Joris van Hoboken

From the Court’s press release (my translation) [judgment is here]:

The Dutch Court in Nijmegen has dismissed the claim bi Chip maker NXP against the publication of the security problems surrounding the Mifare Classic Chip. NXP asked the judge to order the University of University of Nijmegen not to publish its research results. NXP argued that the publication would allow evil-minded to easily break into security systems and to make fraudulent use of public transport. According to NXP, the publication would cause considerable damage and security risks for NXP and users worldwide. The University disputed the risks of publication and refered to its right to freedom of expression.

In a preliminary ruling, the judge concluded that freedom of expression as enshrined in Article 10 of the European Convention of Human Rights also applies to the publication of academic research. Restrictions are only possible if they are needed to protect a pressing social need that can be demonstrated convincingly. The judge considers that in a democratic society,  great interests are served by the publication of the results of scientific research and the information of the public about the serious deficits of the chip, so that measures can be taken against the risks of the security leak of the chip. That publication of the article would cause significant security risks has been insufficiently demonstrated, according to the judge. The damage on the side of NXP is not a result of the publication of the reseacrh results but the result of the production of and trade in a chip that has shown to have deficiencies, which is the proper responsibility of NXP itself. For these reasons the claim is dismissed.

In a sympathetic post, the third in a series, Amit Singhal explains some of the breakthroughs Google has made in matching searching users and the information in their index. Surely, some remarkable work is being done at Mountain View. I hope they share it with the information retrieval community.

Commission Green Paper on Copyright in the Knowledge Economy:

“A forward looking analysis requires consideration of whether the balance [between broad exclusive rights and specific and limited exceptions] is still in line with the rapidly changing environment. Technologies and social and cultural practices are constantly challenging the balance achieved in the law, while new market players, such as search engines, seek to apply these changes to new business models. Such developments also have the potential to shift value between the different entities active in the online environment and affect the balance between those who own rights in digital content and those who provide technologies to navigate the Internet.”

I have hardly read anything more evasive. You can’t say that it states that the balance (ad revenue) should be restored in favour of the content industry, but it is not unliekely that this is the desired outcome. Reading between the lines and in a footnote, search engines might need to get permission to process copyright protected material in their index and open it up for users:

Commenting on an image search case in Germany, that held that the thumbnails did not constitute infringement, the Commission states:

“Following a similar line of argument, search engines are not asking for prior permission from copyright owners to index content of web pages. Search engines argue that, if a content owner does not want the content of the web page to be indexed, he can encode the message in a text file called “robots.txt” in order to opt-out and block the search engine from copying content. If no such technology is applied, they believe that this is tantamount to an implied licence for a search engine to copy and index.”

Unfortunately, there is no question addressing this important issue.

Parallel to this Green Paper, the Commission also went through with its proposal for a term extension for performers rights. The impact assessment is here.

They sue online market places (i.e. eBAy) in the hope of trademark law friendly court rulings:

U.S.: Tiffany (NJ) Inc. v. eBay Inc., No 04 Civ. 4607 (RJS) (S.D.N.Y. July 14, 2008)

Germany: Rolex v. eBay Bundesgerichtshof [BGH], Urt. v. 30.4.2008 - Az.: I ZR 73/05

France: Louis Vuitton c/ eBay Tribunal de Commerce de Paris, 1re chambre B, 30 juin 2008

One of the questions each of the courts needed to answer is what is the legal standard for the duty of care of the online market place with regard to third party trademark infringement. Unlike what I have seen reported in the media, the U.S. Court did not say that the adoption of a simple notice and takedown policy would be enough for eBay to escape contributory liability under U.S. law. The Court puts a lot of emphasis on the extra meaures put in place by eBay, in the absence of which eBay would probably not have escaped liability. In Eric Goldman’s words the judge endorses those measures:

“Most noteworthy is that the judge endorsed eBay’s various efforts to reduce the sale of counterfeit goods on its site and provide extrajudicial recourse to brand owners like Tiffany. Back in the 1990s, some caselaw suggested that affirmative efforts to suppress user activity might exacerbate liability, so the preferred strategy was to remain “passive” with respect to users. eBay chose a different approach. It proactively attempted to reduce the incidence of counterfeiting on the site through its VeRO program, its fraud engine, manual review efforts to seek out auctions that looked like they might be counterfeit goods. Further, eBay continues to innovate new ways to curb bad users or help brand owners.”

As a consequence, it seems that the line between being liable and not liable has been made dependent on a number of different preventive measures. In practice it means that one has to impress the judge with the technological tools one has put in place to monitor counterfeiting and trademark infringement. I am not so sure whether this is such a stable solution and I am also not sure whether this is similar as the safe harbour in the DMCA. What is a reasonable amount of policing for an online market place? As far as I can see all three courts have said: something more than notice and takedown. In that sense also the U.S. decision could be seen as a victory for the luxury goods industry, even though the judge states: “[T]he fact remains that rights holders bear the principal responsibility to police their trademarks.” This is not a hard criterium for the residual responsibility of the online market place.

At this hearing of the Senate on the future on online advertising in light of the Yahoo Google deal, I just heard Microsoft’s representative (under oath) quoting Jerry Yang from a confidential meeting between Yahoo and Microsoft. According to him, Yang basically would have said that the deal between Google and Microsoft would foreclose the market (putting Yahoo in a Google orbit). There is another hearing in the House later today.

The Senate of the Dutch Parliament (Eerste Kamer) has drafted its preperatory report of the data retention act. The report is highly critical and contains a lot of questions the Government will find difficult to answer. In addition, the Senate has decided to look for an expert witness on data retention.

Whereas the main support of the act in its current form in parliament came from the Christian Democrats (CDA) and the Conservatie Liberal Party (VVD), the CDA Senate representatives are much less enthausiastic about data retention. Together with his collaegue Senators, Senator Franken (CDA), an IT law professor from Leiden University who consistently fought against the adoption of blanket data retention since it surfaced on the political agenda in 2004, presents some fundamental problems underlying data retention in the Senate report. To give a few quotes (my translation):

“Naturally, the members of the Senate acknowledge the duty to implement the Directive, however, this seems to involve an actual infringment of Article 8 ECHR, so that the fundamental questions resulting from said Article about the necessity casu quo proportionality of the measure are under discussion.”

“In the opinion of the CDA members, the [Erasmus report] can not serve in any way as evidence for a longer than minimum retention term.” [...] “The conlusion is that the evidence for the poportionality required by Article 8 ECHR is absent and that the necessity of the retention of Internet data is not proven.”

“As the possibilities to circumvent data retention are almost unlimited, the CDA-members are wondering on what grounds the government expects any useful effect of the proposed measure.“

In the second of a series of posts about ranking, Amit Singhal, Google Fellow explains a few principles behind the ranking of Google search. Noting new in the post, exept for one remarkable quote: “Our engineers understand exactly why a page was ranked the way it was for a given query.” If I were Google I would not say this in a case involving search engine liability.

commoncrawl, A start up in the U.S. is on “a mission to build, maintain and make widely available a comprehensive crawl of the Internet for the purpose of enabling a new wave of innovation, education and research.”

Since crawling has some serious economics of scale the start-up seems a reasonable initiative. It does not make sense to have 100 different crawlers, crawling the Web, if you can have one or a few that is(are) open and flexible enough to fulfil demand and is less bothersome for webmasters.

One of the things I am interested in is to what extent they will be transparent about the removal of information from their common crawl. They could install a filtering product and take some preventive action. They could also just wait to get notices, which would start to arrive once they would become used.

[ July 18, 2008: University wins the case, UPDATE HERE]
The Computer Security Group in Nijmegen, is taken to Cour by NXP because of a forthcoming publication over the broken Mifare chip. The chip is used in a variety of products and services, most notably the upcoming OV-Chipcard for public transport in the Netherlands. Bart Jacobs c.s. had waited with the publication and presentation of the results to give NXP the opportunity to fix the problems. NXP did not solve the problem. Now it thinks it’s the best to get a judge order to prevent the publication.  Decision upcoming Thursday. The Security publication is happening in the midst of a long and heated public debate in parliament and the media about the merits of large scale computer systems, their quality and security standards and the government’s ability to manage these kind of projects. The publication is essential for this debate. The judge will have to send NXP back to their laboratories - if they have any.

Google is moving into Europe with its Street View service. We can now explore the stages of the tour de france. Google must have been driving around its little spying camera cars this winter. The highest mountain in this year’s tour was too snowy to take pictures.