Law and Information

The International Herald Tribune’s weekend edition features an interesting article by David Goodman entitled “Consumers fight copy protection.” You will find references, inter alia, to a Berkman Center study on the EU Copyright Directive I co-authored with Michael Girsberger.

On my reading list for this weekend (half way through by now):

* CALPIRG Report: Limited Knowledge: How The High Cost Of Academic Journals Limits Public Access To Research
* John Tehranian, Whither Copyright? Transformative Use, Free Speech and an Intermediate Liability Proposal
* Lior Strahilevitz, Information Asymmetries and the Rights to Exclude

Besides, I’ve reviewed a draft paper on derivative works and the GPL by my colleague James Thurman. In this paper, James explores as to what extent the GPL seeks to control the distribution of even non-infringing uses of code via contract law. Puzzling questions, especially under the European Autor’s Rights system.

And, of course, I also took a look into (Swiss) Sunday newspapers, although it’s each week more of the same. Exception: Interesting interview with Honorable Judge Rizgar Mohammed Amin in NZZ am Sonntag. In any event, nice to spend a weekend at home and have brunch with friends and family – after too many Sunday mornings in hotel rooms…

Some weeks ago, the Berkman Center and the Research Center for Information Law at the Univ. of St. Gallen organized an off-the-record workshop in partnership with Credit Suisse Group on the “Law & Technology of Digital Information Management: Promises, Challenges, and Perspectives.” Professor Charles Nesson was among our most distinguished participants and commented on hot topics such as eDiscovery and corporate privacy. The following write-up is the draft of the chairmen’s public summary of the workshop. As always, I’m interested in your feedback.

“This report expands on some of the themes explored in an interdisciplinary expert workshop on the Law and Technology of Digital Information Management that was organized by the Research Center for Information Law at the University of St. Gallen in collaboration with the Credit Suisse Group (CSG), Zurich, and was aimed at discussing the organizational, technological, and legal problems associated with the transition from analog/offline to digital/online information management systems in the corporate world. The following text includes some of the key findings of the workshop, but is not intended as a verbatim summary. Instead, it offers a personal memoir of the chairmen of the workshop, Urs Gasser (University of St. Gallen) and Domino Burki (Credit Suisse Group).

The private sector’s transition from the “paper world” to a digitally networked information environment has been accompanied by a number of complex challenges at the intersection of technology, business practices, and the law. These challenges take place at different management levels. At the level of strategic management, for instance, corporations face the challenge of designing coherent records management and data retention polices—as important building blocks of the corporate governance system—vis-�-vis heterogeneous legal requirements, while maintaining efficient commercial operations in data storage. In this context, the workshop participants explored some of the key issues that need to be addressed in document retention policies, such as their interaction with other policies (e.g. data protection policies, web and email policies) as well as substantive issues like ownership of data, responsibility, and security. Focusing on the particularly sensitive issues to be decided at the level of strategic management, the participants put emphasis on two areas.
The first aspect concerns the allocation of control over data within an internationally operating corporation. Most participants agreed with the analysis that custody of data—as opposed to the place of data storage or the physical location of the servers—is increasingly the decisive factor in cases where stakeholders (e.g. law enforcement authorities; plaintiffs) seek access to information stored in corporate information systems. According to U.S. discovery rules, for instance, custody of data is the essential criterion for obtaining access to data, while the place of data storage and the physical location of the server, respectively, have become almost irrelevant. Against this backdrop, the management may be well advised to consider decentralized information management systems, where data is stored in closed, geographically segmented electronic networks.
The second area of concern discussed at the workshop relates to what one might call the ecology of the corporate information system, i.e., the tension between data retention versus data destruction. On the one hand, laws and regulations require that data processing, including data retention and archiving activities, must not be excessive and therefore require the destruction of dispensable data. On the other hand, destruction bans or litigation holds, usually relatively vague in their scope, force multinational companies to retain such data. An analogous tension between retention and destruction interests also exists with regard to data as potential evidence: On the one side, companies may have an interest in extended data preservation in order to provide evidence in court proceedings—destruction of data, in fact, could even be considered a frustration of evidence—while extensive data retention practices on the other side may motivate extended inquires by third parties or law enforcement authorities.
Although clear-cut safe harbor rules for cases in which data has been destroyed in accordance with a company’s internal data retention policy have not yet been enacted (but are considered in at least some jurisdictions, including the U.S.), the workshop participants agreed on the importance and promise of a systematic, “best practice”-oriented approach to records retention and destruction. A key element of such a systematic approach is software that enables deletion of data and metadata, but allows tracking the responsibility for the decision to delete data.

A corporate policy aimed at structuring the transition from an analog to a digital corporate information environment and regulating digital data management practices, as any other policy, needs to be implemented. The implementation of the data policy decisions taken at the strategic level requires important decisions at the level of operative management where technological, organizational, behavioral and financial elements interact. The workshop participants explored several areas that deserve special attention by the operative management. One of the key challenges is providing and coordinating the necessary resources to keep pace with the exponential growth of corporate information and to appropriately manage digital records throughout their life-cycle. A second challenge relates to the development and application of intra-organizational enforcement tools and practices aimed at enforcing records management policies and procedures across the enterprise. It has also become clear that it is increasingly important to master the interactions between human decisions and the technology of information management. From a technological viewpoint, for instance, it is possible (as mentioned above) to implement software that is able to retrieve all documents subject to a destruction ban, to mark them and thus to exclude them from destruction. From a behavioral perspective, however, one has to manage the phenomenon that not all documents are labeled correctly (e.g. typos, indexing errors) and, as a consequence, that human decisions are still necessary.

At the center of the digitally networked corporate environment are nearly perfect information systems in which almost all actions are systematically recorded and stored, leading to complete data trails. As the private sector is gathering more and more data on customers, suppliers, competitors, etc., various stakeholders such as potential plaintiffs or law enforcement authorities intensify their efforts to gain access to corporate digital information systems for their respective purposes. The resulting conflict between interests in disclosure of data versus privacy interests (including, among other things, banking secrecy) has not yet been balanced by an advanced legal and regulatory framework, neither at the national nor at the international level. In fact, the possibility of global access to corporate information systems (e.g. law enforcement authorities in one country may require a subsidiary to grant access via electronic network to data “belonging” to the headquarters operating in a different country) are in sharp contrast to the heterogeneous local laws and practices regulating access to data. Against this backdrop, the workshop participants explored two specific questions in greater detail.
First, practical and theoretical problems in cross-border litigation (e.g. considering the Hague Convention) were discussed by analyzing an actual example of a foreign plaintiff who sued a Swiss company before a Swiss court after gaining access to data from the US subsidiary based on a provision regarding assistance to foreign tribunals, and sought to use the so collected data in the relevant Swiss procedure.
Second, the practical significance of Art. 271 of the Swiss Penal Code (illicit acts on behalf of a foreign State) and Art. 273 Swiss Penal Code (economic espionage) is up for discussion in an environment where data hosted in Switzerland can be accessed from abroad. In fact, anecdotal evidence suggests that local authorities in foreign countries—as well as plaintiffs in civil litigation (eDiscovery)—seek to gain direct electronic access to data in cases where, under a “paper world scenario,” access would usually require compliance with well-balanced legal or administrative assistance procedures. In this area, the workshop participants identified both the need for further in-depth legal research where theory and practice work hand in hand and may lead to policy recommendations as well as a cross-industry approach aimed at raising the awareness of foreign judicial authorities as to the existence of comparatively strict privacy laws in Switzerland.

In conclusion, the workshop participants agreed that multinational corporations, regardless of the products and services they offer, are increasingly also in the IT business in the sense that the design of digital information systems becomes an important management issue that no longer can be left to the discretion of IT departments, but must be understood as an integrative element of corporate governance and strategy that requires the attention of the top management. The need for an advanced ”cyber-strategy” was particularly emphasized by Professor Charles Nesson, Harvard Law School. The workshop also made specific suggestions as to how to deal proactively with some of the key problems outlined in the previous paragraphs. At the core is the idea to organize abroad a cross-industry summit of multinational corporations headquartered in Switzerland in order to further explore—in dialogue with foreign judges, government authorities, private sector representatives, etc.—the challenges and promises of corporate digital information systems in a globalized world with its heterogeneous legal frameworks.”

Read this – no comments from my side… (find an inofficial English translation of the draft implementation here.) As my friend Mike puts it: Good luck, Switzerland, on the negotiations of the bilateral trade agreement with the U.S.

INTERNATIONAL INTELLECTUAL PROPERTY ALLIANCE 2005 SPECIAL 301 SPECIAL MENTION SWITZERLAND

The Federal Copyright Act of 9 October 1992 as amended is currently undergoing further revision in order to implement the WIPO Copyright Treaty (WCT) and WIPO Performances and Phonograms Treaty (WPPT) into Swiss law. IIPA is concerned with the way in which the two treaties are being implemented in the country. The Swiss Federal Institute for Intellectual Property continues to delay the implementation of the WIPO Copyright Treaties. In September 2004 a draft implementation was released, but is problematic in several respects: it has an overly broad private copying exception (indeed the current exception is problematic and certain groups argue that downloading infringing copies of copyright works from peer-to-peer (P2P) networks is legal in Switzerland); inadequate protection of technological measures (including over-broad personal use exemptions); and burdens on rightholders employing technological measures (including labeling obligations).

Furthermore, the Swiss government should seek to make the use of P2P networks for copyright infringement more difficult. SAFE (the Swiss Anti-Piracy Federation) continues to investigate portal sites, which are generally hosted by foreign providers. In March 2004, police (cooperating with SAFE and the German Anti-Piracy organization [GVU]) raided the home of the Swiss creator of an eDonkey portal offering an extensive number of links to movies, cartoons, PC and console games, software, books and pornography (averaging 220,000 visitors per day). This individual will be prosecuted for copyright offenses, the first such prosecution against the creator of a portal for a P2P network in Switzerland.

For the fifth time within two months I’m finding myself back in Cambridge, Mass. You can’t imagine how much I love this place. There are many reasons why I think Cambridge is among the most exciting and inspiring places to be. One reason, of course, are the many wonderful friends and colleagues that have been working and living here. Take as one prominent example my brilliant colleague Derek Slater, Fellow at the Berkman Cente and EFF affiliate with whom I had the pleasure to work on a couple of projects. He has just posted two interesting podcasts on his blog. In the first piece, Derek reports about the P2P litigation summit he participated in, arguing that we have to learn more about – and from! – the stories of the people that got sued by the recording industry. In the second podcast, Derek provides a big-picture analysis of possible (technological, business, and policy) approaches to the file-sharing problem. In essence, he makes a strong case why policy-makers should not take drastic measures (such as, e.g., compulsory licensing systems or, as the worst-case scenario, mandatory DRM schemes) to address the current digital media crises. Rather, policy-makers may be well advised to trust in the evolutionary power of market mechanisms on the one hand (emerging business models, in fact, might address the problem) and to focus on the reform of the DMCA and certain procedural protection measures on the other hand.

Viktor Mayer-Schoenberger, together with John Crowley, has made available online his most recent piece entitled “Napster’s Second Life? – The Regulatory Challenges of Virtual Worlds” on SSRN. By examining virtual worlds like EverQuest and Second Life and using a law and economics approach, the authors develop a scenario as to how the real-world legal system will interact with virtual worlds. Viktor, in essence, argues that virtual worlds will increasingly be engaged in regulatory competition with each other by offering alternative governance structures – including the allocation of intellectual property rights – to their users.
Further, the authors argue that real-world law makers are unlikely to extend the reach of national legal frameworks into virtual worlds, but might aim at regulating virtual world providers. Against this backdrop, Viktor and John explore some of the potential consequences of such an approach and conclude that such an approach by real-world legislators is likely to backfire and push “virtual worlds along a path similar to the one along which the fight against Napster pushed music sharing – towards a decentralized peer-to-peer model, in which providers themselves disappear, and with them almost any hope of real world lawmakers to directly influence the governance inside virtual worlds.” As an alternative, the authors recommend national lawmakers to facilitate the creation of robust self-governance structures within virtual worlds rather than “napsterizing” virtual world providers.

Natali Helberger, Institute for Information Law, University of Amsterdam, has written yet another good piece on Digital Rights Management from a Consumer’s Perspective.

In the past few weeks, I’ve been fortunate enough to participate in a series of exceptional workshops, panels and seminars. Today, I had the pleasure to contribute to an international legal seminar here in Ljubljana–one among other events to celebrate the launch of CC Slovenia. I had the honor to lecture on participatory culture and the future of information law and the pleasure to interact with Larry Lessig, Charles Nesson, Bernt Hugenholtz as well as Sacha Wunsch-Vincent and Ronaldo Lemos. It’s been an interesting conversation–I’m still thinking–about the empowerment of the individual, digital creativity, the future of copyright and, ultimately, governance of the Net. Charlie fascinated the audience with a videoconference from Poland and a wonderful contribution summarized here. Thanks, Charlie! Thanks esp. to Maja Bogataj and her team for making all this possible!

Sacha Wunsch-Vincent, an economist at the OECD”s Information,Computer and Communications Policy (ICCP) Division and scholar at the Swiss National Science Foundation, has written a must-read on the WTO, the Internet and Digital Products. Here’s the abstract of the seminal book (forthcoming, Hart International Trade Law Series):

More information about the author and the book is available here.

Wonderful news from Switzerland: Nadia Ana is born! Congratulations to Amaia and Kaspar and best wishes to the families!