Donate to SAFLII and support open access to the law

SAFLII is a vital cog in the broader movement to safeguard democracy in South Africa through open access to the law. SAFLII relies on donations to operate. Make your donation today, before it is too late.

If you are somehow involved in the South African legal scene you will know about SAFLII, the South African Legal Information Institute. To say this organisation provides a valuable service to the South African public is a gross understatement. The service it provides is vital and now SAFLII needs our help to keep it going.

What is SAFLII?

In case you aren’t familiar with SAFLII, it is a non-profit that has been working for years to make open access to legal knowledge and developments a reality. This is how SAFLII describes itself:

The Southern African Legal Information Institute (SAFLII) is an online repository of legal information from South Africa that aims to promote the rule of law and judicial accountability by publishing legal material for open access in line with the objectives of the global Free Access to Law Movement.

SAFLII also hosts legal materials from other countries in the region, which are obtained through partnerships and collaborative efforts with governments, courts, law societies and more recently through linking to other Legal Information Institutes being established in these regions.

If you want to know what happened in a pivotal court case, you go to SAFLII. They curate and publish court cases from South Africa’s superior courts (High Courts up to the Constitutional Court, along with a number of tribunals) as well as a range of journals and other legal reference materials.

You simply can’t have a society based on equal access to the law if you can’t actually access legal information. SAFLII is South Africa’s answer to that and one of the handful organisations that ensure that South Africans have meaningful access to legal developments.

Revolutionising open access to the law

I have been a huge fan of SAFLII and its work for years. My introduction to SAFLII was through a Privacy and Freedom of Information workshop hosted by the Constitutional Court in September 2007.

I have referenced dozens of court cases in my articles about legal news and developments over the years. This was only possible because of the incredible work the SAFLII team has done. Here are a few of the articles that became possible thanks to SAFLII:

  1. What the High Court decided about broadcasting the Oscar Pistorius trial
  2. Isparta Facebook defamation case highlights a fundamental legal question
  3. Johannesburg High Court rules on Facebook defamation
  4. The President, his penis and the Streisand Effect

To lawyers, these cases are professional knowledge. To the general public, these cases are a direct line to insights into the forces that shape South Africa on a daily basis.

Attending a workshop at SAFLII
My first exposure to SAFLII and a Privacy and Freedom of Information workshop in late 2007

Before SAFLII, commercial legal publishers such as LexisNexis and Juta & Company had a lock on legal knowledge. They were the exclusive publishers of court cases, statutes and journals and those invaluable materials were only available through relatively expensive subscriptions.

SAFLII changed that by publishing judgments published by South Africa’s courts and tribunals for free.

Those judgments, alone, made a profound difference. SAFLII’s work meant that citizens could read about the cases that shape the law. It also meant that lawyers and law students could keep up to date on the trends shaping the profession and all aspects of South African law.

Now SAFLII needs our help – Donate!

The organisation launched a fundraising drive a couple months ago. Its operating budget seems to be around R2 million each year. The organisation hasn’t published any information about its progress towards its goal but time is running out.

South Africa can’t afford to lose a resource like this. The law may be a dry abstract to most South Africans but open access to the law is a powerful tool to help build and maintain a democracy.

Donate to SAFLII
Donate to SAFLII today.

We can all make a contribution to keep this vital service alive for another year. Make a donation, whatever you can afford. SAFLII offers three options:

  1. Credit card;
  2. SnapScan; and
  3. EFT.

Donate today, make a difference.

The State Capture Report downloads, analysis and news

Update (2016-11-08): Added a new section titled “Interviews with President Zuma” with embedded audio recordings of interviews conducted by the Public Protector.

The State Capture Report is the culmination of a revealing investigation into various allegations of corruption and irregular actions by prominent politicians and business people. This is the first paragraph of the report’s introduction:

The investigation emanates from complaints lodged against the President by Father S. Mayebe on behalf of the Dominican Order, a group of Catholic Priests, on 18 March 2016 (The First Complainant); Mr. Mmusi Maimane, the leader of the Democratic Alliance and Leader of the Opposition in Parliament on 18 March 2016 (The Second Complainant), in terms of section 4 of the Executive Members’ Ethics Act, 82 of 1998 (EMEA); and a member of the public on 22 April 2016 (The third Complainant), whose name I have withheld.

It was completed in October 2016 by Advocate Thuli Madonsela, then the Public Protector. The report was submitted to the Speaker of Parliament and withheld, partly due to legal challenges to its release by the President and others.

On 2 November 2016, a full bench of the High Court ordered the State Capture Report’s release. The court ordered the Public Protector to release the report on its website which crashed soon after the order was made. The report eventually became available on the website. Below are download links to the two parts of the report.

I have included alternative download links to copies of the report stored on Amazon S3 in case the Public Protector’s site goes down.

The State Capture Report

  1. Report No:6 of 2016/17 on an investigation into alleged improper and unethical conduct by the President and other state functionaries relating to alleged improper relationships and involvement of the Gupta family in the removal and appointment of Ministers and Directors of the State-Owned Enterprises resulting in improper and possibly corrupt award of state contracts and benefits to the Gupta family’s businesses
    1. Official link on the Public Protector’s site
    2. Alternative download link
  2. Annexure A1 Interview between President Zuma and the Public Protector
    1. Official link on the Public Protector’s site
    2. Alternative download link

The Report is also available from SAFLII:

Interviews with President Zuma

eNCA has published audio recordings of the Public Protector’s interviews with President Zuma on its website. The President has lodged a complaint with the Public Protector about this but the interviews are currently available through these players:

Analysis

As you would expect, there has been considerable analysis of the State Capture Report.

Below are some of the links that I came across which seem particularly helpful in understanding the findings of the report and their implications. I may add to this list from time to time so check back for updates.

Interviews and discussions about the State Capture Report

State Capture Report developments

I created a Twitter Moment titled “#StateCapture Links, News and Analysis” to help organize many of the developments I found particularly helpful. This Moment may also be updated over time:

Of course you can also follow the #StateCapture hashtag on Twitter for even more developments and analysis:


Japanese theft from Standard Bank – leak?

The news about the Japanese theft from Standard Bank using roughly 1,400 cash withdrawals from Japanese bank ATMs raises serious questions about Standard Bank’s security and the possibility of a data leak.

Alicia’s recent article about cyber risks is very timely. News of a massive Japanese theft from Standard Bank highlights some of the risks Alicia wrote about.

Defeat cyber risks, use the Force

At the same time, this is an interesting attack primarily because of its simplicity. Usually credit card fraud attacks are based on stolen credit card information and/or cloned cards but chip and PIN cards (which are probably the most prevalent type of credit card in use in South Africa these days) are usually too secure for that to work.

What went wrong?

It’s one thing to clone a credit card and swipe it as a way to obtain some sort of benefit but withdrawing so much cash means the thieves had access to a substantial number of PIN codes and were able to draw roughly R14 000 from each ATM.

It’s not clear if that is per withdrawal or cumulatively from each ATM. If it is per withdrawal, there could be a problem with withdrawal limits set for the cards which were cloned.

Instead, the Japanese theft uses something much simpler and old school: PIN codes to enable the thieves to draw cash from Japanese bank ATMs. According to Moneyweb:

Police believe more than 100 people may be involved, according to the report, which quotes anonymous sources as saying that approximately 14 000 transactions were used to draw a maximum of 100 000 yen (R14 247) from seven bank ATMs.

Was Standard Bank hacked?

The big question, though, is how the thieves obtained the PIN codes to facilitate the crime? This question remains unanswered, for now, but early indications point to an exploit or security breach of some kind at the bank.

According to The Mainichi, which broke the story in its article titled “1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan” –

Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account information leaked from a South African bank.

This story is still developing so expect to hear more, particularly about this alleged leak.

Postscript:

I assumed the credit cards were cloned but some commentators have suggested that these are issued credit cards, although with fictitious card numbers.

Postscript 2 (2016-05-24)

According to Ars Technica:

The theft took place on May 15, a Sunday, between the hours of 5am and 8am. ATMs were targeted across Tokyo and 16 other prefectures in the country. Police said they believe up to 100 people were involved in the heist, according to the Kyodo News Agency. The thieves apparently went to ATMs like those found in 7-11s across Japan and swiped counterfeit South African credit cards, created using information from cards issued by South Africa’s Standard Bank.

So the thieves created fake cards using information from issued credit cards? I have a feeling we are going to learn something important about how credit cards work and how they are processed by banks by the time the key details of this story emerge.

Image source: Pixabay

WhatsApp encryption guarantees your privacy

WhatsApp encryption is now complete and, when using an up-to-date version of WhatsApp, virtually guarantees your privacy with end-to-end encryption and forward secrecy.

WhatsApp_Logo_1Whether you realise it or not, WhatsApp encryption now guarantees your privacy. All you need to do is make sure you are running the latest version of the immensely popular chat app on your mobile device. WhatsApp’s founders published a blog post yesterday announcing the culmination of year and a half journey with Open Whisper Systems:

WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

WhatsApp encryption, in itself, isn’t new. Open Whisper System’s Moxie Marlinspike summarised the fruit of this journey in his blog post titled “WhatsApp’s Signal Protocol integration is now complete”:

As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other. This includes all the benefits of the Signal Protocol – a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed to make end-to-end encrypted messaging as seamless as possible.

We are still in a transitionary phase at the moment. Conversations will only be encrypted if all the parties to a conversation are using an updated version of WhatsApp. When they are, though, the result is pretty impressive:

  • WhatsApp conversations (voice and text) are fully encrypted. This includes all the attachments. WhatsApp itself can’t decrypt the messages and its servers really only pass the encrypted messages between users.
  • Because WhatsApp uses different encryption keys for each session, older messages can’t be decrypted even if someone manages to seize a current encryption key (this is known as “forward secrecy”).
  • Once your conversations with contacts are encrypted, they remain encrypted and downgrading to an earlier version of WhatsApp won’t make your messages available in an unencrypted form.
  • For the time being, you can see which of your conversations are encrypted by looking to see whether your contact/s is/are using an updated version of the app. You will also be shown a message that indicates that your conversations with a contact are encrypted going forward.

One step for fully encrypted conversations

We have had encrypted messaging apps for a little while now. Apple’s Messages app and the popular Telegram app are encrypted to a degree although neither are encrypted end-to-end like WhatsApp, apparently.

Cade Metz wrote a fascinating article for Wired titled “Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People” which gives a fair amount of background into this development. As he pointed out, the scale of this is remarkable when you consider just how big WhatsApp is:

More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network.

One of the challenges implementing encrypted solutions is simplifying the process for users enough so the process itself isn’t a deterrent. This migration is literally as simply as updating your app and prompting your contacts to do likewise to ensure that your conversations are encrypted.

Why encrypted WhatsApp is a big deal

Encrypted WhatsApp messages about family dinner plans may not seem a high priority. Consider that WhatsApp is one of the biggest social and communications platforms on the planet used by friends, families, business people and activists, alike. Suddenly you can see the benefits of a service that easily implements strong encryption and protects conversations that are truly sensitive and could, literally, save lives.

The flip side is also true: terrorists and criminals could also use WhatsApp to hide their conversations and may well be doing that. Bear in mind, though, that WhatsApp isn’t the only encrypted communication solution. Publicly available solutions have been around for years and if the bad guys aren’t using WhatsApp, they have many other options available to them.

This is a more significant development for the rest of us because it means that we are less vulnerable to digital attacks by the bad guys. It also means that people who need an assurance of privacy can have it. As the WhatsApp team pointed out in their blog post:

We live in a world where more of our data is digitized than ever before. Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people’s digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.

I know a few colleagues, lawyers, whose communications with their clients have been intercepted and compromised. They have had to seek out other solutions to protect their privileged conversations (one option has been the Signal app which was also developed by Open Whisper Systems). This development means they can simply stick with WhatsApp and be confident that their privileged conversations remain protected.

WhatsApp becoming fully encrypted is a big deal. It is also a smart move because it means that WhatsApp is simply unable to follow regulators’ directives to hand over users’ data. It places them beyond the fray and leaves governments to figure out how to deal with a substantial proportion of the planet’s population whose communications are protected from their interference. Or, as WhatsApp’s Koum and Acton put it:

Today more than a billion people are using WhatsApp to stay in touch with their friends and family all over the world. And now, every single one of those people can talk freely and securely on WhatsApp.

Image credit: Pixabay

MTN’s misleading uncapped data bundle fine print

MTN’s uncapped data bundles are not what consumers think they are. They are complicated packages with rules that limit them dramatically.

EWN published a surprising story titled “The terms of MTN’s uncapped data explained”, in which MTN’s Chief Customer Experience Officer, Eddie Moyce, explains MTN’s activation requirement for its time based uncapped data bundle. Here is the radio segment:

The surprise is that this uncapped data offer doesn’t work the way you may expect. Consumers should pay careful attention to the fine print avoid being caught out, potentially at a substantial cost. Essentially, even though you have paid for the bundle, you still need to activate it by dialling a short-code which you receive by a SMS. If you don’t activate the bundle, you will use data at normal data rates and could wind up with a larger bill than you expected.

Two aspects of this story are problematic:

1. Why offer this sort of “uncapped” bundle that the customer still needs to activate in order to use it, even after paying for it?

This is really misleading. Most data bundles activate automatically when you have paid for them and the changes propagate across the network, don’t they?

The mechanism suggests that MTN intentionally created this activation mechanism knowing that many customers won’t actually realise they need to do it and will wind up paying far more. I checked the terms and conditions that apply to this package (I think – the MTN site is not exactly designed to find information easily) and it says the following:

  1. Activation of the MTN 1 Day Uncapped Internet Bundles

5.1 Customers may purchase an MTN 1 Day Uncapped Internet Bundle by dialing *141*2#.

5.2 Customers must activate the MTN 1 Day Uncapped Internet Bundle after purchase, by dialing *141*5#. The MTN 1 Day Uncapped Internet Bundle does not automatically activate .

5.3 Customers may only activate the MTN 1 Day Uncapped Internet Bundle if they have sufficient airtime in their airtime account or using their usage limit (for My MTNChoice customers). This excludes MTN Loyalty 1–4–1 Loyalty Points and any promotional airtime.

Data bundle details

These data bundles are typically “valid for a period of 24 (twenty four) hours”, although only “after [they are] activated”. I also wonder how many people are aware of when the data bundle kicks in? How many people assume (and reasonably so) that the package kicks in automatically and they start using the data right away?

The seemingly reasonable SMS from MTN with activation instructions is challenging. Many people ignore SMS messages they receive for various reasons and may not notice the significance of an activation message until long after their bill has hit triple digits.

This activation mechanism looks a lot like the dodgy tactics mobile content providers used to use before they were banned: automatically subscribing consumers to expensive content (think R5 or R7 per day until cancelled) subscription services without clear double opt-in mechanisms and pricing information. You wouldn’t expect major network operators to use misleading tactics such as these.

2. Why impose a “fair use value” cap of 150MB on an “uncapped” data bundle? That is tiny.

Then, to add to this, the notion that a bundle with a “fair use value” cap of 150MB is somehow an “uncapped” data bundle is ridiculous. That is a tiny amount of data when you consider that, as Eddie Moyce put it, people tend to buy these packages for specific reasons. One of those reasons would be that the customer needs to use a lot more data than his or her usual bundle allows (at least, cost effectively) in a short time period.

Here is an extract from the terms and conditions dealing with the “Fair Use Policy”:

9.1.4 Customers with an active MTN 1 Day Uncapped Internet Bundle shall be able to generate uncapped data usage, however, a fair use value/threshold as detailed in the table in clause 4 above will apply for the duration of the Validity Period.

9.1.5 Should the Customer exhaust the fair use value, as detailed in the table in clause 4 above, before the end of the Validity Period, the Customer’s data speeds will be reduced to 128kbps for the remainder of the Validity Period and the Fair Use Policy shall detailed in this clause 9 shall apply.

9.1.6 MTN further reserves the right to implement other measures and controls to ensure that the integrity of its systems is maintained, including but not limited to measures such as DPI (Deep Packet Inspection). DPI:

9.1.6.1 allows MTN to monitor aspects including, but not limited to, non-compliance with its Fair Use Policy and restricted protocols, prevent attacks from computer viruses/worms and identify SPAM. Such usage may be blocked or re-routed;

9.1.6.2 also allows MTN to throttle certain usage, such as peer to peer traffic;

9.1.6.3 shall also allow MTN to prioritize/filter certain activities, such as VoIP traffic, over other activities which are burdensome on the MTN network (such as video streaming);

9.1.6.4 in essence, this allows MTN to alleviate network congestion and improve service to all MTN customers.

9.1.7 This Fair Use Policy may be amended by MTN, whether by clarifying, modifying, adding to or deleting certain terms and conditions. This is subject to the Modification of Terms and Conditions, including notice being provided to you, as detailed in clause 16 below.

Not only does the available data speed slow to 128kbps when you hit that measly 150MB but MTN also imposes a series of restrictions on how you can use the data and when. The end result is that your “uncapped” data bundle is more like a “you can’t do much with this ISDN-like connection but thanks for paying anyway” bundle.

But wait, there’s more:

  • MTN hides all these restrictions and qualifications in terms and conditions which few consumers will ever read, and
  • these restrictions are couched in fairly dense language and presented in pale text on a white background that no-one over 45 can read without squinting says a lot too.

MTN terms

One more thing – no business use for you

Oh, by the way, this package isn’t available for “commercial use” so don’t think you are allowed to use this package to give your small business a little boost either:

9.2 The MTN 1 Day Uncapped Internet Bundles are intended for consumer use only. This means that the MTN 1 Day Uncapped Internet Bundles may not be used for commercial use (which includes, but is not limited to the intention of promoting, enabling, subscribing to, selling (directly or indirectly) the goods, services or image of any person pursuing a commercial, industrial, craft, religious, charitable or political activity or exercising a regulated profession).

9.3 The MTN 1 Day Uncapped Internet Bundles exclude use of the following services:

9.3.1 Least Call Routing (LCR);

9.3.2 Routing devices; and/or

9.3.3 Commercial use.

9.4 Use of the above services shall be deemed abuse and/or fraudulent use of the MTN 1 Day Uncapped Internet Bundles and shall entitle MTN to immediately suspend and/or deactivate the Customer’s access to the MTN 1 Day Uncapped Internet Bundles.

So if you are a small business owner and you happened to buy this bundle and use it as part of your business (you could have sent a data message to a client telling them about your services, for example), you would be committing a fraud in addition to breaching the terms and conditions of the bundle. Talk about hostile to small business!

K.I.S.S MTN!

When I think about what is available outside South Africa, MTN’s approach to mobile services and pricing just doesn’t make sense to me. My current mobile service includes 5 000 minutes of calls, 5 000 SMS messages, 10GB of data a month and 500 minutes of calls to my family in SA (landlines in SA) for the equivalent of about R200 per month. It wasn’t always like this but regulatory changes and increased competition improved the situation for Israelis.

Instead of obfuscating an overly complex service, why not offer a simpler option that just let’s people pay their R40 for either a fixed amount of data or a realistic “fair use value” cap? Drop this silly activation mechanism and the ridiculous fine print. In other words, give people what they think they are getting or, if that is more than you want to offer, offer them something you are comfortable with and that makes sense to consumers.

Image credit: Pixabay

Losing your rights to your professional portfolio

Many creative professionals give up their rights to their professional portfolios when they sign employment contracts without realising it.

This article was inspired by a discussion with a colleague about creating and protecting a professional portfolio. One of the challenges facing creative professionals is building and maintaining a current portfolio for future reference. In this particular conversation, we discussed whether someone could include work produced while employed in a professional portfolio?

I suggested that he import his blog posts and articles from various sources into his Medium profile using the “Import story” feature. It got me thinking about the copyright implications of doing that so I did a little research.

Your employment contract is your first challenge

It turns out that, as an employee, you probably gave up your rights to your writing. Many employment contracts have clauses like this:

Employee acknowledges that any original works of authorship s/he creates, whether alone or jointly with others, within the scope and during the period of employment with Company, shall be deemed a “work made for hire” as defined by the United States Copyright Act and are protected in accordance therewith. To the extent that such work is not, by operation of law, a work made for hire, Employee hereby transfers and assigns to Company all his/her right, title and interest therein, up to and including copyright.

There is often another clause that deals with something called “moral rights” which the contract may require the employee to waive or otherwise give up.

For writers who put a huge amount of effort into their work and take pride in their literary brilliance, clauses like this are analogous to amputations and this is why:

  1. The “work made for hire” clause has the effect of saying that your brilliance which you create as an employee actually belongs to your employer and you don’t have any rights to it from the moment you start populating that blank screen.
  2. If your contract has a clause that requires you to waive your “moral rights”, that basically means you give up your right to be known as the author of your professional work.

The effect of these kinds of clauses is to take your work from you and create a fiction that you didn’t create it and a legal fact that you have no rights to do anything other than admire it from afar. It limits what you can add to your professional portfolio because clauses like this limit –

  1. What you can claim credit for; and
  2. What you can republish without permission from your employer.

In other words …

You didn’t write this, it isn’t yours, just keep working

How you can salvage your professional portfolio

There are other options for building your portfolio which could work. One option is to simply point to an author page of the company blog that lists your articles by author (if you have that option). You could create a collection of links to “your” articles that implies that you are the author of those marvelous works.

The best way to avoid this situation is not to sign a contract that contains those legal scalpels. At the very least, hold on to your moral rights so you can publicly assert that you wrote those works.

Best case scenario

You negotiate clauses that give your employer co-ownership of your work (most employers would insist on this level of control) while retaining co-ownership yourself. That gives your employer the security of knowing it can do what they want with your work (because, after all, it is paying you to write that stuff) and you have the rights to do stuff with it all too, such as include it all in your portfolio.

Don’t assume you have the rights

Unfortunately many of our preconceptions about our rights to our work are misinformed and many creative professionals routinely give up their rights to their work when they sign their employment contracts. The power dynamics are usually against you and you may feel you have little choice but to agree if you want the job.

At the same time, it is a good idea to do the following if preserving your professional portfolio is important to you:

  1. Read your contract and identify the clauses that relate to your rights to your work.
  2. Discuss the clauses with your (prospective) employer and negotiate better terms before you are too far down the road.
  3. If you find you have little choice, be mindful of the clauses’ scope and ensure that the clauses don’t encompass your otherwise unrelated work simply because you don’t make clear distinctions between work and non-work stuff.
  4. Most importantly, don’t assume that you have no say whatsoever. The little secret is that most things tend to be negotiable to a degree.

This article was originally published on Medium on 2015-12-25 as “When you signed away your rights to your writing

A developers’ guide to GPL

If you are looking for a clear developers’ guide to GPL, Richard Brest has published a terrific guide to GPL with WordPress developers in mind.

Richard Best has a terrific guide to GPL for WordPress developers along the lines of the famously simple “human readable” Creative Commons license explanations on his site, WP and Legal Stuff, in his post titled “A human readable summary of the GPL“. He actually has two versions, both of which are worth taking a look at. I like his version modelled on the CC license explanation format:

A human readable summary of the GPL by Richard Best
A human readable summary of the GPL by Richard Best

Best has also published “A Practical Guide to WordPress and GPL” and it is available in three packages. The top package is the “business package” which includes –

access to a terms of use builder through which you can build draft online terms of use for your WordPress commercial themes or plugins shop, with open and honest GPL licensing as well as protections for your business.

The terms of use builder isn’t exactly revolutionary but what I like about it is that it is designed for a specific niche: WordPress theme and plugin developers who license their products under GPL. Best also released a demonstration video which reveals a nice, clean interface and a great looking end result. You’ll have to view the video either in his blog post or the promo page for the ebook packages.

The standalone ebook option is a little pricey at $25 for the PDF but if you consider the cost of legal advice on the topic, it is probably worth it.

Image credit: Light Reading by Martin, licensed CC BY 2.0


 

This article was originally published on Paul Jacobson’s blog on 2015-08-10

Which contracts photographers should consider using

Which contracts your clients should sign

A photographer asked a great question about contracts recently:

I would like to redo my contracts. Would like to know what do you get clients to sign before a shoot?

Disclaimer: This note is a fairly broad overview of many of the major themes you, as a photographer, should think about and which contracts photographers should sign with their clients. It isn’t legal advice or even the best advice for all photographers. It should give you a more informed starting point for a further discussion with your lawyer.

There are two key documents that you should have. The first is a contract governing your services and the other is some sort of privacy statement.

Services contract

The services contract needs to cover a number of themes both for clarity and to make sure you address your common risks. I also refer to services contract provisions as “terms and conditions” in this note.

For starters, use clear, well defined terminology is really important. It may seem pedantic but clearly defining key terms is essential for a clear and intelligible contract which, in turn, is more likely to be enforced if you ever have to test it. Obviously the content of the contract is very important but a contract written in confusing language can be very difficult to understand and enforce effectively. You typically include this terminology in a glossary in your contract.

Your services contract must obviously deal with your services, how you will communicate them and what you will charge for them. Think about issues like scope creep (where your services change without necessarily agreeing on the changes specifically) and amending your pricing as your scope changes. The model I prefer is to use a standard set of terms and conditions that refer to a separate booking form (that can be an online form or a paper form that your client signs) instead of preparing a lengthy contract that contains all the variables such as client details, services required and pricing. The booking form model that refers to the terms and conditions is less intimidating even though the terms and conditions, themselves, will be fairly detailed to make sure you deal with all the important themes.

One issue which comes up frequently in photographers’ groups is a cancellation fee. The Consumer Protection Act enables clients to terminate advance bookings subject to reasonable cancellation fees. Define those in your contract and set cancellation periods which may attract varying fees. For example, you may agree that if the client cancels a shoot 3 months before, the client will pay Rx; 1 month before, the client will pay Ry and 2 weeks before, the client will pay Rz. This will depend on your booking lead times; whether you can replace that booking and other similar factors. You will also need to align these cancellation fees with the Consumer Protection Act’s mechanisms and intent.

As a photographer the licensing aspects of your work are critical. The Copyright Act generally recognises your clients as the owners of the copyright in your photos if they commission you to do the work and agree on a fee for that work. This is good for your clients because they have more control over your deliverables but you have to consider what you will need to do with the photos. Because, by default, you are not the copyright owner in this context, you are not entitled to share the photos as part of your portfolio, restrict what your clients can do with the photos and exercise much other control over the photos’ use.

The Copyright Act gives you a way to change this default position. You can agree with your client to opt-out of the default copyright ownership mechanism in your contract. It is pretty straightforward but you need to include that in your contract. You may also want to think about including a mechanism in your contract which enables you to withhold your deliverables if your client fails to pay you, for example. This would be a separate clause in your contract.

Other clauses you’d include in your contract would be –

  • fees and payment;
  • privacy (linked to the privacy statement which I discuss below);
  • dispute resolution;
  • breach and the consequences of a breach;
  • termination;
  • common no-variation and similar clauses; and
  • domicilium clauses which can be pretty useful for different situations.

Booking form

A booking form is a convenient way to sign a client. Here are a few things to include:

  • Client details (name, contact details, address details);
  • Shoot details (date, times, locations);
  • Fees due (linked to specific deliverables), including deposits due;
  • Your specific deliverables;
  • Cancellation fees (you can include these in your terms and conditions but including these in your booking form makes them more prominent and confusion less likely);
  • Your details;
  • Express confirmation that your client agrees with your terms and conditions and privacy statement;
  • Signature and date fields (the form these will take if you use online forms can vary).

Privacy statement

As a photographer you are dealing with a lot of personal information. Using personal information often requires permission from the people the personal information relates to and the way you obtain this permission is a privacy statement (also known as a privacy policy or data protection policy).

As a starting point integrate your privacy statement with your services contract so when the client agrees to the services contract, s/he also agrees to the privacy statement.

Broadly speaking, the privacy statement must deal with these broad themes:

  • what personal information you will collect and from which sources (for example, automatically through your website, personal information your client volunteers through your booking form or contact forms and so on);
  • what you will do with that personal information (remember to include adding photos to your portfolio or Facebook page for marketing purposes, for example);
  • under what circumstances you may disclose personal information to third parties (these third parties may include your vendors for printing; law enforcement and other legal authorities); and
  • where you store personal information and, broadly, measures you take to secure the data (this will often mean identifying your hosting provider, especially if you use foreign hosting providers and will be transferring personal information across borders).

You will probably include other people in your photos (especially if you do functions and have the usual group photos) who have not signed your contracts. You should require your clients to obtain permission from people they want included in these group photos to be included and their agreement with your data practices which are explained in your privacy statement. How you do this can vary. You can prepare releases for subjects to sign and have them sign in advance or on the day or you can prepare something for your clients to have these participants sign. This can be a cumbersome process so consider the process with the least friction and which still results in permission from these subjects to take photos of them and use those photos for different purposes.

This is more important if you intend publishing photos on public platforms (for example, Facebook). Simply taking photos, making prints and handing these to your client probably won’t require you to go to these lengths because a subject who poses for a photograph clearly consents to being photographed. You’ll need to use your discretion.

It is very important to be sensitive about photos of children. You are not permitted to take photos of children and share them without their parents’ advance permission so make sure you obtain clear consents when it comes to children.

Get it in writing

If you capture the terms of your agreement with your clients in writing, you take huge strides towards reducing the likelihood of confusion and disputes. A written contract can be printed on paper. It can also be digital and part of an email or published on a website. Find the best medium for you that strikes a balance between clearly conveying your contract terms and being relatively accessible and convenient for your clients.

I have prepared a service contract and privacy statement for photographers which I’ve since updated. These two versions should give you a fairly decent idea of what your contracts could look like.