In the last few weeks, Facebook and Google have been engaging in a public tussle over an issue that is near and dear to EFF's heart: data portability. The crux of the issue is that when you sign up for Facebook, you can find your Gmail contacts or invite them to join the social networking service with a few quick clicks. But when you sign up for Google, Facebook prevents you from easily inviting all of your Facebook friends to Google, despite the fact that Facebook makes it easy for users to export their contacts to other services like Yahoo!.
This comes at a time when Facebook is launching a messaging product that may rival Google's communication applications and rumors abound that Google is looking to make a foray into the realm of social networking — suggesting that market advantage, rather than user rights, could well be driving this data portability squabble.
Google's maneuver is particularly interesting in light of Facebook v. Power Ventures, a case in which Facebook has sued a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook's terms of service don't allow users to access their information through "automated means," Facebook claims that Power's access is not authorized or permitted, and therefore violates state and federal computer crime laws. (The court recently threw out one of these claims, finding that Power could not have violated California’s computer crime law merely by breaching Facebook's terms of service — a result EFF urged the court to reach in two amicusbriefs.)
So Google put Facebook in a bind. Facebook could:
Let users take their Facebook contacts to Google,
Stop importing contacts from Google, or
Continue its current practice and violate Google's terms of service — which Facebook itself has argued is criminal behavior.
Rather than taking this opportunity to give Facebook users the ability to export their contacts — something that EFF has strongly advocated for in the past — Facebook instead created a tool to work around Google's restriction. Users signing up for Facebook are now prompted to download their Gmail contacts to their hard drives, and then upload them to Facebook. While this means an extra step for users, the end result is simply that Google contact data is still portable to Facebook, and Facebook doesn't reciprocate. Google, in its latest salvo of the battle, is highlighting Facebook's approach in a new message that asks users seeking to export their Gmail contacts to Facebook whether they're sure they want to take their contacts to a service that refuses to let them export.
So why does exporting data matter to users?
Data portability is a deceptively simple idea with serious benefits for users. EFF championed data portability in our Social Network Bill of Rights. If an online service disrespects user privacy, lacks functionality or violates user expectations, a user should have the right to pack up her information easily and leave. This means that online platforms would have a vested interest in making sure users were happy with their services — or face an exodus.
Facebook has been working to improve its data portability. In October, Facebook announced that it would provide a way for users to export their content, which fits squarely into the Social Network Users' Right to Leave. (That is, assuming you can figure out how to close your Facebook account.) But Facebook still doesn't allow users to export the contact information of friends to any service they like.
However, that might be the most important thing.
Social networks like Facebook are more than just status updates, photos and links. They are built on relationships with people. So if you really want to abandon your social networking account and start homesteading a virtual farm on a different online platform, you'll want to bring the contact data of your digital acquaintances with you. Facebook's failure to freely provide this functionality makes it more difficult to leave Facebook for one of Facebook's many social networking rivals.
Facebook, for its part, argues that users don't have the right to easily download their friends' contact data anymore than they have the right to mass download their friends' photo albums. This is a somewhat dubious argument, considering Facebook does allow contact data to be exported to the iPhone address book, Yahoo! and Hotmail. While user privacy is important, hamstringing data portability isn't the right solution. (And in fact, a savvy user can export Facebook contacts if he or she tries. Here's how.) If Facebook wants to respect user privacy and choice, it should provide a simple way for users to download data — including the contact data of friends — while also providing an opt-out for individuals who never want their data downloaded by online acquaintances.
One thing should be clear to users of both Google and Facebook: when companies guard data to obtain a market advantage, consumers lose out.
UPDATE (11/16/10) — InsideFacebook.com is reporting a new feint from Facebook in its knife fight with Google over portability. After the launch of Facebook's new unified messaging product yesterday, a Facebook spokesman told InsideFacebook that the company would allow users to export their friends' email addresses — but only up to a point. Users will *only* be able to export their friends' "@facebook.com" email addresses — the addresses associated with the new messaging service — which does little to enable competition in the social network arena, whether from Google or anyone else. As InsideFacebook points out, "Even if Google or another company managed to recreate parts of the social graph by importing @facebook.com addresses, these companies would still have to contact these users by their @facebook.com accounts, leaving the social network as the middleman."
When Microsoft announced that it was launching a webcam-style peripheral for its Xbox360 that would allow users to interact with the game system without the need for a game controller, the excitement was not limited to gamers. The Kinect, which allows a user to control games through gestures, speech, and presented objects or images immediately intrigued the hardware hacking community. The folks at AdaFruit Industries gushed, “Imagine being able to use this off the shelf camera for Xbox for Mac, Linux, Win, embedded systems, robotics, etc. We know Microsoft isn’t developing this device for FIRST Robotics, but we could!”
Given the range of possibilities for this technology, it is no surprise that it was immediately reverse engineered. Like the CueCat and Aibo and many other technologies before and after them, the Kinect has so many cool potential new uses that limiting those who can use it to those approved by Microsoft would be a tremendous waste and a lost opportunity for innovation. After all, reverse engineering is a crucial component of any healthy technical ecosystem.
To that end, AdaFruit offered a prize to the first person to write an open source driver for the Kinect. They then raised their bounty to $3,000. Days later, Spain-based hacker Hector Martin claimed the bounty. Within a day, hardware hackers were employing the open source driver to put the Kinect to all kinds of imaginative uses, including a multi-touch interface.
Microsoft’s initial response was to rattle its sword. A Microsoft spokesperson told CNET, “With Kinect, Microsoft built in numerous hardware and software safeguards designed to reduce the chances of product tampering. Microsoft will continue to make advances in these types of safeguards and work closely with law enforcement and product safety groups to keep Kinect tamper-resistant."
Microsoft should keep its sword in its scabbard. The Kinect technology is getting rave reviews and generating a real buzz. Microsoft could blow all of this goodwill if it tries to shut down independent innovation around the Kinect, as Sony learned when it tried to shut down innovation around the Aibo. Fans were so outraged that Sony was ultimately spurred to release a programmers kit for it. Microsoft should learn from Sony's experience and embrace its role as the creator of a new platform for innovation by supporting efforts like those of AdaFruit and hacker Hector Martinafter all, every hacker and every user of a hacked Kinect will have to buy the technology first.
Trying to stop tinkering won’t work anyway — the street finds its own uses for things and the potential uses for this in-home robotic device start from the prestigious FIRST contest and reach as far as the imagination will take them.
AdaFruit has now offered an additional $1000 bounty for a tool that makes it easy to use the Kinect on LINUX systems and Matt Cutts, the head of Google's webspam team, is offering another $1000 prize for the coolest tool, demonstration, or application using the Kinect.
Adafruit also made a donation of $2000 to the Electronic Frontier Foundation in the midst of this, citing our extensive work in support of coders’ rights and our efforts to preserve the freedom to tinker in the face of the anti-circumvention provisions of the DMCA. We greatly appreciate the support.
On behalf of the EFF staff, thank you for helping us to compete in PayPal's matching challenge. Together we raised over $70,400! Individual donors like you make EFF's work possible. EFF will also receive $5,000 in matched funds directly from PayPal, and additional matched funds from two very generous EFF members.
Don't forget to match your gift with your employer:
Ask your human resources department if your employer matches donations.
Fill out the paperwork and forward it to EFF for completion (if necessary).
You're done! It's a simple step that maximizes your impact and keeps EFF going strong.
Even if you don't use PayPal or don't have funds to contribute, there are many valuable ways to help and get involved with digital rights. Thank you for all of the ways you support EFF!
Congratulations to the winners of EFF's 2010 Pioneer Awards: Steven Aftergood, James Boyle, Pamela Jones and the website Groklaw, and Hari Krishna Prasad Vemuru! The 19th Annual Pioneer Awards ceremony was held this past Monday at 111 Minna Gallery in San Francisco. We were all deeply inspired by the words of our award winners and our Master of Ceremonies, Cory Doctorow, and want to share the experience with all who weren't able to join us in person.
Finally, we'd like to share the words of our VIP ticket contest winner, Larry Starkand, who wrote in to tell us about how EFF inspires him to support digital rights:
I first became aware of and inspired by EFF in the same way I continue to be today. It was nearly 20 years ago after the OKC bombing, when the newly elected Senator Feinstein wanted to censor bomb making information from the internet. Mitch Kapor had been called to testify before the committee, and when he first spoke about First Amendment protections and free speech, Sen. Feinstein immediately piped up and said: I am sure when our forefathers sought to protect our right to free speech they did not mean those who would foster the violent overthrow of our lawful government. To which Mitch responded - Umm Senator? YES THEY DID. The next day I joined the EFF and have been a member ever since. Just like that day, EFF inspires me every day to be aware, to speak up and always remain vigilant, because Freedom is taken slowly when we are not looking.
Many thanks also to our sponsors: CEA, JibJab, Junk Email Filter, and Zynga; to 111 Minna Gallery; and to our 2010 Pioneer Award Judging Panel: Jim Buckmaster, Cory Doctorow, Mitch Kapor, Drazen Pantic, Barbara Simons, and James Tyre.
EFF is pleased to welcome yet another new addition to our team: Technology Director Chris Palmer. Chris is hardly a newcomer, however -- he's a former EFF technologist who is returning to the EFF fold after several years in the technology industry focusing on application security.
Most recently, Chris worked as a Senior Software Engineer at Google on securing the Android operating system for mobile devices. Before that, he was a Principal Security Consultant at iSEC Partners, a security engineering consultancy, where he hacked a wide variety of applications and platforms. Chris also worked as a developer at web app shops in San Francisco and Minneapolis, in addition to his previous tenure as an EFF Staff Technologist.
Chris is a security engineering expert, who has presented at various conferences including Black Hat, DefCon, and Web 2.0 Expo. You'll be hearing a lot from him about security issues on our blog and elsewhere. Welcome Chris!
UPDATE: On the morning of Thursday, November 11th, one of EFF's long-time supporters pledged to match new funds donated through this week's PayPal Challenge. We have only two days left to take advantage of this generous offer. Please help EFF by donating through PayPal today.
Check out our progress! Defenders of digital freedom have proven their commitment to EFF this week. We've raised over $50,000 in donations. Click here to see how much we've raised. As of Thursday morning, EFF is in first place for the PayPal Challenge. If we finish in first place, it means bonus funds for our organization!
Donate to EFF this week and you can double — or even triple — the value of your contribution! PayPal and Convio will match up to $5,000 in donations to EFF made via PayPal between Tuesday, November 9, and Friday, November 12, 2010.
Enter the information and choose PayPal as your payment method.
You will be redirected to a PayPal login page to complete the transaction.
You're done! PayPal matching is automatic.
Then, triple your donation with employee matching.
Ask your human resources department if your employer matches your charitable donations.
Fill out the paperwork and forward it to EFF for completion (if necessary).
You're done! It's a simple step that maximizes your impact and keeps EFF going strong.
Even current members can make contributions to help put EFF on top! And as an added bonus, the charity that raises the most money and the charity that receives the most donation transactions will each receive $1,000 prizes. But hurry, the contest ends on Friday!
The Federal Trade Commission (FTC) has a long history of promoting commercial competition and consumer protection. Clearly recognizing that many of the trickiest issues facing consumers today are digital, the Commission has made the commendable decision of hiring Princeton professor of computer science and public affairs (and former EFF board member) Ed Felten as its first Chief Technologist.
Professor Felten is a leading technology researcher working in the public interest. As the founding Director of the Center for Information and Technology Policy at Princeton University, he works to grow the ranks of technologists with a mind for the public policy implications of their work. He was the lead computer science expert witness for the Department of Justice in the Microsoft antitrust case. After Felten and a team of his students "broke" the digital audio watermark technologies the music industry had created to restrict the copying of music, Felten became the lead plaintiff in a case challenging the industry's attempts to silence his reporting of his findings. In 2005, Felten and his students published critical information about the Sony BMG rootkit, exposing a computer security vulnerability being secretly installed onto the computers of countless consumers of music CDs. Later, he led teams of graduate students in uncovering the dangerous flaws in various electronic voting machines — despite legal intimidation from voting machine manufacturers — ensuring that elections were not blindly placed in the hands of unpredictable, manipulable machines.
With the FTC's report on the year-long series of Exploring Privacy Roundtables expected to be released in the coming weeks, the selection of Professor Felten may be signaling that the FTC is ready to take on a new level of involvement in defending consumer privacy. The Privacy Roundtables gathered experts from a range of disciplines to explore how emerging technologies may threaten consumer privacy — and what role the FTC should take in defending consumer interests. With Felten on board, the FTC is uniquely positioned to deal with the myriad issues from the Roundtables in ways that protect consumer privacy without hampering innovation.
Congratulations to both Professor Felten and the FTC. EFF is looking forward to seeing great work from the Commission on consumer privacy issues and beyond.
After a brief deliberation, a jury this week awarded $1.5 million in statutory damages ($62,500 per recording) to the record label plaintiffs in Capitol v. Thomas-Rasset. The case has repeatedly made headlines as the first action against an individual accused of illegal file-sharing to make it to the trial stage. As the litigation proceeded, however, the case (as well as another individual filesharing case, Sony v. Tenenbaum) has taken on new importance by shining a light on the irrationality of copyright remedies.
This is plain just in the Thomas-Rasset case alone. For reasons too complicated to detail in this post, three separate juries have considered how much Ms. Thomas should be forced to pay the record labels for sharing 24 songs. Their answers have varied dramatically:
Verdict 1: $222,000
Verdict 2: $1.92 million
Verdict 3: $1.5 million
That’s a swing of over $1.7 million total, with a change of over $400,000 just this last time, all over the same alleged infringement of the same 24 songs.
Judge Michael Davis put the problem well back in 2008, when he ordered a new trial on liability. Although the Order was focused on an erroneous jury instruction, not damages, the court noted that the jury’s award of $222,000 was simply irrational:
The Court would be remiss if it did not take this opportunity to implore Congress to amend the Copyright Act to address liability and damages in peer-to-peer network cases such as the one currently before this Court. . . . While the Court does not discount Plaintiffs’ claim that, cumulatively, illegal downloading has far-reaching effects on their businesses, the damages awarded in this case are wholly disproportionate to the damages suffered by Plaintiffs. Thomas allegedly infringed on the copyrights of 24 songs—the equivalent of approximately three CDs, costing less than $54, and yet the total damages awarded is $222,000—more than five hundred times the cost of buying 24 separate CDs and more than four thousand times the cost of three CDs. While the Copyright Act was intended to permit statutory damages that are larger than the simple cost of the infringed works in order to make infringing a far less attractive alternative than legitimately purchasing the songs, surely damages that are more than one hundred times the cost of the works would serve as a sufficient deterrent.
. . .
Unfortunately, by using Kazaa, Thomas acted like countless other Internet users. Her alleged acts were illegal, but common. Her status as a consumer who was not seeking to harm her competitors or make a profit does not excuse her behavior. But it does make the award of hundreds of thousands of dollars in damages unprecedented and oppressive.
Judge Davis is not alone in his concern for proportionality. Earlier this year, in an order reducing a $675,000 award against another individual file-sharer, Joel Tenenbaum, to $67,500, Judge Nancy Gertner held that the original award was “unprecedented and oppressive” and noted that even the reduced award was “more than [she] might have awarded in [her] independent judgment.”
While the jury saved Ms. Thomas-Rasset $400,000 this time, a $1.4 million dollar judgment is still the stuff of rock stars, not ordinary music fans. Based on his previous rulings, it’s likely that Judge Davis will reduce the award. But as both Judge Davis and Judge Gertner recognize, there’s a more fundamental problem here.
In most areas of civil law, we tie damages to actual harm, i.e., what is needed to make the person harmed “whole.” Even in the relatively rare case of punitive damages, intended to punish people who have willfully engaged in illegal conduct, we still require a proportional relationship between damages and actual harm. We do this in part because it is fair, and in part because it allows those whose actions test the law or arise in new circumstances to reasonably evaluate their legal risk. Yet when it comes to copyright, there’s no reasonable way to evaluate the risk: juries can award anywhere from $750 to $150,000 per work, and as the Thomas-Rasset case demonstrates, there’s no predictability even when the facts are exactly the same.
And that lack of predictability causes real harm, chilling speech and innovation. For example, copyright owners have used the DMCA notice and takedown process and various filtering systems to take down innumerable fair uses. One way to check this abuse is for fair users to challenge improper takedowns, counternoticing or bringing actions under 17 U.S.C. section 512(f). But few people are willing to do so. And a big reason for this is that our broken copyright system leaves them facing the prospect of paying outrageous statutory damages and even possibly attorneys' fees if they stand up, fight back, and, against overwhelming odds, lose the legal battle. It’s a gamble with their life savings (and more) that most people just aren’t willing to take, even when their works are clear fair uses and even if they have free legal help.
As Judge Gertner recognized, large and disproportionate damage awards like this also raise some important constitutional concerns grounded in basic fairness as well as the judicial concern about creating a “windfall” for plaintiffs.
First, the Supreme Court has made it clear that “grossly excessive” punitive damage awards (e.g., a $2 million award against BMW for selling a repainted BMW as "new") violate the Due Process clause of the U.S. Constitution. In evaluating whether an award "grossly excessive," courts consider three criteria: 1) the degree of reprehensibility of the defendant’s actions, 2) the disparity between the harm to the plaintiff and the punitive award, and 3) the similarity or difference between the punitive award and civil penalties authorized or imposed in comparable situations. Does a $1.5 million award for sharing 24 songs cross the line into "grossly excessive"? And should these Due Process limitations apply differently to statutory damages than to punitive damages? We don’t think they should.
Second, the jury was instructed that it could consider “the need to deter this defendant and other potential infringers” in determining damages. That is, they wanted the jury to consider not only Ms. Thomas-Rasset’s actions, but on the possible actions of others. This instruction was likely wrong -- the Supreme Court has disapproved damages awards designed to target harms that are not part of the case actually before the jury. In other words, the damage award should be aimed at deterring this defendant, not giving the plaintiffs a windfall in order to send a message to others who might be tempted to infringe.
Those interested in a more detailed discussion of these constitutional doctrines should start with an article by Prof. Pamela Samuelson & Tara Wheatland, Statutory Damages in Copyright Law: A Remedy in Need of Reform (full disclosure: Prof. Samuelson is a member of EFF's board of directors). In the meantime, we’ll continue to watch this case closely as it winds its way to conclusion, likely before an appellate court.