection for children."
Pangloss sees no full text of the Bill via Google - if it is out there, could somone point me at it?
Now we wait to see which happens first, the end if the world by Holywood apocalypse or the end of New Labour by election :-)
Subscribe to:
Posts (Atom)