Lenz Blog

The following text is a recommendation of the “International Working Group on Data Protection in Telecommunications“, adopted first in 1998 and revised in 2006. At the original host it does not have a single URL, making it impossible to point to exactly this file. Since I need to do that for a paper I am writing now, I mirror the original PDF file here.

International Working Group on Data Protection in Telecommunications
The Working Group has been initiated by Data Protection Commissioners from different countries in order to improve privacy and data protection in telecommunications and media

675.32.28
Common Position on Privacy Protection and Search Engines
first adopted at the 23rd Meeting in Hong Kong SAR, China 15 April 1998 - revised and updated at the 39th meeting, 6-7 April 2006, Washington D.C. -

Today, the Internet contains a vast amount of information on almost every topic one can think of. In order to be able to find the requested information on the net, search engines have become an indispensable tool. They are the keys to cyberspace.
With these search engines, it is possible to search for personal data which have been published.
The result would be a profile of the network activities of a particular person. Search engines can also be used for “data mining”. As the Internet is becoming more and more popular for the exchange of information and other activities (e.g. Electronic Commerce), such activities can cause a threat to privacy.
Furthermore, providers of search engines have the capability to draw up a detailed profile of the interests of their users. IP-logs, especially when combined with respective data stored with access providers, allow for the identification of users. Given that the use of search engines is nowadays common practice among netizens, traffic data stored with providers of popular search engines will allow for a detailed profile of interests, thoughts and activities across different sectors (for example
work, leisure, political opinions, or even sexual preferences).
Data Protection and Privacy Commissioners have been especially concerned about the possibility to drawing up profiles of citizens in the past. Now the technology available on the Internet makes this practice, to a certain extent, technically possible on a global basis.
The Working Group has already in the past stressed the data protection and privacy problems related to the use of the Internet and has made recommendations for possible steps to solve these problems. With regard to disclosed or published personal data, the Working Group recalls that personal data which the user has voluntarily made public are still under the protection attached to their nature.
Recommendations

Users of the Internet can also be providers of information. They should be aware that every bit of personal information they publish on the net (e.g. when creating their own homepage, or publish articles in newsgroups) can be used by third parties for profiling.

For example, messages in news groups or on social networking websites can be indexed and traced by search engines, thus adding information to profiles about who expressed which opinion on which subject. One way to reduce this threat to privacy e.g. when participating in news services could be the use of pseudonyms.
Internet service providers and software manufacturers should therefore offer pseudonym services to their customers. In any case, users should be made aware of the risks they are taking when participating in news services, chatrooms or social networking sites under their real e-mail addresses or even their real names.
Users should have the option to limit the use of their data to certain purposes. They should also be capable of excluding their own personal information (or parts thereof) on the net from being monitored by search engines. This can for example be achieved by defining a “no-robots”-option for a website. However, this feature depends on being observed by the providers of search engine services.
Providers of search engines should inform users upfront in a transparent way about the processing of data in the course of using their services.
They should also provide the data subjects with a means to have their data deleted from (outdated) copies of web pages that they may store (“cache”).

In view of the sensitivity of the traces users leave when using a search engine, providers of search engines should offer their services in a privacy-friendly manner. More specifically, they shall not record any information about the search that can be linked to users or about the search engine users themselves. After the end of the search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data stored which are necessary to provide a service.
In any case, data minimization is key. Such a practice would also be beneficial for the providers of search engines who increasingly have to deal with demands for user-specific information from third parties.
To protect the privacy of the user, full application of privacy enhancing technologies is required where possible.

The EU Commission has issued a statement confirming that Sri Lanka is not living up to the commitments to international human rights protection standards that are conditions for access to the GSP+ program. The Commission will now consult with the Member States about temporarily suspending GSP+ status, while calling on Sri Lanka to constructively work on the issue.

Recently Amazon released their Kindle internationally. I immediately ordered one. The first book I bought for it was Patry’s.

When reviewing it, the first thing I need to point out is that the author is Senior Copyright Counsel at Google.

The first reason is that the author does not want people to note this fact when discussing the book, as he writes in his “Disclaimer”. Under the copyright system  Patry’s book is attacking, authors get to control many things. What reviewers write about their books is not among them.

The second reason is that while Patry states that Google does not share the views expressed in this book in his “Disclaimer”, I happen to think that is not true.

One example is the discussion of Associated Press and their approach to the question of copyright in relation to Internet search engines in chapter nine. I would be very surprised to learn that Google does not share the view that they don’t need a license from website authors for their core web search business, or the same old tired reasoning that authors agree to everything because they don’t edit their robots.txt file.

Actually, if one were to imagine what book an author named “Google” would write about copyright policy, one would expect a position strongly critical of copyright, since copyright is a threat to Google’s business. As it happens, that seems to be exactly how this one turned out. If one where to believe Patry, there is actually no reason for copyright to exist, and he closes with the idea that copyright might be taken away completely (last sentence of his “Conclusion”).

And while we don’t really know about what “Google” might say about the author’s positions in this book, it is probably reasonable to assume that Mr. Patry won’t be Senior Copyright Counsel for or representing in court the RIAA anytime soon.

The most space in the book is dedicated to the idea that people should tone down their rhetoric when discussing copyright. I have much sympathy for that idea. On this blog, I have pointed out six years ago that calling copyright violators “pirates” is the equivalent of calling copyright owners “slave traders”, or that “enemies of freedom” might be another interesting suggestion to counterstrike.

However, if you are interested in stopping metaphors from confusing the discussion, you should really not have “copyright war” in the title of your book and of many subchapters. You should also refrain from describing Digital Rights Management as “the equivalent of letting copyright owners put a chastity belt on someone else’s wife”, as Patry does in the subchapter “The Digital Millenium Act” in Chapter 8.

This does not strike me as an appropriate thing to say, even if the main idea of the book was not an appeal to get rid of colorful rhetoric in the field.

It is also not in the interest of avoiding metaphors when the author compares policy makers to “vampires” (in Chapter Nine, subchapter “How Innovation Occurs”). I am sure Jack Valenti would never have tried to influence policy makers by comparing them to the Boston Strangler.

Another interesting sentence was this one:

“According to the copyright industries, once they lose control they lose their ability to lose money” (in the Introduction).

That is obviously a typo, but an amusing one.

As for the discussion of Digital Rights Management, I find myself confirmed once more in my position that DRM can be effective. As Patry writes on the Amazon Kindle:

“Amazon.com’s Kindle ebook reader has more digital locks than CIA headquarters, designed to ensure that Amazon’s costumers will have to use the Kindle even if a superior, cheaper alternative is developed.”

That is of course one more metaphor, the use of which we all should refrain from. But Patry is right. The Kindle does come with strong DRM. I for one am completely unable to defeat it.

And actually, I don’t see any need to defeat it. I am perfectly happy right now with the fact that I can read Patry’s book 60 seconds after buying it, and at a lower price compared with the printed edition. The Kindle works rather nicely.

I don’t understand why the author feels that Japan is a special model for the future of copyright policy. In the subchapter he dedicates to discussing Japan, he mentions that Japan has the world’s fastest Internet access and that people write novels for mobile phone screens, both of which are true but have nothing to do with what Japanese copyright does different from American copyright. There are interesting developments in Japanese copyright law, for example the new exception for search engines introduced this year, but one would not know about them from reading Patry’s book.

The author has a blog specially dedicated to discussing this book.

See the Commission press release for details.

They don’t seem to agree with the idea that all search engines can copy and redistribute their content.

The first chamber of the European Court of Justice handed down a judgment on October 6th that gives a rather different impression compared to that of the Grand Chamber in the BWin case I discussed here recently.

In the new case, the Commission sued Spain because lottery winnings are exempted from income tax only in case the lottery operator is based in Spain. The Court ruled that this is discriminatory. Operators that pursue charitable activities must be exempted in an equal way, whereever they are established.

Especially noteworthy is the reasoning at paragraph 39:

It need merely be pointed out in that respect that, as is apparent from the Court’s case-law, it is not justifiable for the authorities of a Member State to assume, in a general way and without distinction, that bodies and entities established in another Member State are engaging in criminal activity.

That is in contrast to the idea of the BWin case that operators may be assumed to operate fraudulently just because they are established in another Member State and use the Internet to communicate with their customers.

I am pleased to note that the Internal Market is not completely dead in the sector, even after the BWin case.

As Glenn Greenwald notes, there are no achievements to justify a Nobel Prize for Barack Obama.

Unless one counts beating McCain/Palin in the election, which was probably a major contribution to world peace, or sees it as an extraordinary achievement that Obama already is in office for nine months without having started any other illegal wars.

However, this award may still turn out to be justified. Just as the Americans like the idea of preemptive war, that is war based on something some other country might or might not do in the future, this prize might be understood as based on the idea of preemptive peace, that is based on what Obama might or might not do in the future. He has at least three more years to start more illegal wars, escalate the existing ones, and block investigation of American war crimes as well as serious countermeasures to global warming.

That will be that much harder to do as a Peace Nobel Prize winner.

And whatever one might think about his policies, Obama does give good speeches. It will be interesting to hear what he might say at the occasion. There might be even some hope that this time a nice speech will be followed up by some meaningful action.

The Osaka High Court has acquitted Winny developer Isamu Kaneko from charges of copyright violation.

I have commented on that case five years ago, when Kaneko was first arrested. And I have discussed the question of secondary liability for dual-use software a couple of weeks ago.

I don’t have much to add. As far as criminal liability is concerned, as in this case, any conviction would need to show a clearly workable and convincing standard to explain why the Internet as such is not illegal, but the software in question is. FTP has been around since 1971. Computers could always exchange files on the net. That clear and workable standard does not seem to exist, giving any convicting verdicts in the field a strong chilling effect.

A copyright reform bill containing the new exception for search engines has passed the Japanese Parliament and will come into force on January 1st, 2010.

I will post an English translation and offer a couple of comments. The English translation will depart from the unreadable style of the Japanese original by relocating all information in brackets into their own sentences.

Article 47-6 Copying for the purpose of searching for uniform resource locators of information made available for download

A business with the purpose of searching uniform resource locators of information made available for download and displaying the search results in answer to requests from the public may, as far as necessary for such search and display, store and adapt information made available for download on storage media, and may serve automatically in answer to requests from the public a copy of such information relating to the uniform resource locators served, including making the information available for download.

An uniform resource locator is a string of characters, numbers and other code used to distinguish information made available for download.

Search engine businesses include those providing only partial services, but are restricted to those that comply with the standard for collecting, organizing and providing information made available for download laid down by government ordinance.

For information made available for download only after requiring input of an access code identifying the user, the exception applies only if the person who restricted the access gives permission.

Update: The above paragraph is incomplete. It must read:
For information made available for download only after requiring input of an access code identifying the user or other means of restricting the access are applied, the exception applies only if the person who restricted the access gives permission. (End of update)

The search engine business may also store secondary works in the course of storing or adapting information.

The search engine may display such secondary works in combination with the information made available for download. This is called “records for displaying search results”.

However, if the search engine business knows that the information made available for download regarding records for displaying search results is in violation of copyright, it may not serve automatically in answer to requests from the public such records for displaying search results, nor may it make the records available for download.

In case of information made available for download in foreign countries, this restriction applies if it would violate copyright in case of serving the information in Japan.

This translation is probably not perfect. Any hints for improvement are welcome. Now for a couple of comments.

I had the chance yesterday for a short discussion of this new law with Masayuki Matsuda, who is a leading copyright lawyer with numerous publications and was involved in the legislative process.

He said that this legislation was not needed, since search engines could operate legally even without it. I disagree with that. In my opinion, search engines should be restricted to opt-in like everyone else in the copyright system.

But if one sees this only as a clarification, there remain some questions. For example under German law, a recent article by former judge of the Federal Court of Justice Joachim v. Ungern-Sternberg (GRUR 2009, 369) argues that authors give implied permissions to search engines the moment they put information on the Internet. Since German law has no search engine exception, without this kind of theory the current operating model of many search engines would become illegal.

Now, again, as an author of web content I object strongly to the idea that I give any permission to a search engine. Especially Google. This kind of theory is, at least in my case, making up a permission out of thin air where there not only is none, but strong objection. If you want to take my content against my will, then write an exception into copyright law, as the Japanese just did. But don’t tell me I agree to something where there is no such consent on my part.

And the theory seems to be fueled by the premise that it is impossible to operate a search engine under opt-in. I don’t believe that.

But even if one makes up permissions where there are none, this new legislation raises a couple of questions. For example, what exactly is the scope of that “implied permission”? Is it restricted to copying content in the database search engine, or does it also extend to serving cache copies to users? The article by v.Ungern-Sternberg for example does not extend the reach of the fictional permission to serving of cache copies (see page 373), which would mean that the new Japanese exception would reach further than his theory.

And even v. Ungern-Sternberg concedes the author’s right to opt out. As most proponents of implied permission he raises that as a reason against respecting copyright. If the author can opt out easily by adding some lines to a robots.txt file, insisting on copyright is an abuse of copyright (Rechtsmissbrauch).

So, under his theory, I can opt out, as long as I do it in a machine-readable way. Not so under the new Japanese law. Any search engine is free to ignore an opt out in robots.txt, as long as the website in question does not require a password for accessing it. Again, the new Japanese exception goes farther than the above theory, and farther than current practice, where most search engines do respect at least opt-out.

Update: The above paragraph is wrong as far as it states that under the new Japanese exception search engines are free to ignore an opt-out declared by editing the robots.txt file. That would be a case where “other means of restricting the access are applied“, see also the update of the translation above.

The copyright notice for this blog reads:

Please feel free to forward copies of this work to others, mirror it on your homepage or blog, or post it on bulletin boards or P2P networks. However, please leave my name attached and don’t edit the work. Commercial use requires separate permission.

Permission for such commercial use is expressly denied to Google. I object specifically to inclusion in their cache and access to my pages with the “Google Web Accelerator”.

Many people seem to think that the act of posting something to the Web gives anybody an implied permission to copy that posted content for use in a search engine.

I for one give no such permission. Anybody assuming that I do is making up a completely fictitous permission out of thin air, and is acting against my clearly expressed will as an author. In other words, they don’t care one bit what I as an author actually want, but feel entitled to decide what I must want in my place. That is not how copyright is supposed to work.