Thursday, June 18, 2009

GikII Amsterdam: last call!

Here's a brief and last reminder about GikII 2009, (as some of
you well know) the coolest IT law conference on the block, this year
transmigrated from UK to Amsterdam, by kind generosity of the IViR!

Submission of abstracts deadline is 1 July, tho this can probably slip a few days:-) We are expecting to be over subscribed (honest) so act fast! Acceptance of abstracts wil be announced by August 1. Submissions to .

As ever, the order of the day is blue skies papers, law/tech/pop
culture/interdisciplinary, numbers capped at 40, preference for space to those
giving papers, especially ones about the Singularity :) no conference fee for speakers or attendees, ppts that could past muster in the next Banksy show, passing mentions of law, and all the LOLcats you can eat:-)

Facebook, DP and Apps

According to this article in the FT, the Art 29 Working party on Data Protection has produced an unpublished opinion which, if I read it correctly, seems to suggest that they way FB shares data with, and encourages its users to share data with, unknown and unpoliced third party "apps", needs stricter DP regulation.

According to FT,

"regulators say tighter rules are needed to protect personal data given to these third-party developers. In particular, they believe developers should be subject to tough European Union privacy and data protection rules, even when the companies concerned are located far from Europe.

At the same time, they argue that many corporate marketers who have turned to new forms of social media as a way to reach consumers should also be subjected to stiffer regulations."

Which is pretty much what Ian Brown and I suggested only two years ago :) (Incidentally that piece is finally seeing the published light of say shortly in Andrea Matwyshwn's great edited collection, Harbouring Data (Stanford U Press).

I'm not finding this opinion on the usual Art 29 page: if anyone has it in advance, I would very much like to see it.

Along with various recent reports suggesting that privacy defaults on social networking sites need tighter attention, for everyone not just children, it does seem the privacy and security risks of SNSs are finally getting the serious attention they deserve. (Is it just a coincidence btw that this happens as the Iranian situation shows more clearly than ever the power wielded by social networks these days??)

Wednesday, June 17, 2009

Digital Britain : a regressive tax

Excellent comment from Charles Arthur at the Guardian

Against that backdrop, it is hardly surprising that the report is not wildly imaginative. It deals with structure and delivery of content, rather than the content itself. It worries about provision of local news, but (with the exception of a potentially interesting proposal on a role for new local news consortiums) decides that the main answer lies with regional TV news. To be sure, Mr Bradshaw is taking a risk in imposing a £6 annual poll tax on all fixed-line phone users to pay for extending the broadband pipe network - but it is the wrong kind of risk. Some will question the fairness of Aunt Agnes in Liverpool paying higher phone bills to enable her teenage nephew in the Scottish Highlands to download games. But there is a bigger problem with this proposal: the public is subsidising private companies to gain greater market access - with no public returns. When the government pumped money into the banks, it took a big chunk of equity for the taxpayer; here it is pumping money into the broadband network and taking nothing in return. There will be no equity stakes (which would at least have been fair), nor is it easy to regulate what goes down those broadband pipes. This amounts to an unconditional transfer of resources from the very poorest to the big technology firms

Tuesday, June 16, 2009

Five Strikes And Counting: the Future of Digital Britain/Europe/Canada?

Re Sarkozy's latest revamp of HADOPI, I don't think I can face saying anything except, oh good grief Charlie Brown. Still I suppose judicial oversight IS actually what we want (if it's real and not just rubber stamp)t, so it's kind of good news :) (well we want so much more, like sense, but will we ever get it?)

Oddly, only three days ago, no one less than the multitalented Daniel Gervais reassured me (at the HK conference again, natch) that the French Constitutional Court decision, declaring 3 Strikes an unconstitutional limitation on access to knowledge and speech, was the definite end of HADOPI, for good. Mais non!

This is all the sadder as Daniel himself was at the time outlining a proposal he has developed with the Songwriter's Association of Canada, for a terrific flat rate levy "all you can download" system to be tried out in that country. Long time readers will recall Pangloss has long been a fan of flatrate levies to legitimise filesharing and provide proper creator revenues, removing the need for litigation and sanctions which often threaten human rights: but the brilliance of this scheme is that it is voluntary, but with incentives likely to make it viably near-universal.

Users will be able to opt in to paying a flat rate payment per month (added on to their monthly ISP bill) and then download any amount of music from Canadian-distributing record companies, perfectly legally. If you choose not to opt in, however, this is perfectly Ok but you have to sign a declaration saying you do not fileshare. Any subsequent discovery to the contrary is like to to be judged unkindly by the courts :) and it is likely that (rather as with those who don't pay a TV license fee in the UK) you would go on a "watch carefully" list (though this part was vague in detail yet).

Money collected by ISPs as part of monthly billing is simply handed over to existing collecting societies who distribute it as usual. ISPS are incentivised to take past becauze they save money by providing the digital music access via P2P, a la BBC's iPlayer - thus vastly reducing their bandwidth issues, and removing any need to monitor, filter or "traffic manage".

Simple, sensible, good human rights, good for artists, good for users, and a good combination of carrot and sticks. ISPs too can choose to opt in or out - how different from the acts of our own dear government, still determined to dragoon UK ISPs into propping up a failing business model, alienating their own client base and potentially breaching fundamental rights.

In the UK the nearest we yet have to this scheme among the big ISPs (leaving aside small innovative players like PlayLouder here) has emerged from Virgin's announcement that (from the Beeb) :"

For a monthly fee, Virgin's broadband customers will be able to download or stream as many MP3 files as they want.As part of the deal, Virgin has pledged to aggressively police usage to stop the MP3 tracks turning up on file-sharing networks."

The problem is that Virgin's all you can eat deal only covers Universal artists. Virgin say it is in talks to add other music firms' back catalogues to the service. But are there any prospects of all the major labels coming in, as in the Canadian scheme, to make legal P2P as attractive as the illegal version? Pigs might fly, seems the general gist of the informed response.

Which brings me back to to the newly released final Digital Britain report. Pangloss will have to take this one home, but the Beeb reports as highlights:

"The main points outlined in the report include:

• a three-year plan to boost digital participation

• universal access to broadband by 2012

• fund to invest in next generation broadband

• digital radio upgrade by 2015

• liberalisation of 3G spectrum

• legal and regulatory attack on digital piracy

• support for public service content partnerships

• changed role for Channel 4

• consultation on how to fund local, national and regional news

One of the biggest surprises in the report was the promise to introduce a levy on fixed telephone lines in order to pay for broadband rollout.

It will amount to a 50p a month tax for every household in the country with a fixed phone line."

On filesharing specifically: (para 46)

"...thirdly we aim to provide for a graduated response by rights-holders and ISPs
so that they can use the civil law to the full to deter the hard core of users who
wilfully continue unlawful activity. The Government intends to provide
initially for Ofcom to have a duty to secure a significant reduction in
unlawful file sharing by imposing two specific obligations: notification of unlawful activity and, for repeat-infringers, a court-based process of
identity release and civil action.

The Government is also providing for intermediate technical measures by ISPs, such as bandwidth reduction or protocol blocking, if the two main obligations have been reasonably tried but, against expectations, shown not to have worked within a reasonable but also reasonably brisk period."

Reportedly, the aim will be for these tactics to reduce illegal file sharing by 70%. Quite a target given rough guesses that 90% plus of downloading is currentkly unauthorised.

Same old, same old. So we can, it seems, organise a levy to pay for rural broadband - which every person in the country will have to pay, whether they use it or not and are urban or rural - but are unwilling to contemplate a system like the Canadian voluntary levy, where those who don't want to fileshare simply get to opt out, and those who do, get to pay a sensible amount instead of being slowed down till they can no longer use the Net for useful stuff like jobs, education and social interaction. Sigh. Double sigh. No more: I've said it all before.

One faint piece of good news is that as the Guardian notes:

"The final report does not contain any suggestion of a statutory "rights agency" that would try to reduce copyright infringement online, as was suggested in the interim report released earlier this year – to widespread criticism. Instead, the final report says "we hope that an industry body ... will come into being to draft these codes [of practice for identifying offenders] for Ofcom to approve and we would encourage all rights holders and ISPs to play a role in this."

So we don't have to pay the levy to pay for the SRA anyway. Not yet anyway. Small comfort :-) Note the codes are still to be drafted by the industry and approved by Ofcom , with a thumbs up from ISPs and rightsholders. Where is the consumer voice in all this??? In the words of Chirpy Chirpy Cheep Cheep, apparently far, far away...

Brandjacking and FaceSquatting

Interesting times (as ever) in the social networking sites/personal branding crossover world. One of the most interesting papers from Digital Convergence HK was by Lisa P. Ramsey, University of San Diego School of Law on "brandjacking", on social networks - the increasing practice of grabbing famous personal or corporate names on social networks, even if they're not you (or not exclusively you).

Twitter has had quite a history of this, as the current locus of choice for celebrity blogging - but it is also, less obviously, becoming of enormous commercial significance - just a few days ago Dell proudly announced it had sold c $3m worth of computers through its Twitter shop (though as one commenter wisely says, are these new sales or just diverted from other salespoints??)

To respond to this, Twitter has just announced a verified account process - at first rolled out only for personal, not commercial, usernames and aimed at famous names (eg the likes of Neil Gaiman and Stephen Fry, who have been plagued by imitators/admirers). The new service at the moment merely invites those afflicted to submit their details but not does not give any details of what evidence will be used to ascertain who is who , nor how to distinguish between two worthy competitors for the same name - eg my brother is called Jonathan Edwards and is a consultant IT and office automation lawyer, but there is also Jonathan Edwards the former medal winning triple jumper! Who should get the Twitter space? Neither is exactly Janet Jackson... and arguably though the sport one may be more famous, my brother can make better commercial use of this particular space?? Interestingly anyone can apply to be verified - so Pangloss has, sub nom Lilian Edwards! Let's see if they reply :-)

And even practically as Lisa was speaking, the social network "domainspace" expanded enormously with Facebook's sudden overnight launch of personal usernames. The resulting land grab and predictable accompanying furore of lost and fraudulent claims has been rather wonderfully, named Facesquatting and all kinds of virtual dust is still settling. The Grauniad say "Facebook says 500,000 users grabbed their usernames within 15 minutes of the system going live, with no reports of major squabbles so far."

Lisa suggested that as with domain names, the law of trade marks should be relevant to protect brands, and needs re examining to see if it could meet this kind of challenge. She then canvassed the kinds of problems that may result, familiar to those who've followed the ICANN wars. What about businesses whose name is a generic, like Apple Computers ? Should they get preferential treatment on Twitter or FB when they wouldn't in TM law?

Pangloss checked and on FB, Apple-we-know-and-love has Apple Store and Apple Ipod, but the page "Apple" has actually been registered by, er, a lover of apples. Yes, the green vitamin-loaded things! PG is quietly pleased at this triumph of nature over commerce :)

So should the Cox- lover be deposed by FB, or if they don't play ball, even sued under TM law, or fined under the US Anti CyberSquatting law, or local equivalents? If so, why? And what about Fiona Apple the singer, who sells most her records over the Internet these days, and also has an FB "be a fan" page??

Social networks were originally set up to allow people to be, well, social, not to sell things - and to be fans of things like pop groups, books, movies, comics and er fruit : all extensions of their personality. Yet as the Grauniad wisely suggest, it is likely the SNSs will bend over backwards to make provision to allow remedies against "facesquatting" etc because the businesses and the celebrities are the place where they will, if ever, find a revenue stream more reliable than mere ads. As the Grauniad adds : "

"In truth, though, I think the odd timing shows us something else: that the real target of Facebook usernames aren't users at all, but the companies, brands and high-profile celebrities who can be convinced to pay for services somewhere down the line.

And they've already had their usernames granted to them, regardless of the timing of the launch. Anyone else is just going along for the ride."

Multiple registrations on multiple networks (FaceBook, Twitter, Bebo, whatever) will also be a problem. The brand-owners are already aghast at the prospect of the extension of the URL domain name space to cover internationalised domain names (Kanji, Korean alphabet, etc) because they see this not as an opportunity to brand more effectively to their customer bases , but as creating hundreds of new domain names they'll have to buy up and police to avoid cybersquatting. What should be a blessing has become a curse. Interestingly, PG has been directed to a lovely tool to check whether your name is available on multiple SNSs - reportedly it has been much used in the Facebook username goldrush!!

Pangloss is deeply unsure if some new version of TMs and domain name law should be adapted or invented for the social namespace. For one, there is simply not, or at least not always, the same problem as there is with domain names used as URLs: that there can be only one. There is already more than one Lilian Edwards on Facebook (and I am lucky to have an unusual first name) but there can only be one (and it is not me) or even

Is it really helping any to give me yet more opportunities to fight it out with the other Liians ) at least one of whom has her own business, selling elephant drawings!!) ? Isn't the real solution here better granular search facilities on FB and other sites, not giving out and policing unique vanity URLs? There is already substantial evidence the public now overwhelmingly finds sites via Google not via typing in random URLs anyway.

But - as Lisa pointed out - is the issue not actually more of public confusion, than of brand maintenance? If I find a site called Dell on Twitter, will I assume it is the real Dell selling me reputable computers, not some rip-off merchant? Perhaps, but here as noted Twitter is already bringing in its own solutions (and asking businesses to pay for a verified site at some future point doesn't seem too wrong to me either, if it leads to $3m extra sales.).

In the Twitter celebrityspace there is also a rather cute emergent norm, that when a name has been snaffled, the celebrity renames as " -himself" - so eg Neil Gaiman is @neilhimself.

As well as these "norm" solutions, if the problem is public confusion, can't that be better met by enforcing existing public laws on false advertising, fraudulent commercial practices, etc, than by inviting vast swathes of private trade mark litigation, which might in turn need the reinvention of the ICANN UDRP procedure, international treaty negotiation, etc etc, all over again? This seems to me like a place where we should not in knee jerk fashion turn to an IP solution. We don't need more property for companies to fight over here, and given the costs of policing the brand, they possibly don't want it either; all we need are workable solutions for consumers.

Lisa pointed out correctly that most false advertising rules only apply to commercial actors - but this doesn't have to be so. In fact in the UK, it is an offense in advertising law to deceptively hold yourself out as a private person when you are in fact a business ( for more on this and the problem of the emergent hybrid consumer or "prosumer" see Christine Riefa's chapter on e-contracts in the upcoming - guess what - 3rd edn of Edwards and Waelde eds Law and the Internet.)

Let's stop and think a bit before we jump again to create yet more new IP rights, ok?

Pangloss is now at a hotel with a pool and a beach :-)) so she's going to try to take a break from all this intellectual fever!! Bye for now :)

The Revolution Will In Fact Be Twittered

Interesting report from Boing-Boing on the coverage by Iranian bloggers of their situation via Twitter.

I've been noticing retweets from Iran on my own Twitterlist. They do seem to be reaching an unusually diverse selection of people.

"Wagner James Au says,
Iranians around the world are making extraordinary use of Twitter and Twitter APIs to send updates and coordinate the uprising that now disputes Ahmadinejad's election. (Some background from Andrew Sullivan here) Last night Tweets from Iran seemed to go silent for several hours, apparently after Iranian government intervention, but protesters just used and other workarounds to keep the information stream going. (As one developer supporter put it, "Open APIs equal freedom.") The mainstream media has been tragically slow to cover what seems to be a major social upheaval fueled by Twitter. "

Saturday, June 13, 2009

SoGikII and DP reform

Before HK, Pangloss was in lovely Sydney enjoying the hospitality of the Cyberspace Law and Policy Centre at University of New South Wales at SoGikii, aka the conference on the beach at Coogee :-))

SoGikII was bijoux but very interesting. Graham Greenleaf and Ian Brown swapped multi Continental ideas, helped by the audience, on how to reform personal data protection laws, calling on current moves to reform of the EU DPD, the evolving APEC privacy principles, Graham's work on comparative Asian privacy law and the far famed (everyone in Oz spoke about it in hushed tones) 2000 pages AU$2 m ALRC report on privacy.

The general emerging ideas seem to be:
  • one size does NOT fit all : more prior privacy impact assessment and privacy engineered in ("privacy by design") needed for large data bases and other such projects, especially in public sector;
  • in the EU the effect of Lindqvist needs rolled back for small data processors such as the millions of user generated content providers. A stronger domestic purposes exemption might meet these needs, linked to stronger obligations on platforms to take down on complaint (though Pangloss wonders about the free speech impact of this?) and industry codes on privacy protective default settings on social networks.
  • for all data processors, more emphasis on data minimisation - collecting less data ab initio, by code means and by reliance on principles such as the Australian rule that systems must be designed to allow an anonymity option if practical (eg London't Oyster system is designed for identifying users; Singapore's Octopus is not). This is all the more important as security of large multiple access dbs is increasingly unreliable.
  • more concern for the merging human rights protection for privacy not just under DPD rules - eg the recent UK ECHR defeat in the DNA database case.
  • DP export laws must be maintained despite business opposition
On remedies and enforcement some ideas were
  • better remedies for users including class action rights for consumer organisations
  • replace boilerplate registration of purposes with online subject access rights and tracking of use of data (PG sez: could semantic web data help here??)
  • penalties for abusive use of "DP" by companies to restrict access to info by consumers
  • security breach notification was controversial with some complaining in US it had done little or nothing to stop malware breaches.
Very much stuff to think about there. Other great papers involved Will Uther, Senior Lecturer (School of Computer Science and Engineering, UNSW) on Patent Law in the Federation: Replicators and Piracy which relied on 23rd century Star Trek Federation law to assess how future technology might disturb patent law :)); and Andrea Matwyshwn (Wharton, Penn) on Bourdieu, privacy and social capital. (Book of the week, btw, has definitely been Lanham's Economics of Attention.)

Pangloss herself argued gloomily (in both HK and Oz) that rights to control and bequeath digital assets after death (such as eBay reputations and Facebook profiles as well as the much discussed virtual world/MMORPG assets) would become increasingly important as digital natives age and die, and life logging expands. the key problems are the intermediation of the assets, leading to a loss of control by both creator and heirs, and the lack of any locus to consider societal interests in access to and preservation of digital cultural/literary heritage. This builds on my previous work suggesting that regulation of virtual assets generally is incoherent and ad hoc, as well as my FB /SNSs and property in VWs work. I'll get the new ppt up shortly!

Digital Convergence Conference HK

Pangloss is having a bonza time at Peter Yu's East:West extravaganza (average session : 6 speakers, 15 mins each!) in HK. This is the most tightly and geekily organised conference I have ever seen. When you have two mins to go, the computer (not the chair!) warns you loudly, in Stephen Hawkings voice. When your time is up, if you don't wander off meekly, it makes a series of noises: STOP!, explosions, angry baby crying(VERY LOUD!!) and so forth - varied to prevent desensitisation. I suggest this programme be open source coded and exported to all future cons :-)

Hong Kong is currently obsessed with two things: swine flu and Green Dam Escort. No, not an aspect of Internet pornography:) HK being terrified of repeat SARS, all of us got temperature taken before allowed in to conference hall. All schools have been closed, and about 90% of locals are wearing masks. Very surreal seeing tech support, photographers and caterers all wearing masks while running around helpfully: feeling of constant risk of being dragged off to be subjected to the alien probe.

Best paper so far: Rebecca Mackinnon of Human Rights Watch, HKU, etc, on angry responses to the Green Dam Escort software embedding censorcode project . In essence from next month all PCs to be sold into mainland China are to have filtering software known as Green Dam installed on them to provide prior exlcusion of unwanted content (wherever the country of origin was). Naturally in the usual way of such censorware, newspapers have already proven that the software allows in nude body art girls but excludes Garfield; also in a lovely confluence of obsesssions, the South China Post observes nude pink pig images are also excluded..

Chinese is a punning language so Green Dam also translates (I think?) as river crab. As China Digital Times then puts it, "The first law of Chinese cyberpolitics is “Where there are River Crabs, there are Grass-Mud Horses (那里有河蟹,那里就有草泥马).” According to this “Law of the ,” online censorship always meets resistance. "

Cue numerous UGC protest YouTube vids of river crabs singing local kiddy songs about green mud horses dubbed with very rude words. Please someone look who speaks Cantonese! They played one, and all local Chinese speakers blushed and giggled! Pangloss wants a translation badly :)) Try starting here.

Anselm Kamperman Sanders later added the interesting gloss to this that Green Dam can actually be seen as a a kind of media control by standards - and thus might be open to international pressure in future by WIPO who are looking at extending control over standards as part of IP harmonisation (or WTO?) Interesting in the context of the current Chinese drive to create its own national standards eg their own version of Office formats and HDTV standards. In some ways Green Dam is the tip of an iceberg of prospective trade war.

Another fascinating paper was Anne Bartow on what I've labeled "fair trade porn": why not deny IP protection to commercial pornography (which has such in US law at least) unless it meets health and safety standards, like ensuring the sex workers involved consent, are over age, etc? Pangloss thinks there's an interesting analogy here with fair trade coffee or organic veg, where some people are prepared to pay higher prices to know more about the provenance and social goals of the product. Now porn is so widely and openly used, would there be a market for this? is porn not something you WANT to be "dirty"? And is there any spare money for fair trade porn, like organic veg, in a recession!

Thursday, June 11, 2009

French Courts Strike Down 3 Strikes..

.. which leaves you wondering what next? 4 Strikes? 3 Strikes and a Baby?

Pangloss is in HK with limited Internet so for now merely a quote from excellent Guardian piece on the story:

" Internet users around the world should be cheering the news that French judges have struck down the country's proposed 'three strikes' law for alleged filesharers - and not just because they declared that access to online communications is a human right.

Ever since the French law was first proposed in November 2007, six months after Nicolas Sarkozy took presidential power in France, governments around the world have been building a house of cards surrounding the concept.

Everybody's considered the same law: Britain, New Zealand, Ireland and even America are among the countries that have proposed their own version of three strikes - the idea that anyone thought to have illegally shared files online will get two warnings, before having their broadband connection cut off on the third accusation.

But here's the problem: each proposal has a disturbing tendency to point back to the others in an attempt to shore up its case. I've had conversations with various officials, and read documents from most of the major initiatives, that reference the French law as a precedent, or point out that the British are considering a similar rule."

Legally, if the French courts have truely held that Internet access is a human right, this may be enormously significant, both to EU law as well as to domestic French law and to other areas than sanctions against filesharing. I looks forward to (hopefully?) seeing an English translation of the opinion soon.

EDIT: more comment from Technollama here.

Tuesday, June 02, 2009

The IT Law Angle on MP's Expenses

.. since everyone else is having fun, why not us? Pangloss late to the keyboard as in Adelaide (AUSTRALIA!!) but this is still worth blogging and a story of far more lasting import than duck islands and moat cleaning. Via ARCH, the organisation that works for child privacy:

"MPs' expenses: Information commissioner performed U-turn over publication
The information tsar was planning to order the publication of the full details of MPs' expenses three years ago, but watered down his final judgement after pressure from the House of Commons, The Sunday Telegraph can reveal.

Leaked emails show that Richard Thomas, the Information Commissioner, had prepared a draft decision in 2006 which would have ruled that the Commons was not acting properly under the Freedom of Information (FOI) Act and should release expenses details, including receipts.
However, after a series of communications between his office and Commons authorities he backed down.
The Sunday Telegraph has learned that Jack Straw, who was then the Commons Leader, held a meeting with Mr Thomas and his deputy, Graham Smith, between the commissioner's preliminary and final rulings.
A spokesman for Mr Straw, however, denied last night that the talks – at which senior MPs from other parties were also present – played a "fundamental" role in the commissioner's U-turn."

Ruichard Thomas has of course already left the ICO (and not for any reason connected to the current scandals). But it would be nice to think that this storyemerging in the current climate of public fury - and only published a few days before Jacqui Smith, initiator of how many anti privacy moves? left office, albeit for her embarrassing expenses tricks not her parts in creating a surveillance state - will give his successor the courage to follow his own convictions in future. The job of Information Commissioner is after all to protect privacy of the people and openness in government, not the government of the day.