Let's say you are a blogger who writes about music regularly and includes links to music in your posts. How do you avoid having your blog censored off the Internet by "DMCA takedown notices" sent out by music industry lawyers (as happened last week to several blogs hosted by Blogger)?
Of course, you could get authorization from all the relevant copyright owners before you post or link to a song. Unfortunately, that's virtually impossible for many music bloggers. In some cases, it may be impossible to figure out who the copyright owners are (consider the problem of live concert bootlegs, rare B-sides, out-of-print material, defunct labels). In other cases, you might have authorization from someone, but it could end up being the wrong person (i.e., an independent promoter or member of the band who doesn't actually have all the rights to give you). And even if you get authorization from all the right people, you could still find yourself on the receiving end of a DMCA takedown from the entity that controls the copyright in another country (because your blog can be accessed from that country).
In other words, it's quite likely that many music bloggers can never be sure that a DMCA takedown notice won't arrive someday.
If one does arrive, your blog hosting service probably won't take your side. The law gives online hosting services strong incentives to comply with takedown notices—prompt responses to takedown notices are often the only reliable shield that hosting services have against copyright infringement lawsuits and potentially hundreds of thousands of dollars of damages. No matter how much your hosting service values your business, it is not likely that they will be willing to bet their business to save your blog.
While most hosting providers will let you send a "DMCA counter-notice" to contest a bogus takedown notice, sending a counter-notice can have serious consequences if you're not absolutely sure that you had all the necessary legal rights to post the songs or links in question. Sending a DMCA counter-notice is serious business, as it leaves the copyright owner with few options (other than suing) in order to keep the song down. So we recommend that bloggers research copyright law and, if in doubt, consult a qualified attorney (or contact EFF) before sending DMCA counter-notices.
The DMCA also gives hosting services strong incentives to "terminate repeat infringers." That's why most blog hosting services will delete your account (and thus your entire blog) after receiving multiple DMCA takedown notices. The industry norm seems to be a "3 strikes" policy, although the number of "strikes" can vary. This policy can be particularly unfair when a copyright owner sends multiple DMCA takedown notices all at once, or within a few days of each other — you can find your blog deleted before you even find out who was complaining or can send a DMCA counter-notice. Many hosting providers also mark every DMCA takedown notice on your "permanent record" — simply deleting the file or the link won't expunge the "strike" on your account (generally, only a DMCA counter-notice will do that). So a DMCA takedown notice received for your blog might still count as a "strike" years later (again, this is because service providers want to be able to tell a court that they were good about "terminating repeat infringers," lest they lose their shield against copyright infringement lawsuits).
Of course, you may be able to talk the copyright owner into withdrawing a DMCA notice ("your marketing department sent me an email saying this link was legit"). And there may be informal strategies that work most of the time (like deleting links after a short period of time). However, at the end of the day, it's nearly impossible to be sure you'll never receive a DMCA takedown notice.
With that in mind, here are a few practical things you can do to minimize the disruption that the DMCA process might inflict on your blog:
Get your own domain name: Most blogging platforms will allow you to use your own domain name for your blog, which will make it easier for your readers to find you if DMCA takedown notices force you to change hosting providers. So, for example, if your blog is at YOURNAME.blogspot.com, and your account gets terminated, you probably will never be able to use that URL again. In contrast, if your blog were at www.YOURNAME.com, you could get a new account from another hosting provider and keep your URL the same. And don't register your domain through the same company that hosts your blog—that should reduce the risk that you'll find both your blog and your domain name deleted by your hosting provider in response to DMCA takedown notices.
Back up your blog, be ready to move it: Make sure that whatever blogging platform you use, it allows you to easily back up your entire blog in a format that makes it easy to republish elsewhere. Have a game plan ready for migrating your blog to a new hosting service quickly if that becomes necessary.
Make sure your hosting provider can reach you: If a copyright owner wants to send a DMCA takedown notice aimed at your blog, they will probably start by doing a reverse DNS look-up to figure out who is hosting it. So make sure that entity (whether it's a full-service blog hosting service like Blogger or a colo hosting your own server) knows how to reach you. Keep your email address up to date, be sure that messages from your blog hosting service are "white-listed" in any spam filters that you use.
Choose a service that has clear DMCA policies: Not all hosting providers accept DMCA counter-notices—make sure yours does, just in case you need to use it. Ask your hosting provider how many "strikes" it takes before your account is terminated. Ask whether "strikes" drop off your account after a period of time. Generally, you're better off with a hosting provider that has thought about these questions and implemented clear policies.
Study up a bit: A little studying up before hand can go a long way towards avoiding problem later. A good place to start is EFF's Legal Guide to Bloggers, which contains frequently asked questions about copyright, the DMCA process, and a host of other legal issues that bloggers might face. The Citizens Media Law Project at Harvard also has a great legal guide online.
In our last post, we set out some of Google's numbers for the total number of books that would fall under the amended settlement agreement. Now let’s look at how many and what sorts of rightsholders have come forward as a result of the oft-criticized notice program conducted by Google and the plaintiffs. For starters:
Number of Books Google Says are Subject to the Settlement: About 10 million
According to Rust Consulting, the company administering the notice program, 44,450 claim forms (both online and hardcopy) have been received as of February 8, plus 485 "lists" (a kind of modified claim request). The claims relate to approximately 1.13 million books and 21,829 "inserts" (i.e., things like a short story or article in an anthology). Of the 1,107,620 books claimed online, 619,531 are classified by Google as out-of-print and 488,089 are classified as in-print.
Total number of claimants: 44,450
Total books claimed: 1,125,339
Total inserts claimed: 21,829
Percentage of books claimed (online only) that Google classifies as out of print: 56%
So, of the 10 million books potentially covered by the amended settlement on Google's numbers, rightsholders have spoken up for a little more than 10%. Because there may be disagreements between the author and the publisher about who owns the rights, it is possible that some of these claims are actually competing claims for the same book.
Percentage of books claimed on Google's numbers: about 10%
As of the January 28 deadline for opting out, Rust reports receiving 6,818 requests for "exclusion" (which Rust uses here to mean simply "opting out of the settlement"). Adding that number to the 44,450 claiming responses makes a total of a little over 50,000 rightsholder responses, with about 87% choosing to participate in some form in the settlement and 13% opting out altogether. Keep in mind that those who objected to the settlement—and there were over 500 objections filed—had to stay in the settlement in order to object, so the 87% number shouldn’t be read as consisting only of those who favor the settlement.
Percentage of responding rightsholders who have opted out: 13%
Percentage of responding rightsholders who have chosen to participate in some form: 87%
The “Exhibit D” document of Rust Consulting's submission, consisting of four tables, was initially unhelpful and unenlightening, because none of the columns seemed to be properly labeled. However, upon EFF's request, Google promptly had Rust provide a clearer document, which has the missing information (Google says that the prior problem was due to scanning and that the document has not changed). Google confirmed one error in the first table: the correct number of online publisher claims should be 4,312 and 880 for agent claims.
The publisher claims account for 787,942 out of the 1,107,620 books claimed, or 71%, with an average of 895 books per claiming account. It is interesting that a relatively small number of publishers accounted for the bulk of the claimed works.
Percentage of books claimed by publishers: 71%
Percentage of books claimed by authors: 29%
At the fairness hearing, the lawyer for the Science Fiction Writers group raised concerns that publishers are claiming works that are out-of-print, which is problematic since in many instances those rights should have reverted to the authors. The attorney noted that the Google Books settlement appeared to be creating an opportunity for publishers to try to claim ongoing rights, and corresponding income, from works that they had abandoned and to which they may not have current contractual rights. This is one of many criticisms raised by author groups as well as the Department of Justice at the fairness hearing -- that the settlement rides roughshod over the contractual relationships between authors and publishers.
These numbers help clarify the picture, at least a bit. We hope Google, the plaintiffs, and Rust Consulting will provide even more numbers moving forward so that the public can continue to assess the settlement even as the Court deliberates.
In the wake of yesterday's fairness hearing on the Google Book Search settlement, this might be a good time, while Judge Chin is deliberating, to take a moment to update some of the numbers about the settlement. These numbers were culled from settlement documents (thanks to Prof. James Grimmelmann for much of that), Google's presentation at the fairness hearing, and congressional testimony.
[Note: these are Google's numbers and it wouldn't be surprising if others disputed them.]
First, how many books are there? Overall, Google engineer Dan Clancy said that Google's research indicates that there were over 174 million books total worldwide in bibliographic records.
Total number of books in bibliographic records in the world = 174m.
At the fairness hearing, however, Google's lawyer Daralyn Durie told the Court that there are approximately 42 million books total in the collections of libraries partnered in Google's digitization project.
Total number of books held by Google partner libraries = 42m.
How many of these fall under the terms of the settlement, which is limited to in-copyright books published in the U.S., Canada, U.K., Australia, and New Zealand? After subtracting public domain works (estimated at 20% by Google), excluding foreign works, and accounting for duplicate works, Google estimates that 10 million books are subject to the terms of the amended settlement.
Total number of books subject to the amended settlement = 10m.
Of this number, Google believes that half (~5 million) are in-print and half (~5 million) are out-of-print. In earlier Congressional testimony, Google estimated that no more than 20% (or ~1 million) of the out-of-print works would turn out to be true "orphan works" (i.e., works whose copyright owners could not be found).
Google's Dan Clancy estimates that Google has scanned 12 million books so far, which includes 2 million scanned through its Partner Program, another 2 million public domain works, and foreign works that are outside the amended settlement.
Some other numbers to keep in mind while pondering all of this: the Authors Guild claims a membership of over 8,500 and the Association of American Publishers claims to represent over 300 publishers, while 30,000 authors and publishers have already struck deals to be in Google Books through Google's Publisher Partner Program.
As we've explained before, a number of Hollywood movie studios have been on the war path against Redbox, the kiosk-based DVD rental operation, because Redbox offers DVD new releases for rent at 99 cents per night. Thanks to the first sale doctrine in copyright law, Redbox's business is completely legal—the company buys legitimate DVDs to stock their kiosks. Great for consumers, and a great alternative for those who might otherwise opt for an unauthorized alternative online.
But Hollywood wasn't pleased, and took a number of steps to interfere with Redbox's business, which in turn led to lawsuits. Earlier this week, Redbox and Warner Brothers settled their litigation, with Redbox promising not to offer Warner DVDs until 28 days after the DVD goes on sale. In other words, no more Warner new releases in the Redbox kiosks. Analysts predict this will be a blueprint for similar settlements with other Hollywood studios.
I’m assuming the studios’ were well-advised in their campaign against Redbox, and managed to strong-arm the wholesalers and big-box retailers without actually violating antitrust laws. But it’s still worth noting, I think, the extraordinary lengths to which they were willing to go to thwart the plain language and intent of an inconvenient portion of copyright law.
The First Sale Doctrine was promulgated–first by courts and later by Congress–precisely to deny publishers control over the secondary market in copies of works. It evolved to ensure that the practical application of the copyright statute would not be inconsistent with the Constitutional purpose of copyright itself: “To promote the progress of science and useful arts.” It does that by encouraging a robust and innovative market in copies, including a robust secondary market.
Through their many Redbox machinations, the studios have found a way around the plain purpose of the First Sale Doctrine by effectively (if not quite illegally) fixing the price of DVDs in the secondary market.
Over the weekend, Google announced significant changes to its new social networking service, Buzz. Responding to criticism (including EFF's), Google moved away from the system in which Buzz automatically sets you up to follow the people you email and chat with most. Instead, Google has adopted an auto-suggest model, in which you are shown the friend list with an option to de-select people before publishing the list. While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward.
In addition, Google said it would show current Buzz users the setup process again, giving a second chance to review and confirm the follower list "over the next couple weeks." We recommend that all current Buzz users immediately turn off the public list, and review their friend list before making it public again. (Instructions)
Google will also stop automatically connecting Picasa Web Albums and Google Reader shared items, and allow users to hide Buzz from Gmail or disable it completely.
These problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information. Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service. In the process, the privacy of Google users was overlooked and ultimately compromised.
Though Google responded quickly to these privacy concerns, they never should have happened in the first place. While Buzz previously had a lot of these privacy options available, the user interface failed to provide users with the setting users had reasonably expected. Google should follow fair information practices and make secondary uses of information only with clear, unequivocal user consent and control.
Part of the problem may have stemmed from Google's testing process. The BBC reports that Google only tested Buzz internally with its employees, omitting "extensive trials with external testers - used for many other Google services." Google employees are sophisticated power-users who will meticulously review the available settings. However, a good user interface for privacy must work for all users, and match the default settings with the expectations of the users. Only through broad based testing can Google be sure that users are giving informed consent.
Next week Google will face a federal judge and ask for approval of the Google Books settlement. EFF has raised privacy concerns, including the possibility that Google might make secondary uses of the Books information. Buzz's disastrous product launch highlights the danger posed by this possibility, and showcases the need for firm enforceable commitments to protecting user privacy.
Reports are coming in of additional privacy issues.
The Register reports that "Google Buzz is susceptible to exploits that allow an attacker to commandeer accounts and even learn where victims are located." While a security blog now reports this was fixed, Google should conduct a thorough security review to ensure that no other problems persist.
PC World notes that Google's "vanity URL" functionality presents users with an unfortunate choice: Either expose your email address to the general public, or host your profile at a monstrously long numeric URL. Google ought to provide a third, middle-of-the-road option by allowing users to select a simple and memorable URL which is not based on their email address.
Imagine you're a music journalist who maintains a blog. You've just found a great, new, virtually-unknown artist that you want to tell the world about. How can you do so, in a way that is simple and convenient for your readers, but does not place you or your blog's host at risk of being sued?
Thanks to the increasingly aggressive copyright-enforcement tactics of the music industry, this has become a startlingly complicated question with no good answer.
In the latest signal of this conundrum, at least six music blogs were deleted last week by Blogger due to copyright complaints. It's uncertain who made the accusations that lead to the deletions, but the most likely culprit is the International Federation of the Phonographic Industry (IFPI), a copyright-enforcement organization which had previously filed copright takedown notices against some of the targeted blogs.
Although the takedowns were made in the name of stopping piracy, the deleted blogs do not appear to have been hotbeds of illegal file-sharing. Indeed, some had operated for years and acquired a serious and substantial readership. Like many music blogs and magazines, they mostly posted reviews of artists, albums and concerts.
In at least one case, IFPI's accusations of copyright infringement were almost certainly incorrect. Bill Lipold, author of the deleted I Rock Cleveland, has outlined in painstaking detail the ways in which he received explicit permission to post every file on his blog, including ones which were later accused of infringement and forcibly removed. In one case, the band's publicist wrote of the takedown, "Just so you know, this is none of our doing...apparently, DMCA operate on their own set of odd rules, as they even requested that the (band's) official blog remove the song....What a headache..."
In cases like this, attacks on music blogs seem to be the latest example of the widening disconnect between the goals of the music industry's promotional wing and its enforcement wing. Smart musicians and promoters understand that the Net is a powerful promotional tool, and know that sharing an artist's music is the best way to earn new fans. The IFPI, on the other hand, writes clearly in its takedown notices that "Our top priority is to prevent the continued availability of the IFPI Represented Companies' content on the internet." We've already seen this divergence of interests play out in recent fiascos surrounding bands like OK Go and Death Cab For Cutie. And the television industry has seen similar problems in its attacks on YouTube.
In other cases, it appears that the bloggers may have posted or linked to copyrighted material without permission. But, as targeted blogger Patrick Duffey explains, it's often next to impossible to know exactly which content is being accused of infringement:
In their DMCA take down letters they never inform you what the infringing mp3’s are, forcing the writer to take down ALL the mp3’s in the offending post whether they have the permission to post them or not... If they had just included what the offending mp3’s were they could have avoided all of these headaches and bad press and we could have kept on going like any other day.
Living Ears, another targeted blog, echoes those sentiments:
One problem with these notices is that they do not mention infringing files by name. When I post the playlist from Scene Not Heard and link to a couple of tracks, if I receive a DMCA notice, how can you tell which file is to be deleted?
Targeted bloggers need to know these details, not only so that they can remove the file if it's indeed infringing, but so that they can file a DMCA counter-notice in the event that the file is not infringing.
Ordinarily, the party issueing the takedown notice would be required by US copyright law to specify which content is being accused. But, as an international organization headquartered in London, IFPI is arguing that it doesn't even need to play by the USA's rules. "We neither admit nor accept," they write, "...that Google is entitled to be served a notice in compliance with the DMCA." Translation: IFPI is essentially threatening to sue Google under some unspecified foreign law — presumably one which lacks even the modest safe-harbor provisions available in the USA. It's no wonder Google felt the need to take drastic action to avoid liability, even at the expense of the resulting headaches and bad press.
By now, the affected blogs have mostly migrated elsewhere — in most cases to software like Wordpress, deployed on smaller and less well-known hosting services. While this will buy them some time, these smaller hosting services are just as vulnerable as Google is to attacks by the IFPI and their ilk. In fact, most smaller hosts are likely to be even less helpful to bloggers than Google has been, since they tend to lack Google's legal resources and PR imperatives.
That being said, there are steps that music bloggers can take to protect themselves. Though EFF hasn't created resources specifically for music bloggers, many of the suggestions made in our Guide To YouTube Removals and Guide To Avoiding Gripes About Your Gripe (or Parody) Site will be relevant. Note especially this list of web-hosts that have been known to show some spine when faced with legal threats over their customers' content. And, of course, all current users of Blogger should make regular use of Blogger's "export" feature to back-up their work.
If this game of whack-a-mole seems familiar, that's because it is. The same copyright-enforcement machine that was originally designed to fight music piracy, having largely failed at that goal, has now been turned on music journalists, and — in some cases — musicians themselves. It's just the latest example of how legitimate speech and innovation will continue to be endangered until either Congress or the music industry takes serious steps to fix things.
ACLU National, ACLU of Wisconsin, and EFF have filed an amicus brief in the Wisconsin Supreme Court arguing that the law of that state prohibits police from installing a GPS device on you or your car without first getting a warrant from a judge. A growing number of state high courts have decided that their citizens should be protected from suspicionless GPS tracking, recognizing that uninterrupted around-the-clock surveillance is qualitatively different from ordinary police observations of a suspect. In the Wisconsin case, People v. Sveum, we ask the court to follow the example of Washington, New York, and Massachusetts and find that GPS tracking is a search that requires a warrant. EFF participated as amicus in the New York case, People v. Weaver, and is awaiting a decision under the federal Constitution in U.S. v. Jones, a GPS tracking case pending in the Court of Appeals for the District of Columbia. As more and more states find that their residents have a reasonable expectation that they will not be digitally tracked with surreptitiously installed devices, the federal courts must take note. The Fourth Amendment protects legitimate expectations of privacy.
EFF is also actively litigating several location privacy cases involving government use of cell phone tower information to track the location of mobile handsets. These cases involve the same creepy surreptitious pervasive electronic tracking as GPS tracking, but somewhat different legal issues in part because a complex statutory scheme protects data generated by cell phones. We recently argued one such case in the Third Circuit Court of Appeals. For an in depth analysis of the legal issues in that cell tracking case, see our amicus brief.
For more information, see: State v. Jackson, 150 Wash. 2d 251, 76 P.3d 217 (2003) (installation of a GPS tracking device on defendant’s car required a warrant), People v. Weaver, 12 N.Y.3d 433, 909 N.E.2d 1195 (2009) (same), and Commonwealth v. Connolly, 454 Mass. 808, 913 N.E.2d 356 (2009) (installation and monitoring of a GPS tracking device on defendant’s minivan was a seizure).
Google's new social networking service, Buzz has upseta lot of people who have inadvertently posted the list of the people they email and chat with most frequently on their profile. If you took the default options and didn't opt-out or edit this list during profile creation, the list becomes part of your profile. Since who you email with frequently can often be private information (reporters and sources, doctors and patients, former significant others, etc), making this list public can create serious problems.
If you're going to use Google Buzz, we recommend that you opt-out during profile creation. If you have already created a profile, change it to private immediately. Then go through the suggested list, and edit it as appropriate before making it public again. PC World has a helpful privacy checklist to help users understand the privacy implications of Google Buzz options.
Google has attempted to address some of these issues, making it easier to block people and hide the friend list. The underlying issue is that your email and chat contacts are not necessarily people you want to advertise as friends via a public social network. Since Google's competitors make it hard to transfer list of social contacts to new services, Google attempted to jump start Buzz with lists drawn from its successful Gmail and Gchat services. While this may help Buzz grow and save users the time to type in all their contacts, it also has an inherent danger of inadvertent disclosure of private information. Google could significantly reduce this problem simply by making the list private by default, so users could opt-in after reviewing the suggested list.
Google might also consider allowing those who agreed to join Google Buzz without understanding its implications to opt-out fully. Currently, "turning off" Google Buzz merely suspends the viewing and public broadcasting of messages until you might want to re-connect your private email world and the public space again. Some Gmail users would prefer that those worlds stay strongly unconnected. They do not want a list of potential "followers" to gather, awaiting the moment that a user mistake or poor interface design inadvertently reveals private data to the world once again. Google is apparently considering separating Buzz from Gmail.