Is posting rap lyrics on Instagram a #HateCrime?

Is posting rap lyrics on Instagram a #HateCrime?

A teenager who posted rap lyrics on Instagram has been convicted of “sending a grossly offensive message over a communications network,” which was uplifted to a hate crime. She has received a community order (probation) and must pay costs of £500 ($700 USD) together with a £85 victim surcharge.

Chelsea Russell, a 19 year-old woman from Liverpool, England posted the lyrics from American rapper Snap Dogg’s song, “I’m Trippin” (NSFW) onto her Instagram account profile, or “bio.” The lyrics in question were ‘kill a snitch n—-a and rob a rich n—-a.’

Russell claimed she posted the lyrics as a “tribute” following the death of a 13-year-old in a road traffic accident. A screen shot of her profile was sent anonymously to Merseyside Police’s Hate Crime Unit, and Russell was brought in for questioning. She attempted to claim that her Instagram was not public as only Instagram members could access it, but the Crown proved in court that anyone could see Russell’s bio.

Russell’s defence lawyer, Carole Clark, claimed that the meaning of the ‘n’ word has changed over time, and has been popularised by hugely successful and mainstream artists including Jay-Z, Eminem and Kanye West. In particular, “Jay-Z used these words in front of thousands of people at the Glastonbury festival.” Clark also pointed out that the spelling of the word ended in an “-a,” rather than the arguably more pejorative “-er.” Nevertheless, District Judge Jack McGarva found Russell guilty and added, “there is no place in civil society for language like that.”

Under section 127 of the Communications Act 2003, it is an offence to send a message that is grossly offensive by means of a public electronic communications network. Section 145 of the Criminal Justice Act 2003 provides for an increased sentence for aggravation related to race.

Under the Crown Prosecution Service’s guidelines on prosecuting cases involving communications sent via social media, before heading to trial, there must be sufficient evidence that the communication in question is more than:

  • Offensive, shocking or disturbing; or
  • Satire, parody, iconoclastic or rude; or
  • The expression of unpopular or unfashionable opinion, banter or humour, even if distasteful to some or painful to those subjected to it.
“Freedom of expression is applicable not only to ideas that are favourably received or regarded as inoffensive or as a matter of indifference, but also to those that offend, shock or disturb the State, or any sector of the population.”
—European Court of Human Rights decision in Handyside v United Kingdom (1976)
It may be tempting to see this verdict as an overreach by Crown Prosecution Services, or “political correctness” gone mad. However, the lyrics Russell chose to share don’t simply drop the N-bomb. These lyrics may be understood as encouraging killing and robbing of a particular type of person — ie, black men.

The distinction between “offensive” and “grossly offensive” is an important one and not easily made. Context and circumstances are highly relevant.  The legal test for “grossly offensive” was stated by the House of Lords in Director of Public Prosecutions v Collins [2006] UKHL 40 to be whether the message would cause gross offence to those to whom it relates – in that case ethnic minorities – who may, but need not be the recipients.

Accordingly, there is a high threshold at the evidential stage. The Crown must also consider an author’s rights of expression enshrined in the European Convention of Human Rights. Extreme racist speech is outside the protection of Article 10 because of its potential to undermine public order and the rights of the targeted minority (Kuhnen v Germany 56 RR 205).

Article 10 – Freedom of expression

1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.

2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

Russell’s case brings to mind the similar legal battle of Paul Chambers. Frustrated that his travel plans had been disrupted by bad weather, in 2010 he tweeted about blowing up an airport and was subsequently arrested. His conviction attracted public outroar and became a cause célèbre for freedom of speech activists before being overturned on appeal (Chambers v Director of Public Prosecutions [2012] EWHC 2157).

However, there are considerable differences of fact between Russell’s Instagram bio and Chambers’s tweet. Chambers’s tweet mentioned the weather delay — the all important context — and his “threat” lacked menace, because it did not create fear or apprehension in those who read it. Russell may have been quoting a song lyric, but isolated from any other information, her words could reasonably be (mis)interpreted as a genuine threat.

Unfortunately, only limited information is available on Russell’s case, so it is not possible to fully analyse how the Crown determined that it was indeed in the public interest to pursue prosecution. I would assume however that there were some extenuating circumstances. Perhaps Russell had a history of offensive behaviour, or maybe the prosecution proved that the lyrics were intended to cause malicious upset to a grieving family?

While the legal principles and their application may be uncertain in situations such as these, this case underscores the need for a cautious approach to social media. At times, even though I recognise intellectually that my Twitter and Instagram feeds are “public,” the fact that I share personal insights and photos makes the platform seem perhaps more intimate and secure than it really is. Social media is like any other “community,” for which certain rules of decorum do apply.

No more Safe Harbours for EU-ser Uploaded Content?

No more Safe Harbours for EU-ser Uploaded Content?

The European Union is considering a sweeping new Directive on Copyright in the Digital Single Market, currently in draft stages. Industry groups are keen to ensure their opinions are taken into consideration, especially in instances where consumers share content which belongs to artists, authors, record labels, and television channels.

Digital platforms and internet service providers which host User Uploaded Content (UUC) argue that they are not responsible for any copyright infringing material uploaded by their users. However, trade bodies representing various industries believe the incoming Copyright in the Digital Single Market Directive doesn’t go far enough to reform this safe harbour principle.

The E-commerce Directive states that EU Member States shall ensure that internet service providers are not liable for copyright infringements carried out by its customers, on condition that: (a) the ISP does not have actual knowledge of illegal activity or information;  and (b) the provider “acts expeditiously to remove or to disable access” to the illegal content, once they become aware of it (see Article 14).

This article provides ISPs with a “safe harbour” from copyright liability (also known as the “mere conduit” provision). Generally speaking, a safe harbour* is simply a protection available within a regulation that specifies that certain actions do not to violate a given rule, in particular circumstances.

1709 - EU Safe Harbour
In the United States, this principle operates under the “notice-and-take-down system”

About 18 months ago, the European Commission announced its plans to introduce a new Directive on Copyright in the Digital Single Market. As the explanatory memorandum sets out, “the evolution of digital technologies has changed the way works and other protected subjectmatter are created, produced, distributed and exploited. In the digital environment, cross-border uses have also intensified and new opportunities for consumers to access copyright-protected content have materialised. Even though the objectives and principles laid down by the EU copyright framework remain sound, there is a need to adapt it to these new realities.”

Amongst other things, the propsed Directive seeks to rebalance the position of the copyright owner against that of the internet service provider. Last week, various trade groups representing Europe’s creators and creative content producers published an open Letter to the European Council.

The authors suggest that, far from ensuring legal certainty, the Directive as currently drafted “could be detrimental to our sectors,” which include journalism, film and TV, music, and sport. While the authors support the objectives of the proposed legislation, the Letter critiques the latest draft of the directive, and expresses significant concerns about the safe harbour reforms.

In particular, the problems seem to arise with sections addressing the “use of protected content” by ISPs and other platforms which “store and give access to large amounts of works and other subject-matter uploaded by their users”. Put simply, the copyright industries want the safe harbour reformed, so that it no longer applies to user-upload sites (Complete Music Update).

This draws into question how online platforms hosting UUC should monitor user behaviour and filter their contributions. Currently, the platforms review material after it has been published and reported or “flagged” as copyright infringement. This may, as has been discussed with Facebook’s proposed use of artificial intelligence in copyright and hate speech monitoring, “inevitably require an automated system of monitoring that could not distinguish copyright infringement from legal uses such as parody” (The Guardian).

The authors of the Letter voice complaints in respect of the draft forms of Article 2, Article 13(1) and Article 13(4):

  • Article 2 defines which services fall under liability, mentioned further at Article 13. The latest draft could leave most UUC platforms outside the scope, despite the fact they continue to provide access to copyright protected works and other subject-matter. For example, music playing in the background of a makeup tutorial on YouTube.
  • The problem with Article 13(1) as currently written is that it risks narrowing the scope of the right and contravening CJEU jurisprudence. The Letter’s authors argue that “any new EU law should secure that this right is broad,” and “contain no additional criteria which could change via future CJEU rulings.”
  • As for Article 13(4) and its relevant recitals, the authors suggest the language is tantamount to a new safe harbour, which would both “seriously undermine fundamental principles of European copyright,” and pose “unwarranted liability privilege risks breaching the EU’s obligations under international copyright treaties.”

The Letter closes with the authors’ promise to “remain at the Council’s disposal to find solutions to these points.” For more on the proposed Directive, be sure to check out the IPKat’s numerous posts on the subject.

*This “Safe Harbour” in copyright law is not to be confused with the Safe Harbor Data Privacy exemptions between the US and the EU, which have since been declared invalid. On that subject, I might write on the new Privacy Sheild… at some point…

The Six Principles of Data Protection: Facebook fails

The Six Principles of Data Protection: Facebook fails

Facebook may believe that dubious data collection and security practices justify a more connected audience: the incoming General Data Protection Regulations say differently.

Once again, data privacy is in the headlines. But this time, it isn’t a credit agency or department store that has fallen short of consumer expectations: instead, it’s Facebook. Much credit is due to Carole Cadwalladr and her team at The Guardian, who first broke the the Cambridge Analytica story.

#DeleteFacebook was trending on Twitter for a while, and I myself was considering ditching my account – not least because I simply don’t use Facebook often. While I’ve decided against deletion, I was genuinely saddened – although, in retrospect, not surprised – to come across the leaked 2016 “Ugly Truth” Memo from a Facebook executive Andrew “Boz” Bosworth. You can see the Memo in full at Buzzfeed, but the part that hit me hardest reads as follows:

We connect people. Period.

That’s why all the work we do in growth is justified. All the questionable contact importing practices. All the subtle language that helps people stay searchable by friends. All of the work we do to bring more communication in. The work we will likely have to do in China some day. All of it.

The natural state of the world is not connected. It is not unified. It is fragmented by borders, languages, and increasingly by different products. The best products don’t win. The ones everyone use win.

“Questionable contact importing practices”? By Bosworth’s own admission, “the ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is de facto good.”

The General Data Protection Regulations (GDPR) say differently. With less than two months to go until the implementation date of 25 May (!) I’ve set out a little refresher on the main responsibilities for organisations below.

Article 5 of the GDPR contains Six Principles of personal data collection and processing. The data controller (the company collecting or otherwise controlling the data) are responsible for, and must be able to demonstrate, compliance with these principles.

(A) Processed lawfully, fairly and in a transparent manner.
A company collecting data must make it clear as to why the data are being collected, and how the data will be used. The company must provide details surrounding the data processing when requested to do so by a person whose data is collected (the “data subject”). “Questionable practices” are likely neither fair nor transparent!

(B) Collected for specified, explicit and legitimate purposes.
Have you ever filled in a form, only to think, “why am I being asked this question?” This principle states that organisations should not collect any piece of personal data that doesn’t have a specific purpose, and a data subject must give explicit consent for each purpose. A lawful purpose could mean fulfilling a contract: for example, your address is required for shipping something you bought online.

(C) Adequate, relevant and limited to what is necessary.
Companies strive to understand customer buying behaviours and patterns based on intelligent analytics, but under this principle, only the minimum amount of data required may be stored. Asking for one scanned copy of a drivers’ licence may be adequate, but asking for a drivers’ licence, passport, and birth certificate might be more than necessary.

(D) Accurate and, where necessary, kept up to date.
Controllers must ensure personal data is accurate, valid and fit for purpose. Accordingly, data subjects have the right under Article 16 (Right of Rectification) to rectify any personal data held about themselves.

(E) Kept for no longer than is necessary.
This principle limits how data are stored and moved, and for how long. When data is no longer required, it should be deleted. This is closely related to the Right of Erasure (“Right to be Forgotten”) under Article 17, which I previously wrote about in respect of the Google case in England.

(F) Processed in a manner that ensures appropriate security.
This principle is perhaps what most people think about when they think of data protection. It means that IT systems and paper records must be secure, and the security must be proportionate to the risks and rights of individual data subjects. Negligence is no longer an excuse under GDPR!

In 2016, a Gallup study found that Millennials (those of us born between 1981 and 1996) are generally aware of potential data security risks, but less likely to be concerned about them. Prior to familiarising myself with these principles, I simply thought data protection was another phrase for “IT security”. I thought it was just about firewalls, encryption, and outsmarting hackers.

But in the months I’ve been helping clients to get ready for the GDPR, I’ve realised that compliance is about more than just having strong passwords: it really is a mindset. That’s what’s so disappointing about Facebook’s apparent attitude towards the end consumer, in which people are seen only as a series of clicks or “likes” which can be analysed, predicted, and manipulated – at any cost. My Facebook account may remain active, but I for one will certainly be less engaged.

Photo credit – Book Catalogue

Project Gutenberg: the German edition?

Project Gutenberg: the German edition?

Project Gutenberg is an American website which digitises and archives cultural works to encourage the creation and distribution of eBooks. It currently offers 56,000 free books for download, including classics such as Pride and Prejudice, Heart of Darkness, Frankenstein, A Tale of Two Cities, Moby Dick, and Jane Eyre. Many of these titles are available because their copyright protections have expired in the United  States, and are therefore in the public domain. The website is a volunteer effort which relies mostly on donations from the public.

What does it mean if a book is in “the public domain”? This term means that something (a novel, artwork, photograph or other creation) is not protected by intellectual property law, including copyright, trade mark, or patent. Accordingly, the general public owns the work, and not the individual creator. Permission is therefore not required to use the creation.

Despite the noble cause of making literature available at no or low cost to the masses, a recent ruling against Project Gutenberg has resulted in the website being geo-blocked for all visitors attempting to access the site from Germany. The claimants in the case are the copyright owners of 18 German language books, written by three authors, each of whom died in the 1950s.

In Germany, the term of copyright protection for literary works is “life plus 70 years,” as it is in the United States. However, the United States applies different rules for works published before 1978. For works published before 1978, the maximum copyright duration is 95 years from the date of publication. In the United States, the 18 books in question are all in the public domain. For the avoidance of doubt, Project Gutenberg runs on servers at the University of North Carolina at Chapel Hill, and is classified as a non-profit charity organisation under American law.

Sharing and accessing the written word has changed since the 16th century! Engraving showing a publisher’s printing process, from the Met Museum.

The copyright holders of these works notified Project Gutenberg of their alleged infringement back in 2015. In early February 2018, the District Court of Frankfurt am Main approved the claimant’s “cease and desist” request to remove and block access to the 18 works in question. The claimants also requested administrative fines, damages, and information in respect of how many times each work was accessed from the website.

 

Our eBooks may be freely used in the United States because most are not protected by U.S. copyright law, usually because their copyrights have expired. They may not be free of copyright in other countries. Readers outside of the United States must check the copyright terms of their countries before downloading or redistributing our eBooks.

The Court reasoned that it was worth taking into account the fact that the works in dispute are in the public domain in the United States. This however “does not justify the public access provided in Germany, without regard for the fact that the works are still protected by copyright in Germany.” The simple message on the front page (cited above) may not be sufficient to draw users’ attention to the fact that what they are downloading may be in contravention of national copyright laws.

The judgement also cited Project Gutenberg’s own T&Cs in its decision, noting that the website considers its mission to be “making copies of literary works available to everyone, everywhere.” While this broad statement may seem innocuous and idealistic, the court used this to support its findings that Project Gutenberg could not reasonably limit itself as an America-only website.

A key point in this matter is the question of jurisdiction. While Project Gutenberg is based in the USA, the claimants successfully argued that as the works were in German and parts of the website itself had been translated into German, the website was indeed “targeted at Germans.” Furthermore, even if the website had not been intended for German audiences, that the infringement occured in Germany is sufficient grounds to bring the claim in German court.

While Project Gutenberg was only required to remove the 18 works listed in the lawsuit, the organisation has blocked its entire website in Germany to protect itself from any further potential lawsuits on similar grounds (see the Q&A here). Project Gutenberg is planning to appeal the decision.

This first published on the 1709 Copyright Blog. You can also read more at the IPKat here.

 

From Stockholm to Stock Market: Sweden’s Spotify set to list on NYSE

From Stockholm to Stock Market: Sweden’s Spotify set to list on NYSE

Music streaming giant Spotify recently filed its application to put shares on the New York Stock Exchange. The 264 page document details the company’s key risks and challenges: I’ve read them so you don’t have to!

The Securities Exchange Act of 1933, often called the Truth in Securities law, requires that investors receive financial and other significant information concerning financial securities. To avoid misrepresentations and other fraud, any company wishing to place its shares on an American market must submit a prospectus, formally known as an SEC Form S-1 (or an F-1 for foreign companies).

Sweden-based Spotify filed their prospectus for the New York Stock Exchange on 28 February.  Prospectuses are heavily regulated, and accuracy is vital: it is a lawyer’s job to fact-check these documents in a process known as “verification.” To allow investors to make informed decisions, a company must be honest about its particular commercial situation, and explain how share prices may decline. Spotify’s estimated valuation is nearly $20 billion, but it has never made a profit and reports net losses of €1.2bn (£1.1bn).

Spotify clearly needs a capital injection,
but given the risks below, would you invest?

Hitting the right note with listeners.
Spotify’s unique features include advanced data analytics systems and proprietary algorithms which predict music that users will enjoy. These personalised streams rely on Spotify’s ability to gather and effectively analyse large amounts of data, together with acquiring and categorising new songs that appeal to “diverse and changing tastes.” If Spotify fails to accurately recommend and play music that customers want, the company may fail to retain or attract listeners.

Screenshot 2018-03-02 at 11.16.33 PM.png
Spotify knows that 71% of my recent tunes are energetic, upbeat, and suitable for a fitness enthusiast. Touché!

Licensing and royalties.
To make its 35 million tracks available for listeners, Spotify requires licenses from the musicians and record labels who own the songs. Additionally, Spotify has a complex royalty payment scheme, and it is difficult to estimate the amount payable to musicians under their license agreements. Even if Spotify secures the necessary rights to sound recordings from record labels and other copyright owners, artists may wish to discontinue licensing rights, hold back content, or increase their royalty fees. In 2014, Taylor Swift removed her songs from the streaming service in protest, although she later added it back.

Technical glitches and data protection.
Spotify’s software and networks are highly technical and may contain undetected bugs or other vulnerabilities, which could seriously harm their systems, data, and reputation. Growing concerns regarding privacy and protection of data, together with any failure (or appearance of failure) to comply with data protection laws, could diminish the value of Spotify’s service. This especially worth noting as Europe nears the General Data Protection Regulation (GDPR) implementation date of 25 May.

spotify nyc.jpg
Spotify’s NYC offices

Innovation and skilled employees.
Rapid innovation and long-term user engagement is prioritised over short-term financial gain. Spotify admits “this strategy may yield results that sometimes do not align with the market’s expectations.” The company also depends on highly skilled personnel to operate the business, and if they are unable to attract, retain, and motivate qualified employees, the ability to develop and successfully grow the company could be harmed.

International regulation and taxation.
As Spotify expands into new territories, it must adhere to a variety of different laws, including those in respect of internet regulation and net neutrality. Spotify even admits that language barriers, cultural differences, and political instability can bring share prices down! Furthermore, public pressure continues to encourage governments to adopt tougher corporate tax regimes, and tax audits or investigations could have a material adverse effect on the company’s finances.

Image result for bloomberg spotify

Method of offering.
While Spotify may not be able to successfully overcome each challenge listed in its prospectus, many of the risks are relatively common amongst international technology and media companies. But as an additional risk, Spotify has chosen a relatively unconventional method known as a direct public offering (DPO) to bring its shares to the stock market. Unlike a traditional IPO, in a DPO a company will not use an investment bank to market or underwrite (insure) its offering. While this avoids bank fees, uncertainty can result in a discounting of share prices. This is a really technical point and somewhat nuanced (it gave me headaches in law school!) but a risk worth noting.

I’ve written previously about Spotify’s copyright challenges, as well as its controversial privacy policy

UEFA scores goal against internet giants to prevent copyright infringement

UEFA scores goal against internet giants to prevent copyright infringement

Union Des Associations Européennes De Football (UEFA), whose members include 55 national football associations, organises some of the most famous and prestigious football competitions in Europe. Recently, UEFA obtained an injunction against the UK’s main retail internet service providers.

As a substitute for paid subscriptions to sport packages through Sky, BT and others, some football fans are instead using set-top box devices such as Kodi to connect directly to streaming servers via their IP addresses. A survey for the BBC found that 47% of adults have watched a football match through an illegal provider at least once, with 36% streaming matches at least once per month.

Infringement in this way is on the rise for two key reasons. Firstly, an increasing proportion of UK consumers mistakenly believe using devices to access unauthorised streams is lawful. Secondly, most people know they personally won’t face charges for pirating illegal streams.

UEFA therefore applied for an injunction against the internet companies themselves, relying on the principle of “online intermediary liability.” Online intermediaries are companies which provide the infrastructure and data storage to facilitate transactions over the internet. Examples of intermediaries are search engines, web hosts, and internet access and service providers (“ISPs”).

Rather than go after private users, copyright holders – such as UEFA, movie stuidos and record labels – consider corporate intermediaries to be more viable targets for lawsuits. Accordingly, if online intermediaries have actual knowledge of the copyright infringement, they may be liable for the illegal behaviour of their customers and viewers.

Services of intermediaries may increasingly be used by third parties for infringing activities. In many cases such intermediaries are best placed to bring such infringing activities to an end. — Recital 59, Information Society Directive (2001/29/EC)

Continue reading “UEFA scores goal against internet giants to prevent copyright infringement”

Google prepares for the first “Right to Be Forgotten” trials in England

Google prepares for the first “Right to Be Forgotten” trials in England

All human beings have three lives: public, private, and secret.
― Gabriel García Márquez

The European Union’s Court of Justice decision in Google Spain v Agencia Española de Protección de Datos, Mario Costeja González (“Google Spain”) confirmed the “right to be forgotten” for European citizens. This right is further enshrined in the upcoming General Data Protection Regulations (GDPR). Accordingly, European data protection law grants individuals a qualified right to have personal data relating to them removed from search engines.

This right is however considered by some to be a uniquely European phenomena, which resulted from one unusual CJEU judgement. Now, two upcoming cases against Google will be the first time in which the “right to be forgotten” will be considered by the English Courts. 

Two unnamed claimants, known only as NT1 and NT2, are bringing a companion case against Google to enforce their right to be forgotten. (NT1 v Google and NT2 v Google,  [2018] EWHC 67 (QB) (Rev 3))

Continue reading “Google prepares for the first “Right to Be Forgotten” trials in England”