Feed aggregator

A significant milestone for digital due process

Google Public Policy BLOG - Wed, 2014/06/18 - 11:28
Posted by David Lieber, Senior Privacy Policy Counsel 

Although the recent debate around government surveillance has focused on the reach of the National Security Agency (NSA) and the Foreign Intelligence Surveillance Act (FISA), we have long supported efforts to update the Electronic Communications Privacy Act (ECPA) so that the government must obtain a warrant to require a provider to disclose content stored with the provider. 

The ongoing campaign to update ECPA reached a significant milestone today. For the first time, a majority of Members in the U.S. House of Representatives have gone on record to support bipartisan legislation (H.R. 1852) sponsored by Representatives Yoder (R-KS), Graves (R-GA), and Polis (D-CO) that would create a bright-line, warrant-for-content rule for electronic communications. 

This common-sense reform is long overdue. While well-intentioned when enacted in 1986, ECPA no longer reflects users’ reasonable expectations of privacy. For example, an email may receive more robust privacy protections under ECPA depending on how old it is, whether it has been opened, and where it is stored — while users attach no importance to these distinctions. The Department of Justice itself has acknowledged that there is no principled reason for this rule. 

In 2010, a federal appeals court said that ECPA itself is unconstitutional to the extent that it authorizes the government to obtain the content of emails without a warrant. Google agrees with the court that the Fourth Amendment requires that the government issue a search warrant to compel a provider to disclose the content of communications that a user stores with a provider. 

Congress should send a clear message about the limits of government surveillance by enacting legislation that would create a bright-line, warrant-for-content standard. Now that a majority has gone on record to support this common sense update, we once again urge Congress to expeditiously pass legislation to update ECPA.

Why Has Canada Still Not Signed the WIPO Copyright to Support the Blind?

Michael Geist Law RSS Feed - Wed, 2014/06/18 - 04:13
Countries from around the world last year reached agreement on a landmark copyright treaty designed to improve access to works for the blind and visually impaired. As the first copyright treaty focused on the needs of users, the success was quickly billed the "Miracle in Marrakesh" (the location for the final round of negotiations) with more than 50 countries immediately signing the treaty.

The pact, which was concluded on June 27, 2013, established a one-year timeline for initial signatures, stating that it was "open for signature at the Diplomatic Conference in Marrakesh, and thereafter at the headquarters of WIPO [the World Intellectual Property Organization] by any eligible party for one year after its adoption."

My weekly technology law column (Toronto Star version, homepage version) notes that in the months since the diplomatic conference, 67 countries have signed it. The list of signatories includes most of Canada's closest allies, including the United States, European Union, United Kingdom, and France. The major developing economies such as Brazil, China, and India have also signed the agreement. Curiously absent from the list of signatories, however, is Canada.

The issue was raised in the House of Commons by NDP MP Peggy Nash, leading to the following exchange with Industry Minister James Moore:

Nash: Mr. Speaker, over 90% of published materials are simply not accessible to blind and visually impaired Canadians. The Marrakesh treaty on copyright seeks to fix this problem. Sixty-seven countries have signed on, including the EU, U.K., India, and China, but not Canada. The Conservatives left these measures out of their proposed copyright changes. The treaty's deadline is June 27. Will the Conservatives do the right thing and sign this treaty so we can improve access for visually impaired Canadians?

Moore: Mr. Speaker, of course our government has taken the lead with our Copyright Modernization Act. In fact, just today we put in place the notice regime to further modernize our copyright regime in this country. With regard to those who are perceptually disabled, my colleague should know very well that when we put together the Copyright Modernization Act, we worked with the Canadian National Institute for the Blind and others. Of course, we are more than willing to look at ways to improve our copyright legislation to ensure that all Canadians recognize that their needs are met in Canadian law.

In other words, when asked specifically why Canada has yet to sign the treaty, Moore refused to provide a direct answer.

Canada's failure to sign the treaty is particularly surprising given the important role it reportedly played in facilitating a deal. Reports from Marrakesh indicated that Canada worked to find common ground and helped craft the final agreement. Moreover, from both policy and legal perspectives, supporting the treaty would appear to be a proverbial no-brainer.

The treaty expands access for the blind by facilitating the export of works to the more than 300 million blind and visually impaired people around the world, which is needed since only a tiny percentage of books are ever made into accessible formats. Further, it restricts digital locks from impeding access, by permitting the removal of technological restrictions on electronic books for the benefit of the blind and visually impaired.

The treaty would require few changes to Canadian law. The basic requirements of the treaty are an exception or limitation in national law that permits the creation of accessible format copies for the blind or visually impaired without permission of the copyright holder as well as a scheme to permit the cross-border exchange of qualifying copies.

Canada already has an exception in national law relating to persons with perceptual disabilities. The current exception is not identical to the treaty requirements and would need some modest tweaking to comply with the new international standard.

The biggest change would likely come from the need to establish an entity that would facilitate, promote, and disseminate accessible format copies of work and exchange information with other countries about accessible works. In other words, the treaty would require Canada to invest in improving access for the blind.

Given the narrow goals of promoting greater access for the visually impaired, signing the treaty should be relatively uncontroversial. Indeed, while both the U.S. and European Union expressed some concerns during the negotiation process, both are now signatories.

With a copyright review planned for 2017, Canada could sign the treaty now with the expectation of incorporating the necessary reforms as part of the next reform process. Alternatively, there are several bills currently before the House of Commons that involve intellectual property issues that could be amended to include the necessary changes.

Regardless of what legislative approach is adopted, the first step is for Canada to sign the treaty before the June 27th deadline. Failure to become part of the initial group of signatories would raise troubling questions about why the government was unwilling to take a strong stand in favour of the rights of the blind and visually impaired in Canada.

Harper Government announces last step implimenting C-11

Digital Copyright Canada BLOG - Tue, 2014/06/17 - 15:30

In a press release, the Harper Government Announces the Coming into Force of the Notice and Notice Regime, using the same language they used to promote the controversial bill.

While I agree that the copyright portions of that bill could be claimed to be "balanced", I will still state the anti-technology ownership "TPM" sections of the bill were unbalanced.

Given the variety of house and senate bills proposing information disclosures without court oversight being pushed by the Harper Government, the notice&notice regime in the Copyright Act will soon be moot. It is highly unlikely that an aggressive copyright holder will use N&N when they will be able to get subscriber information without a court order and communicate threats directly to ISP customers.

read more

My Tedxoxbridge talk: How to break the Internet

I gave a talk last month in Cambridge at the Tedxoxbridge event called How to break the Internet, about how urgent it is that the Internet is fundamentally broken, and why we should be hopeful that we can fix it.

Government Rejects Supreme Court Privacy Decision: Claims Ruling Has No Effect on Privacy Reform

Michael Geist Law RSS Feed - Tue, 2014/06/17 - 04:22
Having had the benefit of a few days to consider the implications of the Supreme Court of Canada decision in Spencer, the Senate last night proceeded to ignore the court and pass Bill S-4, the Digital Privacy Act, unchanged. The bill extends the ability to disclose subscriber information without a warrant from law enforcement to any private sector organizations by including a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. Given the Spencer decision, it seems unlikely that organizations will voluntarily disclose such information as they would face the prospect of complaints for violations of PIPEDA.

Despite a strong ruling from the Supreme Court of Canada that explicitly rejected the very foundation of the government's arguments for voluntary warrantless disclosure, the government's response is "the decision has no effect whatsoever on Bill S-4."

As I posted yesterday, the government had argued in committee that:

In the instance of PIPEDA, because of the type of information provided in a pre‑warrant phase such as basic subscriber information, it would be consistent with privacy expectations and therefore it's not really putting telecoms, for example, in some unique position in terms of police investigations.

The Supreme Court of Canada rejected this view, concluding that:

there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous.

That cannot be credibly described as "no effect whatsoever." Indeed, the government's recently appointed Privacy Commissioner also pointed to Spencer and urged the government to consider the implications on S-4. 

In another post yesterday on the future of C-13 and S-4, I lamented that the "government could adopt the 'bury our heads in the sand approach' by leaving the provisions unchanged, knowing that they will be unused or subject to challenge." I argued that a better approach would be to address the issue directly, providing certainty to businesses and Canadians.

Perhaps unsurprisingly given its recent track record on privacy, it has chosen the head in the sand approach. During debate at the Senate yesterday, Conservative Senators repeatedly argued that Bill S-4 actually strengthens privacy, despite the fact that it opens the door to warrantless voluntary disclosure to any organization (it also enshrines weak data breach rules that do not provide protection as strong as that found in some other jurisdictions). Moreover, they tried to distinguish Spencer by arguing that it involves a criminal investigation disclosure to police, while the S-4 expansion of warrantless disclosure involves disclosures to private organizations.

Yet the principle is obviously the same: there is a reasonable expectation of privacy in subscriber information that should not be disclosed without a warrant or court order. No organization should be disclosing that information and when they do, they are likely to face a complaint with the Privacy Commissioner of Canada for violating PIPEDA. By leaving S-4 unchanged, the government is encouraging voluntary disclosures even after the Supreme Court explicitly ruled against them.

While the bill must still pass through the House of Commons, the government's decision to rush the legislation through the Senate (it conducted only a few hours of hearings) and to seemingly ignore the Supreme Court's decision creates further uncertainty for Canadians and Canadian businesses. Everyone needs rules that comply with the letter and spirit of the Spencer decision, which Bill S-4 fails to do on both counts. 

Canadian Copyright Notice-and-Notice System to Take Effect in 2015

Michael Geist Law RSS Feed - Tue, 2014/06/17 - 03:44
The government today announced that there will be no additional regulations associated with the notice-and-notice rules that provide rights holders with the ability to have Internet providers forward notifications to subscribers alleging infringement. The government had delayed implementation of the rules amid a consultation on the issue. The notice-and-notice system does not require the ISP to disclose the subscriber's personal information to the rights holder nor to takedown the content. The system, which other countries are now considering due to its effectiveness, is set to take effect on January 1, 2015.

Global Deletion Orders? B.C. Court Orders Google To Remove Websites From its Worldwide Index

Michael Geist Law RSS Feed - Tue, 2014/06/17 - 02:11
In the aftermath of the European Court of Justice "right to be forgotten" decision, many asked whether a similar ruling could arise in Canada. While a privacy-related ruling has yet to hit Canada, last week the Supreme Court of British Columbia relied in part on the decision in issuing an unprecedented order requiring Google to remove websites from its global index. The ruling in Equustek Solutions Inc. v. Jack is unusual since its reach extends far beyond Canada. Rather than ordering the company to remove certain links from the search results available through Google.ca, the order intentionally targets the entire database, requiring the company to ensure that no one, anywhere in the world, can see the search results. Note that this differs from the European right to be forgotten ruling, which is limited to Europe.

The implications are enormous since if a Canadian court has the power to limit access to information for the globe, presumably other courts would as well. While the court does not grapple with this possibility, what happens if a Russian court orders Google to remove gay and lesbian sites from its database? Or if Iran orders it remove Israeli sites from the database? The possibilities are endless since local rules of freedom of expression often differ from country to country. Yet the B.C. court adopts the view that it can issue an order with global effect. Its reasoning is very weak, concluding that:

the injunction would compel Google to take steps in California or the state in which its search engine is controlled, and would not therefore direct that steps be taken around the world. That the effect of the injunction could reach beyond one state is a separate issue.

Unfortunately, it does not engage effectively with this "separate issue."

The case involves a company that claims that another company used its trade secrets to create a competing product along with "bait and switch" tactics to trick users into purchasing their product. The defendant company had been the target of several court orders demanding that it stop selling the copied product on their website. Google voluntarily removed search results for the site from Google.ca search results, but was unwilling to block the sites from its worldwide search results.

The case turned largely on jurisdictional questions: could a B.C. court assert jurisdiction over Google? Was a Canadian court the right court to hear the case when Google is based in California?  Is it appropriate to issue an order requiring the complete removal of results for all users worldwide?

The court answered affirmatively to all questions. On the issue of jurisdiction, the court cited the European Court of Justice decision, concluding that the companies search and advertising services were inextricably linked and that therefore Google has a Canadian connection. As for concerns that the decision would give every state jurisdiction over Google, the court was unmoved:

I will address here Google's submission that this analysis would give every state in the world jurisdiction over Google’s search services. That may be so. But if so, it flows as a natural consequence of Google doing business on a global scale, not from a flaw in the territorial competence analysis.

Further, on concerns that the B.C. court order would have global effect, the court was similarly unpersuaded:

I note that Google objects to British Columbia retaining jurisdiction because the order sought would require Google to take steps in relation to its websites worldwide. That objection is not resolved by "going to California". If the order involves worldwide relief, a California court will be no more appropriate a forum than British Columbia to make such an order. Even if the order can be construed more narrowly as requiring Google to take steps at the site where the computers controlling the search programs are located, Google has not established that those computers are located in California, or that they can only be reprogrammed there.

The issues raised by the decision date back to the very beginning of the globalization of the Internet and the World Wide Web as many worried about jurisdictional over-reach with courts applying local laws to a global audience. This decision provides the sense that the court felt that Google's global reach needed to be matched by the court's reach. While there is much to be said for asserting jurisdiction over Google - if it does business in the jurisdiction, the law should apply - attempts to extend blocking orders to a global audience has very troubling implications that could lead to a run on court orders that target the company's global search results.

Homeland shortlisted for the Sunburst Award

I'm honoured and delighted to learn that my novel Homeland has been shortlisted for Canada's Sunburst Award, a juried prize for excellence in speculative fiction. I've won the Sunburst twice before, and this is one of my proudest accomplishments; I'm indebted to the jury for their kindness this year. The other nominees are a very good slate indeed -- including Nalo Hopkinson's Sister Mine and Charles de Lint's The Cats of Tanglewood Forest.

Podcast: News from the future for Wired UK

Here's a reading (MP3) of a short story I wrote for the July, 2014 issue of Wired UK in the form of a news dispatch from the year 2024 -- specifically, a parliamentary sketch from a raucous Prime Minister's Question Time where a desperate issue of computer security rears its head:

Quick: what do all of these have in common: your gran's cochlear implant, the Whatsapp stack, the Zipcar by your flat, the Co-Op's 3D printing kiosk, a Boots dispensary, your Virgin thermostat, a set of Tata artificial legs, and cheap heads-up goggles that come free with a Mister Men game?

If you're stumped, you're not alone. But Prime Minister Lane Fox had no trouble drawing a line around them today during PMQs in a moment that blindsided the Lab-Con coalition leader Jon Cruddas, who'd asked about the Princess Sophia hacking affair. Seasoned Whitehall watchers might reasonably have expected the PM to be defensive, after a group of still-anonymous hackers captured video, audio and sensitive personal communications by hijacking the Princess's home network. The fingerpointing from GCHQ and MI6 has been good for headlines, and no one would have been surprised to hear the PM give the security services a bollocking, in Westminster's age-old tradition of blame-passing.

Nothing of the sort. Though the PM leaned heavily on her cane as she rose, she seemed to double in stature as she spoke, eyes glinting and her free hand thumping the Dispatch Box: "The Princess Sophia affair is the latest installment in a decades-old policy failure that weakened the security of computer users to the benefit of powerful corporations and our security services. This policy, the so-called 'anti-circumvention' rules, have no place in an information society.


The Supreme Court Eviscerates Voluntary Disclosure, Part 2: What Comes Next for C-13 and S-4?

Michael Geist Law RSS Feed - Mon, 2014/06/16 - 04:18
In the fall of 2007, Public Safety Canada quietly launched a lawful access consultation that envisioned mandatory disclosure of customer name and address information. After I posted the consultation online, the department claimed that the consultation was not secret and then-Public Safety Minister Stockwell Day suggested that the document actually contained old Liberal wording. Day promised not introduce legislation compelling disclosure without a court order, a commitment that Peter Van Loan, the next Public Safety Minister, rejected when the Conservatives introduced their first lawful access bill in 2009.

This third post on Spencer (case summary, comparison with government talking points) begins with some lawful access history because it is important for understanding what might come in the aftermath of the Supreme Court of Canada's evisceration of the government's arguments on voluntary disclosure of personal information in the Spencer decision. The starting point for the voluntary disclosure provisions in Bills C-13 and S-4 can be traced back to the 2007 consultation. Law enforcement complained about inconsistent access to customer name and address information and sought new provisions to make such disclosure mandatory (PIPEDA permitted voluntary disclosure but did not require it).

Public Safety responded with a plan to create a mandatory disclosure provision, but hit a roadblock when Day promised no warrantless disclosure. Once Day was shuffled out of that position, the Van Loan and Vic Toews lawful access bills both brought it back, with Van Loan's bill specifying 13 identifiers that would be required to be disclosed and Toews' bill slimming the list down to six identifiers. Both bills did not proceed past first reading: the Van Loan bill died with an election call weeks after it was introduced and the Toews bill was infamously shelved after the public outrage over the bill and Toews characterization of either siding with the government or child pornographers.

After then-Justice Minister Rob Nicholson promised no Criminal Code reforms based on the Toews bill (another promise that did not last long), the government adopted a different approach. If mandatory warrantless disclosure was out (the Spencer decision makes it clear those provisions would have been struck down as unconstitutional), a more robust voluntary disclosure system might do the trick.  PIPEDA already contains voluntary disclosure provisions, which are used thousands of times every year.  The government envisioned expanding the current system by offering full criminal and civil immunity for voluntary disclosures in Bill C-13 and expanding the scope of voluntary disclosures to public officials (in C-13) and any private sector organization (in S-4). The Privacy Commissioner and other experts argued against the changes, but the government relied on claims that disclosure was permitted by law (now debunked by the Supreme Court) to support the policy.

All of which raises the question of what comes next. With the Spencer decision, the expanded voluntary warrantless disclosure strategy is effectively dead. Law enforcement will not seek voluntary disclosure (except in exigent circumstances) since it is likely to be treated as an illegal search and the resulting information will be inadmissable. In any event, telecom companies will no longer provide customer name and address information on a voluntary basis since that is likely to be treated as a violation of Canadian privacy law.  With no one seeking voluntary disclosure and no one providing it, the C-13 and S-4 provisions have been neutered by the Supreme Court. In fact, the immunity provision now seems inoperable since it is contingent on a lawful voluntary disclosure, which customer name and address information is not.

The government could adopt the "bury our heads in the sand approach" by leaving the provisions unchanged, knowing that they will be unused or subject to challenge. That would run counter to the spirit of the Supreme Court ruling and do nothing to assist law enforcement. The better approach would be to directly address the problems in the bills and the current legislation. The first involves voluntary warrantless disclosure of subscriber information. Those provisions in C-13 and S-4 should be dropped from the bill. Moreover, the existing PIPEDA provisions should also be eliminated. In their place, a new subscriber information warrant could be developed that ensures court oversight, an appropriate standard given the Supreme Court of Canada's finding of the privacy import of such information, and a system to allow law enforcement to apply for a subscriber information warrant expeditiously.

Second, the transmission data warrant (typically referred to as metadata) in C-13 should be amended as many recommended to the committee. Numerous witnesses (myself included) argued that the reason to suspect standard was too low given the privacy implications of metadata and that the reason to believe standard was more appropriate. Given the Spencer decision, the transmission data warrant is a court challenge waiting to happen and adopting the higher standard would provide far more legal certainty.

The Supreme Court Eviscerates Voluntary Disclosure, Part 1: Comparing Spencer With the Govt's Claims

Michael Geist Law RSS Feed - Mon, 2014/06/16 - 04:06
For weeks, the government has been claiming that the provisions in Bill C-13 and S-4 were compatible with the law. Last week, the Supreme Court of Canada disagreed, issuing its decision in Spencer on the legality of voluntary warrantless disclosure of subscriber information. The court ruled that there was a reasonable expectation of privacy with subscriber information and that voluntary disclosure to police may constitute an illegal search.

The court's comments are particularly striking when contrasted with claims from government ministers, MPs, and officials, who have defended C-13 and S-4 at committee.  Consider what the court said about subscriber information:

in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.

In contrast, Bob Dechert, the Parliamentary Secretary to the Minister of Justice, argued at committee that subscriber information was similar to a licence plate on a car:

Sure, it's kind of like akin to, as I think Officer Pardy said, if you see a car driving down the street and you suspect that the driver is impaired, you copy down the licence number and provide that to police. I assume the police can also ask you for it. If I see, today, somebody harassing one of my neighbours on their front porch, and there's a car in the driveway, I assume I can note down that licence number and provide it to police, and by the same token the police can come to my door and say, “Did you see somebody harassing your neighbour; do you have any information that would lead us to that person's identity?” That's true? Okay.

When Industry Minister James Moore appeared before the Senate Transport Committee to defend the expansion of voluntary disclosure of personal information, his Assistant Deputy Minister Lawrence Hanson told the committee:

So the existing provisions of PIPEDA do allow voluntary disclosure to law enforcement without a warrant, but there are a couple of really important things to note.  First of all, it is voluntary; they are not compelled to do that.  Secondly, the types of information that law enforcement could request would have to identify their lawful authority to request it, and they would be receiving what we would call basic subscriber information. This basically ties into the charter, the reasonable expectation of privacy.  In the sense of basic subscriber data, that could be obtained without a warrant.  I would distinguish that from something more intrusive like transmission data or about an electronic intercept, for example, which would require a warrant.

Hansen later added:

In the instance of PIPEDA, because of the type of information provided in a pre‑warrant phase such as basic subscriber information, it would be consistent with privacy expectations and therefore it's not really putting telecoms, for example, in some unique position in terms of police investigations.

The court was also dismissive of arguments that consumers had consented to the disclosure of their information in their ISP user agreements:

Whether or not disclosure of personal information by Shaw is “permitted” or “required by law” in turn depends on an analysis of the applicable statutory framework. The contractual provisions, read as a whole, are confusing and equivocal in terms of their impact on a user’s reasonable expectation of privacy in relation to police initiated requests for subscriber information.


Given that the purpose of PIPEDA is to establish rules governing, among other things, disclosure “of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information” (s. 3), it would be reasonable for an Internet user to expect that a simple request by police would not trigger an obligation to disclose personal information or defeat PIPEDA’s general prohibition on the disclosure of personal information without consent.

But that isn't what Moore emphasized to the Senate committee, when he argued that consumers may have agreed to the voluntary disclosures in their user agreements:

Well, if you agree to a contract, for example, with a telecommunications company, and as part of that contract you can surrender some of your capacity to have your information shared under certain circumstances, that can exist in a number of contractual situations, but that's an individual signing a contract and agreeing to that openness in the case of a criminal investigation.

Justice Minister Peter MacKay said much the same thing when asked about immunity for voluntary disclosure at the Justice Committee hearing on C-13:

That really is an issue that is covered under the PIPEDA. It is really as well an issue of potentially contract law between the individual and the service provider, the company. But the provision provides protection for those who are voluntarily assisting police in an investigation where such assistance is not otherwise prohibited by law. So, the element of protection, if you will, or immunity has to respect the common law provision of voluntary disclosure as well as any existing contractual obligations that may exist. It must be done in a way that complies with section 25 and this other section that you're referring to 47.

In other words, the government's key defences for C-13 and S-4, namely that there is no reasonable expectation of privacy and that users consent to the disclosure in their agreements, were both soundy rejected by the Supreme Court of Canada.

Interviewing Leila Johnstone about Hack Circus

My latest Guardian column is an interview with Leila Johnston about her Hack Circus project, which includes a conference, a podcast and a print magazine, all with a nearly indefinable ethic of independence and art for its own sake.

The opposite of useful is not always useless, as such. The opposite of reportage is not always silliness, and the opposite of consumer messaging is not always fooling around. Playboy is one of the most successful media enterprises of all time, so presumably people don't want entertainment for functional reasons. Perhaps fooling around can be a very effective business model.

The events are fun, but they are reality-distorting rather than "comedy". They are funny because the clever, strange people who like Hack Circus are naturally funny and have done such wonderfully surprising things, not because they've written a routine. I don't want to do a science comedy night for sceptics and atheists – there's plenty of that around. I'm far more interested in, and identify far more strongly with, the credulous than the sceptical, and I'm consciously working against the resistance to imagination that scepticism presents.

Leila Johnston: 'Digital culture has created a new outsider'

Coming to Salt Lake City and Portland, OR

I'm about to hit the road again, starting in Salt Lake City, where I'll be a Guest of Honor at Westercon (Jul 3-6), and will follow it up with an appearance at the SLC library (Jul 7); then I'm doing a three-day library tour around PDX, with stops in Beaverton (Jul 8), Tigard (Jul 9) and Hillsboro (July 10) (here's a complete list of my scheduled upcoming public events).

second circuit stays on message

Fair Duty by Meera Nair - Sun, 2014/06/15 - 16:54

Last week, the United States Court of Appeals for the Second Circuit added to an already-healthy body of American affirmative decisions concerning fair use. In this instance, Authors Guild, Inc. v. HathiTrust, the scanning of entire books to allow for a full-text search of the content was given resounding support. In the process, the judges further explored the nuance of the commercial and transformative considerations inherent to discussion of fairness. Moreover, as Pamela Samuelson observes and Kevin Smith draws explicit attention to, the decision shows a coalescing of opinion with respect to transformative use among multiple circuits. The end result is strong guidance in the United States, and a discussion which benefits any jurisdiction that must mediate between control and use of copyrighted works, via the language of fairness.

Like the Google Books project (see here for my coverage of that district court decision), the roots of this case were established in 2004 with a scanning project in partnership with Google. Briefly, several American research universities arranged to have their library book holdings scanned and stored in electronic form. HathiTrust was established to operate the HathTrust Digital Library (HDL); currently, over 80 colleges, universities and non-profit organizations can apply full text search capability to over 10 million works spanning a myriad of languages and subject matter. But, unlike Google Books, snippets of content are not made available; instead, members can only obtain bibliographic and referential information. Exception is made only for the print-disabled; under such circumstances, content is provided.

It is more than curious that authors and their representatives should take issue with this venture; any project that enables people to find information about books, become interested in them, and possibly acquire them, would seem to be of benefit to authors. Apparently not so. The Authors Guild and its allies brought litigation forward. Losing on the grounds of fair use at the district court in 2012, the Guild pressed on with an appeal. And now that too has been declared a loss. James Grimmelmann, (Professor of Law, University of Maryland) succinctly evaluates the decision:

… mass digitization to make a search engine is fair use, and so is giving digital copies to the print-disabled. The opinion on appeal is sober, conservative, and to the point; it is the work of a court that does not think this is a hard case.

But the fun is in the details. As readers likely know, four factors come into consideration with fair use.

(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes

Consistent with other fair use decisions of the past few years, transformative use is a key determinant. As such, the meaning of transformative was the necessary starting point. The judges turned to the American standard bearer of fair use case law, Campbell v. Acuff-Rose (1994) which draws from the writings of Pierre Leval (attorney and subsequent judge):

A use is transformative if it does something more than repackage or republish the original copyrighted work. The inquiry is whether the work “adds something new, with a further purpose or different character, altering the first with new expression, meaning or message . … [T]he more transformative the new work, the less will be the significance of other factors that may weigh against a finding of fair use” (p.16-17).

Set upon this language, the analysis gets off to a brisk start:

The creation of a full‐text searchable database is a quintessentially transformative use. …  the result of a word search is different in purpose, character, expression, meaning, and message from the page (and the book) from which it is drawn (p.18).

The decision includes a plethora of examples of transformative uses, taken not only from the corpus of the Second Circuit but also from the Ninth and Fourth Circuits (p.19).

(2) The nature of the copyrighted work

This factor can be troublesome by virtue of the vagueness of the language. Whether the source of copying was unpublished or published, whether the work was creative or utilitarian, have been fodder for discussion. But as fair use has evolved, this factor is likely to be set aside when transformative use is established (p.20).

(3) The amount and substantiality of the portion used in relation to the copyrighted work as a whole

The Judges remind their readers that the position of the Second Circuit is: “[t]here are no absolute rules as to how much of a copyrighted work may be copied and still be considered a fair use (p.20).” As sufficient precedent exists which sanction the copying of entire works; they do not have to dwell too much upon this issue:

In order to enable the full‐text search function, the Libraries, as we have seen, created digital copies of all the books in their collections. Because it was reasonably necessary for the HDL to make use of the entirety of the works in order to enable the full‐text search function, we do not believe the copying was excessive (p.20-21).

Adjudication of fairness sets bounds to words like necessary and reasonable by virtue of the use the source work was put to. It is increasingly unlikely that any future court will be swayed by mere quantification of the amount used.

However, as the Guild took issue with the copies made to achieve technological efficiency and disaster preparedness, the Judges were required to devote some time to what ought to be routinely accepted by now – that copying happens when infrastructure is predicated upon digital technology:

 HDL’s services are offered to patrons through two servers, one at the University of Michigan (the primary server) and an identical one at the University of Indiana (the “mirror” server) … According to the HDL executive director, the “existence of a[n] [identical] mirror site allows for balancing the load of user web traffic to avoid overburdening a single site, and each site acts as a back‐up … in the event that one site were to cease operation (for example, due to failure caused by a disaster, or even as a result of routine maintenance).” (p.21)

The use of two encrypted tape backups was also deemed an appropriate precaution, should disaster bring about large-scale data loss at both servers.

(4) The effect of the use upon the potential market for or value of the copyrighted work

Here, the judges’ language bodes particularly well for fair users, but not so well for the larger avarice of some copyright holders:

…  it is important to recall that the Factor Four analysis is concerned with only one type of economic injury to a copyright holder: the harm that results because the secondary use serves as a substitute for the original work…. In other words, under Factor Four, any economic “harm” caused by transformative uses does not count because such uses, by definition, do not serve as substitutes for the original work (emphasis mine, p.22).

Thus, despite the Guild’s claim that the use of each book represents a lost license-to-search-the-book, the judges determined that no economic harm has been inflicted as full-text search capability is not a substitute for the original works.

Grimmelmann observes the lack of reference to American Geophysical (1996) but its ghost is there. That case contributed greatly to fair use’s dysfunctional period in the United States, when any use was deemed unfair because it could have been licensed. (Canada has avoided such circular reasoning; our Supreme Court nipped that in the bud with its insistence during CCH Canadian (2004) that the presence of a license was irrelevant to a decision of fair dealing.)

The route by which the Court rebuts the lost-license argument is puzzling. In the initial explanation of the four factors (p.16-17), the fourth factor is deemed the “most important” (citing Harper & Row v. Nation (1985)—the famous scooping from Gerald Ford’s as-of-then-unpublished memoir). But in its analysis, the Court quickly invokes Campbell’s reminder that only secondary uses that poach the market for the original are subject to censure. Given, as Smith notes, that Campbell is the leading Supreme Court decision, the Second Circuit took an odd route to get there.

But it is hard to believe that the trio of judges were casual or careless in the composition of their decision. In judicial opinion, words are chosen with the utmost of care. Which invites the question: why this route?

Campbell also ushered in a change in procedure; when examining potential fair use, judges must avoid imposing a hierarchy among the four factors. To return to a hierarchy of factors would seem either dangerous, or at least ill-advised. Or, this might be a calculated effort on the part of the Second Circuit to irrevocably consign any apparition of American Geophysical to the dustbins of history.

The Second Circuit has worked diligently towards rehabilitating fair use, to make it a robust exception. Notably, in two key decisions in 2006 (Bill Graham Archives v. Dorling-Kindersley and Blanch v. Koons), less attention was paid to market consideration, with a conspicuous disinterest in adding to licensing revenue even when mechanisms of licensing existed. Yet, that message does not appear to have been widely received. Perhaps the Second Circuit has decided to make their message more explicit by deliberately invoking the earlier edict that the market reigns supreme, but under the strict boundary of the original market.

Given that Second Circuit’s jurisdiction includes the nerve-centre of American publishing, this could have significant ramifications. At the very least, it ought to give the Authors Guild something to reflect upon before the Guild moves ahead on the Google Books Appeal. [see update below]

With a nod to the late Lyman Ray Patterson, the events that gave rise to copyright and fair use were the competitive (or anti-competitive) actions of professional publishers. Copyright’s reach only extended to the regulation of sales of substantially similar works. Effectively, the Authors Guild gave the Second Circuit a reason to offer up language that ensures future market consideration must expressly reject rent-seeking behavior and only support copyright holders when a new work trespasses into the same market as that of the original work.

The four factor analysis concerning the provision of works for the print-disabled was also handled well and the provision deemed fair use. It would be nicer though, if everyone could simply say it is the right thing to do, and leave it at that. With the anniversary of the Marrakesh Treaty approaching, there is more to come on the subject of making copyrighted works accessible to print-disabled communities everywhere.

Update July 11 The Authors Guild appears intent on pursuing the appeal against Google Books. Readers may recall that this scanning project was deemed fair use at its district court hearing. The Authors Alliance has a nice post describing their support for Google Books (with a link to their amicus brief).

2nd Circuit OK's scanning whole books for research as fair use in Authors Guild v HathiTrust

Recording Industry vs The People - Fri, 2014/06/13 - 17:38

In Authors Guild v. HathiTrust, the US Court of Appeals has ruled that scanning whole books for research purposes is fair use.

In HathiTrust, a group of universities took digital scans prepared by Google and stored them in a "digital library".

The library permitted 3 uses of the material:
(1) The public was allowed to search by keyword. The search results showed only the page numbers for the search term and the number of times it appeared; none of the text was visible.
(2) People with disabilities which prevented them from holding books and/or turning pages could be provided access to the full texts.
(3) Members could create a replacement copy of a lost, stolen, or destroyed book if a replacement was not obtainable in the market at a "fair" price.

The Court held the search function to be a fair use, finding that
-the creation of a searchable, full text database is a "quintessentially transformative use";
-it was "reasonably necessary" to make use of the entire works, and to maintain 4 copies of the database;
-the library did not impair the market for the works.

The Court likewise found it to be a fair use to make copies available to the disabled who are unable to access print books.

The Court declined to rule on the replacement book issue, on the ground that the plaintiffs lacked standing to raise that question.

June 10, 2014, Decision, US Court of Appeals, 2nd Circuit Ray Beckerman, P.C.

Audio from today’s keynote on digital publishing

This morning, I gave the keynote speech the 2014 conference of The Literary Consultancy in London, about the future of publishing. They got the audio up with lightning speed (I'm in the auditorium, listening to the follow-on panel).

MP3 Link

Supreme Court Delivers Huge Victory for Internet Privacy & Blows Away Gov't Plans for Reform

Michael Geist Law RSS Feed - Fri, 2014/06/13 - 04:52
For the past several months, many Canadians have been debating privacy reform, with the government moving forward on two bills: lawful access (C-13) and PIPEDA reform (S-4). One of the most troubling aspects of those bills has been the government's effort to expand the scope of warrantless, voluntary disclosure of personal information.

Bill C-13 proposes to expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant. Meanwhile, Bill S-4, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. I appeared before both committees in recent weeks (C-13, S-4), but Conservative MPs and Senators were dismissive of the concerns associated with voluntary disclosures.

This morning another voice entered the discussion and completely changed the debate. The Supreme Court of Canada issued its long-awaited R. v. Spencer decision, which examined the legality of voluntary warrantless disclosure of basic subscriber information to law enforcement. In a unanimous decision written by (Harper appointee) Justice Thomas Cromwell, the court issued a strong endorsement of Internet privacy, emphasizing the privacy importance of subscriber information, the right to anonymity, and the need for police to obtain a warrant for subscriber information except in exigent circumstances or under a reasonable law.

I discuss the implications below, but first some of the key findings. First, the Court recognizes that there is a privacy interest in subscriber information. While the government has consistently sought to downplay that interest, the court finds that the information is much more than a simple name and address, particular in the context of the Internet. As the court states:

the Internet has exponentially increased both the quality and quantity of information that is stored about Internet users. Browsing logs, for example, may provide detailed information about users’ interests. Search engines may gather records of users’ search terms. Advertisers may track their users across networks of websites, gathering an overview of their interests and concerns. “Cookies” may be used to track consumer habits and may provide information about the options selected within a website, which web pages were visited before and after the visit to the host website and any other personal information provided. The user cannot fully control or even necessarily be aware of who may observe a pattern of online activity, but by remaining anonymous - by guarding the link between the information and the identity of the person to whom it relates - the user can in large measure be assured that the activity remains private.

Given all of this information, the privacy interest is about much more than just name and address.

Second, the court expands our understanding of informational privacy, concluding that there three conceptually distinct issues: privacy as secrecy, privacy as control, and privacy as anonymity.  It is anonymity that is particularly notable as the court recognizes its importance within the context of Internet usage.  Given the importance of the information and the ability to link anonymous Internet activities with an identifiable person, a high level of informational privacy is at stake.

Third, not only is there a significant privacy interest, but there is also a reasonable expectation of privacy by the user.  The court examines both PIPEDA and the Shaw terms of use (the ISP in this case) and concludes that PIPEDA must surely be understood within the context of protecting privacy (not opening the door to greater disclosures) and that the ISP agreement was confusing at best and may support the expectation of privacy.  With those findings in mind:

in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.

Fourth, having concluded that obtaining subscriber information was a search with a reasonable expectation of privacy, the information was unconstitutionally obtained therefore led to an unlawful search. Addressing the impact of the PIPEDA voluntary disclosure clause, the court notes:

Since in the circumstances of this case the police do not have the power to conduct a search for subscriber information in the absence of exigent circumstances or a reasonable law, I do not see how they could gain a new search power through the combination of a declaratory provision and a provision enacted to promote the protection of personal information.

There are several important implications that flow from this decision. First, with a finding that police need a warrant for subscriber information (except in exigent circumstances), the practice of obtaining information on a voluntary basis should come to an end.

Second, the government's plans for expanded voluntary, warrantless disclosure under Bill C-13 must surely be reformed as it is unconstitutional. Just yesterday, Conservative MP Bob Dechert relied on R. v. Ward to support the C-13 approach with respect to immunity for voluntary disclosure. The court has effectively rejected the Ward decision and Dechert's defence of the provision no longer stands.

Third, the government should remove the expansion of voluntary disclosure in S-4. With the Supreme Court emphasizing the privacy importance of subscriber information, the government should not be seeking to expand warrantless disclosures. In fact, immediate reports indicate that the Senate has delayed debate on the bill to consider the ruling. 

Fourth, Internet providers need radical reform of their current approach to disclosure of subscriber information. The Supreme Court examined Shaw's terms of service policy and found it provided "a confusing and unclear picture of what Shaw would do when faced with a police request for subscriber information."  The same can be said for virtually every ISP in Canada. While ISPs have been regularly disclosing this information hundreds of thousands of times, the Court ruled:

Given that the purpose of PIPEDA is to establish rules governing, among other things, disclosure “of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information” (s. 3), it would be reasonable for an Internet user to expect that a simple request by police would not trigger an obligation to disclose personal information or defeat PIPEDA’s general prohibition on the disclosure of personal information without consent.

The court notes that ISPs are not required to disclose this information and this case reaches the conclusion that they are not permitted to do so absent a warrant either.  This means ISPs must change their practices on voluntary warrantless disclosure. Much more to come on a decision that seems likely to define Internet privacy for many years to come.


My ZOMGTERRISTSGONNAKILLUSALLRUNHIDE TSA tee-shirt (of Poop Strong fame) is available in tote-bag form, a fact I had somehow missed!

Are you a Canadian business running an #onlinecontest?

IPBlog (Calgary) - Wed, 2014/06/11 - 08:00
Social media is not just a marketing novelty - it has become the essential tool for running a promotional contest. Have a look at any big brand contest and you're hard pressed to find one without a social media component. Many Canadian businesses also seek to extend their reach into the ...

Blown Chances, Bogus Claims & Blatant Hypocrisy: Why Yesterday Was a Disastrous Day for Cdn ...

Michael Geist Law RSS Feed - Wed, 2014/06/11 - 00:35
Bills C-13 and S-4, the two major privacy bills currently working their way through the legislative process, both reached clause-by-clause review yesterday, typically the best chance for amendment. With Daniel Therrien, the new privacy commissioner, appearing before the C-13 committee and the sense that the government was prepared to compromise on the controversial warrantless disclosure provisions in S-4, there was the potential for real change. Instead, the day was perhaps the most disastrous in recent memory for Canadian privacy, with blown chances for reform, embarrassingly bogus claims from the government in defending its bills, and blatant hypocrisy from government MPs who sought to discredit the same privacy commissioner they were praising only a few days ago.

The blown chance for reform arose at the Senate committee conducting its review of Bill S-4.  The review of the bill was very short - I appeared before the committee last week, but very little time was devoted to a bill that was years in the making. Liberal Senator George Furey proposed an amendment to remove the most controversial provision in the bill that would massively expand the scope of voluntary, warrantless disclosures by allowing companies to reveal customer information to other companies. There appeared to be sufficient support for the amendment since one Conservative Senator supported it. However, when the chair of the committee, Liberal Senator Dennis Dawson, abstained, the committee was left deadlocked at 4 in support and 4 against. Dawson tried to change his vote, but it was ruled out of order. The government was likely ready to lose on the issue, but the amendment was defeated and with it, the best chance to remove the provision.

In fact, Industry Minister James Moore appears to have assumed that the amendment was adopted at committee. Later in the afternoon during Question Period, Moore responded to a question about the expansion of warrantless disclosure in Bill S-4 by stating "we dealt with this issue at the Senate. We adopted an amendment at the Senate committee and it will come to the House of Commons where we will move forward." In other words, the amendment was a done deal and the committee blew it.

The bogus claims were strewn over both committees. Conservative Senator Don Plett argued that the Furey amendment would impede self-regulating professional associations such as lawyers and doctors from investigating its own members. The reality is that the law currently permits these investigations with regulations that cover dozens of such associations. Bill S-4 seeks to expand the disclosures to anyone, but Furey's amendment was clearly aimed at stopping the expansion of voluntary warrantless disclosures, not rolling back those current powers.

Meanwhile, at the C-13 committee, government MPs were using the most incredible justifications for problematic provisions in the bill. Responding to concerns about a provision that expands voluntary warrantless disclosure to a wider range of public officials, Conservative MP Bob Dechert argued that the expanded approach was needed to allow fisheries officers to request data from telecom companies and to give military police the power to investigate soldiers overseas if they send cyberbullying images. 

Most troubling was the sheer hypocrisy taking place at both committees. Last week, Treasury Board President Tony Clement described Therrien as "an exceptional candidate" in the House of Commons, while Prime Minister Harper called him an "expert." That exceptional candidate and expert told the committee that Bill C-13 should be split, that a higher threshold should be used for metadata warrants, and that immunity for voluntary disclosures of personal information was likely to lead to a rise in such disclosures. With those criticisms in hand, Conservative MP Kyle Seeback was no longer impressed with Therrien's expertise, bizarrely asking if he had ever been a police officer or a crown attorney. Those comments came as part of a series of aggressive questions that surprised many observers.

Yet while Conservative MPs were dismissing any criticism of the bill and indicating that they would side with police testimony, consider that the police testimony involved representatives who were not even fully aware of the substance of the bill.  For example, when the Ontario Provincial Police appeared before the committee last month, their representative stated:

Under the proposed legislation, ISPs will be compelled to provide this information in a timely fashion and on a consistent basis. Access to this information will be strictly controlled and limited to law enforcement officials who would be fully trained in these procedures and subject to auditing and/or reporting processes. The outcome will be that the police can quickly and consistently gain access to information that makes a difference to our effectiveness in investigating and preventing criminal activity and victimization.

The problem with the testimony is that the refers to an old bill, not Bill C-13. This bill does not have mandatory disclosure provisions and the voluntary provisions expand the scope of who many have access to personal information. So Conservative MPs side with police testimony that did not accurately describe the substance of the bill.

Moreover, at the Senate committee, the only amendment to Bill S-4 that was approved was proposed by Conservative Senator Plett, who weakened police powers as part of the data breach disclosure rules. Plett and the Conservative senators removed a provision that would have allowed police to request delayed notification to the public if the notice might impede a criminal investigation. That seems like a sensible provision where police are pursuing a criminal hacking or data theft operation, yet it was the Conservatives that removed the provision.

That provided a fitting conclusion to a disastrous day for Canadian privacy in which a Senate committee blew the best chance for privacy reform and the government made it clear it thinks the privacy commissioner is expert except when he disagrees with them, that police concerns trump public and privacy concerns except when they don't, and the military has a cyberbullying problem that necessitate warrantless access to personal information.

Syndicate content