MTN’s misleading uncapped data bundle fine print

MTN’s uncapped data bundles are not what consumers think they are. They are complicated packages with rules that limit them dramatically.

EWN published a surprising story titled “The terms of MTN’s uncapped data explained”, in which MTN’s Chief Customer Experience Officer, Eddie Moyce, explains MTN’s activation requirement for its time based uncapped data bundle. Here is the radio segment:

The surprise is that this uncapped data offer doesn’t work the way you may expect. Consumers should pay careful attention to the fine print avoid being caught out, potentially at a substantial cost. Essentially, even though you have paid for the bundle, you still need to activate it by dialling a short-code which you receive by a SMS. If you don’t activate the bundle, you will use data at normal data rates and could wind up with a larger bill than you expected.

Two aspects of this story are problematic:

1. Why offer this sort of “uncapped” bundle that the customer still needs to activate in order to use it, even after paying for it?

This is really misleading. Most data bundles activate automatically when you have paid for them and the changes propagate across the network, don’t they?

The mechanism suggests that MTN intentionally created this activation mechanism knowing that many customers won’t actually realise they need to do it and will wind up paying far more. I checked the terms and conditions that apply to this package (I think – the MTN site is not exactly designed to find information easily) and it says the following:

  1. Activation of the MTN 1 Day Uncapped Internet Bundles

5.1 Customers may purchase an MTN 1 Day Uncapped Internet Bundle by dialing *141*2#.

5.2 Customers must activate the MTN 1 Day Uncapped Internet Bundle after purchase, by dialing *141*5#. The MTN 1 Day Uncapped Internet Bundle does not automatically activate .

5.3 Customers may only activate the MTN 1 Day Uncapped Internet Bundle if they have sufficient airtime in their airtime account or using their usage limit (for My MTNChoice customers). This excludes MTN Loyalty 1–4–1 Loyalty Points and any promotional airtime.

Data bundle details

These data bundles are typically “valid for a period of 24 (twenty four) hours”, although only “after [they are] activated”. I also wonder how many people are aware of when the data bundle kicks in? How many people assume (and reasonably so) that the package kicks in automatically and they start using the data right away?

The seemingly reasonable SMS from MTN with activation instructions is challenging. Many people ignore SMS messages they receive for various reasons and may not notice the significance of an activation message until long after their bill has hit triple digits.

This activation mechanism looks a lot like the dodgy tactics mobile content providers used to use before they were banned: automatically subscribing consumers to expensive content (think R5 or R7 per day until cancelled) subscription services without clear double opt-in mechanisms and pricing information. You wouldn’t expect major network operators to use misleading tactics such as these.

2. Why impose a “fair use value” cap of 150MB on an “uncapped” data bundle? That is tiny.

Then, to add to this, the notion that a bundle with a “fair use value” cap of 150MB is somehow an “uncapped” data bundle is ridiculous. That is a tiny amount of data when you consider that, as Eddie Moyce put it, people tend to buy these packages for specific reasons. One of those reasons would be that the customer needs to use a lot more data than his or her usual bundle allows (at least, cost effectively) in a short time period.

Here is an extract from the terms and conditions dealing with the “Fair Use Policy”:

9.1.4 Customers with an active MTN 1 Day Uncapped Internet Bundle shall be able to generate uncapped data usage, however, a fair use value/threshold as detailed in the table in clause 4 above will apply for the duration of the Validity Period.

9.1.5 Should the Customer exhaust the fair use value, as detailed in the table in clause 4 above, before the end of the Validity Period, the Customer’s data speeds will be reduced to 128kbps for the remainder of the Validity Period and the Fair Use Policy shall detailed in this clause 9 shall apply.

9.1.6 MTN further reserves the right to implement other measures and controls to ensure that the integrity of its systems is maintained, including but not limited to measures such as DPI (Deep Packet Inspection). DPI:

9.1.6.1 allows MTN to monitor aspects including, but not limited to, non-compliance with its Fair Use Policy and restricted protocols, prevent attacks from computer viruses/worms and identify SPAM. Such usage may be blocked or re-routed;

9.1.6.2 also allows MTN to throttle certain usage, such as peer to peer traffic;

9.1.6.3 shall also allow MTN to prioritize/filter certain activities, such as VoIP traffic, over other activities which are burdensome on the MTN network (such as video streaming);

9.1.6.4 in essence, this allows MTN to alleviate network congestion and improve service to all MTN customers.

9.1.7 This Fair Use Policy may be amended by MTN, whether by clarifying, modifying, adding to or deleting certain terms and conditions. This is subject to the Modification of Terms and Conditions, including notice being provided to you, as detailed in clause 16 below.

Not only does the available data speed slow to 128kbps when you hit that measly 150MB but MTN also imposes a series of restrictions on how you can use the data and when. The end result is that your “uncapped” data bundle is more like a “you can’t do much with this ISDN-like connection but thanks for paying anyway” bundle.

But wait, there’s more:

  • MTN hides all these restrictions and qualifications in terms and conditions which few consumers will ever read, and
  • these restrictions are couched in fairly dense language and presented in pale text on a white background that no-one over 45 can read without squinting says a lot too.

MTN terms

One more thing – no business use for you

Oh, by the way, this package isn’t available for “commercial use” so don’t think you are allowed to use this package to give your small business a little boost either:

9.2 The MTN 1 Day Uncapped Internet Bundles are intended for consumer use only. This means that the MTN 1 Day Uncapped Internet Bundles may not be used for commercial use (which includes, but is not limited to the intention of promoting, enabling, subscribing to, selling (directly or indirectly) the goods, services or image of any person pursuing a commercial, industrial, craft, religious, charitable or political activity or exercising a regulated profession).

9.3 The MTN 1 Day Uncapped Internet Bundles exclude use of the following services:

9.3.1 Least Call Routing (LCR);

9.3.2 Routing devices; and/or

9.3.3 Commercial use.

9.4 Use of the above services shall be deemed abuse and/or fraudulent use of the MTN 1 Day Uncapped Internet Bundles and shall entitle MTN to immediately suspend and/or deactivate the Customer’s access to the MTN 1 Day Uncapped Internet Bundles.

So if you are a small business owner and you happened to buy this bundle and use it as part of your business (you could have sent a data message to a client telling them about your services, for example), you would be committing a fraud in addition to breaching the terms and conditions of the bundle. Talk about hostile to small business!

K.I.S.S MTN!

When I think about what is available outside South Africa, MTN’s approach to mobile services and pricing just doesn’t make sense to me. My current mobile service includes 5 000 minutes of calls, 5 000 SMS messages, 10GB of data a month and 500 minutes of calls to my family in SA (landlines in SA) for the equivalent of about R200 per month. It wasn’t always like this but regulatory changes and increased competition improved the situation for Israelis.

Instead of obfuscating an overly complex service, why not offer a simpler option that just let’s people pay their R40 for either a fixed amount of data or a realistic “fair use value” cap? Drop this silly activation mechanism and the ridiculous fine print. In other words, give people what they think they are getting or, if that is more than you want to offer, offer them something you are comfortable with and that makes sense to consumers.

Image credit: Pixabay

No, you can’t unilaterally opt out of Facebook’s terms and keep using it

Facebook has updated its terms of service and data use policy recently and the changes have upset many people. I’ve started seeing more declarations of users’ intention to opt-out of provisions of Facebook’s terms and conditions. These sorts of declarations seem to be legally binding with their fairly legalistic language but they don’t work except to help you feel better.

The only way to limit what Facebook can do with your content and your personal information is to stop using Facebook and to delete your profile. Unilateral declarations of your intention to opt-out of provisions you don’t agree with don’t make those provisions less binding on you.

If you use Facebook, you do so on Facebook’s terms. If you don’t want to be bound by those terms and conditions, stop using Facebook.

Your email providers don’t require a warrant to read your email

Our email providers give themselves much more convenient access to your data through their terms of service or privacy policies. On one hand, this is level of access may be necessary to prevent disruptions and limit liability but, on the other hand, these permissions we, as users, grant providers like Microsoft, Google, Yahoo and others pretty broad access to our data without requiring them to obtain court orders or satisfy any external legal requirement.

The Verge recently published disturbing news about Microsoft’s respect for its users’ privacy:

It came out yesterday that the company had read through a user’s inbox as part of an internal leak investigation. Microsoft has spent today in damage-control mode, changing its internal policies and rushing to point out that they could have gotten a warrant if they’d needed one. By all indications, the fallout is just beginning.

Your provider is watching you

As disturbing as this is, there is a bigger picture. As The Verge’s Russell Brandom goes on to point out –

But while Microsoft is certainly having a bad week, the problem is much bigger than any single company. For the vast majority of people, our email system is based on third-party access, whether it’s Microsoft, Google, Apple or whoever else you decide to trust. Our data is held on their servers, routed by their protocols, and they hold the keys to any encryption that protects it. The deal works because they’re providing important services, paying our server bills, and for the most part, we trust them. But this week’s Microsoft news has chipped away at that trust, and for many, it’s made us realize just how frightening the system is without it.

People following the Oscar Pistorius trial in the last week would have discovered that private chats can become very public if law enforcement authorities believe they are relevant to an investigation.

Although law enforcement authorities are required to follow various procedures to gain access to messaging and social media users’ communications, the companies operating the chat and email services we use daily don’t have this hurdle in their way if they deem it necessary to access their users’ communications.

The right to privacy in the South African Bill of rights includes the right not to have the “privacy [your] communications infringed”. This right is not absolute and can be (and is) limited by various laws including the Regulation of Interception of Communications and Provision of Communication-related Information Act which is how local law enforcement can obtain access to your communications. What this means is that, for law enforcement at least, there are checks and balances in place to protect our communications both thanks to laws as well as service providers’ requirements.

Unfortunately, those same providers give themselves much more convenient access to your data through their terms of service or privacy policies. On one hand, this is level of access may be necessary to prevent disruptions and limit liability but, on the other hand, these permissions we, as users, grant providers like Microsoft, Google, Yahoo and others pretty broad access to our data without requiring them to obtain court orders or satisfy any external legal requirement.

Microsoft

As The Verge pointed out, if you use Hotmail/Outlook.com, you have granted Microsoft permission to access your data. Microsoft’s Privacy Statement includes these permissions:

We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public.

Because you agree to the Privacy Statement as a condition of your use of Microsoft’s services, you have consented to these uses of your personal information. These consent enable Microsoft to circumvent any questions about privacy infringement because your legitimate expectation of privacy does not extend to these particular activities. This is the key rationale for a privacy policy and it is the same principle applies to the permissions you grant to other providers (I’ve referred to a couple more below).

Google

Google operates an enormously popular email service, Gmail, which is also probably one of the most secure from the perspective of external surveillance and attacks. While Google holds itself out as its users’ protector from external threats, it also has the option of accessing your data because you have agreed to this when you agreed to its Privacy Policy which includes these provisions:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users.

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know.

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

These three sections are drawn from different parts of Google’s Privacy Policy and, between them, they give Google permission to share fairly comprehensive information it has about you with law enforcement authorities as well as to use that information itself to, among other things, “protect” its services, itself and its users. This is a fairly broad term and this is likely intentional. When you write these sorts of policy documents, you don’t want to be too prescriptive if you anticipate requiring fairly broad consents for a wide range of foreseeable risks and to cater for unforeseen risks.

Yahoo

Yahoo’s webmail service is still very popular. While Yahoo’s privacy policy tends to be pretty good about handling users’ personal information, it also retains fairly broad permissions in its Privacy Policy (I added some emphasis):

Yahoo does not rent, sell, or share personal information about you with other people or non-affiliated companies except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

  • We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Yahoo’s terms of use, or as otherwise required by law.

Apple

Although not as popular as the other providers, Apple’s tight service and software integration makes its iCloud email service a convenient option, especially because its possible to create an email account on iCloud without requiring another email account first (which is increasingly rare). When you use Apple’s products and services, your consents include the following:

How we use your personal information

  • We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.

  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Apple’s products, services, and customer communications.

Where this leaves you

<

p>Public events like the Oscar Pistorius trial and, before it, the ongoing revelations about state surveillance programs over the last year or so, have reminded us that our private communications are not quite as private as we may have hoped. Our privacy is protected more by obscurity and because our communications, for the most part, are not the sorts of things others would be terribly concerned about.

Our trust and the possibility of severe reputational harm keep the likes of Google, Yahoo, Microsoft, Facebook and others generally honest although, as we have seen with Microsoft, they may be prepared to break that trust if the reason is compelling enough to them. They will invariably point to the permissions we give them in our contracts with them and they’ll be quite right. We have agreed to this and we’ll continue being in agreement with them having this level of access to our data because the alternatives are not nearly as convenient.

What you can legally say on Twitter

When it comes to acceptable conduct on Twitter and, defamation in particular, our law will govern how South African Twitter users use Twitter and may well inform how Twitter responds to improper use of its service too. Although simply making defamatory statements is not immediately actionable, doing so unjustifiably likely is wrongful and can expose you to legal proceedings seeking to stop you, to remove your defamatory statements or even to claim financial compensation from you. That said, there would be a tension between Twitter’s approach to users’ freedom of expression and local judicial authorities’ approach which could be interesting but, on the whole, Twitter will likely respect local laws which are aligned, at least ostensibly, with its values.

Nokia Lumia launch-72

The Oscar Pistorius case has clearly illustrated just how important Twitter has become to us as an information service and as a form of expression for individuals. It exists both in the real world and in a sort of altered reality for many of its users. The result is that people often find themselves tweeting things they wouldn’t say in person and may of those things can be defamatory and actionable in our law. An important question is what you, as a Twitter user (or as a person using most publish social services, generally) can say (and, by implication, what you shouldn’t)?

What Does Twitter Permit?

Twitter’s terms and conditions comprise its Terms of Service and the Twitter Rules. Between them, these two frameworks establish a set of rules and guidelines for acceptable Twitter use[1].

Twitter’s Terms of Service

Twitter’s Terms of Service are the contract between you and Twitter. This is how Twitter introduces this contract:

These Terms of Service (“Terms”) govern your access to and use of the services, including our various websites, SMS, APIs, email notifications, applications, buttons, and widgets, (the “Services” or “Twitter”), and any information, text, graphics, photos or other materials uploaded, downloaded or appearing on the Services (collectively referred to as “Content”). Your access to and use of the Services are conditioned on your acceptance of and compliance with these Terms. By accessing or using the Services you agree to be bound by these Terms.

This means that the Terms of Service are the primary legal framework as far as you and Twitter are concerned. When you violate the Terms of Service you may not be breaking the law but you are breaking your contract with Twitter and can lose your profile and further access to the service. As the saying goes, “easy come, easy go” and Twitter can terminate your access to the service if you violate the Terms of Service. The section titled “Ending These Terms” includes the following:

The Terms will continue to apply until terminated by either you or Twitter as follows.

You may end your legal agreement with Twitter at any time for any reason by deactivating your accounts and discontinuing your use of the Services. You do not need to specifically inform Twitter when you stop using the Services. If you stop using the Services without deactivating your accounts, your accounts may be deactivated due to prolonged inactivity under our Inactive Account Policy.

We may suspend or terminate your accounts or cease providing you with all or part of the Services at any time for any reason, including, but not limited to, if we reasonably believe: (i) you have violated these Terms or the Twitter Rules, (ii) you create risk or possible legal exposure for us; or (iii) our provision of the Services to you is no longer commercially viable. We will make reasonable efforts to notify you by the email address associated with your account or the next time you attempt to access your account.

Twitter is also the gatekeeper when it comes to your Twitter use and can decide how and when you may use the service and in what manner:

Please review the Twitter Rules (which are part of these Terms) to better understand what is prohibited on the Service. We reserve the right at all times (but will not have an obligation) to remove or refuse to distribute any Content on the Services, to suspend or terminate users, and to reclaim usernames without liability to you. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect the rights, property or safety of Twitter, its users and the public.

Twitter Rules

So you can be sued for defamation of character for things said on Twitter. That’s assuming the person you defame has any character.

— Jonathan Witt (@Jonathan_Witt) February 23, 2013

The Terms of Service specify technical restrictions for how you may make use of the service but the Twitter Rules specifically address your conduct on Twitter and what is permissible. Interestingly, Twitter doesn’t address defamation directly in the Twitter Rules. Instead, it prohibits the following broad categories of activities on Twitter:

  • Impersonation: You may not impersonate others through the Twitter service in a manner that does or is intended to mislead, confuse, or deceive others
  • Trademark: We reserve the right to reclaim user names on behalf of businesses or individuals that hold legal claim or trademark on those user names. Accounts using business names and/or logos to mislead others will be permanently suspended.
  • Privacy: You may not publish or post other people’s private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission.
  • Violence and Threats: You may not publish or post direct, specific threats of violence against others.
  • Copyright: We will respond to clear and complete notices of alleged copyright infringement. Our copyright procedures are set forth in the Terms of Service.
  • Unlawful Use: You may not use our service for any unlawful purposes or in furtherance of illegal activities. International users agree to comply with all local laws regarding online conduct and acceptable content.
  • Misuse of Twitter Badges: You may not use a Verified Account badge or Promoted Products badge unless it is provided by Twitter. Accounts using these badges as part of profile photos, header photos, background images, or in a way that falsely implies affiliation with Twitter will be suspended.

In addition, anyone who uses Twitter for the following purposes will be subject to “permanent suspension”:

  • Serial Accounts
  • Username Squatting (also known as Brandsquatting)
  • Invitation spam
  • Selling user names
  • Malware/Phishing
  • Spam
  • Pornography

Twitter protects users’ rights to freedom of expression, for the most part, although these protections are limited in some instances and have become somewhat eroded through steps taken to censor Twitter users, sometimes controversially. When it comes to freedom of expression, Twitter protects aspects of this freedom such as parody, commentary and fan accounts but has little tolerance for, and has developed specific policies catering for, misuses that include impersonations falling outside the scope of parody, commentary and fan accounts and abusive behaviour (which is not very clearly defined).

What Does the Law Permit?

@songezozibi#blacktwitter watched Carte Blanche and discovered that defamation laws cover social media. It’s hilarious.

— Sipho Hlongwane (@comradesipho) February 24, 2013

Defamation in South Africa has developed quite a bit in the last decade or so. That’s not to say that it has changed radically but how it is applied has. For one thing, the Bill of Right’s introduction (first in the interim Constitution in 1994 and, later, in the final Constitution in 1996) led judges to base their decisions on an analysis of the relative weight of various rights which usually include the right to dignity and the right to freedom of expression.

I referenced current judicial authorities on defamation which Judge Willis discussed in his recent judgment about a case involving defamation on Facebook in my article about that case and this extract is worth repeating:

After exploring Twitter briefly, Judge Willis turned to established case law in South Africa including authority for the proposition Roos expressed that a privacy infringement can be justified in a similar way that defamation can be justified and a more recent Supreme Court of Appeal judgment in the 2004 Mthembi-Mahanyele v Mail & Guardian case which, according to Judge Willis –

affirmed the principle that the test for determining whether the words in respect of which there is a
complaint have a defamatory meaning is whether a reasonable person of ordinary intelligence might reasonably understand the words concerned to convey a meaning defamatory of the litigant concerned

The Court, in the Mthembi-Mahanyele case set out the test for defamation as follows (and cited a 1993 case in the then-Appellate Division of Argus Printing and Publishing Co Ltd v Esselen’s Estate) –

The test for determining whether words published are defamatory is to ask whether a ‘reasonable person of ordinary intelligence might reasonably understand the words . . . to convey a meaning defamatory of the plaintiff. . . . The test is an objective one. In the absence of an innuendo, the reasonable person of ordinary intelligence is taken to understand the words alleged to be defamatory in their natural and ordinary meaning. In determining this natural and ordinary meaning the Court must take account not only of what the words expressly say, but also of what they imply’

Referencing one of the justifications for (or defences to) defamation, namely that the defamatory material be true and to the public benefit or in the public interest, Judge Willis drew an important distinction that is worth bearing in mind –

A distinction must always be kept between what ‘is interesting to the public’ as opposed to ‘what it is in the public interest to make known’. The courts do not pander to prurience.

The Court moved on to explore another justification, fair comment. In order to qualify as “fair comment” –

the comment “must be based on facts expressly stated or clearly indicated and admitted or proved to be true”

The person relying on this justification must prove that the comment is, indeed, fair comment and “malice or improper motive” will defeat this justification or defence, regardless of its demonstrably factual nature. In this particular case, the Court found that W acted maliciously and she was unable to prevail with this defence.

When it comes to acceptable conduct on Twitter and, defamation in particular, our law will govern how South African Twitter users use Twitter and may well inform how Twitter responds to improper use of its service too. Although simply making defamatory statements is not immediately actionable, doing so unjustifiably likely is wrongful and can expose you to legal proceedings seeking to stop you, to remove your defamatory statements or even to claim financial compensation from you. That said, there would be a tension between Twitter’s approach to users’ freedom of expression and local judicial authorities’ approach which could be interesting but, on the whole, Twitter will likely respect local laws which are aligned, at least ostensibly, with its values.

The Other Considerations

Leaving aside the law and your contract with Twitter, online defamation is tricky. Your legal rights and rights under a provider’s terms of service may protect you in theory but the social Web has its own dynamics which operate, frequently regardless of what should happen. It is very easy to tweet something that you may feel strongly about in that moment (I have certainly done that) and it is worth bearing Judge Willis’ advice in mind for those times when your tweets perhaps go too far:

Those who make postings about others on the social media would be well advised to remove such postings immediately upon the request of an offended party. It will seldom be worth contesting one’s obligation to do so. After all, the social media is about building friendships around the world, rather than offending fellow human beings. Affirming bonds of affinity is what being ‘social’ is all about.

  1. Other services have similar frameworks (take a look at Facebook’s Statement of Rights and Responsibilities and Community Standards guidelines as well as WordPress’ Terms of Service for hosted service users)  ↩

Wartime Twitter

Militarised Twitter

The recent Gaza conflict signified a shift in how battles are fought and publicised. Israel announced its assault on Hamas targets on Twitter and much of the ensuing conflict was documented in a flurry of tweets published by the Israeli Defence Force, a variety of Israeli spokespeople and Hamas.

This shift to Twitter as a PR tool for governments engaged in conflicts and politics in general is an interesting one. For one thing, it means that Twitter is no longer simply a social network for brands and users talking about what they had for breakfast. This isn’t really new. Twitter featured prominently in the Arab Spring uprisings earlier this year and has been activists’ preferred tool for a little longer than that because Twitter allows pseudonyms; tweets are easily shared and there are a variety of ways to access the service that circumvent some efforts to block Twitter (although I suspect these options are becoming increasingly limited as Twitter restricts external apps’ access to its data and APIs).

I found myself wondering whether this use is sanctioned by Twitter and took a look at Twitter’s governing documents.

What do Twitter’s terms and conditions say?

Twitter’s Rules establish guidelines for acceptable (and unacceptable) uses of the service –

In order to provide the Twitter service and the ability to communicate and stay connected with others, there are some limitations on the type of content that can be published with Twitter. These limitations comply with legal requirements and make Twitter a better experience for all. We may need to change these rules from time to time and reserve the right to do so. Please check back here to see the latest.

One of the rules is somewhat on point here:

Violence and Threats: You may not publish or post direct, specific threats of violence against others.

Both the IDF and the Hamas tweets I quoted above would seem to fall within this category so the question is what Twitter could, hypothetically, do. For starters, the Rules give some indication of Twitter’s official approach to tweets, generally –

Our goal is to provide a service that allows you to discover and receive content from sources that interest you as well as to share your content with others. We respect the ownership of the content that users share and each user is responsible for the content he or she provides. Because of these principles, we do not actively monitor user’s content and will not censor user content, except in limited circumstances described below.

Twitter’s Terms of Service set out some of the actions Twitter may take for violations of its terms and conditions:

Please review the Twitter Rules (which are part of these Terms) to better understand what is prohibited on the Service. We reserve the right at all times (but will not have an obligation) to remove or refuse to distribute any Content on the Services, to suspend or terminate users, and to reclaim usernames without liability to you. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect the rights, property or safety of Twitter, its users and the public.

Whether Twitter would take steps to enforce its terms and conditions as more governments and political entities start using it to promote their points of view is possibly more of a policy decision. Twitter is becoming more and more of an information utility and a pretty effective news service and, besides risks to its safe harbours, adopting a more active moderation role would likely be detrimental. Instead, Twitter will likely apply some of its practices for complying with legal and compliance restrictions while striving for a balance between compliance and preserving Twitter as a platform for activists and ideas.

Pinterest’s amended terms still leave users exposed

Pinterest (I am going to be a little lazy in this post and refer to “Pinterest” when discussing both the site and its creator, Cold Brew Labs) has been in the spotlight quite a bit lately due to its terms of service as well as content creators’ concerns that their content is being shared without their permission on the service by its enthusiastic users. I wrote about the copyright implications in my post titled “Is Pinterest a den of copyright thieves?” and about the potential liability users face in a subsequent post titled “Pinterest’s hidden threat to its users“. Pinterest announced updates to its terms recently and the new terms go into effect next week. Unfortunately the new terms still leave users exposed to potentially substantial liability simply by using the service.”

Current terms (published on 29 March 2011)

Much of the focus on Pinterest’s new terms of service (which go into effect on 6 April) is on the original content license users grant to Pinterest which includes the right to “sell” “Member Content”. The two key clauses here are the definition of “Member Content” and the original license clause which state the following (I highlighted the problematic terms in bold):

“Member Content” means all Content that a Member posts, uploads, publishes, submits or transmits to be made available through the Site, Application or Services.

and

We may, in our sole discretion, permit Members to post, upload, publish, submit or transmit Member Content. By making available any Member Content through the Site, Application or Services, you hereby grant to Cold Brew Labs a worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free license, with the right to sublicense, to use, copy, adapt, modify, distribute, license, sell, transfer, publicly display, publicly perform, transmit, stream, broadcast, access, view, and otherwise exploit such Member Content only on, through or by means of the Site, Application or Services. Cold Brew Labs does not claim any ownership rights in any such Member Content and nothing in these Terms will be deemed to restrict any rights that you may have to use and exploit any such Member Content.

The effect of these provisions was to enable Pinterest to commercially exploit Member Content published on the site on the basis that users grant Pinterest. This license is granted automatically and the way Pinterest attempts to ensure that users are legally authorised to grant this license is through this acknowledgement or warranty:

You acknowledge and agree that you are solely responsible for all Member Content that you make available through the Site, Application and Services. Accordingly, you represent and warrant that: (i) you either are the sole and exclusive owner of all Member Content that you make available through the Site, Application and Services or you have all rights, licenses, consents and releases that are necessary to grant to Cold Brew Labs the rights in such Member Content, as contemplated under these Terms; and (ii) neither the Member Content nor your posting, uploading, publication, submission or transmittal of the Member Content or Cold Brew Labs’ use of the Member Content (or any portion thereof) on, through or by means of the Site, Application and the Services will infringe, misappropriate or violate a third party’s patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.

This sort of warranty is a common mechanism in website terms and short of having each user prove they are entitled to post each item to the service (totally impractical), this is how site providers tend to protect themselves from a user submissions perspective.

One of the significant challenges in these terms is that users are potentially liable for substantial damages simply by using the service. This is as a result of the liability clauses in the terms. I won’t go into this in detail here as I have already done so in my post titled “Pinterest’s hidden threat to its users” which I recommend you read before continuing with this post.

Paul Jacobson / Pinterest

The new terms (6 April 2012)

The new terms deal with content a little differently. Firstly, the definition will change to “User Content”. This isn’t as well defined as “Member Content” is in the current terms. It is defined or framed as follows (I highlighted the relevant sections):

Your content. Pinterest allows you to pin and post content on the Service, including photos, comments, and other materials. Anything that you pin, post, display, or otherwise make available on our Service, including all Intellectual Property Rights (defined below) in such content, is referred to as “User Content.” You retain all of your rights in all of the User Content you post to our Service.

Framing “User Content” this way does two things. It streamlines the definition of User Content and it explicitly states that users retain the rights they have in the content they post. This means that Pinterest has no ownership claim over your stuff which you post to the site or, implicitly, anyone else’s. This also addresses a very common misperception we see in media coverage of site terms of use: Pinterest doesn’t claim to own your content. In fact, I don’t recall ever seeing site terms where a provider claims ownership of user content. The problem lies more in how broad the license is that users grant these service providers. The license users grant Pinterest is the following (I’ve highlighted some interesting provisions):

  • How Pinterest and other users can use your content. Subject to any applicable account settings you select, you grant us a non-exclusive, royalty-free, transferable, sublicensable, worldwide license to use, display, reproduce, re-pin, modify (e.g., re-format), re-arrange, and distribute your User Content on Pinterest for the purposes of operating and providing the Service(s) to you and to our other Users. Nothing in these Terms shall restrict Pinterest’s rights under separate licenses to User Content. Please remember that the Pinterest Service is a public platform, and that other Users may search for, see, use, and/or re-pin any User Content that you make publicly available through the Service.
  • How long we keep your content: Following termination or deactivation of your account, or if you remove any User Content from your account or your boards, Pinterest may retain your User Content for a commercially reasonable period of time for backup, archival, or audit purposes. Furthermore, Pinterest and other Users may retain and continue to display, reproduce, re-pin, modify, re-arrange, and distribute any of your User Content that other Users have re-pinned to their own boards or which you have posted to public or semi-public areas of the Service.

What is noticeable is that the new terms omit the reference to “sell” and the new license is not irrevocable or perpetual. It is still royalty-free and “sublicenseable” so Pinterest is not liable for any royalties payable for publishing User Content and can sub-license the content to another party. This latter requirement may be intended more to enable the service to function more than a desire to move content around. Any other party that republishes the content as part of the overall service would need the right to do so. This may include Pinterest’s hosting provider, 3rd party services and so on.

A related term in the new terms is “Pinterest Content” which is framed as follows:

Pinterest Content. Except for User Content, the Service itself, all content and other subject matter included on or within the Service, and all Intellectual Property Rights in or related to the Service or any such content or other subject matter (“Pinterest Content”) are the property of Pinterest and its licensors. Except as expressly provided in these Terms, you agree not to use, modify, reproduce, distribute, sell, license, or otherwise exploit the Pinterest Content without our permission.

A big change in the new terms is the introduction of an Acceptable Use Policy which more fully addresses how users can make use of the service. Two of the prohibitions include posting any User Content that –

infringes any third party’s Intellectual Property Rights, privacy rights, publicity rights, or other personal or proprietary rights

and

contains any information or content that you do not have a right to make available under any law or under contractual or fiduciary relationships

The new terms define “Intellectual Property Rights” as follows:

Definition of Intellectual Property Rights. When we refer to “Intellectual Property Rights” in these Terms, we mean all patent rights; copyright rights; moral rights; rights of publicity; trademark, trade dress and service mark rights (and associated goodwill); trade secret rights; and all other intellectual property and proprietary rights as may now exist or hereafter come into existence, and all applications for any of these rights and registrations, renewals and extensions of any of these rights, in each case under the laws of any state, country, territory or other jurisdiction.

The new terms make it pretty clear that users are only to publish content they have the rights to publish, whether this be under a license granted by the content creator (most Creative Commons licensed content, for example, would probably be fine) or where there are copyright infringement exceptions (I wrote about this in my first post titled “Is Pinterest a den of copyright thieves?“). The terms also include fairly extensive provisions intended for content owners and which detail Pinterest’s interest in protecting their rights, preventing efforts to circumvent the so-called “no pin” tag content owners can use to block efforts to pin their content as well as to report any copyright infringement.

What Pinterest hasn’t changed much are its liability protection clauses. As with the current terms, the new terms include an indemnity clause which states the following:

You agree to indemnify and hold harmless Pinterest and its officers, directors, employees and agents, from and against any claims, suits, proceedings, disputes, demands, liabilities, damages, losses, costs and expenses, including, without limitation, reasonable legal and accounting fees (including costs of defense of claims, suits or proceedings brought by third parties), arising out of or in any way related to (i) your access to or use of the Services or Pinterest Content, (ii) your User Content, or (iii) your breach of any of these Terms.

The terms also include a liability limitation clause which reminds users that “THE ENTIRE RISK ARISING OUT OF YOUR ACCESS TO AND USE OF THE SERVICES, PINTEREST CONTENT, AND USER CONTENT REMAINS WITH YOU AND YOU USE THE SERVICES AT YOUR OWN RISK” (among other things).

Actually there is one significant change from the old indemnity clause to the new one. The old (or current) clause requires users to “defend” Pinterest. That change relieves users of the potential responsibility for filing court papers in Pinterest’s defence should it be sued. What the new indemnity clause doesn’t do is relieve users of the potential responsibility for any damages Pinterest may be ordered to pay, any costs it may incur or other penalties which flow from claims lodged against Pinterest in respect of –

  • “your access to or use of the Services or Pinterest Content”;
  • “your User Content”; or
  • “your breach of any of these Terms”.

There is one important omission in the indemnity. The indemnity doesn’t require your “use of the Services or Pinterest Content” to be unlawful or to infringe a 3rd party’s rights, necessarily. It potentially includes a situation where your use of the “Services or Pinterest Content” is legitimate and Pinterest’s isn’t. This could be possible if your use is regarded as a “fair use” (this has a specific legal context, see below) and Pinterest’s may not be because it’s a commercial service, for example.

What does this all mean for you?

The bottom line is that you should only pin stuff to Pinterest which you are licensed to pin or which you can pin under a copyright exception like “fair use” as applied in the State of California (these terms are governed by the “internal substantive laws of the State of California”). Any other publication or use of the service and content published on Pinterest could be a violation of someone Intellectual Property Rights and a breach of the terms of service. If Pinterest is sued for that and you are the unlucky user who did the infringing, you could be on the hook. This could be regardless of whether you acted lawfully when you used Pinterest.

In other words, heed the liability limitation clause’s admonition:

YOU ACKNOWLEDGE AND AGREE THAT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE ENTIRE RISK ARISING OUT OF YOUR ACCESS TO AND USE OF THE SERVICES, PINTEREST CONTENT, AND USER CONTENT REMAINS WITH YOU AND YOU USE THE SERVICES AT YOUR OWN RISK.

Add nutmeg to your Terms of Service and whisk briefly

One of my contacts on Google+, York Zucchi, pointed me to his website terms and conditions on his site which I had to share. The terms (well, this is really a liability disclaimer, not a complete set of website terms and conditions) are somewhat simple and not appropriate for all uses but they are a fun read, nevertheless:

IMPORTANT INFORMATION/DISCLAIMER

This website may contain information that is unsuitable for overly sensitive persons with low self-esteem or no sense of humour (you need a great sense of humour to do business in Africa). Any dissemination, a distribution or copying of this website is not only authorised (either explicitly or implicitly) but actively encouraged though not including the source constitutes an irritating social faux pas. If you have landed on this site by mistake we would be curious what you were trying to find online. You are welcome to stick around and read it, even if we didn’t mean for you to visit it. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. We take no responsibility for non-enjoyment, either humorous or of informative means, of this website. In the event that you do get the humour herein contained then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of reading, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, shucks, where were we.., no matter what happens, IT’s NOT, and NEVER WILL BE, OUR FAULT except where we made silly promises that we should not have. No animals were harmed in the writing of this text, although the yorkshire terrier next door is living on borrowed time. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft: However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have read this whole paragraph in error, please add some nutmeg and eggs and place it in a warm oven for 40 minutes. Whisk briefly and let it stand for 2 hours before icing.

Thanks for the link, York! I particularly like this line:

However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets

What Dropbox’s revised Terms of Service mean for you

Esuslogo101409

When Dropbox amended its Terms of Service it sparked a controversy about the popular file sharing and cloud-based storage service’s apparent user content grab. As with virtually all controversies about expanded content licensing provisions, many users feared Dropbox was claiming ownership of their content. This is not correct at all but the amended license provisions are cause for concern for a number of other reasons.

The clause which sparked the controversy was amended between the time the new Terms of Service first went up and about a day later when Dropbox clarified its position after receiving quite a bit of feedback from users. The introduction to the Terms of Service (with defined terms) and the current licensing provisions are as follows:

Dropbox Terms of Service

Thank you for using Dropbox! These terms of service (the “Terms”) govern your access to and use of Dropbox (“we” or “our”) websites and services (the “Services”), so please carefully read them before using the Services.

By using the Services you agree to be bound by these Terms. If you are using the Services on behalf of an organization, you are agreeing to these Terms for that organization and promising that you have the authority to bind that organization to these terms. In that case, “you” and “your” will refer to that organization.

You may use the Services only in compliance with these Terms. You may use the Services only if you have the power to form a contract with Dropbox and are not barred under any applicable laws from doing so. The Services may continue to change over time as we refine and add more features. We may stop, suspend, or modify the Services at any time without prior notice to you. We may also remove any content from our Services at our discretion.

The starting point is that you agree to these Terms of Service by using the Dropbox service. This is a common provision in Terms of Service. You very rarely have a workable model involving users actually signing a piece of paper or negotiating terms and conditions for their access to the service. That sort of thing becomes almost impossible to manage satisfactorily if you are negotiating on an individual basis with large groups of users and retain a hope of providing a consistent service. This clause typically ties into another clause that allows the service to make changes to the Terms of Service which you agree to by continuing to make use of the service.

Not only do you bind yourself but if you are using Dropbox in an organisation then you are also representing to Dropbox that you have the necessary authority to bind the organisation too. That can be quite a leap to take so if your organisation makes use of Dropbox (there are business packages) then you really should make sure that someone who does have authority to bind the organisation has read the Terms of Service and is comfortable binding the company. This may sound a little silly but there are legal principles dealing with principals and agents which would come into play here.

Your Stuff & Your Privacy

By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

How we use your stuff is also governed by the Dropbox Privacy Policy, which you acknowledge. You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so. We are not responsible for the accuracy, completeness, appropriateness, or legality of files, user posts, or any other information you may be able to access using the Services. We may disclose information about your account or your stuff to law enforcement officials as outlined in our Privacy Policy.

This clause contains the controversial licensing provisions. Like virtually any Web-based service you are required to grant the service a fairly broad license to enable it to render the service. The reason for this is that copyright law grants copyright owners (often the users) exclusive rights over their content. These rights are often the rights a service like Dropbox needs to exercise just to be able to receive your content and manipulate it as part of the service. A license is a set of permissions which enables Dropbox to do this. The big question is whether the license Dropbox takes goes further than is necessary (the Twitpic terms are a good example of terms which really go too far).

In the case of Dropbox’s Terms of Service the terms were clarified to emphasize the following:

This license is solely to enable us to technically administer, display, and operate the Services.

That said, there are a couple aspects of the license which leave it somewhat open to interpretation and abuse. For starters you grant the license to Dropbox as well as “those we work with to provide the Services”. The problem is that Dropbox doesn’t clarify who “those we work with” are. Given that those people, whoever they are, are also granted a “worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff” is a concern, even if they too are granted the license “to the extent reasonably necessary for the Service” (whatever form that may take over time).

One of the key sentences in the license which potentially places a number of users immediately in breach of the Terms of Service is the following:

You must ensure you have the rights you need to grant us that permission.

This sentence is a statement of one of the fundamentals of content licensing, namely that you can only pass the rights you have. What this means in the context of the license itself is that users have to ensure that any licenses they have over “stuff” they store in Dropbox must have all the following license elements:

  1. worldwide;
  2. non-exclusive;
  3. royalty-free;
  4. sublicenseable rights to use, copy, distribute, prepare derivative works of, perform or publicly display.

This might seem like mumbo jumbo but some content may only be available under licenses which are more restrictive that the license in the Dropbox Terms of Service. The licenses over that content may be personal, incapable of being sub-licensed or even be exclusive to the user concerned. What this means is that the content the user stores in Dropbox and which is subject to a more restrictive license than the Dropbox license requires lack “the rights you need to grant us that permission”. That means the user is in breach of the Terms of Service. Consider the “stuff” you store in Dropbox and ask yourself if you are sufficiently familiar with the licenses which may apply to that “stuff” to be able to give Dropbox the permissions it demands in its Terms of Service. If some of that stuff includes downloaded music, photographs subject to someone else’s copyright or even ebooks and other documents then the odds are that that “stuff” should not be stored in Dropbox.

On the privacy side, one of the big concerns is the revelation that Dropbox not only has the decryption keys for your encrypted data uploaded directly to Dropbox (I understand that the service encrypts uploads to keep them secure) but that it will decrypt data should law enforcement officials demand it with the appropriate authority. The privacy policy includes the following provision:

Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

This seems to be something Dropbox would be required to do if access to encrypted data was required by law enforcement so if security is a priority for you, I believe a solution is to encrypt the data on your drive before it is uploaded so Dropbox receives encrypted data from the start which it then applies its own encryption to. If Dropbox has to remove its own encryption, your original encryption should protect your data. I stand to be corrected about the mechanics here though.

What was perhaps most noteworthy about this controversy is how transparent the Dropbox team has been and its willingness to engage with its users and respond to their feedback. While its transparency doesn’t detract from the issues in its Terms of Service and Privacy Policy, it does indicate the team is willing to discuss its users’ concerns and possibly even address them.

Update: There are a number of terrific posts about the Dropbox Terms of Service. Here are two which came highly recommended in my Google+ stream in the last day or two: