Yesterday, Microsoft used a Digital Millennium Copyright Act (DMCA) takedown notice to demand that a copy of the "Microsoft® Online Services Global Criminal Compliance Handbook" (the Compliance Manual) be removed from Cryptome, a security website. As a result, Network Solutions felt obliged to takedown the entire Cryptome.org domain, a repository for thousands of important and controversial documents.
As is often the case, the ensuing uproar simply called more attention to the document in question. Yesterday evening, Microsoft wrote to Network Solutions and withdrew its takedown demand, while insisting that its copyright concern was nevertheless legitimate.
We appreciate that Microsoft acted quickly to correct its error, but are still disappointed that Microsoft nonetheless insists that, in the words of Evan Cox, outside counsel for Microsoft, "Microsoft has a good faith belief that the distribution of the file that was made available at that address infringes Microsoft's copyrights."
To the contrary, as we explain below, Cryptome's publication of the Compliance Manual is a clear fair use under the Copyright Act.
To determine whether a use of a work is fair, courts engage in a case-by-case analysis, starting with the four factors set out in the Act: the purpose and character of the use; the nature of the work; the amount and substantiality of the work; and the harm to the market for the work.
On the first factor, Cryptome used the manual for a noncommercial, transformative purpose—to educate the public on how the government and Microsoft work together and to illustrate how much information is available about internet users. Cryptome did not stand to profit, and was not seeking to exploit the work for money.
Cryptome's use is also transformative because it does not merely supersede original, but instead "adds something new." Cryptome took a work designed to inform law enforcement how to work effectively with Microsoft, and, by putting it in a new context, formed the basis for newsworthy criticism of Microsoft and its compliance practices.
The "nature of the work," factor also favors fair use: factual works like the Compliance Manual receive only thin protection under copyright law, especially where the material has been published.
The extent of permissible fair use copying varies with the purpose and character of the use, and, as the Ninth Circuit has held, "[i]f the secondary user only copies as much as is necessary for his or her intended use, then this factor will not weigh against him or her." While Cryptome copied the whole work, the whole work was necessary for the public to understand Microsoft's policies for allowing the government to obtain personal information about them.
The market harm factor balances the benefit the public will derive if the use is permitted and the financial gain the copyright owner will receive if the use is denied. Here, the public, many of whom have personal information stored by Microsoft, benefits by being informed of Microsoft's compliance practices. And, since Microsoft does not sell or license the manual, posting it on Cryptome didn't cost Microsoft a penny. As explained by the Supreme Court, a "use that has no demonstrable effect upon the potential market for, or the value of, the copyrighted work need not be prohibited in order to protect the author's incentive to create." This factor favors fair use as well.
The four factors are balanced in light of the purposes of copyright. And here, Microsoft does not need any copyright incentive to create the manual—it has plenty of business incentives to create a guide that will reduce the costs of its interactions with law enforcement. At the same time, Cryptome's publication serves the welfare of the public by allowing the public to know how their information may be involuntarily disclosed to the government.
Evaluating all the factors together, a court should find that Cryptome's publication of the Compliance Manual is a fair use.
Yesterday evening, the U.S. House of Representatives voted overwhelmingly to renew three expiring provisions of the USA PATRIOT Act, after the Senate abandoned the PATRIOT reform effort and approved the extension by a voice vote on Wednesday night.
Disappointingly, the government's dangerously broad authority to conduct roving wiretaps of unspecified or "John Doe" targets, to secretly wiretap of persons without any connection to terrorists or spies under the so-called "lone wolf" provision, and to secretly access a wide range of private business records without warrants under PATRIOT Section 215 were all renewed without any new checks and balances to prevent abuse. Despite months of vigorous debate, when PATRIOT renewal bills providing for greater oversight and accountability were approved by the Judiciary Committees of both the House and the Senate, Democratic leaders' push for reform fizzled in the face of staunch Republican opposition buoyed by recent hot-button events such as the attempted bombing of an airliner on Christmas Day and the shooting at Fort Hood.
The renewed PATRIOT provisions were originally set to expire on December 31, 2009, but Congress ran out of time last year and temporarily extended them until February 28th, this coming Sunday. The new extension is expected to be signed by the President before then.
The one silver lining? Despite a push by Republican leaders for a four-year extension, the renewed provisions are now set to expire in one year. So, although this battle's been lost, the effort to roll back PATRIOT's worst excesses is far from over. Thank you to everyone who took action to support PATRIOT reform this past year; we hope that you'll continue the fight with us in the next year.
Update: YouTube responded to the letter from EFF and the National Coalition Against Censorship by doing just what we asked. They state: "We have re-reviewed your videos and have reinstated them with an age gate." This is good news, and YouTube is to be commended for correcting its error. Amy Greenfield's channel now has her videos.
Still, the fact that it took two nationally known groups to bring this matter to YouTube's attention is troubling. It demonstrates that YouTube still has work to do to create a viable appeals process. In addition, as we noted below, YouTube should still change its policy to expressly allow artistic works that contain nudity, and give individual artists the same freedom it reserves for professional television and film.
Previous Post: Today EFF and the National Coalition Against Censorship (NCAC) wrote to YouTube, asking the video hosting giant to reconsider its removal of the work of internationally recognized video artist Amy Greenfield.
Amy Greenfield received notice from YouTube that her works, which contain some artistic nudity, did not conform with YouTube’s "community standards." Under YouTube's policies, "films and television shows may contain [full nudity]; however, videos originating from the YouTube user community must abide by the YouTube Community Guidelines and are not permitted to include such content." (emphasis in original). The Community Guidelines purport to allow nudity with “some educational, documentary and scientific content, but only if that is the sole purpose of the video and it is not gratuitously graphic,” but does not recognize the value of nudity in art.
When video artists present works that have clear artistic, political or educational merit, YouTube should allow the artist to post the material with at least the same freedom as major studio films and television. If a user community video is flagged as inappropriate, YouTube should at least have an appeals process to allow an artist to explain the artistic merit. While we understand YouTube's desire to keep pornography off its servers, it must also understand that not all nude art is pornographic.
The Department of Defense has released more than 800 heavily-redacted pages of intelligence oversight reports, detailing activities that its Inspector General has “reason to believe are unlawful.” The reports are the latest in an ongoing document release by more than a half-dozen intelligence agencies in response to a Freedom of Information Act (FOIA) lawsuit filed by EFF in July 2009.
The reports, submitted to the Intelligence Oversight Board (IOB) by various Department of Defense components, cover the period from 2001 through 2008. The IOB’s role within the Executive Office of the President is to ensure that each component of the intelligence community works within the Constitution and all applicable laws. As such, the Inspector General of each intelligence agency is required to submit periodic reports to the IOB, which in turn is required to forward to the Attorney General any report identifying an intelligence activity that violates the law. Intelligence oversight reporting is rarely disclosed to the public.
This new release, from various Defense components including the Army and the Joint Chiefs of Staff, comes in four parts, see here. Much of the reported improper activity consisted of intelligence gathering on so-called “U.S. Persons,” including citizens, permanent residents and U.S.-based organizations. Although Defense agencies are generally prohibited from collecting such information (except as part of foreign intelligence or counter-intelligence activity), it is apparent from the unredacted reports released to EFF that some DoD components have had chronic difficulty complying with that prohibition.
Pg 98: A report that the Joint Forces Command, working with the FBI, improperly collected and disseminated intelligence on Planned Parenthood and a white supremacist group called the National Alliance, as part of preparations for the 2002 Olympics.
Pg 122-137: A NORAD intelligence briefing improperly included intelligence on an anti-war group called Alaskans for Peace and Justice in 2005.
Pg 257-258: A 2006 report that NORAD had procedural problems relating to collecting information on U.S. Persons.
Pg 19: A 2008 report that Army Signals Intelligence in Louisiana intercepted civilian cell phone conversations.
Pg 65: A 2008 report that Army Cyber Counterintelligence officers attended the Black Hat hacker conference without disclosing their Army affiliation and without prior authorization to do so.
Pg 173: A report that the Air Force Office of Special Investigations (AFOSI) set up a “honey pot” computer system to identify foreign threats in May 2006. In October 2007, AFOSI realized that the honey pot system might have been in violation of a sealed Foreign Intelligence Surveillance Court (FISC) order that required a Foreign Intelligence Surveillance Act (FISA) warrant for such activity. AFOSI was not privy to the FISC order and only knew of it from public media reporting. The operation was suspended. Amazingly, when the Air Force asked the Justice Department to see the FISC order at issue, DOJ’s National Security Division denied the Air Force’s request.
According to the release schedule ordered by a federal judge last December, we expect to receive additional IOB reports from the CIA, National Security Agency, the Office of the Director of National Intelligence and the Department of Defense later this month. We will post the documents to our website as we receive them.
Let's say you are a blogger who writes about music regularly and includes links to music in your posts. How do you avoid having your blog censored off the Internet by "DMCA takedown notices" sent out by music industry lawyers (as happened last week to several blogs hosted by Blogger)?
Of course, you could get authorization from all the relevant copyright owners before you post or link to a song. Unfortunately, that's virtually impossible for many music bloggers. In some cases, it may be impossible to figure out who the copyright owners are (consider the problem of live concert bootlegs, rare B-sides, out-of-print material, defunct labels). In other cases, you might have authorization from someone, but it could end up being the wrong person (i.e., an independent promoter or member of the band who doesn't actually have all the rights to give you). And even if you get authorization from all the right people, you could still find yourself on the receiving end of a DMCA takedown from the entity that controls the copyright in another country (because your blog can be accessed from that country).
In other words, it's quite likely that many music bloggers can never be sure that a DMCA takedown notice won't arrive someday.
If one does arrive, your blog hosting service probably won't take your side. The law gives online hosting services strong incentives to comply with takedown notices—prompt responses to takedown notices are often the only reliable shield that hosting services have against copyright infringement lawsuits and potentially hundreds of thousands of dollars of damages. No matter how much your hosting service values your business, it is not likely that they will be willing to bet their business to save your blog.
While most hosting providers will let you send a "DMCA counter-notice" to contest a bogus takedown notice, sending a counter-notice can have serious consequences if you're not absolutely sure that you had all the necessary legal rights to post the songs or links in question. Sending a DMCA counter-notice is serious business, as it leaves the copyright owner with few options (other than suing) in order to keep the song down. So we recommend that bloggers research copyright law and, if in doubt, consult a qualified attorney (or contact EFF) before sending DMCA counter-notices.
The DMCA also gives hosting services strong incentives to "terminate repeat infringers." That's why most blog hosting services will delete your account (and thus your entire blog) after receiving multiple DMCA takedown notices. The industry norm seems to be a "3 strikes" policy, although the number of "strikes" can vary. This policy can be particularly unfair when a copyright owner sends multiple DMCA takedown notices all at once, or within a few days of each other — you can find your blog deleted before you even find out who was complaining or can send a DMCA counter-notice. Many hosting providers also mark every DMCA takedown notice on your "permanent record" — simply deleting the file or the link won't expunge the "strike" on your account (generally, only a DMCA counter-notice will do that). So a DMCA takedown notice received for your blog might still count as a "strike" years later (again, this is because service providers want to be able to tell a court that they were good about "terminating repeat infringers," lest they lose their shield against copyright infringement lawsuits).
Of course, you may be able to talk the copyright owner into withdrawing a DMCA notice ("your marketing department sent me an email saying this link was legit"). And there may be informal strategies that work most of the time (like deleting links after a short period of time). However, at the end of the day, it's nearly impossible to be sure you'll never receive a DMCA takedown notice.
With that in mind, here are a few practical things you can do to minimize the disruption that the DMCA process might inflict on your blog:
Get your own domain name: Most blogging platforms will allow you to use your own domain name for your blog, which will make it easier for your readers to find you if DMCA takedown notices force you to change hosting providers. So, for example, if your blog is at YOURNAME.blogspot.com, and your account gets terminated, you probably will never be able to use that URL again. In contrast, if your blog were at www.YOURNAME.com, you could get a new account from another hosting provider and keep your URL the same. And don't register your domain through the same company that hosts your blog—that should reduce the risk that you'll find both your blog and your domain name deleted by your hosting provider in response to DMCA takedown notices.
Back up your blog, be ready to move it: Make sure that whatever blogging platform you use, it allows you to easily back up your entire blog in a format that makes it easy to republish elsewhere. Have a game plan ready for migrating your blog to a new hosting service quickly if that becomes necessary.
Make sure your hosting provider can reach you: If a copyright owner wants to send a DMCA takedown notice aimed at your blog, they will probably start by doing a reverse DNS look-up to figure out who is hosting it. So make sure that entity (whether it's a full-service blog hosting service like Blogger or a colo hosting your own server) knows how to reach you. Keep your email address up to date, be sure that messages from your blog hosting service are "white-listed" in any spam filters that you use.
Choose a service that has clear DMCA policies: Not all hosting providers accept DMCA counter-notices—make sure yours does, just in case you need to use it. Ask your hosting provider how many "strikes" it takes before your account is terminated. Ask whether "strikes" drop off your account after a period of time. Generally, you're better off with a hosting provider that has thought about these questions and implemented clear policies.
Study up a bit: A little studying up before hand can go a long way towards avoiding problem later. A good place to start is EFF's Legal Guide to Bloggers, which contains frequently asked questions about copyright, the DMCA process, and a host of other legal issues that bloggers might face. The Citizens Media Law Project at Harvard also has a great legal guide online.
In our last post, we set out some of Google's numbers for the total number of books that would fall under the amended settlement agreement. Now let’s look at how many and what sorts of rightsholders have come forward as a result of the oft-criticized notice program conducted by Google and the plaintiffs. For starters:
Number of Books Google Says are Subject to the Settlement: About 10 million
According to Rust Consulting, the company administering the notice program, 44,450 claim forms (both online and hardcopy) have been received as of February 8, plus 485 "lists" (a kind of modified claim request). The claims relate to approximately 1.13 million books and 21,829 "inserts" (i.e., things like a short story or article in an anthology). Of the 1,107,620 books claimed online, 619,531 are classified by Google as out-of-print and 488,089 are classified as in-print.
Total number of claimants: 44,450
Total books claimed: 1,125,339
Total inserts claimed: 21,829
Percentage of books claimed (online only) that Google classifies as out of print: 56%
So, of the 10 million books potentially covered by the amended settlement on Google's numbers, rightsholders have spoken up for a little more than 10%. Because there may be disagreements between the author and the publisher about who owns the rights, it is possible that some of these claims are actually competing claims for the same book.
Percentage of books claimed on Google's numbers: about 10%
As of the January 28 deadline for opting out, Rust reports receiving 6,818 requests for "exclusion" (which Rust uses here to mean simply "opting out of the settlement"). Adding that number to the 44,450 claiming responses makes a total of a little over 50,000 rightsholder responses, with about 87% choosing to participate in some form in the settlement and 13% opting out altogether. Keep in mind that those who objected to the settlement—and there were over 500 objections filed—had to stay in the settlement in order to object, so the 87% number shouldn’t be read as consisting only of those who favor the settlement.
Percentage of responding rightsholders who have opted out: 13%
Percentage of responding rightsholders who have chosen to participate in some form: 87%
The “Exhibit D” document of Rust Consulting's submission, consisting of four tables, was initially unhelpful and unenlightening, because none of the columns seemed to be properly labeled. However, upon EFF's request, Google promptly had Rust provide a clearer document, which has the missing information (Google says that the prior problem was due to scanning and that the document has not changed). Google confirmed one error in the first table: the correct number of online publisher claims should be 4,312 and 880 for agent claims.
The publisher claims account for 787,942 out of the 1,107,620 books claimed, or 71%, with an average of 895 books per claiming account. It is interesting that a relatively small number of publishers accounted for the bulk of the claimed works.
Percentage of books claimed by publishers: 71%
Percentage of books claimed by authors: 29%
At the fairness hearing, the lawyer for the Science Fiction Writers group raised concerns that publishers are claiming works that are out-of-print, which is problematic since in many instances those rights should have reverted to the authors. The attorney noted that the Google Books settlement appeared to be creating an opportunity for publishers to try to claim ongoing rights, and corresponding income, from works that they had abandoned and to which they may not have current contractual rights. This is one of many criticisms raised by author groups as well as the Department of Justice at the fairness hearing -- that the settlement rides roughshod over the contractual relationships between authors and publishers.
These numbers help clarify the picture, at least a bit. We hope Google, the plaintiffs, and Rust Consulting will provide even more numbers moving forward so that the public can continue to assess the settlement even as the Court deliberates.
In the wake of yesterday's fairness hearing on the Google Book Search settlement, this might be a good time, while Judge Chin is deliberating, to take a moment to update some of the numbers about the settlement. These numbers were culled from settlement documents (thanks to Prof. James Grimmelmann for much of that), Google's presentation at the fairness hearing, and congressional testimony.
[Note: these are Google's numbers and it wouldn't be surprising if others disputed them.]
First, how many books are there? Overall, Google engineer Dan Clancy said that Google's research indicates that there were over 174 million books total worldwide in bibliographic records.
Total number of books in bibliographic records in the world = 174m.
At the fairness hearing, however, Google's lawyer Daralyn Durie told the Court that there are approximately 42 million books total in the collections of libraries partnered in Google's digitization project.
Total number of books held by Google partner libraries = 42m.
How many of these fall under the terms of the settlement, which is limited to in-copyright books published in the U.S., Canada, U.K., Australia, and New Zealand? After subtracting public domain works (estimated at 20% by Google), excluding foreign works, and accounting for duplicate works, Google estimates that 10 million books are subject to the terms of the amended settlement.
Total number of books subject to the amended settlement = 10m.
Of this number, Google believes that half (~5 million) are in-print and half (~5 million) are out-of-print. In earlier Congressional testimony, Google estimated that no more than 20% (or ~1 million) of the out-of-print works would turn out to be true "orphan works" (i.e., works whose copyright owners could not be found).
Google's Dan Clancy estimates that Google has scanned 12 million books so far, which includes 2 million scanned through its Partner Program, another 2 million public domain works, and foreign works that are outside the amended settlement.
Some other numbers to keep in mind while pondering all of this: the Authors Guild claims a membership of over 8,500 and the Association of American Publishers claims to represent over 300 publishers, while 30,000 authors and publishers have already struck deals to be in Google Books through Google's Publisher Partner Program.
As we've explained before, a number of Hollywood movie studios have been on the war path against Redbox, the kiosk-based DVD rental operation, because Redbox offers DVD new releases for rent at 99 cents per night. Thanks to the first sale doctrine in copyright law, Redbox's business is completely legal—the company buys legitimate DVDs to stock their kiosks. Great for consumers, and a great alternative for those who might otherwise opt for an unauthorized alternative online.
But Hollywood wasn't pleased, and took a number of steps to interfere with Redbox's business, which in turn led to lawsuits. Earlier this week, Redbox and Warner Brothers settled their litigation, with Redbox promising not to offer Warner DVDs until 28 days after the DVD goes on sale. In other words, no more Warner new releases in the Redbox kiosks. Analysts predict this will be a blueprint for similar settlements with other Hollywood studios.
I’m assuming the studios’ were well-advised in their campaign against Redbox, and managed to strong-arm the wholesalers and big-box retailers without actually violating antitrust laws. But it’s still worth noting, I think, the extraordinary lengths to which they were willing to go to thwart the plain language and intent of an inconvenient portion of copyright law.
The First Sale Doctrine was promulgated–first by courts and later by Congress–precisely to deny publishers control over the secondary market in copies of works. It evolved to ensure that the practical application of the copyright statute would not be inconsistent with the Constitutional purpose of copyright itself: “To promote the progress of science and useful arts.” It does that by encouraging a robust and innovative market in copies, including a robust secondary market.
Through their many Redbox machinations, the studios have found a way around the plain purpose of the First Sale Doctrine by effectively (if not quite illegally) fixing the price of DVDs in the secondary market.