Lex Ferenda

The front page of the National edition (though not the other widely circulated edition, the City Final) of the Evening Herald has the headline : “PRIVACY CHIEF CAUGHT OUT BY HACKER” and the subheading “SECURITY BREACH : Data Protection Commissioner left red-faced by blogger“. Fiona Dillon wrote the article, which continues on page 4.

It’s possibly one of the silliest things I’ve seen from the Irish press in relation to technology for a while, and that’s saying something. Below, you can see the relevant parts of the article. Now, what actually happened is set out here : the blogger in question simply linked to a document that was available on the website (though without a link from the relevant pages, i.e. news updates or reports or whatever). No hacking took place (at all). I understand that they have to sell newspapers but to allege hacking where it is clearly untrue is shoddy and sensationalist at best and perhaps even dangerous and unethical. Of course, I approve of teasing the Commissioner when something like this happens - but doing it in a way that blares about HACKING is totally uncalled for.

The comment attributed to the Commissioner is also clearly inaccurate - it is not (as he is reported to have said) about a report “on our web which was due to be put on our website this morning” - the report was on the website and this idea of “our web”, suggesting access to internal pages, is manifestly and demonstrably wrong. But at least that’s on an inside page.

Oh, and yes, they spelled embarrassing and Commissioner’s wrong. On the front page. Well done, Herald.

Also discussed on RTÉ, here.

Extract from front page:

THE office of the country’s privacy chief was at the centre of an embarrasing security breach today after a blogger hacked into its website.

Details of the Data Protection Commioners annual report were accessed and released by a blogger a day before the report was due for release.

The report for 2007 was only officially published at 11am today. But the details were already on the internet yesterday after a blogger found the report on the Commissioner’s website.

Data Commissioner Billy Hawkes acknowledged his office had fallen was victim to “a security breach” but played down the significance of it.

Extract from page 4:

The Data Protection Commissioner Billy Hawkes said today: “A very resourceful blogger has managed to access the copy of our Annual report on our web which was due to be put on our website this morning.

“It obviously was pre loaded, and thanks to his technological knowledge he was able to access the version that we pre loaded but didn’t intend to be in the public domain until 11am.

“So I think it’s a wonderful illustration for a Data Protection Commissioner whose about to launch an annual report warning about security that actually even our own office can be, as it were, be a victim of a security breach.”

Jonathan Zittrain’s book, The Future of the Internet - And How To Stop It, is published this May in the UK. I received a review copy and read it over the course of a weekend, and then got distracted and didn’t write up the scrawl that was the review. (Pictured is my copy, complete with all the fun of the colour tabs; also in shot is my own little tethered, ungenerative device, and my supergenerative pencil).

Zittrain has been writing about technology and law for some time, and has spent his academic career at the Berkman Center for Internet and Society at Harvard Law School (while also picking up a professorship at Oxford, among other things). He is also associated with the OpenNet Initiative (and is one of the editors of the wonderful book that resulted from its work, Access Denied). To many, though, he is associated with the idea of ‘generativity’, discussed at length in his article, The Generative Internet, published in the 2006 Harvard Law Review. This book builds both on this article and on his other work, and takes account of developments after the law review article, including the commentary it provoked.

I read the book in two ways. One was for purely selfish purposes - searching for arguments, citations, examples, views that would contribute to my thesis. On that score, I was particularly happy with the depth of footnoting . It avoids the irrelevance that characterises so much US law review writing (page-long footnotes produced by putting a search term into Lexis and including the result), but the notes still occupy 70 or so pages of useful text, including a lot of unusual and overlooked news reports, blog posts, etc that are unique to this book.

The second way of reading was with a view to this blog post, and in particular trying to answer the questions : how would someone use this book? What does it add to the cyberlaw literature?

I actually think that The Future Of The Internet is a book that would (or should) appeal to policy-makers. Zittrain’s approach is balanced both in terms of ideology and indeed the relationship between law and technology (the discussion on net neutrality is a particular - and greatly welcome - example of this). While its core argument about the benefits and threats of generative systems and devices is perhaps a little more difficult than the idea that “code is law”, the real-world applications are discussed clearly, including some fascinating analysis of historical artefacts from typewriters to duct tape to CompuServe (are we allowed call CompuServe an artefact yet?), which reappear in the present-day environment in surprising ways.

Some of the chapters function well as standalone pieces, too. For example, the discussion of Wikipedia in chapter 6 (a restrained but mildly enthusiastic verdict) can be used by teachers as part of a discussion on Wikipedia or peer production or similar, but also relates well to the rest of the book. It will be important to keep things up to date, though; for example, some of the relatively hypothetical discussions on social networks and Web 2.0 platforms have indeed been verified in part by recent events (which the author has commented on on his blog, fair dues to him); will The Future of The Internet 1.1 be on the way? That, I suppose, is the danger of a book drawing on a mix of prediction and current facts - things move on very quickly.

Now, I did enjoy this book, and have seen bits of it in earlier presentations and classes (the author taught on the Summer Doctoral Programme I participated in last year; a summary of a class covering much of the material in the book is here), so it’s hard to offer direct criticism (especially when others have offered such useful comments, for example here). One thing I would say is that I would have appreciated a bit more by way of an exploration of the links between Zittrain’s analysis of the Internet and broader debates on the ‘post-capitalist’ society, development issues, etc. Perhaps that’s more appropriate for another book that builds upon part of Zittrain’s analysis (in the same way that he added to things written by Lessig and Benkler, in particular), and I’m showing the bias of my own interests, but certainly, that’s the question I was left with : if he is right about the drive towards tethering as a response to the ills of the modern Internet, what does this *mean* for debates on corporate power and the ups and downs of globalisation. Indeed, even after reading this, I find it hard to put the author into a neat political or ideological ‘box’ - make of that what you will.

Overall, two thumbs up for this, and a recommendation for anyone serious about cyberlaw, Internet policy, media regulation or the computer industry to read it, reflect on it, and parse the footnotes I will post a number of what I hope are useful summaries of the book during the month of May…but you can read it for yourself here. That’s right, actual online text complete with an amazing feedback loop. What’s not to like?

(Follow-up to Fontastic).

Canada’s public broadcaster, the CBC, has two programmes that deal with technology and culture and law and politics in a particularly useful way. The first is Search Engine (welcomed with joy here; website here) and the second one is Spark (website here). I’ve been meaning to blog about Spark for some time, as recent themes (such as online health information, Scrabulous and online TV each could have inspired a blog entry. Oh well. Anyway, the final straw in the guilt-trip for not blogging about this lovely show is the episode all about writing and fonts. Including a great game exploring the common ground shared by the names of fonts, coffees and babies!

Listen to it here and then subscribe to the podcast.

Ofcom (the UK communications regulator) is carrying out a review of public service broadcasting. In connection with the review, they have taken the wrapping off a blog, the Ofcom PSB Review Blog, which is an interesting way to add some spice to the familiar ‘public consultation’ ballet. Just a few posts so far, although they even used SlideShare to embed a presentation, which is a nice touch. I’m involved in a review process at Trinity College (the Statutes Review Working Party), and although the webpages are on the local page (meaning I can’t link to them), we’ve been trying to do something similar with that consultation, putting relatively informal updates on a blog. We haven’t been bombarded with comments, one might say, but it’s a useful way to engage with a different part of the audience. The (still unpublished) Broadcasting Bill in Ireland was the subject of an e-consultation which had similar objectives.

Another particularly helpful element that Ofcom and others are including in their consultations is a feed for the blog, of course (it comes by default in virtually all blogging software). Indeed, if you are a consultation-junkie, you should look at the beta service from TellThemWhatYouThink - they have a feed of all UK government and agency consultations which is pretty cool.

Now tell me search engines and databases are bland neutral tools and the Internet means censorship is impossible?

U.S. Funded Health Search Engine Blocks ‘Abortion’ (Wired)

Popline makes abortion a dirty word (The Galloping Beaver)

American Library Association Office for Intellectual Freedom

When I see this sort story, some people tell me that it’s proof that the system works and that censorship is impossible and the fuss proves it. I disagree. When we find out that a doctor has done something wrong, we don’t say ‘oh, great, at least we know’ - we ask serious questions about judgement and systems and training and funding and more. Well, at least we try to in the bizarre Irish health system. In this case, just as in the Verizon fuss-that-wasn’t-a-fuss (coincidentally abortion-related too!), the quick withdrawal/policy change/climbdown doesn’t reassure me - it scares me and makes me wonder how often this happens, especially given the accidental discovery of the fake-search-function on Popline.

Sometimes there are cases where both sides make good arguments. Sometimes, though, it’s hard to have much time for either side. And Faulkner Press v Class Notes is one of them. On one hand, you have the rather ambitious claim that notes taken by students in lectures are derivative works of the (protected-by-(c)) lecture given by the lecturer. On the other hand, you have the defendants, a fairly unappealing business that buys lecture notes off students and sells them to those who stayed in bed. Hardly the value of higher education shining through on either side. More from Wired’s Threat Level blog here. Both of tonight’s topics link to that wonderful blog, although I came to them through totally different routes. I’ve been a subscriber for a while and it’s great…

One of the interesting conceptual questions, though, is fixation; if the lecturer writes the lecture (thus creating a fixation which is generally necessary for copyright law) and delivers it it’s one thing, if they just talk in the normal way it’s another, if it’s taperecorded that’s another, and the level of detail in the notetaking can create a further permutation. Another is originality - which, in one of those historical links that make me smile, is the connection between this suit and the classic (and wrong) English case on originality, University of London Press v University Tutorial Press (copyright in exam papers). As it happens, I mentioned this case in a book review last year and, for some reason (lost in the Google universe), the review is a high result when you search for the case name. That scares me, as I only mentioned it in passing. If you want to read a proper article about originality, read the piece by my former copyright law lecturer, Prof. Carys Craig, in the University of Ottawa Law & Tech Journal here (PDF).

Update 1 : this is a case filed in the US federal district court; just at the writ stage, nothing more.
Update 2 : very perceptive comments from Mathias Klang here

I’m sure I’m not the only one who has been waiting for the result of the en banc rehearing of the Roommates.com case in the (US) 9th Circuit Court of Appeals (discussed on this blog here and here). Finally, the decision is here, and the PDF is available for download.

Recall that the case is between a fair housing organisation (seeking enforcement of equality legislation on discrimination in the rental sector) and a roommate-finding website (attempting to rely on the immunity-for-hosts provisions of US law). The first hearing in the 9th circuit led to a complicated split decision (PDF), where each judge (of three) made different findings - but the lead opinion (by now-Chief Judge Kozinski) is quite well known. The bit that got everyone hot under the collar was the idea that the website couldn’t rely on immunity for certain functions. So in particular, they could not be held liable for user comments posted in open fields (i.e. fill in your own stuff here) but they could be held liable (in theory; the actual substantive arguments are deferred until immunity is dealt with) for the way they collect, filter and display information based on answers to questions.

The law in question is ‘section 230 of the Communications Decency Act‘, which must hang on the wall of every website operator. For readers unfamiliar with it, go read the Wiki page which is a decent summary of what’s going on. In essence, it provides immunity against being treated as the publisher or speaker for legal purposes to operators of websites, service providers, etc. What’s unusual from many perspectives is that it is, in general, unconditional - i.e. it can’t be lost if you have ‘notice’ of a problem. So whereas in the case of copyright violations, there is an obligation to remove content notified as such, there is no such obligation for defamatory content, which is covered by section 230. Of course, the person who writes the defamatory content is still liable - but from the point of view of the Internet industries, that’s fine!

The court (with a slight tweaking that’s not all that relevant) upholds the original decision, 8-3. Kozinski again writes the opinion, joined by an odd mix of ‘liberal’ and ‘conservative’ judges including Reinhart, the Carter-appointed liberal figurehead if there is such a thing, who would have (in the original decision) found even more of the activities lacking in immunity than Kozinski did. What’s particular interesting is that he (Kozinski for the majority) goes into an unusual level of detail on the context of the statute (including the cases that predated it), looking at legislative history and context. He also advances some broad arguments on online and offline law, rebutted by a similarly lengthy dissent that is particularly exercised by this point. Kozinski makes some of the same jokes as he did first time out, including the lovely one about significant others and significant Others (see page 12 of the PDF). There is no doubt about the result, though : ‘Roommate is not being sued for removing some harmful messages while failing to remove others; instead, it is being sued for the predictable consequences of creating a website designed to solicit and enforce housing preferences that are alleged to be illegal’ and, later, ‘When Congress passed section 230 it didn’t intend to prevent the enforcement of all laws online; rather, it sought to encourage interactive computer services that provide users neutral tools to post content online to police that content without fear that through their “good samaritan . . . screening of offensive material,”, they would become liable for every single message posted by third parties on their website.’

The court reaffirms, though, that minor editorial work does not change user submissions into the host’s own content, and indeed the law has been a little unclear on this point to say the least. They also note that the language in their own Carafano v Metrosplash.com case (libel) was too broad. What’s also interesting is that in the view of the majority, there is no conflict between today’s decision and other circuits (see footnote 33 in particular, about the Craiglist case at the 7th Circuit). The popular view at the time of the first Roommate decision was that the 9th Circuit was out of step with the rest. I do wonder if, if that view prevails, there will be an attempt to bring the matter to the Supreme Court. Certainly, as media-related cases go, it would be more fun than FCC v Fox…

Other highlights include
- a cheeky use of the ‘we must not forget’ trope (the history of which is discussed in typical style by Eoin) : “We must keep firmly in mind that this is an immunity statute we are expounding, a provision enacted to protect websites against the evil of liability for failure to remove offensive content” (in the context of the unsuccessful complaint about the ‘additional comments’ functions);
- some obiter but properly-argued comments about search engines having nothing to worry about (and the dissent saying the opposite);
- a reminder that this is not a First Amendment case as it wasn’t pleaded. That’s particularly interesting - a lot of general discussion about the advantages of servers in the US (a topic to which I’ll return soon, I promise) is in fact more relevant to section 230 (a law that Congress did make) than to Congress shall make no law.

Anyway, I’d be interested in hearing your thoughts, so the floor is yours. I’ll update with comments from other blogs as they come in…although I’m very surprised at how little there has been so far lots to look at now. Cyberlaw, judicial jokes and a potential bunfight - what’s not to like?

Volokh | Online Liability Blog | Internet Cases | Susan Crawford | Eric Goldman | Wired | Info/Law | E-Commerce Law | Concurring Opinions (Daniel Solove writing) | Citizen Media Law Center (Sam Bayard writing) | David Weinberger | Convictions

Stupidly, a lot of the comments on those posts (though not the posts themselves) are of the nature of OMG you can’t pick your r00m8s?!?!! If they took ten seconds to read, they might find that that issue hasn’t been resolved yet, and this case at this stage is about liability in theory. Oh well.

Taoiseach (prime minister) Bertie Ahern announced his intention to resign today. I wonder, though, if it wasn’t the unusual payments and the Mahon Tribunal’s investigation, but the future set out by this bizarre trademark case reported by IPKat this week, that really prompted it?

Some of you may have come across Google’s malware warning (Warning: this site may damage your computer). It’s explained here and here.

I was interested to see that they have identified the site of Irish State agency Bord Iascaigh Mhara (Sea Fisheries Board) as such (www.bim.ie): see the image below. I’ve let BIM know about this and hopefully it’s nothing serious. Interesting to see Google’s approach in action, though.

I mentioned this before in a rambling post here. It’s great to link to Ethan Zuckerman so I’ll do it again as I did in that post: read this (still) great post. The related questions of defamation and search engine immunity are both fascinating.

Looking at the code of www.bim.ie, nothing jumps out at me as (sorry) fishy - though perhaps the techies out there might want to look too and see if they spot anything unusual? Wisdom of the crowds and all that

I attended a session on ‘theory’ as I was one of the speakers! I don’t perceive my work as particularly theoretical but it was a very interesting session and I”m glad that I ended up there. My paper, Expression 2.0: from known unknowns to unknown knowns, will be posted on the BILETA website and I’ll link it then; here are my slides (PDF). I spoke about the control of expression by social networking and web 2.0 hosts and also by internet service providers, particularly through terms of use. In the second part of the paper, I looked at different approaches to freedom of expression, freedom of communication, and the relationship between human rights and private parties.

Next up was Hayley Hooper, who talked about new technologies and the enduring role of constitutional rights. Recent trends promote ‘liberal legalism’ and a particular, marketised approach of supranational constitutional development.

1. Model of legal constitutionalism; not a purely structural theory : outlined by Alan Tomkins - separate to politics, in the courtroom, control of government, etc. While they sound reasonable, argued that they are normatively undesirable. There is a need to look at supranational entities as they have more constitutional power and control over citizens. We haven’t moved beyond inherent bias in constitutions, despite what some may say. The bias that Hayley suggests in the EU context is market-based, e.g. the four (economic) freedoms. The judiciary are suitable for this model; dealing with socio-economic rights is difficult.

2. UK and the development of judicial review. Until Malone v Metropolitan Police (telephone tapping), couldn’t make human rights claim at that time (no legal or equitable claim), everything is permitted unless it is forbidden. But the judiciary became much more activist in ‘discovering’ constitutional rights in the common law … but the record isn’t consistent, the EHCR incorporation hasn’t reinforced this trend. Pro-Life Alliance as an example, due deference applied. So despite the upsurge, the judiciary have a particular mindset, they won’t go into the more controversial areas.

3. Juristocracy. Recent developments in the UK show a trend towards this. Judicial, economic and political elites have converging/confluent interests, which is on the back of neo-liberal technological progress. What are the consequences? US situation is interesting, especially in the political debate re: Roe v Wade. The Government’s ideas reinforce the juristocracy trend; the 1997 election generated it and it’s been ongoing since then.

The discussion touched on Dworkin, Gearty, alternative approaches to judging and decision-making, the role of ‘governance’. And I enjoyed it a lot.

Finally, Martina Gillen (Oxford Brookes) spoke about developing a ‘Sociology of Law 2.0′. Our identity has always been ‘defined’ in a way by technology - even from the definition of homo sapiens. In Durkheim’s original classification, he focused on divisions of labour etc; but buried in it is a differentiation on the use of technology; the elephant in the living room. It’s shaping what’s happening but theoretically it’s poor. Our tendancy to want ‘legal certainty’ has given us a mechanical/scientific mindset. We’re (we as lawyers) viewing technology as something we should be ‘attracted’ to and we want the analogy to apply to law.

We focus on ‘nodes’ but what are we missing? There’s also the proliferation of economic control and interests. “Just because it’s new, does that make it significant”. And Martina also mentioned the ‘cult of the shiny’ which is something I could rant about but won’t…

What would the new features be? public sphere; multiple jurisdictions; inter-sections.

We then saw a very useful diagram about security models (I haven’t got the technological ability to reproduce it but I’ll link to it when published), arguing to focus on what the user is actually doing! It seems trite but it’s a key feature that has been ignored. We need to move beyond categories and consider normative change. Finally, Martina outlined a research method proposal, based on proxies, to study *what* people are doing on the Internet and *why*. The conclusion, then, is that we need to use the technology to get data.