Monthly Archives: April 2009

One lawyer’s thoughts about switching open licences

This story was posted on one of the Creative Commons discussionlists, and it addresses a problem that at one time or another willface any organization using Creative Commons licences or any othercopyleft, open or free content licence: Can we switch our works to adifferent licence?

[There is] a collaborative community that hasbeen around for several years.
They had a couple of separate collections, and one was under the FAL(Free
Art License). They wanted to make everything compatible under CC-BY-SA3.0,
but the FAL is technically *not* compatible.

Then the question was raised with a US-based attorney. His response wasnot
to worry so much – they’re the same in all key ways, and his opinion was
that the intention of the contributors was not concerned with the minor
differences between open, copyleft licenses.

from thispost.

It may be counterintuitive (or, come to think of it, maybe thischaracterizes how people think of lawyers!), but lawyers tend to seeissues like this not in terms of whether you can do something,but in terms of the risk involved in doing it. You want to getout of your lease right away without giving the required 2 monthsnotice? You want to fire an employee even though you may not have justcause to do so? Perhaps you’d like to use a popular song as backgroundmusic on a YouTube video? You might ask a lawyer whether youcan do that, or how you can do it, but the lawyer is probablythinking, What is the risk in doing it? What is the likelyconsequence, and how likely is it?

Knowing this about a lawyer’s thought process helps explain theanecdotal lawyer’s response when asked whether theorganization can switch from the FAL to the CC-BY-SA licence.Technically, no, they’re not allowed to make that switch. But thelawyer is also thinking, how likely is it that one of the authorsinvolved will treat this as a copyright infringement? And what will theconsequences be if they do?

Of course every situation has unique considerations, and you shouldn’ttake this as legal advice for your own similar situation. For what it’sworth, in cases like this, I tend to agree with the lawyer in thestory, and for this reason: The major aspects of the licences, theissues the authors would have had in mind when they agreed to use thelicence, are the same, and are specifically about openlicensing.

That’s what makes cases dealing with open licences different fromalmost any other legal field in questions like this. These licences arespecifically geared toward a new way of dealing with copyright. Yes,there are differences among the licences, and some of those differencesare fundamental differences that would make them very risky toswitch (like switching an NC licence for a non-NC licence, or viceversa? Just don’t do it!). But if there are only minor differencesamong the licences, then, as the operator of the community in thestory, you would need to consider the risk that the sort of person whowould license a work under one open licence would bring acopyright claim against you for switching to a different openlicence that is the same in all but technical aspects.

So we have an author who uses open licences to distribute their workand understands the balance in copyright and the value of other peoplehaving access to that work. I suspect that such an author would be muchless likely to be upset about a switch to a fundamentally identicallicence than, say, a traditional commercial licensor would be if theircopyright licence were switched for a different one.

Every decision like this is a risk. Just how big a risk it is dependson your particular circumstances. You might need a lawyer’s helpsorting that out, and you might not. What you should learn from thisstory isn’t the general rule that licences can necessarily beswitched for similar licences. Rather, it is that in some cases, withsome communities of authors and users, and with sufficiently similarlicences, there may be a simple solution that has a low enough risk foryou.

Tagged , , ,

Is swine flu in your neighbourhood?


All this talk aboutswine flu made me think of,a wiki for reporting and geolocating symptoms. Withenough uptake, it might help monitor the progress of the flu.

The genesis of the ideafor Who Is Sick was actually from an acute need that our founder hadwhen his wife started experiencing severe stomach pain while they wereon vacation. With no way of knowing whether the pain was fromappendicitis, food poisoning, or some other stomach illness, ourvacationing couple went to the emergency room and waited for 4 hours(BTW – this was from 11pm until 3am) to be seen by a doctor…only to betold that there was a stomach flu going around and that if the paindidn’t go away in 24 hours, to come back. Wow. 4 hours wait for that…inthe middle of the night… (of course the doctor did check to see if itwas appendicitis so they weren’t all bad…).

Ourfounder thought, “if only there were a website that had current ANDlocal sickness information, maybe we could have avoided the long wait.”Needless to say, this started the wheels spinning and a couple ofmonths later, Who Is Sick was born.

Thesite mashes up GoogleMaps with an interfacethat lets you add your own symptoms (anonymously), or search forillnesses or locations. It also analyzes the symptoms showing up in themap at that moment and can filter by age, sex, symptoms, and onset ofsymptoms.

First look at Canada’s Electronic Commerce Protection Act (ECPA)

The government today introduced a very long awaited although not highlyanticipated Billfor a Canadian law to deal with spam or, rather, “unsolicitedelectronic messages”. Canadian governments have looked at spamlegislation since before the US enacted the Can-Spam act.So what does this first version of the Bill look like?

Generally speaking, the Electronic Commerce Protection Act (ECPA)has provisions against sending electronic messages without consent,although there are exceptions I’ll get to in a moment. It alsointroduces laws against phishing (by amending Canada’s personalinformation privacy law, PIPEDA); makingfraudulent commercial representations (by amending the Competition Act);and installation of malware.

Jump straight to section6 of the ECPA to read the main provision against spam.Here’s what it says:

6. (1) No person shall send or cause or permitto be sent to an electronic address a commercial electronic messageunless

(a) the person to whom the message is sent has consented to receivingit, whether the consent is express or implied; and

(b) the message complies with subsection (2).

(2) The message must be in a form that conforms to the prescribedrequirements and must

(a) set out prescribed information that identifies the person who sentthe message and the person — if different — on whose behalf it is sent;

(b) set out information enabling the person to whom the message is sentto readily contact one of the persons referred to in paragraph (a); and

(c) set out an unsubscribe mechanism in accordance with subsection11(1).

You’re still here? Great! You may not read all 69 pages of the Bill,but you need to at least read Section 6 to understand it.

So, the ECPA starts with an outright prohibition againstsending commercial electronic messages unless there is consent andthe message identifies the sender, has valid contact information forthe sender, and includes the means for the recipient to revoke consent.

MichaelGeist has a blog post with more detail, but here are the points Ifind most salient:

  • The Act defines “electronic messages” broadly so it will includeSMS spam and any other text, sound, voice or image message sent by anymeans of telecommunication. What isn’t included? In section6(7), we see that phone calls, phone messages, and fax messages areexcluded.
  • Whether a message is commercial is judged by the Act based notonly on the content of the message but also by the hyperlinks and thewebsites they link to. Also, a message asking for consent to send acommercial message is itself a commercial message under the Act.
  • ISPs are protected from liability for transmitting spam.
  • There is a prohibition against changing the delivery informationin commercial messages, redirecting them or adding recipients (exceptfor ISPs — they can redirect messages as part of their networkmanagement).
  • The Act prohibits malware — installing (or causing to install)any software without consent.
  • Consent to receive commercial messages can be explicit orimplied. Implied consent requires an existing relationship, which isalso defined in the Act.

What are the consequences for violating the Act?

  • The CRTC can require an ISP to preserve information for 21 days,which can be extended by another 21 days (Section 16)
  • The CRTC can also require an ISP to produce information, or evento apply for a warrant to secure information itself.
  • Fines can be imposed by the CRTC, specifically not for punitivepurposes but in order to promote compliance with the Act. The size afine depends on many factors, but they’re big: up to $1million for anindividual and up to $10million for organizations.
  • Importantly, the Act includes a private right of action, allowingindividuals affected by spam to bring perpetrators to court forcompensation up to $200 per item, up to $1million per day.

Those are the most salient points. One other point is important tonote: throughout the act there is reference to “prescribed” informationor “prescribed” requirements. That is code meaning that there will beRegulations under the Act specifying that information in more detail.Some of that is just the administration of the Act, but some of it isimportant and it is hard to know what the Act will require withoutknowing what those regulations will say. In fact, the form requirementsfor commercial message, even if sent with consent, are left toregulations.

Someone using your trade-mark online? Hire them.

Sending in the legal posse is an old-fashioned response in the new media age, Owyang said.

“It creates so much more buzz — people wonder why you would beat up your most passionate customers,” he said.

That’s why Coca-Cola Co. decided to let its users dominate discussion about the soft drink on Facebook.

The popular Coke fan page on the social networking site wasn’t created by the company, but rather by Los Angeles actor Dusty Sorg and writer Michael Jedrzejewski. It had more than a million fans when Facebook called Coca-Cola to alert them that the page violated the social network’s terms of service because it wasn’t operated by the trademark owner. Take over the site, Facebook told Coke, or we’ll take it down.

Instead, the beverage maker flew the pair to its Atlanta headquarters in January, took them to a hockey game, gave them a VIP tour of the Coke museum and let them play Eric Clapton’s guitar, then proposed that they officially run the page for the company. The two agreed. It now has more than 3 million users.

Your employees will complain online. Prepare for it.

A case brewing in federal court in New Jersey pits bosses against two employees who were complaining about their workplace on an invite-only discussion group on, a social-networking site owned by News Corp., publisher of The Wall Street Journal. The case tests whether a supervisor who managed to log into the forum — and then fired employees who badmouthed supervisors and customers there — had the right to do so.

[Employers Watching Workers Online Spurs Privacy Debate]Photo Illustration by The Wall Street Journal

The case has some legal and privacy experts concerned that companies are intruding into areas that their employees had considered off limits.

“The question is whether employees have a right to privacy in their non-work-created communications with each other. And I would think the answer is that they do,” said Floyd Abrams, a First Amendment expert and partner at Cahill Gordon & Reindel LLP in New York.

Employees can pop into each others offices or cubicles and mutter under their breath about the boss. They can huddle together in the kitchen during lunch and complain about working conditions. They can commiserate on smoking breaks about unfair expectations, rude coworkers and.. well, you get the idea.

Given the power of new communications technologies, employers have to expect their workers to bring their conversations online. And given that workers will complain online, employers should consider themselves lucky if their employees are responsible enough to keep those complaints from the public. Yes, communicating complaints to the entire workforce is different from small groups complaining to each other during breaks. But it is simply unrealistic to expect workers not to use the communication tools they are increasingly used to and comfortable with.

Instead of reacting to perceived violations by employees, organizations need get in front of these problems. They need policies in place that recognize the value of online communications tools but keep that communication within the organization, protected from the public. They may even need to provide the platform where workers can complain and issues can be discussed in a productive way. Every organization will have its own needs.

But it is sadly out of date to expect workers to keep their complaints to offline water-cooler conversations when they have such powerful communication tools at their fingertips.

Lessons from the Identity Trail: a new book on privacy, identity and anonymity


Friend and colleagueIan Kerr has a book launching tomorrow that is nothing less than the mostthorough study of online identity ever. Ian writes that the book isa new international collaboration from his research group and a numberof other top notch privacy scholars from around the world. Launching onWednesday, April 8, the book is titled, “lessons from the identitytrail: anonymity, privacy and identity in a networked society”.

In addition to its cutting edge interdisciplinary studies of anonymity,privacy and identity in the face of emerging technologies, one of thethings Ian is most proud of is that this is the first everOxford University Press (Law Division) book to be released under aCreative Commons licence!

You can find the online version as it isreleased in three stages on April 8, April 22 and May 6, and you canget 20% off the printedition if you order it from OUP.

TC1100 tablet on 24

I’m watching a rerun of 24 (season 5, episode 13)and look what I spotted — my old tablet, an HP TC1100.

The machine was discontinued in 2005, but it still manages to lookfuturistic.


%d bloggers like this: