Digital Thought

The new episode of the Pirate Bay war leads to think that something is changing in judges’ mind in re: ISP liability. In the recent Swedish preliminary order neither is the final user the final target of a legal action, nor the ISP. The focus is on the sole and only possible defendant: the one who actually shares illicit contents (apart from the merit of the specific TPB case.) The ISP who provided the housing service for TPB torrent search engine has been ordered to “disconnect” the machine from the network and not, as in the previous episodes, to hijack users’ attempts to reach The Pirate Bay.

It is important to remark that in this trial the ISP is not involved as (contributory) defendant, but only as subject whose cooperation is – de facto – necessary to obtain the compliance to a court order. Thus, we face a situation where:

• rights of innocent end users are not endangered by the activity of the copyright majors,
• ISP’s role is not portrayed as those of an accomplish, supporter, or contributory violator,
• the target of the legal action is focused on the (alleged) culprit.

Again, I don’t want to enter in the legal quarrel about TPB responsibility. What I want to stress is that – should the Swedish approach be confirmed – a step toward and actual respect of legal principles set by dir. 31/00/CE is made.

Among the measures to fight the economic crisis announced by the Italian Government, sect. 15 para 1 lett. c) of the Anti-Crisis decree deserves a special mention: to put it short, the provision asserts corporate liability (under legislative decree 231/01)  for copyright infringement committed by top management.

Although it may seems that the new law is of a little impact on corporate life (is highly unlikely that a top manager has time to waste doing file sharing) a second glance prove this first opinion not entirely correct.

The inclusion of copyright infringements into the list of crimes implying specific corporate liability forces a company to revise its (mandatory) prevention model to reflect new changes; thus – de facto – establishing a specific set of controls aimed at downloads, website surfing and file sharing. Failing to do so might lead some zealous prosecutor to think that the company actually allows copyright abuses.

A side effect of this regulation – when it will come into full force – is that workplace privacy will get another heavy blow. For the sake of copyright abuse prevention, indeed, all of employees’ Internet activity will be deeply inspected.

So long, Mr. Data Protection Commissioner…

“Olivennes Bill” (named after the French lobbyist who proposed it) on copyright protection has been blocked by the French Parliament a couple of days ago (but there is little doubt that French Government will try to have it approved ASAP.) If  (better, when) passed, this bill would have enforced a “parallel indictemnt system” handled by an “independent” authority called HADOPI acting as an actual Justice Court, that is given the power to decide, without a fair trial, whether a person deserves to be disconnetted by the Internet after being warned twice by copyright holder through the concerned Internet Access Provider.

Entertainment Industry lobbyists like this approach very much and are pushing hard to have Italy enforce it too. “The Problem” is – fortunately – that Olivennes Bill Italian version’s  would be affected by serious legal and Constitutional flaws, thus making it impossible to pass, for a number of reasons.

First, Italian Code of electronic communication (L.259/03) sect. 4 para I letters f) g) and h) make network neutrality mandatory. To impose over Access Providers’  shoulder filtering duties or any other technological activity limiting the way Italian Public Network (rete pubblica di comunicazioni) works, would be what the Code calls “discrimination among specific technologies” and “forcing the use of a particular technology against others”.

Second, the Access Providers would be forced to report the Public Authorities their users’ criminal behaviour by fault of cross-combination between legislative decree 70/2003 ¹ and sect. 171 bis et al. of Law 633/41. ² Legislative Decree 70/2003, in fact, makes Access Provider non-automatically accountable for its users’ actions, provided that he doesn’t willingly become part of it. Furthermore, the Decree says that the Access Provider must report to the police forces any criminal misconducts as soon as he’s been given sound evidence of a criminal behaviour committed by an Internet user, thus forcing the prosecutor to start a criminal investigation. All this, is possible because Italian Copyright infringement provisions are “designed” to be mandatory investigated by the Public Prosecutor. ³Then, should Italy enforces an Olivennes-like legislation, there would be a “double trial” for the same (alleged) fact: the first – real – under a Court scrutiny, the second – “mock” – run by an “independent” authority, leading to a conflict of public powers.

Third, as a side question, nobody told Mr. Olivennes that his bill is oddly similar to ancient Western Europe Barbarian laws, where didn’t matter who the actual culprit was, because the victim had the right to retaliate against any other culprit’s family member. This is what Mr. Olivennes proposes: to seclude a whole family or company from the Internet, for the (alleged) wrongdoing of a single member.

Not bad, as an exercise on democracy.

N.B. Background information for this post are available here. 

The Bergamo Court has overruled the preemptive seizure order with a decision that, instead of solving the problems arising from the first decision, creates worst issues. The Bergamo Court, in fact, has overruled the seizure, but only on the legal basis that “seizure” cannot be interpreted as “traffic hijacking”.

But the court did not, as it should have done, evaluate first of all the lack of Italian jurisdiction. By not doing so, the Bergamo tribunal has created a dangerous case law that, by reciprocity, allows any foreign magistrate to investigate and take to court an Italian citizen, with the additional absurdity that even in the absence of any evidence that a crime has been committed, a legal prosecution can be based on hypothetical “statistic calculation”.

Furthermore, by asserting the validity of the public prosecutor investigation, the Court has de facto established the automatic liability not only of internet providers, but also of search engines, and the possibility of using, as an investigative tool, data and information with no solid ground.

And also, by saying that even if preemptive seizure has been wrongly enforced , it is in theory compatible with sect.14 D.LGV 70/20003 (EU E-commerce directive implementation, dealing with ISP liability), the Court of Bergamo on the one hand allows “owners of ideas” to push for an additional and barbaric copyright law amendment while, on the other hand, it reaffirms an obvious error of interpretation of law by affirming the role of ISPs as “sheriffs of the net”.

The Court of Bergamo (IT) issued an order of preemptive seizure against piratebay.org, a swedish website accused of copyright contributory infringement, by running a torrent search engine.

The Court affirmed its jurisdiction even if there were no evidence of an actual involvement of Italian citizens, by not excluding, in theory, this possibility. If confirmed, this decision might disrupt the legal notion of jurisdiction, allowing every State to shut down  “disturbing” websites hosted in different countries.

Yesterday the Italian Parliamen passed another amendment that adds Law 633/1941 (Copyright Law) Sect 70 bis thus allowing the free publication on the Internet of protected works (music and images) for cultural purposes. The law will enter into force as soon as it will be published in the Gazzetta Ufficiale (the official law list). Here is the exact text (translation is unofficial):

«1-bis. Low resolution or downgraded images and/or music publication through the Internet is allowed, for teaching and/or scientific purposes and if this use doesn’t imply an economic gain. The Minister of cultural assets – with the advice of the Minister of the university and research, and with the opinion of the concerned Parliament committees – shall set the limit to the teaching and scientific uses».

It is obvious to remark that an MP3 or a jpeg file meet – technically speaking – the requirement of the law (both are based on the concept of lowering the quality of the original file). Thus – from now on – in Italy is legal to publish on line or share through Peer-to-Peer copyrighted images and music, just meeting the requirement of “teaching and/or scientifc purposes”.

Is this an astonishing cultural achievement of Italian legislators (showing they finally have understood the main use of the Internet) that decided to fight back against entertainment lobbies’ superpowers, or an incredible essay on incompetence?

I really would like to sponsor the first answer, but I fear that the Italian Parliament simply didn’t understand what was going on…

So, at the end of the day, Skype explained the reason for the outage that broke its P2P network. To make a long story short, the point is that Skype relies upon a closed source approach (that slows the bug finding process) and on Microsoft technologies that, in that specific case, create the problem. This reinforces my early assumption, that crash cause was Skype design instead of a unpredictable problem. It simply unacceptable that an outage of that dimension has been provoked by the inability of an operating system to patches itself without always rebooting. And who did that choice should account for it.

Right, Skype is very clear in repeating that Microsoft has nothing to do with the Big Crash. Nevertheless, it raises some suspect, to me, reading statement such as: “The Microsoft Update patches were merely a catalyst — a trigger — for a series of events that led to the disruption of Skype, not the root cause of it.” or “Microsoft has been very helpful and supportive throughout.” or, again,  “In short – there was nothing different about this set of Microsoft patches.”, “The Microsoft team was fantastic to work with”. But this PR stuff doesn’t change the basic stuff: Skype is the next component of a “vulnerable society”, where problems, risks and damages are created mainly by the ICT companies – instead of the “dangerous criminals” that fall under than unspecified label of  “hackers”.

A dslreports.com article – bounced by Arstechnica.com – quotes my Skype outage recent post as contributing to of the “list of the evil-doers who all had a chance to get blamed for Skype’s problems”.

The scope of my post was to raise a general issue – distributed vs centralize network design and legal consequences – and not blame Skype “per se”.

They just are an IT company, and they do their business as usual. Closed source software, hype and cheers to users but no “real” communication. To put it in other words: Microsoft might maybe “lead the way”, but – as Skype shows – there are a lot that can “perform” better than Redmond giant.

Skype denies that the outage is the result of an attack, but still failed both to demonstrate the lack of foundation for the attack announcement and clearly explain the reason that caused this sign-in problem. Standard Public Relation technique.

Recent Skype outage, apparently fault of a denial-of-service attack on the Skype centralized login infrastructure, raises again the intrinsic flaw of designing a service or an application (even partially) based on a centralized network topology.

As the recent facts show, offering a service with a Single Point of Failure creates a “domino effect” whose legal implications (in terms of damages suffered by paying clients) might bear unforeseen consequence. The “flawed-by-design” kind of liability might, indeed, lead to a class action against Skype for having knowingly chosen to build their service on a technical structural weakeness.

Of course, I imagine that should that issue be taken into Court, ICT expert witnesses will play the major role in addressing the underlying technical issues.