Wednesday, 30 July 2014

Private copying - a new copyright exception in the UK

Hooray! We (in the UK) now have a "private copy" exception to copyright. About time too. Until recently, many forms of private copying were infringements of copyright. In particular format shifting such as copying music from your old CD's and DVD's onto your phone or making a "mix tape" for your own use were infringements of copyright and, if you believe some of the rhetoric of the music industry, morally equivalent to theft.

By contrast, almost everyone seemed both to engage in private copying and to think it was OK. Indeed a recent survey I conducted suggests that the vast majority of people think that format shifting is OK (a 95% credible interval of 89 - 93% of the population). So it is very surprising that the law continued to turn its face against something subject to such overwhelming approval.

Analysis

The new law comes in the form of the Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014, which is as yet only available in draft. It will come into force on 1st October and add a new section 28B to the Copyright, Designs and Patents Act 1988.

The effect of the new law is that making a copy of a work is not an infringement, subject to 3 conditions:

  • the source of the copy (i.e. what you are copying from) is either your "own copy" or a "personal copy"
  • it is made for your private use
  • it is made for ends which are "neither directly nor indirectly commercial"

Own copy

Your "own copy" of a work is one which:

  • you have lawfully acquired
  • on a "permanent basis"
  • is not an infringing copy
  • has not been made under any exception to copyright

This means that you cannot use the private copy exception to "launder" an infringement, eg by copying a work from a friend (still an infringement) and then making a copy of that copy. Similarly, a copy made for private study or research (an exception to copyright under section 29 of the 1988 Act) or a temporary copy, such as one in the browser's cache (see section 28A) is not your "own copy" and so cannot be safely duplicated under the private copy exception.

Your "own copy" is not necessarily a copy that you "own" in the intellectual property law sense. As I read it "lawfully acquired" includes a download which is only made available under licence. In the long run almost all digital content will be downloaded in some fashion rather than bought on a physical medium so a restriction to "owned" copies would be hopelessly restrictive.

The tricky part of the definition is likely to be what is meant by "lawfully acquired on a permanent basis"?

The new section 28B(4) "helpfully" give a short list of examples of copies that are or are not "lawfully acquired on a permanent basis". I am not sure they help all that much. Unsurprisingly copies which have been borrowed, rented, broadcast or streamed are not "acquired on a permanent basis". The same applies to a "download enabling no more than temporary access to a copy", whereas any other download that arises from a purchase or gift would be lawfully acquired on a permanent basis.

Could a copyright owner get around this exception by selling works for very long periods (decades perhaps) with a provision that the work reverts to the owner at the end? I doubt it. My hope is that the courts apply a normal English understanding to the words "temporary" and "permanent". For example, if I say I have a temporary job, you would be a bit surprised to learn that I have a fixed term of 30 years. You are more likely to describe my post as permanent.

Personal copies

A further example of something that is not your "own copy" is a copy made under the private copy exception. These are known as "personal copies". For example a lawful backup copy of an mp3 music file is not your "own copy", but it is a "personal copy". This means, as you would expect, that you can copy your backup copies.

Private use and file lockers

Just in case there was any doubt, the new s28B will make it clear that making back up copies and format shifting are certainly private use. Interestingly s28B(5)(c) makes it clear that storing a copy online so that you can access it later is also "private use" even though the file will be accessible to the file host as well.

This means that you will be able to store your own and personal copies of files on Dropbox (privately at least) and on similar servers.

Transfers

Section 28B will apply fairly common-sense provisions to transfers. If you transfer a personal copy (i.e. one of the copies you have made under this exception) to someone else, you will be infringing copyright unless the copyright owner has given you permission to do so. Personal copies are not meant to change hands. Even if the transfer is otherwise lawful, you would infringe copyright if you retained any of your other personal copies.

For example: if you buy a DVD, make a back up, and then sell the DVD second-hand (something you are entitled to do under section 18(3) of the 1988 Act), you must delete that back up copy. If you keep the back up copy it becomes and infringing copy and stops being a "personal copy".

Is lending OK?

But wait there is something a little odd here. Section 28B(6) says "Copyright in a work is infringed if an individual transfers a personal copy of the work to another person (otherwise than on a private and temporary basis)...". That appears to suggest that it is OK to transfer a personal copy of the work to another person if it is done on a private and temporary basis.

Could my "private use" include lending copies - on a temporary basis only - to friends? There is certainly material in s28B for such an argument. Whether it would run in court is another matter.

Restrictions by the copyright owner

One point that (bafflingly) appears to have upset a number of politicians is the new 28B(10) which blocks copyright owners from preventing private copying by contract. Clearly without such a clause it would be routine to add a provision that private copying was in breach of contract and we might as well not have bothered.

Copyright owners could also use a form of digital rights management to prevent private copying. Circumventing that protection may, at least for something that is not a computer program, itself be an infringement contrary to s296ZA.

It is already the law that, where digital rights management (what is referred to in the legislation as "effective technological measures) prevents one of a list of "permitted acts" (found in schedule 5A of the 1988 Act) then anyone prevented from doing the permitted act may complain to the Secretary of State, who may then do something about it.

This has always seemed to me a rather weak remedy since the Secretary of State is not obliged to do anything about it. When I last asked, no valid complaints appear ever to have been made.

Rather than make private copying another "permitted act" and thus apply the existing mechanism to it, the regulations will create a new s296ZEA. The main difference from 296ZE appears to be that it applies not only when the making of personal copies is prevented, but also when there is a technological restriction that restricts the number of personal copies which may be made. Whether anyone complains to the Secretary of State remains to be seen, please let me know if you do.

Legacy copies

If you made a copy in the past that would have been a "personal copy" if the new law had been in force back then - for example it would have to have been made from your "own copy" and been for individual private use - then that copy is now a personal copy.

Those old mix tapes that people made will become (on 1st October) "personal copies" and so may be lawfully backed up etc provided of course the mix tape was made from their owners "own copy" etc. Oddly the making of the copy (in the past) is still an infringement and so a copyright owner could, in principle, sue you for making private copies in the past, but nothing can be done about your use or possession of them now.

What about compensation?

One objection to these regulations raised by some rights owners is that there should be provision for them to receive some form of compensation for the private copying.

The power used to make the regulations derives from article 5(2)(b) of the Information Society Directive (2001/29/EC) which allows member states of the EU to provide for exceptions to the "reproduction right" (i.e. the right to copy):

in respect of reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, on condition that the rightholders receive fair compensation which takes account of the application or non-application of technological measures referred to in Article 6 to the work or subject-matter concerned

This would appear to mean that some form of "fair compensation" is required. In many EU countries this takes the form of a levy, for example on CD's, that is then distributed via collecting societies.

But recital 35 of the directive says that in assessing the level of fair compensation "account should be taken of the circumstances of each case" and "In cases where rightholders have already received payment in some other form, for instance as part of a licence fee, no specific or separate payment may be due.". The argument made by the UK government is that because private copying is restricted to a lawfully acquired work, the rights owner will have already priced in any private copying when charging for that access and so there is no need for any further payment. The level of "fair compensation" is nil.

Whether this argument is likely to be challenged by any part of the copyright industry I do not know. Given that private copying, of the kind that will be permitted by section 28B, is almost universal, it is hard to believe that these regulations will impose any further, quantifiable, loss on rights owners. It seems tome that the very limited private copy exception should not entitle rights owners to any further compensation. We shall see.

Wednesday, 12 February 2014

Copynorm survey - answering some questions

Thank you for everyone who has responded to the survey so far. I have just short of 500 responses, it would be really great to double that before the survey closes, so please share with your friends.

The survey has generated a lot of comments and I think I owe it to those who have bothered to comment to collect together some of their questions and address them here. Unfortunately I can't discuss the thinking behind the questions - otherwise I might bias the answer - and so I won't talk about specific questions.

The unexplored

There are a lot of interesting areas that I have left unexplored. That is deliberate. In order to keep the survey reasonably short and within various technical constraints I had to pare down the range of things I explored considerably.

Penniless artists

For example: does the status of the creator of the work make a difference? Some people do seem to think that a very wealthy rock star has less right to complain about copying of their work than a penniless artist: others disagree. It would be very interesting to know what difference that made and I considered asking questions to explore that distinction. Unfortunately those questions had to be cut.

A similar example is given by a commenter known as Julian:
... if the artist gets paid 0.02p out of a £15.99 product, or is dead, then it's a little difficult to argue that copying the CD counts as stealing from them.

Intention

It is often asserted that people who illegally download music (in particular) are more likely to buy music than people who do not. I have no idea whether that is true, but there is clearly a view that it is OK to circumvent a publisher and download something without paying if you are "testing" the work out. Provided you actually buy a copy if you keep it, then you have done nothing wrong.

An anonymous commenter said:
in the situation where [someone] wants to listen to an album but doesn't want to pay for it, while I marked that I thought it was OK, there needs to be a little nuance there. If he wants an album so he can hear it and decide whether or not he likes it and is willing to spend money, that's totally fine. If he wants it specifically so he doesn't ever have to pay for it, that's a problem.
This was another of the questions I wanted to ask but fell on the cutting room floor.

The law

One of the main aims of this survey is to find out what people think is acceptable not what people think is legal. But that causes a problem for some people who believe there is inherent value in obeying the law whatever their own morality might be.

"James" says:
whilst I believe that the law relating to copyright, patents, trademarks and other forms of so-called "intellectual property" ought to be drastically liberalised, I believe that people ought to obey the law even though they disagree with it this distinction is not recorded by the survey
James's position is to give what philosophers call "deontological value" to the law. His concern is that the survey doesn't capture that distinction.

In fact I am in roughly the same position as James. As a child I was enormously influenced by the character of Sir Thomas More as brilliantly portrayed by Paul Scofield in Fred Zinnemann's A Man for All Seasons and in particular by the following quote:

William Roper: So, now you give the Devil the benefit of law!
Sir Thomas More: Yes! What would you do? Cut a great road through the law to get after the Devil?
William Roper: Yes, I'd cut down every law in England to do that!
Sir Thomas More: Oh? And when the last law was down, and the Devil turned 'round on you, where would you hide, Roper, the laws all being flat? This country is planted thick with laws, from coast to coast, Man's laws, not God's! And if you cut them down, and you're just the man to do it, do you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of law, for my own safety's sake!
(courtesy IMDB
The answer to James is that I am aware that the law affects people's views on right and wrong and I will try to take that into account. If I have sufficient responses from different jurisdictions world-wide (I am hopeful) then I may be able to analyse whether the jurisdiction in which someone lives affects their views.

Gervase Markham also wonders why I don't ask people "do you think this should be legal so you could do this". That would be a fascinating. In fact my first plan for the project was to find out what people thought was or was not legal. I think it would be really interesting to know what people think the law actually is and that seems to me logically prior to asking them whether they want the law to be changed (you can't want to change the law if you don't know what it is).

All I can say is that what my supervisor and I ended up thrashing out was different. However if anyone wants to help out with a survey of that or something else of interest later in the year, I would be very interested in suggestions (see my remarks at the end).

Charles Oppenheim says:
Another problem with the survey is that, assuming the changes go through, UK copyright law will permit some of the actions outlined in the survey that are currently illegal.
That may be right (there's a lot of "it depends") and if people would like me to I would be happy to produce an analysis of all the questions and their legality once I am finished with the dissertation.

The world as it is 

Reuben Thomas is unhappy that his answers may not reflect his true belief. 
I said "yes" to almost every part of every question, but that does not mean that I think that it's good if everyone copies and shares everything; it's rather that the current situation is bad in so many ways.
He then goes on to give a number of situations where (to paraphrase) the market is distorted, which in turn may justify behaviour that would not be justified if those distortions were not present. Origami Girl and Saxon Christopher raise similar points.

My hope was that people would understand the survey to be about the world as it is with all its perfections and oddities. I wanted to avoid being overly abstract. I thought that concrete "real world" situations might bring clearer answers. Whether I am right about that remains to be seen. However the point is taken and, if I had more space, would be something worth exploring.

Ethics

Paul and Gervase both suggest asking a question along the lines of "would you do this?". That would be a logical since I ask what other people would do, why don't I ask what the person answering the survey would do. The simple answer is that I am constrained by university rules on ethics. If I ask whether someone would do something that may be unlawful (or in some places and cases criminal) that is very much more intrusive than asking them what they think is OK. It is also very close to asking them "have you ever done this?", which would be an even more intrusive question.

Much as I would like to know, I have had to avoid questions like this altogether.

Free text

I considered allowing free text comments in the survey (either for each question or for the survey as a whole). Maybe I should have allowed them as an option. I was keen to keep things short and simple and I thought the value of adding free text might be less than the cost in additional cognitive load on people answering the survey.

Given the very interesting questions and comments from people on completion, maybe that was a mistake and I should have added something to let people express their frustration at the narrowness of the categories offered (something I struggle with in surveys) and to offer me the benefit of their wisdom. I am grateful that so many have bothered to add their comments to the survey.

Finally

Thank you for all your comments. I am sorry if I haven't (yet) addressed something you have said. I am really grateful for all the feedback.

One of the main themes seems to be that I didn't answer questions people wanted answering. I hope to have this dissertation done and dusted by May / June, but I will still have some time left on my surveymonkey subscription so if anyone wanted to do the hard work of canvassing people to answer another more detailed survey, or a survey about other things (eg what you think the law should be) I would be more than happy to offer legal, technical and statistical advice and support. 

I think we know far too little about what the general population thinks about copying and the law, so the more the merrier. Maybe a kickstarter to raise funds to buy a properly sampled audience is something to try.

I hope to be able to publish the data in open data format and some commentary on the final results later in the year, but for now please keep sharing and let's see if we can hit 1,000 respondents.

Monday, 10 February 2014

Copying, sharing and remixing - what do you think?

I am completing a part-time LLM (masters) in computer and communications law with Queen Mary University London. I would really appreciate your help in completing a survey. It should take less than 5 minutes to complete. If you want to know more about the survey, read on...

I, like many lawyers, spend a lot of time thinking, talking and writing about intellectual property law and, in particular, copyright. But law is not the whole story. People do what they do for all sorts of reasons: what the law says is only one of them.

People may also be driven by socially accepted rules of conduct known as social norms. In simple terms: what they think is OK. Norms are complicated things. For example you may have your own views about what is OK, but you might also pay attention to:

  • what you think other people think is OK
  • what you think other people actually do

Obviously law affects social norms. I'm sure it would be a fun an interesting exercise to find out what people think they are allowed to do by the law. But that is not what I am trying to find out - this time anyway.

For my research I have created a to try to find out something about social norms for a number of common situations where someone might want to copy, share or remix an existing work. I hope that learning what people actually think will be illuminating.

I would therefore be extremely grateful if you could try the survey out for yourself and also pass it on to as many of your friends, relatives, colleagues (and really anyone else you know) as you can.

I hope to post the results of the survey in July of this year (2014) and discuss some of the results as they come in. For now I won't say any more about the design so that I do not influence you when you fill it in (which I am sure you are going to do). If you don't want to read my other blog posts restrict yourself to the tag copynorms.

Here is the link for the survey again in case you missed it.

Wednesday, 25 September 2013

Open up data about justice

Very recently the government published the Shakespeare Review on open data. I have recently been told that:
The government, in response to the Shakespeare Review of Public Sector Information, has committed itself to publishing a core reference dataset, listing unpublished datasets together with a schedule of release. Government departments have been going through a process of identifying the data they hold and prioritising their release.
What I am given to understand is that we should all be telling the Government, right now, that particular datasets need to be released.
As a lawyer, I am particularly interested in information about the workings of the court system. data.gov does not appear to allow me to search for unpublished datasets belonging to the court service only, but it does allow me to pull up unpublished datasets for the Ministry of Justice.
I am not entirely sure what is there or how useful it might be. For example there is a case management system called caseman that is used by county courts. I suspect that there is a lot of potential in opening up that dataset, but it is hard to tell without more information. 
There is even a dataset described as:

Tribunals Service Case Management systems including: ARIA, ETHOS (and Caseflow), GAPs 2, MARTHA, CICA and a set of SQL and Access based systems, and manual case records.

I have told the MOJ that they might as well have described this as "stuff" for all it really helps me. But it is quite possible there is much of interest there too.

Each dataset allows (signed up users) to give feedback on release of the data. Feedback is supposed to be focussed particularly on economic and social growth - nothing persuades governments like "if you release this dataset, there will be a £100M growth in GDP".

Sadly, to date, almost all the interesting datasets have attracted no comments at all. I wonder whether this is to do with lack of publicity or whether people (like me) feel that it is difficult to make concrete comments on datasets about which they know nothing. If any reader of this blog feels strongly about open data, can I invite you to give feedback on some (or all) of these datasets.

Note: I have blogged elsewhere on this topic already with a slightly different emphasis.
 

Friday, 3 May 2013

Orphan Works - the new law in the UK


My social media feeds have been full links to alarmist stories about a recent change to UK copyright law that allows for the licensing of orphan works. Photographers have been particularly concerned after one site (which I won't dignify with a link) used the headline "ALL your pics belong to everyone now". So much alarm has been created that the UK's intellectual property office felt moved to publish a PDF debunking some of the myths that have arisen. I was waiting until the Enterprise and Regulatory Reform Act 2013 was published on the government's legislation website before making my own comment.

The problem of orphan works is well known. Copyright lasts for a long time. In the UK it will usually be for 70 years after the death of the author. Discovering the author of a work to discover whether it is, or is not, protected by copyright can be difficult, let alone discovering the present owner of that copyright in order to ask them for a licence. The effect of that is that many works are either not used, or used only by organisations that care little about copyright on the ask forgiveness not permission principle.

There are radical solutions to this problem, for example we could require that copyright owners register their copyrights in order to enforce them, as the United States did until relatively recently. Or we could adopt William Patry's more modest proposal where no registration would be required for an initial, but relatively short, copyright term. To extend the life of a work's copyright, the copyright owner would be required to register. Such a system would make it very easy to discover who was the owner of a work older than the short initial period of copyright, but of course there would be administrative costs associated with it. Legislators have been more timid in their response.

The European Directive

One solution that has already been enacted is the European the orphan works directive (2012/28/EU), although the UK does not have to transpose it into UK law until 29 October 2014.

The orphan works directive is an exceptionally modest provision. Its beneficiaries are public libraries, education establishments, museums and archives. Any institution wishing to use an orphan work must first carry out a "diligent search" in good faith from "appropriate sources". The directive itself lists some "appropriate sources" which would have to be searched, but member states may add to the list, which varies depending on the type of work involved.

Records have to be kept by the institutions of their diligent searches which must be sent to their national government which in turn must make the results available on a publicly searchable website (good to see that governments are beginning to understand open data). This ought to make it easy for copyright owners to discover whether one of their works has been designated as an "orphan" and, having found out, make sure that oprhan status is rescinded.

Institutions may only use the works to achieve their "public-interest missions" and may only charge in order to recover costs of copying or making available to the public. They may not exploit the works commercially.

Canada

The orphan works directive tries to maintain the broad integrity of copyright by delegating the task of carrying out a diligent search and managing the orphan works system to trusted public institutions. By contrast Canada has been using an orphan works law which relies on a central authority, theCopyright Board of Canada.

Section 77 of the Canadian Copyright Act 1985, entitled "owners who cannot be located", requires anyone seeking a licence for what we call orphan works to satisfy the Copyright Board that they have made "reasonable efforts to locate the owner". The Board may then issue a non-eclusive licence on any terms it chooses to specify. According to their brochure they will usually require the payment of a licence fee, which will be paid to a collecting society. If the owner of the copyright appears within 5 years of they expiry of the licence, they may claim the licence fee. Where the fee was paid to a collecting society, the society will pay the owner.

The Board do not issue very many licences - roughly 22 a year since 1990Not all applications for a licence are accepted. Whether "it works" in Canada I do not know, but copyright has clearly not come to an end there.

The United Kingdom

So where does that leave us? Section 77 of the Enterprise and Regulatory Reform Act 2013 introduces a new section 116A of the Copyright, Designs and Patents Act 1988 concerned with orphan works. Section 116A is a mere skeleton. It allows the government to make regulations that would allow someone (an authorised person) or alternatively some people to be chosen by someone designated for the purpose, to grant licences to orphan works. The content and circumstances of the licences we do not know. All we do know is:
  • a work will not be an orphan work unless a diligent search is made for the copyright owner
  • what counts as a "diligent search" will be defined in the regulations
  • the licences may not be exclusive
  • nor may they be granted to a person authorised to grant licences
Now in theory this means we could end up with a Wild West system where there was little real control over licensing of orphan works. The regulations could be very lax on what counted as a "diligent search" and very generous about the licensing terms. That is always a risk with open-ended legislative provisions (and why they should not be used by Parliament).

The reality, according to the intellectual property office, is that we will end up with something similar to the Canadian system. Licences will not be free. Copyright owners will be able to claim fees that have been paid. There will almost certainly be a fairly tight and prescriptive description of what counts as a "diligent search". It will not be enough simply to look at the metadata on a photograph, shrug one's shoulders, and go ahead.

Extended Collective Licensing

In parallel to section 116A is a new 116B which will allow collecting societies in sectors where they now organise (eg books and music) to be given permission to license works that they do not have any existing right to license - eg where they do not own the rights and the author has not given the society permission to license them. This is not an orphan work provision. It applies even though the society knows full well who the author of a work might be. I mention it because it has been mixed into some of the reports about the orphan works provisions.

I have my doubts about extended collective licensing, but it will at least be an "opt out" system. No-one has to participate if they do not want to. In a sector where most licensing is direct (author to user) such as photography, there may never be such a system as the intellectual property office has indicated.

Consultation

The intellectual property office tell me that there will be extensive consultation on the detail of any regulations. Anyone having an interest in these provisions should make sure they engage with the consultation or join with others to represent them collectively. I am sure the open rights group will be making representations.

Tuesday, 3 July 2012

The defamation bill 2012 and the web

I have already commented on one aspect of the Defamation Bill 2012 that is directly aimed at operators of websites, but there are two other provisions, in the current draft (in the public bill committee) at clauses 8 and 10, which have a bearing on the way we do things on the web and which I do not believe have been properly thought through.

The host's nightmare

As soon as you allow other people to contribute material to your website, whether by comments to a blog, forum posts or something more substantial such as a wiki, you risk being held accountable for what they say. Even if you could rely on one of various defences, such as the "hosting" defence in the e-commerce directive, if a potentially defamatory comment has been brought to your attention, you are put in the invidious position of deciding whether to remove it or be prepared to defend your decision to allow it to stay. The various intermediary defences only go so far. If you bravely decide to keep it there, you may find yourself having to defend the statement itself. But of course if its not your statement, you may find that very difficult to do.

Last year I highlighted the problem this can cause for WhatDoTheyKnow but this is a problem that can affect vast numbers of website providers and of course any upstream posts they have. Surely this needs fixing?

What ought to happen?

Suppose someone - call them X - finds that a really damaging, but false, allegation has been made about them on a website run by Y, which will, or at least is likely to, cause X harm but the statement was made by someone else - call them Z. Y acting as an innocent host (forum operator, blogger etc). It seems right that X should be able to do two things:
  • have the statement removed, or at least corrected in some way
  • be compensated for damages for any harm they have suffered
These are two quite different things. It is only someone who is, in some sense, at fault for making the false statement who should be responsible for any compensation - where we can argue what "at fault" might mean. But, merely because someone ought not to be liable to pay damages for a damaging and false statement, does not mean they should not be responsible for removing it in any possible circumstances. For example, if X were able to prove in court that the statement was false - more than a claimant in defamation has to do right now - and satisfy the court that the statement should be removed at X's expense, then it seems hard to believe that X should have no way to compel Y to do so.

The defamation bill breaks this simple idea in at least two places.

Clause 10

The existing clause 10(1) says:
A court does not have jurisdiction to hear and determine an action for defamation brought against a person who was not the author, editor or publisher of the statement complained of unless the court is satisfied that it is not reasonably practicable for an action to be brought against the author, editor or publisher.
What this seems to be trying to do is to force claimants to go after the "real" culprit than an innocent intermediary. X must sue Z not Y. That seems entirely reasonable if we are talking about a claim for damages. If X can sue Z then they should get on and do it. But it may be utterly useless if X wants to prevent the continued publication of the statement. For example if X is able to sue Z and obtain damages but Y has closed Z's account (Z clearly being a troublemaker) then it is useless for X to obtain a court order against Z to stop the publication. Z no longer has the power to do so. Only Y can remove the statement, but X cannot sue Y - the court has no jurisdiction to hear their claim.

I do not believe this is what clause 10 is meant to do but as far as I can see, that is its effect.

The single publication rule

The bill also addresses a much older controversy, that goes back to the odd case of Duke of Brunswick v Harmer (1849) 14 QB 185. Charles II, Duke of Brunswick does not seem to have been a very nice man. He was drummed out of Brunswick and his duchy taken over by his brother. While living in Paris he sent a servant to collect a newspaper article about him in the archives of the British Museum. Although the limitation period since the article had been first published by the newspaper had long run out, he successfully sued for libel on the basis that there had been a fresh publication, to his servant, of the article when he had gone to collect it from the museum.

This rule has received lots of criticism over the years. See, for example, a Guardian article from 2005 suggesting that it threatens the internet. Newspapers that keep online archives have been particularly concerned. The limitation period for libel is one year after which time a newspaper editor could, potentially, breathe a sigh of relief, but if each time someone accesses an online newspaper archive there is a fresh publication, liability could last forever.

As an aside, the worst part of the Duke of Brunswick case has always seemed to me to be the fact that the Duke himself organised the publication to one of his servants. It seems unfair to allow someone to engineer an actionable wrong against themselves for which they can be compensated. Thankfully the world has moved on. Today the Duke of Brunswick's claim would almost certainly be struck out as an abuse of process because it fails to show a substantial tort, see Dow Jones v Jameel [2005] EWCA Civ 75.

It turns out that the multiple publication rule probably doesn't threaten newspaper archives. The Court of Appeal did not believe so in Loutchansky v The Times and the European Court of Human Rights, in the circumstances, agreed. Clearly there could be problems with a newspaper threatened with a libel action for an article published so long before that it would be difficult to defend, but if that were to happen, the newspaper's article 10 rights ought to permit the court to strike it out - at least the European Court of Human Rights seemed to think that is what ought to happen. I suspect our courts would agree.

The other concern about archived material was that once a defamation claim had been upheld, the article would have to be removed, changing the past in Orwellian fashion. Not so (it seems). All that is needed is the attachment of a short "Loutchansky" notice to the article indicating that its contents are disputed.

For example:
“Legal Notice 30 July 2009: Mr Budu denies that he was an illegal immigrant. He was granted indefinite leave to remain in the UK on 23 June 2004.”
appears on a BBC news report concerning the claimant in Budu v BBC and seems to have been sufficient.

It seems to me that the multiple publication rule is not as quite as broken as many commentators suggest, but nevertheless, I can see that it is something that might need further though. The Defamation Bill seeks to "fix" it.

Clause 8

Clause 8 essentially abolishes the rule in the Duke of Brunswick case. It applies where anyone:
  • publishes a statement to the public (“the first publication”), and
  • subsequently publishes (whether or not to the public) that statement or 
    a statement which is substantially the same.
In which case the one year provided for in the Limitation Act 1980 starts running at the first publication. It does not start running again at every subsequent web access.

The authors of this clause clearly had in mind newspaper archive style publication where the first publication is made in a blaze of prominence and later publications (via the archive) are simply parasitic on the first. A claimant, they obviously feel, has had an opportunity to make their complaint when the publication is first made and should not be able to challenge it later. For paper news that is later electronically archived I can see that might make sense.

But the web works differently. Many things are published in obscurity. In theory they are available to the world, but often search engines do not find them or at least consign them to many pages down the search results which is effectively the same thing. Sometimes something then happens to force the obscure into the limelight. A blog-post or an article might be found by someone influential and re-posted, re-tweeted or otherwise given more juice. It is at that moment that an obscure defamatory comment might come into the limelight and cause its subject problems.

As far as I can see clause 8 completely ignores the way the web actually works and relies on first publication being the most prominent. It gives a nod to a change in circumstance in 8(4) which says:
This section does not apply in relation to the subsequent publication if the manner of that publication is materially different from the manner of the first publication.
But in my example the manner of publication has not changed. It is the way the web links to it that has and that is all important. The limitation period for defamation can be waived by the court in certain circumstances, so clause 8 might not be an absolute bar to a claim, but in my view it would be much better if the whole provision had been thought through properly bearing in mind the way the web now operates.

Sunday, 17 June 2012

The Communications Data Bill (first look)

On Thursday the government announced the Communications Data Bill. The official copy is available as CM8359 but the open rights group have made it available in in an easier to read format. The bill has attracted a lot of interest, so I thought it would be useful if I posted an explanation of what it does and does not do. Bills of this kind benefit from (or suffer, depending on your point of view) considerable amendment while passing through Parliament, so the end product may be very different.

The bill replaces two existing pieces of legislation: chapter I, part II of the Regulation of Investigatory Powers Act 2000 (RIPA) and part 11 of the Anti-terrorism, Crime and Security Act 2001 (ATCSA). For some what will be of interest will be the ways in which the bill changes that existing law, but for others that law is already controversial, so they may see debates on the bill as a chance to re-visit the state we are in.

Communications data

Chapter I, part II of RIPA is all about allowing public bodies to obtain "communications data". The bill and RIPA use essentially identical definitions of communications data (RIPA s22(4) Bill cl.2(9)), which the bill helpfully divides into three parts:

  • traffic data - which includes the identity and location of the communication's end-points and the individuals (if any) sending and receiving it;
  • use data - information which is not traffic data about the use made of a telecommunications service or in connection with the use of a telecommunications service or system;
  • subscriber data - any other information obtained by the provider of a telecommunications system about the people to whom it is provided

But, in both cases, not the content of any communications. Traffic data may include the contents of a communication, in so far as it is "traffic data" but "use data" may not.

The definition is very broad. In RIPA terms a "telecommunications service" is:

any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service)

A "telecommunications system" is:

a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy

This definition clearly includes radios and televisions; telephones and mobile telephones and routers. It almost certainly includes mail servers. I am less sure about a server which has multiple roles - since it might be difficult to say that it "exists .. for the purpose", but anyone running a server which acted as a mail transfer agent or on which ran a mail user agent (eg gmail) would surely be running a telecommunications service​ even if the server itself was not a telecommunications system​.

This means that subscriber information and usage patterns of facebook, gmail and so on are already within the scope of RIPA. The bill uses almost identical definitions for telecommunications services and systems, which suggests that exactly the same sets of data will be in scope.

Obtaining communications data

The RIPA regime for obtaining communications data has essentially two parts:

  • authorisations - given by a "designated person" to other members of their organisation or suitably associated organisations (eg collaborating police forces), who are then "authorised officeers". The effect of an authorisation is to make lawful, including removing any civil liability, anything an authorised officer does while obtaining communications data under their authorisation.
  • notices - given by a "designated person" to postal or telecommunications operators, requiring them to obtain (if they are able to) and disclose communications data

Authorisations and notices last up to a month but may be renewed.

The bill has a broadly similar structure with, as far as I can tell, a few changes:

First, an authorisation (given by a designated person) may authorise an authorised officer to give notice to telecommunications operators (cl 9(3)(d)) in contrast to RIPA where it is the designated person who may give notices (s21(4)). In other words the power to force telecommunications operators to obtain and cough up communications data appears to be delegated further down the tree. I do not know enough about how RIPA is operated within police forces to know whether this will make any practical difference.

The second change is more significant. In RIPA a "telecommunications operator" is someone who "provides a postal or telecommunications service" (s25(1)). The definition in the bill (cl 28(1)) extends "operator" to include not only those providing a service but to any person who "controls or provides a telecommunication system".

In theory that means that anyone who owns a mobile telephone (or radio or television) is a "telecommunications operator", so that, in theory, the government could order us all  to keep records of who watches any television we control. While any government doing so would look extremely stupid - and find themselves out of office very fast - the increase in reach has other more usable implications. For instance it extends to manufacturers of communications equipment, who might usefully be asked to install hardware or software to make interception easier. It will be much harder to say that particular data is out of scope.

Retaining data​

The power to obtain communications data from communications operators is only of any use if there is data to obtain. At present the main provision for requiring retention of communications data is the data retention directive. This is directed at "providers of publicly available electronic communications services or of a public communications network" (article 3) who are defined (in the framework directive) in relation to services consisting of the transmission of signals over networks. In particular the obligation does not apply to those (like gmail and facebook) who provide "information society services".

Part 11 of ATCSA, which I mentioned earlier, did give the government a power to pass secondary legislation requiring communications providers (as defined in RIPA) to retain communications data, but only for national security purposes. The power had a sunset clause which meant that if, after two years, the government had not exercised the power it would lapse which it did on December 14 2003.

The bill will change all that. Drastically. Clause 1(1) of the bill states:

(1) The Secretary of State may by order—

(a) ensure that communications data is available to be obtained from telecommunications operators by relevant public authorities in accordance with Part 2, or

(b) otherwise facilitate the availability of communications data to be so obtained from telecommunications operators.

Other than that, there are no restrictions on what the order may do. All the limitations are procedural (consultation, laying before Parliament). This means that the government may do pretty much anything that is at least rationally connected to ensuring that communications data is available. If there was any doubt about this, the rest of clause 1 spells out just how wide the power is, for instance:

  • requirements ("you must") or restrictions ("you must not") may be imposed on anyone;
  • the Secretary of State may be given a power to impose requirements and restrictions on anyone by notice
  • those requirements may include forcing the use of particular software, equipment or algorithms
  • any requirements may be aimed at a different communication provider's data (eg an out of UK mail provider that does not wish to help the UK government might be targeted by asking ISP's to monitor usage of the site)
  • telecommunications operators can be made to contract out compliance with the government or with private firms, including "on a commercial basis", eg the government could nominate a private contractor that would store data on behalf of ISP's and force ISP's to hire them to do so commercially.

It seems to me that clause 1 is just too wide. It allows far too many things. There are essentially no restraints to stop a determined government doing what it wants. The requirement for Parliamentary approval (for instance) is in practice of little weight. Secondary legislation is almost never refused by Parliament and there is no mechanism for amendment to an order that has been laid before the house.

Filtering

Clause 14 (and following) referring to "filtering arrangements" seems to have caught many people's eyes. The explanatory notes suggest that the government intends to run a great big "Request Filter" which will collate communications data from many different sources and also act as a useful front end for designated officers, for example to work out what questions to ask, what sort of results will be obtained and to extract the communications data required.

As a part of the legal analysis I'm not sure that the provisions concerning "filtering arrangements" are particularly interesting. They make it clear that the Secretary of State can run a system like the "Request Filter", but they don't give the government any more powers to obtain data - those are all to be found in clause 1. Clause 14 etc may be there to ensure that no-one challenges the creation of a Request Filter on the grounds that it is beyond the powers (​ultra vires​) of the Secretary of State's office to maintain it.

But the filtering arrangements are interesting in that they give us a clue of one of the things the government has in mind.

Conclusion

In short the bill is all about increasing the amount of communications data that the authorities can get hold of. It does this in two principle ways: (1) by giving an essentially unlimited power to the government to order anyone to do anything rationally connected with that aim (and presumably proportionate and human rights compliant - though that may result in much time-consuming litigation); and (2) by widening the scope of people who can be asked to give up communications data to anyone who controls any communications equipment - in practice almost everyone old enough to own a mobile telephone.

There are a few other bits and pieces in the bill I have not mentioned, for example a requirement for local authority officers to obtain judicial approval for authorisations and a certain amount of tidying up.

It is almost impossible to have a sane debate about this sort of law because, as always, the government are likely to say "but we will only use our powers for good". What is more the bill, if passed, won't do anything particularly bad itself​ that badness is merely a potential badness that allows for misuse of the power at a later date. Again governments will swear on their mothers' that they will only pass just and sensible secondary legislation.

I hope this short post will inform the debate.