As a big lawsuit grinds forward, its parties engage in discovery, a wide-ranging search for information “reasonably calculated to lead to the discovery of admissible evidence.” (FRCP Rule 26(b)) And so Viacom has calculated that scouring YouTube’s data dumps would help provide evidence Viacom’s copyright lawsuit.

According to a discovery order released Wednesday, Viacom asked for discovery of YouTube source code and of logs of YouTube video viewership; Google refused both. The dispute came before Judge Stanton, in the Southern District of New York, who ordered the video viewing records — but not the source code — disclosed.

The order shows the difficulty we have protecting personally sensitive information. The court could easily see the economic value of Google’s secret source code for search and video ID, and so it refused to compel disclosure of that “vital asset,” the “product of over a thousand person-years of work.”

But the user privacy concerns proved harder to evaluate. Viacom asked for “all data from the Logging database concerning each time a YouTube video has been viewd on the YouTube website or through embedding on a third-party website,” including users’ viewed videos, login IDs, and IP addresses. Google contended it should not be forced to release these records because of users’ privacy concerns, which the court rejected.

The court erred both in its assessment of the personally identifying nature of these records, and the scope of the harm. It makes no sense to discuss whether an IP address is or is not “personally identifying” without considering the context with which it is connected. It may not be a name, but is often one search step from it. Moreover, even “anonymized” records often provide sufficiently deep profiles that they can be traced back to individuals, as researchers armed with the AOL and Netflix data releases showed.

Viewers “gave” their IP address and username information to YouTube for the purpose of watching videos. They might have expected the information to be used within Google, but not anticipate that it would be shared with a corporation busily prosecuting copyright infringement. Viewers may not be able to quantify economic harm, but if communications are chilled by the disclosure of viewing habits, we’re all harmed socially. The court failed to consider these third party interests in ordering the disclosure.

Trade secret wins, privacy loses. Google has said it will not appeal the order.

Is there hope for the end users here, concerned about disclosure of their video viewing habits? First, we see the general privacy problem with “cloud” computing: by conducting our activities at third-party sites, we place a great deal of information about our activities in their hands. We may do so because Google is indispensable, or because it tells us its motto is “don’t be evil.” But discovery demands show that it’s not enough for Google to follow good precepts.

Google, like most companies, indicates that it will share data where “We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request.” Its reputation as a good actor is important, but the company is not going to face contempt charges over user privacy.

I worry that this discovery demand is just the first of a wave, as more litigants recognize the data gold mines that online service providers have been gathering: search terms, blog readership and posting habits, video viewing, and browsing might all “lead to the discovery of admissible evidence” — if the privacy barriers are as low as Judge Stanton indicates, won’t others follow Viacom’s lead? A gold mine for litigants becomes a tar pit for online services’ user.

Economic concerns, the cost of producing the data in response to a wave of subpoenas, or reputational concerns, the fear that users will be driven away from a service that leaves their sensitive data vulnerable, may exercise some constraint, but they’re unlikely to be enough to match our privacy expectations.

We need the law to supply protection against unwanted data flows, to declare that personally sensitive information — or the profiles from which identity may be extracted and correlated — deserves consideration at least on par with “economically valuable secrets.” We need better assurance that the data we provide in the course of communicative activities will be kept in context. There is room for that consideration in the “undue burden” discovery standard, but statutory clarification would help both users and their Internet service providers to negotiate privacy expectations better.

Is there a law? In this particular context, there might actually be law on the viewers’ side. The Video Privacy Protection Act, passed after reporters looked into Judge Bork’s video rental records, gives individuals a cause of action against “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider.” (”Video tape” includes similar audio visual materials.) Will any third parties intervene to ask that the discovery order be quashed?

Further, Bloomberg notes the concerns of Europeans, whose privacy regime is far more user-protective than that of the United States. Is this one case where “harmonization” can work in favor of individual rights?

At its 32d International Junket Meeting last week, ICANN’s Board approved the GNSO Council’s recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings.

In the meantime, though, the hype-machine was in full swing, with ICANN calling the move the “Biggest Expansion to Internet in Forty Years” in a newsletter mailing, since corrected. The BBC picked it up as “internet overhaul“; while CNN sent a crawler scrolling. New gTLDs may have value to Internet users, who will get a larger field in which to find memorable stable identifiers, but they’re hardly an “expansion” on the level of broadband rollout or protocol interoperability. Luckily, ICANN doesn’t have much to do with those actual innovations, so it can’t get in their way.

Before we get new generic TLDs, one of the initial purposes behind ICANN’s creation ten years ago, we still have to wait for ICANN’s staff to iron out the application process, including processes for resolving contention between multiple applications for the same string, and objections based on “legal rights of others,” the illusory “generally accepted legal norms relating to morality and public order that are recognized under international principles of law,” or “substantial opposition to it from a significant portion of the community to which the string may be explicitly or implicitly targeted.” (The At-Large Advisory Committee, from which I am non-voting liaison to the ICANN Board, had these comments. I speak only for myself in this blog.)

Then too, we have yet to see the application fees that will be levied upon applicants who wish to run this gauntlet. Even ICANN’s FAQ suggests we won’t be seeing the roll-out until mid 2009. So those of you holding your breath for .blog or .sex might want to relax and check back in a few months.

Remember ACTA, the draft proposed “harmonization” of copyright found on Wikileaks? In keeping with the view that harmonization is a one-way ratchet up, RIAA has some suggestions for the US Trade Representative.

J. Online Infringing Activities

Parties shall:
1. Provide exclusive rights under copyright to unambiguously cover Internet use.
2. Establish appropriate rules regarding liability of service/content providers:
(a) Establishing primary liability where a party is involved in direct infringement; and ensure the application of principles of secondary liability, including contributory liability and vicarious civil liability, as well as criminal liability and abetting if appropriate.
(b) Establishing liability for actions which, taken as a whole, encourage infringement by third parties, in particular with respect to products, components and/or services whose predominant application is the facilitation of infringement.
3. Provide remedies and injunctive relief against any entity that:
(a) Creates or otherwise maintains directories of infringing materials;
(b) Provides “deeplinks” to infringing files;
(c) Commits any act, practice or service that has little or no purpose or effect other than to facilitate infringement, or that intentionally induces others to infringe (specifically allowing proof of “intent” by reference to objective standards–i.e. a reasonable person would surmise such an intent);
4. Require internet service providers and other intermediaries to employ readily available measures to inhibit infringement in instances where both legitimate and illegitimate uses were facilitated by their services, including filtering out infringing materials, provided that such measures are not unduly burdensome and do not materially affect the cost or efficiency of delivering legitimate services;
5. Require Internet service providers or other intermediaries to restrict or terminate access to their systems with respect to repeat infringers.
6. Establish liability against internet service providers who, upon receiving notices of infringement from content provides via e­mail, or by telephone in cases of pre-release materials or in other exigent circumstances, fail to remove the infringing content, or access to such content, in an expeditious manner, and in no case more than 24 hours; or
Provide that, in the absence of proof to the contrary, an internet service provider shall be considered as knowing that the content it stores is infringing or illegal, and thus subject to liability for copyright infringement, after receiving notification from the right holder or its representative, normally in writing, including by email or by telephone in the case of pre-release materials or in other exigent circumstances.
7. Establish, adequately fund and provide training for a computer crimes investigatory unit.
8. Provide injunctive relief against intermediaries whose services are used for infringing activities regardless of whether damages are available.
9. Establish policies against the use of government networks and computers, as well as those networks and computers of companies that have government contracts, to prevent the use of such computers and networks for the transmission of infringing materials, including a ban on the installation of p2p applications except, and to the extent to which, some particular government use requires such installation.
10. Consideration to be given to the following: possible rules on data retention, the right to information giving right holders access to data held by ISPs in the preparation and course of proceedings including in civil proceedings, and availability of complete and accurate WHOIS data

RIAA’s proposal is a compendium of everything they dislike about rulings that have gone against them: the lack of a “making available” right (Atlantic v. Howell); the requirement of knowledge before non-volitional actors such as ISPs can be held liable (RTC v. Netcom); the provisions of safe-harbor that let ISPs avoid liability (17 USC 512); the limitation of vicarious liability to situations where the proprietor has a right and ability to control; the possibility that non-infringing use could save a technology with infringing uses (Betamax); the status of hyperlinks (Perfect 10 v. Amazon).

Add in codification of stronger versions of rulings they like such as Grokster, and you’ve got a prescription for utterly insane copyright law! As the LA Times’ Jon Healy puts it, the RIAA’s ACTA would turn ISPs into enforcers, when they should be simple conduits.

Let’s hope enough ISPs, tech companies, public interest groups, libraries, educators, and friends can keep this RIAA wishlist from becoming our nightmare. We should start a corresponding wish-list, extravagant but alternate-universe plausible, would include on the other side. I’d start with:

What could be bad about free wireless Internet access? How about censorship by federally mandated filters that make it no longer “Internet.” That’s the effect of the FCC’s proposed service rules for Advanced Wireless Service spectrum in the 2155-2180 MHz band, as set out in a July 20 Notice of Proposed Rulemaking.

Acting on a request of M2Z Networks, which wants to provide “free, family-friendly wireless broadband,” the FCC proposes to require licensees of this spectrum band to offer free two-way wireless broadband Internet service to the public, with least 25% of their network capacity. So far so good, but on the next page, the agency guts the meaning of “broadband Internet” with a content filtering requirement. Licensees must keep their users from accessing porn:

§ 27.1193 Content Network Filtering Requirement.
(a) The licensee of the 2155-2188 MH band (AWS-3 licensee) must provide as part of its free broadband service a network-based mechanism:

(1) That filters or blocks images and text that constitute obscenity or pornography and, in context, as measured by contemporary community standards and existing law, any images or text that otherwise would be harmful to teens and adolescents. For purposes of this rule, teens and adolescents are children 5 through 17 years of age;

(2) That must be active at all times on any type of free broadband service offered to customers or consumers through an AWS-3 network. In complying with this requirement, the AWS-3 licensee must use viewpoint-neutral means in instituting the filtering mechanism and must otherwise subject its own content—including carrier-generated advertising—to the filtering mechanism.

(b) The AWS-3 licensee must:

(1) inform new customers that the filtering is in place and must otherwise provide on-screen notice to users. It may also choose additional means to keep the public informed of the filtering, such as storefront or website notices;

(2) use best efforts to employ filtering to protect children from exposure to inappropriate material as defined in paragraph (a)(1). Should any commercially-available network filters installed not be capable of reviewing certain types of communications, such as peer-to-peer file sharing, the licensee may use other means, such as limiting access to those types of communications as part of the AWS-3 free broadband service, to ensure that inappropriate content as defined in paragraph (a)(1) not be accessible as part of the service.

There are clear First Amendment problems with government-mandated filtering of lawful speech. The Supreme Court reminded us that a decade ago, striking the Communications Decency Act, the first unconstitutional effort to censor the Net. It’s still lawful for adults to view and share non-obscene pornography, and still unlawful for the government to restrict adults from doing so. But this rule digs deeper architectural problems too.

Like or hate lawful pornography, we should be disturbed by the narrow vision of “Internet” the filtering rule presupposes, because you can’t filter “Internet,” you can only filter “Internet-as-content-carriage.” This filtering requirement constrains “Internet” to a limited subset of known, filterable applications, ruining the platform’s general-purpose generativity. No Skype or Joost or Slingbox; no room for individual users to set up their own services and servers; no way for engineers and entrepreneurs to develop new, unanticipated uses.

Why? To block naked pictures among the 1s and 0s of Internet data, you need first to know that a given 11010110 is part of a picture, not a voice conversation or text document. So to have any hope of filtering effectively, you have to constrain network traffic to protocols you know, and know how to filter. Web browsing OK, peer-to-peer browsing out. You’d have to block anything you didn’t understand: new protocols, encrypted traffic, even texts in other languages. (The kids might learn French to read “L’Histoire d’O,” quelle horreur!) “Should any commercially-available network filters installed not be capable of reviewing certain types of communications, such as peer-to-peer file sharing, the licensee may use other means, such as limiting access to those types of communications as part of the AWS-3 free broadband service, to ensure that inappropriate content … not be accessible as part of the service.”

The Internet isn’t just cable television with a few more channels. It’s a platform where anyone can be a broadcaster – or a game devleoper, entrepreneur, activist, purchaser and seller, or inventor of the next killer app. Mandated filtering is the antithesis of dumb-pipe Internet, forcing design choices that limit our inventive and communicative opportunity.

Edit M2Z’s prepared text to just say no to filterband.

See also Scott Bradner, David Weinberger, Persephone Miel.

The Scientology critic known as “Wise Beard Man” returned to YouTube this week after successfully filing counter-notifications to copyright claims that had earlier been made against his account. The takedown and delayed return illuminate another of the lesser-known shoals of the DMCA safe harbor, the 512(i)(1)(A) “repeat infringers” consideration.

As Mark Bunker, the critic, describes it, he had initially set up a YouTube account under the name XenuTV, where he posted clips including commentary on Scientology. Some of these clips came from other sources, and two of them attracted DMCA takedown requests from Viacom, for “Colbert Report” clips in which Stephen talked about Scientology. These might well have been fair use, or he might have chosen to remove them, but as Bunker says, “Before I could act on the takedown notices and remove the offending clips, the accounts were canceled.”

Bunker began using a second YouTube account, XenuTV1, posting only clips of entirely his own material. His advice to the “Anonymous” critics made him a sort of elder statesman to the movement, and his account attracted over 10,000 subscribed viewers.

In April, however, this second account was abruptly canceled. Apparently, YouTube had discovered that it was Mr. Bunker’s second, after a canceled first, and interpreted the DMCA to compel termination of this second account.

The provision they were invoking was 512(i)(1)(A), which sets some conditions for service provider eligibility for shelter in the DMCA safe harbor:

“The limitations on liability established by this section shall apply to a service provider only if the service provider—
(A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers”

Now the DMCA does not define “repeat infringers,” and no cases have yet done so, so it’s left to ISPs to determine how to do so. Copyright claimants urge that two takedown notices make someone a “repeat infringer” whose account must be terminated (let’s hope it’s just the account, and not the subscriber himself!). In contrast, noted copyright scholar and attorney David Nimmer suggests that the provision should be construed strictly, to require “repeat infringer” sanctions only against those who have more than once been found liable for copyright infringement after legal proceedings. Nimmer, Repeat Infringers, 52 J. Copyright Soc’y 167 (2005). Nimmer also notes that unless “repeat” is limited to the service at issue, all the major motion picture studios would be ineligible for online posting accounts, since all have had multiple copyright infringement judgments rendered against them.

Nor does the DMCA define “appropriate circumstances” for account termination, so mitigating factors might well be raised against the termination of any particular account. The DMCA pre-condition is open to interpretation.

It appears, however, that YouTube determined that the two Viacom notices (Feb. 2, 2007, and Jan. 15, 2008) levied against Mr. Bunker’s XenuTV account marked him as a “repeat infringer.” Therefore, to maintain safe-harbor eligibility, YouTube felt compelled to terminate the second account, XenuTV1, upon recognizing that it was the same individual. Notwithstanding a complete absence of copyright claims against the XenuTV1 account, YouTube apparently concluded the risks of continuing to host the marked “repeat infringer” were too great.

Notably, 512(i) is a general precondition to the safe-harbor. Failure to “adopt[] and reasonably implement[]” a repeat infringers policy in one instance could be used against a provider as an argument to deny it the benefits of safe-harbor protection in an entirely unrelated case. YouTube’s risk calculation in responding to Mr. Bunker’s accounts, therefore, was not merely whether Viacom would sue over the Colbert clips Mr. Bunker had posted and YouTube removed, but whether entirely different copyright holders, complaining about other accounts’ postings, would invoke a failure to remove Mr. Bunker’s account as non-compliance with the DMCA’s eligibility requirements and seek to hold YouTube liable for other users’ infringements.

Mr. Bunker’s story concludes successfully, however, thanks in part to Viacom’s good sense. YouTube invited Mr. Bunker to file counter-notifications for the Viacom clips, and he did so in mid-May, asserting that the “mistake or misidentification of the material” was in not recognizing its use as fair. Viacom’s acceptance of the counter-notifications allowed YouTube to remove the “infringer” stain from Mr. Bunker’s account. For his part, Mr. Bunker says he was supported in his counter-notifications by the public messages of support and group effort to contact YouTube and Viacom to lay the groundwork, including those of VictoireFlamel and The Masked Analyst, who has a series of videos explaining the DMCA and counter-notification. Bunker reports that Viacom’s attorneys said they “wouldn’t be hard-nosed about fair use clips.”

Ten to 14 days after the counter-notification, therefore, when Viacom did not go to court to press its original copyright infringement claims, YouTube allowed the XenuTV accounts’ reinstatement.

While Mr. Bunker’s story ends happily for fair use, another story this week illustrates the danger of taking DMCA notifications as the mark of “repeat infringement”: University of Washington researchers reported getting DMCA takedowns against their laser printers, allegedly for sharing copies of “Iron Man” and “Indiana Jones.” MPAA agents sent DMCA notices without any verification that material was available from the accused IP addresses, much less that the materials infringed copyright. Meanwhile, universities report that they get DMCA takedowns alleging infringement by “shared folders” even when filters such Audible Magic make sharing impossible by blocking any transmission of files.

If the DMCA as a whole is to have any coherence, providers shouldn’t lose DMCA protection or subscribers lose their hosting based on such flimsy allegations.

The New York Times has a nice editorial today on the Supreme Court’s denial of cert to the MLB’s claims to own fantasy baseball. That leaves the case where the Eighth Circuit did, saying that fantasy leagues created around major-league baseball facts are fair game, not the property of MLB. Great to see a major new outlet weighing in against the expansionary claims:

In recent years, corporations have been aggressively pushing the bounds of intellectual property — extending the length of copyrights to unreasonable lengths, for example, and patenting seeds. In the case of fantasy baseball, the courts have rightly cried foul.

The biggest fantasy in this case was Major League Baseball’s claim that its fans should pay to talk about the game.

In another editorial closer to home, Professor and Berkman Fellow Harry Lewis criticizes copyright’s encroachment on education and culture in the Harvard Crimson.

We talk a lot about the ways intellectual property stifles innovation once it attaches — the patent thickets created when dozens of companies claim rights to parts of the same widget-process, the hindrance to free expression and commentary posed by copyright clams to political imagery or culture — but lately, I’ve been wondering about the burdens of incipient intellectual property: when the vague promise of some potential future IP right causes people to share less and develop less value than optimal.

Incipient intellectual property is the false promise that “you might be the next big star,” that keeps some artists from appreciating the intermediate audience-building possibilities of Creative Commons licenses. It’s the remote prospect of patent that keeps scientists from publishing early-stage findings or sharing with potential collaborators lest they statutorily bar themselves from patenting later.

Does the possibility of outsize exclusive benefits from the IP lottery blind people to the much greater shared benefits of openness?

Berkman@10 was wonderfully Twittered, Flickrd, and blogged, with technology enhancing the in-person connections.

Next stop, CFP.

As reported on Valleywag and picked up by Slashdot, Sony BMG has been testing an alternative to copyright takedowns of unauthorized music videos on YouTube: inserting a link to the band’s official page instead.

An eagle-eyed Valleywag tipster with a taste for Modest Mouse spotted an interesting new feature on YouTube. Uploads of music videos from the band by non-official sources now carry a link reading “Contains content from Sony BMG,” which leads users to the official Modest Mouse page on the site.

Commenter Mr. E discovers that the “claim” link is added automatically, by Google’s YouTube Video ID Tool, when a matching video is spotted on upload. Emphasis added:

Dear YouTube Member:

Sony/BMG has claimed some or all visual content in your video Float On. This claim was made as part of the YouTube Content Identification program.

Your video is still live because Sony/BMG has authorized the use of this content on YouTube. As long as Sony/BMG has a claim on your video, they will receive public statistics about your video, such as number of views. Viewers may also see advertising on your video’s page.

Sony/BMG claimed this content as a part of the YouTube Content Identification program. YouTube allows partners to review YouTube videos for content to which they own the rights. Partners may use our automated video / audio matching system to identify their content, or they may manually review videos.

Sincerely,
The YouTube Content Identification Team

This sounds like a promising development, a less intrusive means of copyright policing than the flat DMCA takedown. Might Sony be recognizing that fan appreciation is a good thing, to be nurtured into compensation rather than squelched with takedowns? As of Thursday morning, the Modest Mouse channel has been viewed 77,808 times, and this particular “Float On” video, with associated Sony ads, more than one million times. I can only hope the more nuanced approach succeeds without becoming too intrusive to the viewers or the host site.

As one of those who knew the Berkman Center before it was “Berkman,” I’m particularly pleased to be helping to celebrate its 10th Anniversary season.

When we launched “The Berkman Center for Internet & Society” in 1998, some wondered whether we were just talking about the “law of the horse,” but the intervening 10 years have shown us that horse has legs. The Internet’s distributed communication systems have taught us something new about speech, creativity, and culture — showing the economic flourishing of all these in a distributed, open network.

Berkman’s founding visionary, Charlie Nesson, recognized openness as a core principle early, and others have gradually caught on: freedom at the core means more opportunities to generate value elsewhere in the network. Free software supports better-specialized hardware, user-optimized development, and electronic commerce. Open-access non-discriminatory networks support both commerce and communities.

The challenge for the next 10 years will be to preserve that openness. Join us in person or online as we work to meet that challenge!