1. General comments about the S&S Bill

While we appreciate the proposed changes to the Bill, we still hold grave concerns about the general thrust of the Bill towards increased powers for search and surveillance.

We have the following comments on some of the issues raised by the Summary Departmental Report.

Enforcement and Regulatory Agencies

The report talks about the scale and complexity of the Bill and how this makes it hard to understand, something that has not been improved in the latest version.

We believe that a significant part of the confusion around the Search and Surveillance Bill is caused by the way that it tries to cater for the requirements of both enforcement and regulatory agencies. This makes the Bill very hard to follow as it is hard to tell which parts apply to which types of agencies.

The conflation of these two types of agencies has also contributed to the “take a power given to one agency and give it to all of them” which has led to absurdities such as allowing city councils to apply for warrants for covert video surveillance.

We recommend that the Bill be split into two, with one bill for enforcement agencies and another for regulatory agencies. This would be similar to the way that the Official Information Act has two versions, one for central government and one for local government. We believe that this would substantially improve the clarity of the law and allow for more flexibility in drafting.

Safeguards and the principle of notification

The report shows that a significant number of submissions have raised concerns about the safeguards for civil liberties in the Bill.

There is also a discussion of notification in the section about production orders, with the Privacy Commissioner recommending that people should be notified when a production order has been issued against them (possibly after the investigation is complete to ensure that it is not compromised).

In response, the report notes in comment 118 that there are no notification requirements for a search warrant and that therefore it would be anomalous to add them for a production order. We accept the inconsistency but suggest that the wrong conclusion has been drawn in response.

We recommend that the Bill establish the principle that the targets of search & surveillance powers must be notified that this has happened at such a time when this will not compromise the investigation. This recommendation is built upon the following principles:

• Our society is built upon open and accountable government.
• It is impossible for someone to challenge the actions of a government agency if they do not know that those actions have occurred.
• There is no legitimate interest in keeping searches or surveillance secret after the completion of the investigation.

This notification regime will provide an important safeguard against abuse of search & surveillance powers by allowing people to respond to and challenge the exercise of those powers used against them.

Examination Orders

In comment 52, the report details that Examination Orders are necessary because people who may wish to help the Police will be prevented from doing so by professional ethics (the example of an accountant is given). However, the Bill does not attempt to address this, but rather provides a means to force people to testify and thereby erodes the right to silence.

We recommend that this section be substantially rewritten to maintain the right to silence, but provide protections to enable people such as accountants to be able to assist the Police with the investigation of serious crimes if they choose to.

Recommendations

1. Split the Search & Surveillance Bill into two, with one for enforcement agencies and the other for regulatory agencies.
2. All targets of search and surveillance activity should have a right to be notified of this at such a time when it will not compromise the investigation.
3. Change examination orders to retain the right to silence but provide protections for people who wish to assist Police with their investigations of serious crimes.

2. Computer Searching

The bill contains a number of provisions around the searching of computer systems. The submissions and comments in response discuss issues around:

• The wide-ranging scope of data held on personal computers
• How to define what is to be searched
• What “plain view” means on a computer
• The issue of “trawling” through computers

Our response

The bill ignores the reality of how computers are currently seized and searched, and therefore contains assumptions about warrant specificity, trawling and plain view that don’t make sense. (This section was prepared in consultation with an experienced computer forensics examiner.)

Copying/Imaging and Analysing Computers

The first thing typically done when a search warrant is exercised is that the computer systems are seized and a copy (an image) of the entire system is taken. This allows the investigator to preserve the integrity of the evidence and also has the advantage of allowing seized equipment to be returned sooner.

Secondly, investigators then use sophisticated tools to read the entire contents of the copied computer to create an index of what is stored on it. Once this indexing process is completed, the contents of the copied computer can be searched quickly and with very little effort.

Indexes, Plain View and Trawling

Analysis tools present investigators with lists of documents, pictures, music files, etc. These lists will typically include filenames, titles, and thumbnail images of pictures or documents.

By scanning through these lists and looking for the material specified by the search warrant, investigators will also be presented with other material that is not covered by the search warrant. They might not be actively “trawling” for material not covered in the search warrant but it will be presented to them anyway. Arguably, this information is now “in plain sight” and can be seized and acted on.

This means that any search of a computer system will inevitably extend to cover all material stored by all people on the computer system. Suggesting that the specificity requirements of search warrants will provide any protection is obviously a fiction.

Copying and Privacy Issues

There are very real privacy problems that occur with copying computer systems. An officer executing a search warrant to seize business papers would never think to seize the family photo album, but the family’s digital photos would be swept up along with the rest of the data on the computer.

This means that seizing a computer risks infringing the privacy of everyone who has personal data stored on the computer system, not just the target of the search warrant (who may not even be the owner of the system).

Infringing privacy in this way leads to emotional suffering – we can all understand the worried feeling someone would have when other people have access to their personal letters and photos. While this is unavoidable when searching shared computer systems (in the same way that it’s unavoidable when searching a house) the law should attempt to reduce this as much as possible while not unduly hindering investigators.

We recommend that notifications around searching should include a list of what computer systems and data storage devices were taken and whether or not they have been copied. This data should be kept for as little time as possible and the further notifications should occur when it is deleted.

Interference with business and personal life

People and businesses are increasingly relying on computer systems. Businesses may not be able to function without access to their customer and product data, whereas individuals may find it difficult to maintain communications with their friends, colleagues and families.

We recommend setting a time limit for holding seized computer systems so that they can be returned to people as soon as possible. This time limit should be sufficient for the systems to be forensically copied for further analysis.

Recommendations

4. That no information from a seized computer system, other than what is specified in the search warrant, should be able to be used.
5. That the forensic computer system used to analyse and search the data should record a list of the searches (i.e. search terms) that are used and the results of those searches. This should be made available to the defence in the event that charges are filed.
6. That the notification of being searched (section 126) should include details of what computer data storage items were taken and which of these were copied.
7. That copies of computer systems must be deleted as soon as practicable (i.e. after it is decided that charges won’t be filed), and that the original owner should be notified when this is done.
8. That computer systems must be returned to the original owner as soon as possible and that a reasonable time limit of one week should be set. This should easily be enough to allow them to be copied for further analysis.

Availability of computer searches

The Bill includes provisions around access to remote computers (sections 108 and 110).

Our response

We appreciate the clarification of “computer system” (submission comment 413). However, the definition still includes “the internet” as this is a connected system with interconnected computers. Judging by the comments in the report this is not the intention and therefore further clarification is necessary.

Recommendations

9. Further clarification of the meaning of “computer system” to exclude computer systems available over the Internet that are not under the control of the people being searched.

Enforced search assistance

Clause 125 of the Bill allows the searcher to require specified people to assist with retrieving data from a computer system, including the provision of passwords and decryption keys. If the specified person refuses to assist they risk fines or imprisonment.

Our response

No access to passwords and keys

One of the principles of good security design is that there should be no other way to access the secured data – no backdoors, master passwords or similar.

This means that in many cases the systems are specifically designed so that the people who control the systems cannot read information stored by the people who use the system. Computer system administrators often will not be able to provide the passwords or decrypt the data even if they want to assist.

How will the courts determine the truth when someone says that they don't have the key or cannot retrieve the password? Will they believe the system administrator who says that they have no way to read their user's files? Will the courts be prepared to jail someone who might be incapable of doing what they are ordered to do?

Significant effort

The Bill says: “may require a specified person to provide access information and other information or assistance that is reasonable and necessary to allow the person exercising the search power to access data”.
We are concerned that there is no limit on the amount of time that the searchers can force the specified person to spend in doing this. Finding and retrieving data can take a significant amount of effort (many hours or even days of work). It seems unjust to force some innocent bystander to labour for free on behalf of the searching agency.

If the Police require a locksmith to access premises they pay them for their services. This should surely apply to any other third-party obliged to assist searchers in their work where the effort involved is substantial.

We note that the Telecommunications (Interception Capability) Act 2004 provides for telecommunications companies to charge for their costs in retrieving data in response to search warrants.

Recommendations

10. The law needs some way to ensure that an innocent third-party is not penalised for being unable to assist by providing access or passwords that they do not have.
11. Agencies compelling assistance from a third-party should have to pay the standard rates for the rendered service after a minimum time.

A recent article by Rob Weir does a good job of articulating what drives us. In How to Crush Dissent, he compares distributing information on the internet to the samizdat underground presses in the Eastern Bloc. He fears that our current anarchic level of information freedom could be temporary:

So, technology has not made dissent safer. We are merely fortunate that the political climes of 2010 permit more dissent. But if challenged, the powers that be have far greater tools to control information than they did in 1989. I am not certain the tools available to the individual come close to being able to withstand them.

He then talks about the importance of dissent, by which he means not just legally permitted free speech, but also the speech that is quickly banned in any totalitarian regime.

His fear is that as we move communication to the internet we are steadily developing the technological and legal tools - internet filtering, ISP tracking, laws against circumvention technology - that will give governments the ability to control what we do. His concern is that this will evolve until it is able to suppress dissent.

And I’m not an advocate of absolute free speech. There are copyright laws, there are privacy concerns, there are military secrets, there is child pornography. These all trump free speech. But I think that means that we make these activities illegal and vigorously prosecute those who break these laws. But we should be seeking the minimal technical means necessary to detect the violators, without introducing such technologies that, to the level of a mathematical certainty, eliminate the ability for these activities to take place. Because, if we do so, we also at the same time introduce mechanism that can be also used to crush political dissent.

At Tech Liberty we're not as pessimistic as Rob Weir but we think he is worrying about the right issues. It's important that we protect our traditional freedoms even as we modernise and update the ways we express them.

The most recent leaked text shows that progress is being made on the details while some major disagreements (mainly around the scope of the agreement - should an anti-counterfeiting agreement also include patents and geographic indications) are yet to be resolved.

In our last summary article about ACTA we raised five issues where we thought that the treaty was a threat to justice and civil liberties.

Here we revisit them and find significant improvement in three of those issues and minor improvements in the other two.

1. Criminalisation - enforcement overkill

Criminalisation takes copyright infringement from civil law, where the aggrieved party can sue the offender in court for redress, to criminal law where the offender is arrested by the Police and can be punished by jail and fines.

The last version of ACTA required the parties (i.e. the signatory countries) to criminalise:

• infringement "on a commercial scale" or "for financial gain"
• recording a movie in a movie theater

This doesn't sound bad until you realise that "for financial gain" would include someone copying a DVD (because they now don't have to pay for one) and "commercial scale" could include using peer-to-peer file sharing where many people might download part of a file from one person.

Changes in latest draft

The latest draft of 2.14 (page 15 of the leaked draft) has added text that makes some attempt to define what "commercial scale" and "financial gain" mean, making it much more in line with what a reasonable person would expect from those terms. More importantly, the EU and US have proposed additional text that would explicitly exclude end consumers from being criminalised by this clause.

The curious obsession with people recording movies at the theatre still remains, although the European Union, Japan and Singapore wish to remove or significantly weaken this clause.

We believe that these changes, assuming they survive the drafting process, are a significant improvement and largely remove our objection to this aspect of ACTA.

2. Statutory damages - monetising justice

Statutory damages are where the law specifies the amount of damages to be paid to the plaintiff rather than letting a judge or jury make a determination based on the circumstances of the case.

We oppose statutory damages as they (a) are deliberately inflexible, (b) tend to be set too high, and therefore (c) encourage extortion by legal threats.

The original draft (article 2.2) had multiple competing proposals, some of which included statutory damages.

Changes in latest draft

The latest draft of article 2.2 (pages 6-7) includes the standard damages (compensation for injury to the rights holders and taking the profits of the infringer) but leaves the question of additional damages up to each country to decide.

New Zealand could choose to implement option C, "at least for copyright, additional damages", which matches current NZ law where the judge can decide, on the facts of the case, to add punitive damages.

This is a significant improvement and removes our objection to this part of the ACTA treaty.

3. Third party liability - blaming the innocent

Third party liability is the idea that people who provide tools or means that other people use to break the law should also be held liable.

ACTA stipulates that internet service providers (ISPs) should be liable if their users download pirated material (article 2.18.3). However, it does provide a limited set of protections for ISPs (a 'safe harbour') if they implement certain procedures, the nature of which are not clearly defined and still still appear to be the subject of negotiation.

Changes in latest draft

There are a number of changes to section 2.18 (pages 18-24) and, judging by the number of footnotes and bracketed options, there is still a lot of negotiation to go.

• There is still considerable disagreement around scope - whether third party liability should be only for copyright or also for patents, designs and trademarks.
• We are pleased to note that ACTA does seeem to have dropped the idea of graduated response (i.e. "three strikes and you're out") although this doesn't stop individual countries implementing such a scheme.
• There is also language that implies that people accused of infringing copyright can challenge the accusations before material is taken down (2.18.3(c)(i)).

In general it looks as though ACTA is moving in the right direction on some of these issues, with the treaty making more room for the individual countries to choose their own legislative responses within a very broad framework.

However there is still considerable cause for concern, not least that we disagree with the overall concept of blaming ISPs for the actions of their users.

4. Giving up customer information - lack of due process and privacy

The earlier draft obliges online service providers to hand over personal details of anyone accused of infringing copyright to the person making the accusation. We believe that this is a gross invasion of privacy and is an inappropriate grant of investigative powers to commercial groups.

Changes in latest draft

Section 2.18.3 (page 21) does not include the strong language of the earlier drafts.

There is a general clause that says that the parties will "encourage the development of mutually supportive relationships between online service providers and rights holders", which seems basically meaningless.

There is also a Japanese proposal to include provisions for forcing online service providers to give up details of subscribers but this power can only be exercised by the courts.

We are pleased to see that the original clause is gone from the ACTA treaty. We also have no objection to the Japanese proposal that service providers can be ordered by the courts to reveal subscriber information (assuming that there are appropriate safeguards).

5. Technological protection measures (TPMs) - taking away rights to use property

TPMs (technological protection measures) are digital locks used to prevent people using products they've bought in ways that the rights holder doesn't want them too. For example, the region coding on DVDs means that if you buy a DVD in one region you can't play it on a DVD player in another region.

The earlier draft prohibited the removal of technological protection measures as well as the distribution of products that are designed to do this. It explicitly says that this shall be a separate offence, irrespective of whether someone is doing this to infringe copyright or not.

Changes in latest draft

The relevant section 2.18.3 (page 21) is heavily adorned with footnotes and bracketed options. However, the general thrust of the clauses still shows that ACTA still intends to prohibit people from accessing the material they have purchased the rights to in the way that they prefer.

We oppose this and hope that the New Zealand proposal to exclude anything that controls access to a protected work for non-infringing purposes (e.g. you wish to watch your legally purchased DVD on non-authorised equipment) is included in the final text.

Conclusion

When looked at through Tech Liberty's civil liberties lense, the ACTA agreement is steadily improving. Of the five areas we highlighted in our last article, three of them have been substantially improved and some progress has been made on the other two.

However this should not be taken to mean that we believe ACTA is benign. We reject third party liability as being unjust and think that consumers should have the right to break technological protection measures (TPMs) in order to exercise the rights they paid good money for.

The lack of transparency around the negotiations continues to worry us. Luckily it seems to worry some of the participants too, judging by how quickly draft versions are being leaked. However, as citizens in a democracy we shouldn't have to rely on leaks to find out what our government is doing on our behalf.

Moving away from civil liberties, there are also major concerns about the inclusion of patents in what claims to be an anti-counterfeiting agreement and what this might mean for the availability of life-saving generic medicines.

Finally, we note that while ACTA is improving, we expect many of the same issues to reappear in the negotiations for the Trans Pacific Partnership. It seems that the rights-holders are prepared to keep banging away until they get the laws they want, therefore we will do our best to keep defending our rights.

• They completed trials of the system nearly two years ago.
• They have signed up just two small ISPs, Watchdog and Maxnet, although we believe that Maxnet are not using it yet.
• The list of banned webpages has only 153 entries on it (well down from the 7000 they were claiming earlier).

While they've been doing this:

• Internet NZ has announced their opposition to the filter on technical and practical grounds.
• Six ISPs have said they definitely won't use the filter, another couple have said they have no plans to implement it, and only three have stated an intention to sign up alongside the current two.
• Political pressure has forced the Australian Labor government to delay implementing their filter, and the opposing Coalition has said they'll scrap the system if elected.
• The US government has opposed internet censorship and stated their commitment to developing tools that allow people to circumvent it.

And all the normal reasons against the DIA's proposed censorship scheme remain:

• The filtering system only works against unencrypted websites and doesn't stop the main ways used to distribute objectionable images - torrenting, email, chat. Only 8.5% of the traffic going through the filter can be checked.
• It's easy for motivated people to work around the filter.
• Secret censorship (the list of banned sites is kept secret) is offensive in an open and democratic society.
• Better filtering solutions that cover a wider range of objectionable material are available for those who want them for their family or business.

Time to stop?

The filtering system doesn't seem to be getting anywhere and isn't going to work if it ever does - surely it's time to just close the project down. The money saved could be much better spent funding the DIA's efforts at infiltrating the groups that trade in objectionable images and shutting them down.

Initial letter from Buddle Findlay/Sky Television

Buddle Findlay

6 May 2010

Sky Network Television Limited
Unauthorised use of programme listings information

1. We act for Sky Network Television Limited ("SKY").

2. SKY is the owner or licensed user of the progrmme listings information for all programming that it broadcasts, as well as all of the names and logos associated with its channels (including the PRIME channel).

3. We have been informed that you are, through the "djkxml" application, which is downloadable from the website http://djkxml.oztheory.com and possibly through other means, providing to your users SKY programme listings information that you are not authorised to distribute to the public in New Zealand. If so, we believe this is a breach of:

(a) the Copyright Act 1994;
(b) the Trade Marks Act 2002; and
(c) the Fair Trading Act 1993.

4. Sky considers any breach of its intellectual property rights to be a very serious matter, and accordingly, if you are making the "djkxml" application vailable as described above we request that you immediately:

(a) remove the djkxml application (and any other infringing applications) from the http://djkxml.oztheory.com website and any other websites controlled by you, and refrain from assisting any other person to provide access to such applications;
(b) stop providing or helping others to provide, by any means or mechanism, unauthorised access to programme listings information;
(c) stop the unauthorised use, or assisting in the unauthorised use, of all trade marks owned by SKY and third parties;
(d) destroy or require the destruction of all documents, electronic files and information withing your control (including material held by third parties) that contain the infringing content referred to in (a) to (c) above; and
(e) confirm in writing to us that you have complied with, and will continue to comply with, the requiremens in paragraphcs (a) to (d) above.

5. Please provide the requested confirmations by close of business on Friday, 14 May 2010.

6. We look forward to receiving the requested confirmation from you and hope that this matter can be settled amicably. In the meantime, SKY reserves all its rights in relation to this matter.

7. We also reserve the right to inform your website host and other parties of your unauthorised use of SKY's listing information and trade marks.

8. We suggest you seek independent legal advice immediately.

Yours faithfully
Buddle Findlay

Philip Wood
Partner

Writing back

13th May 2010

Dear Philip Wood,

I acknowledge receipt of your letter of 6 May 2010 concerning the djkxml application and the http://djkxml.oztheory.com website.

I have no intention of breaching any New Zealand laws or of infringing Sky's legitimate intellectual property rights.

However, I do not believe that the djkxml application or the http://djkxml.oztheory.com website breach any New Zealand laws, nor do they infringe Sky's legitimate intellectual property rights.

Both the application and the website do not contain Sky programme listings or Sky trademarks.

I reject your claim that I am supplying Sky programme listings to anyone.

I also reject your claim that I am infringing Sky trademarks.

As your letter contains no specifics about how the tool or the website is breaching New Zealand law or Sky's intellectual property, I must now consider this matter closed.

Regards,

The lawyers respond

Thank you for your email.

In response to your query as to how your tool breaches New Zealand law, as you are aware, Sky's programme listings (even those available on third party websites) are protected by copyright. Therefore, any tool that enables its users to reproduce Sky (or Prime) programme listings in any format without Sky's permission will infringe that copyright. This rule applies, regardless of whether the programme itself contains infringing material, or if the programme merely enables users to access that infringing material themselves.

Accordingly, if your "djkxml" application or any of your websites contain information or tools that would help a user to reproduce Sky's electronic programme guide in any format, you may be liable for copyright infringement and Sky may have various remedies against you. Whilst you deny that you are providing programme listings to anyone, you or someone most certainly have advertised to the public that the djkxml application can do this (e.g. "new channels added for version 2.2.1 which are...Sky 1..." on http://forums.gbpvr.com//showthread.php?30586-Alternative-New-Zealand-XMLTV-listing-source/page4).

However, assuming that you continue to assert that your djkxml application cannot be used in the above manner, please provide us with the written confirmations requested in our letter of 6 May 2010.

We are continuing to monitor online abuses of intellectual property relating to Sky's programme listings and reserve all of Sky's rights (including the right to instigate legal proceedings for damages and or an injunction) in relation to this matter.

Sincerely,

Philip Wood
Partner

Second response

Dear Philip Wood,

Thank you for your reply and the explanation of why you believe the djkxml application breaches Sky's copyright.

I am now seeking advice on this matter and would like to clarify a few points to make sure we're not talking at cross-purposes.

1. If I understand correctly, your claim is that djkxml is in breach of Copyright Law because it lets someone access Sky listing
information on a website and save it as a file. Is this correct?

2. Your original letter said you believed the djkxml application also breached the Trademark Act 2002 and the Fair Trading Act 1993. Do you have any reason for this belief or do you wish to withdraw these claims?

I look forward to receiving your response so that we can move forward to a mutually satisfying resolution.

Regards,

The end

There was no further response from Sky or their lawyers.

Sky TV is currently sending such letters to a number of people (see an example here). These are their own paying customers, who just want to watch Sky TV on their home-made entertainment systems. So why is Sky doing it? Before we can answer that question we'll have to explain a little bit about electronic program guides.

Electronic Program Guides

When you subscribe to Sky TV you get a set-top box that takes the Sky signal, decrypts it and sends it to your TV. The signal also includes the schedule of what's on and when, the Electronic Program Guide (EPG). Products like the MySky digital video recorder rely on the EPG to, for example, record every episode of Top Gear no matter when it is on.

Some people prefer to use their own equipment to watch and record TV. They also need the schedule information from the EPG but the TV companies don't publish the data in a convenient format. Therefore the hobbyists started to create their own EPG, developing tools to take the data from websites and then sharing the results with the rest of the hobbyist community.

No free TV

It's important to note that the EPG doesn't allow people to watch Sky TV without paying for it. The EPG just says what's on. You still need to have a Sky set top box and a Sky subscription.

Are EPGs copyrightable?

The broadcasters not only don't make the EPG data easily available, they also claim a copyright over the listing data. As TV3 puts it:

3's listings are copyrighted and CANNOT be used without permission. We can supply you with our listings for a fee of $2,000 per month.

When asked why Sky is sending these cease and desist letters to people, the response from Tony O'Brien, Sky's Director of Communications was simply "Because they are not authorised to use Sky's listings information."

But can you copyright a listing? Isn't it just a fact that channel x is showing program y at time z? New Zealand law makes it clear that you can't copyright facts but that you can copyright collections of facts. The collection is seen to have a creative value worthy of copyright protection.

The IceTV case

This distinction was at the heart of a recent court case in Australia where Nine Network sued IceTV (this section is based on an informative article from Guy Burgess). IceTV were creating their own program guide from a range of sources including the Nine Network schedule, so Nine Network sued them for breach of copyright.

While IceTV conceded that Nine owned the copyright in their listing, they said they were only using some of the information from Nine's schedule. The judge agreed with this intrpretation, saying that as a work became less and less original (e.g. a recitation of facts such as a TV listing) that the proportion of the work that had to be taken to count as substantial copying increases, and ruled against Nine Networks.

Sky takedown notices

Sky TV obviously thinks that their listings are copyrighted and that people must first obtain their permission before using them. Therefore it seems that they object to people making Sky listing data available for others to use in their home entertainment systems.

Sky have paid Phillip Wood, a partner at law firm Buddle Findlay, to write letters asking these people to remove material that Sky objects to. We know of takedown notices sent to:

• the people who run a server that hosts a website with an EPG that lists Sky channels.
• the registrant of a domain name that points to that server.
• the author of an application (DJKXML) that reads data from a commercial website and reformats it into an EPG.
• the people who host a website explaining how to use the DJKXML application.

The letters say that Sky believes that the recipients are in breach of a number of New Zealand laws and gave the following explanations (quotes from Tony O'Brien, Director of Communications, Sky TV):

• Copyright Act 1994 – "Not authorised to use Sky's listings information."
• Trade Marks Act 2002 – "Using Sky trademarks without authority."
• Fair Trading Act 1993 – "Representing that they have a right to use Sky's listings information when that is not the case."

The letters then ask the recipient to stop what they're doing and delete any content that Sky thinks infringes their rights.

The letters finish with the ominous, "We suggest you seek independent legal advice immediately."

The DJKXML application

One of these letters was sent to the author of the DJKXML application (see the whole conversation here). This application connects to the TelstraClear website, downloads the program listing data and then reformats it into an electronic program guide (EPG). The user of the application can then load the EPG into their entertainment system so that they can see what's on and when.

The author of DJKXML is a hobbyist who wrote it for his own use. He then made it available for free to anyone else who was interested.

This case is interesting, because the DJKXML application doesn't actually contain any data at all – it just helps people download it from somewhere else where the information is easily available. How can this be in breach of the Copyright Act?

It might fall foul of section 37 of the Copyright Act 1994 that forbids a number of acts involving "an object specifically designed or adapted for making copies of that work, knowing or having reason to believe that the object is to be used to make such infringing copies."

As Sky's lawyer's put it: "Therefore, any tool that enables its users to reproduce Sky (or Prime) programme listings in any format without Sky's permission will infringe that copyright. This rule applies, regardless of whether the programme itself contains infringing material, or if the programme merely enables users to access that infringing material themselves."

Accessing and downloading data

However, one could note that any web-browser also downloads and then reproduces the data in a different format. The stream of raw HTTP data from the website is rendered and displayed by the web browser so that people can see the listings. Does this mean that a web browser is also in breach? What about a screen-reader being used by a blind person that takes that same data and speaks it?

TelstraClear obviously expect that people will want to look at and use the data in different ways - their online TV Guide has three separate views and even includes a Print button to make it easier to print the data.

Whose data?

More importantly, the Terms and Conditions for the TelstraClear website read as follows:

TelstraClear Ltd owns all copyright and all other intellectual property rights in this site. Everything on this site is copyrighted unless otherwise noted. It is illegal to reproduce or distribute TelstraClear Ltd's copyrighted material without TelstraClear Ltd's permission. You may however use this site for non-commercial purposes.

TelstraClear claim copyright in everything on their site but grant permission to use the site for non-commercial purposes. People using the djkxml application to download the EPG data from the TelstraClear are using it for a non-commercial purpose.

There's no doubt that a reasonable person, reading that clause on the TelstraClear website, would believe that they had the right to use the listing information for their own needs.

How can Sky TV be sending takedown notices relating to content that is explicitly made freely available on the TelstraClear website?

Resolving issues in the courts

You'd think that with such a clear statement from TelstraClear that the data is available from their site for non-commercial purposes, that there'd be no case to answer. Unfortunately our legal system is not that easy.

There is already one current case in the New Zealand courts about the copyright of directories. Yellow (publisher of the Yellow Pages) is suing both Yellobook.com.au and Image Marketing Group in the High Court for taking data from the Yellow Pages. The cases have gone on for a while and has involved a number of very expensive lawyers.

How credible is it for a single hobbyist developer to go to court? We asked the developer of DJKXML what he thought:

No I cannot afford to fight them in court. I am a family man earning a single wage for my entire family to live on. I would like to fight them but due to the fact that I don't make any money from this application, fighting them does not serve any purposes.

The developer has backed down and withdrawn the application even though he feels that he's in the right. He can't afford to fight them in court:

If I win, it costs me, if I lose it costs me. All in all, it's a lose-lose situation for me.

Sky have apparently sent "several" letters and we've listed at least four of them. When asked how many had gone to court, Sky responded that all of the recipients had "taken the correct course of action" and stopped doing what they were doing. But did they do this because they recognised that Sky was right or, as with DJKXML, because there was no way they could afford to take on Sky's lawyers?

The outcome

The net result of these scary letters is that some of Sky's paying customers, the hobbyists who like to use their own equipment to watch TV, have lost access to a suitable electronic program guide.

What does Sky get out of it? No one is using the data commercially and Sky refuses to even offer a service that people could subscribe to. All they're doing is inconveniencing some of their own customers.

A way forward for the hobbyists?

When we asked Sky TV about the similarities between their sending of takedown letters and the Ice TV case in Australia, Sky responded that it wasn't relevant as "That case involved a situation where IceTV was independently generating their own listings". This implies that Sky TV would have no objection if people created their own EPGs as long as they weren't substantially copying it from Sky's.

However, we know that Sky TV is already sending takedown letters to people who take data, with permission, from TelstraClear's website. Creating your own listings may be legal under New Zealand copyright law but that doesn't mean you'll be safe from Sky's lawyers.

Our opinion

Firstly, we don't understand how Sky can send out takedown notices when people are using data from someone elses website in accordance with the published terms and conditions on that site. If Sky TV have a problem with TelstraClear making the listings available in so many formats and under such a permissive license, shouldn't they be taking this up with them?

Secondly, we don't see what Sky gains from sending out intimidating letters in an attempt to stop people using this data. We believe that people who are paying for a service like Sky's, that includes an EPG, should be allowed to access that EPG data in a way that is most useful for them.

Thirdly, we think that this demonstrates a serious weakness in our legal system. If a large company accuses you of something and implies they might take legal action, there's no way that the average person can afford to go to court. Their only option is to agree to the demands, regardless of the merits of the accusation. This is obviously not a fair process.

Original article follows:

There's a new ACTA draft leak out, thanks to La Quardature. And does it contain a shocker when comparing the new and last leaked texts.

January 2010 Draft Text

In the Leaked January 2010 draft appearing above, New Zealand position on statutory damages (i.e. made up numbers like in the US where you face US$175,000 per infringement for each US$0.99 song) was fairly clear - we don't have such a damages system anywhere in our laws, and wouldn't accept one here. That is shown by notes proposing it's removal, and watering down the paragraph to "may" implement.

July 2010 Draft Text

Now looking at the post-Lucerne leaked text, any objection by New Zealand is gone. The "may" which would allow us to avoid implementing statutory damages is replaced with an unqualified "shall".

Did we just concede statutory damages?

Do claims by MFAT and MED that "no law changes are required" now stack up with the leaked text?

Is the New Zealand position now all in favor of monetizing justice?

He started by looking at s14 of the 1990 Bill of Rights Act. This is about freedom of expression:

Everyone has the right to freedom of expression, including the freedom to seek, receive, and impart information and opinions of any kind in any form.

This is obviously strongly influenced by article 19 of the Universal Declaration of Human Rights and article 19(2) of the International Covenant on Political and Human Rights.

These were all described as coming out of a post World War II consensus about access to information called the "free flow paradigm". This is the idea that information should be unrestricted globally and was possibly a reaction to years of war propaganda and state censorship. The three principles of this are:

1. Freedom of information as foundational to free expression
2. The "free flow" principle
3. Mass media is essential to free expression and free information

This model was challenged by the NWICO paradigm that emerged in the late 70s. This saw that the free flow model gave too much advantage to rich companies and countries, and thought that increased government regulation was necessary to make access to information fairer.

The distinction between those two is is important when it comes to interpreting the NZ Bill of Rights - the framers were surely aware of these battles and chose the much less restricted language of the free flow paradigm. What does this mean for New Zealand? Jonathan Penney drew out two main conclusions:

• Open connectivity - the internet is an important means of communication and it is easy to see that s14 of the Bill of Rights includes a "negative right" to it. This means the government doesn't have to provide it, but also can't block people from it (in the same way that freedom of speech doesn't mean that the government has to give you a printing press).
• Open data - access to information ties into open government and democratic participation.

This then has the following implications:

• Access to different mediums is foundational to the right - you can't take away access to radio and print and say "Well, at least you've still got TV."
• State obligations to promote the free flow of information - the Official Information Act and open data.
• No distinction between citizens and big media for information rights.

Which in practical terms leads to:

• No internet account termination (as was in s92A of the Copyright Act).
• The restrictions in the Official Information Act should be read narrowly.

Disclaimer from Chris: "It goes without saying that these are a Law student's interpretation of the first bill and they don't pretend to give a comprehensive view of the provisions - so viewer beware. However I hope they may be helpful."

Click on each flowchart to view it full size.

The flowcharts

• Overview of section 122
• Handling alleged infringement
• Copyright Tribunal Procedure
• District Court procedure

Overview of section 122

Handling alleged infringment

Copyright Tribunal procedure

District Court procedure

Here are some of the things that were discussed:

1. That everything you do on the internet leaves a trail. While anonymity is achievable, it is generally much harder than most people believe.
2. That this data can be collected, aggregated and analysed to reveal a surprising amount of information about people - and that this is only going to get easier.
3. Consent is meaningless when people are presented with a long document written in legalese with a checkbox at the end and no chance to question or negotiate.
4. A major new source of privacy breaches is people sharing information about their friends and family. Normally these remain within a social group but sometimes they can be picked up by other people and shared across the world.
5. Young people often don't understand the ramifications of posting personal data about themselves and their friends to social networking sites. There have been a number of cases where the news media have used photos, comments and other material from these sites in reporting.
6. The increase in geo-tagged data is making it increasingly possible to track people - which most people see as an unwanted invasion of privacy. Possibility of creating a "tracking without consent" offence.
7. The EU has rules about the "processing" of geographical data. For example, if you wanted to collect location data for a person from a Twitter update, a Flickr photo and a Four-Square check-in and use it for some purpose, you would need to get the permission of that person, even though they'd already published that data themselves.
8. New Zealand can't set its own rules in isolation - we're too small to enforce them on the global internet. Instead we should be supporting international harmonisation, particularly with like minded countries such as those in the EU.
9. If a company collects personal information, stores it "in the cloud" and then the information leaks out, the Privacy Act seems to imply that the company wouldn't be responsible.
10. That the Privacy Act does not stop companies from sharing any private information with the Police for the purpose of stopping crime. No warrant is required.
11. Should companies have to notify people of a privacy breach? Does this apply to all types of personal information? Should it apply to all breaches (individual and en masse)? How would we know if people are honouring this provision?
12. Anonymising data is harder than everyone thinks - as shown by inadvertent leaks by AOL and Netflix.

Some tentative conclusions

Many organisations are collecting huge amounts of data in many ways across multiple jurisdictions and then making it available in a variety of ways. We can't control this, all we can do is control how organisations and people in New Zealand use the data that is collected. Some rules we might like to consider:

• aggregating data about a person from multiple sources should require the permission of the person.
• you can outsource your data processing, but you can't outsource your responsibility for the data be used and stored responsibly.
• banning or limiting the republishing of information about minors from social media sites.

There is no real way to control what people publish about their friends. We're going to need to rely on new social norms being developed.