July 25, 2008

Filterband is not Broadband

Filed under: FCC, Internet, law, markets, networks, open — wseltzer @ 5:47 am

A group of us filed formal comments with the FCC arguing that “free, filtered broadband,” as the FCC proposed to mandate in the AWS-3 spectrum auction, is not “Internet.” Comments here, in WT Docket 07-195.

Commenters strongly support the deployment and ubiquitous availability of broadband services across the country. We are concerned, however, that the Commisson’s proposed rule requiring content-filtering on broadband offered over the AWS-3 band destroys the “Internet” character of the service. The Internet is distinguished by its flexibility as a platform on which new services can be built with no pre-arrangement. While requiring filtering of known protocols in itself raises serious First Amendment conflicts, forcing the blocking of unknown or unrecognized traffic hampers both speech and innovation. We therefore urge the Commission to drop the filtering conditions from its Final Rule.

Thanks to all who helped with the Comments!

July 14, 2008

eBay Shines in Tiffany Trademark Fight

Filed under: Internet, law, markets, trademark — wseltzer @ 12:45 pm

In Tiffany v. eBay, decided today, the Southern District of New York gives helpful bounds to secondary liability for trademark infringement, saying eBay is not liable for its use of the term “Tiffany” nor for its sellers’ sales of counterfeit goods. Judge Sullivan’s careful analysis leaves the path clear for online marketplaces to flourish, putting enforcement burdens, where they belong, on trademark claimants.

First, the court finds eBay’s advertisement, through “Tiffany”-keyed adwords on Google and Yahoo! searches, to be “nominative fair use.” Some eBay sellers are offering genuine Tiffany merchandise, as trademark law recognizes is legitimate, and eBay has the right to use the brand name to identify them, rather than “absurd circumlocutions … [such as] ’silver jewelry from a prestigious New York company where Audrey Hepburn once liked to breakfast.’” Even if search keywords are “use in commerce,” therefore, the court finds them non-infringing.

Second, the court holds eBay not liable for the infringements of its users, under either direct or secondary liability theories. Instead, its contributory liability test looks much like the notice-and-takedown regime that the DMCA sets up for copyright: only specific knowledge of infringement can trigger liability, a “showing that a defendant knew or had reason to know of specific instances of actual infringement”; not the “generalized” knowledge of counterfeiting Tiffany would like to attribute to eBay. The court does not impose any prior monitoring obligation, implying only that a defendant must take appropriate steps after being notified of claimed infringement. (The court helpfully notes several times that Tiffany’s “Notices of Claimed Infringement” are just claims, not proof, and that some listings have even been reinstated after incorrect claims.)

“[T]he fact remains that rights holders bear the principal responsibility to police their trademarks.” Trademark holders are best situated to assess the provenance of their branded goods and to weigh the costs and benefits of enforcement. The marketplace benefits from a rule that leaves lawsuits to the endpoints, keeping intermediaries relatively safe and clear.

Finally, the ruling suggests that trademark law continues to function effectively in the Internet era. While trademark holders might like greater control, and (some) sellers might like greater leeway, trademarks serve as indications of origin even without enlisting intermediaries in the fight. Yet further reason why ACTA’s proposed “update” to anti-counterfeiting trade law should not put liability on Internet intermediaries.

Thanks for the link, Ray.

July 4, 2008

Privacy Falls into YouTube’s Data Tar Pit

Filed under: Internet, privacy, trade secret — wseltzer @ 3:53 pm

As a big lawsuit grinds forward, its parties engage in discovery, a wide-ranging search for information “reasonably calculated to lead to the discovery of admissible evidence.” (FRCP Rule 26(b)) And so Viacom has calculated that scouring YouTube’s data dumps would help provide evidence Viacom’s copyright lawsuit.

According to a discovery order released Wednesday, Viacom asked for discovery of YouTube source code and of logs of YouTube video viewership; Google refused both. The dispute came before Judge Stanton, in the Southern District of New York, who ordered the video viewing records — but not the source code — disclosed.

The order shows the difficulty we have protecting personally sensitive information. The court could easily see the economic value of Google’s secret source code for search and video ID, and so it refused to compel disclosure of that “vital asset,” the “product of over a thousand person-years of work.”

But the user privacy concerns proved harder to evaluate. Viacom asked for “all data from the Logging database concerning each time a YouTube video has been viewd on the YouTube website or through embedding on a third-party website,” including users’ viewed videos, login IDs, and IP addresses. Google contended it should not be forced to release these records because of users’ privacy concerns, which the court rejected.

The court erred both in its assessment of the personally identifying nature of these records, and the scope of the harm. It makes no sense to discuss whether an IP address is or is not “personally identifying” without considering the context with which it is connected. It may not be a name, but is often one search step from it. Moreover, even “anonymized” records often provide sufficiently deep profiles that they can be traced back to individuals, as researchers armed with the AOL and Netflix data releases showed.

Viewers “gave” their IP address and username information to YouTube for the purpose of watching videos. They might have expected the information to be used within Google, but not anticipate that it would be shared with a corporation busily prosecuting copyright infringement. Viewers may not be able to quantify economic harm, but if communications are chilled by the disclosure of viewing habits, we’re all harmed socially. The court failed to consider these third party interests in ordering the disclosure.

Trade secret wins, privacy loses. Google has said it will not appeal the order.

Is there hope for the end users here, concerned about disclosure of their video viewing habits? First, we see the general privacy problem with “cloud” computing: by conducting our activities at third-party sites, we place a great deal of information about our activities in their hands. We may do so because Google is indispensable, or because it tells us its motto is “don’t be evil.” But discovery demands show that it’s not enough for Google to follow good precepts.

Google, like most companies, indicates that it will share data where “We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request.” Its reputation as a good actor is important, but the company is not going to face contempt charges over user privacy.

I worry that this discovery demand is just the first of a wave, as more litigants recognize the data gold mines that online service providers have been gathering: search terms, blog readership and posting habits, video viewing, and browsing might all “lead to the discovery of admissible evidence” — if the privacy barriers are as low as Judge Stanton indicates, won’t others follow Viacom’s lead? A gold mine for litigants becomes a tar pit for online services’ user.

Economic concerns, the cost of producing the data in response to a wave of subpoenas, or reputational concerns, the fear that users will be driven away from a service that leaves their sensitive data vulnerable, may exercise some constraint, but they’re unlikely to be enough to match our privacy expectations.

We need the law to supply protection against unwanted data flows, to declare that personally sensitive information — or the profiles from which identity may be extracted and correlated — deserves consideration at least on par with “economically valuable secrets.” We need better assurance that the data we provide in the course of communicative activities will be kept in context. There is room for that consideration in the “undue burden” discovery standard, but statutory clarification would help both users and their Internet service providers to negotiate privacy expectations better.

Is there a law? In this particular context, there might actually be law on the viewers’ side. The Video Privacy Protection Act, passed after reporters looked into Judge Bork’s video rental records, gives individuals a cause of action against “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider.” (”Video tape” includes similar audio visual materials.) Will any third parties intervene to ask that the discovery order be quashed?

Further, Bloomberg notes the concerns of Europeans, whose privacy regime is far more user-protective than that of the United States. Is this one case where “harmonization” can work in favor of individual rights?

July 2, 2008

ICANN’s New gTLD Process: Hype and Reality

Filed under: ICANN, Internet, code, markets — wseltzer @ 3:29 pm

Domainopoly At its 32d International Junket Meeting last week, ICANN’s Board approved the GNSO Council’s recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings.

In the meantime, though, the hype-machine was in full swing, with ICANN calling the move the “Biggest Expansion to Internet in Forty Years” in a newsletter mailing, since corrected. The BBC picked it up as “internet overhaul“; while CNN sent a crawler scrolling. New gTLDs may have value to Internet users, who will get a larger field in which to find memorable stable identifiers, but they’re hardly an “expansion” on the level of broadband rollout or protocol interoperability. Luckily, ICANN doesn’t have much to do with those actual innovations, so it can’t get in their way.

Before we get new generic TLDs, one of the initial purposes behind ICANN’s creation ten years ago, we still have to wait for ICANN’s staff to iron out the application process, including processes for resolving contention between multiple applications for the same string, and objections based on “legal rights of others,” the illusory “generally accepted legal norms relating to morality and public order that are recognized under international principles of law,” or “substantial opposition to it from a significant portion of the community to which the string may be explicitly or implicitly targeted.” (The At-Large Advisory Committee, from which I am non-voting liaison to the ICANN Board, had these comments. I speak only for myself in this blog.)

Then too, we have yet to see the application fees that will be levied upon applicants who wish to run this gauntlet. Even ICANN’s FAQ suggests we won’t be seeing the roll-out until mid 2009. So those of you holding your breath for .blog or .sex might want to relax and check back in a few months.

July 1, 2008

The RIAA has an ACTA Wish-List

Filed under: DMCA, Internet, copyright, law — wseltzer @ 9:32 pm

Remember ACTA, the draft proposed “harmonization” of copyright found on Wikileaks? In keeping with the view that harmonization is a one-way ratchet up, RIAA has some suggestions for the US Trade Representative.

J. Online Infringing Activities

Parties shall:
1. Provide exclusive rights under copyright to unambiguously cover Internet use.
2. Establish appropriate rules regarding liability of service/content providers:
(a) Establishing primary liability where a party is involved in direct infringement; and ensure the application of principles of secondary liability, including contributory liability and vicarious civil liability, as well as criminal liability and abetting if appropriate.
(b) Establishing liability for actions which, taken as a whole, encourage infringement by third parties, in particular with respect to products, components and/or services whose predominant application is the facilitation of infringement.
3. Provide remedies and injunctive relief against any entity that:
(a) Creates or otherwise maintains directories of infringing materials;
(b) Provides “deeplinks” to infringing files;
(c) Commits any act, practice or service that has little or no purpose or effect other than to facilitate infringement, or that intentionally induces others to infringe (specifically allowing proof of “intent” by reference to objective standards–i.e. a reasonable person would surmise such an intent);
4. Require internet service providers and other intermediaries to employ readily available measures to inhibit infringement in instances where both legitimate and illegitimate uses were facilitated by their services, including filtering out infringing materials, provided that such measures are not unduly burdensome and do not materially affect the cost or efficiency of delivering legitimate services;
5. Require Internet service providers or other intermediaries to restrict or terminate access to their systems with respect to repeat infringers.
6. Establish liability against internet service providers who, upon receiving notices of infringement from content provides via eĀ­mail, or by telephone in cases of pre-release materials or in other exigent circumstances, fail to remove the infringing content, or access to such content, in an expeditious manner, and in no case more than 24 hours; or
Provide that, in the absence of proof to the contrary, an internet service provider shall be considered as knowing that the content it stores is infringing or illegal, and thus subject to liability for copyright infringement, after receiving notification from the right holder or its representative, normally in writing, including by email or by telephone in the case of pre-release materials or in other exigent circumstances.
7. Establish, adequately fund and provide training for a computer crimes investigatory unit.
8. Provide injunctive relief against intermediaries whose services are used for infringing activities regardless of whether damages are available.
9. Establish policies against the use of government networks and computers, as well as those networks and computers of companies that have government contracts, to prevent the use of such computers and networks for the transmission of infringing materials, including a ban on the installation of p2p applications except, and to the extent to which, some particular government use requires such installation.
10. Consideration to be given to the following: possible rules on data retention, the right to information giving right holders access to data held by ISPs in the preparation and course of proceedings including in civil proceedings, and availability of complete and accurate WHOIS data

RIAA’s proposal is a compendium of everything they dislike about rulings that have gone against them: the lack of a “making available” right (Atlantic v. Howell); the requirement of knowledge before non-volitional actors such as ISPs can be held liable (RTC v. Netcom); the provisions of safe-harbor that let ISPs avoid liability (17 USC 512); the limitation of vicarious liability to situations where the proprietor has a right and ability to control; the possibility that non-infringing use could save a technology with infringing uses (Betamax); the status of hyperlinks (Perfect 10 v. Amazon).

Add in codification of stronger versions of rulings they like such as Grokster, and you’ve got a prescription for utterly insane copyright law! As the LA Times’ Jon Healy puts it, the RIAA’s ACTA would turn ISPs into enforcers, when they should be simple conduits.

Let’s hope enough ISPs, tech companies, public interest groups, libraries, educators, and friends can keep this RIAA wishlist from becoming our nightmare. We should start a corresponding wish-list, extravagant but alternate-universe plausible, would include on the other side. I’d start with:

  • Require knowledge of the infringing character of the use as an element of copyright infringement. (Current copyright law is strict liability, meaning you can be held liable for infringement even if you did not know you were copying material without authorization.)
  • Limit copyright infringement to commercial exploitation, as recommended by Cato’s Tim Lee. Non-commercial use would be a complete defense.
  • Add your own!
  • Powered by WordPress