EFF is very pleased to announce the newest staff attorney to join our legal team, Hanni Fakhoury. Hanni is an experienced criminal defense attorney, who will focus on the intersection of technology and criminal law and join our Coders' Rights Project, which protects programmers and developers engaged in technology innovation and research.
Prior to joining EFF, Hanni worked as a federal public defender in San Diego. In less than four years, he tried fourteen felony jury and bench trials and argued before the Ninth Circuit Court of Appeals four times, winning three reversals. While in law school, Hanni worked at the federal public defender's office in Sacramento, where he obtained acquittals in one jury trial and two bench trials.
We're excited to have someone with so much hands-on trial experience to help with the important criminal legal work we do at EFF. Security and encryption researchers help build a safer future for all of us using digital technologies, yet too many legitimate researchers face serious legal challenges that prevent or inhibit their work. Additionally, we are seeing increasing incursions into privacy rights with warrantless searches of digital devices and electronic records as well as efforts to stretch the Computer Fraud and Abuse Act beyond what was intended by lawmakers. There is a lot of work to do to promote privacy, innovation, and the rights of curious tinkerers and hackers on the digital frontier, and Hanni brings important tools and experience to this fight. Welcome Hanni!
Last Friday, the federal district court in Nevada held that the non-profit organization Center for Intercultural Organizing’s posting of a copyrighted news article was a non-infringing fair use. The well-reasoned opinion sets a powerful precedent for fair use and against copyright trolling.
The newspaper article at issue was originally published by Stephens Media’s Las Vegas Review-Journal newspaper. Per its standard practice, copyright troll Righthaven LLC found it online and entered into a scheme with Stephens Media, under which the publisher purportedly assigned the right to sue to Righthaven. The litigation factory would then carry on the litigation at its own expense, splitting any proceeds with Stephens Media (less expenses).
This scheme was fatal to Righthaven’s infringement claim, because it greatly strengthened CIO’s claim to fair use. When analyzing fair use cases, courts must consider four statutory factors – the purpose and character of the use, the nature of the work, the amount and substantiality of the use, and the harm to the copyright holder’s market. These factors are balanced “in light of the purposes of copyright,” which are “[t]o promote the Progress of Science and useful Arts and to serve the welfare of the public.” (see Perfect 10 v. Amazon)
While considering the purpose and character of CIO’s use, the court compared the use made by CIO with the use made by Righthaven. The court wrote: “Although the former owner, the LVRJ, used the article for news-reporting, the court focuses on the current copyright owner’s use, which, at this juncture, has been shown to be nothing more than litigation-driven.” This led to the court to conclude that the purpose and character of the work was “transformative,” meaning it was used for a new purpose and therefore weighed towards fair use.
Likewise, when analyzing the “market harm” factor, the Court noted that Righthaven “failed to allege that a ‘market’ exists for its copyright at all.” Indeed, recently unsealed evidence shows that Righthaven is unable to make that allegation, as it is contractually prohibited from licensing the works in question. The court also noted that “Righthaven cannot claim the LVRJ’s market as its own and is not operating as a traditional newspaper.” The court cited to eBay v. MercExchange, a landmark Supreme Court from 2006, which refused to presume harm to the markets of patent trolls (entities that buy up patents solely for purposes of litigation). Taken together, this meant that the “market harm” factor favors fair use where Righthaven is concerned.
Finally, the court’s overall balancing clearly disfavored copyright trolling. The Court noted that Righthaven’s “litigation strategy has a chilling effect on potential fair uses of Righthaven-owned articles, diminishes public access to the facts contained therein, and does nothing to advance the Copyright Act’s purpose of promoting artistic creation.”
The decision confirms that a non-publishing entity that uses copyrighted works for litigation is in a materially worse position than the original publisher in a fair use analysis. While Stephens Media would likely have lost anyway, the business model promoted by Righthaven ensured that at least two of the four factors and the balancing favored fair use.
Righthaven’s decision to focus its efforts on news articles also contributed to its loss. While news reports may involve planning, research, interviews and a great deal of effort by a reporter, the Supreme Court has rejected the notion that copyrights may be based on the ‘sweat of the brow.’ Instead, the question is whether the nature of the work is informational or creative; if the former, the use is more likely to be found to be fair. While other copyright trolls will not necessarily focus on informational works, once again Righthaven’s business model contributed to its loss.
As we explained last week, the recently unsealed Strategic Alliance Agreement between Righthaven and Stephens Media shows that the purported assignment of the copyright is a sham. If the court agrees with this assessment, as we believe it should, it may well overshadow this fair use ruling for future Righthaven decisions. However, last week’s decision serves as a warning to others that purchasing a copyright solely to profit from litigation against bloggers and websites is not a good business decision.
When Keith Cowing made an innocuous post about a meeting of the President’s Council of Advisors on Science and Technology on his long-running science policy blog, Space Ref, he didn’t imagine that it would trigger a phone call from the White House. But that is exactly what happened, and the White House was not calling to congratulate him on his excellent science policy coverage. Cowing’s offense? Including an image of the seal of the Executive Office of the President of the United States in his blog post. According to Cowing, White House staffer Rick Weiss objected to the seal’s placement in proximity to an ad, which White House lawyers worried might be construed as an endorsement of the product.
The legal basis for the claim is unclear, but the story does sound familiar. In July of 2010, the FBI made a similar demand to Wikipedia for its use of the FBI seal on a Wikipedia entry about, no surprise, the FBI. That claim was made under 18 U.S.C. sec. 701, which is aimed at use of government seals to deceive the public. Wikipedia’s lawyers responded with a detailed letter pointing out, among other things, that their use wasn't deceptive. The FBI went away.
Cowing's use isn't deceptive either. The seal is plainly used in conjunction with the news article and the advertisement is no closer on this blog than ads are on news websites and in most newspapers and magazines for that matter. In fact, the seal of the Executive Office of the President of the United States is usedextensively all over the internet, sometimes even in promixity to advertising. Threatening phone calls from the White House only serve to chill free speech. Indeed, Cowing has replaced the image of the seal with a pixelated version and the words “OSTP Logo Pixelated Due to a Phone Call Complaint from the White House.”
As we said about the FBI last year, surely the White House has better things to do than to threaten bloggers engaged in legitimate free speech. Mr. Cowing deserves an apology and some folks in the White House appear to need a bit more training on the First Amendment.
Thanks to everyone who attended last night's second Bay Area Members-Only Speakeasy in San Francisco! We hope that you enjoyed this happy hour event as much as we did. Based on your votes, we were treated to an inside look at recent developments in RighthavenCopyright Troll lawsuits from EFF's Intellectual Property Director Corynne McSherry.
The conversations continued well into the night at Noisebridge, our local hackerspace. A special thanks to Andy Isaacson who spoke about EFF's SSL Observatory during his 5 Minutes of Fame lightning talk. For those who couldn't make, we hope to see you next time. Watch for the next Members' Speakeasy near you!
Learn more about EFF Membership benefits at https://www.eff.org/join
Last Friday, the Chief Judge of the federal court in Nevada, which is overseeing more than 200 Righthaven copyright cases, dismissed Righthaven's meritless claim to seize its victim's domain names. In each case so far, Righthaven contended that the mere hosting of any infringing material means that the entire domain name was forfeit to the copyright troll. Chief Judge Hunt rejected that claim, explaining that the "Court finds that Righthaven’s request for such relief fails as a matter of law and is dismissed."
Last night, Righthaven filed a new copyright case in Nevada federal court, and - guess what? - demanded forfeiture of the domain name. Indeed, unable to take "you're wrong as a matter of law" for an answer, Righthaven upped the ante, and asked the Court to:
Order the surrender to Righthaven of all hardware, software, electronic media and domains, including the Domain used to store, disseminate and display the unauthorized versions of any and all copyrighted works as provided for under 17 U.S.C. § 505(b) and/or as authorized by Federal Rule of Civil Procedure 64.
Not only has the domain name claim been specifically and completely rejected by that very court, but Righthaven's new citations do nothing to help its claim. As an initial matter, Section 505 does not have a subsection (b), and concerns attorneys' fees, not the surrender of domains and hardware. While Righthaven probably meant to cite to some other section and was simply sloppy in the drafting, no section of the Copyright Act will help them. Indeed, Righthaven has already "concede[d] that such relief is not authorized under the Copyright Act."
Nor is the citation to Rule 64 going to help Righthaven. This is the same argument it raised in Righthaven v. DiBiase, and which the court flatly rejected. Indeed, the argument was silly to begin with, since Rule 64 concerns state law remedies and copyright is a federal law.
The new complaint also asserts that Righthaven holds the "exclusive rights" to Stephens Media news articles, despite the Strategic Alliance Agreement showing that Stephens Media retains these rights. The effect of the SAA on Righthaven's cases will be briefed to the court over the next month.
EFF recently launched a campaign calling on companies to stand with their users when the government comes looking for data. (If you haven’t done so, sign our petition urging companies to provide better transparency and privacy.) This article will provide a more detailed look at one of the four categories in which a company can earn a gold star in our campaign: transparency about government requests.
We're asking companies to do two things in order earn a gold star in the transparency category: provide reports on how often they provide data to the government, and publish their law enforcement guidelines.
First, EFF is measuring whether companies publish the number of government demands they receive for user data, whether it's an official demand such as a warrant or an unofficial request. Google led the way in this category, and is the only company in our list currently publishing a Transparency Report. According to the report, over the course of six months Google has received 30 data requests from Israel, 71 data requests from Belgium, 1,343 data requests from the U.K. and 4,287 data requests from the U.S. As Google explains:
We believe that this raw data will give people insight into whether or not our services are accessible in a given country at a given time. Historically, information like this has not been broadly available. We hope this tool will be helpful in studies about service outages and disruptions and that other companies will make similar disclosures.
Google's report is just a start — they are continuing to investigate providing more detailed information about the requests they receive and we have ideas about how they can do even more, but for their transparency report they received half a gold star.
Second, we are tracking which companies publish their guidelines for law enforcement requests for user data. This is something Twitter already does. While none of the other companies in our campaign currently publish their law enforcement guides, we know other companies have them. We learned about some law enforcement guides when EFF and the Samuelson Clinic at UC Berkeley filed a Freedom of Information Act lawsuit against a half-dozen government agencies seeking their policies for using social networking sites for investigations, data-collection, and surveillance. Through that suit, we obtained law enforcement guides from sites like Myspace, Ning, Facebook, MSN and Yahoo. Other guides are available at cryptome.
But the public shouldn't have to spend months or years in court to get this kind of information. Good corporate citizens should freely publish their guidelines for law enforcement so that the public knows what those policies are.
Users make decisions every day about which companies they will entrust with their data. It's vital that companies are forthcoming about how often and through what process they hand user data to the government. If you're as concerned as we are about overbroad government surveillance powers and the potential for those powers to be abused, then urge companies to be transparent about handing data to the government by signing our petition.
Earlier this week, the popular online dating site Match.com announced plans to implement a system to check their users against sex offender registries. This comes in the wake of a lawsuit against the company by a woman who says she was assaulted by someone she met through the website. While sexual assault is inexcusable, this would-be solution is deeply flawed. Match.com’s plan isn’t a good way to catch sexual predators (who could just use fake names), sacrifices user privacy, and sets a troubling precedent for allowing companies to peer into our personal lives and histories before doing business with us.
Now, to set the record straight: Section 230 of the Communications Decency Act generally protects Match.com from being held liable as a publisher for what users post on the site. And Match.com isn’t responsible for how users act when they aren’t on the site. But, as we saw with Craigslist last year, sometimes a site under pressure will change their legal policies rather than continue to face public criticism.
There are several glaring flaws with Match.com’s plan. For one, Match.com can’t prevent sexual assault by screening for sex offenders. But even if Match.com’s goal is merely to check whether users are on a registered sex offender list, rather than to actually prevent assault, Match.com runs into the difficulty that many people who use the site may not use their real names. And while a portion of Match.com’s services require a form of payment, a user looking to conceal her identity might simply use someone else’s credit card to purchase a Match.com subscription. For this plan to work, Match.com will likely need to move to a real name policy, similar to Facebook's. And often a legal name may not be enough to establish one’s identity – Match.com could well need to collect other data points, like address or phone number, to truly figure out which “John Smith” has registered for their site. (Of note: a quick search through the sex offender registries for the name “John Smith” returns dozens of results.) This will be a change for Match.com: you can currently sign up for an account without providing your real name and there’s nothing in the terms of service that requires an individual to provide her real name.
And the real flaw in Match.com’s plan is the most obvious: criminals who want to use Match.com for nefarious purposes could use a false identity to set up service. So while law abiding citizens searching for love are handing over loads of personal data to Match.com, those with criminal intent are unlikely to provide real information about themselves when signing up for the site.
Match.com, like any business, can choose whom they want to do business with – and even place requirements on users as a contingency for providing services. But every time a company demands more of our personal data as a contingency for a transaction, we lose a little bit more of our privacy. Data like our legal names, addresses, phone number, Social Security numbers, and credit card information can be demanded by businesses before we can complete our transactions, and users often have no right to refuse without jeopardizing the right to do business with the company. (Though California’s Civil Code Section 1747.08 is a rare counter example.) Which means businesses can –and do – take every opportunity to suck up personal data and store it, sometimes indefinitely, in enormous databases, which all too often suffer from data breaches that increase users’ chances of identity theft.
Collection and storage of sensitive personal information is an issue every online user should be concerned about. But for individuals whose very lives rest in their ability to maintain anonymity, whether because they are victims of stalking or political dissidents, the ability to use the Internet without giving away key pieces of data like your legal name is a matter of safety. And this is especially true for sites we use to communicate – including email, social networking sites, blog platforms, instant messaging services and even online dating sites.
Notably, Match.com doesn’t promise to safeguard user data even though they collect so much of it. In fact, they say specifically: “We do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure.” What’s more, Match.com actively shares your data with other businesses through the IAC business group, which includes companies like Ask.com, Urbanspoon, CitySearch, Dictionary.com, and Zwinky. Match.com states:
We may share information we collect, including personal information such as your name and contact information, interests, activities and transactions on our site, with the IAC companies.
They also give themselves ample flexibility to share user data they collect with the government upon “a request for cooperation from a law enforcement or other government agency.” They do not, however, promise to inform users when this data is handed over.
Let’s face it: Match.com is already collecting vast amounts of data about consumers, actively sharing it with other businesses, leaving themselves open to sharing it with the government and not providing many rights for users of their service to access, remove or update that data. They aren’t breaking any laws, and frankly lots of companies have similar practices. But considering their enormous user base and the size of their network of affiliated companies, users who care about privacy should strongly protest any attempt by Match.com to mandate identity verification as a contingency for using the service. It’s an affront to privacy masquerading as a safety feature.
EFF today, along with Professor Jason Schultz, Co-Director of the Samuelson Law, Technology, & Public Policy Clinic at the University of California at Berkeley Law School, and Professor Mark Webbink, Executive Director of the Center for Patent Innovations at New York Law School, filed comments in response to the Patent Office’s Request for Information on Improving Regulation and Regulatory Review.
Traditionally, the lack of public participation at the Patent Office has caused great harm to patent quality as well as innovation. In addition, we have seen time and again that third parties want to participate in the patent process. Successful programs like EFF’s Patent Busting Project and Peer To Patent are proof of this trend.
We believe that third parties — especially those whose work is deeply affected by patents but who may not usually deal with the PTO — will also want to participate in the PTO’s rulemaking process to make sure their voices are heard on how to best implement policies and procedures to eliminate bad patents and to bolster innovation. In our comments we encourage the PTO to employ a broad public participation process that would include public roundtables and hearings. We are hopeful that the PTO will adopt our recommendations and give EFF, its members, and the public at large a meaningful opportunity to participate in future regulatory process.