Tag: internet

Department of Jobs, Enterprise & Innovation (brief) consultation on filesharing injunctions

[Updated 23/06/11] In the (literally) last days of the previous Government, a rumour shot around that the then Minister for Enterprise, Trade and Innovation was about to sign a statutory instrument into law which would address the gap in the law criticised by Mr. Justice Chartleton in the EMI & ors v. UPC case.

A firm denial was issued by the Minister but I’m not sure anyone really believed that a draft SI wasn’t floating around somewhere. Anyway, the newly-titled Department of Jobs, Enterprise & Innovation has put a draft SI out to consultation. The relevant SI text is below.

Deadline for submissions is 1 July 2011: less than 2 weeks from today. That’s pretty swift consultation by any standard. Apparently the Department received a number of requests for an extension to the consultation period, so the new deadline for submissions is Friday 29 July 2011.

New section 40(5A) of the Copyright & Related Rights Acts:

(5A)(a) without prejudice to subsections (3) and (4), the owner of the copyright in the work concerned may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (3) where those facilities are being used by one or more third parties to infringe the copyright in that work.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

New section 205(9A) of the Copyright & Related Rights Acts:

(9A)(a) without prejudice to subsections (7) and (8), the rightsowner may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (7) where those facilities are used by one or more third parties to infringe any of the rights referred to in Parts III and IV.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

Thanks to Ronan Lupton for bringing the consultation to my attention.

Privacy and the press

I wrote a short article for last week’s Sunday Business Post on the super-injunctions story and the conflict between freedom of speech and privacy. It appeared in the Computers and Business magazine and is available here.

It’s a difficult topic to tackle in a short article and some more thoughts on the issue are in my earlier rambling blogpost. However, Karlin Lillington dealt with the issue expertly in last Friday’s Irish Times by contrasting the UK super-injunctions saga with the Irish experience of data protection and retention laws.

PRIVACY HAS two definitions. There is the definition that applies if you are wealthy, or a celebrity, or a corporation or organisation, and you wish carefully to protect from the public eye your infidelities, personal peccadilloes, ethically questionable activities, illegal doings or other foibles that might damage your income, reputation or bottom line.

Then, there is the definition that applies if you are just an ordinary citizen and a bank, an insurance company, an electronics manufacturer, a telecommunications company, a law enforcement agency, a government department or other organisation holds or would like to view lots of potentially sensitive information about you.

If you are in the former, elite group, lucky you. You will find you are entitled to all sorts of perks and privileges when it comes to your special definition of privacy. Your national government may come up with laws specifically to protect your version of privacy.

Justice systems may invent special protections that mean not only is no one allowed to mention whatever it is you or your company is said to have done, but no one is even allowed to mention that such a legal protection is there in the first place.

Social media and internet companies may, despite public statements about valuing their users and freedom and democracy, relinquish information about the people who might have said something annoying about you, your company or your government, the better to enable the justice system to get these aggravating people off your back.

If you are in the second group, your privacy is too often a commodity.

There is nothing super about these injunctions

The unfolding superinjunctions scandal in the United Kingdom is one of those legal stories that has gripped the media, broadsheet and tabloid alike. Much of the coverage now focuses on the fact that social media tends to make a superinjunction redundant.

An injunction is an equitable remedy and therefore a number of specific rules (maxims) apply when a judge considers whether to grant one. One such maxim is that equity will not act in vain. Mr. Justice Clarke summarised the position in a recent Irish case involving an attempt to force through the sale of a property where the purchasers had no ability to pay.

It has often been said that equity will not act in vain. A court should, therefore, be reluctant to make an equitable order where there is no reasonable prospect of the order concerned being complied with. I should add one qualification to that statement. There obviously may be cases where persons may simply decline to obey an order of the court. The fact that a party might be most unlikely to obey a court order could not, in my view, be a reason for the court not making the order in the first place. However, where it is clear on the evidence that a party would not, in fact, be able to comply with a court order, then a court should be most reluctant to make such an order.

For superinjunctions of the type currently in the news, there is no reasonable prospect of the orders being complied with. But this results from the fact that Twitter users, for example, are unlikely to obey the order, rather than being unable to obey it. Nevertheless, the issue of enforceability is significant. Proposals to impose editorial moderation on social media are somewhat silly and, as with many of the measures adopted to tackle illegal filesharing, doomed to fail.

As the Guardian commented in its editorial yesterday:

The case is, on the face of it, not a terribly attractive one for arguing either the cause of freedom of speech or for the supremacy of parliament.

However, the issue is not about the peccadilloes of a premiership footballer and the same principles will apply in far more serious circumstances.

What if some people on Twitter decided to name rape victims, or publish the current identity and whereabouts of Mary Bell, the child killer was who has, since 2003, been protected by a court order?

On the other hand, the existence of superinjunctions first came to public attention during the remarkable Trafigura affair in 2009 when the Guardian was prohibited from reporting on a question asked in the British Parliament. The case was something of a nightmare scenario for those with an interest in open democracy and press freedom.

The UK controversies inevitably involve debate on the merits of introducing a privacy law or reforming defamation law. What about this jurisdiction? Reforms have recently been made to our defamation law and while they were to be accompanied by a “deeply flawed” privacy law, that initiative has stalled.

The Privacy Bill 2006 proposed that a court could, in a privacy action, make an order prohibiting a defendant from doing anything that the court considers violate the privacy of the plaintiff. It also allowed for wide powers to control media reporting of privacy actions. It certainly appeared wide enough to allow for superinjunctions. Eoin O’Dell outlined the conundrum that the Bill would present the media with when coupled with the Defamation Act 2009.

[The Bill] has raised the spectre the defamation gagging writ of old simply being replaced by a shiny new privacy gagging writ. One aspect of the two Bills together puts journalists into a potentially invidious situation. To be able to rely on the defence of reasonable publication in a defamation action, one of the factors which the court will take into account is the extent to which a reasonable attempt was made by the journalist to obtain and publish a response from the person who is the subject of the article.

However, a journalist who makes such contacts in advance, now runs the risk of precipitating a privacy action from that person.

The journalist is now potentially damned by the Privacy Bill for contacting the subject of the article, and damned by the Defamation Bill for not doing so.

Of course, we don’t know if there are any superinjunctions in force in Ireland because, by their nature, the media is generally prohibited from reporting even their existence. Given that Ireland is such a small community, however, it seems probable that word of superinjunctions would quickly leak out. In addition, as noted by Flor McCarthy:

The constitutional requirement in this jurisdiction that justice must be administered in public would be a high hurdle for an applicant to overcome; though maybe we just don’t have the right celebrities!

Nevertheless, it is not inconceivable that such draconian injunctions could be issued in Ireland. After all, the ongoing banking crisis in Ireland has been accompanied by an astounding level of secrecy. The Credit Institutions (Stablisiation) Act 2010, a remarkable piece of legislation which should be far more controversial than it currently is, baldly provides:

The Court may order that any application under this Act, or any part of such an application, shall be heard otherwise than in public or may impose restrictions with regard to the disclosure in open court, publication or reporting of any material that might be commercially sensitive.

This is a very broad provision and was relied on almost immediately after the Act was passed. It was quite clear at the time this Act was first used that the parties hoped that the media would not be aware of the proceedings. Could a judge order that an article such as that in the Irish Times not be published on the grounds that the fact of the application itself was commercially sensitive?

There may well be grounds for the use of draconian court orders on occasion but it must be considered that the parties most likely to seek them are large corporations and wealthy individuals. As Mark Stephens, a high profile media lawyer, commented:

They are almost discriminatory justice. Not a single woman has taken out a super injunction and as a result of that, it is only the men. Invariably they are rich men because it costs between £50,000 and £100,000 (€56,000 and €113,000) to get a superinjunction.


Has the Irish Government introduced #3strikes legislation? (Update: No)

[Updates at end] It appears that the Irish Government has implemented or is about to implement a significant change to the Copyright & Related Rights Acts 2000 to 2007 by statutory instrument on the eve of an election.

Silicon Republic reports:

In its final days, the Government is believed to be rushing through a statutory instrument that will amend the existing Copyright Act and which will give judges the power to grant injunctions against ISPs in relation to copyright infringement cases.

The demands for the change came about as a result of Mr. Justice Charleton’s decision in EMI v. UPC last year, when he ruled that Irish law did not allow him to grant such injunction “even though that relief is merited on the facts.”

The decision led to frantic lobbying on the part of record companies and a media campaign on this issue, including dramatic statements from Paul McGuinness that the issue “has got to do with the future of civilisation”.

With the range of other problems facing the Government the issue did not get much priority. The election manifestos of Fine Gael and the Green Party suggest that they are conscious of the issue with FG appearing to support the industry and the Greens appearing to support the consumer.

If accurate, there are many problems with this amendment and TJ McIntyre outlines them in his comments to Silicon Republic. However, whether or not the contents of the amendment to the Acts are agreed with, it is shocking that the Government is proposing to introduce such a contentious change by way of statutory instrument with hours to go before an election.

A statutory instrument is defined as “an order, regulation, rule, scheme or bye-law made in exercise of a power conferred by statute”. Section 7 of the Acts appears to provide reasonably wide scope for the introduction of regulations but it is likely be a topic for debate as to whether the reported change fits within or exceeds that provision.

Ironically, Charleton J. stated in his judgment:

Legislative intervention is required, if the Oireachtas see fit, to protect constitutional rights to copyright and foster the national resource of creativity. (my emphasis)

Updates (24 February 2011)

  • Acting Minister for Enterprise, Trade & Innovation Mary Hanafin has said that there “is no truth in the rumour” that an amendment to the Copyright & Related Rights Acts will be passed before the election. The press Minister expects the next Government to consult on the issue before such an amendment is made.
  • However, an story from the original source of the rumour earlier today said that the Department “neither confirmed nor denied that a statutory instrument was being pushed through, but said “it may be necessary” to introduce measures to clarify Ireland’s position under the Copyright Directive in relation to injunctions, thanks to the recent court case involving UPC and the music industry.”
  • Simon Coveney, a front-bench member of Fine Gael, tweeted about the issue earlier. Fine Gael is highly likely to introduce the amendment following the election but not, one hopes, by way of statutory instrument.

 

Election 2011: Privacy, intellectual property & the internet

With so much of the electoral attention focussed on crisis management, it is easy to ignore other aspects of each party’s manifestos (or the absence of same in the case of many independents).

It is worth checking these manifestos for references to any issues you have a particular interest in: you might be surprised at what you find. Luckily, blogs like Maman Poulet and Human Rights in Ireland are keeping an eye on the aspects of the party manifestos not concerned solely with bond-burning.

Crowd checking the 1931 general election results, Willis Street, Wellington, 1931
Election night results, pre-Twitter

Our courts and citizens are having to deal with an increasing number of issues under our privacy, data protection and intellectual property laws, so I had a look at the parties’ positions in these areas. If I have missed anything, please let me know in the comments, along with suggestions as to what the manifestos should contain.

Fine Gael

  • FG would “review and update Intellectual Property legislation currently in place to benefit innovation.” This commitment is vague and suggests that the party is aware of issues but hasn’t thought about any solutions yet.
  • FG would “clarify the laws relating to on-line copyright infringement and the enforcement of rights relating to digital communications”. This probably refers to the consequences of the IRMA litigation (contrast with the Green Party manifesto, below). Again, the party does not appear to be ready to offer solutions.
  • What is meant by “the enforcement of rights relating to digital communications”? Does it refer to data retention or freedom of speech? The sentence is somewhat worrying in the absence of elaboration.
  • FG will revamp the Patents Office website. This is a bizarrely specific proposal, by contrast with the other high-level proposals.
  • The consultancy industry will be delighted to learn of plans for “an E-day on January 1st, 2016 by which all government services to business will be on-line only.”
  • FG would “develop Ireland as a ‘Digital Island’ and first-mover when it comes to information technology.” One might be forgiven for thinking that is an aspiration that is somewhat unrealistic in 2011.
  • FG would introduce a national DNA database. The process of doing so had already been started by the outgoing administration.
  • The party proposes a Circuit Commercial Court along the lines of the existing Commercial Court but which deals with smaller-value commercial disputes (the Circuit Court can generally hear cases for claims worth up to €38,092.14)

Labour

  • Labour’s Innovation Strategy Agency would, among other things, “make Ireland a world leader in the management of [IP]”.
  • Labour “supports the development of an International Content Services Centre in Ireland, and its potential to make Ireland a European hub for the dissemination of Intellectual Property.” This was, in fact, a commitment of the renewed Programme for Government agreed by Fianna Fáil and the Green Party in October 2009. It is also firmly in Your Country, Your Call territory: one of the winning YCYC proposals was to establish an ICSC. The competition winners were announced in September 2010, almost one year after the establishment of an ICSC became Government policy.
  • Labour propose to introduce civil orders against serious offenders following conviction, for example, restrictions on the use of the internet by those convicted of child sex offences.
  • Labour wants to make Ireland a headquarters location for data centres and cloud computing. The party would establish an expert group to review security and privacy issues arising from these areas. A data protection review group established by the Minister for Justice 2008 published a report in 2010. The EU is also currently reviewing the Data Protection Directive (Irish law implements the Directive) and cloud computing is one issue under review in that context.

Fianna Fáil

I will not be the first to suggest that the FF manifesto consists primarily of a defence of the outgoing Government’s policies and lists of achievements since 1997. It is not surprising, therefore, that party does not appear to offer much in the areas of privacy, IP and the internet.

No direct reference is made to copyright, data protection, privacy or the internet (not one instance of the word internet in the whole manifesto, though commitments are made about broadband). One, incidental, reference is made to IP in the context of publicly-funded research. While FG want to clarify the law on exploiting IP developed by third level institutions, FF want the outcomes of publicly-funded research to be made freely available “save where there are specific commercial intellectual-property issues.”

  • FF commits to supporting research and development and to continue use of the innovation voucher system to help small businesses acquire R&D.
  • Like the Labour party, the FF manifesto commits to fostering cloud computing services. It also commits to establishing the International Content Services Centre (as already mentioned, this has been Government policy since 2009).

Green Party

  • The Greens would “[p]revent private organisations from intruding into a citizen’s privacy”. The Data Protection Acts 1988 and 2003 already do this in general terms, but I assume that the Greens are proposing either reform of those Acts or the implementation of some form of specific privacy law, as was proposed but not implemented by the outgoing administration.
  • The Greens would prevent organisations from “summarily punishing citizens for alleged illegal activities and from interfering with citizens’ legitimate and legal uses of content.” Again, a little interpretation is required, but I assume this suggests that the Greens would deal with the consequences of the IRMA litigation in a manner which favours citizens over companies. As Minister for Communications, Eamon Ryan said that he was seeking the advice of the Attorney General in this area but his holding statement to the Dáil last year did not indicate any thinking along the lines of what is now contained in the manifesto.
  • The party would “[u]pdate the role of the Data Commissioner to ensure evolving technologies are in check with the rights of Irish citizens.” This might refer to increased enforcement powers, which would be welcome.
  • The party would completely oppose the introduction of software patents.

Sinn Féin

The SF manifesto makes no direct reference to copyright, intellectual property, data protection, privacy or the internet. However, the party would “focus on creating new jobs across the agri-food, tourism and IT/pharma sectors, and Research and Development as well as with initiatives that will ensure Ireland becomes a world leader in green energy.”


Irish data retention law now in force

There has been so much political uncertainty in recent weeks that one wonders what business of Government has gone on unnoticed. One such item of business, I discovered from the A&L Goodbody legislative FAQ referred to earlier, was the passing by the Oireachtas of the Communications (Retention of Data) Act 2011.

This controversial piece of legislation is not available,  as yet, in its final form as none of the Department of JusticeHouses of the Oireachtas or Irish Statute Book have published it.

The President signed the Act into law on 26 January 2011 but, as far as I am aware, this has not been reported on anywhere. The commencement date is not known but the latest draft available does not contain a commencement clause so, if one was not inserted before it was passed by the Oireachtas, it is now in effect.

[Update: I wasn’t correct in stating that the introduction of the Act hasn’t been reported on. I had missed Eoin O’Dell’s reference to its passing on his blog and Karlin Lillington‘s coverage in the Irish Times. She also covered the Seanad debates on twitter. However, it is still noteworthy that this news has been confined to analysis pieces and has not been headline news, by contrast with other rushed legislation recently signed by the President.]

According to the Internet Service Providers Association of Ireland:

ISPs providing Internet services to the public are now obliged to retain certain data, as set out in the Act, identifying the occurrence of a communication (but not about the content of the communication itself). This must be done for every user, whether they are a private or business customer. In the case of Internet communications the ISP must keep the data for a period of one year … [The] ISPAI regrets [the passing of the Act] despite the trojan efforts of non-government Senators who argued the amendments (which were defeated) aimed at giving greater clarity to the legislation and particularly to minimise its potential to put Ireland at a cost disadvantage to our EU neighbours for Internet based business.

Digital Rights Ireland summarised the effect of the legislation when it was first put before the Oireacthas as follows:

In essence, the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year … This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.

The Irish Council for Civil Liberties made submissions to the Department of Justice about the legislation. Digital Rights Ireland took a constitutional challenge against the legislation and that challenge is en route to the European Court of Justice (the Act implements the EU data retention directive).

Strike One?

This week’s big intellectual property news was the judgment of Mr. Justice Charleton in EMI & ors v. UPC. The case was the latest plank in the record industry‘s campaign to force the introduction of a graduated response to online copyright infringement.

Charleton J’s judgment is long and there is a lot to get through.  I haven’t had the opportunity to read the judgement fully but a few highlights already stand out:

  • Evidence was adduced by the plaintiffs to justify claims that many thousands of tracks are illegally downloaded. Justin Mason looks at some of those claims and finds that, by the same logic, an album he invented on the spot has been downloaded 24,752 times. This evidence, which appears to be highly flawed, has already been represented as fact in the Seanad.
  • In 2009 Charleton J granted an order requiring eircom to block access to The Pirate Bay. As noted by TJ McIntyre at the time, the judgment was of limited value as it was not opposed by eircom and was delivered ex tempore. Simon McGarr points out that Charleton J now finds he was incorrect in granting that order. According to his latest judgment:

I regret that my previous judgement in the matter was wrong. The legislative basis enabling me to act in that way does not exist in Irish law as it exists in other European jurisdictions.

  • If eircom had contested that order, Charleton J may have been in a position to reach the decision now indicated in the UPC judgement. It’s an important point, as he also gave judgment clearing data protection concerns raised by the Data Protection Commissioner in relation to the graduated response settlement. That case was similarly unopposed and the Commissioner did not appear due to cost concerns.
  • Charleton J has repeatedly characterised online copyright infringement as theft and anyone engaged in downloading files in breach of copyright to be in the criminal sphere. Eoin O Dell draws attention to interesting posts on the question of whether or not copyright infringement is theft.

Why people care about The Record Industry v. The Customer

Cory Doctorow makes some good points on the use and abuse of copyright law, in response to some pretty churlish criticism recently directed his way. I particularly liked this:

… I don’t care if you want to attempt to stop people from copying your work over the internet, or if you plan on building a business around this idea. I mean, it sounds daft to me, but I’ve been surprised before.

But here’s what I do care about. I care if your plan involves using “digital rights management” technologies that prohibit people from opening up and improving their own property; if your plan requires that online services censor their user submissions; if your plan involves disconnecting whole families from the internet because they are accused of infringement; if your plan involves bulk surveillance of the internet to catch infringers, if your plan requires extraordinarily complex legislation to be shoved through parliament without democratic debate; if your plan prohibits me from keeping online videos of my personal life private because you won’t be able to catch infringers if you can’t spy on every video.

Via Adrian Weckler.

If you didn’t friend the Department of Social Protection, one of your “friends” snitched

The stories about the Department of Social Protection’s use of Facebook to detect fraud raised more questions than they answered.Someone talked! So, I requested details from the Department of its use of social networking.

Here’s the relevant part of the response:

Social networking sites, such as Facebook, are not a systematic part of the Department’s on-going targeted fraud and error control activities.

Circumstances, however, may give rise to a member of staff examining publicly available information on the internet, for example following receipt of a report from a member of the public making reference to relevant information on social networking sites.

Information from such sources is not used as evidence to terminate a claim in payment but may result in a review of entitlement by the Department.

On a point of information, at the end of August 2010 (latest figures available)

  • over 7,200 anonymous reports were made to the Department’s Central Control Division. (Reports are also made directly to scheme areas and public offices which are not included in that figure).
  • 500,000 reviews approx. were completed by the Department. Investigations which refer to social networking sites would be negligible in an overall context.

As only information which is publicly available on social networking sites is accessed in such investigations, the cooperation of the operators of such sites is not needed. The Department has not accessed, or sought to access, information on social networking sites which is not available to the public at large.

The above doesn’t necessarily get the Department around the requirements of the Data Protection Acts and it is not clear what the Department does with data submitted to it by members of the public which is not publicly available online.

Did you friend the Department of Social Protection?

Over on the Irish Computer Society’s data protection blog yesterday, Daragh O’Brien wrote about the news that the Department of Social Protection is monitoring Facebook when investigating suspected welfare fraud.

Daragh discusses the data protection principle of fair obtaining in this context. He notes section 8(b) of the Data Protection Acts 1988 and 2003, which suspend the restrictions in the Acts for the purposes of the investigation or prosecution of offences and in the case of collecting or assessing monies due to the State. However, the section 8(b) exemption only applies where processing of personal data (which would include getting it from Facebook) is required for the purposes of investigation, etc. The provision is, as yet, untested, but the wording certainly suggests that it is not open to the Department to process personal data obtained from Facebook merely as an aid to investigation.

© Brian Solis
After all, this guy doesn't believe in privacy.

This morning, the Irish Independent followed up on the story with surprising statements from Facebook itself, primarily that:

“Facebook protects people’s right to privacy but in the same way officials investigating a case can access post office details or phone records, accessing Facebook profiles would be the same kind of thing,” a spokesman said.

It comes as a surprise to me* that the Department could access post office details (and: what are those details?) and phone records without a court order or the consent of the data subject, but Facebook apparently believes this is the done thing. It’s an important point because Facebook’s privacy policy purports to allow the company to hand over your information.

We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards.

It is not known from the news reports whether Facebook has facilitated the Department of Social Protection or handed over information or access to profiles to the Department. If not, it is difficult to see how the Department has accessed any meaningful information from the site, unless it has taken advantage of data which has inadvertently been made public or, alternatively, if the Department has obtained the data by deception.

From the comments made by Facebook to the Irish media, it appears that Facebook has an off-hand attitude to the specifics of Irish law on this point and its privacy policy suggests that the company will err on the side of caution in assisting a State agency. It won’t surprise many that Facebook might not rush to defend your privacy.

The incident is certainly worthy of investigation by the Data Protection Commissioner.

* I’m not an expert on the Social Welfare Acts and they are labyrinthine, but anyone with more knowledge on the powers of the Department in this area might comment below. I understand certain information can be shared by some State agencies for the purposes of making a decision on whether to provide social welfare or grants, but I don’t believe that extends to investigations by the Department.