Lenz Blog

An Italian court has convicted several employees of Google for criminal violation of Italian privacy laws, as reported on the Google Public Policy Blog.

I have been highly critical of Google’s privacy policy on this blog. However, that court decision is clearly wrong. Under Article 14 of the 2000 Directive on Electronic Commerce, providers of information society services are not liable for content uploaded by their users, as long as they remove illegal content expeditiously upon getting aware of it.

The video file in question was removed within hours after the notification by Italian police. Requiring more from service providers like Google would mean an obligation to monitor user content, which is excluded by Article 15 of the Electronic Commerce Directive.

Damn. That Italian court is so wrong even I need to come out on Google’s side in this case.

The government ordinance on the search engine exception leaves the standard for opting out to be defined by an ordinance of the Ministry of Education, Culture, Sports, Science and Technology. That ordinance was also enacted on December 28, 2009, and it introduced a new Article 4-4 into the Copyright Law Execution Order (著作権法施行規則). In my translation, that Article reads:

“Chapter Seven  Standards for Prohibition of Collecting Information made Available for Download.

Article 4-4 The standard of Article 7-5 of the copyright law execution ordinance means that the person defined in Article 47-6 of the copyright law (including the case of application under Article 102, Paragraph 1 of the copyright law. The same applies for the rest of this Article) takes one of the following measures to prohibit the collecting of information following established customs.

1. Write the following statements into a electronic file called “robots.txt” which is made available for download (electronic file as in Article 31 of the copyright law. The same applies for number 2 below).

a) A prohibition of the collection of information by the person defined in Article 47-6 of the copyright law directed at programs.

b) Specification of the scope of the prohibition of the collection of information by the person defined in Article 47-6 of the copyright law.

2. Writing a prohibition of the collection of information made available for download by the person defined in Article 47-6 of the copyright law into an electronic HTML or similar file which is made available for download.”

Number 2 above also includes a definition of “HTML”. I refrain from translating it here, since it is absolutely useless. Anybody applying this Article already knows what hypertext markup language is.

In contrast, Number 2 above does not require that the prohibition is included in the appropriate metatag. See for example the explanation “The Robot META Tag Values” at SearchTools.com. However, since the whole standard requires adhering to “established customs” it would be not sufficient to just write some prohibition in the body of the text where the robots would not find it.

Number 2 does not require to specify the scope of the prohibition. That is probably because it is contained in the head of a single page anyway, so it is clear without specification that the page in question is included in the scope,while some other page without the metatag is not. However, under established customs it is possible to do partial prohibitions. For example, someone might direct Google to provide no snippets or not to follow links (as a countermeasure to link spam). These possibilities are not reflected in number 2. But again, under “established customs” it would make no sense to allow them in robots.txt but not in html metatags.

I have no idea what the Ministry means to say by “file similar to html”.

The new Japanese copyright exception for search engines gives copyright holders the right to opt out. That however is not very clear from the text of the law itself (I was confused about that when first reading it).

However, it becomes clear when reading the relevant Government Ordinance and the Culture Ministry Ordinance that were issued on December 28, 2009 and are published in Official Journal Special Edition (官報号外）275.

Government Ordinance 299 introduces a new Article 7-5 in the Copyright Law Execution Ordinance (著作権法施行令）. That Article gives a definition of the term “search engine business”. In my translation, that definition is:

The standard for collecting, organizing and providing information made available for download under Article 47-6 of the copyright law (including the case of application under Article 102, Paragraph 1 of the copyright law. The same applies for number 2) is laid down as follows.

1. Collecting, organizing and providing information made available for download must be done automatically by a computer program.

2. Information for which the person defined in Article 47-6 of the copyright law has prohibited the collection following the standard laid down by ordinance of the Ministry of Education, Culture, Sports, Science and Technology must not be collected.

3. When trying to collect information made available for download the search engine finds that measures under the previous number are taken, that information must be deleted.

The new Japanese copyright exception for search engines I have translated here is in force since January.

Basically it gives search engines the right to copy without a license as far as that is necessary to run their search business. It also gives them the right to display a cached copy of pages linked to in the search results, thereby taking readers from the original site.

The limit to that exception is that it provides for an opt-out for the copyright holder. If they declare in the robots.txt file or in an appropriate html metatag that they don’t want search engines indexing their site, the exception does not apply.

That is in clear violation of Article 5 of the Berne Convention.  Paragraph 2 of that Convention reads:

(2) The enjoyment and the exercise of these rights shall not be subject to any formality; such enjoyment and such exercise shall be independent of the existence of protection in the country of origin of the work. Consequently, apart from the provisions of this Convention, the extent of protection, as well as the means of redress afforded to the author to protect his rights, shall be governed exclusively by the laws of the country where protection is claimed.

Writing an opt-out into a robots.txt file is a formality, just like the old “all rights reserved” necessary in books published before America joined the Berne Convention. A copyright holder can only assert his copyright against search engines if he jumps through that particular hoop.
Requiring this formality is in clear violation of the Convention. If legislators want to hand out special favors to multibillion search engines, they need to do so without an opt-out clause.

That’s the heartwarming headline for this Sullivan post, pointing to a BBC story about the latest privacy disaster from the Evil Spam Empire.

Google has multiple users for their Gmail service. Now they have added some new functionality called “Buzz” which allows people to share content.

The problem with that idea was that Google didn’t bother to ask their users if they actually want to share their personal data with the whole world. Instead they just went ahead and made the list of most frequent mail correspondents viewable to everybody.

Google has apologized and is working on correcting the problem.

The following text is a recommendation of the “International Working Group on Data Protection in Telecommunications“, adopted first in 1998 and revised in 2006. At the original host it does not have a single URL, making it impossible to point to exactly this file. Since I need to do that for a paper I am writing now, I mirror the original PDF file here.

International Working Group on Data Protection in Telecommunications
The Working Group has been initiated by Data Protection Commissioners from different countries in order to improve privacy and data protection in telecommunications and media

675.32.28
Common Position on Privacy Protection and Search Engines
first adopted at the 23rd Meeting in Hong Kong SAR, China 15 April 1998 - revised and updated at the 39th meeting, 6-7 April 2006, Washington D.C. -

Today, the Internet contains a vast amount of information on almost every topic one can think of. In order to be able to find the requested information on the net, search engines have become an indispensable tool. They are the keys to cyberspace.
With these search engines, it is possible to search for personal data which have been published.
The result would be a profile of the network activities of a particular person. Search engines can also be used for “data mining”. As the Internet is becoming more and more popular for the exchange of information and other activities (e.g. Electronic Commerce), such activities can cause a threat to privacy.
Furthermore, providers of search engines have the capability to draw up a detailed profile of the interests of their users. IP-logs, especially when combined with respective data stored with access providers, allow for the identification of users. Given that the use of search engines is nowadays common practice among netizens, traffic data stored with providers of popular search engines will allow for a detailed profile of interests, thoughts and activities across different sectors (for example
work, leisure, political opinions, or even sexual preferences).
Data Protection and Privacy Commissioners have been especially concerned about the possibility to drawing up profiles of citizens in the past. Now the technology available on the Internet makes this practice, to a certain extent, technically possible on a global basis.
The Working Group has already in the past stressed the data protection and privacy problems related to the use of the Internet and has made recommendations for possible steps to solve these problems. With regard to disclosed or published personal data, the Working Group recalls that personal data which the user has voluntarily made public are still under the protection attached to their nature.
Recommendations

Users of the Internet can also be providers of information. They should be aware that every bit of personal information they publish on the net (e.g. when creating their own homepage, or publish articles in newsgroups) can be used by third parties for profiling.

For example, messages in news groups or on social networking websites can be indexed and traced by search engines, thus adding information to profiles about who expressed which opinion on which subject. One way to reduce this threat to privacy e.g. when participating in news services could be the use of pseudonyms.
Internet service providers and software manufacturers should therefore offer pseudonym services to their customers. In any case, users should be made aware of the risks they are taking when participating in news services, chatrooms or social networking sites under their real e-mail addresses or even their real names.
Users should have the option to limit the use of their data to certain purposes. They should also be capable of excluding their own personal information (or parts thereof) on the net from being monitored by search engines. This can for example be achieved by defining a “no-robots”-option for a website. However, this feature depends on being observed by the providers of search engine services.
Providers of search engines should inform users upfront in a transparent way about the processing of data in the course of using their services.
They should also provide the data subjects with a means to have their data deleted from (outdated) copies of web pages that they may store (“cache”).

In view of the sensitivity of the traces users leave when using a search engine, providers of search engines should offer their services in a privacy-friendly manner. More specifically, they shall not record any information about the search that can be linked to users or about the search engine users themselves. After the end of the search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data stored which are necessary to provide a service.
In any case, data minimization is key. Such a practice would also be beneficial for the providers of search engines who increasingly have to deal with demands for user-specific information from third parties.
To protect the privacy of the user, full application of privacy enhancing technologies is required where possible.

The EU Commission has issued a statement confirming that Sri Lanka is not living up to the commitments to international human rights protection standards that are conditions for access to the GSP+ program. The Commission will now consult with the Member States about temporarily suspending GSP+ status, while calling on Sri Lanka to constructively work on the issue.

Recently Amazon released their Kindle internationally. I immediately ordered one. The first book I bought for it was Patry’s.

When reviewing it, the first thing I need to point out is that the author is Senior Copyright Counsel at Google.

The first reason is that the author does not want people to note this fact when discussing the book, as he writes in his “Disclaimer”. Under the copyright system  Patry’s book is attacking, authors get to control many things. What reviewers write about their books is not among them.

The second reason is that while Patry states that Google does not share the views expressed in this book in his “Disclaimer”, I happen to think that is not true.

One example is the discussion of Associated Press and their approach to the question of copyright in relation to Internet search engines in chapter nine. I would be very surprised to learn that Google does not share the view that they don’t need a license from website authors for their core web search business, or the same old tired reasoning that authors agree to everything because they don’t edit their robots.txt file.

Actually, if one were to imagine what book an author named “Google” would write about copyright policy, one would expect a position strongly critical of copyright, since copyright is a threat to Google’s business. As it happens, that seems to be exactly how this one turned out. If one where to believe Patry, there is actually no reason for copyright to exist, and he closes with the idea that copyright might be taken away completely (last sentence of his “Conclusion”).

And while we don’t really know about what “Google” might say about the author’s positions in this book, it is probably reasonable to assume that Mr. Patry won’t be Senior Copyright Counsel for or representing in court the RIAA anytime soon.

The most space in the book is dedicated to the idea that people should tone down their rhetoric when discussing copyright. I have much sympathy for that idea. On this blog, I have pointed out six years ago that calling copyright violators “pirates” is the equivalent of calling copyright owners “slave traders”, or that “enemies of freedom” might be another interesting suggestion to counterstrike.

However, if you are interested in stopping metaphors from confusing the discussion, you should really not have “copyright war” in the title of your book and of many subchapters. You should also refrain from describing Digital Rights Management as “the equivalent of letting copyright owners put a chastity belt on someone else’s wife”, as Patry does in the subchapter “The Digital Millenium Act” in Chapter 8.

This does not strike me as an appropriate thing to say, even if the main idea of the book was not an appeal to get rid of colorful rhetoric in the field.

It is also not in the interest of avoiding metaphors when the author compares policy makers to “vampires” (in Chapter Nine, subchapter “How Innovation Occurs”). I am sure Jack Valenti would never have tried to influence policy makers by comparing them to the Boston Strangler.

Another interesting sentence was this one:

“According to the copyright industries, once they lose control they lose their ability to lose money” (in the Introduction).

That is obviously a typo, but an amusing one.

As for the discussion of Digital Rights Management, I find myself confirmed once more in my position that DRM can be effective. As Patry writes on the Amazon Kindle:

“Amazon.com’s Kindle ebook reader has more digital locks than CIA headquarters, designed to ensure that Amazon’s costumers will have to use the Kindle even if a superior, cheaper alternative is developed.”

That is of course one more metaphor, the use of which we all should refrain from. But Patry is right. The Kindle does come with strong DRM. I for one am completely unable to defeat it.

And actually, I don’t see any need to defeat it. I am perfectly happy right now with the fact that I can read Patry’s book 60 seconds after buying it, and at a lower price compared with the printed edition. The Kindle works rather nicely.

I don’t understand why the author feels that Japan is a special model for the future of copyright policy. In the subchapter he dedicates to discussing Japan, he mentions that Japan has the world’s fastest Internet access and that people write novels for mobile phone screens, both of which are true but have nothing to do with what Japanese copyright does different from American copyright. There are interesting developments in Japanese copyright law, for example the new exception for search engines introduced this year, but one would not know about them from reading Patry’s book.

The author has a blog specially dedicated to discussing this book.

See the Commission press release for details.

They don’t seem to agree with the idea that all search engines can copy and redistribute their content.