Tor exit nodes and "mere conduit"?

The operator of a Tor exit node has been charged with distributing child pornography / indecent images of children, according to this report on Ars Technica.

For those who have not come across Tor before, it is a system for anonymous communication:

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

I am not familiar with Austrian law, but, were I in this position — and I must confess that I have advised against running Tor exit nodes before, on the basis of the possibility, which I'd actually rated as a likelihood, of law enforcement activity against you as the operator — I would be looking to argue that I was protected by Art. 12, 2000/31/EC:

Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:

• does not initiate the transmission; 
• does not select the receiver of the transmission; and 
• does not select or modify the information contained in the transmission.

This the "common carrier" wording which most Internet access providers rely on as a shield from prosecution for exactly this sort of activity — there's a bit of a disjunct around whether the activity is actually the provision of an electronic communications service rather than an information society service, but the underlying principle seems that it should apply here.

Internet access at home a human right

The question whether Internet access is a human right seems to come up pretty frequently. But I'd not seen the construct that Internet access at home was a human right — and that's what the Court of Appeal in the UK appears to have said, according to the Guardian.

In overturning a decision prohibiting a sex offender from going online as part of his sentence, the court ruled that it is "unreasonable nowadays to ban anyone from accessing the internet in their home."

Wow.

Draft Tallinn Manual on cyberwarfare released

NATO's CCD CoE has released what it has called the "Tallinn Manual" — an analysis of the rules of war and international law as they apply to cyberwarfare.

It's interesting to think the extent to which acts in preparation of war, and acts of war themselves, might be conducted against communications infrastructure, or indeed using communications infrastructure. It also puts private companies in an interesting position, where an attack on their assets, their network, is a legitimate in war time.

It's a substantial document — >200 pages — but it is well written, and sets out various points on view on different topics. If cyberwarfare is indeed to grow in prominence, this is probably a most important text to read.

Who controls the Internet?

An interesting story on the BBC web site this morning. There is to be a major ITU conference in Dubai in December at which there may be moves to assert greater control over the Internet. Whether it will come to anything is perhaps doubtful.

The story refers to a Wikileaks style site Wcitleaks.org. Some interesting stuff there also.

Is Internet access now a human right?

The UN has come very close to affirming that Internet access is a human right:

1. Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice, in accordance with articles 19 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights;
2. Recognizes the global and open nature of the Internet as a driving force in accelerating progress towards development in its various forms;
3. Calls upon all States to promote and facilitate access to the Internet and international cooperation aimed at the development of media and information and communications facilities in all countries;
4. Encourages special procedures to take these issues into account within their existing mandates, as applicable;
5. Decides to continue its consideration of the promotion, protection and enjoyment of human rights, including the right to freedom of expression, on the Internet and in other technologies, as well as of how the Internet can be an important tool for development and for exercising human rights, in accordance with its programme of work.

You can download the document here.

I'd not wholly convinced by this — the Internet is, without doubt, a hugely powerful tool, but it is just a tool, and who knows what tools will be available tomorrow? There is no human right of access to telephony, for example, or access to locks on doors (for the protection of privacy), so why refer to this particular technology?

The Washington Post has reported that there are plans during the World Conference on International Telecommunications (WCIT), which is scheduled to be held in Dubai in December, to significantly alter the UN telecommunications treaty to allow countries to clamp down on the free flow of information via the Internet. Russia has proposed language requiring member states to ensure unrestricted public access and use of international telecommunication services, “except in cases where international telecommunication services are used for the purpose of interfering in the internal affairs or undermining the sovereignty, national security, territorial integrity and public safety of other states, or to divulge information of a sensitive nature.” The United States delegation to the WCIT has vowed to block any changes to the treaty that would curtail Internet freedom. The story can be read at http://www.washingtonpost.com/world/national-security/us-vows-to-block-any-changes-to-global-telecommunications-treaty-that-curtail-internet-freedom/2012/06/22/gJQA19sXuV_story.html. What are your thoughts from a legal perspective?

New Internet Domain Names

A topic which probably straddles a few modules - and I'll try to cross post.

You have probably seen reports of the ICANN initiative to allow (for a very significant price) organisations to bid for their own top level domain name. The link below

http://newgtlds.icann.org/en/program-status/application-results/strings-1200utc-13jun12-en

should take you to the current state of affairs. What do you think? My own feeling is that many of the names applied for will never be commercially successful. In itself perhaps not new with ICANN. There have been a number of top level domain names - such as .biz - which have been established and failed miserably in the market place.

Communications Data Bill

The government has announced the Communications Data Bill, which should be available here soon. The bill replaces Chapter I, Part II of the Regulation of Investigatory Powers Act 2000, which deals with access to communications data by law enforcement. Of particular note:

1.) The Secretary of State may require communications providers to collect data, rather than simply retain data generated in the course of business — it goes further that the data retention rules;

2.) In addition to retaining data, the bill purports to permit the Secretary of State to order communications providers to "generate" data — a particularly scary proposition, since it potentially means an order to change a business model or service structure, to gather more data;

3.) It provides for a filtering mechanism, whereby communications data from multiple providers will be shared with a central body (my money is on Detica), before extracts are passed to the requesting agency. Notionally, this is to protect privacy, but the rules-based filtering tool may cause concerns from a evidential point of view, and requires greater training of law enforcement officers. (Of course, if used as an investigative, rather than evidential, tool, that issue falls away somewhat.)

The bill removes access to data from local councils, which, frankly, should never have had access in the first place.

A "particularly deep intrusion into telecommunications privacy"

The EU executive is planning to refer Germany to the European Union's highest court over its failure to introduce a law obliging phone and internet companies to store records for at least six months:

http://www.reuters.com/article/2012/05/29/eu-dataprivacy-idUSL5E8GTE4C20120529

Having lived in Germany for 5+ years, I'm not surprised by this activity.

Queen's Speech: Internet monitoring plan to have 'strict safeguards'

How are people feeling lately about the draft UK legislation to monitor e-mails, phone calls and internet use?

I like this line: The government argues the law needs to keep pace with technological changes and enable the security services to confront changing threats to the UK.

If truly the case, I would expect that the government should be able to come up with plans that would focus on threats to the UK, rather than a blanket monitoring of the entire country (fully understanding this point:  laws date back to 2000 and they are not equipped to cover social media, Skype and other methods of communication.)

I guess my cynicism comes from having friends who work for the Police looking at this data currently, receiving thousands of lines of phone call data (nearest transmission point, number called, duration, etc) from the mobile providers. 

This legislation seems like it will produce massive amounts of data, rather than targetting people visiting website xyz, or dialing number x.

Net Neutrality: the Netherlands open the dance...

Hello,

I am not fluent in Dutch so I cannot read the original text; however, standing to the article below

http://www.broadbandtvnews.com/2012/05/09/dutch-embrace-net-neutrality/

the Dutch parliament has just approved a new law to regulate over the so called "net neutrality" principle.
Difficult to judge without reading the original text, but telcos are losing big bucks with Skype and similar services. If on one hand perhaps Skype's usability on a mobile is not the best, on the other Whatsapp seems to become a real alternative to SMS. I am not aware of any telco filtering Whatsapp traffic but... one never knows!

Regards,
Salva

"The Digital Human"

I've yet to listen to it, but this sounds right up my street, examining the social context and implications of technology (which, in my view, should play a considerable role in technology's regulation) — the BBC's new seven-part radio series, "The Digital Human."

Whether it's available to those outside the UK, I'm not sure, but connecting to the UoS's VPN and ensuring that you route all traffic down the resulting tunnel might do the trick...

Ofcom 'won't be rushed'

I know Salvatore posted on the topic of Murdoch previously, although interesting to see the topic again in the BBC and the pressure being applied by Labour and the Lib Dems and that Ofcom will not be rushed. 

In a view perhaps appropriate for a regulator, the review will take "as long as it takes".

I am curious to see how this one turns out.

Filtering pornography online

Here's a nice controversial one for discussion — should Internet access providers filter pornographic content, requiring someone who wants access to such content to "opt in"? Or is it not appropriate for an access provider to restrict what someone can access? The BBC presents a good overview of the debate currently going on in the UK at the moment, with a range of views from feminists, open rights campaigners and others.

Some years back, under threat of regulation, mobile providers in the UK created a self-regulatory code, imposing blocking obligations — as a result of this, if you buy a SIM for a UK mobile network, you will not be able to access content deemed to be suitable only for adults, which includes, but is not limited to, pornography, unless you prove your age and have the access control removed.

An approach based on filtering on the mobile networks made sense at that time, when a mobile phone only talked to a mobile network but, more recently, it makes far less sense, at least on its own. Many mobile phones — particularly popular devices, such as the iPhone,  and Android devices — contain other methods of communication, including Bluetooth and Wi-Fi, which are outside a network operator's control — restricting access on the cellular network alone is a very limited form of protection. Similarly, even within the cellular domain, not all connections can be filtered — in particular, RIM's BlackBerry devices are currently not filtered, since browsing traffic passes in an encoded form to RIM's own infrastructure for onwards transmission. (RIM are currently discussing with Ofcom how this can be fixed quickly.)

The debate at the moment has a number of different fronts — what should mobile operators be doing, what should other players (such as Facebook, Apple and so on) be doing and, importantly, what should fixed line providers be doing. It does not make sense to me for mobile providers to go forward alone.

The issue is not just a communications one, of course — the more fundamental question is whether certain content is, or is not, appropriate for children to view. But, if we decide that certain content should not be accessible by children, it would seem to follow that there should be a convenient and user-friendly method for helping parents enact these suggestions. Whether the approach should be opt-in, "active choice" (whereby the setting is chosen when the device is first powered on) or opt-out, there's a whole range of views.

My view, for what it might be worth, is that, whatever solution is chosen, it should not be down to operator discretion — the government needs to pick a solution, and then mandate it. The role of an operator is one of a technical services provider, not a moral arbiter.

What do you think? How do things work where you are?

USA v. Nosal

Perhaps more closely connected to the material in the information security module than the more regulatory aspect of telecoms law dealt with on the telecoms law module, the case of USA v. Nosal is likely to be of interest to those of you considering issues of access to a computer system without a right — the chief judge in the case draws a number of parallels with more general communications activities in making his decision.

This is a US decision from the ninth circuit, and was a 9-2 ruling — it's likely that this will reach the Supreme Court in the US for another appeal. The case looks at an employee's extraction of data from his employer and examines whether, under the US legislation, "access without a right" (as per the Convention on Cybercrime) means solely unauthorised access (such as an external hacker), or else the use of authorised access for unauthorised purposes, such as a user downloading data to which they have legitimate access, but for non-approved purposes.

The case sides in favour of unauthorised access only.

How should employers protect their data, then? Is it right that an external hacker who removes data commits a criminal offence, but that some form of breach of fiduciary duty or breach of contract would be required to take action against an employer who has access for authorised purposes, but abuses this access?

traditional operators vs OTT. fair rules?

After having submitted by theme 2 report about traditional operators vs OTT obligations, I've just found this article that goes exactly in the same direction.
I think the "pipization" (aka operators becoming mere bit pipes) of telcos is a real thing and all kind of traditional services are now offered also OTT (skype, whatsapp, OTT TV,...) . Is it realistic (and fair) to consider these services differently when operated by the network operator or when operated by a third party (and mainly from abroad).

http://coleago.wordpress.com/2012/02/22/ott-communication-services-vs-rich-communication-services/

CCDP is coming?

Although not at all unexpected, it sounds as if the Communications Capabilities Development Programme is coming soon:

The government will be able to monitor the calls, emails, texts and website visits of everyone in the UK under new legislation set to be announced soon.

Internet firms will be required to give intelligence agency GCHQ access to communications on demand, in real time.

Data Roaming

Political agreement has been reached between the European institutions (Council of Ministers, the Commission and the European Parliament) on the final text of the revised  roaming regulation that was first proposed in 2011. You can followthis link to get the text of the original documents. 

The new regulation will replace the original 2007 regulation on roaming on public mobile telephone networks within the Community. This set ceilings on the amounts that users could be charged for voice and text messages when travelling within Europe. The current maximum rates are 35 cents to make (and 11 to receive) a voice call and 11 cents to send a text message (free to receive). The 2007 regulation had no provision for data charges relating to Internet and email use although an amending Regulation adopted in 2009 set ceilings on the maximum wholesale data charges that operators could levy between themselves. Further amendments introduced following a number of well publicised cases of consumers receiving extremely high bills for such services required networks to set a ceiling of €60 (now to be reduced to €50) as the maximum charge a user might face in respect of data roaming – in the absence of contrary explicit agreement between the parties. Effectively further access would be blocked once the €60 figure was reached unless the consumer agreed to accept liability for further charges.

A Commission review of the working of the regulation was published in 2011 and was critical of a number of aspects of the working of the original regulation. In particular it was claimed that savings achieved by networks in the form of lower wholesale charges for data had not been passed on to consumers. In some cases, it was reported, retail rates were 7 times higher than wholesale charges. It was also found that there was only limited competition in the field and that roaming charges by all operators clustered around the ceiling levels.

From summer 2012, the revised regulation will reduce the voice and text charges still further and set also a ceiling on the charges which may be imposed for data roaming. From summer 2012 this will be 29 cents a minute for voice (8 cents to receive a call), 9 cents to send a text message  and 70 cents per megabyte to download data.  Data is to be charged on a per kilobyte basis. Further reductions are mandated with the result that by 2014 maximum charges will be reduced to 19 cents a minute to make a call (5 to receive), 6 cents to send a text message and 20 cents a megabyte for data. To put the latter figure into perspective, I have recently returned from a trip to Tanzania where the data roaming cost was notified as being £6 (almost €8) per megabyte.  A 2 hour movie will typically be about 1gigabyte in size so downloading one on the Tanzanian roaming basis would cost about £6,000. Rather more than my air fare and hotel bill combined.

Even with the much lower charges planned in Europe for 2014, downloading movies when roaming will not be a cheap exercise with a gigabyte of data costing some €200. In an effort to establish more competitive markets the new Regulation aims to make it easier for consumers to bypass the roaming arrangements made by their home network and deal directly with other networks either in their own country or in in the countries that they are visiting. This provision will take effect in 2014 It has, of course, always been possible for consumers to enter directly into agreements with foreign networks although this has entailed the use of multiple SIM cards and telephone numbers. The regulation provides that consumers are to be enabled to retain their existing number when making such a switch.

Under the current Regulation, only mobile network operators are given the automatic right to conclude access agreements with each other. This means that, so called, virtual mobile networks such as those offered by supermarkets such as Tesco, are largely dependent on their host network provider, O2 in the case of Tesco. Under the new Regulation, virtual networks will also have the opportunity to conclude access agreements. This could result in a significant increase in the number of providers seeking agreements although experience under the current Regulation perhaps justifies a degree of scepticism as to whether there will be greater competition at the retail price level.

The new Regulation has not been well received by some mobile networks with suggestions that it amounts to excessive regulatory interference in a sector that is generally regarded as being highly competitive. In a speech at the World Mobile Congress in Madrid Vittorio Calao, chief executive officer of Vodafone, argued that:

Regulators should stop cutting mobile termination rates, pushing down roaming prices, building funny auctions which are designed to extract more money from existing operators, and resisting industry consolidation.

This is not a request for a moratorium on competition but a much stronger request for a moratorium on regulation.

Just as the mobile networks pleaded for a reduction in the level of regulation, there have been reports that the European Commission have started investigations into possible anti-competitivecollaboration between networks. I suspect this story may have a way to run but there is a difficult relationship between networks needing to cooperate in order to ensure global connectivity, the legitimate presentation of policy views shared at an industry level and potentially illegitimate levels of exchanges of information. This may be one to watch.

among Ofcom duties...

While working on Theme 2 I cane across the interesting duty of Ofcom (which is mainly in relation to their Broadcast/TV licenses supervising role) of ensuring that a license holder is "fit and proper"

"Ofcom has stepped up its investigation into whether James Murdoch is a "fit and proper" person to sit on the board of BSkyB, forming a project team to examine evidence of phone hacking and corrupt payments emerging from the police and the Leveson inquiry."

full article here http://www.guardian.co.uk/media/2012/mar/08/ofcom-james-murdoch-fitness-bskyb


and if you're interested to know more about Ofcom's role in that story, you can check their FAQs
http://stakeholders.ofcom.org.uk/binaries/broadcast/tv-ops/FandPFAQ.pdf

Salvatore

Open Rights Group conference 2012

The Open Rights Group conference was a very interesting affair this year — too many interesting sessions running in parallel, so it was not possible to see everything I was hoping to see.

The highlight of the day, without a doubt, was Larry Lessig’s closing keynote. It was a very lively (Larry is an excellent speaker) presentation on the need for action to resolve the current copyright situation.

He focussed on the differences between authors and publishers, and between artistic works and scientific works — he considers that copyright is justified to the extent that it encourages authors to create works which they would not otherwise create, but does not consider publishers in need of copyright.

In terms of artistic v. scientific, his main point was the notion of the “knowledge elite” — a category into which we would fall, given the resources to which we have access through Southampton — and how information is available and distributed. Whilst some of us might be able to find all we need online, for many around the world, that is not possible, because of the costs of accessing online journal articles and the like. Perhaps different types of work should be treated differently?

(Although not a topic on which Lessig touched, I’ve been thinking quite a lot recently about reliance on online resources for our news and our general information needs, as well as for discussion and debate — in particular, the risk that personalisation of online content leads to a decreased awareness of wider social issues in favour of what advertisers and content publishers believe we would like to see, as well as being informed by what our friends “like” on Facebook. See Eli Parser’s excellent book “The Filter Bubble” if this interests you.)

A second major theme was spectrum licensing, and whether a closed policy of selling spectrum rights was an inferior solution, motivated by the desire to make money and reserve power to big companies — he talked about the concept of a "spectrum commons" as another way of managing the resource. Separately, Yochai Benkler has argued that spectrum is not a scarce resource, but that the computer power to separate huge volumes of simultaneous transmissions was not available until relatively recently — a related argument, promoting the value of unlicensed spectrum for innovation, without obvious disbenefit.

Lessig closed with a powerful call to action, arguing that lobbying corrupts the legal process and that, until there is less corruption and greater transparency in rule making, we will continue to see destructive copyright legislation, led by niche commercial interests. I was not expecting an audience of digital rights advocates to leave the conference talking about politics and corruption — Lessig obviously hit the mark.

Other topics which came up which might be of relevance to the course were open hardware licensing, interception and surveillance of communications, online content filtering and may others.

All the sessions were recorded — without any notice or warning as to what was to happen with the recordings, which was odd given the privacy-centric nature of the event — and the recordings (once edited) should be available on the Open Rights Group website relatively soon. If your Internet connection supports it, I’d strongly recommend watching the Lessig keynote — I’ll certainly be catching up on some of the sessions which I missed.

Dealing with abuse online

As communications networks expand, and more people get online, we see the negative as well as the positive, fuelled, perhaps, by the (mistaken) notion of online anonymity.

For those who can tune in to the BBC, this programme might be interesting.


Bacon has complained to the police, and tried to track down his abuser for a BBC Three documentary on abusive "trolls": The Anti-Social Network.

He said he wanted to know how criticism of his work "could go to contacting my family and tweeting about my baby".

He said it was time to stand up to trolls and highlight internet bullying.

EU antitrust body to question five major telcos, no investigation as yet

The five companies are: Deutsche Telekom, France Telecom-Orange, Telefonica, Vodafone and Telecom Italia
Allegedly, meetings between the companies on strategy and technical cooperation raised some concerns at the EU.
The article can be found here

"Project Oscar hopes to bring mobile wallets to Europe"

Various outlets are reporting the news that three of the UK's mobile operators have filed a Form C0 (used for merger notifications) with the European Commission to set up a joint venture company to provide mobile advertising and wallet services.

There's a discussion of the venture on The Guardian's website.

The Digital Economy Act - Some thoughts on the latest case bcnfmg,dsxwa`r`waq

I've posted this on my IT Law blog and will crosspost it to other IT law blogs. I'm not at all sure that I have got things right but these are my early thoughts

Introduction

Another stage has now been completed in the long running challenge to the legitimacy of the Digital Economy Act 2010 and the provisions of the draft Copyright(Initial Obligations) (Sharing of Costs) Order 2011. Following  rejection of most of the challenges  in the  High Court. , the Court of Appeal, British Telecommunications Plc , R (on the application of) v BPI (British Recorded Music Industry) Ltd & Ors  has now confirmed this ruling in all significant respects.

Permission had been granted for the appeal on four grounds.  As laid down in paragraph 6 of Lord Justice Richards judgment (which was adopted by the other appellate judges) these were

1) Ground 1: whether the contested provisions should have been notified to the EU Commission in draft pursuant to Directive 98/34/EC of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations, as amended by Directive 98/48/EC, ("the Technical Standards Directive"), with the result that they are unenforceable for want of notification.

(2) Ground 2: whether the contested provisions are incompatible with provisions of Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ("the Electronic Commerce Directive" or "the ECD").

(3) Ground 3: whether the contested provisions are incompatible with provisions of Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("the Data Protection Directive" or "the DPD") and/or of Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector ("the Privacy and Electronic Communications Directive" or "the PECD").

(4) Ground 4: whether the contested provisions are incompatible with provisions of Directive 2002/20/EC of 7 March 2002 on the authorisation of electronic communications networks and services, as amended by Directive 2009/140/EC, ("the Authorisation Directive" or "the AD").

The first and fourth grounds are perhaps rather technical – although of course technicalities can be very important in the law. The second and third grounds do perhaps raise more in the way of issues of substance

Notification of technical standards

Under EU law where a Member state proposes to  make compliance with technical standards  (other than existing international of European standards), the text of the measures much be notified to the European Commission. The provisions of the draft Code had not been notified and the appellants  contended that this constituted a breach of the European Technical  Standards Directive which requires in article 8  that

Subject to Article 10, Member States shall immediately communicate to the Commission any draft technical regulation, except where it merely transposes the full text of an international or European standard …; they shall also let the Commission have a statement of the grounds which make the enactment of such technical regulation necessary, where these have not already been made clear in the draft.

The term draft technical regulation is defined in Article 1(2) as ‘the text of a technical specification or other requirement or of a rule on services, including administrative provisions, formulated with the aim of enacting it or of ultimately having it enacted as a technical regulation, the text being at a stage of preparation at which substantial amendments can still be made‘.

After referring to a number of decisions of the European Court of Justice Lord Justice Richards upheld the decision of Mr Justice Parker in the High Court. The chief basis for the ruling was that the contested code (which provided for mechanisms to determine how the costs of operating systems of enforcement under the Act should be shared between right owners and ISPs, would not come into effect until a further code, the Initial Obligations Code which, at the time of the case, had not been made. As was suggested by counsel for the respondents ‘there is not a lot of point in troubling the Commission and other Member States with something that is inchoate. Informed comment depends on there being a worked-through draft, especially as consideration of issues of proportionality depends on the detail.’ (at para 41).

Essentially this part of the judgment appears to relate to questions of time. As Lord Justice Richards noted, it would be quite feasible to notify the contested code to the Commission as and when a draft of  the more substantial Initial Obligations Code was created (by OFCOM)

The E-Commerce Directive

Objections to the provisions of the Digital Economy Act centred on the immunities which are conferred on Information Society Service Providers  by the E-Commerce Directive; in particular where they act as a mere conduit, as a host, or provide caching services.

The extent of the immunities varies slightly across the various activities but there are few differences of substance. It may be enough to summarise the complaints relating to the mere conduit ground. The basis of this is found in Article 12 of the E-Commerce Directive which provides that

Where an information society service is provided that  consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:

(a) does not initiate the transmission;

(b) does not select the receiver of the transmission; and

(c) does not select or modify the information contained in the

transmission.

Under the Digital Economy Act, ISPs are required to cooperate with copyright owners in the service of copyright infringement reports and lists and face a range of legal sanctions in the event that they fail to act.

As was noted in paragraph 48 of Lord Justice Richard’s judgment:

The appellants contend that the set of responsibilities imposed on them by the contested provisions with regard to notification of copyright infringement reports and the provision of copyright infringement lists, together with the related financial burden and exposure to liability for costs, compensation and penalties, renders them “liable for the information transmitted” within the meaning of Article 12(1) and is therefore incompatible with the article.

This contention was rejected. Lord Justice Richards quoted with approval the works of Mr Justice Parker in the High Court:

Without the underlying infringement, there would be no CIR or CIL: but the legal test is not whether a liability has arisen because there was an initial infringement of copyright; the liability must arise in respect of that underlying infringement, so that the liability is for the information transmitted.

Essentially, ISPs could face legal sanctions not in respect of the transmission by users  of information over their networks but as a result of their failure to comply with legal requirements imposed directly on themselves.

A further argument advanced for the claimants was that, in contrast to the position under Articles 13 and 14 dealing with the caching and hosting immunities, there was no mechanism requiring ISPs to receive complaints from right owners and remove infringing material. The lack of such a provision in Article 12 was seen as giving a wider level of protection. This contention was also rejected on the ground that a ‘mere conduit’ has less direct control over information than a party who hosts material or maintains cached copies. although the issue is perhaps related to the other major legal issue regarding the extent to which ISPs might be required to use filtering software to block access to specific web sites.

A further challenge to the legitimacy of the Digital Economy Act was based on the provisions of Article 3 of the E-Commerce Directive. This provides in part that:

Each Member State shall ensure that the information society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within the coordinated field.

(2) Member States may not, for reasons falling within the coordinated field, restrict the freedom to provide information society services from another Member State.

The appellants’ contention here was that the provisions of the Digital Economy Act might restrict the freedom of ISPs from other Member States from offering their services  to UK users.

The prime difficulty for the appellants was that article 3(3) provided that the preceding paragraphs  were not to apply in respect of services  listed in the Annex to the Directive. This makes specific reference to copyright and neighbouring rights.

The appellants argued that this provision referred to substantive issues of copyright law – the nature of the works which might be protected and the extent of protection. At the time the E-Commerce Directive was adopted, there was little in the way of harmonization across the Member States. The Directive on Copyright in the Information Society which was adopted a year later (and whose coming was prophesised in the recitals to the E-Commerce Directive) had brought about a good measure of harmonization and therefore the exclusion was no longer necessary or valid at least in respect of measures for copyright infringement. .

Again, upholding the High Court ruling, Lord Justice Richards disagreed:

At the time when the Electronic Commerce Directive was adopted, “copyright” in the Annex to the directive must in my view have had its normal meaning, encompassing all aspects of the law of copyright under national laws, and cannot have had the elaborate meaning attributed to it by the appellants. At that time there was no harmonising directive at the Community level in the field of copyright protection. It would be unrealistic to impute to the Community legislature, at least in the absence of clear, express language to this effect, an intention to give “copyright” a meaning related to provisions of a copyright directive that had not yet been adopted. But if “copyright” did not have the appellants’ meaning at the outset, I do not see how it can have come to acquire that meaning subsequently. The later adoption of the Copyright Directive cannot of itself have had the effect of changing the meaning of the expression. It would have needed an express amendment of the Electronic Commerce Directive to achieve that result, but no such amendment has ever been made.

There is perhaps the sense of the appellants clutching at straws in respect of this argument. At the very least we might look at Commission sponsored reports highlighting the very limited nature of cross border services in the sector. This might be due to a range of courses but the Digital Economy Act might – at least at its present state of implementation – come low on the list.

Data protection issues

Two issues were raised in this context relating to the basic Data protection Directive (95/46) and to the electronic communications Directive.

In respect of the data protection Directive, attention focused on the provisions of article 8 which prohibits the processing of sensitive personal data unless fairly strict conditions are complied with.  This might be seen as pushing a case to far although the fault may lie more with the concept of sensitive data than with the appellants’ arguments. It may certainly be the case that the materials we download unlawfully may say something  about our political or religious views etc, but the connection appears a little tenuous.

One of the conditions laid down in the directive for justifying processing  is where this ‘relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal claims’. The appellants pointed to Government impact assessment statement produced  during the Digital Economy Act’s passage to the effect that the new procedures would persuade 70% of infringers to stop infringement without the need for further legal proceedings. How then could the provisions meet the conditions for legitimate processing.

Another cross reference may be helpful here and readers may recall the ALTS case where a law firm was the subject of heavy judicial and regulatory criticism for threatening legal proceedings against alleged copyright infringers without having any intent to turn the threats into reality. Blackmail is such an ugly word but the view was clearly that the conduct was akin to this..

The electronic communications Directive refers, inter alia,  to the processing of traffic data – relating to the source and origins of communications. It authorises processing of such data where the processing is:

a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system

Here the complaint was that processing of data would be in connection with the institution of civil (rather than criminal) proceedings. The answer to the challenge came principally from decisions of the European Court of justice in file sharing cases such as  Case C-275/06, Productores de Musica de España

(Promusicae) v Telefonica de España SAU [2008] ECR I-271. The Court of Justice drew a link between the general and electronic communications data protection Directives and ruled that:

It is clear, however, that Article 15(1) of Directive 2002/58 ends the list of the above exceptions with an express reference to Article 13(1) of Directive 95/46. That provision also authorises the Member States to adopt legislative measures to restrict the obligation of confidentiality of personal data where that restriction is necessary  inter alia for the protection of the rights and freedoms of others. As they do not specify the rights and freedoms concerned, those provisions of Article 15(1) of Directive 2002/58 must be interpreted as expressing the Community legislature’s intention not to exclude from their scope the protection of the right to property or situations in which authors seek to obtain that protection in civil proceedings.

It might be asked why, if it was so clearly the legislature’s intention to allow discosure for the purposes of civil proceedings it did not make the effort to add a 2 word phrase to the provision.

The Authorisation Directive

The final ground of complaint advanced before the Court of Appeal related to the provisions of the European Authorisation Directive. This is one of the key planks of the European electronic communications legislative packages and provides in large part that systems of individual licencing or authorisations for those providing electronic communications networks or services are to be replaced by general authorisations – akin to sets of general terms and conditions.

For the United Kingdom, OFCOM has drawn up General Conditions of Entitlement. Two key issues arose in the present case, whether the provisions of the Digital Economy Act and the draft code should have been brought within the ambit of the general conditions and, if so  whether they could be seen as compatible with the requirements of the Authorisation Directive.

Such an approach which would require every sector specific provision to be brought within the general conditions of entitlement  would be extremely restrictive. It would effectively require that all legal requirements relating to ISPs should be included in the general conditions – which would then become very bulky documents. The electronic communications sector is certainly important but it has to coincide with other policy areas – such as copyright – and cannot claim a monopoly of competence in the field.

In one, limited field, the appellants did succeed in their claim. The Authorisation Directive has extensive provisions concerning the amounts of costs which can be imposed on those providing electronic communications networks or services. Effectively, costs imposed have to equate to those incurred by regulators. As stated above, however, many of the controls imposed upon ISPs might fall outside the scope of the Directive. Cost provisions might apply however with particular reference made to the provisions of Article 12 which refers to the imposition of ‘administrative charges’.  At trial it was conceded that this provision would apply and the judge divided the costs into 3 categories

(1) “qualifying costs”, namely the costs incurred by Ofcom or the appeals body in carrying out functions under the copyright infringement provisions, including costs incurred by Ofcom under those provisions in appointing the appeals body or in establishing a body corporate to be the appeals body; (2) “relevant costs”, namely costs which would be reasonably and efficiently incurred by a notional qualifying ISP in carrying out its obligations under the provisions; and (3) “case fees” charged by the appeals body in respect of each subscriber appeal which it receives (in relation to each appeal, the appealing subscriber’s ISP would be required to meet 25% of the fee, with the other 75% being recovered from the relevant copyright owner).

At trial it was held that the first requirement would apply to ISPs but that the concept of ‘relevant costs’ would not as these related to costs which would be incurred internally in complying with any requirements imposed under the Digital Economy Act rather than costs which would require to be paid to some third party. This contention was upheld in the Court of Appeal but a further finding that ‘case fees’ would also be excluded was rejected, Lord Justice Richards concluding that:

If, as the judge found and is accepted before us, “qualifying costs” are “administrative charges” within Article 12, I can see no sensible reason why “case fees” should not be treated in the same way. As Mr White submitted (for the appellants) , they are in substance a supplement to “qualifying costs”, comprising that part of the costs of the appeal body which is not covered by “qualifying costs”.

Discrimination and Distortion of Competition

A final (and unsuccessful challenge to the lawfulness of the legislation was based on the above grounds. The initial proposals are that obligations should be imposed only on ISPs providing services over fixed line connections and, even here, only in respect of the leading six providers. This was, it was claimed unfair to those ISPs affected and might also lead to a migration of customers to smaller ISPs who would not themselves (and by inference their customers) be subject to the same legislative regime. Effectively the wisdom might be that if a user wished to minimise the possibilities of being detected and acted against in respect of online piracy, a contract with a small ISP or a mobile network might be advisable.

The exclusion of mobile networks is driven largely by technical considerations. Unlike fixed line connections when each connection will be given a specific IP address, mobile networks have a pool of dynamic address one of which will be allocated to each connection. Technically, it is much more difficult to map a particular IP address to a particular connection at a particular point in time.

Exclusion of smaller ISPs is perhaps  more contentious. It was recognised that there were pragmatic reasons for the selection of a 400,000  subscriber thresholds. As was stated in the High Court:

The six ISPs who have more than 400,000 subscribers together account for 93.4 per cent of the residential and SME business broadband market. There is a natural break point below the big six, in that the smallest of the big six is still twice the size of the next in line. In my view, it is reasonable and proportionate to concentrate on the larger ISPs in the first instance, and to identify any other individual ISPs where there are high levels of copyright infringement on a case by case basis. Any alleged ‘migration’ of infringers to smaller ISPs is speculative at this stage and could be addressed if it began to present real problems.

This conclusion was upheld by the Court of Appeal. As was stated:

The judge did not rely on the possibility of review and amendment of the regime as an answer in itself to the appellants’ case, but he made the valid point that if circumstances changed there existed mechanisms for ensuring that any future problem of disproportionate effect could be avoided.

Conclusions

We will have to wait to see whether the appellants seek to take their case to the Supreme Court – or are granted leave so to do. We are now approaching the second anniversary of the Digital Economy Act receiving  Royal Assent but in spite of an OFCOM consultation period on the contents of the initial obligations code expiring in July 2010, we await even a draft instrument. There seems to be serious doubt whether these provisions of the Act will ever be brought into force.

In some important respects it seems that the emphasis of right owners is switching to seeking to act directly against ISPs to compel the blocking (or attempted blocking) of access to specified sites. Recent weeks and months have also seem major activities by law enforcement agencies in a range of countries, including the UK and the UK seeking to disrupt the activities of sites associated with large scale copyright infringement.

A number of European countries have sought to implement legislation along the lines adopted in the Digital Economy Act. It is perhaps fair to say that success has been limited. And perhaps it is time to recognise that the model may be lawful but is flawed.

Another legal debate, to tax or not to tax (VOIP)

VOIP operators (at least in the US) are not classified as telecom operators, and are exempt from taxes. After their tremendous growth, things might change. Here's a nice article about this issue.

Vivendi chief criticises Orange/Free Mobile roaming deal

I came across this article and I believe it's worth sharing. It looks like there's a legal battle on the way in France between Vivendi and Orange.

CCDP back on the table?

There is a lot of discussion following a piece in the Telegraph this weekend about the UK government's proposed upgrade to its current data retention / interception system, nominally to enable continued capability in a changing communications environment — in other words, retention of data and interception relating to over the top services, such as Facebook chat sessions, private tweets and Skype conversations.

The Telegraph article is here, and the official CCDP webpage is here.

I gave a paper on this subject (critiquing the current system, and discussing the reform proposals) at a conference last year; my slides are rather basic, but I shall dig out what I have in case anyone is interested. (The presentation attracted quite a lot of interest, because of the rather invasive nature of the proposals...)

Mobile termination charges

The Competition Commission has this month published the latest (possibly the last) in a long series of rulings in a dispute between BT (and also the smallest mobile network, 3) and the other mobile operators with the Regulator OFCOM caught in the middle . You can find the lengthy ruling here.

OFCOM is obliged under the Communications Act (and EU legislation) to conduct market reviews with the view to determining whether they need to impose a range of controls, including price controls. The issue what has been rumbling on for a number of years has related to the prices which the main mobile networks have charged for allowing other operators to connect calls to their subscribers (a call termination charge). The issue involves a great deal of economic and accounting theory (which i don't understand) but the basic argument has been that these termination charges are higher than the actual cost of processing the calls. between the main mobile networks, calls in (for which they get paid) and calls out to other networks (for which they pay) roughly balance out (and their consumers pay) . For BT and also for 3, the argument is that there is an imbalance in traffic and that these networks are essentially subsidising the mobile networks.

In 2011 OFCOM issued a determination requiring that termination rates be reduced over a period of years. BT (and 3) claimed too little to late, the mobile networks claimed too much, too fast. The Commission have now ruled in favour of BT and prices will be required to come down quickly and steeply. Good news for consumers? Maybe. You might look at this  article and this one 

Essentially, the business model of UK networks has been to subsidise the cost of handsets and recoup the money from higher call charges. this has perhaps been best seen in the market for prepaid (pay as you go) phones. It is apparent if you go to other EU countries, I've been particularly struck in Germany, that handset prices are much higher than in the UK - and calling charges much lower.

Which is best? I don't pretend to know. You will see in some of the articles that the change is likely to impact upon the poorer elements of society who typically use prepaid phones. We are perhaps moving close to discussions of universal service which we will consider later in the semester.

Any thoughts?

We are becoming out numbered

You might be interested in this BBC report which summarises research from Cisco suggesting that the number mobile networked devices will exceed the population of the world during the course of this year. The report indicates the massive scale of data traffic, something which networks are struggling to deal with. Also in the news this week is a report than Vodafone is considering making a takeover bid for Cable and Wireless. The Guardian reports that one of the attractions is access to the fixed line network to bolster its network capacity.

Voice and Broadband Switching

A large >200 page consultation document has been published by OFCOM which makes proposals to ease problems resulting from voice and broadband communications services being switched from one provider to another.

Two key problems are identified. The first relates to the difficulties that consumers may face when they wish to make a switch. If the transfer is not handled efficiently they may find themselves either left without a service or being liable to make payments to both providers. 130,000 customers annually are stated to have faced one or other of these problems.

A second problem (which OFCOM estimate affected 520,000 users in the past year) relates to a practice known as 'slamming'. Often perpetrated by unscrupulous sales staff seeking to boost their commission based earnings, this sees consumers being switched to a new provider without their knowledge or consent.

The paper presents a number of options but the provisional preference is for a regime where responsibility for transfers lies with the 'gaining' provider but that, in order to minimise the risk of slamming, an independent verification service should be established with the remit to obtain confirmation from the customer that they wish to change provider.

Lower prices are not always good?

OFCOM have recently announced a lowering in the price which BT can charge other operators for providing broadband Internet access. Sounds good for consumers but you might look at this interesting article from the BBC's Rory Cellan=Jones.

The basic point made is that lowering the prices for access over the current copper cables might make it more difficult to justify investment in fibre as the price differential would be substantial enough to deter consumer take up. the article indicates also that there is little sign of providers other than BT investing in fibre networks. Maybe the old idea of telecoms as a natural monopoly is not too far from the mark, at least at the network level?

On a somewhat related point, OFCOM have published data indicating that 8 million of the UK's 20 million broadband connections are provided by means of local loop unbundling (the providers have effectively taken over the lines from BT exchanges to their users' premises. That is about 40%. 70% of users access the Internet through providers other than BT. The remaining 30% of connections are based on providers purchasing capacity from BT on a wholesale basis and effectively rebranding the service.

Is Facebook (and others like it) "outstandingly stupid and overwhelmingly dangerous"?

Eben Moglen, professor of law at Columbia and director of the Software Freedom Law Center, has taken an interesting view of Facebook —

The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we *harm* people by destroying their privacy *for* them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.

His point is a valid one; phone companies have strict prohibitions around interception (at least within Europe) and so do not retain the content of all users' communications. Facebook and the like are arguably not subject to the same restrictions, as it is unlikely that they are electronic communications services.

Do you trust Facebook for your communications? Or even "traditional" telecoms providers? What do you think of Moglen's pet project FreedomBox? It's definitely a fascinating idea, but I am not sure that it will catch on.

"MPs rattle telcos to help kill extremist material online"

One which would sit as well with the eCommerce module as with the telecommunications course, members of Parliament in the UK have seemingly asked again for service providers to take responsibility for the content which they hold.

Although there are statutory powers under the Terrorism Act 2006 for law enforcement agencies to order unlawful material to be removed from the internet, the committee recommends that internet service providers themselves should be more active in monitoring the material they host, with appropriate guidance, advice and support from the government.

Currently, however, the regime under Article 14, directive 2000/31/EC does not encourage providers to look at the content which they host, for fear of liability; if providers were held harmless from any liability arising from the material they host, perhaps more providers might be willing to undertake such obligations, although there is a potentially significant risk to freedom of speech if this were to happen.

OT: student chat — thinking about module choices?

Given the success of the official blogs in getting interesting conversations started, I've created a similar blog for unofficial discussion — a replacement for the more conventional common room, perhaps.

With a range of us on the course — some coming to an end of our studies, others just starting — this might be a chance to share some of the knowledge, and benefit from each other's experiences in areas not specific to any particular module or field of study.

I thought I'd start by seeing which modules you might be thinking of taking — please do share your thoughts here.