@pauljacobson any chance you could do a post on what happens to your cloud based assets (apps, music, etc) when you die?

Imel Rautenbach recently asked me what happens to your content and profiles in the cloud when you die. Its an important question and I've started hearing it a lot lately. There are a couple reasons for this. The first reason that comes to mind is that people are increasingly concerned about what happens to their Facebook and Twitter profiles after they pass away? As ephemeral as these profiles and their content may seem, for many people these services (and other social Web services) document a person's thoughts and life experiences. Facebook with its Timeline feature is specifically designed to become a social and interactive life journal where you effectively maintain a media rich narrative of your life and your connections.

In some cases these social services will offer family and friends a way to keep a deceased person's profile alive in a suspended state. Facebook, for example, can memorialise a profile:

When a user passes away, we memorialize their account to protect their privacy. Memorializing an account sets the account privacy so that only confirmed friends can see the profile (timeline) or locate it in search. Friends and family can leave posts in remembrance. Memorializing an account also prevents anyone from logging into the account.

Dormant social media profiles and accounts could prove to be fertile ground for identity thieves going forward, especially if the late user didn't make use of the relevant privacy controls to restrict access to sensitive personal information.

Another reason why its important to think about your assets in the cloud is that we are increasingly storing significant amounts of data on cloud services. These data include photos and other multimedia as well as business and financial data. There are a variety of services which make it very easy to keep our data in the cloud and at a relatively low cost. You may use Evernote to store important information about insurance policies and bank accounts or Dropbox to store vital business and personal documents. Services like Backupify help you back up a variety of cloud based services and Amazon S3 gives you access to vast amounts of storage space at a pretty low cost.

Until now families sorting through a deceased family member's estate would have had to collate and work through assorted files and paper documents, that will likely change. Families are finding themselves faced with disparate digital archives which often contain the sort of information they require to manage and wind up an estate. It is very possible that a person could die and leave very little paper-based information which a family would require to manage and wind up the estate because all of that data would be digitally stored in the cloud. The challenge is that the only person who tends to know how to access those accounts has passed away, taking those details with him or her. One option would be to contact the service concerned, armed with proof of the person's passing, and ask for access. Another is far simpler and requires some planning.

Services like LastPass and 1Password offer convenient and secure ways to manage passwords for all these cloud services. They offer tremendous security benefits because they rely on a master password to securely pass your account specific access credentials to the relevant service. This means you don't have to type in your username and password every time and risk that being intercepted. If you are not using one of these services, you should seriously consider it. Aside from the security benefits, these services also offer a way for your family members to access your cloud services when you are gone. One strategy is to give your master password and username to your spouse and a second trusted family member or friend. Provided they keep that information securely, it will provide them with a convenient way to access your important data after you are gone. Just remember to pass along any password or other access credential updates!

Unfortunately your cloud services profiles and accounts are not the sorts of assets you can hand down to your heirs. The rights you have to access and use these services tend to be personal rights which tend to terminate when you die and can longer exercise any rights. The nature of these profiles and accounts is that they are closely associated with a person's identity, unlike assets like a house which can be transferred to a different person and in which owners tend to have "real" rights which are formally registered. One implication of this is that these profiles and accounts could be terminated when the services concerned learn of your death so it is essential that you give your family and, where appropriate, close friends access to these digital assets.

As an aside, it looks like legislators are starting to look into how best to deal with these digital assets after death. StThato pointed this out to me:

Some interesting reading for @PaulJacobson on Digital Assets After Death | mashable.com/2012/01/26/dig…

— StThato® (@StThato) January 26, 2012

Fiona Snyckers wrote an interesting post for Thought Leader titled "Regulation of the porn industry is not a free speech issue". Her basic premise is that the porn, or adult entertainment, industry is primarily a commercial endeavour and content the content the industry produces is not protected as "free speech". Leaving aside whether its desirable to have this sort of adult content available on TV and, by extension, the Web and other media (that is a different debate which I'm not going to explore in this post), Snyckers tries to make an interesting point, albeit on a flawed premise.

In most western-style democracies, pornography does not enjoy the protection of the freedom of speech laws. This is because it is classified as a form of commercial expression, rather than artistic or ideological expression. Have you never wondered, for example, why the advertising industry is subject to such stringent laws? It even has its own control board — the Advertising Standards Authority of South Africa. Advertisers are not permitted to do a whole bunch of things, including explicitly compare their own brand with someone else’s, offend the public’s religious or moral sensibilities, or post billboards of naked people. The list of things they’re not allowed to do is a very long one indeed.

So how come the government is allowed to restrict the advertisers’ freedom of expression in this way? And why does nobody ever protest about it?

It all has to do with the fact that advertising is regarded as a form of commercial, rather than artistic expression. The advertisers are not trying to bare their artistic souls to us — they are trying to sell products. And because selling products is an entirely commercial enterprise, laws have evolved to regulate it.

Snyckers' first assumption is that commercial expression is not protected under our Bill of Rights. This is not necessarily correct. The right to freedom of expression states the following:

16 Freedom of expression

(1) Everyone has the right to freedom of expression, which includes-

(a) freedom of the press and other media;
(b) freedom to receive or impart information or ideas;
(c) freedom of artistic creativity; and
(d) academic freedom and freedom of scientific research.

(2) The right in subsection (1) does not extend to-

(a) propaganda for war;
(b) incitement of imminent violence; or
(c) advocacy of hatred that is based on race, ethnicity, gender or religion,

and that constitutes incitement to cause harm.

The right does not limit its application to commercial forms of expression. The Bill of Rights applies to both natural persons (humans) as well as juristic persons (such as companies) "taking into account the nature of the right and the nature of any duty imposed by the right". It is entirely plausible that commercial expression could be protected under this right and we have seen this in cases like Print Media South Africa and Another v Minister of Home Affairs and Another which dealt with an amendment to the Films and Publications Act which established criteria for ratings for sexual and other content. This case centred on whether the amendment violated the right to freedom of expression in the context of adult content (Also take a look at Pierre De Vos' post titled "On freedom of expression and censorship of magazines" in which he considered this case):

In essence, the contention of the applicants is that the challenged provisions are unconstitutional mainly because the said provisions are a limitation of the entrenched constitutional right to freedom of expression.

Another flawed assumption in Snyckers' post is that the fact that commercial expression, such as advertising, is regulated is confirmation that commercial expression is not protected. This is not the case at all. The rights in the Bill of Rights are not absolute. The right to freedom of expression is, like the other rights, subject to limitation on certain grounds. This particular right has a number of limitations detailed in section 16 itself (sub-section 2) and is also subject to a general limitations clause which allows for national legislation, for example, to limit a right. Rights are also limited by Courts when they compete with other rights. In defamation cases, for example, Courts often weigh up one party's right to freedom of expression against another party's rights to dignity and privacy and attempt to strike a balance between these competing rights.

When it comes to the porn industry, the test a Court applies probably won't be whether the enterprise is a commercial one and, therefore undeserving of protection under the right to freedom of expression, but rather whether the enterprise, in exercising its right to freedom of expression, infringes on other people's rights and whether the enterprise's ability to exercise its right to freedom of expression should be limited?

Mashable published an infographic in a post titled "Most Parents Monitor Kids on the Internet – And Have Their Passwords" which is worth reading.

This debate sparked a post by Trey Ratcliff on Google+ titled "Five Reasons Why I Don't Care if My Stuff is Pirated - A New Way of Thinking". Ratcliff mentions considerations which are not novel but are increasingly important as content creators explore alternatives to conventional thinking that locking content down is essential to successfully exploiting that content commercially. This new thinking has been illustrated time and time again in the music industry with artists like Nine Inch Nails, in the book publishing industry by authors like Paulo Coehlo and, locally, photographers like Catherine Scott who recently revealed her Creative Commons-based strategy for promoting her work.

The entertainment industry's focus tends to be regimented licensing arrangements which appear to be designed to protect a business model which developed before the Internet went mainstream and which is designed to protect entrenched distribution channels. The industry has made excellent use of metaphors like "pirate" and "piracy" to malign consumers who obtain and share content illegally and without making use of existing, yet inconvenient and overly restrictive, distribution channels. As the Internet increasingly becomes a part of our daily lives and sharing our lives more frictionless, consumers expect to be able to obtain their content just as easily. Rather than making a concerted effort to change its business models and embrace the Internet and the opportunities it presents, the entertainment industry has adopted a protectionist strategy and has lobbied legislative bodies to clamp down on consumers who defy the industry. Those consumers are labelled pirates and branded criminals and yet anecdotal evidence is that consumers will generally pay for content they can conveniently obtain at a reasonable price. I believe this is why so many South Africans create US iTunes accounts to buy content from the iTunes store even though the official iTunes store isn't available in South Africa.

Of course, consumers who are intent on downloading content with no intention of paying for it will do that anyway. The true criminals will never pay for content as long as there are effective channels available to them. New channels open up just as the entertainment industry closes off old ones. Napster and similar peer to peer file sharing sites were put out of business and consumers co-opted BitTorrent for their content downloads. When consumers tormenting content discovered their activities can be tracked, they discovered a wealth of content in newsgroups at faster download speeds and the added benefit of SSL encryption which disguises their activities. Unfortunately the so-called Copyright Wars just escalated at each step to the point where the entertainment industry is playing a losing game of Whac-A-Mole, constantly several steps behind savvier consumers.

Although the entertainment industry shows no signs of relenting in its efforts to stop what it regards as content piracy (and becomes one of the most significant threats to human rights and innovation in human history), creators are embracing a different model that embraces piracy as yet another distribution and promotional tool. Ratcliff describes this very nicely in his Google+ post when he states the following:

3) The "pirates" are part of my community. Not everyone in the community has equal means. Pirates are not cretins riddled with immoral behavior in every part of their life. These are all generally good people who would gladly support me, their friendly local neighborhood artist, if they could easily afford it. They can't now, but they will be able to some day... I give them something now, and they will give me something later. For example, 24 years ago in high school, I used to pirate Sid Meier games on my Amiga (including a game called Pirates). Now that I have money, I buy every single game that Sid Meier puts out.

4) Pirates have friends that have money. It's still word-of-mouth, the most effective friend-to-friend marketing in the world. If pirates like what you do, they'll tell their friends. Not everyone is so handy with bittorrent and this sort of thing. Since I make purchases simple on my website at http://www.StuckInCustoms.com , many will come make the purchase because it is easier than pirating.

Of course the proof is in the pudding, as the saying goes. Its all well and good to accept piracy and release content under liberal licenses like Creative Commons licenses but an important reason for creating that content in the first place is to make money. When Nine Inch Nails released Ghosts I-IV under a Creative Commons license (it was freely available through torrents and free downloads elsewhere with Trent Reznor's blessing), the band sold all 2 500 limited edition premium bundle priced at $300 in a matter of days, despite the albums themselves being freely available. More recently, popular American comedian Louis CK distributed a new release digitally online and, allowing for piracy (which he acknowledged and apparently accepted), he made in excess of $1 million in 12 days through his website. He produced and directed the production independently. The following paragraph from Louis CK's 13 December 2011 statement is revealing:

The show went on sale at noon on Saturday, December 10th. 12 hours later, we had over 50,000 purchases and had earned $250,000, breaking even on the cost of production and website. As of Today, we've sold over 110,000 copies for a total of over $500,000. Minus some money for PayPal charges etc, I have a profit around $200,000 (after taxes $75.58). This is less than I would have been paid by a large company to simply perform the show and let them sell it to you, but they would have charged you about $20 for the video. They would have given you an encrypted and regionally restricted video of limited value, and they would have owned your private information for their own use. They would have withheld international availability indefinitely. This way, you only paid $5, you can use the video any way you want, and you can watch it in Dublin, whatever the city is in Belgium, or Dubai. I got paid nice, and I still own the video (as do you). You never have to join anything, and you never have to hear from us again.

These successes are not limited to well known artists. Smaller artists are similarly successful in their efforts to promote themselves outside the conventional entertainment industry model, albeit on a smaller but still meaningful scale. Catherine Scott wrote about her experiences as follows:

I get a lot more commissioned work - which ends up more lucrative for me. I never have to worry about selling an image - or frankly theft of an image, and so far, have been wonderfully busy, with a varied audience and client base.

Ratcliff seems to be enjoying substantial success in spite of the piracy he is both aware of and accepts:

5) Last, and most important, as soon as I opened everything up, our business has grown and grown. Our team now of about 10 people are happy and everything is profitable. It is strange to see a chart over time that shows an increase in revenues and an increase in piracy. Now, piracy is not the reason that revenues are increasing, but they are not hurting revenues.

On the other side of the fence, artists who aspire to be signed to labels and publishers have found that their rewards have been less than expected and they often lose their rights to their content and control over its release in the process. When the entertainment industry talks about harm suffered by artists due to piracy, they really should refer to the harm to the industry's profitability. Artists rarely feature as stakeholders. The entertainment industry probably does more harm to creative expression than pirates through its approach to content licensing, both from artists and to consumers.

I really like Ratcliff's approach to his work and to so-called pirates. His point that these consumers like his content enough to take it, albeit without paying, is a terrific one. Consumers wouldn't bother to pirate content if it didn't appeal to them and, like Ratcliff and many other creators, I believe that fans will support the content creators they love and while some won't pay for that content, those who can, will. The fact that there is so much casual content piracy has more to do with the entertainment industry's attitudes than it does with consumers' dubious intentions. In a sense, the entertainment industry created a pirate culture and its come hime to roost.

2011 has been quite a year and 2012 is going to be even more interesting. You are going to see a couple changes here early in the new year and something pretty exciting in the Web and digital media compliance space. I am being a little vague because there are still a few pieces falling into place but I am excited about the changes. In the meantime, I have some office related news for the holidays.

The firm will close for a bit these holidays. For starters, its closed on 8 December (this Thursday) for the day. The firm will also be closed for the week of 26 December and we'll be back in the hot-seat on 3 January 2012. Aside from the possibility of a slower day on the 9th of December, we're working away like obsessed dervishes the rest of the month so feel free to dump that work you're been procrastinating about all year and go on holiday with the weight lifted while we get right to it.

If you are going away, have a great holiday! You deserve it. Be safe, have fun and, to quote How I Met Your Mother (an awesome show we have only just started watching), make it legendary!

Oh, before I forget, please consider signing up for our office news mailing list which I use to push out the occasional firm-related update about downtime and possibly even staff changes. Alternatively, follow us on Twitter or through our shiny new Google+ Page for updates. You can also receive updates through our Facebook Page too.

What is the Promotion of Access to Information Act?

The Bill of Rights includes the right of access to information, largely as a response to the previously secretive and oppressive National Party regime (a little ironic considering the controversial Protection of State Information Bill). Section 32 of the Bill of Rights provides as follows:

32 Access to information

(1) Everyone has the right of access to-

(a) any information held by the state; and
(b) any information that is held by another person and that is required for the exercise or protection of any rights.

(2) National legislation must be enacted to give effect to this right, and may provide for reasonable measures to alleviate the administrative and financial burden on the state.

The Promotion of Access to Information Act was passed in 2000 to give effect to this right. It went into effect on 9 March 2001 and the Act's stated purpose is as follows:

To give effect to the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protection of any rights; and to provide for matters connected therewith.

One of Promotion of Access to Information Act's central requirements was that public and private bodies publish manuals disclosing the types of records in their possession and how so-called "requesters" may access those records. Before going further, its worth expanding a couple defined terms in the Act.

Defined terms

Promotion of Access to Information Act refers to the "head" of a privatee body being the responsible person for Promotion of Access to Information Act compliance. The Act defined the "head" as follows:

'head' of, or in relation to, a private body means-

(a) in the case of a natural person, that natural person or any person duly authorised by that natural person;
(b) in the case of a partnership, any partner of the partnership or any person duly authorised by the partnership;
(c) in the case of a juristic person-

(i) the chief executive officer or equivalent officer of the juristic person or any person duly authorised by that officer; or
(ii) the person who is acting as such or any person duly authorised by such acting person;

Given the Act's objectives, personal information held by public and private bodies becomes pretty important as this may be the sort of information a requester may require in order to "exercise or [protect] any rights". "Personal information" is defined as follows:

'personal information' means information about an identifiable individual, including, but not limited to-

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the individual;
(b) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;
(c) any identifying number, symbol or other particular assigned to the individual;
(d) the address, fingerprints or blood type of the individual;
(e) the personal opinions, views or preferences of the individual, except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual;
(f) correspondence sent by the individual that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the individual;
(h) the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual, but excluding the name of the other individual where it appears with the views or opinions of the other individual; and
(i) the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual,

but excludes information about an individual who has been dead for more than 20 years;

The personal information definition is pretty broad and one industry this potentially becomes very relevant to is the direct marketing industry which collects a lot of this personal information about people on its databases. Consumer facing businesses will also collect personal information about its customers over time and this Act is directly applicable to those businesses, particularly in light of the Consumer Protection Act.

Promotion of Access to Information Act refers to public and private bodies. I am focusing on "private bodies" for the purposes of this post and the Act defines "private bodies" as follows:

'private body' means-

(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business or profession; or
(c) any former or existing juristic person,

but excludes a public body;

The "private bodies" definition covers virtually all aspects of commercial enterprise ranging from sole proprietors to partnerships to companies.

When it comes to "requesters" in the context of private bodies, the Act defines a "requester" as follows:

'requester' , in relation to-

(a) a public body, means-
…

(b) a private body, means-

(i) any person, including, but not limited to, a public body or an official thereof, making a request for access to a record of that private body; or
(ii) a person acting on behalf of the person contemplated in subparagraph (i);

A "person", in turn, is defined as both a natural person (legalese for human beings) or a juristic person like a close corporation or company.

Manuals and records disclosures

The Promotion of Access to Information Act requires private bodies to prepare and publish manuals which explain to the public what records they hold and how to access those records. The process of requesting and obtaining records is fairly clearly regulated and fees associated with requests are specified in the legislation. A substantial portion of the Act is dedicated to the manuals which public and private bodies must compile and when these must be published. The central section relating to private bodies' manuals is section 51 which provides as follows:

51 Manual

(1) Within six months after the commencement of this section or the coming into existence of the private body concerned, the head of a private body must compile a manual containing-

(a) the postal and street address, phone and fax number and, if available, electronic mail address of the head of the body;
(b) a description of the guide referred to in section 10, if available, and how to obtain access to it;
(c) the latest notice in terms of section 52 (2), if any, regarding the categories of record of the body which are available without a person having to request access in terms of this Act;
(d) a description of the records of the body which are available in accordance with any other legislation;
(e) sufficient detail to facilitate a request for access to a record of the body, a description of the subjects on which the body holds records and the categories of records held on each subject; and
(f) such other information as may be prescribed.

(2) The head of a private body must on a regular basis update the manual referred to in subsection (1).

(3) Each manual must be made available as prescribed.

Compiling a manual isn't a simple matter as it has to accommodate all "records" a private body has and which are subject to disclosure (not all records must be disclosed). The Act initially required these manuals to be prepared by early September 2001 but the Minister of Justice and Constitutional Development granted smaller private bodies a broad exemption from complying with the Act's requirement to publish a manual based on their turnover and industry. This exemption expires on 31 December 2011 and while an amendment to the Promotion of Access to Information Act limiting its application to private bodies above a certain size, this does not appear to have been passed so all private bodies will have to comply from 1 January 2012.

The South African Human Rights Commission was mandated to publish a guide to the Promotion of Access to Information Act as well as to assist with compliance with the Act or to assist persons wishing to invoke the Act's provisions. The Commission's Promotion of Access to Information Act help page contains a handy summary of section 51's requirements and what a manual should contain:

In terms of section 51 of PAIA, the head of a private body must:

• compile a section 51 manual which is a roadmap of the company
• submit the manual to the South African Human Rights Commission once 
• effect material changes if any each time these occur and resubmit to the SAHRC
• electronic submissions to the Commission are accepted, sent to dmalesa@sahrc.org.za thereafter followed by hard copy originals;
• manuals must be submitted to SAHRC head office at the address listed below
• update any material changes on the manual on a regular basis;
• make the manual available as prescribed by the Act at the company offices and on their website;
• must  annex a request form to the manual and  also make request form available on the    website and at the company premises access points;
• there are penalties for non compliance – please see section 90 of PAIA, the Commission has not imposed fines for non compliance to date but reserves the right to do.

The manual must among others contain the following information:

• details of the company's postal, email and street address, fax and phone of the company,
• the description of available records generated by the company stating those which are automatically available and those that are available on request.
• outline the request procedure in terms of PAIA;
• state who the head of the company is (CEO is usually the  Information Officer in terms of PAIA)
• stipulate the fees applicable as legislated by the Act which are chargeable to requesters
• remedies available to requesters if their request for information has been refused
• details facilitating request for access to a record etc.

Aside from the statutory obligation on all businesses to publish manuals, this legislation will be of particular interest to businesses which tend to collect a fair amount of information about other people. As I mentioned above, these businesses include direct marketing businesses (already under a spotlight with the Consumer Protection Act's marketing restrictions and the upcoming Protection of Personal Information Bill which specifically targets direct marketing activities) and consumer facing businesses, generally. That said, because requesters can be individuals and businesses and because the Promotion of Access to Information Act doesn't limit itself to consumer facing private bodies, all businesses should be working on their manuals and having them submitted before the deadline, if possible, or as close to it as they can.

It is also worth noting that, in the case of private bodies, the person responsible for Promotion of Access to Information Act compliance is generally the business' head and that is the same person who could find him or herself fined and imprisoned for non-compliance with the Act.

Once a business has published its manual, it should develop an effective procedure to handle requests for records. This procedure should include a process of assessing requests' validity, identify and locating the requested records and making those records available to the requester on payment of the prescribed fees. Ideally this procedure should be well thought out and responsible persons within the business identified to facilitate the procedure and trained on the relevant requirements.

Assistance with manual preparation and publication

Given the amount of information available about the Promotion of Access to Information Act and manuals in particular, it is possible for businesses to prepare and publish their manuals internally. It does require familiarity with the Act and its requirements and its a good idea to obtain a copy of the Commission's guide and work through that. Alternatively we are available to assist businesses with their manual's preparation, submission and publication (bear in mind the manual should be published through your website too) over the coming weeks. Contact us for more information if you require assistance.

If the US Congress and Senate pass the proposed Stop Online Piracy Act and the PROTECT IP Act censorship legislation it won't stop piracy. It will make content pirates smarter, more effective and inspire them to develop better tools to circumvent the censorship. Content pirates are doing this already and this legislation will just drive them underground. Consumers who are increasingly frustrated with limited online download and streaming options will get the content they want, however they can. As it is, the majority of people you speak to who downloads content from the Internet, does it illegally in one form or another.

Ars Technica cites an upcoming report on piracy which points out the trend towards legitimizing online content downloads where the options are available:

The poll found that 46 percent of all Americans have engaged in piracy, but that young people skew the numbers significantly. And while it found that piracy is common, it also found that most is relatively casual. Only 2 percent of Americans are “heavy music pirates” with more than 1,000 tracks of infringing music; only 1 percent of Americans are heavy TV/movie pirates with more than 100 infringing shows or films.

For most people, downloading music and video goes hand-in-hand with acquiring it legally; less than one-third of admitted pirates copped to owning an entire collection of illicit material. And large numbers of pirates have already altered their behavior in response to more attractive legal services for acquiring content.

When it comes to music, 46 percent of American pirates said that they grab unauthorized music less than they used to thanks to legal streaming services (and the survey was done before Spotify launched in the US). For video, 40 percent of pirates have already curtailed their activity thanks to legal alternatives like Netflix.

While there is evidence that legitimate online download or streaming services availability helps to curtail piracy (I firmly believe that most people who pirate content at the moment will buy their content online if they are getting good quality content in formats they can play on their various devices and at reasonable prices), the industry persists with arbitrary or regional licensing restrictions that block access to online download or streaming services like the iTunes Store, the Amazon MP3 Store, Netflix, Spotify (to name just a few popular options) in most of the world. To add to this there is a growing body of evidence that when consumers can share content they come across on a moderated basis, doing so actually boosts sales. In other words, sharing is caring … for the artists, that is.

The Entertainment Industry, which is behind these initiatives, is going to be responsible for the most pervasive acts of Internet censorship since the Internet first went online and, in the end, it will be for nothing. Their business models are unsustainable and this is why they are in this mess in the first place. Consumers don't want their content on the terms they are supplying it and the industry is manipulating governments to protect unpopular business models.

The metaphors and catchphrases coming from Entertainment Industry lawyers remind me of the terrorism and communism metaphors in US history, both recent and further in the past. The big difference here is that the Entertainment Industry is so obviously behind these legislative initiatives that any suggestion that this is about protecting artists must be met with incredulity.

What the Entertainment Industry should be doing is redeveloping its business models and taking note of what consumers want. Their business models should adapt to how consumers want to consume that content, not work to force consumers to consume content the way the industry wants them to consume it.

This is a crisis for the Internet.

Whatever happens in Washington could spark an international legislative trend. I just hope that the Internet isn't irreparably crippled in the process.

Update: Canadian lawyer, Michael Geist, has a pretty good analysis of these bills and why they are bad for everyone on his blog.

Update 2 (2012-01-15): The White House has published a response to a number of petitions against SOPA and PROTECT IP which is encouraging:

While we believe that online piracy by foreign websites is a serious problem that requires a serious legislative response, we will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet.

Congressmen supporting SOPA have backpedalled noticeably on some of SOPA's provisions, particularly the DNS blocking provisions. Take a look at articles by Ars Technica and The Verge for more detail.

In this case, Noah Kravitz worked for PhoneDog, which is an "interactive mobile news and reviews web resource." Kravitz worked as a reviewer and video blogger. He used the "@PhoneDog_Noah" Twitter account, and it amassed approximately 17,000 followers. When he left, PhoneDog asked for the account "back" but he demurred, instead changing the account handle from @PhoneDog_Noah to "@noahkravitz". PhoneDog sued, asserting claims for misappropriation of trade secrets, interference with economic advantage; and conversion.

An employee leaving his employment and heading for the competition (or even setting up a competing business of his own) could give rise to a number unlawful competition claims. The primary catalyst for these claims would be the relationships that are formed or strengthened with customers or potential customers using social media. With respect to employees and contractual non-solicitation clauses, we saw some of this a couple years ago on LinkedIn. The PhoneDog case is the latest of a string of similar cases that includes the Rick Sanchez (formerly of CNN) case. The claim categories in the PhoneDog case are likely to be fairly different to the sorts of allegations we would see in a comparable case here in South Africa.

Before getting into possible causes of action, its important to take note that the risk of an employee leaving a company with the company's Twitter account is not necessarily a minor matter. Sure a company can create a new Twitter profile and require the ex-employee to relinquish the account's name due, in part, to trade mark considerations but what happens if the ex-employee does that and keeps communicating with all those followers? The profile's name isn't the important aspect at all, its the relationships the follower numbers represent.

Meaningful connections on the social Web are built on reputation and relationships consumers feel they are forming with brands. In the right circumstances consumers may come to form those relationships with the people behind the brands, particularly if they are known. In the PhoneDog and Rick Sanchez examples, Twitter followers formed relationships of a sort with Noah Kravitz and Rick Sanchez, respectively. The connections to the PhoneDog and CNN brands, respectively, were secondary and when these two men parted ways with their former employers and their followers remained with them, that reinforced those relationships.

Imagine a somewhat more benign and yet equally problematic scenario: you employed a man as your company's evangelist and he developed a pretty popular following based on his personality, drive and charisma. Imagine he leaves your company and goes to work somewhere else, taking his Twitter followers with him. Imagine those followers are introduced to another company, another brand, another set of products and services before he leaves that company and moved to another, and then another. His popularity only grows over time and his following becomes more and more valuable along the way. Aside from any suggestion of impropriety, this pretty much describes Robert Scoble, a well known and authoritative tech pundit.

In Scoble's case there is no suggestion that he acted unlawfully but his case is a better example of how portable relationships can be on the social Web. When you add a competitive dimension to the mix you have a recipe for real harm to a company's relationships with its customers, its brand and possibly even its competitive advantage. In unlawful competition terms, you have the risk that an employee could use the reputation he developed with a company's customers as a springboard for his competing business or to help give a competitor an undeserved boost. In the PhoneDog case, PhoneDog unsuccessfully argued that the Twitter followers Kravitz took with him was a trade secret. That argument probably wouldn't fly in South Africa either. Twitter followers are typically public and there is no secrecy there. Another factor which could form the basis of a claim is the goodwill a company may have established with its customers through social media and which would be interfered with when the ex-employee moves to a competitor.

There is certainly tremendous value in using social media to cultivate and develop relationships with customers but companies that fail to anticipate individual employees (or even groups of employees) migrating those customers to competing businesses, and catering for that, are at risk.

These complaints raise a number of concerns about the extent to which Facebook has complied with Europe's Data Protection Directives which establish a legal framework to protect European users' personal information and privacy rights. The Irish Data Commission is either about to or is in the process of conducting an audit of Facebook's privacy practices and we should learn whether Schrems' complaints are valid in due course but what this crusade does highlight is users' responsibilities when sharing information and content on Facebook.

Facebook's Data Use Policy is fairly extensive. At one point Schrems mentions that if the Data Use Policy were reproduced with a more readable font it would be close to 20 pages. I reformatted the Data Use Policy with 1.5pt line spacing and size 11 font and it worked out to about 17 A4 pages. It is readable and extensive. The primary reason for the policy's length and Facebook's efforts to explain the policy and privacy settings in different ways is that using Facebook has seriously implications for your privacy. The sharing controls have improved drastically over the last few years culminating in a recent update which exposes publicity controls in every post.

One of the issues Schrems raised concerns about was how much information he found in his downloadable archive of his Facebook profile. Schrems' archive apparently ran to about 1 222 pages of data. I picked up concerns about how much information is contained in the archive (and, therefore, how much personal information Facebook receives and stores) and how much information he felt was not included.

Social media users are slowly coming to the realization that these free services we flock to in the tens and hundreds of millions have a lot of information about us and which we supply to them. Facebook is a great example because of its sheer size. The upcoming Timeline feature will heighten that awareness as it exposes users' profile information and interaction going about as far back as they have been members, possibly even further back if users populate their profiles with historical biographical data. The point we are heading to is that privacy as secrecy is largely a myth on the social Web. If you are active on the social Web, emphasis shifts to the extent to which you have meaningful control over your personal information and this is where Facebook has historically been pretty bad. That said, Facebook's privacy controls and its Data Use Policy have improved dramatically in the last 4 to 5 years. Facebook's anticipated deal with the FTC should firmly place control over users' profile information more in their hands than they have experienced in the past and that is a win for users.

Facebook is clearly improving its policy language and practices by being more transparent about what personal information it collects from users and what it does with that personal information as well as giving users more meaningful control over what they can do with their personal information and content in the Facebook ecosystem. Users must remember that how well their privacy is protected largely comes down to the choices they make. Failing to familiarize themselves with privacy policies and make proper use of privacy settings made available to them is no longer an option for users concerned about their privacy. If services like Facebook require more than users are comfortable sharing then they should refrain from using those services.

Facebook may have violated Europe's privacy laws as Schrems contends. We will have to wait for the results of the Commissioner's audit to make that determination. We may also discover that Schrems' much publicized campaign amounts to little more than tilting at windmills. Facebook insists that it complies with these laws and will make whatever adjustments are required should the Irish Data Protection Commissioner find it to be acting unlawfully. Hopefully this crusade will remind users just how much they share on services like Facebook and take a little more responsibility for that.

The basic premise of the complaint is that most users either don't understand the changes they are being prompted to make, or that the changes are so complex that even experienced users are confused by them. (These arguments are supported by numerous quotes from tech gurus around the Web discussing their frustration and confusion with the new settings.) As a result, EPIC believes users are being misled by Facebook into exposing more than they had ever intended. "Absent injunctive relief by the Commission, Facebook is likely to continue its unfair and deceptive business practices and harm the public interest," wrote EPIC.

It seems that complaint is in the process of being resolved. The Wall Street Journal has reported (the full article may only be available to Wall Street Journal subscribers) that Facebook and the FTC are close to a settlement of the complaint. The settlement will likely require that Facebook obtain users' explicit consent before making retroactive changes to their privacy settings. This means that Facebook can't, for example, make "Friends only" posts public without users' explicit consent. While it sounds somewhat outrageous that Facebook would do this, this is pretty much what Facebook did in 2009 and earlier when it changed its privacy policies.

Looking ahead, Facebook will be required to respect your privacy choices and not make unilateral changes to what you are sharing with whom. That said, the settlement will still allow Facebook to introduce new products and services going forward which may require particular sharing settings, and obtain your consent to those changes in some way. That may simply take the form of a consent in future versions of Facebook's privacy policy. This settlement's focus will remain on retroactive changes to your privacy settings, it won't determine how content may be shared going forward. This remains users' responsibility. Users simply must familiarize themselves with Facebook's privacy controls and make informed choices about what they share and with whom. A good starting point is this overview of Facebook's Data Use Policy.

Another interesting feature of the settlement is that Facebook may find itself subject to an FTC 20 year privacy review process. This is similar to one of the conditions of Google's Buzz settlement with the FTC earlier this year.