Yesterday, a Federal Court in Toronto decided to postpone Voltage Picture’s motion to have TekSavvy divulge subscriber identities linked to 2000 IP addresses that Voltage claims have been used to share its movies illegally. Does the result vindicate TekSavvy’s refusal to oppose the motion and mark at least a partial victory for its subscribers, as some are suggesting?
My friend and colleague David Ellis makes an excellent case for why the answer is yes. As David sees things, far from caving, TekSavvy “was in fact working against Voltage on several fronts”. I’ve talked with several people with good knowledge of the case, thought long and hard about it, and while I agree with many of David’s points, I’m not convinced TekSavvy got the wins he thinks it did.
Let’s start on the positive side of the ledger though, because there is much to appreciate in what TekSavvy has accomplished thus far, with potential for more to come.
Standing Up for Subscribers
First and foremost, TekSavvy has dedicated many hours and, according to statements made in court, already spent $190,000 in legal fees and other costs fighting to ensure that its subscribers’ interests are properly accounted for. Besides David’s kudos for TekSavvy, CIPPIC’s director David Fewer is emphatic that the indy ISP deserves much praise for fighting strongly for its subscribers to be notified and more time to put together a proper legal defense.
Standing up for CIPPIC and the Public Interest
Second, TekSavvy has pushed hard to open space for CIPPIC, the public interest internet law and policy clinic, to gain standing in the case (more on this below). While nothing has been decided on this point, comments by Judge Leonard Mandamin suggest that CIPPIC will gain standing, as David’s post and live tweets from the court room by Paul Andersen and National Post reporter Christine Dobby, indicate.
Voltage argued strenuously against Teksavvy advocating on behalf of a role for CIPPIC. Its lawyer, James Zibbaras, argued the move to defer a ruling was just a delaying tactic to mask the fact that TekSavvy had no case. Justice delayed, would be justice denied, he claimed, because as the courts fiddled, Voltage’s movies would be ripped and burned across the planet. The judge was having nothing of it, however, and the matter was put on hold.
Starting Over: Letter from Voltage – Dear Fans
Third, TekSavvy’s counsel, Nick McHaffie, succeeded in getting Voltage to walk its scorched earth strategy back several steps. Whereas Voltage went straight for the subscriber identities linked to the 2000 IP addresses it has identified, this bypassed the usual first step in such cases: asking ISPs to politely send cease and desist letters to those allegedly engaged in illegal file-sharing, while using this as an opportunity to convert pirates into paying fans.
Voltage did none of that. A late in the game bid by McHaffie, changed this. As a result, Zibarras agreed to do just that, with McHaffie making it “very clear”, according to Ellis, “he intends to put language into the draft order that will protect the privacy of potential defendants”.
Compared to Other Canadian ISPs, TekSavvy’s a Saint
Fourth, TekSavvy’s efforts, as Jean-Francois Mezei put it in a perceptive comment to my last post, distinguishes the indy-ISP from others who have rolled-over and shut-up in two similar cases. In the first, also brought by Voltage in 2011, Bell, Videotron and Cogeco not only did not oppose the motion to disclose the identities linked to fifty IP addresses alleged to have illegally shared the movie The Hurt Locker, they didn’t bother to even show up in court. Despite winning the case, Voltage abandoned its claims last March and things came to a halt (also see here).
In another case late last year, four ISPs – Distributel, Access Cooperative, ACN and 3 Web – faced a similar motion by Canadian motion picture company, NGN Productions. Once again, all ISPs were missing in action, leaving their subscribers hanging in the wind (also see here and here).
At this point, I also need to clarify and correct a point I made in my last post: in the precedent-setting BMG case, far from all of the incumbent ISPs lining up against the record labels, only Telus and Shaw took the lead, while Bell and Rogers selectively and reluctantly joined the fold; Quebecor (Videotron) actively sided with the record labels (see CIPPIC’s archived materials).
In short, relative to most ISPs, TekSavvy is a saint, and should be applauded for walking the extra mile on behalf of its subscribers.
A Glass Half Empty/Full: What Else is a Good ISP to Do?
While TekSavvy has gone well-beyond the norms that prevail among Canadian ISPs, its stance still falls short of what is possible, not just in some fantasized world but against what seems achievable through the legal resources available as well as relative to best practices adopted both in Canada and elsewhere.
Delays May Be Useful, But Are Not a Legal Victory
The first thing to note is that even after spending $190,000, TekSavvy has not won anything yet in terms of a legal ruling other than two delays that allow others more time to get their houses in order. More to the point, it is still not opposing Voltage’s motion.
Standing Up for Privacy is a Real Option, even if not an Obligation
While discussion with others has led me to accept that Canadian law, and PIPEDA specifically, does not compel ISPs to take a stance on behalf of their subscribers’ privacy, the latter does give them the opportunity to do so. TekSavvy should take it.
That it has not stands at odds with best practices set by Telus and Shaw in the BMG case. Even Rogers, which otherwise waffled in the face of the record labels’ case at the time, agreed that ISPs are “obliged to protect . . . the privacy of their customers . . . by virtue of the Personal Information Protection and Electronic Documents Act (2000)”(para 13). This appears to be a moral position rather than a legally compelled one, but so be it if it aids in gaining a big win for subscribers’ privacy. After all, human rights are but empty legal shells if not moral rights, too.
CIPPIC is Not a Proxy for TekSavvy
While TekSavvy’s intervention has opened space for CIPPIC, the decision to defer a ruling on the motion does not guarantee it will be permitted to intervene. Even if it is, CIPPIC is not a proxy for TekSavvy but, as its request for intervener status states, it “brings an important public interest perspective to the proceedings, different from the Plaintiff, the Defendants and the non-party Respondent” (emphasis added).
As CIPPIC director David Fewer told me, CIPPIC’s first role, if it is granted intervener status, will be to underscore the importance of the right to anonymous speech online, with judges functioning as the safety valve in determining when such rights must yield to more pressing public policy concerns such as hate speech, defamation and copyright (see dayna boyd for good discussion of the vexed issue of anonymous speech rights). If the Voltage motion is not just about privacy rights, but speech rights, the fundamental question is which test will be used to decide when the right to anonymous speech can be over-ridden?
The continuum of options stretches from the weak ‘good faith’ standard adopted in the BMG and other copyright cases versus stronger standards in expressive rights cases that require those pressing a claim to demonstrate they possess evidence that is of a high enough standard that they just might win. In other words, when property rights trump speech rights, there better be good policy reasons and strong evidence for doing so.
CIPPIC’s stance reflects the increasing awareness that copyright claims have enormous implications for freedom of expression. That might not be of interest to TekSavvy, but it is a public interest of the highest order. It is also why CIPPIC needs to be in the room.
CIPPIC’s second concern is to raise questions about whether the courts are being used illegimately as part of copyright trolls’ business model, a model that depends on people, when faced with threat of litigation, making the rational choice to fold simply be settling rather than going through a costly court case. That Voltage went straight to a motion for disclosure versus taking the time to send cease and desist letters throws such concerns into sharp relief.
CIPPIC’s role, thus, is specifically not to intervene on behalf of any of the Jane or John Does that might stand forward in the Voltage motion or TekSavvy because the interests of each of these groups are not one and the same. ISPs must take a stand for themselves. And within a mountain of factors making it unlikely that the hundreds, if not thousands of Jane and John Does will be able to effectively participate, as Howard Knopf states, CIPPIC’s job is to suggest how the law should be applied, what tests should be used when property and speech rights clash, and to uphold the public interest.
TekSavvy, the Federal Court Wants (Needs) You
Towards the end of yesterday’s hearings, Judge Mandamin indicated that hearing a motion from only one side is risky. Two possible interpretations seem to flow from this: One, CIPPIC could play a more adversarial role, and perhaps it will. Or two, TekSavvy needs to step up to the plate more forcefully than it has.
I think the judge had the latter option in mind, but it is likely that only he and others in the room will ever know for sure. Two things seem to support this interpretation. First, Mandamin was clear that the Copyright Modernization Act, which just came into effect last November, is new and untested, meaning it’s ripe for interpretation and essential to get things right. TekSavvy has an opportunity to help define the new law and should use it. This is a job for those on the front line, not CIPPIC or a rag-tag group of Jane and John Does who may or may not show up when needed.
Judge Mandamin also made it clear that there were difficult technical issues that had to be dealt with and that the court needs to be as informed as possible. TekSavvy is in a better position than any to test the quality of the technical evidence, and for this reason, too, it should go beyond its current stance to directly oppose the motion.
Not a Fantasy
In the end, it is not that TekSavvy is doing nothing. As I argue above, and as David Ellis shows, it has done much, especially relative to what other ISPs have done. For that, we should stand in support of Marc Gaudrault, rather than casting barbs from the sideline.
That said, however, there is scope to do more. My desire to see more does not stem from seeing TekSavvy as falling short of some other-worldly standard of privacy or anything else, but concrete possibilities within currently existing laws, as Telus and Shaw (and to a lesser extent Rogers and Bell) showed in the BMG case and, as I suggested, in my last post, by best practices adopted by Sonic.Net and Twitter in the U.S. and ISPs in Sweden.
They have taken an active and assertive role in directly opposing motions by copyright claimants and/or the state to disclose their subscribers’ account-related data. In the case of Sonic.Net as well as the Swedish ISPs, they embraced policies that minimize the collection, retention and disclosure of subscriber information, thereby making it harder to turn-over subscriber information to copyright trolls, and anyone else, because they simply do not have it.
Yes, as someone I respect very much told me, I should be careful what I wish for, because if this mini-campaign for minimalist data collection, retention and disclosure policies gains legs, it’s possible the Harper Government would step in to mandate a minimum data retention law, likely in the range of six months.
My response is two-fold. First, we’ll deal with it if it happens. It’s not possible to be shadow-boxing with ‘what-ifs’. Should ISPs and other internet companies adopt this pet-project of mine, and face such a reaction, as some smart minds contemplate, then let us resume the battle royale that such a move could trigger, similar to the public outcry to the government’s last lawful access bill (Bill C-30).
Second, if expressive rights are tied to concerns about control over our own personal information, then perhaps it would be possible to challenge any attempt to legislate a data retention requirement on grounds that such a measure is excessively broad and an affront to speech rights? A more tailored response seems to have been grasped in the new Copyright Modernization Act where the need to retain subscriber data for six months only kicks in after an ISP receives notice of IP addresses that have been linked to infringing behavior. Data retention seems to be a bit of a blackhole when it comes to the interests of property and the state in Canada, and the sooner we shed some light on it, the better.
David Ellis, J.F. Mezei, and others are right that TekSavvy has done more than most and won a few victories along the way. With all that TekSavvy has done over the years, it would be churlish to see it as selling out.
However, there is more that it can and should do. At this early stage in the shaping of the new copyright law, carving out an even greater role for itself could fundamentally shape the legal landscape for the internet and digital media for years to come.
And it is for all these reasons that I hope it will rise to the occasion, while being mindful that it has done much already and itself not privy to an unlimited stash of cash. Perhaps this is grasping at straws, but how about a John and Jane Doe and TekSavvy Copyright Troll busting fund?
If that’s an option to be pondered, I’m in for $190 to start (1/1000 of what TekSavvy has on the table so far).
Tomorrow will be a big day in a federal court in Toronto. At 11am, the court will hear a motion by Voltage Pictures to have Canadian indy-ISP and darling of the open internet community, TekSavvy, disclose the subscriber names and contact addresses associated with a list of 2000 IP addresses that Voltage alleges have been used to upload and share its films and tv programs in violation of copyright law.
At the end of the day we may know whether Voltage has prevailed and TekSavvy forced to hand-over the subscriber account information linked to those 2000 IP addresses. But while we wait, there is another question that I want to address in this post, and that is whether TekSavvy has done as much as it should to oppose Voltage’s motion?
As TekSavvy’s CEO Marc Gaudrault stated in DSL Reports last December when the case first erupted into public view, “we will not be making a case against the merit of what they are alleging. That’s for those affected and others to do if they wish to.”
That refusal to take a stand, to put it mildly, has displeased many of its subscribers. It has also unleashed a roiling discussion thread on DSL Report as well as the blogosphere. Respected copyright lawyer, Howard Knopf (here, here and here) and Jason Koblovsky (here & here), one of the co-founders of the Canadian Gamers Organization, have been highly critical of TekSavvy, arguing that it should be doing more to push back against Voltage’s shake-down of the ISP.
Drawing on his experience as legal counsel to CIPPIC in a close parallel to the motion now in front of us — the BMG case in 2005 — Knopf argues that TekSavvy should take the lead in opposing Voltage’s motion for at least three reasons:
- First, since it is the only entity that can resolve the link between IP addresses and subscriber identities, it is in the best place to challenge the technical evidence that Voltage and its forensics contractor, Canipre, have put forward;
- Second, in the BMG case, Telus and Shaw actively stood in opposition to the record labels’ bid to obtain subscribers’ identities on just this ground and TekSavvy should do no less in the present case, especially given that it holds itself out as being more attuned to its subscribers’ interests than its corporate cousins – a point that Koblovsky also relies on heavily;
- Third, it is too much to ask of CIPPIC, an organization with a skeletal staff and limited resources, to take the lead in the case.
The criticism of TekSavvy has led to a lot of soul-searching, mostly because, to most observers, the indy-ISP has been on the side of angels. The little-ISP-that-could, for instance, led the charge against the CRTC’s hated UBB decision in 2011, has intervened time and again in a myriad of regulatory decisions in which the fate of indy-ISPs has been on the line, held itself up as a plucky alternative to the incumbents with more affordable services, bigger caps or none at all, and has been a patron of Open Media, probably the most successful group this country has ever seen in terms of opening up arcane telecom, media and internet policy issues to a much bigger audience.
So, not surprisingly, others have come to TekSavvy’s defense. Most notably, in addition to denouncing Voltage’s mass copyright litigation (here and here), the other day David Ellis chastised TekSavvy’s critics. As Ellis sees it, TekSavvy has being working hard on behalf of its subscribers for two months. Moreover, TekSavvy quickly joined CIPPIC to ask the court to postpone the matter to give the ISP more time to notify its subscribers, for the court to consider CIPPIC’s request to join the proceedings and to give Voltage and its hired-gun, Canipre, more time to clean up their data. Ellis also suggests that the distance between pushing for a delay and outright opposition might not be that far, and we could still see it take on a more active oppositional role yet.
He also argues that TekSavvy’s reticence to take a stance is probably due to concerns that doing so could jeopardize its claims to being a neutral, common-carrier. In this view, by staying neutral, TekSavvy avails itself of ‘safe-harbour’ provisions that get ISPs off the hook in terms of their own liability in copyright infringement cases.
While I agree with Ellis that TekSavvy could yet change its stance, and that it has done much to buy its subscribers time to arrange their own defense, I do not think it has done enough. I also think worries that actively opposing Voltage’s motion could jeopardize its ‘safe-harbour’ defense are misguided. As a common carrier, ISPs already have limited liability for what their subscribers do, and what TekSavvy does in the courtroom will have no effect on that.
I agree with Knopf that TekSavvy should be taking the lead in opposition to Voltage’s shake-down because it is in the best place to do so from a technical point of view. That there may be problems with the technical data that Voltage is presenting is evident in the fact the company cut their initial list of 4000 IP addresses down to 2000 at the last minute – a good sign that things are not quite in order. Given the weight the BMG case put on the quality of the data in determining whether privacy would be trumped by other pressing concerns, this is essential (see para 21).
Second, ISPs are common carriers and this means their liability for what subscribers say and do is very limited, both by law and by tradition. The basics of what that means is set out in the Telecommunications Act of 1993 (see sections 27-29 and 36). Common carrier principles are also carried over into the new Copyright Modernization Act, as the following passage indicates:
A person who, in providing services related to the operation of the Internet or another digital network, provides any means for the telecommunication or the reproduction of a work or other subject-matter through the Internet or that other network does not, solely by reason of providing those means, infringe copyright in that work or other subject-matter (sec. 31(1)).
Incumbent ISPs have always reserved the right to aid copyright claimants (read your Terms of Service agreement) and, indeed in 2011 Telus said that it was sending out 75,000 notices a month of alleged copyright infringement to its subscribers. The new Copyright Modernization Act has parlayed this informal arrangement into a notice-and-notice regime that now requires ISPs to do the same thing as a matter of law, and to retain and disclose subscribers’ information for a period of six months after receiving notice of copyright infringement.
There is nothing in the new act or the old legislation, however, that prevents or even discourages ISPs from taking a stance against a motion for disclosure. Again, as Knopf observes, when mass copyright litigation first hit Canada in the BMG case, Shaw and Telus stepped up to oppose BMG and the rest of the recorded music industry arrayed against them. Moreover, while Bell and Rogers were less committal in the opposition, ultimately they did line up foursquare with Shaw and Telus behind the view, as the court stated, that ISPs should step forward to “protect the privacy of their customers whom they were obliged to protect by virtue of the Personal Information Protection and Electronic Documents Act (2000) (para 13). They won.
TekSavvy should do the same. Going out on a limb a bit, at least one seasoned lawyer that I have spoken with suggest that the case could be fought and won easily, for five figures, i.e. under $100k.
Beyond the BMG case we can also look further afield to the United States at a recent example of what a real stance opposing a motion of disclosure looks like. Thus, when faced with a request from the Department of Justice to hand-over account information for three of its subscribers, without telling them, as part of the DOJ’s investigation of Wikileaks, Twitter refused. The company obtained a court order allowing it to disclose the request to the users in question. It also put them in touch with legal counsel at the Electronic Frontier Foundation.
Finally, Twitter fought the request tooth and nail, all the way to appeal, but lost because, according to the ruling, the social media company’s business model is based on the unbridled collection of user data for advertising purposes in return for free access to the service. The upshot of that, in turn, is that users have no reasonable expectation of privacy and thus Twitter had to hand over subscribers’ account information to the state.
Whether Twitter won or lost is not the key point; the fact that it stood up to the plate, and fought to the bitter end in support of its subscribers and a principle – privacy – is. Moreover, while a loser in the court of law, in the court of public opinion, it won: Twitter’s chief lawyer, Alex MacGillivray, was named by The Guardian as one of its top twenty “champions of the open internet” last April. The Electronic Frontier Foundation offered its own honorifics.
The last point that I want to make is that TekSavvy has another option at its disposal: minimizing the collection, retention and disclosure of subscriber data as a matter of company policy. Apparently there has already been some discussion of this, with the ISP at one point in time before the Voltage motion hit the fan thinking about increasing the length of time that it keeps data logs from three months to six. That is now off. And that is certainly a good thing.
There are many reasons that ISPs need to keep data logs, not least of which are billing and network management. However, there are also ways of meeting these needs that limit the data kept to just these narrow purposes and which otherwise minimize how much data is collected, how long it is retained, and when it is disclosed. Billing data, for instance, can be kept separate from traffic data, with the former retained, and the latter tossed.
There are two excellent examples along these lines that I’ll close this post with. The first is Sonic.net, a San Francisco Bay area ISP with 45,000 subscribers. It keeps subscriber data logs for only two weeks and has been the recipient of copious amounts of praise and a four-star rating by the Electronic Frontier Foundation in the latter’s annual “Whose got your back” scorecard because of this practice. TekSavvy could take some lessons from Sonic.net.
Lastly, in 2009, several Swedish ISPs, including one of the top 3 – Tele2 – began erasing “traffic data” in order to protect their subscribers privacy. They did so in response to the Sweden’s own new copyright law, IPRED, and in order to avoid precisely the kind of predicament that TekSavvy now finds itself in.
In my view, such a minimalist data collection, retention and disclosure policy is part and parcel of what a full-throated defense of principles and its subscribers would look like. The point is not to turn TekSavvy into a scofflaw, or a ghetto for copyright infringement abuse. The case of Sonic.net, Tele2, Twitter, and others demonstrate well that strong privacy and subscriber protections are not tantamount to such things, and indeed are good business and good for people’s rights.
Minimizing the collection, retention and disclosure of subscriber information embodies practices and values that apply across domains. Today it is copyright; tomorrow, lawful access and the son-of-Bill C30 (lawful access). Such values and practices will serve us well in that context, too.
We are in the midst of many events and choices that will be made that will set down the firmament in which the internet establishes deep roots. In my mind, we need to realize that these decisions and events will determine whether we can develop an internet fit for democracy, or whether we will see trade-offs all down the line to the point that an open internet and democracy are just a dream. Good night.
* Note: revised January 14th to acknowledge that Bell and Rogers were far more tepid in their stance than Telus or Shaw in the BMG case, while Quebecor (Videotron) actively sided with the record labels.
The Twitter-Wikileaks Decision: How the Corporate Model of Internet Privacy Serves the National Security State
Social media users of the world take note: according to a U.S. District Court‘s decision in the Twitter-Wikileaks case (November 9, 2011), you have no right to expect privacy online. The immediate result of the decision is that Twitter must hand over a substantial body of personal data for three of its users to the U.S. Department of Justice in relation to the latter’s ongoing Wikileaks investigation: Icelandic MP and Collateral Murder video co-producer, Birgitta Jonsdottir, Wikileak’s volunteer Jacob Appelbaum and Dutch hacker Rop Gongrijp.
The information sought is as expansive as it is intimate: subscriber registration pages, connection records, length of service, Internet device identification number, and more (see pp. 7-8). It’s reach is global, as is the opposition mounting against the the so-called Twitter Order. Besides putting fuel in the belly of hactivist groups such as Anonymous and LulzSec, the U.S. government’s efforts to shake-down Wikileaks has been condemned by Iceland, 85 members of a European parliamentary group and the Inter-Parliamentary Union.
The latter was especially sharp, stating that it “failed to see” how the Twitter Order could be squared with Article 19 of the Universal Declaration of Human Rights. It also worried aloud about the emergence of a “national and international legal framework concerning the use of . . . social media . . . [that] does not appear to provide sufficient guarantees to ensure respect for freedom of expression, access to information and the right to privacy”.
The case began last December 2010 when the U.S. Department of Justice obtained a court order requiring Twitter to turn over a slew of user account information for a list of people that were of interest in the ongoing Wikileaks investigation. To its credit, Twitter refused to do so without notifying the people targeted first and mounted a serious legal challenge to the ‘gag’ order (see the story by Declan McCullagh of CNET here).
Hope was dashed and important communication rights rolled back last week when a District Court in Eastern Virginia declared that Jonsdottir, Appelbaum and Gongrijp forfeited their right to privacy when they clicked to accept Twitter’s terms of service policy. As the court argued, by clicking on Twitter’s terms of service policy, they “voluntarily relinquished any reasonable expectation of privacy” (p. 28).
For good measure, the decision also curbed Jonsdottir, Appelbaum and Gongrijp’s First Amendment rights claims as well, declaring that they have no right to know if the DOJ has also approached Facebook, Google or any other Internet companies with similar requests and, if so, just what kinds of information about their lives online had been turned over (see p. 52). The case is also about the network free press too because Twitter has become an integral part of journalistic routines, and Josdottir is undoubtedly worthy of as much free speech as can be mustered, given her status as a video producer, MP and advocate of turning Iceland into a ‘digital media, free speech haven’.
The decision’s outstanding feature is the way in which it makes privacy rights a creature of social media companies’ business models rather than a function of constitutional values, law or social norms. Making Internet corporations’ business models the standard of online privacy, however, is outlandish because Twitter, Facebook and Google’s terms of service policies are all about maximizing the collection, use and commodification of personal data, not privacy.
The Twitter-Wikileaks decision is remarkably candid in its view that the standard of privacy on the Internet that we should expect is whatever Internet companies’ terms of service policies say it is. Social media users, according to the court, would have to be woefully naive to expect that privacy is a priority value for advertising-driven online media, given that almost the entire business model of major Internet companies is about collecting and selling as much information about audiences as possible.
Such a view reduces privacy to the logic of corporate business models and market transactions. Worse, by turning privacy into the plaything of corporate business models, the court essentially turned commercial Internet companies such as Twitter, Facebook and Google into the handmaidens of the national security state.
Christopher Soghoian captures the essence of the problem in relation to Google, but his comments are applicable to Internet companies in general:
Google’s services are not secure by default, and, because the company’s business model depends upon the monetizaton of user data, the company keeps as much data as possible about the activities of its users. These detailed records are not just useful to Google’s engineers and advertising teams, but are also a juicy target for law enforcement agencies.
Things don’t have to be this way. Instead, the Internet could be organized in ways that further communication rights and a democratic society by, amongst other things, minimizing the collection of personal information and retaining it for the shortest time possible, as the Electronic Frontier Foundation recommends and as some non-commercial websites such as IndyMedia centres do. The Virginia District Court, in sharp contrast, leverages the mass production and storage of personal data enabled by Google, Facebook, Twitter, and so forth as fully as possible and for the advantage of the state.
The idea that privacy rights turn on the terms of service policies offered by private companies rests upon a peculiarly squinty-eyed view of things. Even if we took the perspective of corporate behaviour as our guide, Twitter has sometimes distinguished itself in the Wikileaks and other cases by placing a higher premium on privacy values than Facebook and Google, for instance.
In contrast, to the latter, which have remained quiet in the case, and to Amazon, Apple, Paypal, Visa, Mastercard, everyDNS, and several webhosts in Europe that were only too eager to aid the U.S. government’s crackdown on Wikileaks by withholding critical resources — money, servers, domain names, webhosting, etc. — essential to Wikileaks’ survival (see here, here and here), Twitter refused to join the information blockade. Instead of buckling under intense government pressure, it refused to turn over account information for Josdottir, Applebaum and Gongrijp before notifying them first when a subpeona wielding US Department of Justice came knocking last December.
Twitter challenged the gag order in court as well, thus giving Jonsdottir, Applebaum and Gongrijp a heads-up about the events unfolding. It also directed them to the Electronic Frontier Foundation for legal advice, which, in turn, brought some of the best minds in the U.S. on privacy, social uses of the Internet, surveillance and security to mount their case (see here).
Twitter adopted a similar stance during the London riots this past August by refusing to comply with British government requests to shut-down its service and hand-over users’ information, while Facebook served eagerly on bended-knee. Thus, even by the narrow measures of corporate behaviour, it is not unreasonable to assume that Twitter’s behaviour could cultivate a higher sense of privacy amongst its users.
Of course, there’s no need to pretend that Twitter is the epitome of virtue in such matters, because it is not. To take just one instance, for example, while Google, WordPress and several other entities have all signed on to the broad statements of principles regarding privacy and online free speech rights set out in the Global Network Initiative, Twitter and Facebook have conspicuously refused to sign on to even these ‘market-friendly’ standards.
More important than all of this, however, is the fact that the relevant measuring rod of communication rights is not the market or corporate behaviour. Instead, we should look not to corporate business models and terms of service policies as a guide but to legal, political and international norms. Even more importantly, the focus should be on how social norms govern privacy and how we disclose personal information in complex, negotiated and contingent ways (see dayna boyd’s work on the point, for example).
People manage their identities and disclose personal information differently in the ‘online world’ versus the ‘real world’, but in both cases their expectations about privacy are contingent on time, place, contextual cues as well as the nature of the relationship involved. These issues as well as the fact that the vast majority of people do not even read online terms of service policies — and those that do more often than not do not fully understand what they mean — were all brought to the court’s attention, but quickly buried in a footnote and brushed aside (see here).
In the end, the Twitter-Wikileaks decision serves the U.S. government’s bid to drive Wikileaks out of business well. Even reluctant actors such as Twitter have been forced back into line. For the rest of us, the decision at least has the merit of making it clear that the hyper-commercialized ‘free lunch’ model of the Internet comes with a steep price: privacy rights and an entire industrial arrangement poised to serve as the handmaiden of the national security state.
Birgitta Jonsdottir has just published a new column, How the US Justice Department Legally Hacked My Twitter Account in The Guardian, here.
The Conservative Government is off and running. A majority in hand, it is already driving through on its legislative agenda. An already in just the last week, we have seen several items of critical importance to the network media in Canada:
1.The Copyright Modernization Act (Bill C-11) was introduced Thursday last week, a copy of the bill that died when the election was called. The new bill was the third on list of items introduced by the government this session. Digital locks and new rules requiring ISPs to formally block certain websites under court order and to routinely take on ‘intermediary roles’ on behalf of copyright industry claimants are its irredeemable Achilles heal, despite the fact that there are some good measures on it.
I have had my say on this before, and you can see my views here. Michael Geist has a good sum of the implications of the new Copyright Modernization Act here. On ISP website blocking and intermediary roles, the Government’s explanation of the measures is clear enough and can be seen here.
2. Konrad von Finckenstein won’t be coming back to the CRTC after January 2012. The government wants to appoint someone more compliant. It will not have any problem in that regard, with a gaggle of the underserved far worse than KvF standing in line (i.e. the I-don’t-know-jack-about-media Harper appointee, T. Pentefountes; the wireless industry’s kingpin and ex-Conservative Premier of New Brunswick, Bernard Lord; Quebecor Media Inc’s (QMI) front man Luc Benoit; and former Minister of Foreign Affairs, Lawrence Cannon).
Just what we need, more political hacks overseeing the development of the network media in Canada at such a critical time. I called it crony capitalism a while back, and it looks like it’s about to get worse. An independent and network free press depends on autonomy from Government, not for supplicants from one government after another to be spread throughout the media system.
3. A third item has not yet appeared, to some people’s surprise, given that it was supposed to be a prominent piece of the Government’s omnibus crime bill: so-called “lawful access” legislation. While held back from the omnibus crime bill, you can rest assured that it will be coming back.
A cornerstone of this push last Parliament was the Investigative Powers for the 21st Century Act (Bill C-51), a bill which would make it mandatory for telecoms providers, ISPs and search engines to disclose subscriber information, including name, address, IP address, and email address, to law enforcement officials without court oversight. It would also require costly upgrades to these networks to enable new surveillance capabilities. The post I wrote on the topic can be seen here.
I have said for some time that ISPs and other network, search and social media providers should not be turned into gatekeepers acting on the behalf of either commerce or the state. Lawrence Lessig said the same thing ago in his classic, Code and other laws of cyberspace. This is a principle and one that should not be thrown under the bus. Creating an open network media system requires that the collection, retention and disclosure of subscribers’ personal information be minimized, not maximized.
Coupled together with the new requirements for ISPs to block websites and take on intermediary roles in the Copyright Modernization Act, the requirements included in the Government’s surveillance and lawful access legislative proposals to date cut intensive gatekeeper functions. Don’t look for a smokin gun, but a serious tilt slowly biasing the evolution of Canada’s telecom-media-Internet infrastructure in the favour of greater control and away from a transparent and open model of the open Internet.
We reach certain points in time, what the critical media scholar Robert McChesney calls “critical junctures”, or which the sociologist and media historian Paul Starr calls “constitutive moments”. We are in one such moment at present, I believe, and choices and decisions made now will tilt the evolution of the network media away toward a much more closed, surveilled and centralized regime than the open and distributed one, with the latter being the ideal because it strives to put as much of any networks’ capabilities at the ends of the networks and into as many people’s hands as possible. It is called maximizing the diversity of voices and it is a principle essential to any free press — digital, networked, or otherwise — and to the role of communications media in a democracy.
I think we need to push back against the tide. As part of my efforts to do so, over the past several months I joined with a number of groups and academics to produce a short video on the Conservative Governments proposed lawful access legislation. The efforts involved the Digitally Mediated Surveillance (DMS) research project (http://www.digitallymediatedsurveillance.ca/), the New Transparency project (http://www.sscqueens.org/projects/the-new-transparency/about), and features renowned Canadian academics discussing why cyber-surveillance and this lawful access legislation in particular is problematic for the future of privacy, democracy, civil liberties and the open internet.
The video is also part of a national campaign led by a coalition of academics and civil society groups, notably OpenMedia.ca, to on lawful access and cybersurveillance. One goal of that campaign was to have such legislations separated out from the Conservative’s Omnibus crime bill, and ensure the legislation receives full parliamentary debate (http://www.stopspying.ca/). That goal has been achieved. Now, it’s the tough part: the debate that will help determine whether networks will be designed and operated to minimize or maximize the collection and disclosure of personal information.
The full video, Unlawful Access: Canadian Experts on the State of Cyber-Surveillance, can be seen here:
An extended video interview with yours truly is available here:
The other day I pounded away madly on the keyboard about global internet regulation. I was perturbed by the preliminary ‘e-G8′ meetings convened by President Sarkozy that seemed mostly designed to push a regulated Internet on the basis of bringing order to a disorderly and criminal Internet. It was a bad idea I said.
Here, though, I want to speak about the push for similar measures in Canada. As I see things, an open network is caught in the cross-hairs of several forces at the present moment:
- first, we have the well-known issues of UBB and bandwidth caps that are transforming the open and user-centric Internet into the pay-per Internet;
- second, we have the copyright industries pushing for ISPs and search engines to become extensions of the copyright enforcement regime;
- third, each of the ‘big six’ ISP’s ‘acceptable use policies’ contain extensive measures that constrain what people can and cannot do with their Internet connections;
- fourth, proposals in the Investigative Powers for the 21st Century Act (Bill C-51) introduced in the last Parliament and set to be reintroduced with the new Government’s omnibus crime bill sometime soon aim to retool communication networks in Canada for greater surveillance capabilities and to make it mandatory for telecoms providers, ISPs and search engines to disclose subscriber information, including name, address, IP address, and email address law enforcement official without court oversight.
This post focuses on the latter initiative, and what is known as ‘lawful access’. As with the rhetoric mobilized by Sarkozy, underpinning the push for greater surveillance power and easier access to records of Internet users is the idea that the Internet is disorderly and unruly place.
Yet, we must remember that in Canada, the Criminal Code already covers the Internet and crimes in real space are also crimes in cyberspace, notably child pornography, ‘hate crimes’, and obscenity. In other words, the Internet is not the wild west without the rule of law in place.
The Government wants to, it says, simply update and ‘modernize’ the existing arrangements with the Investigative Powers for the 21st Century Act (Bill C-51), a move which they say is long overdue because the existing laws were put into place when there was no such thing as the Internet. The Canadian Internet Policy and Public Interest Centre (CIPPIC) offers a good historical review of the current bill and its predecessors here.
In some ways, the Government claim is true. Public communication networks have always been intertwined with the interest and operations of the nation-State. That was as true for Roman roads and Venetian canals in the past, as it has been for the telegraph, postal and other media networks that have evolved up until today.
From emergency 911 services, spectrum grants to police and firefighters, and the Defense Early Warning (DEW) line in Northern Canada during the Cold War (and lucrative development ground for what eventually would become Nortel, before it crashed and burned on the embers of dot.com stupidity), the state and communications providers often work hand in glove. Silicon Valley North, as some in Kanata like to say, ain’t next to Ottawa (and the DND, or CSIS, or the Communication Security Establishment) for nothing.
In the past, some heterodox media political economists such as Dallas Smythe and William Melody complained that building networks to high-end national security, military, law enforcement and business needs created gold plated networks that were effectively subsidized by the general telephone subscribers.
Yet, just because there is nothing new in telecoms companies being deeply involved in matters of the state and law, this does not mean that there is not a lot that is new in the Government’s proposed legislation.
The new legislation:
- is not based on compelling arguments that it will deal better with crimes in cyberspace — child pornography, ‘hate crimes’, and obscenity –than the Criminal Code, without unduly stifling the free of expression in network media spaces.
- would require telecoms providers, ISPs and search engines to adopt expensive ‘network upgrades’ that expand their capacity to collect and retain ‘general contact data’ for all of their subscribers and even for specific contents of our online communications.
- to disclose this information to law enforcement and national security agencies upon request.
- to do so without a court-authorized warrant.
A few journalists and bloggers have issued alarmist calls that the new legislation would effectively outlaw anonymity and certain kinds of hyper-linking. I don’t think so. Michael Geist and the legislative review of the Investigative Powers for the 21st Century Act done by the Library of Parliament show convincingly enough that that’s not likely to happen.
It will, however, implement several new measures that will skirt, or bypass existing practices: no court orders, wide-scale implementation of news surveillance technologies, and procedures that have left all of Canada’s provincial Privacy Commissioners and others strongly opposed to the Conservative’s proposed new law.
One virtue of the Investigative Powers for the 21st Century Act (Bill C-51) is that it will bring out into the open and formalize in law a set of ‘voluntary’ practices that are already used to combat ‘cybercrimes’, but currently conduced behind closed doors.
Project Cleanfeed, for instance, involves ISPs working hand-in-hand with police to identify and block problematic URLs, mostly for the purposes of blocking access to child pornography and to facilitate investigations of such activities. The RCMP works hand-in-hand with the Immigration and Customs Enforcement (ICE) in the United States and thirty some odd similar agencies worldwide to disable access to ‘illegal websites’, so-called ‘domain name seizures’. The new law would match up with the facts on the grounds as they’ve already been established by ‘the State’.
The problem, however, is enrolling telecoms providers, ISPs and search engines in such processes to begin with. Up until now, ISPs act in tandem with the police through secret lists, no CRTC oversight, no court orders, etc. in Project Cleanfeed. Formalizing the requirement that they continue to take on this role, and to do so at the beck and call of national security agencies and cops rather than a court authorized warrant, takes a very bad route to a potentially good thing. Legalizing ‘rough justice’ and a murky role for ISPs does not sound like a good idea to me.
As I said earlier, telecoms companies have always had to build their networks equipped for national security and law enforcement purposes, and to comply with court orders when they are presented with them. That should continue to be the case today, with more candour and conformity to the concerns of privacy raised by, among others, all of the Provincial privacy commissioners pointed to above.
Basic rule in all of these cases, and regardless of whether it is the state or market interests that are bending basic networks and functionalities (i.e. search, storage, surveillance, etc.) to their purposes, is that gateways (telecom networks and ISPs) should never be gatekeepers. The goal should be to minimize rather than to maximize surveillance and ‘gatekeeper’ powers.
The idea of badly authorized and murky intelligence operations running roughshod on the public Internet is not a dystopian and remote fantasy. Over three quarters of U.S. military communications runs on the public netowrk. All submarine cables landing on U.S. shores must be equipped with electronic surveillance capabilities built to the specs of the U.S. state. Aspects of the common carrier/network neutrality obligations for telecoms and ISP providers in the U.S. were traded off in 2005 in return for major telecoms providers upgrading their networks in line with the asserted needs of a ‘post 9/11 world’.
Under the guise of the ‘global war or terrorism’, all of the major US telecoms and ISPs — AT&T, Verizon, SBC, Sprint, etc. (except, to its credit, Qwest) turned over these capabilities to the National Security Agency to eavesdrop on telephone, email and Internet communications between people in the US and elsewhere in the world. Again, while the objectives may have been legit, the operation skirted the existing laws and the courts found such activities illegal and claims that President Bush had unbound ‘wartime powers’ unjustified as New York Times’ reporters James Risen and Eric Lichtenblau revealed in December 2005 — albeit, after the New York Times had sat on the article for a year.
Congress rewrote the law in 2008 to bring the law into line with the facts that the Bush Regime had established on the ground. The new law also gave AT&T, et. al. retroactive and future immunity from prosecution when dealing with similar requests. A Second Circuit Court of Appeal in New York put the issues back into play recently when it reinstated a lawsuit by human rights groups, journalists, media organizations, labour unions and others who argue that Internet and telecoms surveillance violates their rights to privacy and freedom of expression (See here for a fuller treatment of the issues).
I am concerned that, from the general drift of things in the Investigative Powers for the 21st Century Act, as well as the lessons from the past decade in the U.S. and the choir of voices coming from the G8 last week about the need to ‘civilize’ cyberspace, point in the wrong direction: a more tightly regulated, closed and murky Internet. Basic standards of judicial oversight are removed and capacities expanded. There are pressing issues at hand, but they need to be handled with dexterity rather than the iron-fist of the national security state.
Just for fun, let me point to just one alternative way of doing things: the Icelandic Modern Media Initiative, a drive to adopt the most open and freedom of the press and communication-friendly environment in the world. Here’s a Youtube video outlining some of its ideas and ideals. Imagine. .
On Monday (March 23) a Second Circuit Court of Appeal in New York reinstated a lawsuit by civil liberties and human rights groups, journalists, media organizations, labour unions and others who argue that Internet, telephone and other electronic communication surveillance in the U.S. violates Constitutionally protected rights to privacy and freedom of expression. The gist of the case is that the groups do have standing even though they are unable to prove whether or not their communications are actually under surveillance or not.
The case is a continuation of running attempts over the past five years to reign in claims that the President has unchecked powers to authorize the National Security Agency (NSA) to spy on the electronic communications of Americans. The process was first brought into the light of the day in December 2005 by New York Times’ reporters James Risen and Eric Lichtenblau. However, even then Risen and Lichtenblau’s coverage had been held back for a year because of the NYT’s deference to Bush Administration assertions that publication threatened national security (see mea culpa by NYT public editor Byron Calame, Jan. 1, 2006).
Despite being found to run afoul of existing law and the Constitution (see below), nobody ever put a stake through the heart of the Bush Administration’s illegal warrantless surveillance program. Instead, it has been continued by the Obama administration and given a retroactive legal footing with the 2008 Foreign Intelligence Surveillance Amendments Act. Consequently, the electronic surveillance of communications of Americans making international phone calls and using the internet to correspond with others outside the country is likely still alive and well, complete with secret data rooms and dedicated network connections linking all of the major U.S. telecom companies main switching centres to the NSA.
For those interested in a fuller treatment of the issues involved up until late 2007, I published an article in the International Communication Gazette in 2008. You can find it here.
In its original form, the NSA’s warrantless electronic surveillance programme was authorized by President Bush on the pretext that he could do so using the claim that wartime presidents have virtually unlimited powers to do whatever it takes to prosecute a war. And we must remember that the Bush Administration used 9/11 to unleash a global war on terror that knows no set limits either in terms of how long it will last or where it will take place. Putting the two together — unbound powers of Wartime Presidents and war without end — the Bush Administration made unbound claims that it could it could do as it pleased, including authorizing electronic surveillance outside the normal process established by law of judicial review by the Foreign Intelligence Review Courts.
Sometime shortly after 9/11, the NSA began tapping into the telecom networks and switching hubs of AT&T, Verizon and most other big US telecoms ﬁrms (except, to its credit, Qwest) to eavesdrops on telephone, email and Internet communications between people in the US and elsewhere in the world. The program targeted up to 500 people at any one time and thousands overall in a bid to monitor the electronic communications of people suspected of having ties to Al-Qaeda and other terrorist groups, and thus to pre-empt terrorist plots.
The two major cases dealing with these issues — Hepting v. AT&T and ACLU v. NSA — are replete with sections of the government’s case ‘blacked out’ on account of unspecified claims of national security. The cases also take on a Kafkesque tone with the Government’s claims that it was impossible to proceed with the cases at all because doing so would reveal the existence of ‘state secrets’. And without being able to discuss the matters, well, the people involved couldn’t prove anything.
Over and against the administration, stood those representing journalists, academics, writers and lawyers who argued that they had been illegally caught up in the electronic drag-net because of their work involving Muslims living abroad. The president lacked authority, they stated, under the AUMF, the Constitution or any law to create the secret programme. Carolyn Jewel, a writer of futuristic action and romance novels, claimed that the surveillance programme made it impossible for her to talk ‘openly about Islam or US foreign policy in emails to a Muslim individual in Indonesia and that she could no longer use the Internet as part of her research.
In the ACLU v. NSA case, Judge Anna Diggs Taylor was blunt in her decision: the surveillance program was illegal and unconstitutional. She further argued that the claims before the court were not speculative and general, but ‘distinct, palpable, and substantial’ (ACLU et al. v. NSA et al., 2006: 22). The activities, she stated, crippled plaintiffs’ ‘ability to report the news and … to effectively represent their clients’ (ACLU et al. v. NSA et al., 2006: 20).
In exceptionally strong language, she disparaged Bush’s claims that his authority stemmed from the ‘inherent powers’ clause of the Constitution or the Authorization of Use of Military Force — a law hastily passed within days of 9/11 (ACLU et al. v. NSA et al., 2006: 33–41). To these claims of unfettered authority, Taylor sharply retorted: ‘There are no hereditary Kings in America’ (ACLU et al. v. NSA et al., 2006: 40).
The administration withdrew for the next six months, but in January 2007 it announced that the surveillance project would continue, but only after warrants were obtained according to the rules of the Foreign Intelligence Surveillance Act and the Foreign Intelligence Review Court. In other words, the Bush Administration would follow the law.
Even that, however, was not enough. On July 10 2008, the Foreign Intelligence Surveillance Act was changed to, essentially, make legal what was previously illegal. Just as importantly, the new law granted telecoms companies such as AT&T, Verizon, Sprint, etc. immunity from prosecution, either for their activities in the past or in the future. In other words, U.S. telecoms companies got a free pass despite the fact that they were, by court decision, acting in concert with the government in ways that were beyond the pale of either the Constitution or the law.
The decision on March 21, 2011 by the NY Second Circuit of Appeals is the next phase in this process. In many ways it was a rehash of issues that have already played out in the past, but with the crucial distinction that the ACLU and the others involved now have the new Foreign Intelligence Surveillance Act in their sights. If successful, the sections of the Act granting extensive actions to the Executive to authorize surveillance and for such activities to be conducted outside of formal processes of judicial review could fall on the grounds that they are unconstitutional.
One of the travesty’s of the current case is that the Obama Administration has simply carried through with the precedents set by Bush. This is another major blemish on the Obama Admin’s original claims to establish some clear blue water between itself and its predecessor.
Thus, in the current case, many of the same players are involved, with the Executive, NSA and telecoms companies lined up on one side against journalists, media organizations, minority (e.g. read Muslim) groups, and civil rights groups, on the other. And again, claims are offered by the former that to even discuss the matter would be to reveal ‘State Secrets’ — a catch-all maneouvre that seeks to stop things dead in their tracks before they even get started by ruling that any kind of discussion of the matter is, simply, off-limits because of the wide ranging powers of the President that are in dispute.
And similar, too, are comments by journalists such as Noami Klein and media organizations such as the leftish magazine that has been around since the 1865, The Nation — the oldest weekly magazine in the U.S. – that the spectre of unbound surveillance has a ‘chilling effect’ on free speech and freedom of the press.
As Naomi Klein stated in the Globe & Mail piece today, “The issue is that we think that the activities that we do could fall under these broad definitions”. When asked whether she herself was the target of such surveillance, Klein responded, “I have no idea whether they are or they aren’t”.
And that’s the point: the extraordinary powers and secrecy granted to ‘wartime presidents’ makes it impossible to penetrate the veil of ‘State Secrets’ and to know just where one stands. As a result, speech is chilled, the free press trumped by unchecked powers of the State, and privacy turned into a poor shadow of itself.
The decision on Monday by the New York Appeals Court is to be applauded. As the decision to go ahead with this legal challenge states, those pressing the case do not have to show that they are actually under surveillance, because given the broad claims of the national security agencies and the President this would be impossible to prove. It is enough, as the court state, that “allowing the executive branch sweeping and virtually unregulated authority to monitor the international communications . . . of law-abiding U.S. citizens and residents”, at least on the surface, appear to be an affront to the Constitutional protections of free speech and the free press, privacy as well as the restraints that aim to prevent presidents, whether Bush or Obama, from acting like, to use Judge Anna Diggs Taylor’s words, “hereditary kings”.
This is a topic that, for Canadians, we also need to examine. This because are own Prime Minister Harper often appears to have torn a page from the Bush Administration’s playbook and sets himself up as an authoritative leader. As a wartime Prime Minister, just what kind of electronic network surveillance has been authorized in Canada? And to what extent have the telecoms companies gone along with them?
From WWI onwards, the fact that trans-Atlantic cables linking not just Canada, but the U.S. as well, to Europe and the rest of the world have run too and from Nova Scotia and Newfoundland have made them an integral part of the Euro-American surveillance system. It is unlikely that this is still not the case today, although someone needs to take up the challenge of doing the digging to find out.