I’m at Berkman for the open meeting of the Internet Technical Safety Task Force, a group convened at the pressing of state attorneys general to address children’s safety on social networking sites. The day kicked off with statements from Mass and Conn. attorneys general, to be followed by presentations from technology companies offering “solutions” and suggestions.

Live tweeting and identi.ca-ing

As a big lawsuit grinds forward, its parties engage in discovery, a wide-ranging search for information “reasonably calculated to lead to the discovery of admissible evidence.” (FRCP Rule 26(b)) And so Viacom has calculated that scouring YouTube’s data dumps would help provide evidence Viacom’s copyright lawsuit.

According to a discovery order released Wednesday, Viacom asked for discovery of YouTube source code and of logs of YouTube video viewership; Google refused both. The dispute came before Judge Stanton, in the Southern District of New York, who ordered the video viewing records — but not the source code — disclosed.

The order shows the difficulty we have protecting personally sensitive information. The court could easily see the economic value of Google’s secret source code for search and video ID, and so it refused to compel disclosure of that “vital asset,” the “product of over a thousand person-years of work.”

But the user privacy concerns proved harder to evaluate. Viacom asked for “all data from the Logging database concerning each time a YouTube video has been viewd on the YouTube website or through embedding on a third-party website,” including users’ viewed videos, login IDs, and IP addresses. Google contended it should not be forced to release these records because of users’ privacy concerns, which the court rejected.

The court erred both in its assessment of the personally identifying nature of these records, and the scope of the harm. It makes no sense to discuss whether an IP address is or is not “personally identifying” without considering the context with which it is connected. It may not be a name, but is often one search step from it. Moreover, even “anonymized” records often provide sufficiently deep profiles that they can be traced back to individuals, as researchers armed with the AOL and Netflix data releases showed.

Viewers “gave” their IP address and username information to YouTube for the purpose of watching videos. They might have expected the information to be used within Google, but not anticipate that it would be shared with a corporation busily prosecuting copyright infringement. Viewers may not be able to quantify economic harm, but if communications are chilled by the disclosure of viewing habits, we’re all harmed socially. The court failed to consider these third party interests in ordering the disclosure.

Trade secret wins, privacy loses. Google has said it will not appeal the order.

Is there hope for the end users here, concerned about disclosure of their video viewing habits? First, we see the general privacy problem with “cloud” computing: by conducting our activities at third-party sites, we place a great deal of information about our activities in their hands. We may do so because Google is indispensable, or because it tells us its motto is “don’t be evil.” But discovery demands show that it’s not enough for Google to follow good precepts.

Google, like most companies, indicates that it will share data where “We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request.” Its reputation as a good actor is important, but the company is not going to face contempt charges over user privacy.

I worry that this discovery demand is just the first of a wave, as more litigants recognize the data gold mines that online service providers have been gathering: search terms, blog readership and posting habits, video viewing, and browsing might all “lead to the discovery of admissible evidence” — if the privacy barriers are as low as Judge Stanton indicates, won’t others follow Viacom’s lead? A gold mine for litigants becomes a tar pit for online services’ user.

Economic concerns, the cost of producing the data in response to a wave of subpoenas, or reputational concerns, the fear that users will be driven away from a service that leaves their sensitive data vulnerable, may exercise some constraint, but they’re unlikely to be enough to match our privacy expectations.

We need the law to supply protection against unwanted data flows, to declare that personally sensitive information — or the profiles from which identity may be extracted and correlated — deserves consideration at least on par with “economically valuable secrets.” We need better assurance that the data we provide in the course of communicative activities will be kept in context. There is room for that consideration in the “undue burden” discovery standard, but statutory clarification would help both users and their Internet service providers to negotiate privacy expectations better.

Is there a law? In this particular context, there might actually be law on the viewers’ side. The Video Privacy Protection Act, passed after reporters looked into Judge Bork’s video rental records, gives individuals a cause of action against “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider.” (”Video tape” includes similar audio visual materials.) Will any third parties intervene to ask that the discovery order be quashed?

Further, Bloomberg notes the concerns of Europeans, whose privacy regime is far more user-protective than that of the United States. Is this one case where “harmonization” can work in favor of individual rights?

I’ll be discussing copyright at Cornell University today, at 3:00 and 7:30 p.m., talking about the university’s role in promoting balanced cultural and technology policy. Join the webcast if you like. If you add questions or comments to the blog, I’ll even try to address them.

The Crimson has been reporting on the Harvard Coop’s silly claims of “intellectual property” against those who come to the bookstore to compare prices. It’s escalated all the way to calling the cops, who wisely refused to throw students out of the store.

A terrific clinical student at the Berkman Center helped us to write an op-ed on the limits of copyright, which the Crimson ran today:

We’re not sure what “intellectual property” right the Coop has in mind, but it’s none that we recognize. Nor is it one that promotes the progress of science and useful arts, as copyright is intended to do. While intellectual property may have become the fashionable threat of late, even in the wake of the Recording Industry Association of America’s mass litigation campaign the catch-phrase—and the law—has its limits.

Since the Coop’s managers don’t seem to have read the law books on their shelves, we’d like to offer them a little Copyright 101.

Copyright law protects original works of authorship—the texts and images in those books on the shelves—but not facts or ideas. So while copyright law might prohibit students from dropping by with scanners, it doesn’t stop them from noting what books are on the shelf and how much they cost.

CrimsonReading.org does students a real service by helping them to compare prices efficiently. Harvard should support them in their information-sharing efforts, rather than endorsing the Coop’s attempts to cut off access to uncopyrightable facts.

Author Denise McCune posts a great account of the workings and failings of the DMCA’s notice-and-takedown procedures.

As Cory Doctorow has also reported on BoingBoing, the VP of the Science Fiction and Fantasy Writers of America sent an error-filled takedown complaint to text-sharing site Scribd, causing removal of many non-infringing postings including reading lists suggesting great science fiction, and Cory’s own novels, which he’s CC-licensed for free redistribution.

The DMCA safe-harbor is most charitably described as an intricate dance for all parties involved: the copyright claimant, the ISP, and the poster. When the dancers are synchronized, its notice, takedown, and counternotice steps give each party a prescribed sequence by which to notify the others of claims and invite their responses. That’s why the DMCA requires the claimant to identify the copyrighted works, specify alleged infringements with “information reasonably sufficient to permit the service provider to locate the material,” and state good faith belief that the uses are unauthorized. When a copyright claimant misses one of those key elements, he starts stepping on toes.

The service provider isn’t obliged to respond to deficient notices, but if a notice contains all the right formal elements — even if it’s factually wrong about copyright ownership or copying — the service provider must choose between taking down the material or losing its DMCA safe-harbor and facing potential lawsuits. Posters who believe their material is non-infringing or fairly posted can counter-notify and even file their own lawsuits for misuse of copyright claims, under sec. 512(f).

I share McCune’s hope that the brouhaha will help the SFWA to help authors express all their copyright interests, including that of free sharing:

I hope the SFWA’s lawyers are sitting down with Andrew Burt and explaining how the DMCA actually works, so that actual, legitimate violations of copyright (on Scribd and on other sites) can get dealt with swiftly and promptly and the people who have asked SFWA to be their copyright representative can get infringing uses of their material removed. I’m also glad to see that the SFWA ePiracy Committee has suspended operations until they can investigate further — and, hopefully, come up with an effective process and procedure that benefits both fair and/or transformative use while also protecting the rights of copyright holders to have control over where and how their material is posted — whether that control is a more traditional “nobody gets to use this, period” or a Creative Commons-style authorization of transformative work.

The Senate Judiciary Committee has sent subpoenas to the White House to investigate the administration’s warrantless wiretaps.

WASHINGTON (Wednesday, June 27) — Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), in consultation with Ranking Member Arlen Specter (R-Pa.), issued subpoenas Wednesday for documents relating to the authorization and legal justification for the Administration’s warrantless wiretapping program.

Chairman Leahy issued subpoenas to the Department of Justice, the Office of the White House, the Office of the Vice President and the National Security Council for documents relating to the Committee’s inquiry into the warrantless electronic surveillance program. The subpoenas seek documents related to authorization and reauthorization of the program or programs; the legal analysis or opinions about the surveillance; orders, decisions, or opinions of the Foreign Intelligence Surveillance Court (FISC) concerning the surveillance; agreements between the Executive Branch and telecommunications or other companies regarding liability for assisting with or participating in the surveillance; and documents concerning the shutting down of an investigation of the Department of Justice’s Office of Professional Responsibility (OPR) relating to the surveillance.

More via the NYT. I hope they’ll do a vigorous investigation, including debate on the public record to blow down the “state secrets” screen that’s been thrown up against private lawsuits against the spying.