It was bad enough while he was a baby. I wouldn't take my glands, and thus my child, through an airport scanner while I was lactating. Pretty basic stuff: you do your best to keep tequila, tobacco, and tachyons away from your child and this elixir he's drinking that's supposed to be nothing short of the Water of Life. (Hold your talkbacks, I don't actually think body scanners involve tachyons, but accuracy must sometimes be sacrificed on the altar of alliteration - not to mention loading a single sentence with both Star Trek and Dune allusions.) So we're no strangers to "we'll take the pat-down" interludes at airports, at least in the good old days that involved a wand and a sticker for the little guy if he managed not to bolt from the area.

As he got older, he began to notice the inconvenience and ridiculousness of padding through the scanner area in stocking feet. And you can bet when something is both inconvenient and ridiculous, my kid wants answers. Did I thoroughly explain why we must bid adieu to our footwear? Um, no. My son still flees the room in terror when Snoopy rises as the Great Pumpkin. He is simply not equipped (yet?) to handle the notion of being surrounded by potentially lethal Skechers.

Then there was The Sunscreen Incident. It coincided with that stage, around three years of age, when kids start to get really possessive and particular about Their Stuff. Of course it was all my fault. It was a return flight, and I was either trying to streamline things by not checking bags this one time, or I'd simply forgotten there was a nearly-empty spray can of sunblock in his carry-on. Out it came, away it went, and I'll wager that day's entire TSA shift is wistful for when they used to have eardrums. "Why mom, why did they take my sunscreen?" I have a hard enough time getting him to use the stuff, not to mention shampoo and toothpaste - so no, I did not go into great detail about the foiling of the UK Liquids Plot. (Though as I write this, I realize that if he thought he could whip up something explosive with his various hygienic, protective, and cleansing liquids, my child might actually take a shine to them. Hmm, some rethinking could be in order.)

Though my days of toting bodies and bottles full of breast milk through airports are well and thankfully over, given the new AIT scanners, to the extent I choose to fly at all any more, I will be opting out of them and for the new, more invasive pat-down - but that means so will my kid.

Terrible timing, TSA. One of the first things the little guys have to learn in Cub Scouts these days is a whole mess of process and procedure about "dangerous situations" and "inappropriate touching." Per the Cub Scout Tiger Cub Handbook,

It's your body and you have the right to say no to anyone who tries to touch you in places covered by your swimming suit or to do things that you think are wrong.

Given that my child tends to take these things pretty literally, and to append "AT THE TOP OF MY LUNGS" to any assurance he has the right to say no, I feel terrible for the poor TSA agents who draw us on our next trip. I may bring along cotton batting for their ears - assuming that's not a banned substance by then. Just today TSA announced a "modified pat-down" for travelers 12 and under, but I haven't found any description or account of how that will work. Let's hope it leaves swimming suits completely out of the conversation.

Another thing no one warned me about when I became a parent: that you either have to explain to your kids about people who want to blow them up, and others who want to (or are paid to) feel them up, or else be reckless and irresponsible with their safety, and unresponsive and unhelpful to their curiosity. There should be a "none of the above" option there, but sadly, there's not.

At least while we're waiting to see how much patting goes down, I can take solace in the fact I chose that option. Apparently, for families with kids who simply can't stand still long enough for the AIT scanners to work, the choice is made for them.

If you're a car dealer or auto mechanic, you've seldom heard such good news. For the rest of us? Not so much.

More: Adrian Kingsley-Hughes, Body scanner saved 35,000 'naked' images

Update: We delved further into this topic today (11/19/10) on This WEEK in LAW, with panelists Lisa Borodkin, Evan Brown, and Venkat Balasubramani.

[poll id="12"]

(Image by anja_johnson, CC Attribution-2.0)

But there was an odd dj vu every time I looked at the new sensor/mic/camera contraption. I'd seen something like this before...but where? Then it hit me: in a far distant time and context, at conference tables seating 40 or more, little devices like this had been the kind of whoppingly pricey infrastructure investment that drove law firm partners to distraction. The Kinect sensor looks just like an enterprise video conferencing device.

As it turns out, the Kinect doesn't just look like a duck, it quacks like one too - or rather, it leaves the quacking to you, and tracks you through the room should you also be seized by the urge to waddle. Video Kinect is the kind of impressive that's difficult to convey: it's like Microsoft has buckled a little time-travel wormhole onto the XBox, that when accessed shoots you a quarter-century ahead. Kinect's auto-zoom focus finds you and follows you around the room, if necessary. The mic just works, picking up intonations and inflections from over eight feet away. It's really, really cool.

And as these things go, it's a really, really cheap addition to a device a lot of people already own. If the Cisco Umi was doomed before, Video Kinect just drank its milkshake. Video Kinect requires an XBox Live Gold subscription (that's $9.99 US/month, or $59.99/year), and it's a $149 hardware addition to any of the 39 million XBox 360 consoles out there in the world. Compare Umi, at four times as much for the hardware, and five times as much for the service - and no river-rafting or Netflix. Jason Perlow is probably right that we're not likely to see a rush to telepresence systems as ends in themselves. But tack cheap, sophisticated video conferencing onto an already popular entertainment platform and you've got a win. Old skool video conferencing connects dispersed employees over long distances. Families, friends, and small businesses will want to do this too if it's suddenly and incidentally just there for them, untethered from desk and computer monitor.

I mention small businesses because the business appeal of videoconferencing this cheap and full-featured is undeniable, but so are XBox Live's terms of service: "You must not...use the Service for commercial purposes (except as expressly permitted by us)." (The Code of Conduct bars commercial use too.) But nobody reads those things anyway right? [poll id="11"]

Like other online activities, location sharing's privacy tradeoff ultimately is (or will be, for a great many) overcome by its payoff in convenience, perks, and timely, relevant information. Unlike many other online activities though, location sharing begins and ends in the real world, inherently carrying with it the goal - and of course the dangers - of real world encounters and consequences. Given this, it's inevitable we'll see the following on the legal front:

1. Location-savvy privacy standards and penalties. Facebook initially drew us in by providing away to share personal information and media with trusted, contextually appropriate others. Location services offer the same promise, and ask for the same kind of trust: namely, that data routing and user sharing expectations will match up. Such services might yet be on the periphery of lawmakers' vision, but they'll react quickly once the consequences of a data leak or user confusion begin to include crimes that make identity theft look quaint by comparison: rape, murder, home invasion, kidnapping, and the like. And those interested in your insurability, creditworthiness, or eligibility for benefits certainly would like to check out your check-in data - if they can get it. In the U.S., look for states and the federal government to implement stricter standards and penalties for sites that accidentally leak location data, or fail to clearly inform users when they're about to share such data publicly or in a new context. The EU is in the process of overhauling its data privacy protection laws as we speak, in response to the expanding universe of tools that let users "share information about their behaviour and preferences easily and make it publicly and globally available on an unprecedented scale."
2. Service-side restrictions on employee check-ins. As Sam points out and Facebook illustrated last week, people like deals, businesses like customers, and fundamental to the location service business model is the ability to play transactional matchmaker. Sprinkle liberally with game mechanics and you've got a time-and-place sensitive loyalty program - but not if employees skew the numbers by checking in each time they show up for work. Look for location services to fine-tune their terms of service, their in-game incentive system, or both, to help ensure the leads they deliver to advertisers are actually potential customers.
3. Employer-side restrictions on employee check-ins. Just as employers begin to get a handle on employee blogging, tweeting and Facebooking, in roar location services. The "employee mayor" throwing a wrench into one's marketing program is just the tip of the iceberg. Oh, you say our VP of Sales is mayor of the Pleasure Chest, and our chief engineer just checked again in at HQ of that company we're not supposed to be partnering with? Legal, please...
4. Geo-located "paper" trails as evidence. Lawyers and litigants in civil and criminal disputes now have a whole new way of answering the question, "Where were you on the night of September 12?" An individual's check-in history will be subject to subpena and disclosure regardless of the person's privacy settings if whereabouts or behavior are at issue in court proceedings. That "Crunked" badge might not play so well in child custody proceedings. Working on an alibi? Let's hope you didn't check in at the crime scene (or, if you've checked in elsewhere, let's hope you can establish it can't be faked).

As location services grow in popularity, they add new texture and detail to what is known and knowable about us. Our online and offline activities already are fairly well documented. By voluntarily adding records of our daily movements to the mix, we are giving law and policy makers new challenges to try to guard against unfair or dangerous use of this information.

(Image by thetalesend, CC Attribution-2.0)

While it's apparently debatable whether the U.S. government already has the ability to shut sites down, proponents of the just-introduced Combating Online Infringement and Counterfeits Act (PDF) don't want there to be any confusion on the point: if this law is passed, it will. Not in the name of national security, but instead to protect the economic interests of U.S. intellectual property owners.

To put things in context, it's no secret aggressive enforcement by U.S. rightsholders in the entertainment, software, and other industries has driven online traffic in infringing material offshore. In May, the Congressional Anti-Piracy Caucus named China, Russia, Mexico, Canada and Spain -- home of some of the top file-sharing sites -- as its primary Axis of Evil, and of course Sweden, which houses the uber-resilient Pirate Bay, gets an honorable mention on any such list. The legislation introduced yesterday is evidence of a lightbulb going off over someone's head on the enforcement side of this struggle: though the U.S. lacks jurisdiction and control over far-flung Web hosts and ISPs, it has jurisdiction over the registries for the .com (VeriSign), .net (VeriSign), and .org (the Public Interest Registry) domains, and various other TLDs. "Let's use it," the rightsholders have declared.

Under this proposed new law, in light of the dominance of U.S. firms in the domain registry arena, U.S. rightsholders would be able to effectively flip the kill switch on sites offering allegedly infringing material without having to rely on the cooperation of pesky foreign governments and courts. Here's how Keith Kupferschmid, Senior Vice President for Intellectual Property Policy & Enforcement at SIIA, put it:

The legislation not only strengthens the DOJ’s ability to shut down individual domains; it also gives authorities the power to cut piracy off at the source by eliminating critical technical and financial resources. SIIA runs the industry’s most aggressive anti-piracy program, and we believe the legislation introduced today could greatly extend our reach and ability to thwart piracy – especially operations taking place on foreign websites.

Once the Justice Department concurred that a particular site was "dedicated to infringing activities," here's how it would work:

• The U.S. Attorney General institutes an in rem action against the site in question. In rem actions are actions directly against a property interest. Here, the property is the target site's domain name.
• If the domain's registry OR registrar is located within the U.S. (remember, that's all .coms, .nets, and .orgs), the action is to be brought in the local jurisdiction of the registrar or registry (e.g., VeriSign is headquartered in Dulles, VA).
• If the domain's registry or registrar is not located within the U.S., the action may be brought in the District of Columbia.
• Once the action is commenced, the Attorney General can apply for injunctive relief "against the domain name used by an Internet site dedicated to infringing activities, to cease and desist from undertaking any infringing activity...." There's no need for a trial to get the injunction; it can be issued immediately if the court is satisfied with the A.G.'s showing. And there's no call for a jury to be involved in granting the relief; injunctive relief is equitable in nature, and is dispensed by a judge only, no jury.
• Once the injunction issues, it's game over for the target site. If its registry or registrar is within the U.S., the order enjoining use of the domain by the site is simply served on that entity and -- POOF! No more site. The proposed law also anticipates that target sites will scramble for new identities, and makes it easy to expand the injunction to other domain names as needed.
• If the registry and registrar are both outside the U.S. -- and since that excludes all .coms, .nets, and .orgs, for practical purposes these are much smaller fish -- the order may still be used to 1) block access to the site within the U.S. (by directing ISPs to decline to resolve the address), 2) prevent financial transactions providers from completing transactions for U.S. customers, and 3) prevent ad networks from serving ads to the site associated with the blocked domain. These non-domain management-related providers have no incentive to challenge or object to the A.G.'s directives, as they are expressly immunized from liability associated with compliance.

I guess Cary Sherman wasn't kidding about the DMCA not being a big enough stick. COICA, if passed, would be nothing short of General Sherman.

Not being a D.C. insider or much of a policy wonk myself, I honestly don't know what to think about the chances of this proposed legislation becoming law. If it does, it may not remain one for long. Favoring COICA's passage is the fact it is presented as a bipartisan initiative, and Washington seems pretty receptive these days to rightsholders' complaints that their enforcement efforts are hamstrung. On the other hand, this bill is quite a land-grab, or domain-grab is more like it. It makes some sweeping assumptions about the ability and authority of U.S. courts to interfere with international entities, gives scant due to due process, and tosses the longstanding "substantial noninfringing use" principles of Sony v. Universal out the window by specifying only "commercially significant" uses are relevant in determining whether a site is "dedicated to infringement." (On that last point, legislatures can actually toss judicially-decreed wisdom out the window. But still.)

COICA shows that when it comes to enforcement, U.S. intellectual property interests have plenty of bold, creative, and innovative ideas. Though perhaps some of that initiative might be better directed at the business model side of things.

Update #1: Another interesting little tidbit is the bill's requirement that the Attorney General maintain a public list of domain names "that, upon reasonable information and belief, the Department of Justice determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section." It's like a most wanted list for copyright suspects. Again, with no trial. How'd you like to try to get/keep investors or insurance under those circumstances?

Update #2: Though this bill makes it easier to pursue alleged international infringers than otherwise would be the case, it applies equally to domestic U.S. ones as well. Thus, if this had been on the books when it could be more forcefully argued that YouTube had no "commercially significant purpose or use" beyond distributing infringing works, Keyboard Cat might still be tickling the ivories in obscurity.

More on COICA:

Gautham Nagesh, Bipartisan bill would ramp up anti-piracy enforcement online

David Kravets, Bill Would Give Justice Department Power to Shutter Piracy Sites Worldwide

Greg Sandoval, Lawmakers want power to shut down 'pirate sites'

Digital Music News, This Is War, Baby: Combating Online Infringement Act Hits the Senate

Mike Masnick, US Senators Propose Bill To Censor Any Sites The Justice Depatement Declares 'Pirate' Sites, Worldwide

Wendy Seltzer, Copyright, Censorship, and Domain Name Blacklists at Home in the U.S.

Richard Esguerra, Censorship of the Internet Takes Center Stage in "Online Infringement" Bill

(Image by kthread, CC Attribution-2.0)

Ask any parent what are the greatest dangers to kids online, and you're likely to hear about scary individuals: the pedophile masquerading as a friend on a social site, game, or virtual world (such as those sensationalized on To Catch a Predator); the bullying schoolmate who taunts online; the inconsiderate, callous, or hormone-addled peer who posts inappropriate pictures or encourages one's little angel to "sext." Scary companies and commercial interests, however, fall low on the list of concerns, if at all. In my experience, most adults either don't think about the collection and sale of children's online activity, or accept it as an unavoidable cost of using Web services.

The Federal Trade Commission is a case in point. The FTC is in charge of review and enforcement of COPPA (the Children's Online Privacy Protection Act), and educates parents about online safety with its Net Cetera site and guide. Net Cetera talks a lot about keeping kids themselves accountable -- "remind your kids that online actions can reverberate;" "if your kids download copyrighted material, you could get mired in legal issues." It has some excellent guidelines for talking to kids about communicating and socializing online, and gets credit for telling parents that "your child's personal information is valuable, and you can do a lot to protect it." But Net Cetera saves its discussion of COPPA and privacy for the guide's final page, and fails to explain tracking with cookies at all (while cookies get a nod in the guide's glossary, its security section highlights viruses, malware, spyware, and, that perennial bogeyman, P2P). While Net Cetera does tell parents to think about fine-tuning whether and how information can be collected and used --

[C]onsider how much consent you want to give — it's not all or nothing. You might give the company permission to collect some personal information, for example, but not allow them to share that information with others

-- it doesn't address the fact that nothing in COPPA requires sites to negotiate with parents about data collection or use and sale of anonymized data. The FTC is closer to the mark when it tells parents to read and understand relevant privacy policies, and that "if the policy says there are no limits to what it collects or who gets to see it, there are no limits."

The Wall Street Journal is doing a great job getting the word out that perhaps the spectral online pedophiles, bullies, and sex maniacs are stealing the spotlight from a more stealthy, insidious, and concrete danger: the routine collection and sale of profiles built from records of online activity. Its "What They Know" series should be required reading for all, especially parents. In the series' most recent entry, On the Web, Children Face Intensive Tracking, Steven Stecklow exposes how easy it is to to purchase "anonymized" data about teens, and how dodgy even the companies trafficking in such data consider the information. For example, data exchange firm BlueKai first denied the existence of "teeny bopper" data (kids age 13 to 19) on its service, then, when it became clear a third party was selling such data via BlueKai, removed the data "as a result of the Journal's inquiries."

Having identified this both under-reported and underrated problem then, what is to be done? To begin with, I'd like to see those who hold themselves out as trusted sources on the subject of online safety, such as the FTC -- Net Cetera is distributed by our school's PTA -- pay at least as much attention to the dangers of commercial online tracking as they do to, say, the hazards of P2P file sharing. (While the FCC is currently considering whether to expand COPPA's definition of "personal information" to cover such activity, it has not yet done so.) The fact there's no such thing as really anonymized data should also be addressed (see Emily Steel and Julia Angwin, On The Web's Cutting Edge, Anonymity in Name Only and Nate Anderson, "Anonymized" data really isn't -- and here's why not). And parents need the tools to make the FTC's "it's not all or nothing" vision a reality. Cue Doc Searls:

Let’s also fix the problem on the users’ end. Because what we really need here are tools by which individuals (including parents) can issue their own global preferences, their own terms of engagement, their own controls, and their own ends of relationships with companies that serve them.

If you're not yet familiar with Project VRM, and these issues seem as critical to you as they do to me, you should check it out, spread the word, and perhaps get involved. I for one am looking forward to the day when it is both commonplace and easy for individuals, including parents, to have real control over collection and use of records of online activities.

(Image by Jeff Standen, CC Attribution-2.0)

I've been reading the latest in The Wall Street Journal's excellent What They Know series (further post to come on that front), and pondering online advertising. Companies are doing their darnedest to figure out who we are and what we want so they can serve us relevant ads that might relate to a real need (or strong wish), and lead to a purchase. But the system is hopelessly broken, and seems to get more, not less, so as online advertisers learn ever more about us.

Case in point: this strange photo of a woman applying a camouflage print to her eyelid was to the right of my Facebook profile the other day, along with text having something to do with "free samples." The weirdness of it made me curious, so the ad had at least caught my interest. In the world of Facebook and its advertisers, that means I probably clicked the ad to learn more, and maybe bought a product or took part in a promotion they were offering.

In the real world, that's not even close to what happened. The last thing I want to do is give my information to some promotional outfit in exchange for "free" samples. So of course I didn't click the ad. (Does anyone?) [Update 9/22: Facebook wrote in to clarify it gives no personally identifiable information to advertisers without a user's knowledge, and that if I had clicked the ad, the advertiser wouldn't have gotten any personal information about me unless I had chosen to enter it on the advertiser's site. My assumption though was that such information would have to be voluntarily provided by me at some point in order for an ad for "free samples" to have any payoff.] But I did want to know just what that thing was, it had me curious. (Halloween is on the horizon, after all, and one could build a whole costume around that eye.) So I Googled "camo eyeshadow." The fourth result was the company responsible for the product featured in the Facebook ad. I clicked through the search result, got the company's name, ColorOn, and the name of the product.

Not so bad for Facebook and its advertising clients, so far, even if not precisely how they expect things to work. While I didn't click the ad next to my profile, seeing the ad still got me to the site where the product was for sale. But did I buy it there? Of course not.

As an Amazon Prime member, Amazon is always where I look if I'm in a buying mode. So off I went to Amazon with the company and product names, and searched there. The product was there, but as no Prime (free) shipping was available, any notion I might have been entertaining to buy that particular product evaporated. Instead, I went back to being merely curious about this weird new world of stick-on/peel off eyeshadow, something I'd never seen before and found sort of academically intriguing. An Amazon search for the manufacturer's name pulled up several related results -- including a similar product from ColorOn's competitor, Avon. Since those were far cheaper on Amazon (shipping included), and since my curiosity was sufficient to justify the few dollars it would take to satisfy it, I bought the Avon product from Amazon.

Thus did a Facebook ad lead straight to a result no Facebook advertiser wants: a completed sale for a competitor. Maybe such an advertiser might take a philosophical "rising tide floats all boats" approach to my anecdote, but I'd be surprised.

Am I that unusual, or a pretty standard modern-day customer? Do online ads affect your behavior at all, and if so, do you behave in ways the advertisers expect? If you have anecdotes like mine or even more convoluted ones, I'd love to hear them.

[poll id="9"]

Last Sunday, Clifford Levy in the New York Times published a disturbing and eye-opening account of selective crackdowns by the Russian government against alleged pirates of Microsoft products who also happened to be vocal environmental activists. The day after the story's publication, Microsoft changed its policy, stating (as reported again by Mr. Levy) that it will now "provid[e] a blanket software license to advocacy groups and media outlets," so that there will be no question about whether certain computers are running licensed software or not. Though they will "be automatically covered by it, without having to apply," I'm wondering what exactly will qualify as an "advocacy group" or "media outlet," and how and when those determinations will be made -- e.g., before, or after, a seizure has occurred?

This story seems particularly timely given that finalization of the Anti-Counterfeiting Trade Agreement (ACTA) is imminent. Even without ACTA, a government in search of a pretext has all the tools it needs to ransack or seize computers in the name of protecting foreign copyright holders. ACTA promises to provide a whole new legal infrastructure and justification for such tactics, in addition to the myriad concerns it raises simply if enforced in a non-corrupt, as-intended manner. Participation in ACTA is voluntary, and not tied to membership in the WTO, WIPO, G8, etc. As Canadian law professor Michael Geist points out, ACTA will effectively

export tougher enforcement measures -- often to countries where free speech is not a given -- without including the exceptions, due process, and balancing provisions. The recent Russian case highlights why this is such a dangerous and misguided approach that is apt to cause more problems than it solves.

As if ACTA weren't already objectionable enough, Mr. Levy's reporting demonstrates how governments may turn an invitation to help rightsholders into an opportunity to help themselves.

Further reading:

David Gewirtz, Are Microsoft lawyers partying with Putin to harass Russian rebels?

Darren Pauli, ISPs could be freed from liability over user copyright abuses

Nate Anderson, European Parliament passes anti-ACTA declaration

Mike Masnick, And, Of Course, ACTA Leaks: Some Good, Plenty Of Bad, and How Can Border Patrol Know Whether Music On Your iPod Is Infringing?

(Image by speedesign, CC Attribution-2.0)

There is something interesting and important about this case that has not come through in the coverage and commentary -- understandably enough, because the court didn't rely on it as the basis of its decision. If it had, we'd have a better reasoned case, more likely to survive rehearing and appeal, and less likely to occasion such panic. The plaintiff, Mr. Vernor, sought to sell some copies of AutoCAD on eBay, but he didn't buy them from Autodesk. Instead, he bought them from an Autodesk customer called CTA. Prior to then, CTA had purchased a paid upgrade from v.14 to v.15 of AutoCAD, at an upgrade price of $495/license (versus the $3,750 price v.15 would have otherwise cost). As part of the upgrade pricing and arrangement, CTA agreed to destroy previous versions of the software, and to give proof of that task to Autodesk upon request. This, CTA did not do. Instead, CTA sold its v.14 copies to Mr. Vernor, along with handwritten activation codes necessary for the software to work.

In other words, Autodesk gives customers the ability to upgrade at a discount well below the cost of buying new software, but also expects them not to deepen the effective discount by selling their old copies. Autodesk forbids this practice by having its software license agreement (SLA) require customers to destroy old copies after an upgrade. True, Autodesk also purports to require customers to obtain its consent to any sale of any of its software (e.g., if CTA had tried instead to sell v.15), but that provision did not need to be at issue here because CTA didn't try to sell any of its upgraded copies; it sold the outdated ones.

Given all this, the court seems to have missed a more palatable path to the same outcome. From a legal and policy standpoint, I'd be far more comfortable with a court saying CTA did not "own" its outdated v.14 copies for resale purposes, because it knowingly and reasonably forfeited those sorts of rights when it opted for the discounted upgrade. That's telling your customer it can't have its cake and eat it too, and shouldn't offend anyone's notions of rationality and fairness. Confoundingly however, that's not what the 9th Circuit hung its hat on here. Instead it found only, and much more broadly, that

[B]ecause Autodesk reserved title to Release 14 copies and imposed significant transfer and use restrictions, ... its customers are licensees of their copies of Release 14 rather than owners.

A better-reasoned outcome would have been that "ownership" of software is possible, even in the face of various transfer and use restrictions, but not when a customer opts for the covert "sell" over the contractually required and financially rewarded "destroy." The court viewed this case as black and white: you either own software or, if "significant transfer and use restrictions are present," you don't. It seems to have missed the gray area here: that maybe you can own it, but forfeit that right if you breach a provision specifying, "if it's old, it can't be sold."

In our era of increasingly digital and virtual goods, I'm even ok with upholding an "if it's old, it can't be sold" restriction -- tied, as here, to a discounted upgrade -- in the non-software context. Suppose an ebook author and publisher offer an updated copy of a publication annually, at a discounted price to prior purchasers who agree their prior copy will be replaced -- sounds good to me. Say a physical book author and publisher do the same thing, if buyers will trade in their old editions for the new one -- still fine. Not that I'm a fan of involving lawyers in book sales, but there's no denying that notions of ownership are evolving along with the nature of our goods:

Until the Free Culture movement gains much more traction, we can expect to see more, not fewer, license agreements governing the things we purchase, use, and consume. We need courts to construe them with common sense and fairness. It makes sense for both things -- licenses and resales -- to survive in the marketplace of bits you can't hold, but whether and how that will happen remains to be seen.

Update: More analysis from EFF's Corynne McSherry, “Magic Words” Trump User Rights: Ninth Circuit Ruling in Vernor v. Autodesk

The networked digital environment creates massive new opportunities for personal information to be collected, shared, and used. Will the law change, and if so, how? Is privacy even a viable concept any more?

1. I'm guessing Mike Arrington can get this fixed with a phone call or two. (via Dave Winer) If you're not him...
2. You may have missed the fact there was, before username registration opened up, a form to complete for "preventing [your] trademarks from being registered as usernames." That form is now closed, and links off instead to Facebook's non-copyright IP Infringement Form. (Given its wording and stated purpose, I doubt it would have helped with non-trademark-registered individual names anyway.)
3. Facebook (like Twitter, etc.) is not ICANN, and the UDRP has no application to its vanity URLs. Facebook's terms of service, however, mandate that users not "take any action on Facebook that infringes someone else's rights or otherwise violates the law."
4. Many jurisdictions, (including California where Facebook is headquartered), restrict or prohibit unauthorized use of a person's "name, image, likeness or other unequivocal aspects of one's identity."
5. It's not "squatting" if someone else happens to share an individual's name and was able to register it or a variation.
6. All that said, it seems one's first recourse as the victim of a username squatter is the aforementioned non-copyright IP Infringement Form.

I'd be interested in hearing about people's experiences with this — whether it turns out to be streamlined and effective or frustrating and a pain. Let me know and I'll update.

Previously: Chris Pirillo is socialsquatted; does the law care?

Since 2002 it has been pretty well accepted in the U.S. that search engines can properly display thumbnails of images in search results under the fair use doctrine. Crucial to that result though is the fact search result thumbnails do not "supplant the need for the original" or harm the market or value of the images as used on the original site. (See the Ninth Circuit's Kelly v. Arriba Soft decision.) In fact, thumbnail images in search results were found to help the market or value of the images by

guid[ing] users to [the site] rather than away from it. Even if users were more interested in the image itself rather than the information on the page, they would still have to go to [the] site to see the full-sized image. (Kelly)

Bing presents an interesting twist on this, and the question is: is displaying a thumbnail rather than full-sized video enough to trigger fair use? Here, I think the argument is stronger than in Kelly that the need for the original is supplanted. Full length Lengthy [see below] thumbnail videos with sound strike me as more likely to serve as a complete substitute for the original than a thumbnail image, and if I'm right, fewer users would be guided to the original site by the search engine (in fact, they'd be discouraged from clicking through). The thumbnails also impair the value of the original by removing the originally included ads.

On the other hand, Bing's video search could be fair use if the videos are embedded and/or inline linked rather than copied. (That doesn't sound like what's going on, particularly given the ad removal, but I need more info.)

I'd be curious to hear more from others, including Fred von Lohmann at EFF, about Bing's video search and fair use.

[Update, 2:30 p.m.] As TechCrunch pointed out yesterday, Bing puts users two clicks away from a whole lot of video porn, again with the thumbnail/full video/full sound scenario (though I didn't do an extensive survey, the couple of thumbnails I clicked through required you to click further to "play the [full size — no tittering now] video at the original site" rather than staying on Bing). Adult entertainment producers can be among the most strident objectors to search engines hurdling their paywalls and providing access to their otherwise for-pay content, as we learned a few years back in the Perfect 10 v. Google litigation. Perfect 10 involved still images only, and Google won, as Jason Schultz describes here. Bing's porn thumbnails are significantly more....enhanced. 'Scuse me while I reinstate safe search before my kid wanders in.

[Update, 3:36 p.m.] As noted in the comments here and in an update to Andy Plesser's original post, it's not yet clear exactly how much of each video gets played in the thumbnails, and whether this varies from video to video or source to source. From what I've seen of the thumbnails they play enough of the original to prompt obvious fair use concerns.

As Professor Mike Madison puts it:

Among other things, the best practices approach is one way of rendering concrete an emerging sense that fair use in copyright law is neither as radically indeterminate nor as toothless in operation as the conventional wisdom might suggest....

The best practices approach is not a panacea, and it is far from costless. Producing these statements and working with gatekeepers to acknowledge them is time-consuming, challenging work. And there is no assurance that if tested in court, a copyright defendant’s reliance on a Best Practices approach or publication would be persuasive to a judge or jury. The hope, however, is that the more robust the set of Best Practices followed by creators in these fields, the less likely it is that litigation will ensue.

Positive steps toward building law that works.

(Image by Barack Obama, CC Attribution-Noncommercial-Share Alike 2.0 Generic)

When you enable Mail Goggles, it will check that you're really sure you want to send that late night Friday email. And what better way to check than by making you solve a few simple math problems after you click send to verify you're in the right state of mind? ... Hopefully Mail Goggles will prevent many of you out there from sending messages you wish you hadn't. Like that late night memo -- I mean mission statement -- to the entire firm.

Jon's idea is lighthearted and fun, but when you look past the humor and consider it more broadly it's quite brilliant. The current climate of panic is not confined to the financial markets. Corporate legal departments are bombarded with articles and concerns about online corporate communications, liability and more liability. The tug-of-war between PR/communications professionals and in-house legal continues to escalate as it becomes idiotic (if not impossible) for companies to remain on the sidelines of the Live Web. How do you train people to address the IP, defamation, and other legal concerns involved in free-flowing Web dialogue? Must every blog post and wall entry be vetted by a team of lawyers?

Expanding on Jon Perlow's Mail Goggles idea sounds like a great solution. I like the notion of a straightforward and unburdensome series of questions as precursor to "publish." Instead of math problems, people could be asked to briefly confirm they've cleared rights on images, protected confidential information, and complied with policies on the quality of discourse and information provided. If uncertain on any of those fronts, they could be reminded what to do next. While a cookie-cutter approach couldn't possibly address every legal nuance and pitfall, it could at least act as a sort of triage, speeding innocuous items out the door and letting the moderation/review process hone in on more complicated situations.

[poll id=7]

Over at ZDNet's Feeds, Jennifer Leggio walks us through a cease and desist email she recently received. The email suggested her blog's use of the term "branded community" might constitute trademark infringement. It's a good object lesson about paying attention to cease and desist letters but not always accepting them at face value. All too often, their legal weight is less than substantial.

(Image by Carolyn Coles, CC Attribution-2.0)

I'm not a fan in general of sites that create a listing or profile for you, hoping you'll eventually claim and/or correct it. This tactic, neither user-centric nor user-driven, is insidious for at least three reasons:

1. inaccuracies proliferate,
2. privacy is frequently jeopardized, and
3. users are required to invest considerable time and supply yet more personal data in an effort to remedy 1 and 2.

David Lazarus gives examples of these sorts of problems in his Los Angeles Times piece today, Social networking site divulges child's personal information. He tells of a mom who looked up her Reunion.com listing just to see what it might say, and learned it included her toddler son's name and their family's home town: things she would rather not have readily associated with one another. This occurred even though Reunion.com says it creates its listings only from "publicly available" information, including that purchased from a data broker. When the Times came calling, Reunion.com removed the reference and now says "measures have been put in place to make it easier for people to have information deleted from the site," though I don't see much here that bears this out.

Lazarus tapped privacy guru Ray Everett-Church for his thoughts on the matter. There goes the weekend:

[I]t's up to parents to monitor online directories such as Reunion.com and make sure their kids' names aren't present.

Everett-Church also suggests parents do everything they can to keep children's information out of corporate databases — presumably by using false names when subscribing to magazines, using online services, etc.

There are market opportunities around these pain points. The value of brokered data plummets once enough people game and/or end-run that system, whereas the value of systems and relationships that meet expectations and demands around accuracy, privacy, and time efficiency goes through the roof.

Elsewhere in the L.A. Times, Numedeon Inc.'s Jen Sun thinks there's an upside to ruses run by some Whyville users who con others out of online goods and funds in exchange for nonexistent rewards: "It's a learning experience for the victim not to be so gullible, not to be motivated by greed, because the scammers use greed against you." I hope we don't have to wait for all the nine year-olds to grow up in order to figure this stuff out.

(Image by LabGP & SigOther's, CC Attribution-2.0)

Saul Hansell reports today that the Associated Press "will, for the first time, attempt to define clear standards as to how much of its articles and broadcasts bloggers and Web sites can excerpt without infringing on The A.P.’s copyright."

The problem with "clear standards" is that as Tim Wu (quoted in the article) correctly points out, the legal standard is unclear, and subject to interpretation on a case by case basis. There are instances when reproducing the entire work (or large portions thereof — "Fisking" we used to call it, seems like eons ago) with sufficient commentary is fair use. The A.P.'s vague statement that it wants to police what appears to be reproduction for reproduction's sake as opposed to commentary, thus is a fair representation of what it's entitled to do by law; anything more specific might not hold up.

Given this, it'll be interesting to see what the A.P. cobbles together with the Media Bloggers Association, which of course does not act for and can't bind the whole blogosphere and Web. If, as the statements to Hansell suggest, it's as restrictive as purporting to make brief direct quotations against A.P. policy, the A.P. will either have to backtrack or try to get judicial buy-in on a policy that in all likelihood would be deemed overbroad.

(Image by SideLong, CC Attribution-2.0)

Related: Mike Arrington, Here’s Our New Policy On A.P. stories: They’re Banned, and all stories and posts linked from there; Techmeme re same.

Community and content management don't void a site's immunity under Section 230 of the Communications Decency Act. Participation in an unlawful act does.

I was thus taken aback by the legal analysis included in Wired's/Betsy Schiffman's post about Ariel Waldman and Twitter (Twitterer takes on Twitter Harassment Policy):

John Dozier Jr., a managing partner at Dozier Internet Law, says Twitter may have risked its immunity under the Communications Decency Act the moment it "edited" or altered content on the site. (An "edit" could include any sort of alteration, such as promotional placement or displacement on the site.)

"If they've edited content based on their subjective perspective, they put their immunity at risk and virtually their entire online business, because then they'd be liable to defmation [sic] claims or anything else that a publisher would," Dozier says.

What's at stake in the Twitter-Waldman discussion, as I understand it, is not editing or alteration but removal: something squarely protected by Section 230. (To be clear, editing and alteration don't per se void the immunity, either.) As Professor Eric Goldman (a Section 230 scholar and frequent analyst) put it in a recent, unrelated post:

47 USC 230. Many people operate under the outdated myth that a site must choose to be either a publisher or a passive conduit. Fortunately, the law facilitates heterogeneous approaches to UGC. Per 230, a [site owner] isn't liable for third party content with limited exceptions. Ownership doesn't matter; editing doesn't matter, prescreening/policing doesn't matter. ...

Evan Williams and co. at Twitter haven't been invoking Section 230 as a basis for their decision not to remove certain complaint-generating submissions or their author; let's not start doing it for them.

(Image by carrotcreative, CC Attribution-2.0)

Though it could scarcely be more cumbersomely named — the Transatlantic Information Law Symposium — this upcoming (and free) program at Stanford Law School looks excellent, featuring such big thinkers as Mark Lemley and Stefan Bechtold, and such big topics as privacy, free speech, the future of Internet regulation, and one that looks particularly intriguing from the standpoint of social media and attention: property vs. contract to govern online behavior. I'd like to go, though the timing's not great for me; if you're going, blog the wealth.

(Image by Maveric2003, CC Attribution-2.0)