$25 Million Jury Verdict In Rightscorp Case Raises Serious Questions About Copyright Law

from the but-of-course dept

This wasn't a huge surprise after Judge Liam O'Grady's questionable reading of the DMCA a few weeks back (along with his general disdain for the internet), but a jury yesterday awarded BMG $25 million from Cox Communications, claiming that Cox was guilty of willful "contributory infringement" in not kicking accused file sharers off the internet. The jury found Cox not guilty of "vicarious liability," which is at least marginally surprising, as many people who don't spend their lives wrapped up in copyright law have difficulty distinguishing the difference between "contributory infringement" and "vicarious" (if you're confused too, Wikipedia's overview is a decent place to start). And based on that, the jury hit Cox with the $25 million award for BMG.

This will undoubtedly go to appeal, and it would seem that Cox has some pretty strong arguments. First up, the original decision that Cox is not subject to the DMCA's safe harbors is a highly questionable ruling, and would go against a number of previous rulings. As noted previously, some of Cox's actions did seem somewhat egregious, but this still involves a previously untested argument that the policy of requiring service providers to have a plan to terminate users applies to network service providers, rather than those who host content. That's a pretty big open question -- and how that issue is resolved will have a major impact on how the internet functions going forward. If Judge O'Grady's ruling stands, then the RIAA and MPAA just got a huge golden gift: it would effectively say that the US has a "three strikes"-like law where people can be kicked off the internet entirely, based solely on accusations of copyright infringement. That's a pretty scary result.

Even separate from that, the idea that Cox, an internet service provider, is guilty of "contributory liability" for infringement seems difficult to believe as well. The standard for contributory copyright infringement is basically one who "knowingly induces, causes or materially contributes" to copyright infringement done by someone else where that party "had knowledge, or reason to know, of infringement." So, in this case, the argument is that based on the notifications, Cox had the necessary knowledge of the infringement, and then "materially contributed" to that infringement by continuing to provide service. But, again, that's a huge stretch, and goes way beyond historical examples of contributory infringement, where you had things like Grokster, that actively advertised its software as being useful for infringement. In this case, all Cox did was not terminate users, and somehow that counts as "materially contributing" to infringement?

Again, if that stands, it has tremendously troubling implications for how the internet functions, and the ability of people to use copyright law to wreak havoc on the lives of others. We're talking about opening up the possibility of going way beyond the standard DMCA takedowns of content, to it becoming a weapon for killing internet access within households.

The $25 million verdict comes out to about $18,000 per each of the 1,397 copyrights listed in the case -- which is certainly less than the statutory maximum possibility of $150,000 per infringement. But, still... Either way, it's almost certain that Cox will appeal, and that's when the case will start to get a lot more interesting.

Filed Under: contributory infringement, copyright, copyright trolling, copyright trolls, dmca, safe harbors, secondary liability, vicarious liability
Companies: bmg, cox, cox communications, rightscorp

The Details Of Why Judge O'Grady Rejected Cox's DMCA Defense: Bad Decisions By Cox May Lead To Bad Law

from the ugh dept

As we noted a couple of weeks ago, Judge Liam O'Grady rejected Cox Communication's attempt to protect itself under the DMCA's safe harbor concerning a "repeat infringer policy." At the time, he only said he would explain his reasons later, and late yesterday he released his full opinion. It, unfortunately, brings to mind the phrase "hard cases make bad law."

As we explained when BMG and Round Hill Music (with the help of Rightscorp) first sued Cox Communications, the company seemed like a slightly odd choice. While it was the largest of the internet access providers not to sign onto the so-called "voluntary" six-strikes "Copyright Alert System" hammered out between the RIAA/MPAA and big ISPs, it already had a reputation for actually disconnecting those accused of repeat infringements. None of the other major ISPs do that. In fact, a key prong of the whole six strikes thing was that no one would be getting kicked off the internet.

However, the RIAA has long insisted that the DMCA's 512(i) required ISPs to kick people off the internet -- even as that theory had never really been tested until now. Many others had assumed 512(i)'s "repeat infringer" policy only really referred to service providers who actually had direct control over content -- i.e., a YouTube or SoundCloud style site. Kicking people entirely off the internet because one person who uses their account to infringe is quite draconian.

The issue here, however, gets muddied, because Cox made such a mess of its "repeat infringer policy." Yes, it alone among the major ISPs will kick people off. But (and this is the important bit), its internal policy was apparently to kick people off... and then allow them to sign right back up for new service, at which point the count on "infringements" would be reset to 0. For obvious reasons, that feels pretty sketchy, and it's the key point that Judge O'Grady focuses on. Doing something that feels sketchy will often obscure the more important legal arguments. Judge O'Grady basically tosses aside all the other issues because of this "bad behavior" by Cox, as immortalized in some internal emails.

The record conclusively establishes that before the fall of 2012 Cox did not implement its repeat infringer policy. Instead, Cox publicly purported to comply with its policy, while privately disparaging and intentionally circumventing the DMCA’s requirements. Cox employees followed an unwritten policy put in place by senior members of Cox’s abuse group by which accounts used to repeatedly infringe copyrights would be nominally terminated, only to be reactivated upon request. Once these accounts were reactivated, customers were given clean slates, meaning the next notice of infringement Cox received linked to those accounts would be considered the first in Cox’s graduate response procedure.

Numerous emails in the record, portions of which are reproduced below, support these conclusions. Even viewed in the light most favorable to Cox, the Court finds the contents of the emails cannot be explained away. Cox’s attempts to recast the emails are unavailing. Nor can they be pinned on low level employees whose views had no real significance. The name that appears again and again on these emails is Jason Zabek, Cox’s Manager of Customer Abuse Operations.

In 2009, Zabek sent an email titled, “DMCA Terminations,” to the abuse group that said:

As we move forward in this challenging time we want to hold on to every subscriber we can. With this in mind if a customer is terminated for DMCA, you are able to reactivate them after you give them a stern warning about violating our AUP and the DMCA. We must still terminate in order for us to be in compliance with safe harbor but once termination is complete, we have fulfilled our obligation. After you reactivate them the DMCA ‘counter’ restarts; The procedure restarts with the sending of warning letters, just like a first offense. This is to be an unwritten semi-policy . . . We do not talk about it or give the subscriber any indication that reactivating them is normal. Use your best judgment and remember to do what is right for our company and subscribers. . . . This only pertains to DMCA violations. It does not pertain to spammers, hackers, etc.

And, based on that, the court decides that Cox does not have a "reasonably implemented" termination policy for repeat infringers. There are a bunch of other similar emails, indicating that this absolutely was Cox's policy. Of course, all of that obscures the question of whether or not 5129(i) is meant to apply to access providers, rather than online service providers.

Separately, the judge buys BMG's claim that in late 2012, Cox actually stopped terminating accounts almost entirely (leaving aside, again, that no other major access provider terminates anyone). Again, some questionable internal behavior by Cox comes back to bite them. The judge highlights a case where Cox internally kept discussing a user who was frequently accused of infringing, and who they threatened to cut off... but didn't -- even admitting it's at least partly because of the large amount of money the customer pays.

In June, a senior engineer in the abuse group said this about a customer who had been given a final suspension and advised to remove all P2P file-sharing programs: “This customer will likely fail again, but let’s give him one more change [sic]. [H]e pays 317.63 a month.”

The judge uses this and other examples to note that Cox knew of "repeat infringers" but didn't terminate them. Of course, the vague language of 512(i) doesn't say that you have to terminate someone as soon as you know they're repeat infringers -- just that you have a "reasonably implemented policy." However, Judge O'Grady uses these examples to suggest the policy implementation is not reasonable.

Cox's defense to that is it can't know for sure if people are infringing based solely on accusations. This is correct, but Judge O'Grady doesn't care.

Although Cox was under no duty to monitor for infringement, Cox did not have leeway to wait until an account holder was adjudicated as an infringer to find that circumstances were appropriate for termination. As explained above, the Court disagrees that a repeat infringer policy applies only to those who have been held liable in a copyright suit. Rather, an account holder must be considered an infringer, at minimum, when the service provider has actual knowledge that the account holder is using its services for infringing purposes. Nor do service providers have complete discretion to define “appropriate circumstances.” Appropriate circumstances arise when an account holder is repeatedly or flagrantly infringing copyrights. Thus, when Cox had actual knowledge of particular account holders who blatantly or repeatedly infringed, the responsibility shifted to Cox to terminate their accounts.

That, alone is quite troubling. Kicking people off the internet based merely on accusations of infringement is really dangerous, especially given the number of false infringement allegations that we see.

The one good thing is that the court rejects BMG's troubling definition of "making available." This has been a fight that's been going on for ages. Copyright law says that one of the exclusive rights given to a copyright holder is the "distribution" right. What is not settled law at all is whether or not "making available" violates this distribution right, or if copyright holders have to show actual distribution. The courts are somewhat split on this, with O'Grady recognizing that merely making available is not distribution.

At the threshold, the Court questions the evidence relied on by those courts that purportedly establishes that distribution is interchangeable with publication. Those courts build upon comments in legislative history as well as an excerpt from the Supreme Court’s decision in Harper & Row Publishers, Inc. v. Nation Enterprises.... Legislative history cannot override the plain meaning of “distribution” under § 106(3), however, and Harper & Row involved a narrow discussion of first publication and not the meaning of distribution and publication generally....

Nor does the definition of “publication” support a broader reading of the distribution right. The Act defines “publication” as

the distribution of copies or phonorecords of a work to the public by sale or other transfer of ownership, or by rental, lease, or lending. The offering to distribute copies or phonorecords to a group of persons for purposes of further distribution, public performance, or public display, constitutes publication.

...The first sentence of the definition tracks the language in § 106(3), making it clear that all distributions are publications. It does not follow from that proposition that the inverse—all publications are distributions—is also true.... In short, § 101 provides no support for BMG’s “making available” theory.

There's some more in the ruling, but it seems pretty clear that Cox's own internal emails and policies really sunk the company here, and out of that could come some potentially dangerous law. Some have been making a big deal over the fact that Cox's insurance company, Beazly, has filed for declaratory judgment that it's not responsible for any judgment in this case -- but again, that seems to focus on Cox's own actions, which may not apply more broadly to other providers.

Also, important is the fact that the trial still is about to go forward. Losing the safe harbor protections does not, necessarily, mean that Cox will lose the overall case, but it's an ominous start. Judge O'Grady's rulings and statements so far certainly do not bode well for the company. It's also a little bit ridiculous that O'Grady focuses so much on Cox's bad behavior, but leaves out Rightscorp's much worse behavior -- but I can see where he's coming from.

In the end, this is unfortunate and it's certain that this case will be appealed, no matter how it turns out. But the bad behavior by Cox poisons the well a bit in terms of focusing on the rather important question of what 512(i) actually means, and whether it really applies to internet access providers. As it stands right now, however, a potentially dangerous precedent could be set, whereby people could be forced to completely lose internet access based on mere accusations of copyright infringement. It's hard to believe that Congress intended such a result, but that's how Judge O'Grady is now reading the law.

Filed Under: 512i, copyright, dmca, liam o'grady, repeat infringer, safe harbors, termination policy, three strikes
Companies: bmg, cox, cox communications, rightscorp

Judge Mocks Public Interest Concerns About Kicking People Off Internet, Tells Cox It's Not Protected By The DMCA

from the that's-a-problem dept

Judge Liam O'Grady -- the same guy who helped the US government take all of Kim Dotcom's stuff, is the judge handling the wacky Rightscorp-by-proxy lawsuit against Cox Communications. The key issue: Rightscorp, on behalf of BMG and Round Hill Music flooded Cox Communications with infringement notices, trying to shake loose IP addresses as part of its shake down. Cox wasn't very happy about cooperating, and in response BMG and Round Hill sued Cox, claiming that 512(i) of the DMCA requires ISPs to kick people off the internet if they're found to be "repeat infringers." Historically, it has long been believed that 512(i) does not apply to internet access/broadband providers like Cox, but rather to online service providers who are providing a direct service on the internet (like YouTube or Medium or whatever). However, the RIAA and its friends have hinted for a while that they'd like a court to interpret 512(i) to apply to internet access providers, creating a defacto "three strikes and you lose all internet access" policy. Rightscorp (with help from BMG and Round Hill Music) have decided to put that to the test.

This is a big, big deal. If the case goes against Cox, then it would create a massive problem for the public on the internet. Accusations of infringement could potentially lead to you totally losing access to the internet, which could really destroy people's lives, given how important the internet is for work and life these days. The details of the case look like they should favor Cox pretty easily. After all, Cox pointed out that Rightscorp only had licenses from the publishes, meaning they had no copyright in the sound recording -- yet they admitted to downloading the sound recording, suggesting that, if anything, Rightscorp was a mass infringer. On top of that there was pretty strong evidence that Rightscorp does not act in good faith in how it runs its shakedown practice, telling people that they have to take their computers to the police to prove their innocence (really).

Unfortunately, as Eriq Gardner reports, Judge O'Grady has ruled against Cox on a very key point: does its current policy grant it safe harbor under the DMCA. The judge said no, though we're still waiting for the full ruling as to why.

The bigger story is O'Grady's determination that there is "no genuine issue of material fact as to whether defendants reasonably implemented a repeat-infringer policy as is required by §512(i) of the DMCA," granting a motion that Cox is not entitled to a safe harbor defense.

Now, just because you're not protected by the safe harbor it does not mean that you are automatically guilty of infringement. There are cases where sites have not qualified for the safe harbor and still prevailed. But it does make things more difficult and complicated and, much more importantly, opens the door to lots and lots of mischief by the RIAAs and MPAAs of the world to use this to kick people off the internet entirely based on accusations of copyright infringement. That's immensely worrisome.

O'Grady doesn't seem to think that kicking people off the internet is really a big deal. Earlier in the case, we've discovered, in the process of flat out rejecting an attempt by Public Knowledge and EFF to file an amicus brief, Judge O'Grady made his views clear:

I read the brief. It adds absolutely nothing helpful at all. It is a combination of describing the horrors that one endures from losing the Internet for any length of time. Frankly, it sounded like my son complaining when I took his electronics away when he watched YouTube videos instead of doing homework. And it's completely hysterical.

That's his response to two well known public interest groups explaining to him the "real world harmful effects" of Rightscorp's copyright shake-down trolling business. But he didn't want to hear any of it. Because protecting the ability of Americans to not be the subjects of extortion schemes and to enable them to communicate and work is "hysterical" and no different from kids not doing their homework because of too much YouTube.

The details here matter, but I would imagine that Cox is likely to appeal. One hopes that the appeals court is more open to listening to the concerns over copyright trolling and kicking people off the internet.

Filed Under: 512i, copyright, dmca, liam o'grady, safe harbors, three strikes
Companies: bmg, cox communications, rightscorp, round hill music

How The EU's Proposed New 'Privacy' Rules Will Be A Tool For Massive Censorship

from the takedown-takedown-takedown dept

We recently wrote about some concerns about the new Data Protection Directive that is being set up in Europe. The law is driven by people with good intentions: looking to better protect the privacy of European citizens. Privacy protection is an important concept -- but the current plans appear to be so focused on privacy protection that it gives very little regard for the unintended consequences of the way it's been set up. As we wrote in our last post, Daphne Keller at Stanford's Center for Internet and Society is writing a series of blog posts raising concerns about how the new rules clash with basic concepts of free speech. She's now written one about the immensely troubling setup of the "notice and takedown" rules included in the General Data Protection Regulation (GDPR). For years, we've been concerned by problematic notice and takedown procedures -- we've seen the DMCA frequently abused to stifle speech, rather than for genuine copyright challenges. But, for some reason, people often immediately leap to "notice and takedown solutions" for any kind of content they don't like, they and the drafters of the GDPR are no different.

Except, it's worse. Because whoever drafted the notice-and-takedown portion of the GDPR actually made the process worse than the notice and takedown rules found elsewhere. Here's the GDPR process, as explained by Keller:

1. An individual submits a removal request, and perhaps communicates further with the intermediary to clarify what she is asking for.
2. In most cases, prior to assessing the request’s legal validity, the intermediary temporarily suspends or “restricts” the content so it is no longer publicly available.
3. The intermediary reviews the legal claim made by the requester to decide if it is valid. For difficult questions, the intermediary may be allowed to consult with the user who posted the content.
4. For valid claims, the intermediary proceeds to fully erase the content. (Or probably, in the case of search engines, de-link it following guidelines of the Costeja “Right to Be Forgotten” ruling.) For invalid claims, the intermediary is supposed to bring the content out of “restriction” and reinstate it to public view -- though it’s not clear what happens if it doesn’t bother to do so.
5. The intermediary informs the requester of the outcome, and communicates the removal request to any “downstream” recipients who got the same data from the controller.
6. If the intermediary has additional contact details or identifying information about the user who posted the now-removed content, it may have to disclose them to the individual who asked for the removal, subject to possible but unclearly drafted exceptions. (Council draft, Art. 14a)
7. In most cases, the accused publisher receives no notice that her content has been removed, and no opportunity to object. The GDPR text does not spell out this prohibition, but does nothing to change the legal basis for the Article 29 Working Party’s conclusions on this point.

If you don't see how that process is likely to lead to widespread abuse and the censorship of perfectly legal speech, you haven't been paying much attention on the internet over the last decade plus. To be fair, you can understand why the drafters think this process makes sense. They're thinking solely about truly problematic and embarrassing information. If, say, your personal medical records have been posted online, it makes sense to look for a way to have that info removed as quickly as possible. But, given how frequently people use these processes in the copyright context to takedown just content they "don't like" (and how often people admit they do so because it's the only way to get such content down), you know it's going to get massively abused for issues that have nothing to do with privacy protection.

Once again, it seems like regulators focus solely on solving for the "worst case" scenario, with little thought towards how that will be applied in much more common cases, and what that means for free speech and society.

And that's not all that's dangerous about the current rules. They also deal a huge blow to anonymous speech and privacy:

A second glaring problem with the GDPR process is its requirement that companies disclose the identity of the person who posted the content, without any specified legal process or protection. This is completely out of line with existing intermediary liability laws. Some have provisions for disclosing user identity, but not without a prescribed legal process, and not as a tool available to anyone who merely alleges that an online speaker has violated the law. It’s also out of line with the general pro-privacy goals of the GDPR, and its specific articles governing disclosure of anyone’s personal information -- including that of people who put content on the Internet.

Yes, that's right. In an effort to protect privacy, the drafters are so focused on a single scenario, that they don't consider how the process will be abused to weaken the privacy rights of others. Want to know who said something anonymously that you don't like? File a privacy complaint and the service provider is just supposed to cough up their name. Again, given how often we've seen bogus defamation claims made solely for the purpose of trying to identify those who speak anonymously, this is a major concern.

There are ways to create a better process for the removal of truly illegal information, but the GDPR simply wipes most of those away in the interest of expediency in trying to prevent a worst case scenario. And the end result may be an even worse situation, in which free speech and privacy rights are broadly wiped away from many by handing a powerful censorship tool, with privacy-destroying elements, to anyone who wants to go after someone else's speech. I've long been in favor of using "notice and notice" type systems that allow whoever posted content to protest before content is taken down, but even if they're going with a notice and takedown system, there are much better ways to implement ones that at least include some semblance of due process. In addition, there should be strong penalties for those who abuse these notice and takedown procedures.

As Keller writes:

Notice and takedown laws also exist to protect people who are harmed by online content. But protecting those people does not require laws to prioritize removal with little concern for the rights of online speakers and publishers. A good notice and takedown process can help people with legitimate grievances while incorporating procedural checks to avoid disproportionate impact on expression and information rights. Valuable information that would be gone under existing laws but for these checks -- importantly including transparency about what content has been removed -- spans religious, political, and scientific content, along with consumer reviews. Crafting the law to better protect this kind of content from improper removal is both important and possible.

It would be nice to see the drafters of the GDPR at least recognize the harm they may be about to cause.

Filed Under: anonymous speech, data protection, eu, free speech, gdpr, notice and takedown, privacy, safe harbors

EU Parliament Calls On EU Countries To Drop All Charges Against Snowden, Protect Him From Extradition

from the well,-that's-interesting dept

The EU Parliament has just approved a measure (by a narrow 285 to 281 vote) telling EU member states to "drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistle-blower and international human rights defender." That's pretty huge. Of course, as a resolution, it's more symbolic than actually meaningful, because the member states may not follow through on the request. But it is an important step in the right direction.

At the same time, the EU Parliament reviewed some other issues concerning mass surveillance, including the whole EU-US safe harbor setup. As we noted, the EU Court of Justice recently tossed out that agreement, which is really creating a huge mess for the internet right now. The EU Parliament "welcomed" the ruling, and pushed for alternatives to the safe harbor agreement. As we noted, the safe harbor agreement was a bit of a mess, but it's important to have something in place to allow the internet to function -- and the real problem was the NSA surveillance program.

At the same time, of course, it's worth noting that surveillance by EU governments is just as bad (if not worse in many cases), and it seems the EU Parliament may be realizing that as well:

Parliament is concerned about "recent laws in some member states that extend surveillance capabilities of intelligence bodies", including in France, the UK and the Netherlands. It is also worried by revelations of mass surveillance of telecommunications and internet traffic inside the EU by the German foreign intelligence agency BND in cooperation with the US National Security Agency (NSA).

Simply blaming the NSA and the US for surveillance is missing the point. It's a pretty broad problem, where the NSA/US government is a huge part of the problem, but the EU doesn't exactly have clean hands either.

Again, as mere resolutions, these efforts have little binding authority, but at least people are coming to terms with the damage done and looking to move in the right direction. Declaring Snowden a whistleblower and protecting him against bogus legal threats and extradition would be a really huge step forward.

Filed Under: ed snowden, eu, eu parliament, extradition, mass surveillance, nsa, safe harbors, surveillance, whistleblowing

The Coming Collision Between EU Privacy Regulation And American Free Speech

from the this-won't-be-fun dept

Earlier this week, we wrote about the EU Court of Justice's decision that the NSA's surveillance of the internet meant that the EU-US data protection safe harbor was invalid. As we noted, there's a lot of mess in all of this, but losing that safe harbor would be tremendously problematic for the internet. And the impact could be that the NSA basically screwed things up royally for American internet companies by spying on European users. But, the issue actually goes much deeper. As that ruling recognized, the crux of the matter was dependent on the EU's Data Protection Directive. And that Data Protection Directive is about to be updated.

And the end result may be very, very bad for the internet.

That's the conclusion of Daphne Keller at Stanford's Center for Internet and Society, who is writing a series of blog posts detailing the problems with the current drafts. At the core of the issue, as Keller notes, the worlds of "privacy protection" and "free speech/intermediary liability protection" are two separate worlds -- and people on both sides don't seem to realize just how much the two can and do overlap.

Historically, many lawyers have not drawn a connection between data protection and the law of intermediary liability. The two fields use very different vocabularies, and are for the most part interpreted, enforced and litigated by different practitioners. A lawyer who views an issue through the lens of intermediary liability and one who views the same issue through the lens of data protection may have trouble even understanding each other's concerns.

Another way to look at it, though, is basically a European approach vs. an American approach. And this is something of a generalization, but the European approach values privacy above most other factors, while the American approach values free speech above most other factors. Both approaches have pros and cons, frankly. But when you don't realize where they conflict, problems can arise. There is no doubt that Europeans, generally speaking, are much more concerned about protecting the privacy of individuals, and are quite reasonably concerned about excesses done by either governments or companies that intrude on individual privacy. The US, by comparison, has very little in the way of regulations concerning privacy, but does have very strong protections for free expression.

But sometimes "free expression" and "privacy" can clash in big, big ways.

A perfect example of the conflict would be the right to be forgotten. The big ruling out of the EU Court of Justice last year was entirely about privacy. It felt that if there was old, out-dated, irrelevant information it should be "de-linked" from databases, in order to protect the "privacy" of those individuals. The "free speech" concerns didn't even really come into play at all. It was all about "data protection."

And that's where the new General Data Protection Regulation (GDPR) can present serious problems. First, it would expand what internet companies are likely covered by the regulations. Lots of American companies, which barely have any operations in Europe, have the potential of being impacted by these rules -- which would more or less lock in the right to be forgotten in a way that might even allow it to expand.

The GDPR asserts jurisdiction over entities that offer services to or “monitor” EU users. “Monitoring” seems to be defined broadly enough to include fairly standard web and app customization features, so the law reaches many online companies outside of the EU. In practice regulators presumably will not prioritize or dedicate limited resources to policing small and distant companies. But the GDPR will be an issue for companies with growing EU user bases and presence in Europe; and regulators can choose to enforce the law against many more entities around the world.

It could also wipe out further intermediary liability protections that have been so important to the internet and its success. While the US has strong intermediary protections in the form of CDA 230, Europe already had a much weaker form of intermediary liability based on the EU's E-commerce directive. The fear is that the new GDPR could more or less eat away at the existing protections, making more companies "liable" for content posted by users, if it's somehow deemed to violate some sort of privacy right.

And, as we've pointed out for years, when you don't have strong intermediary liability protections you tend to end up with widespread censorship and gatekeepers over expression. That's because no internet company wants to face a lawsuit just because some of its users are jerks. And the new rules are not at all clear -- and vagueness will create incentives for massive censorship:

For intermediaries processing third-party data, free expression is also relevant, though in ways that can be hard to pin down in practice. The legal basis for intermediaries’ processing in the first place is often that the processing serves “legitimate purposes.” ... When an intermediary declines to honor a removal request on free expression grounds, the GDPR provision invoked is one that references only “legitimate interests.”... While undefined, such legitimate purposes and interests clearly include expression and information rights. But the GDPR and existing law provide scant detail on how to assess these interests – this was one common critique of the Costeja ruling. And important questions about whose interests may be considered – which come up in litigation about content removal – are not always addressed well in GDPR drafts. For example, one draft provision allows controllers to decline to remove content based on “legitimate interests pursued by the controller, or by the third party or parties to whom the data are disclosed[.]” ... Under this formulation, the interests of the speaker – the user whose content is indexed, transmitted, or hosted – fall out of the analysis. Data protection law’s lack of detailed provisions for free expression made more sense in an era when regulated entities were assumed to be banks, employers, medical offices, and the like. Today, inattention to the unique role of Internet intermediaries in GDPR drafting will likely lead to more removals of lawful expression – and more litigation.

On top of this it would appear to expand the right to be forgotten even further, noting a general right to "erasure" as part of the data protection regulation -- which is a pretty damn Orwellian term in this context. Erasure is a tool that we should be very wary of, because as we've seen time and time again, when you give people the power to take content down, it gets abused massively by people trying to censor all kinds of content they don't want. Protecting privacy is one thing. "Erasing" public content people just don't like is another.

As someone who has strong beliefs about protecting both privacy and freedom of expression, it seems to me like it's fairly important to make sure that everyone's on the same page about what is private and what is not. This often seems to be where much confusion lies. In the EU's right to be forgotten case, it was basically decided that old but accurate information that was publicly released in newspapers, should be considered private when linked to a person's identity. Frankly, this approach seems nonsensical to me. If we're talking about actual private information -- i.e., information that was never publicly available in a perfectly legitimate form -- then perhaps there's a point. I can understand the arguments for potentially removing truly private information. But when "private information" is so broadly defined, and then internet platforms are suddenly liable for policing such content, you have a recipe for mass censorship, or even companies moving out of offering service in Europe altogether.

On top of that, as we've discussed at length, the idea of holding intermediaries liable for the actions/statements of their users is a really dangerous idea. It creates massive uncertainty that is only going to lead to greater censorship as internet companies start blocking content just to avoid any possibility of liability.

As Keller notes in this post, if this is to not create a massive mess for the internet around the globe, those who are concerned about privacy and those who are concerned about free speech (along with those who are concerned about the internet itself) need to get on the same page or in the same room to discuss these issues. Because, so far the discussions have been separate, and the end result may be a "data protection" regulation, put in place with truly good intentions by those who believe they're looking out for important privacy interests, but the end result is to whittle away at freedom of expression and at the keys to maintaining a free and healthy internet. Pretending that you can just focus on "privacy" without considering free expression or how the internet itself works is not only foolish and naive, but potentially dangerous for the internet.

Filed Under: data protection, data protection directive, erasure, eu, free speech, privacy, right to be forgotten, safe harbors, us

NSA Screws Up Another Thing: EU Court Of Justice Throws The Internet For A Loop In Ending Safe Harbor

from the well,-now-what? dept

A couple of weeks ago we wrote about the fact that it appeared that the EU Court of Justice was likely to throw out the EU-US data protection safe harbor as invalid, following a case brought over the NSA's snooping on US tech companies -- and now it has happened. The "the EU-US data protection safe harbor" may sound boring, but it's actually been fairly important in making sure that US internet companies can operate in Europe. It's been under attack for some time from those who feel that these American companies don't take European privacy interests seriously enough, but it's really the NSA and its idiotic "collect it all" mentality that has brought the whole structure crashing down. Many will celebrate this, but probably for the wrong reasons. As it stands right now, this result is undoubtedly bad for the internet. What happens next is key. If you want to blame anyone... blame the NSA. And if the US wants to fix this mess, it needs to stop mass surveillance.

The case was brought by Max Schrems, an Austrian privacy activist who argued that the NSA's PRISM surveillance program (a program that resulted from Section 702 of the FISA Amendments Act, and enables the NSA to request certain information from internet companies, once approved by the FISA Court) violates the safe harbor. The safe harbor itself was established back in 2000 in order to allow internet companies to transfer data from Europe back to the US, with a promise that the privacy of that data would be kept at a similar level as if it were in Europe. The process for getting such safe harbor protections is something of a joke (we've gone through it here at Techdirt), and mostly involves throwing money at an organization that takes money to make sure your policies comply with the safe harbor requirements. Like so many regulations, it really seems to only serve to shift money to those who make sure you comply.

Still, losing those safe harbors can really shake up the internet -- and not necessarily in a good way. While I'm sure some (probably short-sighted) privacy advocates will cheer on this result, it's going to make a mess of things for the time being. Europe has been working on a new data protection directive to update the old one (which the safe harbor is based on) and early indications are that it will be a mess, and potentially hazardous to free speech rights. In addition, the US and EU have been trying to negotiate a new data protection safe harbor anyway, and that hasn't been going smoothly, and this will continue to throw a wrench into things.

Big companies will likely be able to negotiate their way around this, but there will likely be some legal flareups in one or two countries, creating a mishmash of jurisdictional confusion over privacy rights. Smaller internet companies will now face much greater threats in doing business in Europe. Even worse, some are going to use this as an opportunity to try to fragment the internet, demanding companies keep data locally within country borders -- which actually will create more targets for mass surveillance, rather than fewer. Chances are that little will change in the immediate future -- as many companies will just keep right on doing what they're doing and hoping no one really cares. But the potential for people to bring lawsuits could shake things up.

In the specific case here, the Court of Justice found that the safe harbor was invalid, and thus it did not stop Irish officials from considering Schrems' complaint that Facebook violated his rights in making data available to the NSA. So that specific case still needs to move forward and should be interesting to watch.

In short, though, this is yet more damage directly done by the NSA and the US's ridiculous attitude towards mass surveillance, without any concern at all to the economic costs that such mass surveillance creates for US companies. As the EFF notes in its response to the news, the US brought this on itself with its idiotic mass surveillance efforts. This end result is a mess that could lead to greater fragmentation of the internet, which won't do anything to better protect people's privacy (and, actually, might make it more exposed). The only logical way forward is to move away from mass surveillance and towards a more comprehensive view of privacy that takes into account the public's rights -- including the right to free expression. Danny O'Brien at EFF sums it up nicely:

That would certainly force the companies to re-think and re-engineer how they manage the vast amount of data they collect. It will not, however, protect their customers from mass surveillance. The geographic siloing of data is of little practical help against mass surveillance if each and every country feels that ordinary customer data is a legitimate target for signals intelligence. If governments continue to permit intelligence agencies to indiscriminately scoop up data, then they will find a way to do that, wherever that data may be kept. Keep your data in Ireland, and GCHQ may well target it, and pass it onto the Americans. Keep your data in your own country, and you'll find the NSA—or other European states, or even your own government— breaking into those systems to extract it.

What will change the equation is for states, including and especially the United States, to realize that dragnet surveillance undermines their national security and the global security of our data. It has economic consequences, as regulators, companies and individuals lose trust in Internet companies and services. It has political consequences as nations vie to keep data out of the hands of other countries, while seeking to keep it trackable by their own intelligence services.

There's only one way forward to end this battle in a way that keeps the Internet open and preserves everyone's privacy. Countries have to make clear that mass surveillance of innocent citizens is a violation of human rights law, whether it is conducted inside their borders or outside, upon foreigners or residents. They have to bring their surveillance programs, foreign and domestic, back under control.

The ruling today is not a win for privacy. It creates a bigger mess, but it's one that needs to be cleaned up at the source, and that's where governments (and not just the US government) are going with mass surveillance. Unfortunately, there doesn't seem to be any indication that this is what's going to happen. Instead, expect the US and EU to try to paper over this by coming up with a new safe harbor plan that won't change anything, but which may just be more expensive for companies. That's a mistake. There's a way to fix this mess and it's to stop mass surveillance.

Filed Under: data protection directive, eu court of justice, eu us data protection safe harbors, eucj, mass surveillance, max schrems, nsa, prism, privacy, safe harbors, section 702, surveillance
Companies: facebook

Washington State Court Confused By Section 230, Says Backpage May Be Liable For User Posts

from the because-we-said-so dept

What is it about state courts where they seem much more confused by the law than federal courts? The latest is a horrifically confused ruling out of Washington State's Supreme Court, basically handwaving its way past nearly all caselaw on Section 230 of the CDA. That law makes it clear that online service providers are not liable for actions/content of their users. This was a key purpose behind the law, which Congress passed to make sure that people couldn't file frivolous lawsuits targeting service providers, rather than the actual users who broke the law. It's a good and extremely important law in the development of the internet, having helped stop numerous frivolous lawsuits, but more importantly, for providing strong protections that made it possible for many internet services to exist in the first place. And, yet, every once in a while, a court seems to miss all of this, and today that court is the Washington State Supreme Court, ruling that Backpage.com may be directly liable for the fact that one of its users used the service to engage in sex trafficking with young girls.

Let's start by making one thing clear: the trafficking of these girls is horrific and one hopes that all legal recourse is being used against those who actually were engaged in the trafficking. But targeting Backpage makes no more sense than targeting Ford because one of its cars was used as the getaway vehicle in a bank robbery. And yet... the court rules otherwise. And it doesn't give any good reason at all, other than because it said so. The court doesn't ignore Section 230. It properly notes that Section 230 protects service providers, but not those who develop the content. And then it decides that Backpage may have created rules that "induce sex trafficking," and thus it could be seen as developing the content. Here's the key part of the ruling:

Viewing J.S. 's allegations in the light most favorable to J.S., as we must at this stage, J.S. alleged facts that, if proved true, would show that Backpage did more than simply maintain neutral policies prohibiting or limiting certain content. Those allegations include that (1) "Backpage.com ... has intentionally developed its website to require information that allows and encourages ... illegal trade to occur through its website, including the illegal trafficking of underage girls," (2) "Backpage.com has developed content requirements that it knows will allow pimps and prostitutes to evade law enforcement," (3) "Backpage.com knows that the foregoing content requirements are a fraud and a ruse that is aimed at helping pimps, prostitutes, and Backpage.com evade law enforcement by giving the [false] appearance that Backpage.com does not allow sex trafficking on its website," (4) "the content requirements are nothing more than a method developed by Backpage.com to allow pimps, prostitutes, and Backpage.com to evade law enforcement for illegal sex trafficking, including the trafficking of minors for sex," ( 5) Backpage' s "content requirements are specifically designed to control the nature and context of those advertisements so that pimps can continue to use Backpage.com to traffic in sex, including the trafficking of children, and so Backpage.com can continue to profit from those advertisements," and (6) Backpage has a "substantial role in creating the content and context of the advertisements on its website." ... According to J.S., Backpage' s advertisement posting rules were not simply neutral policies prohibiting or limiting certain content but were instead ~'specifically designed ... so that pimps can continue to use Backpage.com to traffic in sex." ...

Given J. S. 's allegations, it does not appear "'beyond a reasonable doubt that no facts exist that would justify recovery"' in this case, and, therefore, dismissal of J.S.'s claims under CR 12(b)(6) is not appropriate.... It is important to ascertain whether in fact Backpage designed its posting rules to induce sex trafficking to determine whether Backpage is subject to suit under the CDA because "a website helps to develop unlawful content, and thus falls within the exception to section 230, if it contributes materially to the alleged illegality of the conduct." ... Fact-finding on this issue is warranted.

In short, because the plaintiffs claim that -- even though Backpage's terms of service directly state that you are not allowed to use the service for illegal activities such as trafficking or prostitution -- because they believe Backpage really wants that, it means that it's somehow crossed the line and helped to "develop" the content. That's bizarre and legally wrong. I imagine this will reach a federal court which will destroy this decision.

There's a concurring ruling from Justice Charles Wiggins that is even more confused and completely misreads Section 230 and the volumes of caselaw that make it clear that 230 grants full immunity to service providers. Wiggins insists that's not true. Because he's wrong.

I write separately to emphasize that this holding implies that the plaintiffs' claims do not treat Backpage.com as the publisher or speaker of another's information under the Communications Decency Act of 1996 (CDA), 47 U.S.C. § 230(c). The dissent misreads this statute to provide "immunity" to '"interactive service providers.'" Dissent at 1. This reading is irreconcilable with the actual language of the statute, which does not include the term or any synonym of "immunity." Subsection 230(c)(1) instead provides a narrower protection from liability: the plain language of the statute creates a defense when there is (1) a provider or user of an interactive computer service (2) whom a plaintiff seeks to treat, under a state law cause of action, as a publisher or speaker of information (3) that is provided by another information content provider.

Thus, when the cause of action does not treat an intermediary as a publisher or speaker, subsection 230(c)(1) cannot be read to protect that intermediary from liability. Plaintiffs' claims that Backpage.com created ucontent rules" specifically designed to induce sex trafficking and evade law enforcement do not treat Backpage.com as the publisher or speaker of another's information. Accordingly, I join the majority opinion.

This is just wrong. It's a really twisted reading of Section 230 that no court has made before. Wiggins is trying to argue that they're not blaming Backpage for the sex trafficking, but merely for the rules that induce sex trafficking (even though the company goes way beyond what's legally necessary to insist that no sex trafficking is allowed on the platform). Basically, he's arguing that if people think you mean one thing, but say another, Section 230 safe harbors might no longer apply to you. Because.

There's a strong dissent from Justice Sheryl Gordon McCloud pointing out how ridiculous it is that things got this far.

The majority holds that J.S.'s complaint would support a claim that Backpage functions as an "information content provider" because it alleged that Backpage maintains content requirements for advertisements posted on its website that surreptitiously guide pimps on how to post illegal, exploitative ads. But J.S.'s complaint clearly alleges that another content provider, not Backpage, provided the content for the advertisements. J.S. thus seeks to hold Backpage liable as a publisher or speaker of that information. Subsection 230(c)(l) therefore bars J.S.'s claims.

That dissent also trashes Wiggins' attempt to parse a difference between "immunity" and a more limited liability protection:

Given the allegations in this particular case, the difference in terminology is irrelevant. The question is how far the subsection 230( c )(1) protection reaches, and courts interpreting subsection 230(c)(1)'s language uniformly hold that its protection for publishers is "quite robust." They apply an expansive definition of '"interactive computer service provider"' and a rather restrictive definition of "information content provider." Carafano v. Metrosplash.com .... They hold that the law provides immunity if the plaintiff alleges that the defendant violated a duty deriving from the defendant's status or conduct as a publisher or speaker. Barnes v. Yahoo!... As long as a third party "'willingly provides the essential published content, the interactive service provider receives full immunity regardless of the specific editing or selection process."' Corbis Corp. v. Amazon.com.... The inquiry is whether the defendant "function[ed] as an 'information content provider' for the portion of the statement or publication at issue." Carafano...; see also Nemet Chevrolet, Ltd. v. Consumeraffairs.com ... (affirming district court's dismissal of complaint where plaintiff failed to show that defendant "was responsible for the creation or development. of the allegedly defamatory content at issue").

The dissent further notes that the majority decision mistakenly takes J.S.'s assertions that Backpage is the developer of content as true, even though it's clearly not the case under the law:

This allegation-that Backpage designed its posting rules to induce sex trafficking-might prove true. Indeed, we presume it is true when evaluating the sufficiency of J. S. 's complaint. But adopting such posting rules still does not make Backpage a "content provider" within the meaning of the CDA, even under the Ninth Circuit case upon which J.S., the majority, and the concurrence place principal reliance....

In fact, courts have consistently rejected the contention that defendants "develop" content by maintaining neutral policies prohibiting or limiting certain content. For example, in Dart v. Craigslist... which the majority cites at 7, the plaintiff claimed that even though Craigslist, an Internet classifieds service, prohibited illegal content on its website, users frequently posted ads promising sex for money.... Consequently, the plaintiff asserted that Craigslist "ma[de] it easier for prostitutes, pimps, and patrons to conduct business." ... A federal court in Illinois dismissed the claims... explaining, "Plaintiffs argument that Craigslist causes or induces illegal content is further undercut by the fact that Craigslist repeatedly warns users not to post such content. While we accept as true for the purposes of this motion plaintiffs allegation that users routinely flout Craigslist's guidelines, it is not because Craigslist has caused them to do so. Or if it has, it is only 'in the sense that no one could post [unlawful content] if craigslist did not offer a forum."' ... see also Chi. Lawyers'... ("Nothing in the service craigslist offers induces anyone to post any particular listing."); Roommates, ... ("To be sure, the website provided neutral tools, which the anonymous dastard used to publish the libel, but the website did absolutely nothing to encourage the posting of defamatory content-indeed, the defamatory posting was contrary to the website's express policies.")....

The facts in Dart are analogous to the facts here. J.S. alleges that pimps-not Backpage-created and uploaded the ads at issue... ("adult pimps ... posted advertisements for the girls") ... ("adult pimps ... create[ d] ... and then uploaded [the] advertisements of S.L. onto . . . Backpage.com"). Nothing in Backpage's policies obligated users to flout Backpage's express content requirements or to post unlawful content. J. S. 's allegations indicate that the pimps chose the content ultimately used in the advertisements.... The actual "information" at issue consisted of the particular wording and photos that the pimps provided....

Thus, holding Backpage liable would punish it for publishing third party content, and the CDA prohibits such liability.

It seems highly likely that Backpage will appeal and will win.

Filed Under: cda, immunity, liability, safe harbors, section 230, trafficking, washington
Companies: backpage, backpage.com

Fair Use At Risk When Private Companies Get To Make The Decision For Us

from the fair-use-in-the-age-of-the-cloud dept

We talk a lot about how fair use is under attack these days, and I've discussed in the past my concerns about freedom of expression when we always have a company (or a few companies) standing in the middle of our decisions on whether or not we can speak. NiemanLabs has a great example of where this becomes problematic in a story about how SoundCloud will not even consider fair use in making decisions about whether or not to take down content, and how that's harming journalism:

Here’s a wakeup call to audio creators everywhere: SoundCloud does not recognize your fair use rights under U.S. copyright law. If your content contains any copyrighted material to which you haven’t secured the rights — even if you have a valid fair use claim — SoundCloud may take it down at any time.

That’s exactly what happened to a former student of mine, and his experience should serve as a warning to the growing number of news organizations (including several that I work with) that use SoundCloud to host podcasts and other audio content.

Journalism as we know it could not exist without fair use, so it’s possible SoundCloud may not be a viable tool for the field. Imagine trying to do a story about the “Blurred Lines” lawsuit without playing copyrighted clips from the songs involved.

The article goes on to discuss an interesting journalism project that used a very brief clip of copyrighted music in a way that almost certainly was fair use. SoundCloud took it down. When pressed on this, the company eventually admitted that it refuses to take fair use into account, in part because fair use is only in the US:

We understand that US copyright law includes a doctrine of fair use. However, these rules are limited, difficult to apply outside of a court of law, and in any event do not necessarily apply outside of the United States. As SoundCloud is a global platform, we expect all of our creators to respect copyright law, and the rights of copyright owners, on a global basis.

As the writer of the article, Adam Ragusea, points out, this should be a major concern for any journalists using Soundcloud. And that includes us at Techdirt -- as we use SoundCloud to host our podcast. But the fact that the company might not even allow us to make use of our fair use rights -- the same rights that the Supreme Court has said are essential for protecting the First Amendment -- is a major concern, and one that has me thinking we should be looking for other platforms.

But, even then, we would most likely face the exact same situation. Any other platform will be under pressure from any sort of DMCA notice system as well. And while they could stand up for their users, many don't want to take on the liability risk. And thus, we run a serious risk of losing a key component of free expression.

And, honestly, the problem is only partially the companies like SoundCloud. The entire legal system is designed to make this sort of response the only real choice they have. With fair use being only truly available in a few countries, it's difficult to operate a global platform. This is why if we're going to put copyright into international trade agreements fair use needs to be included, otherwise we risk losing it back here in the US as well. But when you combine that situation with copyright law in which statutory damages are insane, and where the DMCA requires you to shoot first and ask questions later, it is way too easy for companies like SoundCloud to just throw up their hands and say this isn't worth dealing with.

Even companies that do try to take fair use into account -- like YouTube -- all too frequently fail to do a good job of considering fair use, leading to perfectly legitimate content disappearing, with no real recourse for the creators. This is why, beyond fair use, it seems like we need much stronger safe harbors for intermediaries like SoundCloud. It works with Section 230 of the CDA, in which the rule is pretty ironclad: the service provider should never be seen as legally liable for the content its users create. For fair use to thrive, copyright law requires a similarly ironclad safe harbor. This doesn't -- as some will inevitably claim -- mean that there is no recourse over infringement. There absolutely is. The copyright holder still has every right to target the actual end user, and that person can then stand up for their own fair use rights, which is only proper.

But under the current system, end users don't even have the chance to stand up for their own fair use/free speech rights, because third-party platforms like SoundCloud get to make the final decision for them -- and with all of the liability incentives stacked against them, free speech doesn't have a chance.

Filed Under: copyright, fair use, freedom of expression, journalism, private companies, safe harbors, third parties
Companies: soundcloud, youtube

Recording Industry's Latest Plan To Mess Up The Internet: Do Away With Safe Harbors

from the because-collateral-damages-is-foreign-to-you dept

For the most part, the recording industry has been rather quiet of late concerning copyright reform. With labels pulling funding from the RIAA and its international sister operations like the IFPI, the focus on copyright reform has been left mainly up to Hollywood and the MPAA. The recording industry has been much more focused on smaller issues like performance rights and other licensing issues. But, apparently, the recording industry hasn't yet truly given up on the idea of completely undermining key parts of the internet to get its wishes. According to the IFPI, its "top" goal for copyright reform is attacking the so-called "safe harbors" found in copyright law, like the DMCA's Section 512.

If you're unfamiliar with it, copyright's safe harbors are designed to make sure that the internet thrives, by avoiding frivolous litigation that would stifle free expression and innovation. Honestly, the safe harbors are a pretty simple concept: put the liability for infringement on the parties that actually infringe the content, rather than the internet services that they use. Think of it this way: you don't blame Ford for providing the getaway car in a bank robbery, and you don't blame AT&T for providing the phone service used to make a bomb threat. As such, it makes no sense to blame a hosting company because a blogger posted an infringing image.

IFPI's main target, not surprisingly, is YouTube. It makes a strained argument that the DMCA's safe harbor is costing the recording industry hundreds of millions of dollars -- and it does this by comparing apples to oranges.

Which results, the record industry argues, in what the IFPI calls a “value gap”. The trade group says: “An illustration of this can be seen in comparing the share of revenue derived by rights owners from services such as Spotify and Deezer, and those derived from certain content platforms like YouTube or Dailymotion. IFPI estimates music subscription services have 41 million paying global subscribers, plus more than 100 million active users in their ‘freemium’ tiers. This sector generated revenues to record companies of more than $1.6 billion in 2014″.

It goes on: “By contrast, YouTube alone claims more than one billion monthly unique users and is thought to be the world’s most popular access route to music. Yet total global revenues to record companies generated by certain content platforms including YouTube amounted to just $641 million in 2014, less than half the total amount paid to the industry by subscription services such as Spotify and Deezer”.

Note the implicit (and wrong) assumption, though: that YouTube and Dailymotion are the equivalent to Spotify/Deezer. Yet, much of the value in YouTube and Dailymotion is that they are platforms for anyone to upload any content, the vast majority of which is not music. But that point never seems to be considered by the IFPI at all. Instead, it wants to remove the safe harbors entirely from YouTube, by arguing that since the company is also providing services to help artists make money, it should lose its safe harbors:

Calling for action, IFPI chief Frances Moore said: “The value gap is a fundamental flaw in our industry’s landscape which sees digital platforms such as Dailymotion and YouTube taking advantage of exemptions from copyright laws that simply should not apply to them. Laws that were designed to exempt passive hosting companies from liability in the early days of the internet – so-called ‘safe harbours’ – should never be allowed to exempt active digital music services from having to fairly negotiate licences with rights holders”.

She added: “There should be clarification of the application of ‘safe harbours’ to make it explicit that services that distribute and monetise music should not benefit from them”.

But think about the obvious consequences to such a move (obvious to everyone but the recording industry, it seems). Removing the safe harbors from YouTube would have tremendous collateral damage, basically making the platforrm useless for all user generated content. It would effectively require Google to carefully pre-screen every video that goes up (beyond what it does now with ContentID -- which already, problematically at times, goes beyond what the law requires).

Furthermore, the message that Moore and IFPI are saying to the rest of the internet is don't help us monetize because the second you do, you should lose your safe harbor protections and immediately become liable for the actions of your users. How shortsighted can Moore possibly be? The recording industry's plan here is to basically tell the internet: don't build services that help us make money or we'll sue you. How is that possibly a smart strategy?

Filed Under: copyright, dmca, intermediary liability, liability, recording industry, safe harbors, user generated content
Companies: ifpi, youtube