Users of free and open source licenses, or Creative Commons licenses for non-software works, offer their works to the world on a non-exclusive basis on a set of conditions. In the Artistic License, those conditions are:

provided that [the user] insert a prominent notice in each changed file stating how and when [the user] changed that file, and provided that [the user] do at least ONE of the following:

a) place [the user's] modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include [the user's] modifications in the Standard Version of the Package.

b) use the modified Package only within [the user's] corporation or organization.

c) rename any non-standard executables so the names do not conflict with the standard executables, which must also be provided, and provide a separate manual page for each nonstandard executable that clearly documents how it differs from the Standard Version, or

d) make other distribution arrangements with the Copyright Holder.

If you accept the conditions of the public license and follow them, as by making source code available and giving clear notification of changes from the original, your reuse of the original copyrighted work is licensed, no further action required. If you can’t work with the conditions of the public license, you’re always free to contact the copyright holder to negotiate alternate terms. What Jacobsen v. Katzer confirms, however, is that you’re not free to disregard the license conditions and yet claim your redistribution of the copyrighted work is non-infringing.

License v. Contract: Katzer, the taker who didn’t follow license terms, had argued that JMRI could sue only for breach of contract. The court explicitly disagreed. This is significant for licensors because copyright infringement is both simpler to prove: show unlicensed copying and substantial similarity to the original, rather than acceptance of a contract and damages from breach of its terms; and offers benefits such as statutory damages (no proof of loss required) and presumptions of “irreparable harm” that let the licensor get a preliminary injunction against continued infringing distribution.

Economics: The decision recognizes the economic advantages to choosing non-monetary forms of “compensation” for use of a publicly licensed work: “Copyright licenses are designed to support the right to exclude… The choice to exact consideration in the form of compliance with the open source requirements of disclosure and explanation of changes, rather than as a dollar-denominated fee, is entitled to no less legal recognition.” “The attribution and modification transparency requirements directly serve to drive traffic to the open source incubation page and to inform downstream users of the project, which is a significant economic goal of the copyright holder that the law will enforce.” The law does not mandate these terms by default, but if a copyright holder chooses to apply them to make his works more readily available on non-dollar terms, the law will enforce them.

Anti-FUD: Finally, the decision should help clear some of the “fear, uncertainty, and doubt” that opponents of free software try to sow around free and open source licenses. They may rarely have been tested in court because parties prefer to negotiate better solutions between themselves, but when tested, the licenses do hold up, to enforce the terms their users intend.

See also NYT, Lessig, WSJ.

We see once again that the DMCA’s unbalanced takedown scheme encourages overzealous claiming of copyright, as an easy route to removal of unflattering content. With those already inclined toward enforcement zealotry, that pushes them far overboard.

Update 8/15: It appears that YouTube reinstated the video after the IOC indicated it did not really intend to pursue a copyright claim. Still sad that this level of assurance isn’t required before claims are filed in the first place.

While Hasbro was scrapping with Mattel over rights to develop an official online Scrabble (the two split geographic ownership of the Scrabble trademark), the Agarwalla brothers were building one. Their Facebook app, launched a year ago, won a loyal following among Scrabble fans who appreciated a chance to play the word game online, with friends in their social networks. Scrabulous listened to user suggestions, enhancing the online version to the point where it could boast 1.3 million monthly users and a 4.2 star rating, (as compared to 235k users giving Hasbro’s recently launched “beta” 1.2 stars).

Hasbro, however, responded to Scrabulous with a lawsuit, filed in the Southern District of New York, claiming copyright and trademark infringement, trademark dilution, and unfair competition. In response, the Agarwalla brothers closed the Scrabulous app to users whose IP addresses were located in the U.S. and Canada. (Since the Scrabulous website remains accessible from North American IPs, it’s possible the Facebook app was restricted under pressure from and on Facebook.) The EA Scrabble beta has been criticized as more visual flash than substance, without many of the playability features users had appreciated in Scrabulous.

Whether or not it has the legal right, I think Hasbro’s lawyers gave the company bad business advice. As I’ve said before, I believe Hasbro has no copyright claim, but might have (easily avoidable) trademark claims based on the “Scrabulous” name. If trademark’s value is goodwill, Hasbro’s federal complaint lost far more in goodwill than it preserved in control.

Hasbro may think it can ride this one out, that even 1.3 million Facebookers are only a small fraction of those it might interest in an “official” version later. Numerically, of course, that may be correct, but the raw numbers would miss the identities of those users.

I just came out of a three-day workshop on user innovation, where much research was presented on the value of “lead users” in innovation (see Democratizing Innovation for more). Lead users, such as Tim O’Reilly’s “alpha geeks,” push products and services to their limits, tweaking and often improving when their needs aren’t met by the stock components. Smart companies learn to listen to these users — while some of their demands will be unique corner cases, others are early indicators of where the masses will be soon — and where profits are to be made by a company that can supply needs and lead demand.

The Net makes lead-user innovation easier than ever, lowering the costs of communications channels to users sharing their enthusiasm and jointly developing ideas. They often freely reveal ideas and improvements that the savvy company can use in its own product development.

Some companies, O’Reilly’s among them, recognize the value of lead-user innovation and foster these user communities with conferences, forums, or support. When they take ideas and develop them further, to a mass audience now caught up to the curve, they do it so everyone feels fairly treated: the lead users get access to better products the company can produce at larger scale — and a platform for further innovation. Maybe the company even gets a chance to steer the “hackers” toward developments it prefers.

Others, however, see any hacking as “unauthorized,” to be shut down with cease-and-desist threats. They send nasty letters that may shut down the activity but also alienate the users who might show them where to go next. This is what Hasbro has done with its lawsuit against the Agarwalla brothers behind Scrabulous.

The Scrabulous users included Scrabble’s lead-user enthusiasts. Many fans posted to the application’s forum or “wall” (10,953 posts), giving the app developers (and anyone listening) both praise and suggestions for further enhancement. These lead users both told and showed where they wanted the game to go next. The Agarwalla brothers themselves were lead user innovators par excellence, spotting a need and filling it.

Hasbro’s lawsuit response to this outpouring of enthusiasm around Scrabble play quashed much of that lead-user drive. The posts on the EA “Scrabble beta” forum mix criticism of the company with complaints of bugs. Hasbro has neither the quality application nor the community around “official” Scrabble as the Agarwalla brothers had for Scrabulous.

There should have been enough value in Scrabulous to share — Hasbro does have US and Canada trademark rights to Scrabble, which imparted some value to the “Scrabulous” app, and Hasbro’s authorization could have allowed Scrabulous to build even further on the recognized brand. The Agarwallas have shown both programming talent and the ability to engage other enthusiasts. Together, they could create more value than either alone, and likely more than enough extra value to make it worth both their whiles to cooperate. As is, some of that value will migrate over to Wordscraper (Scrabulous’s revised form, which is fun but suffers from lack of interoperability with Scrabble), and some will head to authorized Scrabble, but some will dissipate entirely.

Commenters strongly support the deployment and ubiquitous availability of broadband services across the country. We are concerned, however, that the Commisson’s proposed rule requiring content-filtering on broadband offered over the AWS-3 band destroys the “Internet” character of the service. The Internet is distinguished by its flexibility as a platform on which new services can be built with no pre-arrangement. While requiring filtering of known protocols in itself raises serious First Amendment conflicts, forcing the blocking of unknown or unrecognized traffic hampers both speech and innovation. We therefore urge the Commission to drop the filtering conditions from its Final Rule.

Thanks to all who helped with the Comments!

First, the court finds eBay’s advertisement, through “Tiffany”-keyed adwords on Google and Yahoo! searches, to be “nominative fair use.” Some eBay sellers are offering genuine Tiffany merchandise, as trademark law recognizes is legitimate, and eBay has the right to use the brand name to identify them, rather than “absurd circumlocutions … [such as] ’silver jewelry from a prestigious New York company where Audrey Hepburn once liked to breakfast.’” Even if search keywords are “use in commerce,” therefore, the court finds them non-infringing.

Second, the court holds eBay not liable for the infringements of its users, under either direct or secondary liability theories. Instead, its contributory liability test looks much like the notice-and-takedown regime that the DMCA sets up for copyright: only specific knowledge of infringement can trigger liability, a “showing that a defendant knew or had reason to know of specific instances of actual infringement”; not the “generalized” knowledge of counterfeiting Tiffany would like to attribute to eBay. The court does not impose any prior monitoring obligation, implying only that a defendant must take appropriate steps after being notified of claimed infringement. (The court helpfully notes several times that Tiffany’s “Notices of Claimed Infringement” are just claims, not proof, and that some listings have even been reinstated after incorrect claims.)

“[T]he fact remains that rights holders bear the principal responsibility to police their trademarks.” Trademark holders are best situated to assess the provenance of their branded goods and to weigh the costs and benefits of enforcement. The marketplace benefits from a rule that leaves lawsuits to the endpoints, keeping intermediaries relatively safe and clear.

Finally, the ruling suggests that trademark law continues to function effectively in the Internet era. While trademark holders might like greater control, and (some) sellers might like greater leeway, trademarks serve as indications of origin even without enlisting intermediaries in the fight. Yet further reason why ACTA’s proposed “update” to anti-counterfeiting trade law should not put liability on Internet intermediaries.

Thanks for the link, Ray.

According to a discovery order released Wednesday, Viacom asked for discovery of YouTube source code and of logs of YouTube video viewership; Google refused both. The dispute came before Judge Stanton, in the Southern District of New York, who ordered the video viewing records — but not the source code — disclosed.

The order shows the difficulty we have protecting personally sensitive information. The court could easily see the economic value of Google’s secret source code for search and video ID, and so it refused to compel disclosure of that “vital asset,” the “product of over a thousand person-years of work.”

But the user privacy concerns proved harder to evaluate. Viacom asked for “all data from the Logging database concerning each time a YouTube video has been viewd on the YouTube website or through embedding on a third-party website,” including users’ viewed videos, login IDs, and IP addresses. Google contended it should not be forced to release these records because of users’ privacy concerns, which the court rejected.

The court erred both in its assessment of the personally identifying nature of these records, and the scope of the harm. It makes no sense to discuss whether an IP address is or is not “personally identifying” without considering the context with which it is connected. It may not be a name, but is often one search step from it. Moreover, even “anonymized” records often provide sufficiently deep profiles that they can be traced back to individuals, as researchers armed with the AOL and Netflix data releases showed.

Viewers “gave” their IP address and username information to YouTube for the purpose of watching videos. They might have expected the information to be used within Google, but not anticipate that it would be shared with a corporation busily prosecuting copyright infringement. Viewers may not be able to quantify economic harm, but if communications are chilled by the disclosure of viewing habits, we’re all harmed socially. The court failed to consider these third party interests in ordering the disclosure.

Trade secret wins, privacy loses. Google has said it will not appeal the order.

Is there hope for the end users here, concerned about disclosure of their video viewing habits? First, we see the general privacy problem with “cloud” computing: by conducting our activities at third-party sites, we place a great deal of information about our activities in their hands. We may do so because Google is indispensable, or because it tells us its motto is “don’t be evil.” But discovery demands show that it’s not enough for Google to follow good precepts.

Google, like most companies, indicates that it will share data where “We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request.” Its reputation as a good actor is important, but the company is not going to face contempt charges over user privacy.

I worry that this discovery demand is just the first of a wave, as more litigants recognize the data gold mines that online service providers have been gathering: search terms, blog readership and posting habits, video viewing, and browsing might all “lead to the discovery of admissible evidence” — if the privacy barriers are as low as Judge Stanton indicates, won’t others follow Viacom’s lead? A gold mine for litigants becomes a tar pit for online services’ user.

Economic concerns, the cost of producing the data in response to a wave of subpoenas, or reputational concerns, the fear that users will be driven away from a service that leaves their sensitive data vulnerable, may exercise some constraint, but they’re unlikely to be enough to match our privacy expectations.

We need the law to supply protection against unwanted data flows, to declare that personally sensitive information — or the profiles from which identity may be extracted and correlated — deserves consideration at least on par with “economically valuable secrets.” We need better assurance that the data we provide in the course of communicative activities will be kept in context. There is room for that consideration in the “undue burden” discovery standard, but statutory clarification would help both users and their Internet service providers to negotiate privacy expectations better.

Is there a law? In this particular context, there might actually be law on the viewers’ side. The Video Privacy Protection Act, passed after reporters looked into Judge Bork’s video rental records, gives individuals a cause of action against “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider.” (”Video tape” includes similar audio visual materials.) Will any third parties intervene to ask that the discovery order be quashed?

Further, Bloomberg notes the concerns of Europeans, whose privacy regime is far more user-protective than that of the United States. Is this one case where “harmonization” can work in favor of individual rights?

In the meantime, though, the hype-machine was in full swing, with ICANN calling the move the “Biggest Expansion to Internet in Forty Years” in a newsletter mailing, since corrected. The BBC picked it up as “internet overhaul“; while CNN sent a crawler scrolling. New gTLDs may have value to Internet users, who will get a larger field in which to find memorable stable identifiers, but they’re hardly an “expansion” on the level of broadband rollout or protocol interoperability. Luckily, ICANN doesn’t have much to do with those actual innovations, so it can’t get in their way.

Before we get new generic TLDs, one of the initial purposes behind ICANN’s creation ten years ago, we still have to wait for ICANN’s staff to iron out the application process, including processes for resolving contention between multiple applications for the same string, and objections based on “legal rights of others,” the illusory “generally accepted legal norms relating to morality and public order that are recognized under international principles of law,” or “substantial opposition to it from a significant portion of the community to which the string may be explicitly or implicitly targeted.” (The At-Large Advisory Committee, from which I am non-voting liaison to the ICANN Board, had these comments. I speak only for myself in this blog.)

Then too, we have yet to see the application fees that will be levied upon applicants who wish to run this gauntlet. Even ICANN’s FAQ suggests we won’t be seeing the roll-out until mid 2009. So those of you holding your breath for .blog or .sex might want to relax and check back in a few months.

J. Online Infringing Activities

Parties shall:
1. Provide exclusive rights under copyright to unambiguously cover Internet use.
2. Establish appropriate rules regarding liability of service/content providers:
(a) Establishing primary liability where a party is involved in direct infringement; and ensure the application of principles of secondary liability, including contributory liability and vicarious civil liability, as well as criminal liability and abetting if appropriate.
(b) Establishing liability for actions which, taken as a whole, encourage infringement by third parties, in particular with respect to products, components and/or services whose predominant application is the facilitation of infringement.
3. Provide remedies and injunctive relief against any entity that:
(a) Creates or otherwise maintains directories of infringing materials;
(b) Provides “deeplinks” to infringing files;
(c) Commits any act, practice or service that has little or no purpose or effect other than to facilitate infringement, or that intentionally induces others to infringe (specifically allowing proof of “intent” by reference to objective standards–i.e. a reasonable person would surmise such an intent);
4. Require internet service providers and other intermediaries to employ readily available measures to inhibit infringement in instances where both legitimate and illegitimate uses were facilitated by their services, including filtering out infringing materials, provided that such measures are not unduly burdensome and do not materially affect the cost or efficiency of delivering legitimate services;
5. Require Internet service providers or other intermediaries to restrict or terminate access to their systems with respect to repeat infringers.
6. Establish liability against internet service providers who, upon receiving notices of infringement from content provides via e­mail, or by telephone in cases of pre-release materials or in other exigent circumstances, fail to remove the infringing content, or access to such content, in an expeditious manner, and in no case more than 24 hours; or
Provide that, in the absence of proof to the contrary, an internet service provider shall be considered as knowing that the content it stores is infringing or illegal, and thus subject to liability for copyright infringement, after receiving notification from the right holder or its representative, normally in writing, including by email or by telephone in the case of pre-release materials or in other exigent circumstances.
7. Establish, adequately fund and provide training for a computer crimes investigatory unit.
8. Provide injunctive relief against intermediaries whose services are used for infringing activities regardless of whether damages are available.
9. Establish policies against the use of government networks and computers, as well as those networks and computers of companies that have government contracts, to prevent the use of such computers and networks for the transmission of infringing materials, including a ban on the installation of p2p applications except, and to the extent to which, some particular government use requires such installation.
10. Consideration to be given to the following: possible rules on data retention, the right to information giving right holders access to data held by ISPs in the preparation and course of proceedings including in civil proceedings, and availability of complete and accurate WHOIS data

RIAA’s proposal is a compendium of everything they dislike about rulings that have gone against them: the lack of a “making available” right (Atlantic v. Howell); the requirement of knowledge before non-volitional actors such as ISPs can be held liable (RTC v. Netcom); the provisions of safe-harbor that let ISPs avoid liability (17 USC 512); the limitation of vicarious liability to situations where the proprietor has a right and ability to control; the possibility that non-infringing use could save a technology with infringing uses (Betamax); the status of hyperlinks (Perfect 10 v. Amazon).

Add in codification of stronger versions of rulings they like such as Grokster, and you’ve got a prescription for utterly insane copyright law! As the LA Times’ Jon Healy puts it, the RIAA’s ACTA would turn ISPs into enforcers, when they should be simple conduits.

Let’s hope enough ISPs, tech companies, public interest groups, libraries, educators, and friends can keep this RIAA wishlist from becoming our nightmare. We should start a corresponding wish-list, extravagant but alternate-universe plausible, would include on the other side. I’d start with: