Month: April 2010

IMRO vs. The Blogs: collective licensing of music

©  Time Inc
"The collective licensing revenue streams, they are a-changin'."

Controversy broke out this week when Nialler9, an influential Irish music blogger, publicised IMRO’s demand that music bloggers pay for a Online Exploitation Licence. [Update: a group of Irish music bloggers met with IMRO on 6 May 2010 to discuss their concerns. Read about the meeting here.]

Like many blogs, most Irish music blogs are run at no, or very little, profit. Comments on the main posts about the issue generally share a sense of outrage and a belief that IMRO’s demands will damage new Irish music.

Incredulity is also expressed that the bands involved generally provide the music to the bloggers in the hope that it will be promoted online. The Guardian sums up the issue as follows:

If IMRO goes ahead with its plan, targeting music blogs around the world, there will soon be legions of frustrated bloggers. And it will be much worse if other regional publishers follow suit. While the organisations’ hearts may be in the right place – looking to buoy a flagging industry – we just hope they are going about it the right way. Will forcing the closure amateur music blogs make songwriters richer? Or precisely the reverse?

Collective licensing is a somewhat complicated area but it is reasonably certain that, whatever enforcement steps IMRO might or might not take against individual bloggers that refuse to buy a licence, it is highly unlikely that any agreement will be reached to exclude blogs from the licensing regime. [Update: However, it appears from the meeting between music bloggers and IMRO, mentioned above, that a new form of non-commercial licence might be considered.]

Collective copyright licensing

Individual collection of royalties from music users by music owners is extremely impractical. Therefore, a system of collective licensing has been established where by a licensing society can be set up, with rights to grant licences to play music on behalf of a class of copyright owners. The Copyright and Related Rights Act 2000 provides that music can be played in public or broadcast if the appropriate fees have been paid to the relevant licensing society.

The most well-known such society in Ireland is IMRO, which collectively licenses the performance rights of copyright musical material (ie. the part of a musician’s copyright relating to the public performance of their work). It collects over €30 million in royalties annually, which are distributed to its members.

There are other collecting societies that license other copyright works, such as the Newspaper Licensing Agency and the Irish Visual Artists’ Rights Organisation. IRMA is an association of record labels and is not a collecting society.

Comments on the blog posts already mentioned point to the fact that the musicians involved authorise the use of their music on a particular music blog. Nialler9 refers to his understanding of the situation, prior to hearing from IMRO.

Like many I thought that MP3s which were cleared by bands and labels for promo were provided as is – gratis and without any attachments or additional requirements other than to promote the band and song. Y’know, the same way an entire music blogosphere and a digital PR industry has been allowed to grow up over the course of the last 10 years thinking the same.

However, musicians can only licence the rights which they retain. If they have joined IMRO, they have entered into an agreement with the organisation. The first substantive clause (clause 2) of that agreement provides that the musician is assigning (ie. transferring) all their performing rights to IMRO.

Accordingly, IMRO members cannot grant a blogger a licence to the performing right in their music because they no longer own that right.

Controversy

The collective licensing system has not been uncontroversial. Similar arguments to those now raised by music bloggers were aired over a decade ago by independent retailers and coffee shop owners who felt that they should not have to pay an IMRO licence fee to promote new and local musicians in their premises.

One might wonder why IMRO has begun to target bloggers now; the answer probably lies in the comment quoted above from the Guardian. As music use changes, collecting societies are tracking new and increasing sources of revenue from such use.

In 2004, the European Commission warned sixteen collecting bodies that an agreement between them was potentially in breach of competition law on the basis that it proposed to carve up online music licensing on a national basis. The Commission published a recommendation in 2005 which said that the industry should be free to set up EU-wide collecting societies or to allow national societies to licence on an EU-wide basis.

Disputes

In Ireland, the Controller of Patents, Designs and Trade Marks deals with disputes regarding royalty rates charged by collecting societies.

[A]nyone who considers that they have unreasonably been refused a licence by a collecting society or considers the terms of an offered licence to be unreasonable may refer the matter to the Controller.

The terms of an offered licence include the proposed royalties or licence fees.

IMRO is not a one-stop shop

So: permission from a musician does not necessarily extend to a licence to use music online; neither does an IMRO licence give a full licence to use the music.

This is a common misunderstanding. Different venues and uses may require a combination of licences from IMRO/MCPSI, PPI, the record label responsible for the recording and/or the songwriter. For certain commercial uses of specific pieces of music, a licence from all of these parties might be required. Therefore, it is important to check with IMRO or a professional adviser as to what licences are necessary.

A Clatter of the Law & World Intellectual Property Day 2010

Today is World Intellectual Property day, the day on which the World Intellectual Property Organization would like public awareness of IP to be heightened. It is not, perhaps, the most exciting of international days of observance, but is a fitting one on which to explain the title to this blog.

This is not exclusively, or even primarily, an IP blog, though as a former full-time IP/IT lawyer it strays into that territory from time to time. The title of the blog, however, does relate to IP law and arises out of an anecdote of my late father’s.

My grandfather, Bryan MacMahon, was a school teacherwriter and balladmaker. He spent a lot of time travelling the country to collect ballads that might otherwise be lost and composed ballads of his own.

Given the place of oral tradition in the world of ballads, it sometimes happened that ballad singers would lose track of who wrote a particular ballad and they might be designated “Anon” or “Traditional”. The balladmaker with an eye on his IP would, of course, make it known publicly that the ballad in question was not traditional or of anonymous origin, but his or her own copyright.

Sometimes, however, there was a conscious effort to “forget” the original balladmaker and a balladsinger might claim something as his own. One such episode of forgetfulness became known to my father and resulted in the following cease and desist poem:

FOR A PLAGIARIST.
Some men take your character,
Some men filch your purse,
But a bard who steals a dead man’s verse
Is a thief who is far, far worse.

You stole pennies from a dead man’s eyes,
As mean as I ever saw,
And if you try it once again,
You’ll get a clatter of the law!

Upon hearing this, the alleged infringer exclaimed delight and requested ten copies.

Comhaltas Ceoltóirí Éireann have an excellent new online archivelaunched recently, which includes interviews with Bryan MacMahon about ballads (eg. “What’s a ballad?” and “Ballad competitions“) and recordings of Garry McMahon (eg. “Thousands are sailing to America” and “Yorkshire Pigs“).

A Down day from the archives

Today’s “From the Archives” in the Irish Times reproduces a match report for the 1960 All Ireland football final between Down (2-12) and Kerry (0-8).

GAELIC ATHLETIC history was made at Croke Park, yesterday, when the all-conquering champions from Kerry, with nineteen championships to inspire them, were well and truly beaten by a faster, a fitter, and far more uniform side from Down, who played very sound football and often beat Kerry at their own high fielding game.

Unfortunately it was a bad day for Kerry, perhaps not helped by my late father leaving the field due to injury, but as he sang himself:

We savour Kerry victories, we salute a gallant foe
And when we lose, there’s no excuse, we pick up our bags and go

He went on to score the fastest goal ever scored in an All Ireland footbal final in 1962 (Pathé newsreel).

Graduated response now de facto law in Ireland

[Updates at end] The Irish record industry, like its international siblings, has given up pursuing individuals in its war on filesharing and is focusing instead on the use of “three strikes” disconnection, sometimes referred to as graduated response. This involves a rightsholder, usually a record label or movie studio, notifying an ISP that it believes a particular IP address has been used for unlawful downloading of copyright material. On the third complaint, the ISP disconnects the user of that IP address.

The Irish industry took a test case against the biggest Irish ISP (EMI & ors v. eircom) for allowing its network to be used for unlawful downloading and the proceedings resulted in a settlement whereby eircom agreed to introduce a graduated response system.

The graduated response is to be introduced into UK law as part of the recently passed Digital Economy Act 2010. In that jurisdiction, it was subject to scrutiny, debate and critique by academics and commentators, which might not constitute scrutiny at all given that it sailed through Parliament. In Ireland, it is creeping in by private agreement between the main players (a development which is not unusual in Ireland).

The settlement between the industry and eircom had to be revisited in the High Court to determine its compatibility with the Data Protection Acts 1988 and 2003 and Mr. Justice Charleton delivered his judgment last week, concluding that the system can lawfully be implemented.

Professor Lillian Edwards said the following of the proposed UK system:

All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility. (My emphasis)

In his judgment, Charleton J. explains the eircom system as follows and Professor Edward’s comments would appear equally applicable:

Under the terms of the settlement, these companies tell the plaintiffs that a particular computer has been involved in illegal file sharing of its copyright material. This information is passed by one of the plaintiffs to the defendant Eircom, as the internet service provider. It then informs its subscribers that they have been detected infringing copyright. If there is a second occasion of illegal downloading, Eircom is obliged, when so informed, under the settlement to write to the subscriber warning them that unless that sort of infringement ceases, they will be disconnected from general internet service. This disconnection does not apply to any telephone or television service that a subscriber gets over their internet facility. On a third infringement, that discontinuance is implemented by Eircom: the subscriber is taken off service except for phone or television internet access.

Charleton J. acknowledges that disconnection is a “serious sanction” and that some would argue it is an “imposition on human freedom”. He quite rightly points out that “[t]here is no freedom, however, to break the law.” However, disconnection could affect an entire household, for example, and it is difficult to accept the justification offered that internet cafés are available to the disaffected and disconnected.

[W]hile it is convenient to have internet access at home, most people in Ireland have only to walk down to their local town centre to gain access for around €1.50 an hour.

Rightsholders are entitled to protect their rights, but should they be entitled to have a utility disconnected on the basis of their unscrutinised claim that the utility has been used to infringe their rights? As one wry tweeter put it:

Charl[e]ton J’s decision in eircom is as if NTR allowed to ban u from driving b/cos Quinn Direct said u crashed into 3 of its policy holders.

Part of the eircom settlement reportedly required the industry to pursue eircom’s competitors and seek implementation of the same system: rather weak letters before action were duly sent to all other Irish ISPs (including those who do not provide internet access to end users) and proceedings were instituted, due before the Commercial Court this summer. It had been anticipated that the other ISPs might defend the proceedings strenuously, though one wonders if Charleton J’s judgment might have any influence.

The most remarkable thing about the judgment is the fact that the Data Protection Commissioner, whose questions to the High Court formed the basis for the judgment, did not appear at the hearing because of  cost concerns.

One wonders what the purpose of the Commissioner’s is if not to appear in such a case. After all, his office appointed a panel of four commercial law firms to advise on the full range of powers and obligations under the Acts only a few months ago. His participation might not have changed the outcome, but as Ireland’s data protection regulator and representative member of the Article 29 Working Party (which has examined the nature of IP addresses under data protection legislation) his office’s participation should be automatic.

While Charleton J’s judgment ostensibly deals with data protection concerns, it makes his views on the wider issue of unlawful downloading clear. David Brophy points out that, not only was the Commissioner not represented at the hearing, nor was any consumer or digital rights advocacy group. He also notes the tenor of the judgment which, although ostensibly concerned with a set of data protection questions, is loaded with pro-indsutry language.

The judgment is particularly striking for the language used to describe the act of copyright infringement (“theft”, “stealing”, “filching”), and the data subjects, whose interests the case is of course addressing, become “copyright thieves” when their IP addresses have been identified as having been involved in file-sharing.

In fact, Charleton J. appears to take the plaintiffs’ assertions at face value and states that “the entire purpose of this litigation is to uphold the law.” He refers to “data protection entitlement” in the same paragraph as a “fundamental right to copyright”.

This appears to suggest that one’s data protection rights are a form of State-granted beneficence, to be measured against the human right of copyright. It should be remembered that, in this scenario, the data subject is an individual internet user; the copyright owner is a multinational corporation.

Updates

  • The International Federation of the Phonographic Industry welcomed the decision in Ireland, saying that it “sends a strong message to governments that are now considering how to help their creative industries address the threat of mass online piracy”. The IFPI says that the judgment confirmed the legality of a graduated response system, which is not quite accurate: the High Court decided that the settlement agreed between the parties was not incompatible with the Data Protection Acts.
  • UPC Ireland, owner of ChorusNTL, said that it will continue to vigorously defend proceedings brought against it by EMI & ors seeking the introduction of the same graduated response system. UPC rightly points out the point made above (that the decision merely decides on compatibility with the Data Protection Acts) and says “there is no basis under Irish or European law requiring an ISP to monitor or block subscriber traffic on its network.”
  • Cory Doctorow said that the judgment means that “Ireland has now joined the exclusive club of nations that treat the Internet as a trivial system for pirating movies, worthy of no special consideration. They’ve joined the club of nations that are willing to collectively deprive innocents of access to a single wire that delivers freedom of speech, press and assembly in order to put a few more Euros into the pockets of some of the largest corporations in the world.”
  • Ars Technica said “The issue isn’t about “freedom to break the law,” but about proportionality. Does the punishment fit the crime (which is not, in this case, even a “crime” but a civil matter)?”
  • p2pNet said “Whenever the IFPI … or any of Vivendi Universal, EMI, Warner Music and Sony Music’s other ‘trade’ outfits applauds a court ruling, you know it can’t be good for anyone except the Big 4. And when U2’s other big mouth, manager Paul McGuinness, chips in, it’s confirmed.”
  • Not an update as such, but Digital Rights Ireland published a post last year on why the graduated response agreement is bad for internet users. It still applies, post-Chartleton J’s judgment.

Reporting of data security breaches

Ireland’s data protection legislation was introduced in 1988, but the law only came to public attention after several high profile data breaches in recent years.  As in other jurisdictions, there have been calls for the introduction of an obligation to notify the authorities when a data breach has or is likely to occur.

The Data Protection Commissioner has previously indicated that Ireland is likely to introduce a mandatory reporting law which will obligate data controllers to notify data subjects when their personal data has been leaked. At present, the EU plans to introduce a mandatory reporting law, but it would only apply to telecoms providers.

Karlin Lillington, in today’s Irish Times, adds her voice to those calling for a mandatory reporting law for all personal data breaches. She makes the point that the extent of data breaches will probably not be known until a mandatory reporting law is introduced, as was the case in California. This contention is supported by the Commissioner’s 2009 annual report, which attributes the increase in voluntary reporting of data breaches “to a greater awareness among organisations of their data protection responsibilities.” However, Karlin does not believe voluntary reporting is sufficient.

Given the reluctance of organisations to use a basic security tool such as encryption to lock down personal data, we need a legal threat to force adoption of this elementary form of best security practice.

We cannot sit about and wait for years for the subject to come back on to Europe’s agenda. No Irish citizen should have to wonder for years whether financial institutions, health organisations, insurance companies, energy suppliers, telecommunications companies, Government departments or small neighbourhood companies are keeping data safe – or dealing with the potentially catastrophic consequences if they are not.

In the UK it has been argued that a security breach notification law is not necessary. Dr. Chris Pounder argues that the existing law may already require data controllers to contact data subjects who are at risk of identity theft following a data security breach.  Dr. Pounder bases this argument on the seventh principle in the UK Data Protection Act 1998, which requires data processors to establish “a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage … and the nature of the data to be protected.”

He says that compliance with the seventh principle requires a risk assessment which will enable the organisation to determine what level of security is appropriate and to implement that level of security. Allied to that is the recent amendment to the UK legislation to allow the Information Commissioner (the UK equivalent of the Data Protection Commissioner) to fine an organisation up to £500,000 for serious breaches of data protection law. Dr. Pounder argues that the loss of unencrypted personal data would qualify as such a serious breach and could result in a fine.  He contends that the type of data security breach laws widely adopted in US states are already present in the data protection principles set out in European data protection legislation.

This argument relies on an interpretation of the existing law, which can be challenged by a data controller or processor. The Irish Data Protection Acts 1988 and 2003 are similar to the UK legislation and require that appropriate security measures are taken to protect personal data.  The legislation sets out the criteria to be considered when evaluating what security measures are appropriate and the Commissioner has published guidance on this point. However, the Irish legislation does not provide for the extensive penalties possible under the UK law and it may be a stretch to extend Dr. Pounder’s argument (if that argument is accepted at all) to Irish law. At any rate, a specific provision in the DPA would be preferrable to an interpretation.

A report from the Data Protection Review Group established by the Minister for Justice is expected soon and may well recommend the introduction of a mandatory reporting law. The Group’s consultation paper makes the point that a change in the law will not necessarily ensure protection against data breaches, but would “reduce the prospects of damage being done by such losses.”

Concern is evident from the Group’s evaluation of the regulatory options that a move toward mandatory reporting could reduce the historical approach of the Commissioner and data controllers to collaborate in resolving data protection issues and could force the Commissioner into a more confrontational enforcement role.

Such a role would provide more certainty and ensure that penalties apply where appropriate, but could involve significant cost on the part of the Commissioner’s office and would likely require the recruitment of enforcement specialists. Last year, for example, the Commissioner’s office put its legal requirements out to tender and the range of likely services sought tends to suggest that the expertise required to implement any new enforcement powers does not currently exist in-house.

Éigse Michael Hartnett

The eleventh Éigse Michael Hartnett arts and literary festival takes place in Newcastle West from 22 to 24 April. The line-up is impressive for a short festival, including poetry readings, lectures, puppet and music shows (brochure available here). Special guests include Jorie Graham, Fintan O’Toole and Mark Patrick Hederman.

Picture from the Éigse Michael Hartnett websiteMicheal Hartnett was the poet laureate of the area, born in Croom and raised in Newcastle.

Lovable yet separate, operating within his own field of force. I’ll never forget reading his first short hypnotic poems in the early sixties; they had a kind of Orphic throb, as if a new Lorca had emerged from Newcastle West. In fact, Michael shared Lorca’s ability to combine avant-garde daring with native tradition; he took the boldest of technical and emotional risks, living in and through and for his poetry to the end. Séamus Heaney

Newcastle West Community Council have, in advance of the festival this year, commissioned a public sculpture to commemorate Michael, for display in Newcastle.

Local businesses are running a literary trail, displaying some of his works in their shop windows. This example is Death of an Irishwoman, written for his grandmother Bridget Halpin.

Death of an Irishwoman
Ignorant, in the sense
she ate monotonous food
and thought the world was flat,
and pagan, in the sense
she knew the things that moved
all night were neither dogs or cats
but hobgoblin and darkfaced men
she nevertheless had fierce pride.
But sentenced in the end
to eat thin diminishing porridge
in a stone-cold kitchen
she clenched her brittle hands
around a world
she could not understand.
I loved her from the day she died.

She was a summer dance at the crossroads.
She was a card game where a nose was broken.
She was a song that nobody sings.
She was a house ransacked by soldiers.
She was a language seldom spoken.
She was a child’s purse, full of useless things.

© Michael Hartnett

Update

See