Expelliamus!

JK Rowling has recently won a privacy ruling on behalf of her son.

David Murray, now 5, was the subject of covertly taken photographs when aged 19 months, when out with his mother on a public street. Joanne Murray and her husband objected to this on the basis that it was an intrusion into David’s right to privacy. When summarizing the reasons for endorsing their case, Master of the Rolls Anthony Clarke stated “if a child of parents who are not in the public eye could reasonably expect not to have photographs of him published in the media, so too should the child of a famous parent”.

This effectively overturns an earlier judgment that David had no arguable case that he had a right to privacy in a public place. It opens the door to further legal action, rather than being a conclusive result.

This case is also interesting in that it further bolsters the view that a breach of the right to privacy could automatically lead to a breach of the data protection act. If the right to privacy is breached, then use of that personal data may also constitute ‘unlawful and unfair’ use of a person’s personal data.

My opinion is that, at a simple level, this judgment is potentially a helpful clarification of the existing law of privacy in a specific context. The judgment does not extend the existing right to privacy. Rather it looks at the right to privacy afforded to the children of celebrities. J K Rowling was not trying to secure a ruling that she should be afforded a right to privacy in a public place, rather she was trying to secure a ruling that her child should not be subject to any more intrusion than any other child, notwithstanding her celebrity status.

The case will now proceed to full trial (assuming the parties do not settle) in due course.

Where there be film, there be pirates

Domestic bliss is regularly interrupted in this Naked Lawyer's house whenever we rent a DVD and have to sit through the opening sequences. You know the ones I mean – “you wouldn’t steal a [car/handbag/puppy]”, “piracy is a crime”, “you won’t get a warranty on a pirate DVD”… (all perfectly true). But hang on: “Piracy is stealing” (and this is where I start to rattle my popcorn and shout at the screen) – no it’s not! Call me a picky lawyer (ok, I admit it), but surely “stealing” refers to the offences set out in the Theft Acts – that is, broadly, depriving someone of something tangible that belongs to them. It does not refer to copyright infringement, and the Act that sets out the infringement offences certainly does not use the language of “stealing” and “theft”. Copyright infringement does not, at its heart, involve the taking of tangible property – the whole point is that copyright is an intangible right which can only be misused (or “infringed”) by others, not put in a sack and slung over your shoulder.

Now the film industry (along with the music and software industries) would have you believe that copyright infringement is theft because you are “stealing” the money that would otherwise have been paid to them if someone had bought a genuine copy of the film/song/application rather than a pirate one. This has always seemed to me to be a gross oversimplification. Just because someone buys a fake DVD doesn’t mean, had they not been able to do so, they would have otherwise bought the real deal. In fact, I would have thought that many people simply don’t want to pay the higher prices of the genuine copies and so, if they can’t get cheaper pirate ones, may not bother at all. In any event, the loss of a chance for the film company to make some money (ie. because someone already has a fake DVD) is not the same thing as stealing money the film company already has in its bank account.

Clearly, given my profession, I would not advocate piracy or condone the distribution of fake DVDs. But I do object to the inaccurate marketing used by film makers to try to prevent it. Yes, the public should be educated as to the ownership of rights in films and what they are and are not entitled to do with their copies. But they should not be subject to veiled references to crimes which do not apply and which, to me, look like unnecessary scaremongering.

And with that, I’ll put the popcorn back down.

Is it bad Phorm?

We’ve probably all heard recent reports about Phorm’s “Webwise and Open Internet Exchange” products. These employ a technology which utilizes ISP data to target users with tailored advertising; ISPs with whom Phorm has done a deal so far include Virgin, TalkTalk and BT. As Virgin is my provider, my immediate reaction to hearing the news was indignation at the thought of being snooped on in this way, not to mention misery at the thought of my screen being flooded with still more unwanted ads.

The Foundation for Information Policy Research, in an open letter to the Information Commissioner’s Office (“ICO”), gave voice to some of the same fears. It argued, in particular, that the use of the software would entail breach of the Data Protection Act 1998 because it would involve “sensitive personal data” such as search terms used (which would reveal details of things like political, religious, sexual preferences and health issues). If the Phorm software does indeed entail the “processing” of sensitive personal data, it would find itself having to comply with the data protection regime of notification and consent.

There are two other potential legal angles for Phorm to worry about; The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“Privacy Regulations”) and the Regulation of Investigatory Powers Act 2000 ("RIPA 2000").

The Privacy Regulations apply to commercial communications made by email, fax or phone. They require users to be informed if cookies are stored on their computers and to be given the opportunity to stop the storage. They also require ISPs to get customer consent before they use their traffic data to market their services. RIPA 2000 regulates the interception of communications without prior informed consent; for these purposes, web-hosts are deemed to be “communicating” their web pages to the end user.

In response to these concerns, the ICO last month issued a press statement analyzing whether the technology Phorm proposes complies with the data protection and privacy laws; it declined to comment on RIPA 2000 since the Home Office has responsibility for enforcement of that law.

On the data protection point, the ICO said that the Phorm technology did not involve the processing by Phorm of personal data. This is because each user profile built by the software is based on a randomly allocated identification number which is held only on the user's terminal and by Phorm itself and it is impossible for its employees to locate particular user ID profiles on its system. However, the ICO acknowledged the possibility that the ISP itself, which undertakes the actual profiling of users, might be able to link particular user profiles with their IP addresses leading to the creation of a data trail by which it might be possible to identify individuals. If so, ISPs who handle Phorm profiles may be processing personal data. However, Phorm intends to ensure compliance with data protection act rules by presenting users with an unavoidable statement about the software and asking whether they wish to be involved in its use; that users will have easy access to information on how to change their mind about opting in; and that they will be free to opt in or out of Phorm at any point. This statement will also contain the required information about cookies as is required by the Privacy Regulations.

So far, it was looking good for Phorm, until that part of the ICO statement which states that, in order to comply with the Privacy Regulations' rules on obtaining user consent to use of their internet traffic data, Phorm will probably have to operate its system on an "opt-in" basis, so as to ensure that it has users' consent to the use of their traffic data to provide value-added services and profile-driven marketing. This was not what Phorm wanted, having hoped to get the ICO's blessing for a mere "opt-out" clause (which would deem all users to have given consent unless they expressly withheld it).

This is obviously a commercial disincentive which is likely to much reduce the number of users whose usage can legally be tracked in order to target advertising. If required to actively sign up to “targeted marketing” then users are instinctively likely to decline the offer, unless Phorm can really persuade us all that opting in would replace the irrelevant advertising we have to submit to already rather than adding even more advertising to the web page than there is at the moment.

One also wonders why websites would want to sign up for the software which is quite likely to more accurately push their competitors’ sites in front of their customers? For example, if I mainly look at the BBC news website, wouldn’t Phorm “understand” this and so push adverts for other news and current affairs sites at me, to the BBC’s detriment? We’ll have to wait and see how it works in practice, I guess.

Blog Mgog

It has been reported that a Welsh blogger has been fined £150 (plus costs) for posting 'menacing messages' on his blog about a police officer who originally interviewed him.

Gavin Brent is reported to have been found guilty under the Telecommunications Act of posting menacing messages. I suspect this is an erroneuous reference to the Communications Act 2003 S. 127, which provides that it is an offence to make improper use of a public telecommunication network. A person who 'sends by means of a public electronic communications network, a message or other matter that is grossly offensive, or of an indecent, obscene or menacing character' is committing an offence.

The offender here wrote something which could be construed as offensive in relation to the police officer's family. Another cautionary tale to all bloggers out there.

Open Source on the Verizon

Traditional software owners can have some difficulty with open source software. Most traditional software proprietors spend vast sums of money creating, developing, testing, upgrading and supporting software for their clients. They then, quite rightly, charge their clients for the software and services which their investment has created. As far as a traditional software proprietor understands the world: I programme it, I sell it.

This is a gross over-simplification, but you get the idea. You can also probably understand why traditional software proprietors struggle with the concept of open source. As far as they (and frequently the public at large) can tell, open source is free; and not just free in terms of "no money" but free in terms of "free to use". It isn't - it's subject to licence terms in the same way as proprietary software, and increasingly the open source community is getting this message across through organisations such as the Software Freedom Law Centre.

Founded in 2005 this body provides 'legal representation and other law-related services to protect and advance free and open source software'. It takes this role quite seriously, and has been issuing lawsuits to enforce open source licence terms. In 2007 they issued a lawsuit against Verizon for not supplying source code to an open source component with their technology (a wireless router) in breach of the relevant open source licence terms. It is reported that Verizon have settled the lawsuit, as of March 2008. Whilst the choice to settle could have been made for any number of reasons, Verizon clearly took this lawsuit seriously in choosing to settle.

Given the number of times I've been asked about this recently, it is clear that traditional software proprietors are starting to take the issues of open source more and more seriously. This also seems to have come at a time when the open source movement itself has started to take the policing of open source more seriously. Nothing raises public (and commercial) consciences as much as a very public lawsuit.

Larry's still not happy

Mark and I went along to the SCL's annual lecture last night to see Prof Larry Lessig talk about "corruption 2.0".  I'd not seen him speak before (though I've followed the output from his blog for some time).  Once I'd got used to his staccato powerpoint style (does every word really need a separate slide for emphasis?), I was (predictably) wowed and convinced by many of his arguments.

I particularly liked his (more familiar) arguments about the scope and effect of copyright insidiously expanding to make contemporary "read write" culture illegal - though his point that legislators do just get things wrong (climate change, copyright extension, recommended diets) - and the lack of US privacy legislation - made me feel suitably indignant.  As I was supposed to feel.

And the "remix" section was great too.  It's never a bad thing to be reminded about some of those classic YouTube moments, such as Blair and Bush duetting to Lionel Ritchie's "Endless Love".  I've always been a big fan of some of the "mashups" my pal William puts on his Christmas compilation CDs, notably including the Beatles' "Christmas Time Is Here Again" with Boston's "More Than a Feeling".

I was only sad that there weren't more people there to see the performance.  In a theatre holding up to 460, I reckon there were no more than 100 people present.  Was this because the SCL had been over-ambitious in its choice of venue?  Or the conflict with the Chelsea v Liverpool match?  Or the fact it was a Wednesday night?  Or is Prof Lessig too radical for the taste of most tech lawyers?

Mental arithmetic ...

Recently I came across the judgment of Floyd J in Kapur v Comptroller General of Patents, Designs and Trade Marks [2008] All ER (D) 142. Mr Kapur wanted to get a patent for a new way of recovering documents which had been deleted from or overwritten on a document management system. The application for the patent (which (if successful) establishes the scope of any patent protection that is ultimately granted) couched the new method in terms of a computer system only.

The issue arose because the law, as implemented in the UK by section 1(2) of the Patents Act 1977, says that certain things are to be excluded from the “patentable inventions” category. The list includes:

“(c) schemes, rules and methods for performing mental acts, playing games or doing business, and programs for computers; and (d) presentations of information".

For those of you who have been following these cases, you’ll remember that the Court of Appeal, in the Aerotel case in which it was trying to decide how to apply section 1(2), came up with a four step test of patentability:

1. Properly construe the scope of the patent applied for;

2. Identify the “new” contribution the invention makes to the field;

3. Ask whether the invention falls solely within the categories excluded by section 1(2); and

4. Check whether the invention meets the requirement for the invention to have some “technical effect”.

So, the court in Kapur duly attempted to apply this four-step test, and, in doing so, it had to look at whether the invention was excluded on the grounds that it was a “method for performing mental acts”.

In previous case law, this had been interpreted both widely and narrowly. Should the exclusion from patentability be narrowly restricted, to methods actually carried out by the human mind, or should it be widened so as to include methods of the kind carried out by the human mind even where in practice it is a computer which carries them out? The judge decided that the narrow interpretation was the correct one. Provided that any patent granted with this scope could not be infringed merely by a third party himself performing some sort of mental act, the exclusion would not apply.

The case is interesting in that it confirms that the courts are minded to construe the “mental act” exclusion narrowly, which is good news for patent holders as they, at least in respect of this exclusion, have a better chance of obtaining the patent if the exclusion is more narrow. Of course, the pragmatic conclusion is that it’s likely that many inventions of this kind are likely to be excluded under the “business method” exclusion in any event, but that is a whole new post in the making!