[off-topc] ISP responsibility, was Re: European DB-law was: Re:SpamWhack
- Date: Mon, 22 Jan 2001 13:24:16 +0100 (MET)
On Mon, 22 Jan 2001, Roland Perry wrote:
> Have a look at the LINX, now also RIPE, SPAM-BCP; we certainly welcome
> ISPs who declare they have "signed up".
(It should be /bcp not .bcp)
Some comments after a quick glance on that page (or why we wouldn't sign it):
(My reply became much longer then I intended at first, my apologies for the
"Material which is illegal to possess" focusses only on one issue only.
The media has done that by itself enough to validate all kinds of law
changes. If you really need to mention examples, at least also include
Mein Kampf (in certain countries, not sure if this is EU wide), and
for instance material that is meant to instigate hate (deathlists
of abortion doctors, hatepages etc). The most important part here
(IMHO) is to leave whether this is legal or not up to a court, and
not to the ISP's legal department. The same goes for copyright. If
you think the ISP department is qualified enough for such a decision,
please take a look at my stack of Scientology papers.
"If a report is received from the IWF of such material, the material
should be removed from the ISP's machines as soon as possible. Member
companies may wish to verify that the material is as described and query
any discrepencies with IWF."
As an ISP, I would tend to want to keep the "evidence" myself, for
use in upcoming lawsuits of either the copyright holder or copyright
breaker. If the material is illegal to posses, I would ask the proper
agency to tell me (om paper!) what to do with the materials. Also,
what I find missing here is how an ISP can be sure that something is a
copyright violation, because it isn't, and should never be, up to an ISP
to decide what constitutes "fair use" or even "copyright". As an ISP, we
only remove material once we see a court decision on the matter. Again,
you don't want to know how many paperwork I have on scientology case
alone, and there are other examples. It gets way too complex for the
average ISP legal department if these issues are also going over national
barriers. Leave it up to a court. Our motto: "We're just a provider".
(Btw what is the "IWF"?)
"If the material in question is on a hosted web site, the ISP should
block access to the site both for reading and for upload, make a private
copy of the site for evidential purposes (and also copy any upload log
that is held) and then delete all other copies of the material."
This also opens up the ISP for lawsuits, by whoever hosts the material. People
tend to think rather black and white (sure we remove childporn) but there are
other questionable areas. A gay bookshop website? Nudist camp website? Racial
website? ETA website? What (imho) should happen is that whoever wants the
material to be removed, to instantly go to court (Dutch: "Kort geding") and
let a court block the material. The ISP is neither a judge, nor an executioner.
Also, one can block content by filing an injust (but big, as in kilograms of
paper) objection, eg DOS the legal department.
"Where a copy of material is held, it should be done electronically in
the first instance, rather than being printed out. This not only makes
it easier to process the material as necessary, but also avoids having
physical child pornography on the premises."
Doesn't make much sense to me, a physical copy in this case would be less
prone to spread around causing more harm. It makes more sense to encrypt the
entire stack, and give the decryption keys to a notori(sp?) or law agency.
(Also, by splitting up the 'content' and 'crypto-key', not one single agency
can decide anything on its own, and this forces the issue where it belongs,
in court, and the ISP can never be blamed to "help spread" the content,
whether physical or electronical)
"ISPs are advised to ensure that their customer contracts allow the
actions described in this BCP to be taken. Otherwise the situation could
arise where taking action could result in a lawsuit from the customer,
while not taking action could result in a lawsuit from the complainant,
or even a criminal prosecution."
This is "american thinking". We had to go to great length to get a similar
clause removed from our contract with our backbone ISP. If the contract with
client is governed by local law (as it is, and you can state explicitely) then
there is NO NEED for additional clauses in the contract giving "power" to
the ISP, and infact, this "power" only becomes a club where they can beat you
with. "This clause says you will remove material if ......". No. Go to court,
show the ruling. Don't come knocking at the ISP's doors with opinions, hints
or threats. Go to court, get a ruling. (Why do you think all the NIC's apply
this rule, it makes sense!)
"In general, all original artistic and literary works are automatically copyright."
This again shows my point. "In general". Except when the user comes from
Afghanistan, Serbia, or the site is hosted in Saudie, or when the American
writer didn't explicitely claim it, or,....... Don't go for this trap. It's for
a judge to rule, not an ISP. If you have any doubt left, see how copyright,
trademarks and licences are used to halt a chain of liability by doing a
limited/exclusive licence scheme. Don't get involved.
"In general, it is illegal to publish a copyright work without the
permission of the copyright holder. There are a number of specific "fair
use" exemptions in the law, such as short extracts of a work used for
reporting current events, research, reviews, and so on."
"In general" again. The people who wrote this paper KNEW the problems. There
is quite a bit of faur use, and it differs greatly from country to country.
The most important probably is the difference in Europe and the US where in
Europe you can't have fair use without publishing, while in the US that can
be fair use.". Don't get involved, let them go to court.
"Material is regularly copied within and between computers as part of the
processes of computing and the Internet, and material is also retained in
caches for varying lengths of time. Such copying is probably "fair use"."
I wouldn't be so sure. It's pending in one of the many scientology cases,
where scientology claims damages based on the "number of copies", where they
include copies for "loading from disk to ram" and "from browser cache" etc.
If any Scientologist had a CS course, they would have trippled the copies
claimed in that lawsuit. (Contact me for a quote or reference, I have it but
not readily available)
"A reference to a copyright work (e.g. a hyperlink) is not a copy of
that work per se; it is like a bibliographical reference. However,
the link can be presented in such a way as to fool the naive reader,
and then some other tort such as "passing off" might apply."
There are rulings about this, specificly (once again Scientology):
This is also continuing in Sweden right now, see:
http://xenu.xtdnet.nl/court/ for the latest in this case (though only a small
portion is about linking)
(Now is RIPE in violation of deep linking illegal material? According to some
courts (The Dutch), yes it is!)
Also on "kranten.com", a site that deep-linked newspaper websites to work
around banners there was a ruling (in favour of the newspapers AFAIR)
(For Dutch cases, see the following (deep hyperlink :)
or another deep link:
This is also very much in dicsussion regarding linking copyright protected
music and software.
Also, referencing is a key element in the case of Klotenknijper, where
electronical and paper "linking" is involved to determine defamatory
statements (see www.klotenknijper.com)
And then I haven't even touched things as "Google's cache" option, and
other search engines republishing copyrighted works.
"Some software is activated through passwords provided to the end-user by
the supplier on a one-to-one basis. Publishing such a password (e.g. on a
"cracks list") could be viewed as breaching the copyright in the password,
but it is not clear whether the password is an "original work"."
That is not a copyright issue. It's an issue regarding whether it is legal
to reverse engineer, or whether it is allowed to circumvent copyprotection
measures. Even this "obvious" case is under heavy fire in the DVD case,
where this mechanism is used to force people to buy certain software (Windows)
to play DVD's and also limits WHERE they can play their own legal copy (zoning).
There should be lots of links about this at 2600 magazine (www.2600.com) and
the EFF (www.eff.org) who just annoyed their appeal a few days ago.
"Similarly, tools that crack protection on software may contain
copyright material within them, and so be a breach of the copyright
laws. Alternatively they may be actionable as aiding and abetting breach
of these laws."
See the DVD case and zoning. Were these protections legal to begin with? Is
it legal to remove illegal protection? Again, there is one simple rule. "We
are just a provider, come with a court ruling".
Now, what I think is really the worst part of this "best practice":
If the ISP is notified that a web site holds copyright material, or that
a customer is posting copyright material to Usenet, they should contact
the customer requesting one of
evidence that the customer is the copyright holder;
evidence that the customer has permission from the copyright holder;
an explanation of which "fair use" exemption applies;
a written undertaking to remove the material and desist from any such
action in the future.
If a satisfactory response is not received within 5 working days, the
customer's access to the relevant facility should be terminated.
The above paragraph is REALLY bad, both as a freedom of speech issue, and as
a liability issue. Let's cover the last issue first, it is the easiest to
explain with an example. The customer is on vacation for 7 days in a ski resort
in the mountains, without phone and/or internet connectivity. Upon return,
he finds his website censored by the ISP simply because he wasn't there. The
ISP gets sued for infringing the rights of their customer (or if they have
a "safetynet" clause in place, sued for limiting freedom of speech, which cannot
ever be signed away contractually, since it's a fundamental human right)
As for the first issue, it still asumes that an ISP can judge a case based
on either information from the customer or the complainant. Trust me, YOU
CANNOT. Maybe I should make Tshirts for the next RIPE meeting, but "You're just
a provider" and in no way qualified to act as either judge or executioner.
How is your legal department going to judge something Scientology has had up
in court over the last decade, spending millions of dollars on? One simple
single (and cheap) solution. Only act when a court has ruled you to do so.
"Trademarks". Without going in more detail (it's already majorly off-topic)
but for trademarks the exact same thing applies. you cannot, and should not
make a decision.
"Defamation". Now that item is left quite open, while we have the Demon case
pushing this UK law. What happened in the end? What is the status now? Last
I heard Demon UK was helt responsible by a UK court for assisting in defamation
where a US citizen posted a defamatory posting on a US newsserver. That's
interesting because it goes cross country. If one is liable for claims done
in a country for breaking the laws of another country, we're in deep trouble.
The only freedom we would have left is the freedom all nations worldwide agree
on, and I'd love to see what that is, if it includes, europe, the us, cuba,
russia, chian, the saudies, monaco, or even sealand :)
As for Obscene (and always related child pornography, let me refer to a Dutch
case where an exposition of the renowed Holland Festival had an exposition
on "male nudity" that included a photo of American artist Walter Chapell.
Media and lower courts ruled that the photo was child pornography and should
go. (funny detail, this photo was exhibitioned in the US without problems)
( see http://www.google.com/search?q=Walter+Chapell+holland+festival&hl=en&lr=&safe=off)
In short, I don't think ISP's should do anything without a court explicitely
telling them so, and to just assume the common carrier principle as much as
is possible by law. I'm very glad that I could discuss this very openly with
my backbone provider, and that they even allowed the dozen or so contractual
changes we have made both to protect ourselves and free speech.
If you want a really bad example of what happens when ISP's rule, please see
the Flashback fiasco at:
Where UUnet/Worldcom alone decided that it is in our best interest not to
see Flashback magazine, an e-zine with a couple of million Swedish subscribers
on them, which was censored out of all ISP's that had UUnet as backbone or peer
by simple company decree (as opposed to a fair trail) because it was deemed
"inappropriate", while a Swedish legal investigation had concluded it might
be bad taste, but certainly NOT illegal. Welcome to the Corporate State.
Current mirror is at http://fb.provocation.net (184.108.40.206) but seems to
have some problems right now both with Grandcanyon DNS as its connectivity)
Paul "Just a provider" Wouters
Broerdijk 27 Postbus 170 Tel: 31-24-360 39 19
6523 GM Nijmegen 6500 AD Nijmegen Fax: 31-24-360 19 99
The Netherlands The Netherlands info@localhost