Home copying of e-books and digital rights management

A frequently asked question that seems appropriate this time of year (given the number of e-books that are likely to appear in people's Christmas stockings) concerns what one is legally allowed to do with documents on one's own e-book, particularly one that is protected by some form of digital rights management.

Let us consider John, a keen adopter of technology. John has a number of different e-book reader platforms and numerous e-books in a variety of formats. He'd like to be able to make back up copies of the books and transfer them from one device to another — known as "format shifting". He is interested in what the law has to say about it. To keep things simple I'm not going to think about what he ought to be able to do or what he might get away with: working through the law will be enough for one post. Let us also assume that someone owns the copyright in the book being read.

Contract

John's first difficulty is that if he "bought" the e-book he may well be bound by a contract with the distributor. For example the mobipockets terms of trade (which are written in appallingly broken English) appear to prevent him format shifting since they say, under section 5 "Terms of Product or Service Use/Loadings":

You admit and you accept that the product or the service bought is exclusively readable on the PDA corresponding to the PID you registered on the Site at the inscription moment.

and further under section 9 "Property Rights":

Every elements you will find on the Site in particular the texts, the information, the images, the softwares, the logos and other distinctive signs etc. may be protected by property rights in particular copyrights. By the way you promise not to reproduce, copy, sell, resell, rent or exploit etc. whole or part of these elements in a commercial or other purpose, unless you have allowed to do it by the beneficiary.

These terms appear to prohibit John from copying an e-book to another device. If he does so he will be in breach of contract.

But at Christmas many of John's e-books were probably bought for him by his friends and family. Most legal systems won't enforce a contract against someone who was not a party to it (except in certain exceptional circumstances). In particular I think this is true in French law — the law selected by the mobipockets terms of service. John would therefore not be bound by the e-book's terms of service.

Copyright

John's second difficulty occurs if the book is subject to copyright. As a general rule John may only copy it with the permission (direct or indirect) of the copyright owner. The exceptions to the rule, most of which fall under the heading of "fair dealing" (a poor, stunted relation of the United States concept of "fair use"), are few and far between and most certainly don't include format shifting and backup.

That permission, or as we lawyers prefer to say licence, will usually come with strings attached restricting John to certain kinds of copying. For most e-books this will not include format shifting, though backup may be permitted. If John format shifts he risks doing so without a licence and thus infringing copyright.

Digital Rights Management

In practice this is all rather theoretical: no-one seems to take a blind bit of notice and format shifting particularly of recorded music in breach of its owner's copyright is the rule rather than the exception. Publishers have responded by adopting an asortment of technical measures to try to control what their customers are able to do with works that they have "bought". For example by adding region codes to DVD's so as to partition the world market, or in the case of e-books by adopting various format restrictions such as Amazon's AZW file format.

If reading E. E. "doc" Smith taught us anything it was that, given time, pretty much any technology can be beaten. The other side will invariably find a way around it. This appears to be true with DRM as with anything else. John will almost certainly be aware that the DRM used by the Amazon kindle has been hacked.

Legal protection of DRM

The next round in this rather sorry conflict between the desire of publishers to control the use of their works after they have been sold and their customers' understandable wish to be able to freely use what they have "bought" comes with the signing of the WIPO Copyright Treaty (a.k.a the WCT) on December 20 1996. Article 11 specifically requires parties to the treaty to take steps to prevent John getting around the DRM on his e-books:

Article 11
Obligations concerning Technological Measures
Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.

If you read this carefully you will see that there is no need to protect against the circumvention of a technological measure where that measure is being used to restrict an act that is permitted by law. In other words the states that are parties to the WCT do not need to enact laws that prohibit John from getting around DRM which is stopping him from doing something he is otherwise allowed to do: for instance if the e-book is not subject to copyright; or if he lives in a country (like France) where there is a private copying exemption or (if he lived in the US) where what he is doing would be fair use and so on.

The European Union legislative response to the WCT came on 22 May 2001 with Directive 2001/29/EC sometimes known as the Copyright Directive or the Information Society Directive. The directive is much less generous than the WCT. The definition of "technical measure" found in article 6(3) is even less easy to read than article 11 of the WCT, for reference (though feel free to skim over it):

For the purposes of this Directive, the expression "technological measures" means any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other subject-matter, which are not authorised by the rightholder of any copyright or any right related to copyright as provided for by law or the sui generis right provided for in Chapter III of Directive 96/9/EC.

So, a "technological measure" is anything which prevents an act not authorised by the owner of copyright (or some similar right) even if that act would otherwise be permitted by law. In this way the directive is going much further than the WCT. Article 6(4) does permit members states of the EU to incorporate some relief for anyone who is prevented from some otherwise lawful uses of their work by technological measures, but as we shall see article 6(4) does not sweeten things nearly as much as one might hope.

The directive enters English law on 31 October 2003 as a number of new sections in the Copyright Designs and Patents Act 1998. Section 296ZA attempts to prevent the circumvention of DRM ("technological measures"). It does this by making the circumvention of DRM the equivalent of copyright infringement. It permits not only the copyright owner, but also the publisher (strictly speaking the person who issues to or communicates to the public the protected work) to sue the person circumventing the DRM. Amazon could pursue John, alongside the owners of any copyright in any e-book he format shifts.

What if John wants to do something he would otherwise be permitted to do (for example that would be fair dealing for the purposes of private study)? In other words how has the UK tried to prevent DRM being used in an overly powerful way? Answer: they can complain about it. Section 296ZE permits them to issue a notice to the Secretary of State. The Secretary of State may then (but is entirely free not to) order the copyright owner or any exclusive licensee of the work to do something about it. As far as I know, the Secretary of State has never done so.

The real target of section 296ZA will not be John who after all is doing things in the privacy of his own home.Anyone who works out how to get around (say) Amazon's DRM and publishes that information on the web will also have circumvented a technological measure and will make a much more attractive target, not least because Amazon et al will have a much easier time in proving that they have suffered significant damages as a result of the circumvention.

Two small brighter points appear: first s.296ZF, defining a "technological measure", makes it clear that they only apply to a "copyright work". There should be no pentalty for getting around DRM attached to an out of copyright work. Second, only "effective" technological measures are protected. It would be marvellous, though I think unlikely, if the European Court of Justice accepts the literal meaning of that word so that once there is a widely known exploit that will crack any particular DRM we are all free to use it.

In conclusion: if John wants to avoid infringing any legal rights, he will only be able to format shift, take backups or otherwise copy material if permitted to do so by the copyright owner. Whether a company that digitised (say) the Complete Works of Shakespeare could claim that in doing so it gained a new copyright over the digitised version is another (and much more complicated) story. For now, Happy Christmas.

Government wants new powers to block wikileaks and squeeze web tv

Just over a week ago I wrote a fairly dry legal analysis of the Digital Economy Bill. I spotted an extremely serious provision — clause 11 — in the version being discussed in the House of Lords. Having looked at the amendments (which you can find on the Bill's document page) I am worried that no-one in Parliament appears to be taking the problem seriously.

What is the problem with clause 11 that I am getting so alarmed about it? It amends the Communications Act 2003 to insert a new section 124H which would, if passed, give sweeping powers to the Secretary of State. It begins:

(1) The Secretary of State may at any time by order impose a technical obligation on internet service providers if the Secretary of State considers it appropriate in view of—

Pausing there. Note that this says nothing at all about copyright infringement. For example the power could be used to:

• order ISP's to block any web page found on the Internet Watch Foundation's list
• block specific undesireable sites (such as wikileaks)
• block specific kinds of traffic or protocols, such as any form of peer-to-peer
• throttle the bandwidth for particular kinds of serivce or to or from particular websites.

In short, pretty much anything.

I do not exagerrate. The definition of a "technical obligation" and "technical measure" are inserted by clause 10:

A "technical obligation", in relation to an internet service provider, is an obligation for the provider to take a technical measure against particular subscribers to its service.

A "technical measure" is a measure that— (a) limits the speed or other capacity of the service provided to a subscriber; (b) prevents a subscriber from using the service to gain access to particular material, or limits such use; (c) suspends the service provided to a subscriber; or (d) limits the service provided to a subscriber in another way.

As you can see blocking wikileaks is simply a matter of applying a technical measure against all subscribers of any ISP.

Surely something must limit this power you ask? It seems not. The Secretary of State may make an order if "he considers it appropriate" in view of:

(a) an assessment carried out or steps taken by OFCOM under section 124G; or (b) any other consideration.

Where "any other consideration" could be anything. To their credit the Tories do seem to have realised that this particular alternative is overly permissive. Lord Howard of Rising and Lord de Mauley have proposed (in the first tranche of amendments proposed that the "or" be replaced by an "and".

What astonishes me is that there is no obligation for the Secretary of STate to even publish such an order, let alone subject it to the scrutiny of Parliament, yet he could fundamentally change the way the internet operates using it. Other orders made under other parts of the Bill will have to be made by statutory instrument and most will require Parliamentary approval. Not this one.

The only other amendment that has so far been tabled that might restrict the powers of the Secretary of State under clause 11 appears in a third tranche proposed by the liberal democrat Baroness Miller of Chilthorne Domer which deletes the paragraph (b) from the definition of a technical measure (i.e. "limits the service provided to a subscriber in another way") which does put some bounds, although not very tight bounds on what an imaginative Secretary of State might do.

The government is not at all imaginative. In their explanatory notes they envisage:

The government envisages that the criteria for taking a technical measure against a particular subscriber would be the same as the criteria used to determine whether the subscriber' s alleged infringements are included in a copyright infringement list under the initial obligations. So a technical measure would be applied if a subscriber had been linked to a number of CIRs sufficient to place them on a serious infringers list.

Note very well: they expect to use the power against the guilty and the innocent (of copyright infringement) equally.

The problem, I think, is that people are skim-reading the Bill and thinking that this part has to do with copyright infringement. Clause 11 is nestled between provisions about notifications of copyright infringement (the "strikes" idea) and the technical obligations code. People seem to be assuming that the Clause 11 power will only get used in that context but there is nothing in the Bill to make that so. As fellow blogger Julian Todd pointed out the government froze the funds in the Landsbanki bank using powers contained in the Anti-terrorism, Crime and Security Act 2001. A future government might well think "that's a useful power" and use it for almost anything. Let us hope that the Lords wake up to this fast. I have much less hope of the Commons.

National Portrait Gallery: is there a database right?

I have already written about the National Portrait Gallery's legal threat against Mr Coetzee, an editor of wikipedia. I considered only the validity of the gallery's copyright claim. What about its claim that Mr Coetzee infringed the gallery's database right?

The database right is a based on the EC Directive 96/9/EC, transposed into English law by the Copyright and Rights in Databases Regulations 1997.

The directive defines a "database" as:

a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means

That's a pretty broad definition and covers anything you might think of as a "database". The photographs of paintings are independent works (even if they are not subject to copyright protection) and the gallery seem to have arranged them in a systematic way so that they are accessible by electronic means. That just tells us what a "database" is. In order to obtain the protection of the database right, the maker of the database must show:

that there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database

That is actually 6 different conditions, all neatly packed up in the compression system that is legal drafting. First the maker of the database must show that there has been some substantial investment, which can be of two kinds, either quantitative or qualitative; and second that investment can be in one of three things: obtaining, verification or presentation.

What sort of investment counts? Here the decision of the European Court of Justice in Fixtures Marketing v OPAP C-444/02 comes into play. The top divisions in English and Scottish football drew up fixture lists for the matches to be played in the various divisions during each season. Fixtures Marketing Limited had been assigned the rights to manage this information outside the United Kingdom. OPAP repeatedly extracted the names of pairs of football teams playing against each other and displayed them on its website. Fixture Marketing were obviously unhappy about this and sued. The question of what was a database and how was it infringed was referred to the European Court of Justice.

The court held that "investment in ... the obtaining ... of the contents" referred to resources used to seek out independent materials that already existed and to collect them into the database and not the resources used to create the independent materials in the first place. The purpose of the database right was (thought the court) not to protect the creation of materials that went into the database but to protect the creation of the storage and processing systems for the database.

As support for this view the court pointed out that recital 19 of the directive states that the compilation of several recordings of musical performances on a CD does not represent a substantial enough investment to be eligible. The investment in the music is not enough.

The relevance of this case to the NPG is obvious. One suspects a great deal of the investment in creating the photograph database was in taking and making the photographs. That, on the authority of Fixtures Marketing is irrelevant.

As for verification and presentation, the court seems to have required that any investment that forms a part of the creation of the independent materials would also have to be disregarded. For example, on verification the court said:

The professional football leagues do not need to put any particular effort into monitoring the accuracy of the data on league matches when the list is made up because those leagues are directly involved in the creation of those data. The verification of the accuracy of the contents of fixture lists during the season simply involves, according to the observations made by Fixtures, adapting certain data in those lists to take account of any postponement of a match or fixture date decided on by or in collaboration with the leagues. Such verification cannot be regarded as requiring substantial investment.

Of course I have no idea exactly what work went in to the NPG's database, but I think it is here that they come unstuck. In their letter to Mr Coetze the gallery's solicitors use the time honoured tactic of proof by assertion:

Our client’s website includes a searchable database of over 60,000 carefully chosen, curated and watermarked images. There can therefore be no doubt that our client’s database of images is a “database” for the purposes of s.3(A)(1) of the CDPA.

If, as seems to be the case, the gallery had set aside funds to digitise its collection, those funds and the investment they represent would have to be ignored. The "carefully chosen" images would be just those images that the gallery had chosen to digitise, creating a database from that collection would not necessarily represent the substantial investment the directive envisages. I have no idea whether the "curated" refers to the paintings (in which case it is irrelevant) or the images (in which case I don't know what curating a digital image might mean). The watermarking would surely form a part of the gallery's effort in creating the digital images in the first place and also have to be disregarded.

There's too little information to be able to assess how good the gallery's claim might be, but whether they have a database right at all is open to some considerable doubt.

National Portrait Gallery: photographs of paintings

There's been quite a bit of discussion about a legal threat made against a wikipedia administrator Derrick Coetzee. What he is accused of doing is of having accessed the National Portrait Gallery (NPG)'s website and downloaded some 3,300 high resolution images from its database. Solicitors acting for NPG have alleged 4 different causes of action:

• breach of contract
• unlawful circumvention of technical measures
• infringement of NPG's database right
• infringement of copyright

I'm not going to discuss the first 3 claims (if anyone is interested please let me know and I can write about them in another post). I will say that the first two claims seem hopeless to me to the point of being misconceived while the database claim depends on some facts about the NPG database and its extraction that I do not know.

There's also a question about jurisdiction. Mr Coetze appears to be based in the United States, the NPG is claiming under English law. Assume for the moment that that is not a problem.

In this post I'll try to explain what I think the legal controversy is all about. Obviously there's a huge debate about policy, both for the general question of whether photographs of paintings should be the subject of copyright in themselves, and also whether the NPG itself should or should not be allowing organisations like wikipedia to use its stock of digitised photographs. I'll leave that debate to another forum.

Introduction

The problem starts with the requirement of s.1(1)(a) of the Copyright Designs and Patents Act 1988, which states that copyright "subsists" in an original literary, dramatic, musical or artistic works. If the work is not original then it cannot be the subject of copyright.

What does "original" mean? Everyone seems to agree that it doesn't cover the same ground as the terms "novel" or "inventive" do from patent law. Roughly speaking: copyright not about ideas but the expression of those ideas: you can copy the idea but not the expression.

In English law there seems to be two strands of thought on what "original" means:

• "Original" implies "not copied". An author may adapt something that already exists but they must put enough "independent skill and labour" into that adaptation to result in something that is "original".
• "Original" means that sufficient" independent skill and labour" has gone into the work. It really doesn't matter if its an identical copy of something that already exists provided that enough originality has gone into the copying.

Strand 1: "original" means "not copied"

An early, and classic attempt to get to grips with originality came in University of London Press Ltd v University Tutorial Press Ltd (1916). The court was considering whether university examination papers were "original". Peterson J said:

The word “original” does not in this connection mean that the work must be the expression of original or inventive thought. Copyright Acts are not concerned with the originality of ideas, but with the expression of thought, and, in the case of “literary work", with the expression of thought in print or writing. The originality which is required relates to the expression of the thought. But the Act does not require that the expression must be in an original or novel form, but that the work must not be copied from another work - that it should originate from the author.

No-one had suggested that the examination papers were direct copies of anything, but that the examiners had drawn on the general stock of knowledge in mathematics and so the papers were not "original". That means that the case did not directly concern whether or not there can be "original copying". Strictly speaking that part of the judgment is what lawyers call an obiter dicutum — something that is said in passing but which does not have binding authority on future cases (though it can be pretty persuasive).

In British Northrop Limited v Texteam Blackburn (1973), Megarry J cited University of London and added:

A drawing which is simply traced from another drawing is not an original artistic work: a drawing which is made without any copying from anything originates with the artist.

Again the case was actually about whether drawings were original enough, so again this is strictly an obiter dictum.

The saga continues: Northrop was approved by the Court of Appeal in Merlet v Mothercare (1986) (concerning copies of designs for a baby's rain cape) but again the main question was whether the designs were original enough.

The first strand of thought in English law culminates in the case of Interlego v Tyco Industries(1988) in which Lord Oliver said:

It takes great skill, judgment and labour to produce a good copy by painting or to produce an enlarged photograph from a positive print, but no one would reasonably contend that the copy painting or enlargement was an "original" artistic work in which the copier is entitled to claim copyright. Skill, labour or judgment merely in the process of copying cannot confer originality.

This decision comes with a health warning: it was made by the Judicial Committee of the Privy Council. Its decisions, though strongly persuasive, are not binding on English courts.

Strand 2: "original" means "with independent skill...."

The other strand of thought can be seen in the House of Lords decision in Walter v Lane (1900). The Times employed reporters who took a verbatim note of speeches made by Lord Rosebery, and transcribed the notes into copy that was published in the newspaper. The Times claimed copyright on the reports.

One of the issues before the court was whether the reporters were the "authors" of the reports. The House of Lords decided that they were.

At first sight this is a fairly unpromising authority since, at that time, copyright in works of literature did not have an originality requirement. Indeed Lord Halsbury was quite scathing about the use of the word "original" in the Court of Appeal. For that reason a succession of High Court judges have questioned whether or not Walter v Lane is still good law but the question was not decided until Express Newspapers v News (UK) (1990) when Sir Nicholas Browne-Wilkinson decided that Watler v Lane was good law after all.

In Express Newspapers there had been a relatively long interview (at least 8 hours according to the report) with a member of the Royal Family, excerpts of which had been reproduced by the newspaper. So the situation differed a little from the reporter taking down a speech situation in Walter v Lane.

The Court of Appeal gave its seal of approval to Walter v Lane in Sawkins v Hyperion Records(2005). The court made clear its strong disagreement with the first strand of authorities culminating in Interlego.

Most relevant for the NPG claim is that the court adopted a statement from a text called The Modern Law of Copyright which directly addresses the "picture of a picture" question (apologies for the long quotation but it is worth reading through):

However, whilst the remarks made in Interlego may be valid if confined to the subject matter then before the Privy Council, they are stated too widely. The Privy Council was there considering fairly simple technical drawings. This is a rather special subject-matter. While the drawing of such a work is more laborious than it looks, it is a fact that any competent draftsman (perhaps, any conscientious amateur) who sets out to reproduce it exactly will almost certainly succeed in the end, because of the mathematical precision of the lines and measurements. This should be contrasted with, eg a painting by Vermeer, where it will be obvious that very few persons, if any, are capable of making an exact replica. Now, assume a number of persons do set out to copy such a painting, each according to his own personal skill. Most will only succeed in making something which all too obviously differs from the original – some of them embarrassingly so. They will get a copyright seeing that in each instance the end result does not differ from the original yet it took a measure of skill and labour to produce. If, however, one of these renders the original with all the skill and precision of a Salvador Dali, is he to be denied a copyright where a mere dauber is not? The difference between the two cases (technical drawing and old master painting) is that in the latter there is room for individual interpretation even where faithful replication is sought to be attempted while in the former there is not. Further, a photographer who carefully took a photograph of an original painting might get a copyright and, if this is so, it is rather hard to see why a copy of the same degree of fidelity, if rendered by an artist of the calibre aforementioned, would not be copyright.

This statement (and Sawkins in general) make me somewhat nervous.

The logic seems to go: applying some (but not enough) skill to copying a painting exactly results in a copyright, therefore the application of considerable skill ought to. But exactly the question we are asking is: is skill all by itself the criterion, or does that skill have to produce something new? The statement in Sawkins seems to do nothing but beg that question and thus resolve nothing.

Furthermore, the case concerned a musicologist who produced modern performing versions of the work by the French composer de Lalande. Far from being an exact copy, considerable work was involved, which included writing parts that were missing from the original. To my inexpert eye it seems to me that Mr Sawkins's work was "original" in the sense of not being a copy. A French court considering the same works agrees with my conclusion. Arguably the interesting discussion about paintings and photographs by Lord Justice Jacobs in Sawkins is also obiter dicta.

I also have great difficulty with Walter v Lane for a completely different reason. In English law a work does not become subject to copyright until it is recorded in some permanent form ("fixation"). It is normally accepted that the person recording a work might not be the author. Where an author dictates to a secretary (for example) there is no doubt that the work is the author's not their secretary's. It is very common in the modern music industry for musicians to jam together to produce a work but for the recording to be done by someone else. Again no-one supposes that the musicians are not the authors of the work. That principle does not seem to sit well with Walter v Lane.

Even in Sawkins it is recognised that a slavish copy would not be original. The question would be one of degree.

Is it different for photographs anyway?

I have been deliberately ignoring a direct authority from way back in the nineteenth Century — Graves' Case (1869). The court of the Queen's Bench had to deal with a case involving 3 photographs of engravings. Under the Fine Arts Copyright Act 1862 originality was a criterion for copyright. Blackburn J said:

All photographs are copies of some object such as a painting or statue. And it seems to me that a photograph taken from a picture is an original photograph, in so far that to copy it is an infringement of this statute.

Ooops.

The difficulty with Graves' Case is that it does not explain what "original" does mean for a photograph. It seems reasonable to assume that some photographs must not be original, otherwise there would be no need to restrict copyright to original ones. Nor is it clear from the report what kind of photographs they were and how they were taken.

Conclusion

As far as I can see, the authorities look bad for Mr Coetze but not by any means hopeless. If I had to argue the case for him, I might proceed as follows:

• Walter v Lane is not good law because it did not consider the question of originality
• National Express and Sawkins address works which are not exact copies and so any statements within them are obiter.
• In Walter v Lane and National Express there was no existing "work" to copy (since they both deal with words that had been said but not written down and therefore fixed).
• London University Press has (via Northrop) been adopted by the Court of Appeal and so is at least as good an authority as Sawkins although strictly speaking they are all obiter
• Graves' Case is a ruling on the particular facts of the case which cannot be easily determined from the report so we cannot tell what criteria were applied by the court making it a problematic authority
• Lord Oliver's view in Interlego should be strongly persuasive
• Other jurisdictions with which we are closely connected (eg much of the EU) and with which there is considerable trade (the United States) do not accept that a photograph of a painting which attempts to be as faithful to the original as possible can command copyright, hence as a matter of comity our law should be developed in that way.

I have not given the subject a great deal of thought, and it may be that there is more to be found by a more thorough search, but it seems to me that Mr Coetze's position is not ideal, but nor is it hopeless.

Post codes and the database right

At opentech 2009 Harry Metcalfe presented the idea for a site (which I will call Ernest Marples) to convert postcodes into latitude and longitude pairs. Ingeniously, the site does not store any data itself, instead it scrapes a number of other sites for the information and returns the result. Does this get around the Royal Mail's database right in the postcode database? Sadly, I do not think it does.

Let us ignore for the moment whether the site breaches any terms and conditions of the sites that it is scraping for its data. The identity of those sites is a secret so although there amy be a question mark over the legality of the scraping, to say any more would be to theorise without data. Instead I want to focus on the database right.

In the 1990's it became clear that, in a number of EC/EU member states, that collections of information could not necessarily be protected by copyright. For example in the Dutch case of Van Daele v Romme a publisher was unable to prevent the copying of all the words in its dictionary. A similar position was reached in the United States where the Supreme Court decided in Feist that a telephone directory could not be subject to copyright.

The eventual result was Directive 96/9/EC of the European Parliament and of the Council on the legal protection of databases. Chapter III of the directive creates a thing called the "sui generis right". The core of that right can be found in article 7(1):

Member States shall provide for a right for the maker of a database which shows that there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database.

As you can see a lot of alternatives are being packed in. If all that you remember is that the focus is substantial investment you will not go far wrong. Roughly speaking, lots of investment implies protection. To unpack a little: the substantiality of the investment can be qualitative (it took real skill to select just these poems) or quantitative (we spent many person years walking to every grid point and photographing it). That investment can be in verification and presentation as well as collection.

The right allows a rights holder to prevent either:

• extraction; or
• reutilisation

Of a substantial part of the database.

Ernest Marples is not extracting a substantial part of the database, but I'm less sure about re-utilisation. The term "re-utilization" is defined in article 7(2)(b) to mean:

any form of making available to the public all or a substantial part of the contents of a database by the distribution of copies, by renting, by on-line or other forms of transmission.

Is that what Ernest Marples site is doing? On the one hand Ernest Marples only hands out single (postcode, co-ordinate) pairs and so it could be argued that it is not making the whole of the database available at any one time. On the other hand a member of the public can query any postcode and Ernest Marples is almost certain to be able to return a result for it.

It may be that the drafters of the directive saw Ernest Marples coming because they added an additional form of infringement in article 7(5):

The repeated and systematic extraction and/or re-utilization of insubstantial parts of the contents of the database implying acts which conflict with a normal exploitation of that database or which unreasonably prejudice the legitimate interests of the maker of the database shall not be permitted.

Roughly speaking: lots of insubstantial extractions etc may add up to a substantial one. When exactly? That was just the question that the Swedish Supreme Court in Fixures Marketing v AB Svenska and the Court of Appeal of England and Wales in British Horseracing Board v William Hill wanted to know. The European Court of Justice explained to them that the purpose of article 7.5 is exactly to prevent someone getting around 7.1. If the effect of the repeated extractions or re-utilzations would have the same negative effect on the maker of the database as a breach of 7.1 (if all the extractions etc had been done all at once), then that is a breach of 7.5.

I think Ernest Marples is probably caught by 7.5 even if he gets away with avoiding 7.1. Article 8 does provide a defence for lawful users of the database but that is even more fraught a line of argument (if you thought 7 was badly drafted, have a read of 8 and try and work out what its meant to do). There is some doubt, but not enough to make Ernest Marples's method your business plan.

As Harry explained at opentech, part of the purpose of the site is political. There is a strong body of opinion that the Royal Mail should not have a monoploy on this extremely important database. If Ernest Marples is sued that will generate terrible publicity for the Royal Mail (as it should).

Tags: postcode, database right, databases

Data protection: new tiered notification fees

For most of my clients I expect this is a non-event, but it is interesting nonetheless. Fees for notifying the information commissioner are now tiered. Tier 2 consists of organisations with a turnover of £25.9 million or more; or 250 or more members of staff. Charities and small occupational pension schemes escape tier 2 and come under tier 1, as do the rest of us.

The practical effect is that, as from 6th July 2009, tier 2 processors pay a notification fee of £500+VAT, while tier 1 processors continue to pay £35+VAT.

The thinking appears to be that bigger organisations require more regulatory supervision and so should pay more. I'm not sure that's right - surely it depends on the organisation? The reverse might well be true in some fields. As always the numbers (35, 250, 500, 25.9 million) presumably do have a rationale but its not clear to me. Maybe some manipulation of them gives the fine structure constant.

Law changed courtesy of the Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009.

Pirate Bay - the end?

Pirate Bay have announced that they are likely to be selling the business to the Swedish company Global Gaming Factory X AB according to the company's press release the transaction is schedule to complete for August 2009. Their CEO, Hans Pandeya, is quoted as saying:

"We would like to introduce models which entail that content providers and copyright owners get paid for content that is downloaded via the site"

I read that as meaning that the nature of the site will change dramatically, although Pirate Bay's own blog comments that if the new owners change the site dramatically, no-one will continue to use it.

Pirate Bay loses appeal

According to the Swedish Court Service website, the four defendants in the Pirate Bay case have lost their appeal. The Svea Court of Appeal decided that, despite some criticism of the way in which the judges in the trial had proceeded, the trial was fair.

I have yet to read a reasoned decision so I am relying on the press release. One line of reasoning seems to have gone as follows: the presiding judge was a member of two organisations operating in the field of intellectual property. Let us say, for the sake of argumen, that the judge’s membership of these organisations showed that he was in favour of the enforcement of intellectual property and would thus be supportive of rights holders. That does not, thought the court, prevent a fair trial because intellectual property rights are legal rights in Sweden as the law stands. Being in favour of them merely means being in favour of the law.

An analogous argument might be used in a case in which a judge who was in favour of private property rights and their enforcement should still be allowed to sit on a case of theft, or for eviction of trespassers.

Having said that the court appears to have thought that information like this (membership of relevant associations)  ought to have been available at the earliest stage, so that it can be properly dealt with then rather than on appeal.

I remain sceptical as to whether the judge (Tomas Norström) really was biased in any way. The Swedish Association for the Protection of Industrial Property and the Swedish Copyright Association do not look (to me) like industry organisations that pursue infringers of intellectual property, but rather more like the sorts of organisations that lawyers routinely get involved in for the better exchange of ideas and study of a subject.

Members are likely to have a lot of different affiliations, work against each other in practice on many occasions and the mere fact that A and B are both members of such an assocaition doesn’t mean they will even like each other. I certainly can’t stand the sight of some people in the same professional bodies as myself.

The trouble is I haven’t seen a good analysis of the two Swedish bodies to be sure. I look forward to reading the full decision of the Court of Appeal (if it becomes available) to make up my own mind.

Where does this leave the Pirate Bay four? If the press release is to be believed, there is no appeal but proceedings in the European Court of Human Rights are sure to follow.

Technorati Tags: pirate bay, copyright, P2P, music file sharing

Social Networking Sites and Data Protection

The Article 29 Data Protection Working Group has published its opinion on the relationship between the Data Protection Directive and Social Networking Sites (SNS).

A key point to take away is that operators of SNS are data controllers rather than merely data processors, so that they are more likely to be subject to European data protection law than if they were merely “data processors”.

Who is the working party?

The working party was set up by by the data protection directive as an advisory body. Its opinions are not legally binding, but they are likely to be persuasive and the Commission must respond them.

Key points

The response to the opinion (so far) has concentrated on the view that SNS operators are probably data controllers. I’ll have more to say about that at the end of this post.

For me the most interesting points are:

• SNS operators are usually data controllers
• … and so are many third party application providers
• … as indeed will be many users
• privacy should be the default setting
• release of profile information beyond a user’s selected friends should never be implicit
• third party applications should not by default be given access to all an individual’s profile information, but only what is necessary for that application to work

It seems to me that this signals a tougher line to SNS like facebook which will not be able to get away with, for example, a completely cavalier attitude to third party applications.

There are a couple of specific points of interest.

Users

Almost anything about someone is “personal data” but most individuals using an SNS won’t be subject to the Directive because it excludes processing “by a natural person in the course of a purely personal or household activity”.

The working group notes an increased use of SNS for other purposes such as for businesses or campaigning. Those would fall outside the household exception and such users would need to comply with the Act.

The Working Group makes three recommendations on this point:

- SNS providers provide adequate warnings to users about the privacy risks to themselves and to others when they upload information on the SNS - SNS users should also be reminded that uploading information about other individuals may impinge upon their privacy and data protection rights; - SNS users should be advised by SNS that if they wish to upload pictures or information about other individuals, this should be done with the individual’s consent.

Which seems entirely positive. Strictly speaking you don’t always need an individual’s permission to process their data, so the last point is not quite right, though it is good practice. What the Directive does require is that individual’s are notified of the processing, which could be done by a tagging system.

Having said that, the Directive was not (I think) written with uses of SNS in mind. I suspect that more difficulties will follow.

Controller vs Processor

The Directive makes a distinction between “controllers” on the one hand “processors” on the other. A controller is an entity which “alone or jointly with others determines the purposes and means of the processing of personal data.”

In the context of an SNS you might argue that it is the users of the site who decide the purpose and means of processing the data, the operator of the site provides nothing more than an environment for the users to do what they wish (post pictures, disclose information about themselves and so on). In other words, they are just a processor.

The Working Party thinks not. Amongst other things sites like facebook decide what use is to be made of data contributed to the site for the purposes of advertising and marketing.

This matters for two reasons: first because it is on the controller (not the processor) that most of the obligations of the directive are imposed; but second because the location of the controller affects whether or not the directive applies at all.

How far does the Directive reach?

The answer to that question applies in article 4 of the directive which states:

(a) the processing is carried out in the context of the activities of an establishment of the controller on the territory of the Member State; when the same controller is established on the territory of several Member States, he must take the necessary measures to ensure that each of these establishments complies with the obligations laid down by the national law applicable; (b) the controller is not established on the Member State’s territory, but in a place where its national law applies by virtue of international public law; (c) the controller is not established on Community territory and, for purposes of processing personal data makes use of equipment, automated or otherwise, situated on the territory of the said Member State, unless such equipment is used only for purposes of transit through the territory of the Community.

The first two provisions give little difficult: if your processing is being carried out in/with or by an establishment of yours in a member state (or somewhere else that state’s law applies) then unsurprisingly you have to comply with the Directive.

The odd one is (c). The Working Group have previously in their opinion on search engines said that storing a cookie in a user’s browser amounts to “making use of” equipment (the user’s browser) so that wherever on the plant a data controller might be, if their processing of the data involves cookies they will be subject to the directive.

I am not entirely convinced by that argument. It would require any such site to have a designated representative in every member state from which anyone were to browse them (under article 4(2)). It also seems to me that what the directive means is that if you process the data in question in a member state then the directive applies to the processing of that data in that member state. A cookie will necessarily contain much personal data of itself.

Conclusion

The opinion seems to me to be useful. It is relatively short and an easy read. Let us hope that it contributes to the pressure on sites like facebook to put their house in order.

The Civil Procedure Rules

The Civil Procedure Rules (or CPR) are the rules governing the conduct of cases in the civil courts of England and Wales. An up to date version is available from the Ministry of Justice's website.

There's no getting away from it: there are a lot of rules and being familiar with them is difficult and something that lawyers, in particular litigators, are paid well to do. I do not advise anyone to try DIY litigation based on reading through the rules but I appreciate sometimes there is no option. There is absolutely no substitute for reading the rules. I see numerous questions asked on internet forums and in briefs sent to me which are easily resolved by reading the rules.

When do the rules apply?

• The rules do not (for the most part) apply to criminal cases which have their own set of rules (the Criminal Procedure Rules unsurprisingly)
• The rules only apply to proceedings in certain courts: county courts, the High Court and the Civil Division of the Court of Appeal.
• Tribunals, such as employment tribunals have their own rules of procedure
• Certain kinds of case (such as insolvency) are excluded by the rules: for a full list see CPR 2.1. There's more subtlety here. Some of these kinds of case piggy-back on the CPR. For example the insolvency rules incorporate chunks of the CPR.

Finding your way around the rules

The CPR is divided into numbered "parts" which are subdivided into "rules". For example rule 3 of part 5, written CPR 5.3 states that a signature required by the rules may be printed by computer. Most rules come together with one or more "practice directions" which tend to be more practical or detailed instructions on what to do in any particular situation. You should almost always read the practice direction that accompanies any rule.

Think of the rules as telling a story. The characters are:

• the Claimant - who has started proceedings
• the Defendant - who is the person being sued
• any Additional Parties - who have been brought in as additional Claimants or Defendants during proceedings

If you try reading through you will find yourself immediately confronted with a considerable amount of peculiar vocabulary used in a technical way by the court. Fortunately there is a glossary and an index.

The two most useful terms to know are:

• file - frequently a rule will require someone to "file" a document, this just means sending it to the court.
• serve - on the other hand means sending something to someone other than the court (usually another party)

General rules

Parts 1-6 contain some important general rules. Part 1 is all about the "overriding objective" which the court is supposed to bear in mind when it is deciding what to do.

The other parts are mostly self-explanatory, although Part 3 has a rather understated title. It deals with the things a court may do to manage a case. In practice a court may do almost anything, though whether it will is another matter.

Getting a case under way

Before you start a claim you should make sure you have complied with any pre-action protocol if there is no specific pre-action protocol for your case then you need to make sure you comply with the practice direction on pre-action conduct.

• A case is usually kicked off with a claim form (Part 7) though certain kinds of claim need to be started with a different kind of claim form (Part 8)
• The Defendant will need to decide how to respond the claim form (Parts 9-11)
• ... and then maybe file and serve a Defence (Part 15 - which also deals with how a Claimant can serve a "Reply" to the Defence).
• If the Defendant doesn't respond or file and serve a Defence in time then the Claimant might want to obtain judgment in default (Part 12) which the Defendant might then want to try to set aside (Part 13).
• In all this the Claimant and Defendant will be sending back and forth "statements of case", for example: the Claim Form, the Particulars of Claim, the Defence and maybe a Reply. There are unsurprisingly rules about what these should look like in Part 16
• Mistakes happen and sometimes it is necessary to correct (or completely alter) statements of case, for which see Part 17.
• The Claimant may have written an entirely unhelpful or confusing claim, or the Defendant a wholly inadequate Defence, there are sometimes ways to force the other side to say a little more by way of a Request for Further Information under Part 18.
• Bringing more parties into the claim (for example where the Defendant wants to get someone else to contribute to any damages they are forced to pay) is then dealt with under Part 19.
• Finally part 20 is a gem. It deals with a really crucial power that parties have at any time to make an offer (a kind of bet) with the other side. If the other party does not accept the offer but fails to beat it they may be punished in costs.

Continuing the case

Parts 21-22 give some more general information. Parts 23-30 deal with "interim" matters - things that may come up during the conduct of a case. CPR 23 is particularly important since it deals with applications to the court which are very common.

Parts 31-35 deal with evidence. CPR 36 is a crucial part dealing with how to make an offer (a kind of bet) to the other party to threaten them with costs sanctions if they don't beat it. CPR 38 is also vital to know about - it governs how you get out of a case. All this leads up to CPR 39 (the hearing) and CPR 40 (the judgment).

After judgment

The parts following deal with various matters that follow a judgment and also deal with certain kinds of specialist proceeding. The most crucial being:

• CPR 43-48 are all about costs. The amount you hope the other side will have to pay you for your legal costs (and of course vice versa).
• CPR 52 deals with appeals - relevant if you want to try to dispute the judgment or if you opponent does.
• CPR 70-79 deal with different methods of enforcing a judgment, though CPR 75-77 and 79 should not normally be relevant to you (if you are bringing proceedings under the Prevention of Terrorism Act 2005 you know more than I do).

Other rules

In the bad old days, before the CPR, the county courts had one set of rules and the supreme court (including the High Court and Court of Appeal) had another. The idea of the CPR was to unify the two systems into one. This has not quite happened and you will see that attached to the end of the CPR are two schedules: one for the Rules of the Supreme Court (RSC) and the other for the County Court Rules (CCR). These still apply but are likely only to be relevant when dealing with enforcement.

Some courts have, in addition to the CPR, their own Court Guides which give detailed instructions on what the court expects in litigation.

Useful Links

• Roger Horne has put together a site called YAWS which has rather more cross-referencing than the official website and also cross-references some case law that is available online.

Repeat infringers: reflections on the New Zealand internet blackout

An internet blackout¹ was called (to begin yesterday) in response to new laws² passed last year in New Zealand that would impose a condition on internet service providers³ to have a policy to deal with repeat infringers of copyright. While I agree that the new law is not well thought out or fit for purpose, much of the campaign against it overstates the position considerably.

For example I was told today that the new law meant:

if anyone alleges that you are using copyrighted material and you don't remove it on the basis of an unsubstantiated allegation your ISP MUST disconnect you.....

This is just plain wrong.

What's wrong with the repeat infringer law?

The offending provision states:⁴

92A Internet service provider must have policy for terminating accounts of repeat infringers

(1) An Internet service provider must adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the account with that Internet service provider of a repeat infringer.

(2) In subsection (1), repeat infringer means a person who repeatedly infringes the copyright in a work by using 1 or more of the Internet services of the Internet service provider to do a restricted act without the consent of the copyright owner.

As a lawyer reading this section there are some obvious howlers.

There might not be accounts to terminate

I am struck by wondering what "accounts" the section is talking about. You should know that an "Internet service provider" (I'll use "ISP for short) is defined elsewhere⁵:

Internet service provider means a person who does either or both of the following things:

(a) offers the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing:

(b) hosts material on websites or other electronic retrieval systems that can be accessed by a user

So an ISP means someone who provides services on the internet as well as someone who provides the services of the internet. An ISP includes me (my wife gets to use the connection I pay for), my mother (she lets me use the internet when I visit her), Starbucks, public libraries, schools, anyone who hosts a website and so on.

Nothing in the definition of ISP says what an "account" might be. My wife doesn't have an account with me, customers of a cybercafe don't have "accounts" in any meaningful sense with the cafe and so on.

In short a classic legislative drafting error - an unstated assumption.

What happens if an ISP doesn't have such a policy?

Its all very well for a law to say you have to do something, but what if you don't? There appears to be no mention in the legislation. The equivalent rule⁶ in the US is a precondition for being able to take advantage of one of the DMCA's copyright safe harbors⁷. My guess is that the courts will decide that a copyright holder could sue for damages for breach of statutory duty caused by a failure to comply with s.92A. Much fun for lawyers, but a waste of time for the rest of us.

Does this policy have to be in writing?

I have a lot of policies, but I don't necessarily write them down. Since I am an ISP can I comply with this merely by having a clear idea of what I would do if I did have any "repeat infringers" using my services?

What's wrong with the protest?

So if I don't like the law, what's wrong with the protest against it? The problem is that much of what is being said is just plain wrong. I worry that will create just the kind of climate in which ISPs do the wrong thing (see above).

The petition statement suggested by Creative Freedom in NZ states

I don't want Guilt Upon Accusation laws that will force the termination of internet connections and websites without evidence, and without a fair trial.

What's wrong with this?

ISP's do not have to act on unsubstantiated allegations

There's nothing to require ISPs to do anything without evidence and/or a fair trial. S.92A does not say that an ISP cannot adopt a policy that it would only disconnect those for whom there has been a finding (by a court) that they had infringed copyright on numerous occasions using the ISP's facilities.

Now I suspect that such a policy might not be reasonable. A reasonable policy probably ought to build in a situation where the ISP knows or (more likely) has very strong evidence for the infringement which has not been contradicted by the alleged infringer.

ISP's aren't forced to terminate anway

There's no "force". S.92A specifically says that the policy must provide for termination "in appropriate circumstances". An ISP reasonably have a policy that it would not be appropriate to disconnect the accounts of the vulnerable, schools, hospitals and so on.

No guilt by association

The definition of infringer refers to the person doing the infringement not to anyone else. If a visitor to my house uses my wifi connection to repeatedly infringe copyright then it is they, not I, who is the infringer. There is no "Guilt Upon Accusation" principle built into the new law.

Clearly some of New Zealand's major commercial ISPs agree with the first two of these points. An industry association has proposed⁸ a (rather complex) draft policy which takes them into account.

The policy envisages that the ISP will receive notices from rights holders and pass them on to its customers. If these are not objected to (for example by the customer denying infringement) 3 times in 3 different months then a final warning is sent and, after that, a termination notice. The policy also envisages that the accounts of the vulnerable or essential service providers will not be disconnected.

Conclusion

There is nothing to stop a rights holder obtaining an injunction against an ISP to force it to disconnect a repeat infringer. Such action will cause the ISP inconvenience, expense and some legal risks if they refuse what is asked for. I suspect that many ISP legal departments may take a cautious view so that an aggressive rights holder can probably force any but the most robust ISPs into taking action against its customers who may be quite innocent.

Much better (in my view) either to give ISPs better protection in those circumstances so they aren't tempted to take the easy way out, or to permit ISPs to use policies they have devised for their own (not the rights owners') to avoid the need for injunctive relief.

Section 92A appears to be trying to do the latter, but in addition to the problems with it I have already explained, there's no connection between the policy and protection of the ISP from aggressive legal action from iSP's⁹.

The truth is the status quo is no good. A better system of ISP protection is needed for all our sake's (even those of us who are not ISPs). The repeat infringer policy is daft, and broken but not in the ways and for the reasons Creative Freedom suggest. Lets have some sensible debate about it please.

---

1. For more details see the creative freedom website ↩

2. The new laws are contained in the Copyright (New Technologies) Amendment Act 2008 and amend the existing Copyright Act 1994 ↩

3. As I explain, a surprising number of people are "Internet Service Providers" within the meaning of the Act. ↩

4. Section 92A of the Copyright Act 1994 which is inserted by S.53 of the 2008. The section is not in force yet because an order in council is needed to bring it into force. ↩

5. S.2(1) of the Copyright Act 1994, inserted by s.4(2) of the 2008 Act ↩

6. 17 USC s.501(i) ↩

7. I'm British so I say "harbour" but when talking about US legislation I spell it their way. ↩

8. The Telecommunications Carriers Forum are consulting on a proposed Copyright Code of Practice to comply with s.92A. ↩

9. Readers who have followed the discussion of the "repeat infringer" law in the United States will have a strong feeling of deja vu, with the difference that far from appearing to have learned from the lessons of the US, the New Zealand law actually appears to be rather more poorly drafted. ↩

Data retention and open wifi

The Data Retention (EC Directive) Regulations 2009 came into force yesterday (6 April 2009). A frequently asked question is: "I run an open wifi network will I have to log user's data?"

Do I need to retain data?

At first sight you would appear to be quite safe because the regulations do not apply to everyone. Check out regulation 10(1):

10.—(1) These Regulations do not apply to a public communications provider unless the provider is given a notice in writing by the Secretary of State in accordance with this regulation.

So until you get that letter from the Secretary of State (or some nice minion working on her behalf) you need to do nothing. But hang on, the Secretary of State would appear to have given herself a rather bigger job than anticipated, still in regulation 10:

(2) The Secretary of State must give a written notice to a public communications provider under paragraph (1) unless the communications data concerned are retained in the United Kingdom in accordance with these Regulations by another public communications provider.

So she must give that notice. Notice in passing that there's no particular penalty on her for failing to do so, so the only way to make her would be to bring proceedings for judicial review. An unlikely eventuality.

But am I really a public communications provider?

Well the law on data retention is meant to be a paper chase for lawyers. "public communications provider" is defined in regulation 2(e):

(e) “public communications provider” means—

(i) a provider of a public electronic communications network, or

(ii) a provider of a public electronic communications service;

and “public electronic communications network” and “public electronic communications service” have the meaning given in section 151 of the Communications Act 2003

So, turning to s.151 of the Communications Act 2003 we find that

“public electronic communications network” means an electronic communications network provided wholly or mainly for the purpose of making electronic communications services available to members of the public;

If you noticed that the s.151 also has a definition of what a "public communications provider" is and that its not quite the same as in the regulations. Well spotted. You will not find transparency or consistency here.

So it looks from s.151 very much like an open wifi, or a wifi supplied to customers in a cafe or other site is a "public communications provider". The Secretary of State will be busy.

But hang on, does that mean I have to get ID from customers?

Well, if I'm right and if the Secretary of State did decide to comply with her statutory duty would that not make life really quite hard for (say) an internet cafe that does not check the identity of its customers?

Some comfort can be found in regulation 3:

1. These Regulations apply to communications data if, or to the extent that, the data are generated or processed in the United Kingdom by public communications providers in the process of supplying the communications services concerned.

Notice that the regulations only apply to data that has been generated or processed. There's no obligation to create any data you don't already have.

That is just as well, if you check out the schedule to the regulations you will see that some of the data that is covered by the regulations doesn't seem to quite fit with the operation of many cybercafes etc that I know.

But that won't quite work as an answer. Some of the cybercafe's kit probably does at least process data mentioned in paragraph 13(1) of the schedule.

(a) The date and time of the log-in to and log-off from the internet access service, based on a specified time zone,

So it appears that if the regulations mean what they appear to say and an open wifi provider gets a regulation 10 notification they are going to have to keep 12 months' of data which would be a real pain. I promise not to tell the Secretary of State where you live.

CONTU

The National Commission on New Technology Uses of Copyrighted Works or CONTU was established by the United States Congress in 1974 to carry out a 3 year study on the extension of copyright to the (then) relatively new technologies such as computers and photocopiers. It reported in July 1978

An excellent study of the commission including its historical background is available at the digital law online site.