EFF calls for reforms - to the reforms !

As the CopyKat reported earlier this week, the technology sectors are continuing their assault on planned reforms to EU Copyright law, and now the Electronic Frontiers Foundation has joined the likes of Google, YouTube and Facebook in criticising the planned copyright law reforms. In a letter the EFF say has been sent to everyone involved in the upcoming "Trilogues", the meetings held between representatives from European national governments, the European Commission, and the European Parliament, Cory Doctorow argues that the reforms contained in Articles 11 and 13 of the Copyright Directive are "ill considered and have no place in the Directive", concluding that instead of effecting some "piecemeal fixes to the most glaring problems", the Trilogue takes a simpler approach, and removes them from the Directive altogether. 

Having previously opined that the vote in the European Parliament that passed the draft Directive "brought the EU much closer to a system of universal mass censorship and surveillance, in the name of defending copyright" and that Articles 13 and 11 would create "upload filters" and the “link tax”, the EFF's views are perhaps unsurprising - you can make of the points raised as you will, as the letter is set out in full is below:

The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. We are supported by over 37,000 donating members around the world, including around three thousand within the European Union.

We believe that Articles 11 and 13 are ill-considered and should not be EU law, but even stipulating that systems like the ones contemplated by Articles 11 and 13 are desirable, the proposed text of the articles in both the Parliament and Council texts contain significant deficiencies that will subvert their stated purpose while endangering the fundamental human rights of Europeans to free expression, due process, and privacy.

It is our hope that the detailed enumeration of these flaws, below, will cause you to reconsider Articles 11 and 13's inclusion in the Directive altogether, but even in the unfortunate event that Articles 11 and 13 appear in the final language that is presented to the Plenary, we hope that you will take steps to mitigate these risks, which will substantially affect the transposition of the Directive in member states, and its resilience to challenges in the European courts .

Article 13: False copyright claims proliferate in the absence of clear evidentiary standards or consequences for inaccurate claims.

Based on EFF’s decades-long experience with notice-and-takedown regimes in the United States, and private copyright filters such as YouTube's ContentID, we know that the low evidentiary standards required for copyright complaints, coupled with the lack of consequences for false copyright claims, are a form of moral hazard that results in illegitimate acts of censorship from both knowing and inadvertent false copyright claims.

For example, rightsholders with access to YouTube's ContentID system systematically overclaim copyrights that they do not own. For instance, the workflow of news broadcasters will often include the automatic upload of each night's newscast to copyright filters without any human oversight, despite the fact that newscasts often include audiovisual materials whose copyrights do not belong to the broadcaster – public domain footage, material used under a limitation or exception to copyright, or material that is licensed from third parties. This carelessness has predictable consequences: others — including bona fide rightsholders — who are entitled to upload the materials claimed by the newscasters are blocked by YouTube and have a copyright strike recorded against them by the system, and can face removal of all of their materials. To pick one example, NASA's own Mars lander footage was broadcast by newscasters who carelessly claimed copyright on the video by dint of having included NASA's livestream in their newscasts which were then added to the ContentID database of copyrighted works. When NASA itself subsequently tried to upload its footage, YouTube blocked the upload and recorded a strike against NASA.

In other instances, rightsholders neglect the limitations and exceptions to copyright when seeking to remove content. For example, Universal Music Group insisted on removing a video uploaded by one of our clients, Stephanie Lenz, which featured incidental audio of a Prince song in the background. Even during the YouTube appeals process, UMG refused to acknowledge that Ms. Lenz’s incidental inclusion of the music was fair use – though this analysis was eventually confirmed by a US federal judge. Lenz's case took more than ten years to adjudicate, largely due to Universal's intransigence, and elements of the case still linger in the courts.

Finally, the low evidentiary standards for takedown and the lack of penalties for abuse have given rise to utterly predictable abuses. False copyright claims have been used to suppress whistleblower memos detailing flaws in election security, evidence of police brutality, and disputes over scientific publication.

Article 13 contemplates that platforms will create systems to allow for thousands of copyright claims at once, by all comers, without penalty for errors or false claims. This is a recipe for mischief and must be addressed.

Article 13 Recommendations

To limit abuse, Article 13 must, at a minimum, require strong proof of identity from those who seek to add works to an online service provider's database of claimed copyrighted works and make ongoing access to Article 13's liability regime contingent on maintaining a clean record regarding false copyright claims.

Rightsholders who wish to make copyright claims to online service providers should have to meet a high identification bar that establishes who they are and where they or their agent for service can be reached. This information should be available to people whose works are removed so that they can seek legal redress if they believe they have been wronged.

In the event that rightsholders repeatedly make false copyright claims, online service providers should be permitted to strike them off of their list of trusted claimants, such that these rightsholders must fall back to seeking court orders – with their higher evidentiary standard – to effect removal of materials.

This would require that online service providers be immunised from Article 13's liability regime for claims from struck off claimants. A rightsholder who abuses the system should not expect to be able to invoke it later to have their rights policed. This striking-off should pierce the veil of third parties deputised to effect takedowns on behalf of rightsholders ("rights enforcement companies"), with both the third party and the rightsholder on whose behalf they act being excluded from Article 13's privileges in the event that they are found to repeatedly abuse the system. Otherwise, bad actors ("copyright trolls") could hop from one rights enforcement company to another, using them as shields for repeated acts of bad-faith censorship.

Online service providers should be able to pre-emptively strike off a rightsholder who has been found to be abusive of Article 13 by another provider.

Statistics about Article 13 takedowns should be a matter of public record: who claimed which copyrights, who was found to have falsely claimed copyright, and how many times each copyright claim was used to remove a work.


Article 11: Links are not defined with sufficient granularity, and should contain harmonised limitations and exceptions.

The existing Article 11 language does not define when quotation amounts to a use that must be licensed, though proponents have argued that quoting more than a single word requires a license.

The final text must resolve that ambiguity by carving out a clear safe-harbor for users, and ensure that there’s a consistent set of Europe-wide exceptions and limitations to news media’s new pseudo-copyright that ensure they don’t overreach with their power.

Additionally, the text should safeguard against dominant players (Google, Facebook, the news giants) creating licensing agreements that exclude everyone else.

News sites should be permitted to opt out of requiring a license for inbound links (so that other services could confidently link to them without fear of being sued), but these opt-outs must be all-or-nothing, applying to all services, so that the law doesn’t add to Google or Facebook's market power by allowing them to negotiate an exclusive exemption from the link tax, while smaller competitors are saddled with license fees.

As part of the current negotiations, the text must be clarified to establish a clear definition of "noncommercial, personal linking," clarifying whether making links in a personal capacity from a for-profit blogging or social media platform requires a license, and establishing that (for example) a personal blog with ads or affiliate links to recoup hosting costs is "noncommercial."

In closing, we would like to reiterate that the flaws enumerated above are merely those elements of Articles 11 and 13 that are incoherent or not fit for purpose. At root, however, Articles 11 and 13 are bad ideas that have no place in the Directive. Instead of effecting some piecemeal fixes to the most glaring problems in these Articles, the Trilogue take a simpler approach, and cut them from the Directive altogether.

Thank you,

Cory Doctorow
Special Consultant to the Electronic Frontier Foundation

https://www.eff.org/deeplinks/2018/10/whats-next-europes-internet-censorship-plan-0

Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market  COM(2016)593

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52016PC0593

http://the1709blog.blogspot.com/2018/06/whats-all-fuss-about-eu-copyright.html

The Digital Economy Act is in line with EU law, says the Court of Appeal

It's not always easy to understand
how "digital economy" works

Yesterday the Court of Appeal for England and Wales published its 115-paragraph decision in judicial review proceedings concerning -- inter alia -- the compatibility of the online infringement of copyright provisions of the UK's controversial Digital Economy Act 2010 ("DEA") with a number of EU directives (earlier posts on this story here and here).

Background

Telecom companies and ISPs BT and TalkTalk had asked Arden, Richards and Patten LJJ to overturn the 2011 decision of Kenneth Parker J of the High Court. Their appeal was, however, unsuccessful, since Richards LJ, giving judgment for the court, found that the decision of the High Court was "extremely thorough, clear and cogent".


As is well known, the DEA had inserted new sections 124A to 124N into the Communications Act 2003 as a response to the growing problem of subscribers to internet services who were infringing copyright by uploading and accessing material online. These provisions impose "initial obligations" on ISPs to notify subscribers of copyright infringement reports received from copyright owners, and to provide copyright infringement lists to copyright owners, if an "initial obligations code" is in force. These also provide for the possible future introduction of additional "technical obligations" on ISPs, together with a "technical obligations code". 

This case was concerned, however, only with the initial obligations, the initial obligations code and the related provisions as to costs. More specifically, BT and TalkTalk had been granted permission to appeal the decision of the High Court on grounds which covered four areas:

(1) whether the contested provisions should have been notified to the EU Commission in draft pursuant to Directive 98/34 ("the Technical Standards Directive"), with the result that they are unenforceable for want of notification

(2) whether the contested provisions are incompatible with provisions of Directive 2000/31 ("the E-Ccommerce Directive").

(3) whether the contested provisions are incompatible with provisions of Directive 95/46 ("the Data Protection Directive") and/or of Directive 2002/58 ("the Privacy and Electronic Communications Directive").

(4) whether the contested provisions are incompatible with provisions of Directive 2002/20 ("the Authorisation Directive" or "the AD").

The response of the Court of Appeal

(1) the Technical Standards Directive

The broad aim of the notification requirement under Article 8(1) of the Technical Standards Directive is to enable the Commission and other Member States to comment on draft legislation and for those comments to be taken into account, as Article 8(2) requires them to be, in the subsequent preparation of the technical regulation itself. 

Richards LJ rejected this first ground of appeal, in that (paras 39 and 42)

"the key question is whether the legislation in issue [ie the DEA] has "legal effects of its own" ...: the fact that the legislation refers to further rules which have not yet been made will not prevent it from being a technical regulation if the legislation itself has legal effects. Unless it has actual legal effects, the legislation is not capable of impacting on those seeking to exercise the freedom of movement of services or other freedoms ... The judge was right to find that the contested provisions do not have the "legal effects" described by the [CJEU]'s case-law. The "initial obligations" of ISPs under sections 124A and 124B are conditional on there being a code in force under section 124C or 124D. The word "if" in section 124A(2) is important, even though the provisions contemplate that there must in due course be a code: until such time as the Code comes into being, the provisions impose no obligations on ISPs. Moreover the Code is to be made for the purpose of regulating the initial obligations, and the scope of those obligations will be dependent on the detailed content of the Code. Whilst the statute prescribes various basic features of the Code, it leaves very considerable freedom for the working out of the detail."

(2) the Ecommerce Directive

Good old times times when
service providers didn't have to worry
about the Digital Economy Act ...

The appellants had advanced a twofold case of breach of the Ecommerce Directive: (1) that the effect of the contested provisions was to render ISPs potentially "liable for the information transmitted", contrary to Article 12 of the Directive; and (2) that the contested provisions amount to restrictions on the freedom to provide information society services from other Member States, "for reasons falling within the co-ordinated field", contrary to Article 3 of the Directive. 

Richards LJ rejected this ground of appeal too, in that the High Court was right when it held that liability "for the information transmitted" as per Article 12 of the Directive is a carefully delineated and limited concept. As regards copyright material, this language broadly contemplates a scenario in which a person other than the ISP has unlawfully placed the material in the public domain or has unlawfully downloaded such material, and a question then arises whether the ISP, putatively a mere conduit for the transmission of the information, also incurs a legal liability in respect of the infringement. That liability could take the form of a fine (in criminal or regulatory proceedings) or damages or other compensation payable to the copyright owner, or some form of injunctive relief. The liability could be joint and several with the other person, or it could simply be a default liability if the other person could not be found, or was not worth pursuing, or was insolvent.

Nothing in the liabilities of ISPs under the DEA is such as to render them "liable for the information transmitted" within Article 12(1) of the Ecommerce Directive. In relation to Article 12(3) of the Directive, Kenneth Parker J was right when he found that (para 58)

"it is conceivable that the copyright owner might in certain cases be able to draw the attention of the ISP to the fact of a present infringement, or to the likelihood of a specific infringement occurring in the future, and to invite the ISP to terminate or prevent such an infringement. In these circumstances, if the ISP was liable to terminate or prevent the present or future infringement, a real question could arise as to whether the ISP was being made liable 'for the information transmitted', or was rather simply coming under an obligation to use its technical facilities to terminate or prevent an infringement, in respect of the information transmitted, committed by another person. The 'careful balance' struck by the Community legislator settles that issue, and removes all uncertainty, by allowing Member States to authorise the courts or competent administrative authority to order the ISP to terminate or prevent the infringement, so long as the ISP is not made liable (by way of fine or compensation) in respect of the infringement itself".

The High Court was right also when rejected the claim based on Article 3 of the Ecommerce Directive.

(3) the Data Protection Directive and the Privacy and Electronic Communications Directive

... or data protection issues

Article 8(2) of the Data Protection Directive, which relates to the processing of special categories of data expressly allows the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life, when this relates to exercise or defence of legal claims.

Richards LJ agreed with the conclusions of Kenneth Parker J that the processing of data by the copyright owners, ie the processing involved in their identifying apparent infringements, together with relevant IP addresses and subscriber details, for the purpose of compiling copyright infringement reports would be compatible with the Directive.

Indeed, Richards LJ found that (para 77)

"the processing [of personal data] is plainly necessary for the establishment, exercise or defence of legal claims even if the beneficial consequence of the sending of a notification by the ISP pursuant to a copyright information request will be that in the majority of cases the infringing activity ceases and no further action is required." 

Richards LJ also rejected the claim based on the Privacy and Electronic Communications Directive. The data processed pursuant to the contested provisions in the DEA are "traffic data" as defined in Article 2 of the Directive, namely "any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof". Articles 5 and 6 of the directive impose obligations on Member States in relation to such matters as the confidentiality of traffic data, subject in each case to the derogation in Article 15(1), which provides that Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Articles 5 and 6 of the Directive.To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period, also for the protection of property rights, including copyright.

(4) the Authorisation Directive

The aim of the Directive was to implement an internal market in electronic communications networks and services through the harmonisation and simplification of authorisation rules and conditions in order to facilitate their provision throughout the European Union. To this end, it provides in part for schemes of "general authorisation" which allow any person who wishes to provide electronic communications networks and services to do so in accordance with a publicly available set of conditions. Such schemes replaced individual licensing arrangements which were commonly found in national systems of regulation and which could create significant barriers to new entrants. In the UK, Ofcom has drawn up and published "General Conditions of Entitlement" in accordance with the Directive. 

The main issue under ground 4 was whether the contested provisions in the DEA are required to form part of a general authorisation and, if so, whether they impose conditions permitted within a general authorisation. The Court of Appeal rejected the claim.

A final area of complaint related to the proposed exclusion of smaller ISPs and mobile network operators from the scope of the initial obligations and the associated costs. Also this claim was rejected.

Conclusion

In dismissing the appeal, Richards LJ also refused to make a reference to the CJEU, in that, as previously stated by Kenneth Parker J, 

"the questions of European Union law raised by this judicial review admit of clear answers, and I do not believe that any useful purpose would be served by my making a reference" (para 112).

As to the costs, Richard LJ said that ISPs will have to pay 25% of the qualifying costs incurred by media regulator Ofcom in running and setting up an appeals body for alleged illicit filesharers. He also confirmed that the ISPs should pay 25% of relevant costs, which are operating fees incurred when identifying which subscribers are accused of illegal downloading. However, the Court of Appeal overturned the decision of the High Court which had said that the ISPs have to pay 25% of case fees which are charged by the proposed appeals body. Finally, the Court of Appeal ruled that BT and TalkTalk must pay 93% of the costs of the legal challenge. 

Press coverage of the decision here, here and here.