Lex Ferenda

Now tell me search engines and databases are bland neutral tools and the Internet means censorship is impossible?

U.S. Funded Health Search Engine Blocks ‘Abortion’ (Wired)

Popline makes abortion a dirty word (The Galloping Beaver)

American Library Association Office for Intellectual Freedom

When I see this sort story, some people tell me that it’s proof that the system works and that censorship is impossible and the fuss proves it. I disagree. When we find out that a doctor has done something wrong, we don’t say ‘oh, great, at least we know’ - we ask serious questions about judgement and systems and training and funding and more. Well, at least we try to in the bizarre Irish health system. In this case, just as in the Verizon fuss-that-wasn’t-a-fuss (coincidentally abortion-related too!), the quick withdrawal/policy change/climbdown doesn’t reassure me - it scares me and makes me wonder how often this happens, especially given the accidental discovery of the fake-search-function on Popline.

Sometimes there are cases where both sides make good arguments. Sometimes, though, it’s hard to have much time for either side. And Faulkner Press v Class Notes is one of them. On one hand, you have the rather ambitious claim that notes taken by students in lectures are derivative works of the (protected-by-(c)) lecture given by the lecturer. On the other hand, you have the defendants, a fairly unappealing business that buys lecture notes off students and sells them to those who stayed in bed. Hardly the value of higher education shining through on either side. More from Wired’s Threat Level blog here. Both of tonight’s topics link to that wonderful blog, although I came to them through totally different routes. I’ve been a subscriber for a while and it’s great…

One of the interesting conceptual questions, though, is fixation; if the lecturer writes the lecture (thus creating a fixation which is generally necessary for copyright law) and delivers it it’s one thing, if they just talk in the normal way it’s another, if it’s taperecorded that’s another, and the level of detail in the notetaking can create a further permutation. Another is originality - which, in one of those historical links that make me smile, is the connection between this suit and the classic (and wrong) English case on originality, University of London Press v University Tutorial Press (copyright in exam papers). As it happens, I mentioned this case in a book review last year and, for some reason (lost in the Google universe), the review is a high result when you search for the case name. That scares me, as I only mentioned it in passing. If you want to read a proper article about originality, read the piece by my former copyright law lecturer, Prof. Carys Craig, in the University of Ottawa Law & Tech Journal here (PDF).

Update 1 : this is a case filed in the US federal district court; just at the writ stage, nothing more.
Update 2 : very perceptive comments from Mathias Klang here

I’m sure I’m not the only one who has been waiting for the result of the en banc rehearing of the Roommates.com case in the (US) 9th Circuit Court of Appeals (discussed on this blog here and here). Finally, the decision is here, and the PDF is available for download.

Recall that the case is between a fair housing organisation (seeking enforcement of equality legislation on discrimination in the rental sector) and a roommate-finding website (attempting to rely on the immunity-for-hosts provisions of US law). The first hearing in the 9th circuit led to a complicated split decision (PDF), where each judge (of three) made different findings - but the lead opinion (by now-Chief Judge Kozinski) is quite well known. The bit that got everyone hot under the collar was the idea that the website couldn’t rely on immunity for certain functions. So in particular, they could not be held liable for user comments posted in open fields (i.e. fill in your own stuff here) but they could be held liable (in theory; the actual substantive arguments are deferred until immunity is dealt with) for the way they collect, filter and display information based on answers to questions.

The law in question is ‘section 230 of the Communications Decency Act‘, which must hang on the wall of every website operator. For readers unfamiliar with it, go read the Wiki page which is a decent summary of what’s going on. In essence, it provides immunity against being treated as the publisher or speaker for legal purposes to operators of websites, service providers, etc. What’s unusual from many perspectives is that it is, in general, unconditional - i.e. it can’t be lost if you have ‘notice’ of a problem. So whereas in the case of copyright violations, there is an obligation to remove content notified as such, there is no such obligation for defamatory content, which is covered by section 230. Of course, the person who writes the defamatory content is still liable - but from the point of view of the Internet industries, that’s fine!

The court (with a slight tweaking that’s not all that relevant) upholds the original decision, 8-3. Kozinski again writes the opinion, joined by an odd mix of ‘liberal’ and ‘conservative’ judges including Reinhart, the Carter-appointed liberal figurehead if there is such a thing, who would have (in the original decision) found even more of the activities lacking in immunity than Kozinski did. What’s particular interesting is that he (Kozinski for the majority) goes into an unusual level of detail on the context of the statute (including the cases that predated it), looking at legislative history and context. He also advances some broad arguments on online and offline law, rebutted by a similarly lengthy dissent that is particularly exercised by this point. Kozinski makes some of the same jokes as he did first time out, including the lovely one about significant others and significant Others (see page 12 of the PDF). There is no doubt about the result, though : ‘Roommate is not being sued for removing some harmful messages while failing to remove others; instead, it is being sued for the predictable consequences of creating a website designed to solicit and enforce housing preferences that are alleged to be illegal’ and, later, ‘When Congress passed section 230 it didn’t intend to prevent the enforcement of all laws online; rather, it sought to encourage interactive computer services that provide users neutral tools to post content online to police that content without fear that through their “good samaritan . . . screening of offensive material,”, they would become liable for every single message posted by third parties on their website.’

The court reaffirms, though, that minor editorial work does not change user submissions into the host’s own content, and indeed the law has been a little unclear on this point to say the least. They also note that the language in their own Carafano v Metrosplash.com case (libel) was too broad. What’s also interesting is that in the view of the majority, there is no conflict between today’s decision and other circuits (see footnote 33 in particular, about the Craiglist case at the 7th Circuit). The popular view at the time of the first Roommate decision was that the 9th Circuit was out of step with the rest. I do wonder if, if that view prevails, there will be an attempt to bring the matter to the Supreme Court. Certainly, as media-related cases go, it would be more fun than FCC v Fox…

Other highlights include
- a cheeky use of the ‘we must not forget’ trope (the history of which is discussed in typical style by Eoin) : “We must keep firmly in mind that this is an immunity statute we are expounding, a provision enacted to protect websites against the evil of liability for failure to remove offensive content” (in the context of the unsuccessful complaint about the ‘additional comments’ functions);
- some obiter but properly-argued comments about search engines having nothing to worry about (and the dissent saying the opposite);
- a reminder that this is not a First Amendment case as it wasn’t pleaded. That’s particularly interesting - a lot of general discussion about the advantages of servers in the US (a topic to which I’ll return soon, I promise) is in fact more relevant to section 230 (a law that Congress did make) than to Congress shall make no law.

Anyway, I’d be interested in hearing your thoughts, so the floor is yours. I’ll update with comments from other blogs as they come in…although I’m very surprised at how little there has been so far lots to look at now. Cyberlaw, judicial jokes and a potential bunfight - what’s not to like?

Volokh | Online Liability Blog | Internet Cases | Susan Crawford | Eric Goldman | Wired | Info/Law | E-Commerce Law | Concurring Opinions (Daniel Solove writing) | Citizen Media Law Center (Sam Bayard writing) | David Weinberger | Convictions

Stupidly, a lot of the comments on those posts (though not the posts themselves) are of the nature of OMG you can’t pick your r00m8s?!?!! If they took ten seconds to read, they might find that that issue hasn’t been resolved yet, and this case at this stage is about liability in theory. Oh well.

Taoiseach (prime minister) Bertie Ahern announced his intention to resign today. I wonder, though, if it wasn’t the unusual payments and the Mahon Tribunal’s investigation, but the future set out by this bizarre trademark case reported by IPKat this week, that really prompted it?

Some of you may have come across Google’s malware warning (Warning: this site may damage your computer). It’s explained here and here.

I was interested to see that they have identified the site of Irish State agency Bord Iascaigh Mhara (Sea Fisheries Board) as such (www.bim.ie): see the image below. I’ve let BIM know about this and hopefully it’s nothing serious. Interesting to see Google’s approach in action, though.

I mentioned this before in a rambling post here. It’s great to link to Ethan Zuckerman so I’ll do it again as I did in that post: read this (still) great post. The related questions of defamation and search engine immunity are both fascinating.

Looking at the code of www.bim.ie, nothing jumps out at me as (sorry) fishy - though perhaps the techies out there might want to look too and see if they spot anything unusual? Wisdom of the crowds and all that

I attended a session on ‘theory’ as I was one of the speakers! I don’t perceive my work as particularly theoretical but it was a very interesting session and I”m glad that I ended up there. My paper, Expression 2.0: from known unknowns to unknown knowns, will be posted on the BILETA website and I’ll link it then; here are my slides (PDF). I spoke about the control of expression by social networking and web 2.0 hosts and also by internet service providers, particularly through terms of use. In the second part of the paper, I looked at different approaches to freedom of expression, freedom of communication, and the relationship between human rights and private parties.

Next up was Hayley Hooper, who talked about new technologies and the enduring role of constitutional rights. Recent trends promote ‘liberal legalism’ and a particular, marketised approach of supranational constitutional development.

1. Model of legal constitutionalism; not a purely structural theory : outlined by Alan Tomkins - separate to politics, in the courtroom, control of government, etc. While they sound reasonable, argued that they are normatively undesirable. There is a need to look at supranational entities as they have more constitutional power and control over citizens. We haven’t moved beyond inherent bias in constitutions, despite what some may say. The bias that Hayley suggests in the EU context is market-based, e.g. the four (economic) freedoms. The judiciary are suitable for this model; dealing with socio-economic rights is difficult.

2. UK and the development of judicial review. Until Malone v Metropolitan Police (telephone tapping), couldn’t make human rights claim at that time (no legal or equitable claim), everything is permitted unless it is forbidden. But the judiciary became much more activist in ‘discovering’ constitutional rights in the common law … but the record isn’t consistent, the EHCR incorporation hasn’t reinforced this trend. Pro-Life Alliance as an example, due deference applied. So despite the upsurge, the judiciary have a particular mindset, they won’t go into the more controversial areas.

3. Juristocracy. Recent developments in the UK show a trend towards this. Judicial, economic and political elites have converging/confluent interests, which is on the back of neo-liberal technological progress. What are the consequences? US situation is interesting, especially in the political debate re: Roe v Wade. The Government’s ideas reinforce the juristocracy trend; the 1997 election generated it and it’s been ongoing since then.

The discussion touched on Dworkin, Gearty, alternative approaches to judging and decision-making, the role of ‘governance’. And I enjoyed it a lot.

Finally, Martina Gillen (Oxford Brookes) spoke about developing a ‘Sociology of Law 2.0′. Our identity has always been ‘defined’ in a way by technology - even from the definition of homo sapiens. In Durkheim’s original classification, he focused on divisions of labour etc; but buried in it is a differentiation on the use of technology; the elephant in the living room. It’s shaping what’s happening but theoretically it’s poor. Our tendancy to want ‘legal certainty’ has given us a mechanical/scientific mindset. We’re (we as lawyers) viewing technology as something we should be ‘attracted’ to and we want the analogy to apply to law.

We focus on ‘nodes’ but what are we missing? There’s also the proliferation of economic control and interests. “Just because it’s new, does that make it significant”. And Martina also mentioned the ‘cult of the shiny’ which is something I could rant about but won’t…

What would the new features be? public sphere; multiple jurisdictions; inter-sections.

We then saw a very useful diagram about security models (I haven’t got the technological ability to reproduce it but I’ll link to it when published), arguing to focus on what the user is actually doing! It seems trite but it’s a key feature that has been ignored. We need to move beyond categories and consider normative change. Finally, Martina outlined a research method proposal, based on proxies, to study *what* people are doing on the Internet and *why*. The conclusion, then, is that we need to use the technology to get data.

Wiebke Abel (Edinburgh) and Matthias Damm (an attorney in Karlsruhe, and LLM graduate of Strathclyde) both addressed the topic of trojans and spy software and their use by law enforcement agencies in particular.

Wiebke started things off with an overview of how ‘the world has changed’ and what this means for crime. Are traditional investigation methods and laws sufficient to deal with new challenges? Can a ‘new generation of investigators’ (and investigative tools) help? She picked a particular example, the ‘German Federal Trojan’ (aka Bundestrojaner!). Trojans are familiar (as used by hackers, spammers and others) - but are they only for criminal use? The plan here is for covert search and surveillance of private computers by police or secret services. This can be implemented through spyware, through existing ‘backdoors’ and even download-contamination. There was - naturally - outrage in Germany about this - but was this a once-off? No: the US ‘magic lantern’ and Austrian ‘online search’ are other examples. These technologies are special because of the way they combine factors such as mobility, ubiquity, invisibiity and digital evidence collection; but they are unpredictable and can even raise international issues (trojans operating outside national borders), and the use of gathered data is wholly unclear at this stage (would it stand up in court? should it?). And how do you prevent antivirus software from identifying the supposedly hidden trojan? Wiebke mentioned R v Aaron Caffrey (existence of trojan used as defence in a criminal trial about material on C’s machine). A possible solution is seeing source code as the ‘DNA of software’; hardwire the law into software. But the overwhelming need is an approach where regulation through law and regulation through code are working together

Matthias then started his presentation, ‘I know what you saved last summer’. He also took guidance from history, mentioning fingerprints, DNA and CCTV as examples of new investigative ‘technologies’. Today’s investigators look more like computer operators than Sherlock Holmes. CIPAV (Computer and IP Address Verification) is in use in the US, although it’s not supposed to be dealing with content. The FBI haven’t been very helpful in explaining how it works. As for the Bundestrojaner, the Federal Constitutional Court dealt with this (on 27th February 2008) and gave the go-ahead to such software in its ruling, subject to strict conditions (such as a court order and the respect for private data). This was the same case where the Court formulated a new constitutional right, the guarantee of the confidentiality and integrity of IT systems. More than 60% of the German population apparently support the system, although are they aware of the Orwellian nature of such software?

After a discussion on the trojan issues, Angus Marshall (Teeside) then reported on the EPSRC-funded ‘Cyberprofiling’ project. The project looked at offender and geographic profiling, in particular in the context of intelligence and intelligence-sharing. How can existing information (server logs etc) be used in a useful way? Overcoming various problems, they developed a ‘data collection appliance’. But one of the most interesting legal issues that arose was whether an IP address is a ‘personal identifier’ (relevant for sensitive data / data protection / sharing / etc). Information Commissioner has given various answers; European practice varies. But the research group didn’t feel that IP addresses were personal, though they did accept the advice and used anonymisation. This itself required some new work. So how does this type of ‘dataveillance’ compare with other things like (on one hand) CCTV, DNA and wiretapping and (also, or on the other hand) credit cards, mobile phone tracking, loyalty cards etc. The first category is ‘biometric keyed’ and the second is ‘token mapped’. Angus gave an overview of the regulation and effectiveness of each. He concluded that a telephone number is not a personal identifier; neither, they argued, is an IP address (but combined with other factors ‘may be personal data’). Again, the discussion was extremely vibrant, and now it’s off to lunch.

Chris Marsden (Essex) is an expert on net neutrality in Europe (and other things); see his SCRIPT-ed article on the topic here. And that’s also his topic for this morning’s keynote. Oh, and and it rained lots aréir but it’s quite mild this morning.

This presentation : It’s about convergence, it’s different in Europe, it’s “politics not economics” and it’s not going away.

Convergence - but this isn’t new, the arguments have been seen in the 1950s (spectrum use), 1970s/80s (cable), 1990s (satellite - in particular Sky and football), 2000s (mobile) - and now Internet.

In the US - monopoly power (see Madison River / Vonage case); it’s a result of the Telecoms Act 1996 and the Trinko and BrandX decisions (which means that all networks are, for FCC purposes, ‘information services’ and therefore not common carriers). Should ‘common carriage’ be reintroduced? He mentioned the papers by Lemley & Lessig, Tim Wu’s arguments, the opposition (from techies, economists and lawyers), and the fun times at the FCC hearing in Harvard this year.

Europe is different, though, because of local loop unbundling, control of significant market power, and there is in fact a trend towards *more* regulation (e.g. roaming, reforms to the electronic communications directives). Also, the ‘content’ is different (in the US, it’s often “a commercial dispute hidden as a freedom (or fr’dom) argument”), whereas Europe has EPG regulation, ‘must carry’, etc. We even have the BBC iPlayer - the ‘death star’ for ADSL networks. What if it’s not VOIP that’s being blocked, but Eastenders? UK consumers are paying for broadband, licence fee, Sky subscription…

Japan, now, is an interesting example - net neutrality is in place, and there’s a privileged role for consumer protection in the legal framework; there are incentives to roll out high-speed (e.g. incumbent NT&T can do so without regulation for a ‘holiday’ period).

The lobbies are the networks (trying to protect investment, not to mention the need to ensure quality of service) vs the content providers (who don’t want to be charged). But the networks *are* actually blocking things like BitTorrent (under the headings of traffic management, antivirus,etc) while advertising unlimited access. And the content providers (like the BBC telling users to lobby their ISPs to switch on simulcasting!) are having a free ride, especially for video and P2P.

Also, the interaction between filtering and net neutrality, which has lots of unforseen possible consequences. And there are issues with competition law, and what of BT which has a dominant position?

Chris also spoke about Phorm, a very interesting yet terrifying ‘adware’ system at the ISP level (”Google on steroids, or Big Brother incarnate”) (couple of links here) - is it even legal? He wondered, though, if Phorm is the response to net neutrality, i.e. if the telco can’t make money through NN, can they make it through something like Phorm?

We also heard a little about ‘end to end’ and other such pronouncements; how much innovation happens “at the edge” in reality? And a related question is on what basis filtering can actually be allowed…

The conclusion looked at DRM, privacy, blocking, hate speech and even the AVMS Directive. The legal provisions, aside from the directive, include the electronic communicaitons directive, the IS Security Framework Agreement, the E-Commerce Directive and more - which taken together mean greater intervention by ISPs in what goes through its network. The regulators are passing the buck - we are going in circles. “They’re all a bunch of tubes”.

The last (official) business of the day was a series of parallel presentations/experiments/workshops; I passed by the fun-looking projections and computers and went to an interesting panel under the banner of the recently relaunched SCRIPT-ed (the open access periodical managed by the University of Edinburgh). Journal editors Wiebke Abel and Shawn Harmon put together a session on open access and legal scholarship.

Speaker Andres Guadamuz (Edinburgh), co-director of SCRIPT, previewed the session on his blog, here and session chair Shawn Harmon, after introducing the panel, discussed SCRIPT-ed and their approach to peer review and rapid turnarounds (always welcome). He pointed in particular to the interdisciplinary nature of work in the technology-law-society area. Finally, he highlighted the call for papers and registration for the March 2009 conference.

Andres then spoke about the importance of open access to legal information. Licences such as the GNU FDL (used by Wikipedia) or those developed by Creative Commons are important; it’s not just about making something available online without charge, although a lot of publishers/republishers have yet to grasp these subtleties and are still quite risk-averse. The Berlin Declaration, on the other hand, is more about access, but requires peer review. Policymakers and research councils, then, may have different definitions again; the latter are interested in the role of public money and the making available of the resulting work to the public, and policies on public sector information (including caselaw) add further complexity. In response to a question, he also discussed pre-prints (SSRN etc).

John MacColl (St. Andrew’s University Library), spoke about open access repositories and his experience in developing such at the University of Edinburgh. Librarians come at these issues with lots of reasons in mind : in particular, budgets are stretched (research libraries can spend over three-quarters of their materials budget on periodicals including licence fees). Interestingly, the debate has been a more gentle one in Australia, because without a strong publishing industry, that major source of opposition wasn’t present as it is in the UK. He explained how ERA, the Edinburgh Research Archive worked, and how academics deal with it, referring to the two databases for checking on publisher and research council policies (Romeo and Juliet). Institutional, national or funding-council ‘mandates’ are extremely important; the new research assessment methods in the UK, which will include metrics, will also be relevant. (For the record, the institutional repository at my own institution was very much influenced by Edinburgh’s; our library is still working hard on getting staff and research students to submit, so if you’re one of my TCD audience, think about doing so?).

Diane Rowland (Aberystwyth) opened with a story about a colleague who didn’t want to publish in an online-only journal (”I like paper” was his reason). The serious issues are quality, prestige and impact - and the perception of these issues. A stronger commitment (from the discipline, as well as from individual schools or departments) is necessary - for example, in the RAE just gone by, articles in web-based journals were not in the same category as ‘journal articles’ more generally. Like John MacColl, she was interested in the development of new metrics and what this would mean for the journals as well as for individual behaviour.

Prof. Abdul Paliwala (Warwick) is the director of the Journal of Information, Law and Technology (JILT). He reflected on the development of the journal and in particular looked forward to a forthcoming issue on legal education that would make some use of multimedia, reinforcing the decision not to have a paper-version. He suggested a meeting of all those people involved in the free and open access movements.

Finally, Burkhard Schafer (Edinburgh) spoke about the purpose and status of peer review more generally. He went from low-copy numbers in DNA to the credibility and accuracy of citations and wondered about the development of standards (’seals of approval’, perhaps?)

And now my battery is dying, so that’s it for ‘live’ blogging for today, but there’ll be more tomorrow…

Burkhard Schafer (Edinburgh) started by shooting the Chair.

He then went on to discuss evidence and hearsay and computer-generated speech; how relevant is the hearsay rule when you have lots of information ’spoken’ (aural or visual) by a computer. This works for something as simple as the ‘time’ of a particular event; if the computer ‘tells’ you the time is that hearsay? With ‘helpful’ suggestions from a computer (think of something like predictive text), the grey areas are significant. Is a bot sent to interact in a chatroom an electronic document or hearsay-speech? What about the call centre and the mix between preformulated stuff and the human operator? Should we just abolish the distinction? (He says no, but we have to work on the definitions)

This is about the fourth time I’ve heard Burkhard speak at conferences and again, I came away with questions that will annoy me for a while! Which I suppose is a good thing

Next up was Primavera de Fillipi (also part of the EUI contingent), talking about user-generated content and democratic participation. Again this is something that comes into my current research interests, so I was on the lookout for ideas here. The theoretical background was Habermas on the public sphere (Offentlichkeit) which was related to ‘e-democracy’ and the participative web; the “electronic Agora”, a lovely image. The challenges, though, include scarcity of Internet access in some countries, the need to develop appropriate technical skills, the power of intellectual property law (particular when it comes to parody or transformative works), and censorship/filtering. A freewheeling discussion followed about Wikipedia, blogging and the “geekery” of the Internet.

Finally, Judith Rauhofer (Central Lancashire) talked about data protection (which is now ’sexy’ and ‘the new black’, apparently!). She argued that it necessary to return to first principles, and discussed the concept and defintions of privacy, including personality rights in the German constitutional context, compared with US concepts of the ‘public interest’, and the various legal protections of privacy in domestic and international law. Data protection has developed (in a way) as an expression of the idea of privacy. Interestingly, the international interventions under this heading can be seen as a ‘backlash’, as some states were effectively creating ‘data havens’ by regulating within a domestic sphere only, and international standards can be either a ‘race to the top’ or a ‘race to the bottom’. Additionally, individuals ‘trade’ their data : loyalty cards or travel cards (Oyster) are great examples. Judith explored the reason for privacy protection, focusing on social reasons rather than purely individual ones; this tradition can be traced to the famous German ‘Census Act Case’ in 1983. “If one individual or group of individuals waives privacy rights, the level of privacy for all individuals decreases”. Her suggestion was the use of regulation to force the use of code, which prompted a good set of questions and comments.