One thing website operators MUST do under new DMCA rule

My colleague Melissa Kern wrote an advisory about the copyright office's final rule regarding designating a DMCA agent. I thought it was important enough to repost (with permission) here.

Beginning December 1, 2016, the Copyright Office is rolling out its new online filing system for designating an agent to receive notices of copyright infringement. Website operators and other online service providers who store user content must submit new designated agent information electronically before the deadline to continue to take advantage of the Digital Millennium Copyright Act’s (DMCA’s) safe harbor from copyright infringement liability.

The new online filing system replaces the interim, paper-based system that had been used since the DMCA was first enacted in 1998. Under the old system, service providers could designate agents by sending in paper forms to the Copyright Office, which the Copyright Office then scanned and publicly posted in its directory of agents. Previous filings made under the old, paper-based system will continue to meet the DMCA’s requirements until they are phased out on December 31, 2017.

In connection with its new online filing system, the Copyright Office has issued its Final Rule relating to designating an agent with the Copyright Office. Highlights are as follows:

• Beginning December 1, 2016, the Copyright Office will no longer accept paper agent designations. All new filings must be made electronically using the online filing system.
  
• All service providers who have previously filed with the U.S. Copyright Office for DMCA safe-harbor protection under the old, paper-based system will have until December 31, 2017 to refile using the online filing system or lose the safe harbor protection. To do this, the service provider, or its designee, must establish an account that will be used to log into the system and register.
  
• The DMCA filings will expire every three years, so they will need to be renewed. The Copyright Office’s new system will send out email reminders.
  
• Filing fees are significantly lower ($6 per entity). There is no limit to the number of alternative names, URLs, service names, software names, and other commonly used names that can be listed on a service provider’s filing for this fee. All alternative names that the public would be likely to use to search for the service provider’s designated agent must be provided. However, separate legal entities must file separately and are not considered alternative names.
  
• The designated agent does not have to be a natural person. Service providers now have the option to designate a specific person (e.g., Jane Doe), specific position or title of an individual (e.g., Copyright Manager), a department within the service provider’s organization or within a third-party entity (e.g., Copyright Compliance Department), or the service provider or third-party entity generally (e.g., ACME Takedown Service).
  
• The designated agent’s physical mail address, telephone number and email address must be provided to the Copyright Office, and a designated agent may now provide a post office box to be displayed as its physical address. However, in a nod to technological obsolescence, a fax number is no longer required.
  

Melissa's original advisory can be found here.

Photo credit from Flikr.com.

How to Discuss Open WiFi

As reported in this article from C|NET, Cathy Paradiso, a technical recruiter who works out of her home near Pueblo, Colo., was recently threatened with having her internet access discontinued based on allegations of copyright infringement that ultimately proved unfounded. According to the article, Ms. Paradiso had an unsecured wireless network, and someone took advantage of her connection to download various television shows and movies.

Anyway, on its own, this isn't that big a deal. Certainly, it isn't that big a deal in the ongoing story of copyright infringement accusations and open WiFi (my thought is that this story about an Ohio county which had its free WiFi shut down over a copyright infringement complaint is much more noteworthy). However, something about the reporting on Ms. Paradiso's predicament rubbed me the wrong way. After noting that cutting off internet for someone who works from home is essentially the same as destroying that person's business, the article asked

is it right to penalize someone for not being tech-savvy enough to properly secure a wireless network?

To me, that's entirely the wrong question. Whether someone has open WiFi isn't just a matter of tech savvy. After all, even Bruce Schneier, who is probably the web's best known expert on computer security has advocated for open WiFi, saying that people who maintain open WiFi make the world a better place, by making a valuable resource more easily available to more people. While Mr. Schneier's analysis of the costs and benefits of leaving WiFi open might not convince everyone that open WiFi is the way to go, it certainly disproves the idea that leaving WiFi open is something that only the technically unsavy would do, and that policies should be built around the idea that leaving WiFi open is somehow a less legitimate choice than the alternative.

So, how would I like to have seen the article deal with the open WiFi issue? I think treating it as a real issue, with real policy consequences would have been a better way to go. For example, instead of assuming open WiFi is bad, it could have explained why the problems with open WiFi (e.g., making it harder to police copyright violations) outweigh the benefits (e.g., broader access to valuable resources). Or, in the alternative, it could have explained that open WiFi is valuable, and then discussed policies which would help foster it (for example, stripping ISPs who go after people with open WiFi of their protections under section 512 of the DMCA, under the theory that those providers are no longer acting as passive conduits, and so shouldn't be protected as if they were). Either way, it would have been a great deal more informative and interesting than simply treating open WiFi as something that happens only by mistake.

Code Does Not Trump Law

According to this article from C|NET, an Australian judge has propounded an original and counter intuitive theory - that technology, represented by computer code, is more powerful than the law. As he put it in his own words, "We are moving to a point in the world where more and more law will be expressed in its effective way, not in terms of statutes solidly enacted by the parliament...but in the technology itself--code."

Of course, I use the words "original" and "counter intuitive" in their ironic sense, to mean "not original" and "not counter intuitive." The basic thesis is at least as old as Lawrence Lessig's 1999 book Code and other Laws of Cyberspace. However, the point of this post is not to point out that the judge's ideas are unoriginal, it's to set forth why I think they're wrong. Basically, I think there are three problems with the judge's argument that code trumps privacy legislation.

First, the judge fails to recognize that there are many types of privacy concerns. The article asserts that search engines like Yahoo! and Google had rendered the concept of limited usage for personal information obsolete. Frankly, I'm not sure how anyone could support such a silly notion. Yahoo! and Google make it easier to find information about a person, but do nothing to release information which isn't already publicly available. Thus, you can use Google to find out that I was (at one point) a competitive chess player, but you can't use Google to find out how much I paid the last time I went to the hospital. The fact that the judge does not realize that would be more serious concerns raised by my hospital records being publicly accessible by Google than are raised by my blog being accessible by Google indicates that his ultimate conclusion that code trumps law shouldn't be taken seriously.

Second, the judge overlooks the fact that, historically, the force of the law has a relatively good record in trumping the capabilities of code. For example, at one point there was a file-sharing service called Napster which was (supposedly) going to tear down the antiquated structure of intellectual property laws (for an example of the heady predictions related to Napster, see here). Of course, that didn't happen. What did happen is that Napster was sued out of existence based on violations of the intellectual property laws. For an even better example, consider the digital millennium copyright act, which has eliminated entire categories of consumer products (see this article for examples), which, if "code" actually trumped law, would be freely available. Now, by using these examples, I am not trying to make a normative argument that law should trump code, or that the world is better off because Napster (in its original incarnation) is gone and the DMCA is the law of the land. However, I think this examples make very clear that "code trumps law" is a conclusion which is simply not supported by the history of conflicts between the two.

Finally, the judge seems oblivious to the fact that "code" (or technology more generally) doesn't have the power to enforce social norms without the support of the law. For example, a search engine which is written in a manner that collects no personal information could only enhance privacy if: 1) people could trust its claims of gathering no personal information, which requires truth in advertising laws; and, 2) people could be sure it wouldn't unilaterally change its policies after they had relied on its guarantees of privacy, which requires the law to enforce its agreements. To me, the failure to understand that it is law which allows code to act as an alternate enforcer of social norms further undermines the judge's credibility, and his ultimate point that code trumps law.

Actually, the last of the three points is what bothers me most about the "code trumps law" argument. If you really think that "code" (or technology) trumps law, and that "code" can, ultimately be used to enforce social norms, there's no real need to fight for appropriate legal change. The result, of course, is that there won't be any legal change, and "code" will eventually trump law simply because the "law" side of the equation is ignored. As someone who cares about privacy protections, that seems to me to be an outcome which should be avoided, but that can only happen if people realize that the law is vital to protecting individual rights.