Orphan Works - the new law in the UK

My social media feeds have been full links to alarmist stories about a recent change to UK copyright law that allows for the licensing of orphan works. Photographers have been particularly concerned after one site (which I won't dignify with a link) used the headline "ALL your pics belong to everyone now". So much alarm has been created that the UK's intellectual property office felt moved to publish a PDF debunking some of the myths that have arisen. I was waiting until the Enterprise and Regulatory Reform Act 2013 was published on the government's legislation website before making my own comment.

The problem of orphan works is well known. Copyright lasts for a long time. In the UK it will usually be for 70 years after the death of the author. Discovering the author of a work to discover whether it is, or is not, protected by copyright can be difficult, let alone discovering the present owner of that copyright in order to ask them for a licence. The effect of that is that many works are either not used, or used only by organisations that care little about copyright on the ask forgiveness not permission principle.

There are radical solutions to this problem, for example we could require that copyright owners register their copyrights in order to enforce them, as the United States did until relatively recently. Or we could adopt William Patry's more modest proposal where no registration would be required for an initial, but relatively short, copyright term. To extend the life of a work's copyright, the copyright owner would be required to register. Such a system would make it very easy to discover who was the owner of a work older than the short initial period of copyright, but of course there would be administrative costs associated with it. Legislators have been more timid in their response.

The European Directive

One solution that has already been enacted is the European the orphan works directive (2012/28/EU), although the UK does not have to transpose it into UK law until 29 October 2014.

The orphan works directive is an exceptionally modest provision. Its beneficiaries are public libraries, education establishments, museums and archives. Any institution wishing to use an orphan work must first carry out a "diligent search" in good faith from "appropriate sources". The directive itself lists some "appropriate sources" which would have to be searched, but member states may add to the list, which varies depending on the type of work involved.

Records have to be kept by the institutions of their diligent searches which must be sent to their national government which in turn must make the results available on a publicly searchable website (good to see that governments are beginning to understand open data). This ought to make it easy for copyright owners to discover whether one of their works has been designated as an "orphan" and, having found out, make sure that oprhan status is rescinded.

Institutions may only use the works to achieve their "public-interest missions" and may only charge in order to recover costs of copying or making available to the public. They may not exploit the works commercially.

Canada

The orphan works directive tries to maintain the broad integrity of copyright by delegating the task of carrying out a diligent search and managing the orphan works system to trusted public institutions. By contrast Canada has been using an orphan works law which relies on a central authority, theCopyright Board of Canada.

Section 77 of the Canadian Copyright Act 1985, entitled "owners who cannot be located", requires anyone seeking a licence for what we call orphan works to satisfy the Copyright Board that they have made "reasonable efforts to locate the owner". The Board may then issue a non-eclusive licence on any terms it chooses to specify. According to their brochure they will usually require the payment of a licence fee, which will be paid to a collecting society. If the owner of the copyright appears within 5 years of they expiry of the licence, they may claim the licence fee. Where the fee was paid to a collecting society, the society will pay the owner.

The Board do not issue very many licences - roughly 22 a year since 1990. Not all applications for a licence are accepted. Whether "it works" in Canada I do not know, but copyright has clearly not come to an end there.

The United Kingdom

So where does that leave us? Section 77 of the Enterprise and Regulatory Reform Act 2013 introduces a new section 116A of the Copyright, Designs and Patents Act 1988 concerned with orphan works. Section 116A is a mere skeleton. It allows the government to make regulations that would allow someone (an authorised person) or alternatively some people to be chosen by someone designated for the purpose, to grant licences to orphan works. The content and circumstances of the licences we do not know. All we do know is:

• a work will not be an orphan work unless a diligent search is made for the copyright owner
• what counts as a "diligent search" will be defined in the regulations
• the licences may not be exclusive
• nor may they be granted to a person authorised to grant licences

Now in theory this means we could end up with a Wild West system where there was little real control over licensing of orphan works. The regulations could be very lax on what counted as a "diligent search" and very generous about the licensing terms. That is always a risk with open-ended legislative provisions (and why they should not be used by Parliament).

The reality, according to the intellectual property office, is that we will end up with something similar to the Canadian system. Licences will not be free. Copyright owners will be able to claim fees that have been paid. There will almost certainly be a fairly tight and prescriptive description of what counts as a "diligent search". It will not be enough simply to look at the metadata on a photograph, shrug one's shoulders, and go ahead.

Extended Collective Licensing

In parallel to section 116A is a new 116B which will allow collecting societies in sectors where they now organise (eg books and music) to be given permission to license works that they do not have any existing right to license - eg where they do not own the rights and the author has not given the society permission to license them. This is not an orphan work provision. It applies even though the society knows full well who the author of a work might be. I mention it because it has been mixed into some of the reports about the orphan works provisions.

I have my doubts about extended collective licensing, but it will at least be an "opt out" system. No-one has to participate if they do not want to. In a sector where most licensing is direct (author to user) such as photography, there may never be such a system as the intellectual property office has indicated.

Consultation

The intellectual property office tell me that there will be extensive consultation on the detail of any regulations. Anyone having an interest in these provisions should make sure they engage with the consultation or join with others to represent them collectively. I am sure the open rights group will be making representations.

The defamation bill 2012 and the web

I have already commented on one aspect of the Defamation Bill 2012 that is directly aimed at operators of websites, but there are two other provisions, in the current draft (in the public bill committee) at clauses 8 and 10, which have a bearing on the way we do things on the web and which I do not believe have been properly thought through.

The host's nightmare

As soon as you allow other people to contribute material to your website, whether by comments to a blog, forum posts or something more substantial such as a wiki, you risk being held accountable for what they say. Even if you could rely on one of various defences, such as the "hosting" defence in the e-commerce directive, if a potentially defamatory comment has been brought to your attention, you are put in the invidious position of deciding whether to remove it or be prepared to defend your decision to allow it to stay. The various intermediary defences only go so far. If you bravely decide to keep it there, you may find yourself having to defend the statement itself. But of course if its not your statement, you may find that very difficult to do.

Last year I highlighted the problem this can cause for WhatDoTheyKnow but this is a problem that can affect vast numbers of website providers and of course any upstream posts they have. Surely this needs fixing?

What ought to happen?

Suppose someone - call them X - finds that a really damaging, but false, allegation has been made about them on a website run by Y, which will, or at least is likely to, cause X harm but the statement was made by someone else - call them Z. Y acting as an innocent host (forum operator, blogger etc). It seems right that X should be able to do two things:

• have the statement removed, or at least corrected in some way
• be compensated for damages for any harm they have suffered

These are two quite different things. It is only someone who is, in some sense, at fault for making the false statement who should be responsible for any compensation - where we can argue what "at fault" might mean. But, merely because someone ought not to be liable to pay damages for a damaging and false statement, does not mean they should not be responsible for removing it in any possible circumstances. For example, if X were able to prove in court that the statement was false - more than a claimant in defamation has to do right now - and satisfy the court that the statement should be removed at X's expense, then it seems hard to believe that X should have no way to compel Y to do so.

The defamation bill breaks this simple idea in at least two places.

Clause 10

The existing clause 10(1) says:

A court does not have jurisdiction to hear and determine an action for defamation brought against a person who was not the author, editor or publisher of the statement complained of unless the court is satisfied that it is not reasonably practicable for an action to be brought against the author, editor or publisher.

What this seems to be trying to do is to force claimants to go after the "real" culprit than an innocent intermediary. X must sue Z not Y. That seems entirely reasonable if we are talking about a claim for damages. If X can sue Z then they should get on and do it. But it may be utterly useless if X wants to prevent the continued publication of the statement. For example if X is able to sue Z and obtain damages but Y has closed Z's account (Z clearly being a troublemaker) then it is useless for X to obtain a court order against Z to stop the publication. Z no longer has the power to do so. Only Y can remove the statement, but X cannot sue Y - the court has no jurisdiction to hear their claim.

I do not believe this is what clause 10 is meant to do but as far as I can see, that is its effect.

The single publication rule

The bill also addresses a much older controversy, that goes back to the odd case of Duke of Brunswick v Harmer (1849) 14 QB 185. Charles II, Duke of Brunswick does not seem to have been a very nice man. He was drummed out of Brunswick and his duchy taken over by his brother. While living in Paris he sent a servant to collect a newspaper article about him in the archives of the British Museum. Although the limitation period since the article had been first published by the newspaper had long run out, he successfully sued for libel on the basis that there had been a fresh publication, to his servant, of the article when he had gone to collect it from the museum.

This rule has received lots of criticism over the years. See, for example, a Guardian article from 2005 suggesting that it threatens the internet. Newspapers that keep online archives have been particularly concerned. The limitation period for libel is one year after which time a newspaper editor could, potentially, breathe a sigh of relief, but if each time someone accesses an online newspaper archive there is a fresh publication, liability could last forever.

As an aside, the worst part of the Duke of Brunswick case has always seemed to me to be the fact that the Duke himself organised the publication to one of his servants. It seems unfair to allow someone to engineer an actionable wrong against themselves for which they can be compensated. Thankfully the world has moved on. Today the Duke of Brunswick's claim would almost certainly be struck out as an abuse of process because it fails to show a substantial tort, see Dow Jones v Jameel [2005] EWCA Civ 75.

It turns out that the multiple publication rule probably doesn't threaten newspaper archives. The Court of Appeal did not believe so in Loutchansky v The Times and the European Court of Human Rights, in the circumstances, agreed. Clearly there could be problems with a newspaper threatened with a libel action for an article published so long before that it would be difficult to defend, but if that were to happen, the newspaper's article 10 rights ought to permit the court to strike it out - at least the European Court of Human Rights seemed to think that is what ought to happen. I suspect our courts would agree.

The other concern about archived material was that once a defamation claim had been upheld, the article would have to be removed, changing the past in Orwellian fashion. Not so (it seems). All that is needed is the attachment of a short "Loutchansky" notice to the article indicating that its contents are disputed.

For example:

“Legal Notice 30 July 2009: Mr Budu denies that he was an illegal immigrant. He was granted indefinite leave to remain in the UK on 23 June 2004.”

appears on a BBC news report concerning the claimant in Budu v BBC and seems to have been sufficient.

It seems to me that the multiple publication rule is not as quite as broken as many commentators suggest, but nevertheless, I can see that it is something that might need further though. The Defamation Bill seeks to "fix" it.

Clause 8

Clause 8 essentially abolishes the rule in the Duke of Brunswick case. It applies where anyone:

• publishes a statement to the public (“the first publication”), and
• subsequently publishes (whether or not to the public) that statement or 
  a statement which is substantially the same.

In which case the one year provided for in the Limitation Act 1980 starts running at the first publication. It does not start running again at every subsequent web access.

The authors of this clause clearly had in mind newspaper archive style publication where the first publication is made in a blaze of prominence and later publications (via the archive) are simply parasitic on the first. A claimant, they obviously feel, has had an opportunity to make their complaint when the publication is first made and should not be able to challenge it later. For paper news that is later electronically archived I can see that might make sense.

But the web works differently. Many things are published in obscurity. In theory they are available to the world, but often search engines do not find them or at least consign them to many pages down the search results which is effectively the same thing. Sometimes something then happens to force the obscure into the limelight. A blog-post or an article might be found by someone influential and re-posted, re-tweeted or otherwise given more juice. It is at that moment that an obscure defamatory comment might come into the limelight and cause its subject problems.

As far as I can see clause 8 completely ignores the way the web actually works and relies on first publication being the most prominent. It gives a nod to a change in circumstance in 8(4) which says:

This section does not apply in relation to the subsequent publication if the manner of that publication is materially different from the manner of the first publication.

But in my example the manner of publication has not changed. It is the way the web links to it that has and that is all important. The limitation period for defamation can be waived by the court in certain circumstances, so clause 8 might not be an absolute bar to a claim, but in my view it would be much better if the whole provision had been thought through properly bearing in mind the way the web now operates.

The Communications Data Bill (first look)

On Thursday the government announced the Communications Data Bill. The official copy is available as CM8359 but the open rights group have made it available in in an easier to read format. The bill has attracted a lot of interest, so I thought it would be useful if I posted an explanation of what it does and does not do. Bills of this kind benefit from (or suffer, depending on your point of view) considerable amendment while passing through Parliament, so the end product may be very different.

The bill replaces two existing pieces of legislation: chapter I, part II of the Regulation of Investigatory Powers Act 2000 (RIPA) and part 11 of the Anti-terrorism, Crime and Security Act 2001 (ATCSA). For some what will be of interest will be the ways in which the bill changes that existing law, but for others that law is already controversial, so they may see debates on the bill as a chance to re-visit the state we are in.

Communications data

Chapter I, part II of RIPA is all about allowing public bodies to obtain "communications data". The bill and RIPA use essentially identical definitions of communications data (RIPA s22(4) Bill cl.2(9)), which the bill helpfully divides into three parts:

• traffic data - which includes the identity and location of the communication's end-points and the individuals (if any) sending and receiving it;
• use data - information which is not traffic data about the use made of a telecommunications service or in connection with the use of a telecommunications service or system;
• subscriber data - any other information obtained by the provider of a telecommunications system about the people to whom it is provided

But, in both cases, not the content of any communications. Traffic data may include the contents of a communication, in so far as it is "traffic data" but "use data" may not.

The definition is very broad. In RIPA terms a "telecommunications service" is:

any service that consists in the provision of access to, and of facilities for making use of, any telecommunication system (whether or not one provided by the person providing the service)

A "telecommunications system" is:

a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy

This definition clearly includes radios and televisions; telephones and mobile telephones and routers. It almost certainly includes mail servers. I am less sure about a server which has multiple roles - since it might be difficult to say that it "exists .. for the purpose", but anyone running a server which acted as a mail transfer agent or on which ran a mail user agent (eg gmail) would surely be running a telecommunications service​ even if the server itself was not a telecommunications system​.

This means that subscriber information and usage patterns of facebook, gmail and so on are already within the scope of RIPA. The bill uses almost identical definitions for telecommunications services and systems, which suggests that exactly the same sets of data will be in scope.

Obtaining communications data

The RIPA regime for obtaining communications data has essentially two parts:

• authorisations - given by a "designated person" to other members of their organisation or suitably associated organisations (eg collaborating police forces), who are then "authorised officeers". The effect of an authorisation is to make lawful, including removing any civil liability, anything an authorised officer does while obtaining communications data under their authorisation.
• notices - given by a "designated person" to postal or telecommunications operators, requiring them to obtain (if they are able to) and disclose communications data

Authorisations and notices last up to a month but may be renewed.

The bill has a broadly similar structure with, as far as I can tell, a few changes:

First, an authorisation (given by a designated person) may authorise an authorised officer to give notice to telecommunications operators (cl 9(3)(d)) in contrast to RIPA where it is the designated person who may give notices (s21(4)). In other words the power to force telecommunications operators to obtain and cough up communications data appears to be delegated further down the tree. I do not know enough about how RIPA is operated within police forces to know whether this will make any practical difference.

The second change is more significant. In RIPA a "telecommunications operator" is someone who "provides a postal or telecommunications service" (s25(1)). The definition in the bill (cl 28(1)) extends "operator" to include not only those providing a service but to any person who "controls or provides a telecommunication system".

In theory that means that anyone who owns a mobile telephone (or radio or television) is a "telecommunications operator", so that, in theory, the government could order us all  to keep records of who watches any television we control. While any government doing so would look extremely stupid - and find themselves out of office very fast - the increase in reach has other more usable implications. For instance it extends to manufacturers of communications equipment, who might usefully be asked to install hardware or software to make interception easier. It will be much harder to say that particular data is out of scope.

Retaining data​

The power to obtain communications data from communications operators is only of any use if there is data to obtain. At present the main provision for requiring retention of communications data is the data retention directive. This is directed at "providers of publicly available electronic communications services or of a public communications network" (article 3) who are defined (in the framework directive) in relation to services consisting of the transmission of signals over networks. In particular the obligation does not apply to those (like gmail and facebook) who provide "information society services".

Part 11 of ATCSA, which I mentioned earlier, did give the government a power to pass secondary legislation requiring communications providers (as defined in RIPA) to retain communications data, but only for national security purposes. The power had a sunset clause which meant that if, after two years, the government had not exercised the power it would lapse which it did on December 14 2003.

The bill will change all that. Drastically. Clause 1(1) of the bill states:

(1) The Secretary of State may by order—

(a) ensure that communications data is available to be obtained from telecommunications operators by relevant public authorities in accordance with Part 2, or

(b) otherwise facilitate the availability of communications data to be so obtained from telecommunications operators.

Other than that, there are no restrictions on what the order may do. All the limitations are procedural (consultation, laying before Parliament). This means that the government may do pretty much anything that is at least rationally connected to ensuring that communications data is available. If there was any doubt about this, the rest of clause 1 spells out just how wide the power is, for instance:

• requirements ("you must") or restrictions ("you must not") may be imposed on anyone;
• the Secretary of State may be given a power to impose requirements and restrictions on anyone by notice
• those requirements may include forcing the use of particular software, equipment or algorithms
• any requirements may be aimed at a different communication provider's data (eg an out of UK mail provider that does not wish to help the UK government might be targeted by asking ISP's to monitor usage of the site)
• telecommunications operators can be made to contract out compliance with the government or with private firms, including "on a commercial basis", eg the government could nominate a private contractor that would store data on behalf of ISP's and force ISP's to hire them to do so commercially.

It seems to me that clause 1 is just too wide. It allows far too many things. There are essentially no restraints to stop a determined government doing what it wants. The requirement for Parliamentary approval (for instance) is in practice of little weight. Secondary legislation is almost never refused by Parliament and there is no mechanism for amendment to an order that has been laid before the house.

Filtering

Clause 14 (and following) referring to "filtering arrangements" seems to have caught many people's eyes. The explanatory notes suggest that the government intends to run a great big "Request Filter" which will collate communications data from many different sources and also act as a useful front end for designated officers, for example to work out what questions to ask, what sort of results will be obtained and to extract the communications data required.

As a part of the legal analysis I'm not sure that the provisions concerning "filtering arrangements" are particularly interesting. They make it clear that the Secretary of State can run a system like the "Request Filter", but they don't give the government any more powers to obtain data - those are all to be found in clause 1. Clause 14 etc may be there to ensure that no-one challenges the creation of a Request Filter on the grounds that it is beyond the powers (​ultra vires​) of the Secretary of State's office to maintain it.

But the filtering arrangements are interesting in that they give us a clue of one of the things the government has in mind.

Conclusion

In short the bill is all about increasing the amount of communications data that the authorities can get hold of. It does this in two principle ways: (1) by giving an essentially unlimited power to the government to order anyone to do anything rationally connected with that aim (and presumably proportionate and human rights compliant - though that may result in much time-consuming litigation); and (2) by widening the scope of people who can be asked to give up communications data to anyone who controls any communications equipment - in practice almost everyone old enough to own a mobile telephone.

There are a few other bits and pieces in the bill I have not mentioned, for example a requirement for local authority officers to obtain judicial approval for authorisations and a certain amount of tidying up.

It is almost impossible to have a sane debate about this sort of law because, as always, the government are likely to say "but we will only use our powers for good". What is more the bill, if passed, won't do anything particularly bad itself​ that badness is merely a potential badness that allows for misuse of the power at a later date. Again governments will swear on their mothers' that they will only pass just and sensible secondary legislation.

I hope this short post will inform the debate.

Trolls and the defamation bill 2012

The Defamation Bill 2012 had its second reading in the House of Commons today. One aspect of the bill which did not (as far as I can see) appear in the draft bill is a rather peculiar defence for website owners. In characteristic style, the BBC picked it up under the title websites to be forced to identify trolls under new measures and mangled the story completely.

The BBC's report mentions the case of Nicola Brookes, who appears to have been the victim of vicious trolling on facebook. It is reported that she obtained a court order forcing facebook to reveal the IP addresses of its users who harassed her anonymously using the site. I have no further details of that case, but it would seem to be an entirely conventional Norwich Pharmacal order used by Nicola Brookes in order to bring a prosecution for breach of the Protection from Harassment Act 1997. Her case has nothing (much) to do with defamation which is not a crime as implied by the BBC.

Her case is an illustration of the fact that there is already a fairly well tested power to force intermediaries, including social networking sites, to reveal the identity of wrongdoers (criminal or civil) by court order. There is no new power to do this under the defamation bill.

What the defamation bill has done is introduce a new defence for some intermediaries - "website operators". In the current draft of the bill, clause 5 applies where "an action for defamation is brought against the operator of a website in respect of a statement posted on the website." The operator has a defence is they are able to show that it was not them that posted the statement on the website.

I'm not exactly sure what "posted" means in this context. Does it include (say) the FOI responses of public authorities on www.whatdotheyknow.com? The public authority is the immediate cause of the appearance of a statement on the site, but the actual transfer from incoming email to web page is done by the site's own software. This does matter. It would be great if sites like whatdotheyknow had a defence against material they manage, but they are unlikely to want to test the matter in court.

In my experience these kinds of semantic difficulties are often sharpened up later on in a bill's passage. I hope that happens in this case.

The defence is not an absolute one. It an be defeated if three conditions hold:

• the claimant could not identify the person making the complaint
• the claimant gave the operator a notice of complaint relating to the statement
• the operator failed to respond to the notice of complaint in time
  

Where the content of the notice, what is "in time" and what an operator is required to do in response are to be specified in a regulations made later with an inevitably reduced level of parliamentary scrutiny, although the notice will be required to specifically point to "where on the website the statement was posted". Surprisingly many "take down" requests my clients receive don't even go this far.

So, lets be clear, there's nothing here that requires the website owner to do anything unless they want to. The sanction for non-compliance is that they lose a defence to a libel claim. But website owners already have a number of common law and statutory defences. In particular they are protected by Article 14 of the e-commerce directive. This is an absolute defence against almost any liability a website owner might have for information supplied by a third party provided that either:

• they don't know about the illegality or
• once they do know they act "expeditiously" to remove the information

This has never been a very good defence since the host has to make up their mind whether or not they know about the illegality, but of course, how can they know? If it is information supplied by a third party they may have no idea. The European Court of Justice has been relatively generous about "knowledge" in this context - being well aware of the difficulties the host may have - but in the context of defamation it is always going to be a tough call. The fact that something looks defamatory ought to be obvious in most cases just by reading it.

So the proposals in clause 5 might have the effect of persuading website owners to give up the identity of anonymous users of their site as a result of general fear, uncertainty and doubt. On the other hand there will be nothing to stop them removing the material if they prefer to do so.

My views of the bill roughly echo those of the Inform Blog. Some of the "reforms" may even make things worse since they copy (into statute) things the courts are doing already, but none of us will be entirely sure whether that copy was, or was intended to be, perfect, so there may be yet more litigation to sort that out. Why we need to enact reforms the courts have already worked out for themselves seems puzzling to me, but I am not a politician.

As things stand the proposed clause 5 has a number of oddities.

First, there's nothing that penalises false use of a notice of complaint, nor is there anything allowing the regulations to impose sanctions on a claimant who misuses the procedure. In my view that should be fixed.

Second, if the claimant can already find out the identity of an anonymous troll (via the Norwich Pharmacal procedure), why do we need to qualify the website owner's defence at all? Sure, a Norwich Pharmacal order is expensive, but then so is a libel claim. 

Third, and most odd of all, the new clause 5 would give an absolute defence for any comment which was from an identifiable individual. As it stands if I, under my own name, post the most unpleasant libel to a website hosted in the UK, the victim of the libel can sue me but cannot sue the website. But suing me may not be what the victim wants - I might be dead, have no money or have run away to another country where they cannot catch me.

What a victim will often want in such cases is for the libel to go away and/or be corrected. They want some way of having the libel taken down. As it stands clause 5 may take away the victims power to do that since the website owner will have no liability in defamation at all. In some cases (eg blog comments) even I may not be able to remove a publication I have made, so a court order against me (the guilty party) may also be useless. 

I am not sure that is what intended and expect that the wording will be tidied up considerably if the clause goes forward but I still doubt very much that it is the right approach.

Copyright in industrial art - more protection

The problem with copyright is that it isn't strong enough - are words you are unlikely to hear me say. Today clause 55 of the Enterprise and Regulatory Reform Bill brings us an amendment to a fairly obscure corner of the Copyright, Designs and Patents Act 1988.

UK Copyright law has always had a somewhat awkward relationship with 3 dimensions. Graphical works, sculptures, collages and photographs are all protected "irrespective of artistic quality". Apart from sculptures, copyright also protects works of architecture (buildings and models for them) and works of "artistic craftsmanship". The latter category appears to be a fairly narrow one, though exactly how narrow is unclear.

Instead, UK law offers an alternative protection in the form of various design rights. There are actually 4 of these - design right, registered designs, and community unregistered and registered design rights. All of these are different to a greater or lesser extent, protecting different things, in different ways for different periods of time.

Inevitably there are overlaps between the two sets of rights. The Copyright, Designs and Patents Act 1988 does a certain amount to keep the two spheres of art and design separate. For example section 51 prevents the making of a object to a design from being an infringement of the design document. But it is section 52 that interests us today.

Section 52 deals with the situation where an artistic work has been exploited in the making of articles by an industrial process and marketing them in the UK. At the end of 25 years after the articles are first marketed, it ceases to be an infringement of copyright to copy the work by making articles (of any kind) or doing any thing for the purpose of making those articles (for example by producing preliminary design drawings). The articles may also be sold to the public and otherwise dealt with without infringing copyright in the original artistic work.

Section 52 is supplemented by the Copyright (Industrial Process and Excluded Articles)(No. 2) Order 1989 which, amongst other things, excludes certain kinds of article from its operation. For example, exploiting an artistic work by making a sculpture would not engage section 52 and hence would not weaken copyright protection after 25 years, which is one of the reasons why the question of whether a  storm-trooper's helmet was a "sculpture" was considered by our Supreme Court in Lucasfilm v Ainsworth (see from paragraph 29). Many more literary or artistic articles are excluded as well such as greetings cards, book jackets and stamps (you can read the whole list in regulation 3).

In other words, an artistic work is protected by copyright, but if its owner stoops to allow its industrial exploitation then, in that sphere, it is given a period of protection akin to that of a registered design.

What section 52 does not do is shorten the period of copyright protection, it merely weakens the protection copyright gives. A clear example of this appeared in Jules Rimet Cup v Football Association [2007] EWHC 2376 (Ch) which was a dispute about the registration of a trademark in World Cup Willie. The court had to decide (amongst other things) what effect section 52 had on the Football Association's copyright in the image of World Cup Willie. It had been the subject of considerable exploitation, but the court decided that, while section 52 would allow the making of many kinds of World Cup Willie articles, it would not allow the making of excluded articles (such as the sculptures, stamps and greetings cards mentioned above). To do so would still be an infringement of copyright.

An example (stolen from Copinger) demonstrates how section 52 works. Suppose an artist drew a picture of an iconic vehicle - lets say a car- in a comic strip. After 25 years of marketing models of the car as merchandising, the artist could no longer use copyright protection from preventing others making rival versions of the car, but the artist could still stop the making of stamps, greeting cards and, most importantly, comic books based on the original drawings.

The proposed clause 55 will do away with all that. The artist would, if the clause passes, be able to sue any imitator of the car for copyright infringement. Clause 55 therefore represents a further extension of copyright, albeit in a rather subtle way.

The coverage of the proposal has been rather patch. The Design Council say:

We understand that the Bill will repeal section 52 of the Copyright, Designs and Patents Act 1988, which currently restricts copyright to 25 years (calculated from the date on which the work is first placed on the market) on artistic works which are exploited through an industrial process.

Which, you will see, is garbled at best. The Design Council seems to think the clause only applies to "design classics". The government's own press release demonstrates the same confusion:

... extending copyright protection for mass-produced artistic works to life of the creator plus 70 years. These measures will promote innovation in the design industry and encourage investment in new products, while discouraging unauthorised copies

As usual there is an unevidenced claim that there will be a promotion of innovation and of course no comment no the innovation in terms of competing designers seeking to give a new physical embodiment to already exploited artistic works.

All this coverage suggests that at least some of those thinking about the new law are thinking it applies to works of artistic craftsmanship alone, whereas it will apply much more widely than that, even to tins of paint.

Marks: 0/10 for failing to address what impact this will have on the now lawful re-exploitation of industrially produced art.

Newzbin2 - the order

The High Court has just handed down its order in "Newzbin2".

For those not following the story so far goes like this: newzbin (whose site I will not link to for obvious reasons) describe themselves as a "Hand edited, searchable archive of Usenet binary content from the creators of the NZB Format." USENET is of course the grandparent of most peer-to-peer file sharing networks. People were sharing copyright material via USENET even when I started using the internet over 20 years ago. Newzbin do not host any of the material (which is available via USENET) but their site undoubtedly makes it much easier to find copyright infringing material to be downloaded. Unsurprisingly, many large copyright owners do not like it.

Last year, a group of Hollywood studios persuaded Mr Justice Kitchen that Newzbin were guilty of copyright infringement in three different ways (1) their actions amounted to "authorisation" of copyright infringement; (2) they were also joint infringers with or procurers of the infringement of their subscribers; (3) even though they did not host any of the movies complained about they "made them available to the public" which is an act protected by copyright. The case Twentieth Century Fox v Newzbin [2010] EWHC 608 (Ch) makes interesting reading as it explores just how far a website may (or in that case may not) go without infringing copyright.

Newzbin's reaction was to be expected: their operation moved outside the jurisdiction of the UK courts. Undeterred (one hopes they were sufficiently web-savvy to have anticipated the move) the studios applied to the High Court for an injunction against BT to force BT to block access to Newzbin to its (ISP) customers. The studios made use a statutory power given to the High Court to make injunctions of this kind under section 97A of the Copyright Designs and Patents Act 1988.

At the end of July, Mr Justice Arnold agreed to grant the injunction (Twentieth Century Fox v British Telecommunications [2011] EWHC 1981 (Ch) ). Lillian Edwards wrote a very neat analysis of the decision on the day it appeared. As she explains, Newzbin was an unusually good case for an injunction, not least because there had already been a decision of the High Court finding that the site was involved in copyright infringement. Other cases may be more difficult for rights holders to argue. It will depend.

Mr Justice Arnold postponed deciding on the exact form of the injunction — that is exactly what BT should be ordered to do — until he had heard further submissions from the parties. His decision on the form of order was what was handed down today.

A huge simplifying factor is that BT are already running a system known as Cleanfeed which is used to filter out material on the Internet Watch Foundation's list of suspect IP addresses and blacklisted URL's. This meant the order could require BT to add IP addresses and URL's supplied by the studios to its Cleanfeed list.

Cleanfeed is not used with all BT ISP products. In particular it is not used for what is effectively wholesale supply of internet connectivity, nor to particular customers in certain cases — one example being the police who, one imagines, absolutely do wish to be able to access illegal material for investigatory purposes. The order applies "In respect of its customers to whose internet service the system known as Cleanfeed is applied whether optionally or otherwise". Read literally that would appear to mean that customers who have Cleanfeed as an option but have opted out would still have to be filtered by BT. It is unclear to me whether that is what the judge intends.

The order makes it clear that BT is not required to carry out deep packet inspection. BT need simply rely on the IP addresses and URL's reported to it by the studios, but this, in my view, leads to the most serious defect in the order: it relies entirely on the good faith and judgment of the studios. There is no sanction for mis-reporting of websites. Since there is no requirement to publish the list of sites supplied to BT or to notify site owners that they have been placed on the list, it may be difficult to ensure that the studios act fairly and properly.

BT did try to obtain what is known as a cross-undertaking or an indemnity from the studios which would have compensated BT for any loss it suffered as a result of any mistakes made by the studios. The judge rejected that request on the basis that, as he decided, BT could not be liable for damages (eg by being sued by its customers) because it was acting under a court order. That will no doubt be a useful decision for ISP's and web service providers in other situations, but it did mean there was no basis for imposing any sanction on the studios for supplying incorrect sites in its list.

There was some argument as to how precisely the list should be described. In order to ensure that it would be difficult to circumvent the order, the judge decided that the order would apply to not only the newzbin website itself but also to "any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin2 website". Here we see one of the weaknesses of section 97A. It gives the High Court the power to grant an injunction but it fails completely to say what kind of an injunction that might be. In particular it does not say that the injunction should be restricted to preventing access to sites where copyright is being infringed (like Newzbin). I am therefore concerned about whether the combination of the wording of the order and lack of sanction on studios may cause problems at a later date.

The other significant issue was costs. While costs (which lawyers get very excited about) may not seem as interesting as arguments about what should be blocked and how, costs are often as expensive to a party as the consequences of losing (or winning) a claim. Costs are a big deal. One positive outcome of the decision is that BT was entitled to be paid its legal costs for the first part of the claim up to 16 December 2010 - in other words the costs that would have to be incurred to obtain a court order. In the future ISP's can be reasonably confident that they can demand a court order before instituting website blocking and not expect to have to pay the costs of that order. The judge found that BT should pay the costs of the contested part of the proceedings, but that each party would bear its own costs for the decision about the final order.

In conclusion, I have two points to make: first, it is now clear that copyright owners are perfectly able to obtain quite favourable court orders to block websites, so that there was really no need for the Digital Economy Act 2010 to introduce more website blocking provisions when the existing ones (in section 97A) had not been properly tried out. Second, other cases may not work out the same way as this one. For example TalkTalk do not run Cleanfeed. One expects that the argument (and subsequent order) in a case against TalkTalk might be a little different for that reason. We will see.

Can we force facebook to give us its "like" database?

Jim Killock of the Open Rights Group pointed me at an interesting response made by facebook to an Irish student named Max's subject access request under Irish data protection legislation which forms a part of the Europe versus facebook campaign.

The particular point that interests me is that, concerns facebook's tracking of all pages visited which show a "like" button - a practice that can be really intrusive. Although Max did obtain a considerable quantity of information, facebook did not release to him their list of "like" tracked data.

In their response facebook say:

Section 4(12) of the Acts carves out an exception to subject access requests where the disclosures in response would adversely affect trade secrets or intellectual property. We have not provided any information to you which is a trade secret or intellectual property of Facebook Ireland Limited or its licensors.

Unfortunately for facebook, that isn't quite what the relevant Irish legislation appears to say (health warning: I am not an Irish lawyer). What section 4(12) of the Irish Data Protection Act 1988 says, according to a consolidated version of the statute, is:

(12) Subsection (1)(a)(iv) of this section is not to be regarded as requiring the provision of information as to the logic involved in the taking of a decision if and to the extent only that  such provision would adversely affect trade secrets or intellectual property (in particular any  copyright protecting computer software).

Note the phrase "information as to the logic involved in the taking of a decision". What this is all about is that section 4 gives data subject several different rights. One right (in section 4(1)(iii)(I)) is to be supplied with a copy of "the information constituting any personal data of which that individual is the data subject" - a simple right to information. Another, and different right, can be found in section 4(1)(iv) which applies to automatic decision making by the data controller. Here the data subject has a right to be informed of the "logic involve in the processing". Obviously that's quite a different right since it is essentially a right to know about algorithms rather than data.

Quite clearly section 4(12) is a restriction on the right under 4(1)(iv) to know about the logic of automatic decision making and not a restriction on the right of information simplicter. Nice try facebook, but I can't see that working.

Our own legislation is very slightly different. We also have a right (in section 7(1)(d) of the Data Protection Act 1998 to be informed about the logic involved in automatic decision making, but the restriction on that right is limited to trade secrets. Section 8(5) says:

Section 7(1)(d) is not to be regarded as requiring the provision of information as to the logic involved in any decision-taking if, and to the extent that, the information constitutes a trade secret.

So that any UK national involved in the Europe v facebook campaign has a much stronger argument.

In any case, at best facebook can claim a database right over the contents of the list of pages visited by Max that they have collected using the "like" button. The database right is a creature of European law (directive 96/9/EC). Recital 48 of the directive states that "the provisions of this Directive are without prejudice to data protection legislation", which seems to me to argue that data protection law ought to trump database right. If you think about it, the contrary would be an impossible situation. Personal data will often be protected by database rights. If you could use database rights to avoid subject access requests they would be of far less use.