Wednesday, February 13, 2008

More March madness , sorry, talks

Wednesday 5 March brings a joint event with the European Law Forum and ILAWS, both centres at the Law School, University of Southampton.

Professors Gerrit Betlem and Lilian Edwards will speak on “Promusicae: Fundamental Rights of File Sharers and the Enforcement of Intellectual Property - EU and IT Perspectives.”

Staff Common Room of the Law Building on Highfield Campus, University of Southampton, 1-2pm. Contact me if you want details. This is an informal seminar but all welcome.

Materials: the ECJ’s judgement in Case C-275/06 of 29 January 2008 and the Opinion of A-G Kokott of 18 July 2007.

Fun, file sharers and the law

Pangloss is off speaking again :

2pm-5.30pm 19 March 2008
The Old Theatre, London School of Economics, Houghton Street, London WC2

Is home downloading killing music? Should Internet Service Providers monitor customers to try and spot copyright infringement, and disconnect downloaders? Do musicians need new laws to benefit from the opportunities of the Internet?

Join us at this FREE event to debate these questions and more with leading copyright thinkers from the music world, government, consumer groups and universities. Confirmed speakers include John Kennedy (CEO of IFPI), Becky Hogge (Open Rights Group), Lilian Edwards (Southampton University), Rufus Pollock (Cambridge University) and Michelle Childs (Knowledge Ecology International). Find out more and register here.

Pangloss is talking about the role of ISPs and other intermediaries in enforcing rules against filesharing and the impact this may have on citizens, users and consumers. THis is rather fun timing given both the Promusicae case discussed here recently and this much-blogged announcement yesterday - so I will save my commentary till March :)

Monday, February 11, 2008


Just to document the press's continuing fascination that people are indeed monitoring Facebook, Bebo etc, and that despite this, other people are still stupid enough to leave confidential information there, this piece from the Indy ...

"Just ask the 27 workers at the Automobile Club of Southern California fired for messages about colleagues on their MySpace sites; the Florida sheriff's deputy whose MySpace page revealed his heavy drinking and fascination with female breasts – and swiftly found himself handing in his badge; the Argos worker in Wokingham fired for saying on Facebook that working at the firm was "shit"; the Las Vegas teacher at a Catholic school fired after he declared himself gay on his MySpace page; the staff of an Ottawa grocery chain fired for their "negative comments" on Facebook; the 19 Northampton police officers investigated for Facebook comments; and Kevin Colvin, an intern at Anglo Irish Bank, who told his employers he had a family emergency, but whose Facebook page revealed he had, in reality, been cavorting in drag at a Hallowe'en party."

However the piece does have a new(ish) point, that worries about social network sites may shift from the obvious paedophiles, stalkers and ID thieves t more "civil" observers:

"That something as ubiquitous as social network sites (they have 13.7 million UK users) are exploited by paedophiles and other serious criminals is not surprising. Happily, the numbers affected are small. But the use of personal page content in civil disputes, divorces, employment and legal actions will affect far more of the millions now innocently sharing their thoughts and intimate moments with the online world. "

Pangloss is, as usual, almost finished an article on all this :) Send donations of spare time to allow her to complete it!!

Ps while we're at it, two interesting recent comments on the ongoing facebook/SCrabulous affair - Jonathan Zittrain here and the irrepressible Daithi Mac Sithigh here.

Wednesday, February 06, 2008

Stokes Law Stokes Trouble for the National ID database

I love this:

"I propose new law, to go alongside Moore's Law and Reed's Law and all of our other useful tools for doing back-of-the-envelope projections of where things will be going in the short- to medium-term. I propose Stoke's Law, which is that

as the amount of data that the government collects grows, so will the number of people who are victims of crimes that were made possible by unauthorised access to government databases.
[From Analysis: Metcalfe's Law + Real ID = more crime, less safety "

So obvious yet so profound!

Also in today's mail - FIPR report an ICM survey that 25% of the UK population now "strongly" opposed to the national ID database - up from 17% last September.

EBay to ban negative feedback by sellers..

.. but not from buyers.

This is an interesting one. A small UK study Ashley Theunissen and I did in 2005/6 seemed to reveal that both sellers and buyers found leaving feedback by far the most useful and widely-used instrument they had at their disposal for resolving and avoiding disputes on eBay. Other options such as eBay's own on line mediation and negotiation procedures or Payer Protection Schemes were by contrast barely used, and both credit card and PayPal guarantee systems were often inappropriate to the dispute in question, either because a credit card was not used or in the case of PayPal, because the many qualifications for the scheme were not met or the account had been emptied.

However much game theory work since has also shown that feedback is highly unreliable as an index of trustworthiness of sellers, at least partly because negative feedback was very rarely given by buyers who were than one time eBay users for fear of retaliation. Feedback can also be gamed by sellers by a multitude of small value transations to build a shiney feedback profile, after which a large value no-delivery fraud is undertaken. Hence the preponderance of both sellers and buyers with 99.99% satisfaction ratings on eBay. eBay has been trying to address the second problem with its "Feedback 2.0" , which allowed a more granular breakdown of how an eBay seller had acquired a certain feedback score over multiple transactions, but clearly this has not been felt to be enough to provide trustworthy guidance to buyers.

Given also the growth of eBay as a site for Power Sellers, quasi professional sellers and the like, trying to turn feedback back into a true index of the trustworthiness of a seller by restricting retaliation tactics seems like a smart move. Sellers however are of course not best pleased, according to the Beeb report. In our small survey, 60% of sellers had left negative feedback, as opposed to 40% of buyers, so this looks like a big change in practice for UK sellers. It will be ve-ry interesting to see how this pans out. is eBay trying to forestall buyers leaving for other auction sites where they feel they are more likely to get good service from buyers, or at least have a better chance of picking a trustworthy merchant?? Or is it truely as reports say trying to provide a better "customer environment"? Pangloss would love to know if anyone has more info.

In the meantime, what we continue to need is a "true" non-gameable index of cross-site reputation - something from the distributed identity stable, perhaps. So far we are at the very early attempts stage in this field - see eg QDOS from the garlik folk, where Pangloss mysteriously finds herself compared to authors, footballers and Eastenders bit actors from time to time. Still, at least it's a start..

Tuesday, February 05, 2008

Promusicae in the ECJ

Pangloss has just grabbed a few minutes to consider this rather important new decision from the ECJ. Basically, the European court was asked to consider if it was legal for Spanish law to require telecoms providers, ISPs etc to retain traffic data relating to users for security or crime related purposes, but not to allow the use of that law for retrieval of evidence for OTHER (civil law) purposes, most obviously their use by IP rightsholders to uncover the identities of P2P filesharers.

The key provision here is Article 5(1) of Directive 2002/58 (the Privacy and Electronic Communications Directive, amending the Data Protection Directive 1995), which requires states to pass laws to ensure the confidentiality of traffic data. There can be exceptions to this obligation under Art 15(1) , but only where necessary to safeguard national security , defence, public security, or for the prevention, investigation, detection and prosecution of criminal offences - and to prevent "unauthorised use" of the electronic communications system, as referred to in Article 13(1) of Directive 95/46.

There was some dubiety in the ECJ that this last exception covered traffic data collection to get evidence for *civil* litigation - but the court were willing to more or less go along with that one. What they weren't willing to say was that this implied laws MUST be passed requiring disclosure of personal data to safeguard the rights of litigants in civil proceedings - ie, the PECD did NOT require automatic disclosure of P2P traffic data to help out the music industry, though such laws would not violate EC law.(para 56).

Several other IP-related Directives cited generally required states to provide for procedures for disclosure of information relating to pirate goods, after "justified and proportionate" applications by aggrieved rightsholders; however these did not take precedence over the specific obligation in the DPD and PECD to protect personal data.

And most importantly, as Cedric Manara has already mentioned elsewhere, the Court finally held that, turning to fundamental rights in the EC Charter, if the fundamental rights to property, and to privacy (which appear therein, as well as in the ECHR) appear to come into conflict when EC Directived are implemented in national laws , well, then , IP does not take precedence over privacy (or vice versa): instead, national courts must "make sure that they do not rely on an interpretation of [national laws] which which would be in conflict with these rights." (para 68) Put it plainly: IP rights do not trump DP rights, says the ECJ.

In other words also - my interpretation purely, now - although the ECJ have not said that laws requiring automatic disclosure of personal data to rights holders to protect IP rights would be illegal under the PECD, a serious warning has been issued to national legislatures not to be pushed into passing such laws, without considering first if rights of protection of personal data are being taken properly into account.

In the UK, this is serious stuff. The government is currently basically trying to shove through (as per Gower recommendation no 39) a model borrowed from France under which ISPs will disconnect and bar repeat P2P infringers via BCP codes, without ever going near a court. But this is probably only the tip of the iceberg. It is no surprise that the industry would far rather have automatic disclosure via industry codes of practice than, as currently, have to go for Norwich Pharmacal disclosure. This will be a very useful opinion for lobby groups fighting such a legal or "soft law" progression.

I'll be saying more about this at a conference in March :)More details when I have them.