YouTube announced its new and “improved” copyright policies yesterday, and it’s a mixed bag for YouTube users: they have a new opportunity to remove strikes on their accounts, but they have to watch some copyright propaganda first.
However, YouTube is also now requiring users who receive takedown notices to go to “copyright school," and that school has a pretty misleading curriculum.
As an initial matter, if YouTube is going to ask users to learn more about copyright when they get a takedown notice, they should require the same of rightsholders whose takedowns are disputed. As we have been reminded all too often, many content owners are badly in need of copyright education.
YouTube's lesson plan is equally troubling. Taken together, the materials send a strong message to users that they will get into legal trouble if they post anything other than content that is entirely self-created and/or drawn from the public domain – despite the multitude of important transformative uses that are permissible under the law and a fundamental part of our cultural experience.
Users are first asked to watch a short movie which celebrates avoiding legal trouble by “making your own video” – and it is clear that “your own video” does not include mashups and remixes. Fair use gets short shrift -- instead of explaining the term and how it might apply in various circumstances, the video simply shows users a short legalistic blurb (with a sped-up voiceover) and tells users who have any doubt to ask a lawyer. They also better consult a lawyer before sending a counter-notice: users get a stern warning that misusing the counter-notice process can get you in “a lot of trouble.” (The same applies to folks who send improper takedown notices, but there's no mention of that.) The video concludes by congratulating the protagonist for making a video with 100% self-created content. “That’s more like it!” says the narrator.
Taken as a whole, the video leaves the impression that there’s something legally wrong (or at least highly risky) about making videos that build on existing creative works – no matter how transformative. Good thing the amazing folks who created the videos compiled in our test suite didn’t go to YouTube's copyright school, or they might never have dared to make them – and we’d be the poorer for it.
The quiz that follows continues the theme and adds to the confusion. For example, in case users have not yet gotten the message, one query asks users to agree that “Creating 100% original new content for YouTube will help to protect you against claims of copyright infringement." Many users will take this to mean that posting anything else will invite a takedown, or a lawsuit. Another query gives users the impression that they can only send counter-notices if they have permission from the copyright owner to use a copyrighted work (“Q: If my account is terminated for multiple copyright violations, I can send a counter notification to reinstate the account even if I have no permissions from the copyright holder to use the content.” A: “False. The counter-notification process may only be used in cases of mistaken identification or to claim that the content was not infringing.”) If a use of third-party content is authorized by law, e.g., fair use or de minimis, there’s no need to ask permission -- but that's not what many users will believe after they take the quiz.
We're all in favor of copyright education. But YouTube needs to develop a new curriculum that helps users -- and content owners -- understand what's possible, not just what's forbidden.
On Tuesday, Senators John McCain and John Kerry introduced the long-awaited Commercial Privacy Bill of Rights, a sweeping bill that covers online and offline data collection, retention, use, and dissemination practices. Unfortunately, the bill may fall short of what’s needed to protect our privacy.
This bill fails to address many of the issues surrounding pervasive online tracking that have been raised by privacy advocates, explored in the Wall Street Journal’s What They Know series, and highlighted by the FTC’s recent Privacy Report. The bill’s most glaring defect is its emphasis on regulation of information use and sharing, rather than on the collection of data in the first place. For example, the bill would allow a user to opt out of third-party ad targeting based on tracking—but not third-party tracking. The consumer choice provisions in Section 202 apply only to data use—not collection—unless that data is both "sensitive" and "personally identifiable." Moreover, Part III of the bill, which imposes lax limits on collection, cannot be enforced by state Attorneys General. This is backwards: the privacy risk is not in consumers seeing targeted advertisements, but in the unchecked accumulation and storage of data about consumers’ online activities. Collecting and retaining data on consumers can create a rich repository of information—which leaves consumer data vulnerable to a data breach as well as creating an unnecessary enticement for government investigators, civil litigants and even malicious hackers.
The bill also fails to provide meaningful regulation of the more spurious current industry practices because its third-party opt-out wouldn’t cover any site a user has an account with. This "Facebook loophole" seems deliberately designed to preserve existing (and concerning) practices such as the Facebook "like" button, which can track an individual as she moves around the web by placing cookies on her computer even if she isn't logged into Facebook and doesn't click the "like" button. The proposed bill won’t help a user concerned about this practice. A user would surrender any right to opt out of being tracked by Facebook or Google simply by having an account with them.
The bill is also silent on Do Not Track—meaning there is no specific proposal for a meaningful, universal browser-based opt-out mechanism that could be respected by all large third-party tracking companies. Under the bill, users may see better notice about the type of tracking taking place and more clear methods of opting out of some of that tracking, but they would still need to opt-out of each third party individually. Users who are hoping for a one-click way of telling companies they don’t want to be tracked online won’t find it in the Kerry-McCain bill.
Consumers also won’t have a private right of action in the new Commercial Privacy Bill of Rights. That means consumers won’t be granted the right to sue companies for damages if the provisions of the Commercial Privacy Bill of Rights are violated. A private right of action is a powerful tool that consumers can use to compel compliance from companies that might otherwise choose not to respect users’ privacy wishes.
Finally, the bill would preempt many state online privacy laws. This means that even if a state enacts legislation that provides consumers with stronger protections for their data, those additional rights would be trumped by federal law. This is especially troublesome because California, long considered a bellwether state for privacy legislation, is currently considering legislation around Do Not Track.
While EFF applauds efforts to update privacy laws to address the needs and expectations of today’s digital consumers, we can’t help but wish this well-meaning bill provided more comprehensive rights to users. There is a growing public demand for meaningful privacy controls when using the Internet.
As Senator Kerry stated in the press conference after introducing the bill:
Companies can harvest our personal information online and keep it for as long as they like. They can sell it without asking permission or even letting you know that they’re selling your own information. You shouldn’t have to be a computer genius in order to be able to opt-out of information sharing.
EFF agrees. But a user also shouldn’t have to be a computer genius to opt out of unanticipated or unwanted data collection—which is exactly why we hope Kerry and McCain will amend their bill to provide meaningful control to online users.
California has taken another big step towards updating reader privacy for the digital age. The State Senate Judiciary Committee passed through SB 602, the Reader Privacy Act, after hearing testimony from EFF Legal Director Cindy Cohn and others in support of the bill Tuesday.
As Cindy told the judiciary committee, the books we choose to read reveal private information about our political and religious beliefs or interests, our health concerns, our financial situation, and our personal and professional lives. Maintaining reader privacy is fundamental to the dignity of Californians, and this principle is well ensconced in state law. However, with the market for digital books exploding, the law needs an update for the 21st Century.
Digital book services, libraries, and bookstores collect far more information than physical bookstores and libraries do. The data can include books browsed, how long a page is viewed, and even the electronic notes written in the margins. It's not hard to see the detailed portrait this could paint of your life. Without legislative protection, that information is a tempting target for the government or other litigants, like those involved in divorce cases, custody battles, or insurance disputes.
SB 602, introduced by California Senator Leland Yee, protects your private electronic reading records from those who don't have proper justification. The bill prevents disclosure of data without a warrant in a criminal case or a court order in a civil case. It also requires notice and opportunity to contest the order to the bookseller, and in some cases, to the reader. The bill would also have booksellers report on the number and type of requests that they receive.
The next step for this bill is the State Senate appropriations committee. Californians should let their state lawmakers know that this bill is key to updating privacy law for the digital age and ask them to support SB 602.
After months of expensive litigation, Sony has finally settled its case against George Hotz and dismissed the remaining defendants from the case. Was it worth the thousands Sony paid in lawyers fees? That depends on Sony’s motivation.
What Sony gets in the settlement (based on the final judgment filed yesterday): George Hotz agrees to leave Sony alone. Really alone. Since Hotz has announced he’s joining the boycott of Sony products, that may not seem like much to give up. But Hotz has agreed to do more than simply avoid hacking any Sony products; he has agreed not to even link to anyone else’s research on Sony products, or to share any Sony confidential information he might receive, even if he obtains it legally. In other words, Hotz is now under a gag order.
But the rest of us are not. Hotz’s research remains public information. The security flaws discovered by the researchers allow users to run Linux on their machines again — something Sony used to support but recently started trying to prevent. So all Sony has really accomplished is to silence one lonely researcher, and anger loyal customers. Hardly seems worth it, right?
Unless you assume that Sony had a different motivation: to chill security research on Sony products.
There’s good reason to suppose that assumption is correct. For example, as we noted when the suit was filed, Sony not only asked the court to immediately impound all "circumvention devices" — which it defines to include not only the defendants' computers, but also all "instructions," i.e., their research and findings. If that had been accomplished, the defendants could have lost access to their own research, and, of course, would have been prevented from sharing it with the world. Even worse, Sony claimed that it was a crime for users to access their own computers in a way that Sony doesn't like. Against this background, this speech-chilling settlement should surprise no one.
The judicial process should never be used to shut down lawful communication and investigation. Here's hoping future security researchers will refuse to be intimidated and that other companies will decline to follow Sony's heavy-handed example.
What happens when governments go to your online service providers seeking information about you? Birgitta Jonsdottir, Rop Gonggijp and Jacob Appelbaum use online social networks to communicate about social and political causes – including their support for the online whistleblower website Wikileaks. But their decision to back Wikileaks drew the attention of the U.S. government.
In connection with its investigation into Wikileaks, the Department of Justice issued a secret order to Twitter demanding the account information of Birgitta, Rop and Jacob. The order included a "gag" – meaning Twitter wasn’t allowed to talk about it. In fact, it wasn’t even allowed to tell Birgitta, Rop and Jacob about the government order for their account information.
That could have been the end of it – but Twitter chose to stand with their users. Rather than silently acquiesce, Twitter stood up and fought the secret demand. It won the right to tell the three Twitter users about the government order – giving them an opportunity to seek legal counsel and fight for their right to privacy.
Other Internet companies have stood up for users before, and still others have taken further steps to challenge overbroad orders directly and let the world know how many times they get such requests. Which companies stand by you when the government comes knocking?
Check out EFF's analysis of the policies of leading Internet companies for sharing information about users with the government.
For the next 14 days, you can get the newly-released Humble Frozenbyte Bundle! Like the first two bundles, you pay what you want to download five independent, DRM-free, cross-platform computer games, and choose to divide your money between the game developers, Child’s Play, and EFF. The Frozenbyte Bundle includes Trine, Shadowgrounds Survivor, the unpublished game Splot, and gaming prototype Jack Claw, in which you get to rampage through a city, throw cars, and generally cause mayhem.
Last year, the Humble Bundle’s innovative business model and their customers raised $500,000 for EFF. They proved yet again that consumers, given the right opportunities, will support content they want—without having to be sued, surveilled, or censored into compliance. EFF continues to protect freedom and innovation in the gaming world, whether we are arguing for the right of gamers to speak anonymously, defending video games from unconstitutional censorship, or protecting your right to resell, modify, or copy the games you have purchased. To find out more about our work related to video games, visit our latest issue page.
Get your bundle today to support indie gaming and two important nonprofits!
UPDATE: At the request of Mayor Ed Lee, the San Francisco Entertainment Commission has decided to postpone discussion of the proposed rules until its next meeting. EFF will provide more details as they become available.
The city of San Francisco has a long history of political activism and cultural diversity, which could be in danger if the San Francisco Entertainment Commission has their way. The Electronic Frontier Foundation joined civil liberties and privacy groups in criticizing a proposal from the San Francisco Entertainment Commission that would require all venues with an occupancy of over 100 people to record the faces of all patrons and employees and scan their ID’s for storage in a database which they must hand over to law enforcement on request. If adopted, these rules would pose a grave threat to the rights of freedom of association, due process, and privacy in San Francisco.
EFF will also present comments in person at a public hearing on the evening of April 12th. If you are in San Francisco, please attend the hearing and speak out against this dangerous and short-sighted proposal or email your comments to Jocelyn.Kane@sfgov.org. See details.
Events with strong cultural, ideological, and political components are frequently held at venues that would be affected by these rules. Scanning the ID’s of all attendees at an anti-war rally, a gay night club, or a fundraiser for a civil liberties organization would have a deeply chilling effect on speech. Participants might hesitate to attend such events if their attendance were noted, stored, and made available on request to government authorities. This would transform the politically and culturally tolerant environment for which San Francisco is famous into a police state.
We are deeply disappointed in the San Francisco Entertainment Commission for considering such troubling, authoritarian, and poorly thought-out rules. The Commission should reject this attack on our most basic civil liberties. San Francisco cannot hope to remain a hub of cultural and political activity if we are stripped of our civil liberties the moment we walk through the door of a venue.
Current members will be invited to join EFF technologists, activists, attorneys, and fellow members for happy hour at a secret San Francisco location on Thursday, April 21st. We'll present a brief update on the topic of YOUR choice! Vote to hear about our latest tech projects, activism campaigns, or legal cases when you receive your invitation and make a reservation.
SPEAKEASY: Bay Area EFF Members-Only Happy Hour
Thursday, April 21st from 6-8 PM
EFF's Speakeasy is a free, informal gathering for current members only and space is limited. Attendees must be 21 or older. No-host bar. Members will receive a personal invitation with location details by email on Tuesday, April 12th. For more information, contact firstname.lastname@example.org.
Not a member or have you let it lapse this year? There's still time to sign up today at https://www.eff.org/join