I thought I was writing a blog; turns out I'm a threat to humanity

We need to address the threat to humanity posed by the tsunami of unverifiable data, opinion, libel and vulgar abuse in new media. I know all the stuff about it being a tool of freedom and democracy, and I also know it has the capacity to destroy civil society and cause unimaginable suffering. Governments have a regulatory function in this regard, and they’re walking away from it because they’re afraid of appearing to be repressive.

Ironically today's speech by Alan Crosbie at a conference on media diversity is itself full of such unverifiable data and opinion. For a man who makes much of the credibility and reliability of newspapers, it is unfortunate that he repeats the long since debunked claim that:

Those English riots, for example, were a new media generated phenomenon, a product of information going from pillar to post without mediation without being edited, without a quality check.

Also worth noting is the cognitive dissonance between page 3 (complaining about political interference in RTE) and page 4 (seeking licence fee payments for newspapers also). Read the whole thing for an insight into the views of the man behind a substantial chunk of the Irish media industry.

"The law should be predictable as to what is mandated and what is forbidden"

One of the strongest arguments against the proposed copyright statutory instrument is that it is so vague as to make it impossible to predict what it might require of internet intermediaries. The proposal is entirely silent in relation to the most basic issues where one might expect clarity. What type of injunction might be granted? Site blocking? Three strikes? Deep packet inspection? Hash value blocking? What types of intermediaries might be affected - ISPs, search engines, hosting providers, cloud computing providers? Who will have to pay the legal costs of applications for injunctions? Who will have to pay the ongoing cost of implementing any injunction?

Crucially, this vagueness is highlighted by comments of Charleton J., the very High Court judge whose ruling in EMI v. UPC has been relied upon by Sean Sherlock as justification for this statutory instrument. However, when examined closely neither his judgment in that case nor his later extrajudicial pronouncements support this claim. In particular, in a recent speech to the Fordham Intellectual Property Conference, he said:

Legislation such as the [UK Digital Economy] Act of 2010, has at least the predictability of express statement as to the objects to be achieved. In respect of each of the possible solutions of diversion, interruption, warning and cut-off, the British have OfCom looking at the appropriate technical machinery with which to achieve these ends. When this machinery is approved, then, in those circumstances, any court faced with these difficult cases will be in a position to fairly, if not precisely, predict what they can use as a technical solution with a view to granting or refusing to grant injunctions.

This strongly accords with the European law principle that the law should be predictable as to what is mandated and what is forbidden and enables a judge to also know what is expected in the judicial sphere in particular circumstances. As I said in another part of the judgment in EMI v. UPC, if any judge were merely to act on the basis of what the Court felt was right, without having a legislative basis, the Court would be putting itself back in the position of judges in the late 19th and 20th century who used the tort of conspiracy and the remedy of an injunction against the trade union movement and thereby caused public controversy, rendered uncertain the concept of the rule of law and undermined their own authority.

It may also be well for the judicial mind to observe that the separation of powers is a definite guiding principle against doing what might seem desirable, but which is not provided for in legislation.

"The law should be predictable as to what is mandated and what is forbidden and enables a judge to also know what is expected in the judicial sphere in particular circumstances". Can the DJEI honestly claim that their proposed statutory instrument meets these criteria?

Irish copyright regulations unnecessary

Senior Counsel John Gordon has a clear explanation as to why Sean Sherlock's proposed copyright regulations are unnecessary in today's Sunday Business Post. I've taken the liberty of reproducing the entire piece here:

Simplistic Internet regulations court trouble

Amendments to copyright law for online infringements should be dealt with through primary legislation, writes John Gordon

There has been much debate in recent weeks about a draft statutory instrument (SI) that minister of state Sean Sherlock is about to bring into Irish law to deal with online copyright infringement. The SI is intended to fulfil Ireland's EU obligations by facilitating in­junctions against internet ser­vice providers (ISPs). This follows the decision of Justice Charleton in 2010 in the unsuc­cessful action taken by Irish recording companies, EMI, Sony, Universal, Warner and Wea against UPC, in which I appeared on behalf of the de­fendant.

These recording companies last month issued proceedings against the state on the basis that it is liable to pay compen­sation for its failure to provide them with a remedy to fight on­line copyright infringement. This raises the question of how the state has failed in its obliga­tions.

In Minister Sherlock's press release on January 26, accom­panying a draft of the proposed SI, it was stated that the obliga­tions contained in the relevant directive were clear.

Article 8(3) of the directive on the harmonisation of cer­tain aspects of copyright and related rights in the informa­tion society, (2001/29/EC), which is referred to in the draft SI, provides that member states shall ensure copyright owners are in a position to apply for in­junctions against intermedi­aries whose services are used by others to infringe copyright. The directive states that the conditions and modalities for such injunctions are at the dis­cretion of member states.

Having taken into account these provisions, the state did in fact legislate to provide a re­medy to rightsholders in re­spect of copyright infringements under the notify and takedown provisions of Section 40(4) of the Copyright and Related Rights Act 2000. In addition, rightsholders have been granted Norwich Pharmacal Orders under the common law, which obliges an ISP to identify subscribers who are shown to have infringed copyright on the ISPs network so the rightsholders can pursue such infringers directly. Such relief has historically been ob­tained by the recording com­panies that are now suing the state.

However, they consider it too expensive and ineffective. So what is now being sought is not the right to a remedy but an additional remedy under Irish law. There is no clear and un­ambiguous obligation on the state to implement this SI.

In the UPC case the reliefs sought included the possible implementation by ISPs of fil­tering and blocking technology on their network, and of a graduated response system, whereby after three warnings a person's internet subscrip­tion is suspended or termi­nated and/or the blocking of subscriber access by ISPs to certain websites alleged to fa­cilitate copyright infringe­ment.

A recent decision of the Court of Justice of the EU (Case C-70/10 SABAM) has confirmed, since the UPC case, that it is unlawful under EU law for an ISP to be or­dered to implement blocking and filtering technology on its network to seek out copyright infringements.

In addition, Eircom's imple­mentation of the graduated re­sponse, or three strikes, system, which is the subject of specific legislation in certain member states, is currently being challenged by the Data Protection Commissioner be­fore the Irish Courts.

Given the progress of legis­lative and judicial thought in the EU, it is now even more clear that the type of remedy which rightsholders seem to expect as a result of the proposed SI will not be available to them.

As a result, the state cannot be liable to pay compensation for failing to provide these re­medies under Irish law. The generality of the lan­guage in the proposed SI can only lead to confusion as to the precise remedies that can lawfully be obtained in the light of other express provisions of EU law. Such EU law is intended to cut down on the scope of the remedies available against ISPs.

Judges will have to approach any new legislation by refer­ence to EU law and jurispru­dence, which must take precedence over Irish domestic law where there is any incon­sistency between the two.

If this whole debate is a mat­ter of empowering the Irish courts to order the blocking of websites, as many commenta­tors have stated in recent weeks and months, then the legisla­tion should specifically address this and set out the relevant cri­teria in a manner consistent with EU law. The proposed SI introduces unwelcome uncer­tainty and will inevitably lead to further litigation.

Further, it is noteworthy that the Programme for Govern­ment stated that legislation in the area of online copyright infringement needed to be tackled — but went on to say that "the situation can no long­er be tolerated where Irish min­isters enact EU legislation by statutory instrument", where "the checks and balances of parliamentary democracy are bypassed". The proposed SI ignores this statement, in that it seeks, without the benefit of the normal legislative process, to amend the Copyright and Related Rights Act 2000, which itself was the subject of lengthy debate in both houses of the Oireachtas at the time.

Implementing this alar­mingly simplistic SI will unfor­tunately not solve the problem of striking a fair balance be­tween the interests of all in­volved, be they rightsholders, ISPs or internet users, but rather leave it to be teased out in the courts. Time should be taken to properly consider what changes need to be made to our copyright laws by means of primary legislation. In this context, assistance can be ob­tained from considering simi­lar debates currently taking place in many other jurisdic­tions including the United States of America.

John Gordon is a senior counsel

It's worth noting, although not explicitly stated, that the effect of this opinion is the proposed statutory instrument would be ultra vires the power of the Minister and therefore would be struck down if challenged before the High Court. To date the government talking points have been to the effect that it would be "prudent" to introduce the SI. John Gordon's analysis shows why this is flawed - unless the SI is required by EU law then the Minister has no power to introduce it.

Your personal information for sale: Irish Rail edition

Today's Sunday Independent reveals that a private investigator acting for Irish Rail illegally accessed staff bank accounts, while the company also monitored staff email and placed a GPS tracking device on the car of an individual working for a contractor:

A statement issued by the Data Protection Commissioner's office this weekend said Irish Rail "acknowledged" the "unacceptable level of surveillance" on employees: "It was apparent to the investigation that one senior manager at Irish Rail authorised the surveillance and accessing of bank accounts without the knowledge or approval of management."

The investigation found "that the private bank accounts of nine employees or former employees of Irish Rail were inappropriately accessed in 2007. The bank accounts were held in four different financial institutions".

Because of the passage of time, the investigation was unable to identify "precisely how or when" employee bank accounts had been accessed. "In one case, however, the investigation did find evidence of an unsuccessful attempt by an individual by means of a telephone call to obtain bank statement information in respect of one of the bank accounts concerned," the statement said.

"The investigation was satisfied that this attempt to inappropriately access bank account information was made by an individual phoning from outside of the State."

The statement continued: "It also emerged that the individual who played the key role in accessing information from the bank accounts was operating from outside of this jurisdiction and that he is since deceased."

The investigation was also told how a GPS tracking device was fitted on the car of an employee of a contractor of Irish Rail, and the emails of 35 employees were monitored.

The investigation into the data protection breach at Irish Rail remains "open".

There's some background to the case in this earlier Sunday Independent piece.

Copyright proposals block innovation and free expression

I have an opinion piece in today's Irish Times arguing against current government proposals which would allow internet blocking and more. Here's an excerpt:

As currently drafted, the statutory instrument provides that the High Court may grant an injunction against an internet intermediary who is entirely innocent of any wrongdoing – but does not specify even the most basic details regarding how this power might be exercised.

What type of injunction might be granted? On what criteria? Against what types of intermediary – internet service providers, discussion forums, search engines, social networking sites, video hosting sites? Who will bear the costs of these injunctions? Who will be responsible if, as often happens, an unrelated website is wrongfully blocked?

This lack of detail makes it impossible to predict how this law might be applied, and means that clarification will come only after repeated and expensive trips to the High Court.

The Internet Service Providers Association of Ireland (whose members include Google) has opposed the legislation, noting the proposal creates “business uncertainty for those running or considering establishing internet services from Ireland” in a way which may have “drastic consequences” for them: in short, it will act as a deterrent to the next generation of Irish internet businesses which may relocate to warmer legal climes. Significantly, the Department of Enterprise has not produced a Regulatory Impact Assessment of the measure.

Full text

Ireland's SOPA to permit three strikes; TDs asked to debate something they haven't seen

It's been a peculiar day in relation to Ireland's SOPA.

First of all, junior minister Sean Sherlock said on lunchtime radio that he intends to hold an emergency Dáil debate on the law - within 24 hours no less! - and is happy to meet with me and other representatives of StopSOPAIreland.com to discuss it. While I'm glad to see that he's softened his position, it's remarkable that he still hasn't published the text of his proposals and doesn't show any signs of doing so. Consequently, I'm not sure what there is to discuss or what he expects the Dáil to debate. Asking TDs to have a debate in the dark about a document they haven't seen doesn't show much respect for Parliament.

But let's leave that aside for the moment. Assume TDs are given the proposal at some point tomorrow. Pretend that despite the short notice they might have sufficient time to digest a complex area of law. Ignore the fact that citizens will be prejudiced by being denied the chance to adequately brief TDs. The point remains - a hurried debate on its own isn't sufficient.

Normally laws are made through a measured process where both the Dáil and the Seanad are given adequate time to scrutinise a Bill, identify weaknesses and pass amendments. It's clear that what Sean Sherlock proposes won't enable them to do that. Instead, TDs will be left impotent with the Dáil being treated as a talking shop, unable to make any changes to a document drafted behind closed doors.

(Incidentally, it also contradicts the minister's own Programme for Government which states that "The situation can no longer be tolerated where Irish Ministers enact EU legislation by statutory instrument. The checks and balances of parliamentary democracy are by-passed." I couldn't agree more.)

The need for greater transparency is obvious from a second remarkable development today. In a briefing note circulated to TDs and senators, Séan Sherlock has confirmed that his proposals go even further than we had thought, and respond to the music industry demands in the EMI v. UPC case:

"to prevent infringement of the record companies’ sound recording copyright, through... internet “peer-to-peer” services, possibly involving a 'three strikes and you’re out' scenario. This is where the ISP sends three warnings of increasing severity and if the infringement continues, discontinues access to the Internet. It is sometimes referred to as a 'graduated response'."

In short, the proposals aren't simply about website blocking, but could also allow courts to require ISPs to introduce three strikes systems. It's surprising and disappointing that this is happening now - after the Data Protection Commissioner has shown the unreliability of these systems by taking proceedings against Eircom for wrongly threatening innocent users with disconnection - and truly remarkable that the department seems content with the possibility for such systems to be introduced at the discretion of judges with no legislative controls.

If you're worried by these proposals and want to see an open and transparent discussion take place then please support the campaign at StopSOPAIreland.com.

Anonymous attacks on Ireland will hurt, not help the case against blocking

My heart sank when I saw this tweet a few minutes ago:

Ireland has angered the hive, we will be reporting all attacks through this account | #OpIreland #OpMegaUpload

— Anonymous (@YourAnonNews) January 24, 2012

Leave aside, for a moment, the inconvenience and disruption this will cause people trying to make use of government sites, the cost of responding and the controversial question whether denial of service attacks are legitimate as a type of civil disobedience. Quite apart from all these points, the action will do nothing to advance the Anonymous goals.

Until now the Irish campaign against internet blocking proposals has been remarkably effective at getting the issue onto the public and political agenda. With the help of the StopSOPAIreland site, the proposed law has shot from almost no public awareness to national prominence in just a few days, and has seen some Irish politicians genuinely engaging with our concerns. It also is giving many Irish netizens a grounding in political advocacy, something that will help as we confront more of these issues in future.

The Anonymous attacks, if they go ahead, will jeopardise this - making it easier for the music industry to spin critics as criminals, and giving unsympathetic politicians an easy, crowd pleasing reason to ignore the campaign. If the headlines shift from "New law threatens civil liberties" to "Hackers attack Irish government websites" then we will be on the back foot, jeopardising what's been achieved to date.

I don't think Anonymous tend to reconsider their targets once chosen. But if they do, now would be a good time to rethink the Irish attack.

Ireland's SOPA: A FAQ

What's this all about?

Long story short: the Irish government plans, before the end of January, to bring in a law which would allow Irish courts to block access to websites accused of infringing copyright (and possibly do other things as well).

Isn't that a short time for parliament to examine it?

The Irish parliament won't have a chance to debate it before it's passed. The law is to be brought in by a statutory instrument, something which requires only the stroke of a minister's pen.

Who's responsible?

The law is the responsibility of the Department for Jobs, Enterprise and Innovation where the key person is junior minister Sean Sherlock.

What will the law say?

We don't have a final text yet. But the key part is likely to be similar to a previous draft which said:

3. The Act of 2000 is hereby amended by the insertion of the following subsection after subsection (5) of section 40:

(5A)(a) without prejudice to subsections (3) and (4), the owner of the copyright in the work concerned may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (3) where those facilities are being used by one or more third parties to infringe the copyright in that work. 

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

Can we have that in English please?

Certainly. This will give the Irish courts an open-ended power to grant orders against ISPs and other intermediaries who provide facilities which might be used to infringe copyright. This could include hosting providers, social networks, forums, video hosting sites - potentially most online services.

What will these intermediaries be required to do?

We don't know. At a minimum this will probably allow courts to require ISPs to block access to alleged infringing sites (such as The Pirate Bay). Over and above that it becomes impossible to say - the language is so vague it might, for example, allow a court to require an ISP to introduce a three strikes system or to block certain ports. However, once copyright plaintiffs get hold of this power you can expect it to be pushed to its absolute limit.

So who will pay for this?

We don't know. It is possible, under this draft, that the intermediaries will have to pay for both the legal costs of the court application and also the running costs of whatever they are ordered to do - for example, the staff costs of receiving and administering block lists. In that case, expect costs to be passed on to the end user.

Will the sites to be blocked have a right to be heard?

Maybe. The draft language does say that affected third parties might be given notice of applications to block them. On the other hand, in 2009 an Irish High Court judge was happy to allow Eircom to block The Pirate Bay without any notification or chance to be heard which doesn't bode well for the future.

What sort of standard will be used to decide if a site should be blocked?

Your guess is as good as mine - the draft is completely silent on this point.

Isn't this rather vague?

Yes. By failing to provide any real detail, the proposed law leaves the future of the Irish internet essentially in the discretion of Irish judges.

Could this harm Irish industry?

Yes - including the latest push to establish Ireland as a centre for cloud computing. Here's what tech journalist Adrian Weckler had to say:

With their billions of users, YouTube, Facebook and Twitter inherently find some copyright protected material leaked onto their web services. The new law will give music and movie firms the legal footing to get ISPs blocking. That may not go down too well with Google and Facebook, which are two of Dublin's biggest employers. It probably won't sit easily, either, with the IDA, which may have to alter its pitch to large US social media firms who may have been thinking of setting up in Ireland. (That includes Twitter.)

So where's the Regulatory Impact Assessment? Surely we need more detail about the impact this law will have?

Tumbleweed.

Would this vagueness breach the European Convention on Human Rights?

Quite possibly.

If nothing else will it at least stop illegal downloads and protect Bono's pocketbook?

No. Blocking is easily circumvented. But don't take my word for it - here's what UK regulator Ofcom had to say:

For all blocking methods circumvention by site operators and internet users is technically possible and would be relatively straightforward by determined users.

So why is the government pushing this law now?

In a 2010 decision the High Court held that European law required Ireland to introduce blocking into domestic law, and that Ireland was in breach by failing to provide for court ordered blocking.

Doesn't that decision mean that blocking must be introduced?

Maybe. The law in this area is extremely complex, particularly since the European Court of Justice has given an important decision restricting the use of blocking in the meantime. That decision found that filtering would be impermissible if it undermined freedom of expression and blocked lawful communications - something that is inevitable if this proposal is adopted.

From a practical point of view, the European Commission - which monitors implementation of EU law - doesn't seem to think Ireland is in breach and hasn't taken any action against Ireland for failure to introduce blocking. Irish telecoms group ALTO have also put forward a different view arguing that this law is unnecessary.

However, even if we assume that EU law does require some form of blocking then it should not be introduced in a way which

• short circuits the democratic process and without proper scrutiny by the Irish parliament; and
• introduces intolerable uncertainty for Irish online businesses and fundamental rights.

What can I do about it?

If you live in Ireland and you want to stop this proposal then you should let Sean Sherlock (email) (twitter @seansherlocktd), the senior minister Richard Bruton (email) and your TDs what you think of it. Phone their offices if you can - one phone call will outweigh 20 emails.

StopSOPAIreland.com has more you can do.

If you live outside Ireland, you might still email Richard Bruton and Sean Sherlock to let them know the effect this will have on Ireland's reputation as a place to set up technology businesses.

One more thing - is it really true that the music industry wants the Irish taxpayer to pay for supposedly lost sales?

Yes. I hope you brought your wallet.

"Ireland's SOPA" will be vague and open-ended

[23.01.12 Hello Redditors! Here's a FAQ with more information.]

Adrian Weckler has a worrying piece on government proposals for blocking legislation in today's Sunday Business Post (paywalled). I've taken the liberty of extracting some of the highlights:

Is Ireland about to introduce a law that will allow music companies to order Internet service providers to block access to websites? I rang up the Minister of State at the department of Enterprise, Jobs and Innovation, Sean Sherlock, to find out. "The statutory instrument to be introduced is completely different to Sopa [Stop Online Piracy Act] in America" he told me. "We are simply addressing the High Court judgment handed down by Mr Justice Peter Charleton in relation to copyright law... I will introduce this imminently, by the end of January." That's a yes, then ...

The Irish governments new “statutory instrument” threatens to do some of the same things as Sopa, mainly introducing the power to force ISPs to block websites suspected of having copyrighted material on them.

While that means curtains for the Pirate Bay (which few people here will miss), it also leaves open the possibility for a judge to order ISPs to block YouTube, Facebook and Twitter.

Why? Because, with their billions of users, YouTube, Facebook and Twitter inherently find some copyright protected material leaked onto their web services. The new law will give music and movie firms the legal footing to get ISPs blocking. That may not go down too well with Google and Facebook, which are two of Dublin's biggest employers. It probably won't sit easily, either, with the IDA, which may have to alter its pitch to large US social media firms who may have been thinking of setting up in Ireland. (That includes Twitter.)

Given the seismic nature of the proposed change to Irish internet access, surely more detailed primary legislation would be in order here? For example, could there be a limit to enforcement of the injunctions? What defences might be available? Could there be exceptions?  "We will probably need a test case to come before the courts before primary legislation such as that could be considered," said Sherlock. In other words: don't look at us, guv. We may be the government, but this kind of law-making is really a matter for judges. We don't really do that kind of thing ...

Politically, this is a no-win scenario. Even with the government about to open the legal doors for the music and movie companies to start directing ISPs' access policies, the content creation industry is frothing and fuming. Ironically, by taking a leave-it-to-m'lud approach, the government is also now attracting the anger of an increasing tranche of the technology and digital community. It is unusual to alienate both sides of a legislative argument ...

So this really is turning out to be a lose-lose episode for the government. Yet the issue wields vast significance for both sides of the debate (the music industry and the digital technology industry). It could also have profound, long-lasting consequences for Irish industry.

The clear implication from that interview with Sean Sherlock is that the proposed measures will be lacking in any real detail, leaving it entirely up to the judges as to what types of blocking might emerge. (Possibly going beyond web blocking to also target hosting and other services.)

This ambiguity - as well as jeopardising fundamental rights - will create intolerable uncertainty for businesses such as Google who might find themselves at risk of business threatening and unpredictable injunctions and will certainly deter others from setting up in Ireland.

Instead, any action should only take place by primary legislation which the Oireachtas would have a chance to scrutinise and debate. As I said previously in a letter on behalf of Digital Rights Ireland:

It is significant that Charleton J. in EMI v. UPC [2010] IEHC 377 referred to any legislative intervention being properly a matter for the Oireachtas. The Opinion of the Advocate General in Scarlet (Extended) v. SABAM (Case C-70/10) similarly referred to a need for legislation in this area to be "democratically legitimised" (at para. 113).

It would be undesirable in any event for a matter dealing with fundamental rights to be disposed of by way of secondary legislation. It is all the more undesirable in this case, however, given the vague and open-ended nature of the powers involved. This is, in effect, a case of delegation heaped on delegation - rather than rules governing blocking and other remedies being made by primary legislation, or even secondary legislation, they are instead effectively being made by delegation to the judiciary.

Although it's the 11th hour, it's not too late for the Irish government to see sense and abandon this proposal. If you agree then you should let Sean Sherlock and your TDs what you think of it.