A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS

20122012 IN RETROSPECT INTERNET & JURISDICTION PROJECT CASE COLLECTION VOLUME 1

I N T E R N E T & MORE INFORMATION ABOUT THE JURISDICTION INTERNET & JURISDICTIONMore information PROJECT AT about OBSERVATORY the Internet & Jurisdiction Project at: www.internetjurisdiction.net 1 k eepin g trac k o f trends :www.internetjurisdiction.net @IJurisdiction TO S TAY UP-TO-DATE ON THE INTERNET & JURISDICTION PROJECT AND THE LATEST TRENDS W I T H R E G A R D TO T H E TENSION BETWEEN THE CROSS-BORDER INTERNET AND NATIONAL JURISDICTIONS, SUBSCRIBE TO OUR NEWSLETTER AT WWW.INTERNETJURISDICTION.NET A N D F OLLOW @IJURISDICTION ON TWITTER. 2012 IN RETROSPECT

The Internet & Jurisdiction Project is an evidence- based global multi-stakeholder dialogue process. To inform its participants about emerging trends and high-level patterns, the Internet & Jurisdiction Project detected, curated and categorized over 420 cases around the world in a dedicated data- base between February and December 2012. They crowd-curation show the tension between the cross-border nature of the Internet with its transnational online spaces and the patchwork of geographically defined national jurisdictions. spotlight I & J DATABASE WITH The Internet & Jurisdiction Observatory supports CATEGORIZED CASES the Internet & Jurisdiction Project team in keeping track of the latest trends around the globe. This interdisciplinary network of selected international experts crowd-ranks every month all collected crowd-ranking cases in the Internet & Jurisdiction database via a progressive filtering process. The 20 most impor- tant cases are showcased in the monthly Internet & Jurisdiction Project newsletter Retrospect with retrospect concise summaries and links to relevant back- MONTHLY NEWSLETTER WITH TOP 20 CASES ground information.

The case collection ”2012 in Retrospect“ is a com- pilation of 220 selected cases. It provides a review dialogue + analysis of crucial dynamics to stimulate discussions and trigger research. synthesis REGULAR REPORTS ON LATEST TRENDS AND INSIGHTS

FACILITATION TEAM ABOUT The Internet & Jurisdiction Project facili- tates a global multi-stakeholder dialogue process to address the tension between the cross-border nature of the Internet and Bertrand de geographically defined national jurisdic- LA CHAPELLE tions. It provides a neutral platform for Director international organizations, states, business [email protected] and civil society to discuss the elaboration of a transnational due process framework to handle the digital coexistence of diverse national laws in shared cross-border online spaces. Since its launch in January 2012, the Paul Internet & Jurisdiction Project has involved FEHLINGER more than 80 entities in its dialogue process. Manager [email protected] INTERNET & JURISDICTION OBSERVATORY

32 selected international experts from 26 different institutions in 13 countries are part of the internet & jurisdiction observatory. the interdisciplinary network is composed of respected senior experts while leaving room for emerging talents.

Séverine Robert J. Michael ARSÈNE CURRIE GEIST French Center for Research on Dalhousie University, Law & University of Ottawa, Canada Contemporary China, Hong Kong Technology Institute, Canada Research Chair in Internet and E-commerce Law, Canada @severinearsene @CdnTechLaw @mgeist

Chinmayi William H. ARUN DUTTON Nicolas JONDET National Law University New University of Oxford, Delhi, Centre for Communication Oxford Internet Institute, UK University of Edinburgh, Governance, India Edinburgh Law School, UK @BiIIDutton @chinmayiarun @NicolasJondet

Lilian Francis Augusto EDWARDS Matthias C. MEDEIROS KETTEMANN University of Strathclyde, Centre University of Oslo, Norwegian for Internet Law and Policy, UK University of Frankfurt/Main, Research Center for Computers Cluster of Excellence “The @lilianedwards and Law, Norway Formation of Normative Orders”, @francisaugusto Giancarlo @MCKettemann FROSIO Ian Stanford University, Center BROWN Kathryn for Internet and Society, USA KLEIMAN Oxford University, @GCFrosio Oxford Internet Institute & Internet Counsel, Fletcher, Cyber Security Center, UK Heald & Hildreth PLC, USA @IanBrownOII Urs @KleimK GASSER Harvard University, Berkman Lee Wolfgang Center for Internet and Society & BYGRAVE KLEINWÄCHTER Harvard Law School, USA University of Oslo, Norwegian Department for Media and @ugasser Research Center for Computers Information Sciences, Unversity and Law, Norway of Aarhus, Denmark 4 OBSERVATORY

Konstantinos Carlos Affonso Lachlan KOMAITIS PEREIRA DE SOUZA URQUHART Internet Society, Switzerland Rio de Janeiro Institute for University of Nottingham, Technology and Society & Rio de Mixed Reality Lab, UK @kkomaitis Janeiro State University, Brazil @mooseabyte @caffsouza Joanna KULESZA Joana Theresa VARON FERRAZ University of Lodz, Department SCASSA for International Law and Interna- Fundação Getúlio Vargas, Center tional Relations, Poland University of Ottawa, Canada for Technology and Society, Research Chair in Information Brazil @KuleszaJ Law, Canada @joana_varon @TeresaScassa Sarah LOGAN Rolf H. Thomas WEBER Australian National University, SCHULTZ School of International and Po- University of Zurich, Center for litical Studies, Australia Graduate Institute of Interna- Information and Communication tional and Development Studies, Law, Switzerland @circt International Law Department, Switzerland Tobias Bendert MAHLER ZEVENBERGEN Wolfgang Oxford University, Oxford University of Oslo, Norwegian SCHULZ Internet Institute, UK Research Center for Computers Humboldt Institute for and Law, Norway @benzevenbergen Internet and Society, Germany @tomahler @WWSchulz Nicolo Francesca ZINGALES Dan MUSIANI University of Tilburg, Department SVANTESSON of European and International Mines ParisTech, Center for the Bond University, Centre for Public Law, Netherlands Sociology of Innovation, France Commercial Law, Australia @TechJust @franmusiani

Tatiana Nicolas TROPINA VON ZUR MÜHLEN Max Planck Institute for Foreign Max Planck Institute for Foreign and International Criminal Law, and International Criminal Law, Germany Germany @gap_the_mind

5

CONTENT

FEBRUARY 8 MARCH 12 APRIL 17 MAY 22 JUNE 27 JULY 32 AUGUST 37 SEPTEMBER 42 OCTOBER 47 NOVEMBER 52 DECEMBER 57

7 FEBRUARY

1. ACTA faces controversy 3. US Administration publishes in Europe over anti-piracy Privacy Bill of Rights white provisions paper The yet not ratified Anti-Counterfeiting Trade Agreement1 In an effort to strengthen consumer protection in the (ACTA) between 31 states encountered significant public Internet economy, the White House published a blueprint protest2 in Europe. As a reaction, the European Parlia- for a Privacy Bill of Rights16 on February 23, 2012. The ment rapporteur3 stepped down from office and several white paper suggests seven core principles17 and foresees European countries4 suspended their ratification process. to draft industry standards in a dialogue with stakehold- The European Commission asked the European Court of ers, which are likely to effect global privacy standards of Justice5 to rule on the legality of ACTA in the EU’s jurisdic- US based Internet platforms. These would be enforceable tion. Another international trade agreement, the Trans-Pa- by the Federal Trade Commission. In order to guarantee cific Partnership Agreement (TPPA), currently negotiated6 the “international interoperability” of privacy laws across between nine countries, will equally include provisions7 different jurisdictions, the proposed framework empha- against online piracy. sizes mutual recognition, multi-stakeholder dialogue and regulation through codes of conduct, as well as cross-bor- Read further: der enforcement cooperation. Parallel to the publication European Parliament: Public ACTA Discussion8 of the blueprint, two coalitions of Internet companies an- European Commission: 10 Myths about ACTA9 nounced the introduction of a “No Track” browser button Radio Netherlands Worldwide: Loosen up law, and standard privacy policies for mobile apps19. says Dutch government10 Read further: 2. Defamation trial to decide The White House: Obama Administration Unveils Blueprint whether Twitter is a publisher for a “Privacy Bill of Rights” to Protect Consumers Online20 in Australia’s jurisdiction The Washington Post: “Privacy bill of rights”: Advocacy groups, industry weigh in21 Twitter, incorporated in the US, is sued for the first The Economist: Online Privacy in America – Rights and time under Australian law for defamation11. The plaintiff Wrongs22 argues that Twitter is a publisher and therefore liable for retweets of an original tweet. The case recalls the Gutnick 4. US authorities seize foreign v. Dow Jones12 ruling of 2002, in which US based publisher .com gambling site registered Dow Jones was held liable for defamation of the Austra- lian businessman Joseph Gutnick under Australian law. in Canada via VeriSign Under US jurisdiction, Section 230 of the US Communica- After an indictment23 by prosecutors of the US state tions Decency Act guarantees online publishers immunity Maryland, the Department of Homeland Security shut of defamation charges for user-generated content. down the gambling website bodog.com, which was regis- tered with the Canadian registrar DomainClip and oper- Read further: ated by non-US citizens. The District Court of Maryland CNET: Is Twitter liable for defamation13 ordered VeriSign24, subject to US jurisdiction, to directly The Conversation: Will Marieke Hardy’s Twitter case take off the website from the .com root. change Australian law forever?14 Citizen Media Law Project: Immunity for Online Publish- ers Under the US Communications Decency Act15

8 Read further: 9. New phase of US “Operation EasyDNS: Verisign seizes.com domain registered via for- eign Registrar on behalf of US Authorities In Our Sites” domain seizures Michael Geist: All Your Internets Belong to US25 On February 2, 2012 the US Immigration and Custom Continued: The Bodog.com Case26 Enforcement (ICE) seized over 300 domains37 that were Wired: If it ends in.com, it’s seizable27 registered with registrars based in the US jurisdiction. It was the 10th phase of the “Operation In Our Sites” initia- 5. China adopts new tive. For the first time, ICE also took down .tv domains38. data protection rules Executed three days before the Super Bowl, the Opera- tion Fake Sweep aimed at websites selling counterfeit The Ministry of Industry and Information Technology merchandise and online streaming platforms. published the “Several Provisions on Regulating Market Orders of the Internet Information Services”28 that will 10. Google’s privacy policy become effective on March 15, 2012. The provisions fea- under scrutiny in EU and US ture stronger data protection standards. jurisdictions Read further: On February 2, 2012, the EU Article 29 Data Protection Huntington Privacy Blog: Chinese Ministry of Industry Working Party started investigating39 Google’s cross-plat- and Information Technology Issues New Data Protection form privacy policy changes under the lead of the French Regulations29 data protection authority CNIL. The preliminary conclu- Data Guidance: Law regulating IISPs’ data practices comes sions40 suggest that the changes do not comply with the into force in China30 EU Data Protection Directive. In the US, a bipartisan Con- gress group41 is equally reviewing the changes in Google’s 6. India asks web mail global Terms of Services that are issued for March 1, 2012. providers to route emails On February 8, 2012, the US NGO Electronic Privacy Infor- through Indian servers for mation Center sued the FTC42 before a federal US court in national security reasons an effort to halt Google’s privacy changes. The revelations that Google bypassed privacy browser settings in Safari In order to avoid multi-jurisdictional conflicts and bureau- and Internet Explorer43 are further fueling the debate. cratic requests for information, the Indian government decided to ask web mail providers, including foreign ones, 11. EU revises Directive to route emails through Indian servers31. The measures are on Intellectual Property motivated by the need to have real-time access to email accounts for reasons of counter-terrorism investigations. Right Enforcement The European Commission published a roadmap44 to 7. New anti-piracy laws review the Intellectual Property Right Enforcement Direc- discussed in Canada tive (IPRED) that could enter into force by September and Ireland 2012. The existing Directive is deemed insufficient to address online challenges. A particular focus is put on the The Canadian copyright reform Bill C-1132 would allow identification of infringers. to block both Canadian and foreign websites containing copyright infringing material. New copyright provisions 12. Taiwan enforces local are also discussed in Ireland33. They could potentially have consumer protection law particular implications for major Internet companies34, such as Facebook, Google and Twitter, as their interna- on Android Market tional headquarters on the island are subject to Irish Google lost an appeal against a fine of ca. 33.000 USD is- jurisdiction. sued by the Taipei City government. The refund period of 15 minutes, as stipulated by the Android Market’s global 8. Industry study claims that Terms of Services, does not comply45 with the consumer jurisdictions in APAC region protection law of the Taiwanese jurisdiction, which fore- are yet not ready for cloud sees a seven-days trial period. computing 13. British authorities seize A study of the Business Software Alliance35 analyzed the .com registered music blog legal and regulatory environments in 24 jurisdictions, 46 which account for 80 percent of the global ICT market. The UK’s Serious Organized Crime Agency took down The result is summarized in a scorecard that seeks to mea- the website RnBXclusive that provided copyright-infring- sure and rank the preparedness for cross-border cloud ing music downloads. The music blog was registered un- 47 services. The study concludes that APAC countries are the der the .com domain , managed by the registrar VeriSign least cloud-ready36. that is located in the US jurisdiction.

9 14. European Court of Justice 2012 could lead to the ISP blockade53 of the website in the ruled against mandatory UK. In , a court ordered the ISP Elisa in October 2012 to block the website. Now, a Finnish citizen chal- content filtering on social lenged the block of The Pirate Bay54 before court, arguing networks it would prevent legal filesharing as a collateral damage. The EU’s top court ruled that48 preventive monitoring of copyright infringing material on the servers of social 18. First cc-TLD migration networks operators in the European jurisdiction would case on Twitter infringe the EU’s personal data management standards49, Brazil seems to be the first country55 filing an injunc- as laid out in the E-Commerce Directive. tion against Twitter based on its new cc-TLD migration scheme. In order to comply with the Brazilian jurisdiction, 15. “Google Tax” bill might Twitter is asked to filter warning alters of police road- be reintroduced in France blocks, radar traps and drunk-driving checkpoints. The proposition to tax online platforms, which are incor- porated in foreign jurisdictions, but generate revenues 19. Australian court gives with French Internet users, might soon be reintroduced in green light for recording TV France. A preparatory colloquium on “digital taxation”50 in the cloud was organized at the French Senate on February 14, 2012. The Australian Federal Court ruled on February 1, 2012 16. Proposed bill in Kentucky that cloud service provider Optus’ App “TV Now”, which allows users to record TV programs in the cloud56 and would declare the act of view them later on their mobile devices, is not infringing viewing pedophilia on the copyright legislation. Internet illegal The House Judiciary Committee of the US state Kentucky 20. Spanish business sues passed on February 15, 2012 a bill that seeks to punish Google over reputation people who access pedophilia hosted on domains and damaging search results servers outside the US jurisdiction51 without explicitly A Spanish camping ground filed a civil lawsuit under the downloading and storing the material on their computer. Spanish “right to be forgotten” against Google Spain57 The House Bill 126 would therefore declare the act of for moral damages and an injunction to stop showing viewing pedophilia on a computer screen illegal. certain search results. A Google search for the business shows pictures of a horrible accident that occurred on 17. ISP BLOCKING OF THE PIRATE its camping ground in 1978. The plaintiff lost the case in BAY IN THE UK AND FINLAND the Spanish jurisdiction58, since Google Search belongs to The High Court of England and Wales decided in a pre- Google Inc., incorporated on US territory, and not to its liminary ruling52 that The Pirate Bay unlawfully shared Spanish subsidiary. copyrighted material. Its final decision expected for June

REFERENCES

1 The Atlantic (6.2.2012). Why 5 ZDNet (22.2.2012). ACTA to 9 European Commission 13 CNET (20.2.2012). Is Twit- an international trade agree- be examined by top EU court. (27.1.2012). 10 myths about ter liable for defamation? ment could be as bad as SOPA. ACTA. 6 Arstechnica (2.2.2012). 14 The Conversation 2 The New York Times Beyond ACTA: Next secret 10 Radio Netherlands World- (17.12.2012). Will Marieke (5.2.2012). A new question of copyright agreement negoti- wide (13.2.2012). Loosen up Hardy’s Twitter case change internet freedom. ated this week in Hollywood. copyright law, says Dutch Australian law for ever? government. 3 BBC News (27.2.2012). Eu- 7 Forbes (2.1.2012). The TPP is 15 Digital Media Law Project ropean parliament rapporteur the next battleground in the 11 The Age (17.2.2012). Twitter (18.2.2011). Immunity for quits in ACTA protest. war over the internet. sued over Hardy tweet. online publishers under the communications decency act. 4 ZDNet (18.2.2012). Poland’s 8 European Parliament 12 Wikipedia (2.12.2013). Dow Tusk gores ACTA. (4.7.2012). ACTA before the Jones & Co. Inc v Gutnick. 16 The White House European Parliament. (23.2.2012). Consumer data

10 privacy in a networked world: the US, continued: The Bog- merchandise and seize 307 47 Techdirt (14.2.2012). UK A framework for protecting dog.com case. websites during ‘Operation now seizing music blogs (with privacy and promoting in- Fake Sweep’ Michigan man American domains ) over novation in the global digital 27 Wired (3.6.2012). Uncle also arrested for criminal copyright claims. economy. Sam: If it ends in .com, it’s. , oper- seizable. ated websites that distributed 48 European Court of Justice 17 Arstechnica (23.2.2012). copyrighted sporting events. (16.2.2012). Scarlet/SABAM White House announces new 28 Government of China case. privacy “Bill of Rights,” Do Not (29.12.2011). Certain provisions 38 TorrentFreak (2.2.2012). Track agreement. regulate the internet informa- FEDS seize sports streaming 49 EDRi (16.2.2012). SABAM tion service market order. domains in new super bowl vs Netlog – another important 18 The Wall Street Journal crackdown. ruling for fundamental rights. (23.2.2012). Web firms adopt 29 Hunton Privacy Blog ‘Do Not Track’ Button. (3.2.2012). Chinese ministry 39 The New York Times 50 Le Monde (13.2.2012). of industry and information (3.2.2012). E.U. Presses Google Fiscalité d’Internet : le retour 19 The Washington Post technology issues new data to delay privacy policy de la “taxe Google”. (22.2.2012). Apple, Google, protection regulations. changes. Amazon agree to post mobile 51 Courier-journal.com app privacy policies. 30 Data Guidance (9.2.2012) 40 CNIL (28.2.2012). Google’s (16.2.2012). Kentucky house China: Law regulating IISPs’ new privacy policy raises deep committee passes child porn 20 The White House data practices comes into concerns about data protec- law. (23.2.2012). We can’t wait: force. tion and the respect of the Obama administration unveils European law. 52 Bailii (20.2.2012). Dra- blueprint for a “Privacy Bill of 31 The Times of India matico Entertainment Ltd & Rights” to protect consumers (21.2.2012). Govt to ask Yahoo, 41 Search Engine Watch Ors v British Sky Broadcasting online. Gmail to route all mails (1.2.2012). Google to talk pri- Ltd & Ors. through servers in India vacy policy with Congress. 21 The Washington Post 53 (20.2.2012). (23.2.2012). ‘Privacy bill of 32 Thestar.com (5.2.2012). 42 ZDNet (8.2.2012). EPIC The Pirate Bay could be rights’: Advocacy groups, Canada’s overhaul of copyright sues FTC to stop Google; blocked in UK. industry weigh in. law could take on a SOPA search giant says groups wrong flavor. on facts, law. 54 Torrent Freak (20.2.2012). 22 The Economist (23.2.2012). Pirate Bay ISP block chal- Online privacy in America: 33 Silicon Republic 43 The Washington Post lenged for censoring lawful Rights and wrongs. (30.1.2012). Ireland’s SOPA: (17.2.2012). Microsoft, others content. could a new Copyright Act be hit back at Google for privacy 23 The Globe and Mail the way forward? hack. 55 ABC News (20.2.2012). (28.2.2012). Billionaire Cana- Brazil brings injunction on dian accused of running illegal 34 Silicon Republic (3.2.2012). 44 European Commission Twitter. gambling site. ISPs speak out against legal (2.8.2013). The directive on the change dubbed ‘Irish SOPA’. enforcement of intellectual 56 ITNews (1.2.2012). Optus 24 The Register (1.3.2012). US property rights. wins copyright case over shuts down Canadian gambling 35 The Software Alliance cloud service. site with Verisign’s help. (3.2.2012). Global cloud com- 45 The Times of India puting scorecard. (3.2.2012). Google’s Android 57 Arstechnica (27.2.2012). 25 Easy DNS (29.2.2012). Market. Spain asks: If Google search Verisign seizes .com domain 36 ZDNet (22.2.2012). BSA: results make your business registered via foreign Registrar APAC not cloud-ready yet. 46 ZDNet (15.2.2012). Police look bad, can you sue? on behalf of US authorities. threaten RnBXclusive music 37 ICE (2.2.2012). Special downloaders with jail. 58 ISP Liability (27.2.2012). 26 Michael Geist (6.3.2012). agents and officers seize more Google Spain wins lawsuit over All your internets belong to than $4.8 million in fake NFL the “right to be forgotten”.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ 11 retrospect/2012-february-references MARCH

1. ISPs and content hosts suggested autocomplete terms. Google is currently re- viewing the order and did not yet comply9. The search could serve as liaison in engine currently filters automatic suggestions related online defamation cases in to pornography, violence, swear-words and potential the British jurisdiction copyright infringements, but not yet results related to Responding to the propositions for the reform of the personal defamation10. Defamation Act1 that was put forth by a joint parliamen- tary committee, the UK Ministry of Justice retained the Read further: suggestion to create an intermediary dispute resolution The Japan Times: Google ordered to delete terms from mechanism at the level of ISPs and content hosts to autocomplete11 resolve libel cases before they go to court. Intermediaries Mashable: Google: Japanese court didn’t ban all search could serve as liaison between conflicting parties to ex- suggestions12 change points of views to find a solution. As a next step, Information Week: Google ordered to delete defamatory the UK Government will consult on a potential frame- autocompletions13 work2 for the updated Defamation Act. The proposed mechanism could reduce the number of libel complaints 3. Madrid appeals to European before British courts and reduce the direct liability pres- Court of Justice to clarify sure on intermediaries for user-generated content. whether Google must comply with Spanish right to be Read further: forgotten Out-Law: ISPs could act as ‘liaison’ in online defamation disputes, Government announces3 The Audiencia Nacional, Spain’s national court, asked the UK Ministry of Justice: Governance Response to the Draft European Court of Justice to clarify if Google has to com- Defamation Bill4 ply with requests from Spanish citizens14 to have links to Tom McNelly, UK Minister of Justice: Reform of the Law personal data removed from its search engine’s index and of Defamation5 its news aggregation side. The case dates back to early 2011 when Spanish data protection authorities demanded 2. Japanese court orders Google to remove ca. 100 references from its platforms. Google to change its This is the first time, a court in the EU jurisdiction raised this issue before the highest court in Luxembourg. The autocomplete feature in Spanish judges moreover asked Europe’s top court wheth- Japanese jurisdiction er Spanish citizens need to file their complaints against On March 19, 2012 the Tokyo District court has ordered Google within the jurisdiction they are subject to, or in Google Inc.6, incorporated in the US, to change its auto- the US jurisdiction where Google is incorporated. The complete feature so that it does not show defamatory case is considered to be influential for the current “right results or results that breach the privacy of Japanese to be forgotten” reform of the European Commission15. citizens. Google.Inc responded7 to the order that its US headquarters are not subject to the Japanese jurisdiction and that, according to its in-house privacy policy, the case in question would not warrant8deleting automatically

12 Read further: port their entire address book into Facebook. Moreover, PC World: Spain seeks jurisdiction guidance from EU for concerning the ownership of uploaded data on Facebook, Google privacy complaints16 the court stressed that Facebook could only use the data ISP Liability: Spain asks the ECJ whether Google must of German users with their consent. Facebook could be delete links to personal data17 fined up to 250.000 Euro for non-compliance. The judg- Audiencia Nacional: Court order referring the case to the ment is yet not legally valid. ECJ (In Spanish)18 Read further: 4. US Federal Trade Regional Court Berlin: Ruling of German Consumer As- Commission calls for law sociation v. Facebook Ireland Ltd. (In German)29 to protect consumer privacy ZDNet: Facebook loses Friend Finder ruling in Germany30 Gigaom: Facebook hasn’t fixed Friend Finder, says German online in the American 31 jurisdiction group In a report19 published on March 26, 2012 the Federal 6. Brazilian draft copyright Trade Commission (FTC) calls upon the US Congress to bill would allow taking put forth a “baseline privacy legislation”20 that would pro- down infringing websites tect the personal data of consumers. The report proposes directed towards Brazil a law21 that would give consumers the right to access and dispute both personal and financial data that is collected A bill proposed by Walter Feldman in the National and sold by data brokers without their permission. More- Congress of Brazil would allow to block websites with over, the report emphasized the need for a do-not-track copyright infringing content if the website is “directed button. Supplementing the White House’s white paper to Brazil” and if its “operator or owner is committing or on a Privacy Bill of Rights that was published in Febru- aiding copyright violations under local legislation”32. NIC. ary 2012, the FTC report further increases the likelihood br, the national authority that manages the registration of prescriptive basic rules for privacy and personal data of domain names that end with.br and the allocation of protection in the US jurisdiction22, despite current efforts IP addresses, should have the power to decide if a site to negotiate industry codes of conducts under the lead infringes copyright, according to the draft. ISP blockades, of the FTC and the Department of Commerce. The FTC re- de-indexing from search engines, or forced payment and port is likely to influence the direction of data protection advertisement blockades are suggested as remedies to outside the US jurisdiction, too.23 fight infringements.

Read further: 7. Irish Supreme Court: No Federal Trade Commission: Protecting consumer privacy jurisdiction in internet in an era of rapid change: Recommendations for busi- defamation cases involving nesses and policymakers24 UK online publication Center for Democracy & Technology: FTC once again says privacy self-regulation isn’t enough25 The Irish Supreme Court ruled33 on March 15, 2012 that an The Atlantic: The philosopher whose fingerprints are all Irish court cannot judge a libel case against an online or over the FTC’s new approach to privacy26 print publication incorporated in the UK. The plaintiff had argued34 that the defamatory photo of him in question, 5. German regional court which was published in 2003 both online and in the print rules Facebook’s Friend Finder edition of the British Daily Mirror, was viewable Ireland violates German law, requires and therefore subject to Irish Jurisdiction. change of Terms of Services 8. Dual standards for new The Regional Court of Berlin ruled on March 6, 2012 that data protection regulation Facebook’s Friend Finder and its its Terms of Services vio- in the Philippine jurisdiction late German privacy and data protection law and ordered Facebook to change its Terms of Services to comply with On March 20, 2012 the Senate of the Philippines approved 35 the rules of the German jurisdiction27. The case against the Data Privacy Act that will impose a privacy regime Facebook’s international headquarter, incorporated in modeled on the EU Data Protection Directive. The law Ireland, was brought before the German court by the Ger- will protect the processing of personal data of Philippine man Federal Consumer Association28 (Verbraucherzentrale residents, but not apply to the domestic processing of Bundesverband) in 2010. Even though Facebook adjusted personal data collected in foreign jurisdictions in order to the workings of Friend Finder in anticipation of the ruling, protect the Philippine outsourcing industry. the judge deemed the changes insufficient. The court stated that Facebook needs to inform users living in the German jurisdiction that by using Friend Finder, they im-

13 9. US ISPs are going to 13. Brazilian court orders launch anti-piracy graduate Google to exclude sites that response scheme in July 2012 retransmit live TV Comcast, Cablevision, Verizon, Time Warner Cable and Globo TV, Brazil’s largest broadcast company, got an other US ISPs have agreed to launch a graduated response injunction from the Civil Court of Sao Paolo ordering system to fight online copyright infringement36 on July 1, Google search to exclude links to websites that retrans- 2012. The initiative was the results of talks with copyright mit its live TV signal unauthorized via the Internet.40 holders and the White House. Possible penalties would be Taking actions against the infringing websites themselves throttling the user’s bandwidth or suspending the user’s has been very difficult for the lawyers of the broadcaster, Internet access until he agrees to stop online piracy. since they are incorporated in foreign jurisdictions and change their host provider regularly. 10. Australia thinking about the choice of law 14. European Parliament draft conundrum for digital law plans to criminalize trans-border interactions hacking in EU jurisdiction On March 22, 2012 the Australian Government released A draft bill in the European Parliament41 presented on a discussion paper37 on the scope of the planned reform March 27, 2012 would make cyberattacks a criminal of Australian contract law. The paper acknowledges that offense within the European jurisdiction. The law that in many trans-border internet transactions, it is unclear would harmonize measurements in different EU jurisdic- which jurisdiction applies and calls for contributions until tions is directed against attacks on websites, networks July 22, 2012. or databases, and the interference with or interception of data42. It proposes sentences of at least two years in 11. Singapore plans to prison. introduce first overarching data protection regime 15. Groupon ordered to comply with consumer Singapore’s government is proposing the Personal Data protection standards in Protection Bill that would create the first data protection regime in its jurisdiction.38 The draft bill provides rules for British jurisdiction electronic and non-electronic data collection, processing The British subsidiary of Groupon has been ordered by and storage. Companies in foreign jurisdictions that are the Office of Faire Trading43, the British consumer protec- collecting or processing personal data with a “Singapore tion watchdog, on March 16, 2012 to comply with con- link”, would need to comply with the law of Singapore’s sumer regulations of the British jurisdiction. The company jurisdiction. A “link” exists if data is being either located has three months to implement changes in its practices on Singapore’s territory or belongs to a resident of Singa- and Terms of Service44 before it faces legal actions. pore. 16. Belorussian online 12. Swiss cyberlocker fraudster sentenced in US RapidShare declared legal jurisdiction to prison in German jurisdiction if it A Belorussian citizen was caught in the Czech Republic on monitors external links to request of US authorities and subsequently extradited to stored pirated content the US to be sentenced to 33 months of prison45 by the US The German regional court of Hamburg ruled that Rap- District Court of Southern New York. The cybercriminal idShare, a service company incorporated in in Lithuania launched the Russian-language callservice Switzerland, is operating legally in the German jurisdic- .biz, using a US-based TLD, in 2007 to sell English- and tion39. RapidShare does not need to proactively filter its German-speaking “stand-ins” to criminals who intend to user uploads to prevent copyright infringements, but is circumvent bank security screening measures, including required to monitor external websites for incoming links those of US banks, to verify the identify of the account to infringing content on its servers and delete the pirated holder. files in question.

14 17. Indian court orders 387 19. New gTLDs: How and Indian ISPs to block 104 piracy Under what jurisdiction will websites .pharmacy be regulated? A court in Calcutta has ordered all 387 Indian ISPs to The US based trade group National Association of Boards block 104 websites against which the Indian Music In- of Pharmacy50 (NABP) has filed an application for .phar- dustry has filed a lawsuit for copyright infringements.46 macy with ICANN51 to create a secure space to purchase All 104 sites47 contained at least some infringing content. drugs online. The NABP, which accuses a small number The court allows the ISPs to choose between DNS block- of domain name registrars in foreign jurisdictions of not ing, IP address blocking or URL blocking with deep packet doing enough to prevent the sale of counterfeit pharma- inspection to implement the order. ceutical products online, will control itself that operators of .pharmacy domains are legitimate and licensed. The 18. UK parliamentary report NABP’s Verified Internet Pharmacy Practice Sites scheme, calls for law to enforce currently used on websites, only accredits pharmacies British privacy injunctions on located in the US and its territories, as well as eight Cana- the Internet dian provinces, Australia and New Zealand.52 A joint parliamentary committee of the British Parlia- 20. The Pirate Bay announces ment is demanding the government to introduce a law plans for servers on low- that would allow to force search engines like Google, orbit drones and submarines social networks and other websites to remove certain content48 if a court ruled that the results are breach- to escape territorial ing the privacy of a British resident. The commission jurisdictions cited the cases49 of Max Mosley, who had to spend over Facing various legal challenges for copyright infringe- 500.000 GPB to remove a defamatory video in 23 differ- ments in different jurisdictions, The Pirate Bay is thinking ent jurisdictions, and Ryan Giggs, whose details of a super about how to escape the reach of territorial jurisdictions. injunction were re-tweeted 75.000 times. The link hosting site announced on its blog the ideas to install its servers on low-orbit drones53 (not feasible ac- cording to the Guardian54) or on submarines55.

REFERENCES

1 Guardian (5.3.2012). Another 7 ZDNet (26.3.2012). Japanese 12 Mashable (31.3.2012). 17 ISP Liability (2.3.2012). step forward for libel reform. court challenges Google over Google: Japanese court didn’t Spain asks the ECJ whether ‘autocomplete’ results. ban all our search suggestions. Google must delete links to 2 Matthew Arnold and Bald- personal data. win (30.03.2012). Government 8 Japan Times (26.3.2012). 13 Information Week proposes intermediary role for Google ordered to delete (26.3.2012). Google ordered to 18 Poder Judicial (2.3.2012). ISPs in new Defamation Bill. terms from autocomplete. delete defamatory autocom- Audiencia nacional. pletions. 3 Out-Law (30.4.2012). Online 9 BBC (26.3.2012). Google 19 Federal Trade Commission defamation disputes. ordered to change autocom- 14 Reuters (2.3.2012). Spain (26.3.2012). FTC issues final plete function in Japan. refers Google privacy com- commission report on pro- 4 UK Parliament (10.3.2012). plaints to EU’s top court. tecting consumer privacy. Defamation: Draft bill. 10 The Register (26.3.2012). Google asked to bin auto- 15 ZDNet (5.3.2012). Spain 20 The Washington Post 5 U.K. Government complete results for Japanese sends right-to-be-forgotten (27.3.2012). FTC seeks laws (15.3.2012). Westminster legal man’s name. Google case to ECJ. to give consumers access policy forum: reform of the to information held by data law of defamation. 11 Japan Times (26.3.2012). 16 PC World (5.3.2012). Spain brokers. Google ordered to delete seeks jurisdiction guidance 6 CNet (27.3.2012). Japanese terms from autocomplete. from EU for google privacy 21 USA Today (27.3.2012). FTC court besmirches Google’s Complaints. calls for laws to protect con- autocomplete feature. sumer privacy on Internet.

15 22 PC World (31.3.2012). Will 30 ZDNet (6.3.2012). Face- 40 Mercado (23.2.2012). TJ 49 International Business it take a law to protect online book loses friend finder ruling manda Google excluir site que Times (27.3.2012). Google, privacy? in Germany. transmite a Globo. Twitter and others must cen- sor content, says MPs. 23 Data Guidance (30.3.2012). 31 Gigaom (8.3.2012). Face- 41 European Parliament FTC final report calls for ‘base- book hasn’t fixed friend finder, (27.3.2012). Hacking IT systems 50 NABP. (27.3.2012) line privacy legislation’. says German group. to become a criminal offence. 51 gTLD Strategy (24.3.2012). 24 Federal Trade Commis- 32 Entertainment Law Brazil 42 ZDNet (28.3.2012). Europe- Stamping out illegal prescrip- sion (26.3.2012). Protecting (9.3.2012). The Brazilian SOPA: wide draft law seeks to crimi- tion drugs, one innovative new consumer privacy in an era Content creators and owners nalise hacking. gTLD at a time. of rapid change: Recommen- have not forgotten. dations for businesses and 43 Office of Fair Trading 52 The Register (26.3.2012). policymakers. 33 Irish Supreme Court (16.3.2012). Groupon to change Dot Pharmacy: New web (15.3.2012). Coleman -v- MGN practices following OFT ac- weapon in war on duff drug 25 Center for Democracy & Limited. tion. peddlers. Technology (27.3.2012). FTC once again says privacy self- 34 The Irish Times (16.3.2012.). 44 Gigaom (16.3.2012). Grou- 53 Wired (19.3.2012). The regulation isn’t enough. Internet defamation cases. pon UK told to clean up after Pirate Bay plans low-orbit record complaints server drones to escape legal 26 The Atlantic 35 Privacy and Security Law jurisdiction. (29.3.2012). The philosopher (22.3.2012). Philippines passes 45 Arstechnica (24.3.2012). whose fingerprints are all over omnibus data protection law. Rent-a-fraudster website 54 The Guardian (20.3.2012). the FTC’s new approach to operator gets nearly 3 years in Think The Pirate Bay will put privacy 36 CNet (16.3.2012). RIAA prison. its servers on drones? Dream chief: ISPs to start policing on. 27 PC World (7.3.2012). Face- copyright by July 1. 46 Arstechnica (15.3.2012). book loses german privacy SOPA masala: 387 Indian 55 CNet (1.4.2012). Pirate Bay lawsuit over friend finder, 37 Government of Australia ISPs must block 104 piratical to launch own submarine to personal data. (24.3.2012). Improving Austra- websites. host servers off-shore. lia’s law and justice framework. 28 VZB (6.3.2012). vzbv ge- 47 MediaNama (15.3.2012). winnt Klage gegen Facebook. 38 Out-Law (20.3.2012). Plans List of 104 music sites that the (In German) to introduce first overarch- indian music industry wants ing data protection regime in blocked. 29 Regional Court Berlin Singapore. (6.3.2012). Ruling of german 48 The Guardian (27.3.2012). consumer association v. face- 39 Torrent Freak (27.3.2012). Google should be forced to book ireland ltd. (In German) Rapidshare declared legal in censor search results, say MPs. court, with a twist.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ 16 retrospect/2012-march-references APRIL

1. YouTube ordered to stop cyberthreats with US authorities “notwithstanding any copyright infringements other provision of law”. It ha s been pointed out that CISPA would allow US based Internet platforms and ser- committed by users in German vices to intercept and report communications of foreign jurisdiction users10 as well. On April 20, 2012, the State Court of Hamburg ordered1 Google’s video platform YouTube to take down seven vid- Read further: eos2 that infringe German . Google is expected US Library of Congress: H.R. 3523 Cyber Intelligence Shar- to appeal the ruling that constitutes a victory for Ger- ing and Protection Act11 many’s royalty collector GEMA, which seeks to negotiate Electronic Frontier Foundation: The Impending Cyberse- a new contract with YouTube since 2009. The State Court curity Power Grab – It’s not just for the United States12 ruled that YouTube is not generally liable for user-gener- TechnoLama: CISPA is a threat to the world13 ated content on its platform. Currently, copyright holders can “flag” a video to notify YouTube about a copyright in- 3. German Facebook users fringement and ask to delete the content in question. The force a rewrite of the judge ruled that YouTube is however obliged to develop a platform’s proposed new system in the German jurisdiction to filter3 newly upload- Terms of Use ed versions of videos that have already been flagged. German Facebook users forced Facebook14 to propose a Read further: new version of its new “Statement of Rights and Respon- GigaOM: Inside YouTube’s complex, crazy German sibilities” (SRR) by leaving comments on the page “Face- 15 court defeat4 book Site Governance“ . According to Article 14(3) of the New York Times: Google Ordered to Stop Copyright Vio- SRR, any change proposition that encounters over 7000 lations on YouTube5 substantive comments will be reworked to provide an Spiegel: “We don’t want to sue, we want a contract” Inter- alternative text for users to vote on. Whereas the English 16 view with GEMA Head6 version of the new SRR had less than 300 comments, the German version17 attracted over 13.000 critical remarks. 2. Cybersecurity bill CISPA This is already the second time18 that users in the German would allow US companies to jurisdiction provoke a rewrite of the platform’s SRR. share user communications Read further: with authorities ZDNet: Facebook tweaks terms of use based on feedback, The controversial Cyber Intelligence Sharing and Protec- asks for more19 tion Act (CISPA) was passed in the US Congress7 on April Data Protection Authority of Schleswig Holstein: Consum- 26, 2102, despite a formal veto threat8 by the White er and data protection authorities in Schleswig-Holstein House on grounds of its effects on privacy and civil recommend objecting new Facebook terms (in German)20 liberties. The bill that is supported by several major US German Data Protection Authorities: Data protection companies9 would allow businesses incorporated in the requirements for Facebook and other social networks US jurisdiction to voluntarily monitor and share personal according to German Data Protection Authorities (in Ger- communication data of its users related to potential man)21

17 4. Council of Europe adopts 6. Election reporting rules Human Rights framework for were not respected online in search engines and social French jurisdiction networks French election rules forbid the publishing of voting data The Committee of Ministers of the Council of Europe, a before 8 pm35 on the day of the vote. Relevant informa- regional organization representing 47 states, adopted two tion was however available on April 22, 2012 on foreign recommendations on April 4, 2102 to uphold fundamental websites and online platforms such as Twitter before the human rights22, such as freedom of expression, freedom of deadline. Despite a public debate about the inefficiency association and access to information, on search engines of the regulation, the French state prosecutor plans to file and social networking services. The recommendations call lawsuits against individuals and media outlets36. upon the member states to develop and promote coher- ent strategies in their jurisdictions for online services, 7. White House asks Congress in accordance with the Convention for the Protection for new legislation to target of Human Rights and Fundamental Freedoms23 and the offshore piracy websites Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. 24 After the heated debate about the (SOPA) and the Protect IP Act (PIPA), the White House’s Read further: Intellectual Property Enforcement Coordinator called 37 European Digital Rights: New CoE recommendations for upon the US Congress to develop new “legislative and human rights in Internet services25 non-legislative tools” to address copyright infringement Council of Europe: Recommendation CM/Rec(2012)3 of on foreign websites. the Committee of Ministers to member States on the pro- tection of human rights with regard to search engines26 8. Google liable for Council of Europe: Recommendation CM/Rec(2012)4 of misleading search ads in the Committee of Ministers to member States on the pro- Australian jurisdiction tection of human rights with regard to social networking A federal Australian court ruled that Google infringed services27 Australian trading laws and acted in “misleading and deceptive” behavior by displaying paid-for advertisement 5. UK government plans search results38 along with normal results. The court over- legislation to monitor ruled a previous decision in Google’s favor that stated the online communication data search engine was only communicating representations in British jurisdiction made by the advertisers. The UK government plans to introduce28 a new legislation that would allow police and intelligence services to have 9. UNCITRAL explores real-time access to a database of online activities in the development of global British jurisdiction. ISPs will be obliged to gather this data. online dispute resolution Moreover, it is likely that “Internet firms”, including social system for e-commerce networks and search engines29, which are often incorpo- Faced with a patchwork of different jurisdiction that rated in foreign jurisdictions, could be also required to makes it difficult to deal consistently with smaller cross- cooperate with British authorities and provide relevant border transactions, the United Nations Commission on user data. The proposed law will be officially announced International Trade Law (UNCITRAL) is exploring the cre- by the Queen’s speech30 on May 9, 2012. Experts judge ation of an online dispute resolution system39 to provide a that the new legislation might be challenged by existing global platform for e-commerce disputes. privacy and data protection laws of the European Union31.

Read further: 10. Russia investigates to what The Guardian: Tim Berners-Lee urges government to stop extent ISPs are responsible for the snooping bill32 copyright infringements of The Register: UK net super-snooping clashes with Euro its customers privacy law33 According to the cyber-crime department of the Russian The Age: Critics blast UK plans for more snooping, se- Interior Ministry, authorities are in the process of inves- crecy34 tigating to what extent ISPs are responsible for online copyright infringements of Internet users40 in the Russian jurisdiction. The report of the audit and corresponding prosecutions against Russian ISPs are awaited for May 2012.

18 11. European Court of Justice 15. European Data Protectors says that ISPs can lawfully demand pseudonymisation identify pirating customers processing in EU jurisdiction Appealed by a Swedish court, the European Court of The EU Article 29 Working Party, which consists of rep- Justice decided in an interpretation that there are no legal resentatives from national Data Protection Authorities in barriers for ISPs to share the personal data of customers41 the EU, recommends the introduction of the concept of who infringe copyrights online with the respective rights “pseudonymisation” of personal data47, “where feasible holders, if the latter want to prosecute the users in ques- and proportionate according to the purpose of process- tion before a court. ing”, in the General Data Protection Regulation proposed by the European Commission. The principle could be 12. Foreign nationals introduced as a general rule for data processing in the committing human rights European jurisdiction and in the context of “data protec- abuses with Internet tion by design and default”. technology can be 16. Five of six remaining sanctioned under US defendants in Indian jurisdiction offensive content trial are US President Obama issued an executive order on April not incorporated in Indian 23, 2012 that allows US officials to impose sanctions on jurisdiction foreign nationals and companies that facilitated or com- mitted human rights abuses42 with new technologies such The number of defendants in the trial against online plat- as Internet monitoring. forms that host offending content before a Delhi court decreased from 22 to six, after Google India was cleared 13. Safe Harbor regime: US of charges48 as it does not actively operate social net- Appeals Court pronounced an working sites. Of the remaining six entities, only Facebook opinion in Viacom vs. YouTube India is incorporated in the Indian jurisdiction. The other five accused online platforms are Facebook US, Google trial Inc., Orkut, YouTube and Blogspot. In an influential case43 that questions the limits of the safe harbor principle, thus a platform’s liability for user-gener- 17. Facebook’s international ated content that infringes copyrights, the Second Circuit headquarters misses deadline Court judged that a 2010 decision in YouTube’s favor by to implement privacy a lower court was a mistake and sent the case back for a changes after audit in Irish second ruling44. Among the plaintiffs are also companies incorporated outside of the US jurisdiction, such as the jurisdiction English and Scottish Premier League and the French Tennis Facebook missed the deadline on March 31, 2012 to imple- Federation. ment the 22 changes to its privacy policy49 as stipulated by an audit of the Irish Data Protection Authority. Face- 14. ’s hosting book’s international branch is incorporated in Dublin, Ire- company Carpathia might be land and therefore subject to the Irish jurisdiction. There partly liable for copyright are however no penalties or consequences connected to infringements the breach of the deadline. It is still unclear if Megaupload users in the US and other 18. British ISPs ordered to jurisdictions45 will be able to re-access lawfully stored block Swedish website The content on the servers of US company Carpathia that Pirate Bay was seized by the US in January 2012 in the course of a criminal copyright trial. The attorney representing the The British High Court has ordered five ISPs to block US government evoked that Carpathia might be partly the website The Pirate Bay50 that is registered under the responsible for Megaupload’s copyright infringements46 as Swedish Top-Level Domain .se. The Pirate Bay does not its data host and could face a civil lawsuit. host copyright-infringing files itself but links to “torrents” that can be shared via peer-to-peer clients. Similar orders were previously issued in Finland, the Netherlands51 and Belgium52.

19 19. Foreign nationals could 20. US State Arizona was short be sued in Canada for online of declaring trolling on defamation if content the Internet a crime in its is accessible in Canadian jurisdiction jurisdiction The legislative houses of the US State Arizona passed According to new guidelines set forth by the Canadian Su- an updated version of a telephone anti-stalking bill that preme Court, Canadian nationals should in theory be able would have declared the act of annoying and offending to file a lawsuit against foreign nationals in the Canadian persons on the Internet a crime in Arizona’s jurisdiction54. jurisdiction for online defamation, if the information pub- Thought the wording “annoy or offend” has been deleted lished on the Internet can be accessed and downloaded in in a recent amendment55 to the bill, it exemplifies pro- a Canadian province53. portionality and extraterritoriality problems of updating existing communication laws to online communication in a jurisdiction.

REFERENCES

1 Justizportal Hamburg 9 U.S. House of Representa- 18 The Verge (24.3.2012). 24 Council of Europe (20.4.2012). Urheberrechtliche tives (25.4.2012). Letters of Facebook reviewing user re- (28.1.1981). Convention for the pflichten eines cideoportalbe- support. sponse to rights and responsi- protection of individuals with treibers - Urteil im rechtsstreit bilities changes. regard to automatic process- GEMA gegen YouTube vor 10 Foreign Policy (27.4.2012). ing of personal data. dem landgericht Hamburg. America needs to stop preach- 19 ZDNet (20.4.2012). Face- ing civil liberties abroad while book tweaks terms of use 25 EDRI (4.4.2012). COE 2 Deutsche Welle (21.4.2012). passing privacy-destroying based on feedback, asks for Recommendations for search German court case fails to bills at home. more. engines and social networks. settle YouTube copyright controversy. 11 The Library of Congress 20 Data Protection Author- 26 Council of Europe (7.5.2012). Bill summary & ity of Schleswig Holstein (4.4.2012). Recommendation 3 The Washington Post status 112th congress (2011 - (27.4.2012). Consumer and CM/Rec(2012)3 of the com- (20.4.2012). German court to 2012) H.R.3523. data protection authorities in mittee of ministers to mem- rule on YouTube’s responsibil- Schleswig-Holstein recom- ber states on the protection ity for videos uploaded by 12 Electronic Frontier mend objecting new Facebook of human rights with regard to users. Foundation (18.4.2012). The Im- terms (in German). search engines pending cybersecurity power 4 Gigaom (23.4.2012). Inside grab – It’s not just for the 21 German Data Protection 27 Council of Europe YouTube’s complex, crazy Ger- United States. Authorities (4.4.2012). Data (4.4.2012). Recommendation man court defeat. protection requirements for CM/Rec(2012)4 of the Com- 13 Techno Llama (4.4.2012). Facebook and other social mittee of Ministers to mem- 5 The New York Times CISPA is a threat to the world. networks according to Ger- ber States on the protection (20.4.2012). Google ordered to man Data Protection Authori- of human rights with regard to stop copyright violations on 14 Zeit (28.4.2012). Facebook ties (in German). social networking services. YouTube. will Gewinne maximieren - alles daneben ist egal. 22 Council of Europe 28 The Guardian (1.4.2012). 6 Spiegel (23.4.2012). German (5.4.2012). Council of Europe Government plans increased court ruling against youtube: 15 Facebook (4.4.2012). Face- adopts recommendations email and social network ‘we don’t want to sue, we book site governance. to protect human rights on surveillance. want a contract’. search engines and social 16 Facebook (20.4.2012). platforms. 29 ZDNet (1.4.2012). UK ‘to 7 ZDNet (27.4.2012). CISPA Statement of rights and re- announce’ real-time phone, cybersecurity bill clears US sponsibilities update. 23 Council of Europe email, Web traffic monitoring. Congress. (4.10.1950). Convention for the 17 Facebook (20.4.2012). Ak- protection of human rights 30 Parliament (18.4.2012). 8 White House (25.4.2012) tualisierung der erklärung der and fundamental freedoms. Queen’s speech 2012 - com- Legislative document: Veto. rechte und pflichten. mons library standard note.

20 31 ZDNet (4.4.2012). UK’s ‘Pa- 37 White House (30.3.2012). circuit ruling in Viacom v. You- 50 Time (1.5.2012). British triot Act’ web monitoring law IPEC Annual Report. Tube is a bummer for Google court orders ISPs to block could face European veto. and the UGC community. pirate bay — Is the U.S. Next? 38 SearchEngine Land 32 The Guardian (17.4.2012). (3.4.2012). Australian court 44 Paid Content (5.4.2012). 51 TorrentFreak (29.1.2012). Tim Berners-Lee urges govern- finds Google responsible for The YouTube Decision: What it Dutch ISPs refuse to block The ment to stop the snooping misleading ads placed by its means and what happens next. Pirate Bay. bill. advertisers. 45 CNet (13.4.2012). Judge 52 TorrentFreak (4.10.2011). 33 The Register (4.4.2012). UK 39 Lawyers Weekly wants MegaUpload user data Belgian ISPs ordered to block net super-snooping clashes (13.4.2012). Coming soon: A preserved for now. The PirateBay. with Euro privacy law – ex- global ODR system. pert. 46 TorrentFreak (15.4.2012). 53 Legal Feeds (19.4.2012). 40 TorrentFreak (10.4.2012). US: Megaupload’s hosting SCC spells out Canadian juris- 34 The Age (5.4.2012). Crit- Russia moves to hold ISPs company might be sued next. diction on foreign lawsuits. ics blast UK plans for more responsible for illegal file- snooping, secrecy. sharing. 47 European Comission 54 The Huffington Post (23.3.2012). Opinion 01/2012 (4.4.2012). Arizona bill that 35 The New York Times 41 CNet (19.4.2012). Europe’s in the data protection reform would criminalize online (21.4.2012). French media ques- high court says ISPs can hand proposals. speech to be revamped after tion election reporting rules. over alleged pirate data. outcry. 48 The Times of India 36 France 24 (23.4.2012). In 42 The Washington Post (12.4.2012). Delhi court drops 55 Arizona State Legislature witty, bemused and often (23.4.2012). In Holocaust case against Google India. (6.4.2012). Anti-stalking bill cruel posts, Twitter users on Museum visit, Obama outlines amendment. Sunday circumvented tough policies aimed at preventing 49 ZDNet (3.4.2012). Face- French laws banning the genocide. book misses March deadline prediction of election results following privacy audit. by incorporating World War 43 Technology and Marketing II codes. Law Blog (5.4.2012). Second

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-april-references

21 MAY

1. Patchwork of privacy laws audit8 in 2011. The vote comes in response to thousands on ‘cookies’ in EU jurisdiction of critical comments9 to prior versions of the amended Terms of Service, posted in majority by German speaking creates legal confusion users. This is the second time since 200910 that the global The UK implemented on may 25, 2012 article 5(3) of the platform is experimenting with the democratic constitu- EU e-privacy directive1 that gives consumers the “right tion of its Terms of Service. At least 270 million users to refuse” cookies. Aimed at preventing the unwanted need to participate in the vote between the old and new tracking of users’ online behavior, the law has now been versions proposed by Facebook for it to have a binding transposed in 19 of the 27 EU member states’ laws. How- character. ever, the definition of user consent to cookies and cor- responding obligations for websites differ among these Read further: 19 jurisdictions. Whereas, for example, Latvia demands ArsTechnica: Facebook Nation: privacy changes go to a a strict opt-in procedure, Finland only requires websites 270 million user vote11 to offer an “opt-out” option and accepts a user’s browser Reuters: Older and bigger, Facebook rethinks a youthful setting as satisfactory indicator of consent. The frag- flirtation with user democracy12 mented implementation of the EU directive causes legal ZDNet: Facebook rules: Everyone can vote on new privacy uncertainty2 for website operators incorporated in the EU policy13 and those targeting EU citizens, who are both obliged to respect a heterogeneous patchwork of national jurisdic- 3. Megaupload beyond the tions. reach of US jurisdiction for criminal proceedings, defense Read further: claims Wired: A simple guide to cookies and how to comply with EU cookie law3 Megaupload’s lawyers claim14 that the company incorpo- GigaOM: How Europe is dealing with the cookies crisis4 rated in Hong-Kong and directed by a German national Field Fisher Waterhouse:Cookie ‘consent’ rule: Overview residing in New Zealand is beyond the jurisdiction of a of EU implementation5 federal court in the US State where the file-locker is prosecuted for criminal proceedings. The argument is 2. Facebook’s privacy changes based on flaws in applying US criminal law15 for copyright. go to a global user vote Normally, a foreign company must receive a summons via its US representation. Since Megaupload has no office on Facebook, which is subject to the material jurisdictions US soil, it never lawfully received a summons, the defense of the US and Ireland for its international business6, has argued. Megaupload’s .com domain, registered with a US- put its proposed changes in its Statement of Rights and based DNS operator, its data hosted by US-based Car- Responsibilities and its Data Use Policy to a global vote7 pathia Hosting and other company assets were seized in among its 900+ million users in multiple jurisdictions the course of the assertion of US adjudicatory jurisdiction worldwide. The two documents implement changes over the platform16 in January 2012. demanded by the Irish Data Protection Authority after an

22 Read further: v. Viacom case30 is expected to produce a landmark deci- US District Court Eastern District of Virginia [Proposed] sion on the liability principle for user-generated content Motion of specially-appearing defendant Megaupload hosting platforms. Limited to dismiss indictment for lack of personal juris- diction & memorandum of law in support thereof17 Read further: ArsTechnica: Megaupload claims it is beyond the reach of New York Times: French court sides with Google in You- US criminal law18 Tube case31 Computerworld: Megaupload asks US court to dismiss ArsTechnica: French court gives YouTube a victory in indictment, cites jurisdiction19 copyright infringement case 32 New York Times: Google ordered to stop copyright viola- 4. Copyright cases in US and tions on YouTube33 Finish jurisdictions: IP-address cannot identify persons and 6. New ISP blocks in European their location and Indian jurisdictions might not efficiently curtail A judge in US state California dismissed 15 mass-lawsuits20 for absent personal jurisdiction. The de- illegal file-sharing fendants were accused of sharing copyright protected New court orders obliging ISPs to block torrent libraries adult movies on BitTorrent. The court, however, was not like Pirate Bay have been issued in Greece34, Italy35 and convinced that geo-IP tools could reliably identify the India36. Meanwhile, The Pirate Bay has begun adding new users as being based on Californian territory and refused IP-addresses37 that allow Internet users from jurisdictions to send identification subpoenas to Californian ISPs. In that implemented filters to access the site again. Dutch a similar case, a New York judge refused IP-addresses21 ISPs refused38 to block these new IP-addresses without a to identify individuals due to their unreliability, citing new court order, whereas the Dutch Pirate Party39 was the possibility that many Internet users could go online ordered to stop publicizing circumvention strategies to via one single router. This reasoning was also applied in reach The Pirate Bay. Finland22, where a court ruled that owners of open WiFi networks are not liable for illegal file-sharing. 7. Liability of ISPs for hosted content: Differing approaches Read further: in Brazil, Australia and Russia TorrentFreak: IP-address can’t even identify a State, BitTorrent judge rules23 The Brazilian Supreme Court40 ruled that ISPs are not US District Court Central District of California: Order responsible for the content they host in a case involving dismissing case for lack of personal jurisdiction24 defamatory content on Google’s social network Orkut. IT World: Courts quash copyright trolls; recognize IP ad- A similar decision was pronounced in a copyright case dress is not a person25 in Australia41 in April 2012. The role of ISPs in prevent- ing online piracy and the general question of ISP liability 5. YouTube not liable for user- is growing. For example, the Russian Supreme Court42 generated content in French decided in 2011 that ISPs knowing about the existence of illegal files on their servers are financially liable for jurisdiction caused damages. A French court ruled26 that YouTube is not responsible for copyrighted videos of French TV station TF1 that were 8. Twitter blocked in Pakistani uploaded by users on the platform. The court moreover jurisdiction after non- precised that Google “has no obligation to police the compliance with local content before it is put online as long as it informs users authorities that posting television shows, music videos, concerts or advertisements without prior consent of the owner is The Pakistani Telecommunications Authority (PTA) not allowed”. The French decision therefore contradicts blocked Twitter43 for one evening after the platform re- the recent (and appealed) German ruling27 concerning fused to remove offensive posts deemed to hurt Muslim YouTube and the royalty collector GEMA, in which the feelings. According to AFP, the surprisingly quick removal court obliged YouTube to develop filtering technolo- of the ban was triggered by a wave of public anger against gies to prevent the renewed upload of already flagged, the blockade. Facebook was equally approached by the copyright-protected content. Completing the European PTA to take down religiously offensive content and com- patchwork, YouTube lost a copyright infringement suit in plied. Italy28 in 2009, whereas a Spanish court29 decided in its favor in 2010. In the US jurisdiction, the revived YouTube

23 9. New Zealand ISP offers 14. New privacy investigations access to geo-IP blocked in Google Street View content in US jurisdictions looming in UK and Australian New Zealand’s ISP FYX is offering its customers access to jurisdiction content that is blocked through geo-IP filtering44 in the Based on the US Federal Communications Commission’s US, including commercial download provider Netflix. The report53 on the gathering of sensitive private data (so- circumvention of geo-IP filters seem to be legal under called “payload data”) during the scanning of streets, pri- New Zealand law and is considered to be more consumer vacy regulators in the UK54 and Australia55 are considering friendly for New Zealand customers. to open new investigations in Google Street View. 10. Facebook blocks accounts 15. Debate about taxation of and images of topless feminist ‘offshore’ online companies rights protestors in Brazil triggered in Australian Photos and accounts of women who participated topless jurisdiction in the demonstration “March of Bitches” for female rights Australian Shadow Communications Minister Turnbull 45 in Brazil were deleted by Facebook since they did not triggered a policy debate56 about the incapability of 46 comply with the platform’s Community Standards as Australian tax law to cope with the realities of the digital stipulated in its Terms of Service. The case recalls the US environment57: “An advertisement on a Google search 47 controversy over breastfeeding mothers . page may be hosted by a server located overseas, and the advertisement may be sold by a company located in Ire- 11. Google must change land – but nonetheless from the Australian user’s point of search practice in EU view it is as “present” on his device as an advertisement jurisdiction to avoid on The Australian or the Sydney Morning Herald website.” antitrust fine A similar discussion takes place in France58. EU Competition Comissioner Joaquim Almunia announced 16. New Google Transparency that Google might be punished for abusing its search market position48 in the EU. He offered Google to prevent Report shows extent of an antitrust investigation by offering remedies within a global piracy take-down “matter of weeks”. Google is accused of harming European requests competition and offering “preferential treatment” to links Amending its Transparency Report that until now only of its own vertical search services in comparison to links provided data on governmental content take-down of rivals. The company already faces antitrust investiga- requests59, Google released statistics about requests for 49 tions in South Korea and Argentina . URL removals60 in its search results related to allegedly copyrighted or pirated content. In 2012, the platform 12. Twitter resists demands handles about 1.200 percent more take-down requests from US jurisdiction to than in 2009. disclose Occupy tweets Twitter contested50 a US court demand to disclose the 17. Australian organizations tweet history of an user involved in the Occupy move- using off-shore cloud ment. The US company argued that its Terms of Service services are liable for possible clearly state that users, not the company, own the tweets. privacy breaches Explaining the legal status of cloud computing in the Aus- 13. Microsoft takes Bing tralian jurisdiction, an Australian privacy commissioner Streetside offline in German warned that Australian organizations using offshore cloud jurisdiction after receiving services will be directly liable if these services compro- complaints mise the privacy of Australian citizens: “While we’re not saying ‘don’t use the cloud’, if you do and you use Microsoft decided to take down the its Streetside ser- someone who’s not within our jurisdiction, we’ll enforce vice51 in Germany, after Germans complained about the the law against someone — and generally we’ll enforce it way the company proceeds with the blurring of images against you.”61 for privacy reasons upon user requests. The precautious steps recall the controversies that Google Street View52 faced in Germany in 2009.

24 18. Google faces $10 million embedd FBI backdoors in US-based online platforms, of fine in US jurisdiction for which many are used by citizens of foreign jurisdictions bypassing Safari privacy around the world. settings 20. Singapore tries to Google may face a $10 million fine62 from the US Federal establish code of conduct Trade Commission for having bypassed the cookies set- for Internet activities in its ting of Apple’s Safari browser. In the EU, the French Data jurisdiction Protection Authority CNIL is leading a parallel investiga- tion63. Singapore’s government is encouraging Singapore’s Inter- net community to come up with a code of conduct65 to 19. FBI pushes plan to force self-regulate online activities in Singapore’s jurisdiction. surveillance backdoors This “civility code” would cover issues like anonymity, on Internet platforms public order and terrorism. The initiative is criticized by incorporated in US activists for curbing freedom of expression. jurisdiction Fearing to loose the capability to monitor online com- munication on social networks, e-mails provides and Voice over IP services, the FBI is pushing to amend the US Communications Assistance for Law Enforcement Act64 to

REFERENCES

1 Eur-Lex (12.7.2008). Direc- 9 The Register (1.6.2012). Can 16 Arstechnica (19.1.2012). for illegal file-sharing, court tive 2002/58/EC of the Facebook users be bothered Why the feds smashed rules. European Parliament and of to vote? Megaupload. the Council. 23 TorrentFreak (15.5.2012). IP- 10 Facebook (2.11.2012). Im- 17 US. District Court Addresses can’t even identify 2 Bloomberg (24.5.2011). EU’s proving Transparency Around (30.5.2012). [Proposed] motion a state, Bittorrent judges rule. web privacy law on ‘cookies’ Privacy. of specially appearing defen- may trigger legal confusion. dant Megaupload limited to 24 xBiz (25.5.2012) Celestial 11 Arstechnica (1.6.2012). dismiss indictment for lack of v swarm. 3 Wired (25.5.2012). A simple Facebook Nation: privacy personal jurisdiction. guide to cookies and how to changes go to a 270 million- 25 ITWorld (16.5.2012). Courts comply with EU cookie law. user vote. 18 Arstechnica (30.5.2012). quash copyright trolls; recog- Megaupload claims it is be- nize IP address is not a person. 4 Gigaom (25.5.2012). How 12 Reuters (1.6.2012). Older yond the reach of US criminal Europe is dealing with the and bigger, Facebook rethinks law. 26 Reuters (29.5.2012). French cookie crisis. a youthful flirtation with user court backs Google in TV democracy. 19 ComputerWorld piracy case. 5 Field Fisher Waterhouse (31.5.2012). Megaupload asks (24.5.2012). Cookie ‘consent’ 13 ZDNet (18.5.2012). Face- US court to dismiss indict- 27 Music Week (23.5.2012). rule: EEA implementation. book rules: Everyone can vote ment, cites jurisdiction. YouTube and GEMA appeal on new privacy policy. content filtering court verdict. 6 The Irish Times (25.5.2012) 20 CNet (16.5.2012). Judge Facebook subject to material 14 Reuters (31.5.2012). dismisses piracy suits, says IP 28 Gigaom (17.12.2009). You- jurisdiction in EU. Megaupload lawyers move address doesn’t confirm state. Tube loses copyright case in to kill U.S. Internet piracy Italian court. 7 Facebook (25.5.2012). Face- charges. 21 CNet (4.5.2012). IP address book governance vote. doesn’t ID individuals in piracy 29 Gigaom (23.9.2010). Span- 15 TechDirt (31.5.2012). lawsuit, judge rules. ish court sides with YouTube. 8 BBC (21.12.2011). Irish Megaupload filings show mas- privacy watchdog calls for sive flaws in US case, ask court 22 TorrentFreak (15.5.2012). 30 Forbes (30.5.2012). How Facebook changes. to dismiss. Open Wifi owner not liable the second circuit’s decision in viacom may change the web. 25 31 The New York Times 40 Tecnolgia (2.5.2012). STJ ment for abusing position of 57 Delimiter (22.5.2012). Turn- (29.5.2012). French court sides isenta empresas de internet market dominance, EU regula- bull concerned by Google, with Google in YouTube case. da responsabilidade sobre tor says. Amazon tax offshoring. conteúdo postado. 32 Arstechnica (30.5.2012). 49 Marketingland (30.4.2012). 58 High-Tech (15.2.2012). French court gives YouTube a 41 TorrentFreak (20.4.2012). Argentina, South Korea add to Comment taxer Google et victory in copyright infringe- IINET: ISP not liable for Bittor- Google global antitrust woes. Apple en France? ment case. rent piracy, high court rules. 50 BBC (9.5.2012). Twitter 59 Google (25.5.2012). Google 33 The New York Times 42 The Moscow Times resists US court’s demand for transparency report. (21.4.2012). Google ordered to (16.5.2012). IP Protection for Occupy tweets. stop copyright violations on File-Hosting Websites. 60 Google (25.5.2012). YouTube. 51 PCWorld (23.5.2012). Google transparency report. 43 ZDNet (21.5.2012). Pakistan Microsoft takes Bing street- 34 TorrentFreak (21.5.2012). lifts block on Twitter. side offline in Germany after 61 ComputerWorld (9.5.2012). Greek court orders ISP block- privacy complaints. If offshore cloud compromises ades of ‘Pirate’ music sites. 44 The National Business your data we’ll sue you, not Review (10.5.2012). Geo-block 52 PCWorld (18.6.2009). them: Privacy commissioner. 35 TorrentFreak (24.5.2012). busting ISP gets thumbs up Google agrees to delete Italian court orders all ISPs to from Chapman Tripp. unblurred German Street View 62 Bloomberg (5.5.2012). block Kickass Torrents. data. Google said to face fine by 45 TEC (30.5.2012). Facebook U.S. over Apple Safari breach. 36 The Times of India bloqueia usarias que aparecem 53 The New York Times (18.5.2012). Internet Service seminuas em fotos da Marcha (28.4.2012). F.C.C. report on 63 Arstechnica (16.5.2012). Providers block torrent sites das Vadias. Google’s street view project. US, Europe investigate on HC order. Google’s bypass of Safari 46 Facebook (25.5.2012). 54 Bloomberg (28.5.2012). privacy settings. 37 TorrentFreak (28.5.2012). Facebook community stan- Google may face further PirateBay ready for perpetual dards. U.K. action after FCC privacy 64 CNet (4.5.2012). FBI: We IP-Address whac-a-mole. report. need wiretap-ready Web sites 47 The Telegraph (10.2.2012). – now. 38 TorrentFreak (24.5.2012). Why ‘lactivists’ are milking 55 News.com.au (29.5.2012). ISPs refuse to block new Facebook’s breastfeeding ban. Australian probe looms for PirateBay IP-address. Google Street View. 48 Out-law (22.5.2012). 39 BBC (10.5.2012). Dutch Google must change search 56 Malcolm Turnbull court bans Pirate Party links to practices to escape punish- (5.5.2012). News taxes and the The Pirate Bay. Internet.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-may-references

26 JUNE

1. 2. Chinese proposal for IETF data by US authorities under Standard would partition the scrutiny in US and New Internet into autonomous Zealand jurisdictions segments via the DNS In January 2012, US authorities shut down Megaup- Two engineers from China Telecom and China Mobile to- load, incorporated in Hong-Kong’s jurisdiction, seizing gether with a Chinese academic proposed a new Standard 25 petabytes1 of almost 66 million users stored at the at the Internet Engineering Task Force (IETF)10, the global US-based hosting company Carpathia. Moreover, the FBI body that develops the technical norms of the Internet. seized additional 150 terabytes2 of data during the raid The submitted draft “DNS Extensions for Autonomous of Megaupload founder ’s house, located in Internet (AIP)”11 suggests the creation of alternative New Zealand. The rightfulness of these seizures under root servers under the control of national jurisdictions. US jurisdiction is still in question. In the US, Kyle Godwin The proposal would allow countries to have their “own and the Electronic Frontier Foundation filed a motion3 independent domain name hierarchy and root servers”, demanding the return of the legal data stored by Megaup- “even in unilateral action”. This could, de facto, break up load users. The US government refused to establish a the centralized DNS into autonomous segments12 and return mechanism arguing the seized data on Carpathia’s therefore establish a new additional layer of Internet servers constitutes only a copy of property and not control via the Internet’s name space that would corre- property4. Meanwhile in the New Zealand jurisdiction, the spond to the physical boundaries of national territories. search warrants used for the raid of Dotcom’s mansion An additional TLD would be added to DNS requests that near were ruled to be too vague and therefore are targeted towards an alternate root in another au- illegal5. The court in Auckland ordered the US to “imme- tonomous networks (See draft13 sections “2.2. AIP DNS diately commence preparation”6 to supply the Megaup- Hierarchy” and “3.2 Domain Name Resolution between load defendants with a copy of the data seized unlawfully AIP Networks”). Countries could control which domain by the FBI. names of foreign networks would resolve in their national networks. Chances that this proposal might actually be Read further: taken up by an IETF Working Group14 and thus becomes TorrentFreak: US Government: Megaupload users should implemented are deemed to be low. sue Megaupload7 PC World: Judge considers hearing on improper Megaup- Read further: load seizure8 CircleID: A closer look at the AIP Internet Draft Proposal15 Washington Post: Megaupload warrants ruled illegal by Computerworld: Chinese operators hope to standardize a New Zealand court9 segmented Internet 16 CircleID: Proposed new IETF standard would create a nationally partitioned “Internet”17 27 3. Enforcing platforms’ Terms Read further: of Service: Sex offenders must OutLaw: Internet publishing occurs where it is served identify themselves on social from as well as where it is read, EU legal advisor says 26 networks in Louisiana IPKitten: Dataco v Sportradar: liability for sending and receiving sui generis databases27 Existing law in the US State Louisiana that obliges convict- SCL: Football Dataco/Sportradar case: Attorney General’s ed sex offenders to divulge their criminal status to their Opinion28 neighbors has been extended to cyberspace. A new bill18 that comes into force on August 1, 2012 is going to oblige 5. HTTP Error Code 451 persons with a criminal record to disclose their status proposed to signal blocking on social networking platforms such as Facebook. Even of illegal content in a given though Facebook’s global Terms of Service “Statement of Rights and Responsibilities”19 (§4.6) forbid convicted sex jurisdiction offenders to use the service, State Representative Jeff Google engineer Tim Bray, a co-developer of the XML Thompson, who initiated the new law, argues it would not code, has proposed a new HTTP Error Code 45129 to the be desirable to “leave it to Facebook police to go out and IETF to inform Internet users that web content is unavail- check on these individuals”20. The new law offers state able to them for legal reasons in their respective jurisdic- prosecutors a tool to enforce Facebook’s Terms of Service tion. Currently, web users are redirected to the Error 40330 in Louisiana’s jurisdiction. page “Forbidden” that was initially designed to inform the user of a purely technical error (“The server understood Read further: the request, but is refusing to fulfill it”). The proposed CNN: New Louisiana law: Sex offenders must list status on Code 451 should “include an explanation, in the response Facebook, other social media21 body, of the details of the legal restriction; which legal The Atlantic: Scarlet-Letter Status: Should sex offenders authority is imposing it, and what class of resources it admit crimes on Facebook 22 applies to” and could look like this example: “This request CNET: Louisiana law says sex offenders must state status may not be serviced in the Roman Province of Judea due on Facebook23 to Lex3515, the Legem Ne Subversionem Act of AUC755, which disallows access to resources hosted on servers 4. EU legal advisor: Online deemed to be operated by the Judean Liberation Front”. publishing occurs both in The proposition is likely to be discussed within the IETF in the locations where data is late July 2012. stored and read Read further: Advocate General Yves Bot provided an assessment of the The Guardian: Call for Ray Bradbury to be honored with jurisdictional question concerning the publishing of infor- Internet error message 31 mation on the Internet to the European Court of Justice24 IT World: Error code would warn of web censorship 32 (ECJ), the highest court of the EU, which was appealed BoingBoing: Error Code 451: an HTTP code for censorship33 by the UK High Court25. The British company Football Dataco, which runs a live-database of statistics of Scot- 6. Marginal turnout of tish and English football matches, accused the German- 900 million users vote on Swiss company Sportradar of copying and reselling its live Facebook’s Terms of Service statistics. Sportradar claimed no primary infringements of Football Dataco’s copyrights and database rights took Only 350,000 (less than 0.04%) of Facebook’s global users place in the British jurisdiction through the publishing of from various national jurisdictions participated in the data stored on servers located in Austria. Bot said, “in the vote34 between Facebook’s existing Terms of Service and a context of the internet, the categories of ‘emission’ and new, updated version that also included changes demand- ‘reception’ become highly relative as criteria for deter- ed by the Irish Data Protection Authority35 after an audit mining the ‘location’ of the points between which there is at Facebook’s global headquarters in Dublin. Since the an act of communication”. He concluded that data is pub- participation threshold of 30%36 was not met, the vote lished online not only where it is stored, but also where it that favored the existing policies (86.9%) was not binding is read. Therefore, a “re-utilization” of the data owned by for Facebook. Football Dataco took place in the UK. The opinion is not binding, but likely to be adopted by the ECJ.

28 7. Google ordered to 11. Taiwanese accounts modify Street View in Swiss suspended temporarily from jurisdiction Facebook without violating The Swiss Federal Supreme Court decided that Google its Terms of Service does not need to guarantee 100% accuracy37 of the A number of accounts of Taiwanese politicians and activ- blurring of faces and license plates, as the Swiss privacy ists have been deactivated temporarily by Facebook48. In watchdog demanded in 2010. Overturning a lower court an open letter to Facebook founder Mark Zuckerberg, the ruling, 99% accuracy has been judged sufficient38 to Taipei City Counselor demanded that Facebook should protect the privacy of Swiss citizens. However, the court justify punishments such as account deactivation based ordered39 Google to modify the conditions under which it on its Terms of Service. The incident triggers questions captures the street images, including lowering the height regarding the internal governance procedures on Face- of the cameras on cars. book’s platform. 8. SUB Top-Level Domain 12. Ethiopian law criminalizes blocked for the first time in Voice-over-IP services like Chinese jurisdiction Skype Between June 15 and June 16, China blocked all websites A new law in Ethiopia criminalizes Voice-over-IP services49 with the Japanese sub-top-level domain40 co.jp for over (VoIP) within the Ethiopian jurisdiction. Corresponding 30 hours. Yet the reasons of this block are unknown and national monitoring and filtering mechanisms have been it is speculated that a technical error might be the cause. installed to implement the rule that foresees sentences of China has never blocked an entire TLD.41 up to 15 years of prison. 9. Lawsuit in Californian 13. Governments would be jurisdiction forced Facebook liable for e-ID faults under to let global users opt-out proposed regulation in EU of “Sponsored Stories” jurisdiction Facebook agreed to settle a lawsuit42 filed by Facebook Under the proposed new Regulation on electronic iden- users in California, where the company is incorporated,43 tification and trust services for electronic transactions which accused the platform of violating California law in the internal market50 that would establish a mutually by showing advertisements that suggest friends “liked” a recognized system of e-IDs and digital signatures in the certain brand or product (so-called “Sponsored Stories”). EU, European governments would be directly liable for The platform is going to change its global operations and any attribution fault or misuse51 of electronic identities. offer all users the possibility to control which informa- tion is processed44 to generated these ads for a minimum 14. Microsoft’s DMCA of two years. takedown request shut down 10. European Commission: Google link to German IT Cloud regulation standards news story should apply regardless of As a consequence of the increasing volume52 of DMCA physical data location takedown requests that platforms like Google receive, deletion procedures have become automated. This let, The Deputy Director-General of the European Commis- for example, to the deletion of a Google Search link to a sion’s Information Society and Media Directorate Megan Windows 8 news article53 of a German IT journal, due to a Richards said “the cloud does not stop at national bor- DMCA notice by Microsoft on June 6, 2012. ders45” and regulatory standards should be upheld regard- less of the physical location of the stored data: “Theo- 15. Website operators could be retically, it shouldn’t matter where data is held as long as forced to reveal anonymous our rules apply46”. The proposed new EU Data Protection commentators’ identity in UK Directive47 includes provisions to extent European rules to global data processing and storage. jurisdiction A new law proposed in the British jurisdiction could oblige website owners to reveal the identity of anony- mous commentators54 if complainants requested the

29 information in a defamation lawsuit. U.K. Justice Secretary 18. Virtual Private Networks Ken Clarke argued this law would defend website opera- tors, since they are “in principle liable as publishers for and cybertravel: New blocks everything that appears on their sites, even though the in Iranian jurisdiction content is often determined by users”. The Iranian cyber-police cracked down on Virtual Private Networks (VPN)57 that allow to access foreign websites 16. Illegal file-sharing blocked in the Iranian jurisdiction through an encrypted becomes a crime with tunnel. Currently, ca. 20-30% of Iranians are using VPNs. prison sentence in Japanese jurisdiction 19. EU initiates Global Alliance Against Child Sexual A new Japanese copyright law, which comes into force in October 2012, criminalizes the up- or downloading Abuse Online to enhance of copyright-protected data with jail sentences55 of up cooperation between to two years. Japanese music rights groups developed jurisdictions moreover the technology to directly block the uploading On June 8, 2012, the EU’s Council of Ministers launched of protected material on the Internet and demand the the creation of a “Global Alliance against child sexual integration of these filters on ISPs in the Japanese jurisdic- abuse online”58. The initiative seeks to enhance cross- tion. border cooperation to identify and prosecute offenders and block websites “where appropriate”. The US joined 17. Google blocks its the alliance59 on June 21, 2012. Analytics tool in Cuba to comply with export 20. US lawmakers begun sanctions in US jurisdiction crowd-sourcing a digital In order to comply with the export sanctions applicable bill of rights for the US to companies incorporated in the US jurisdiction, Google jurisdiction has blocked its Analytics tool for Cuban Internet users,56 A bipartisan initiative60 by Senator Ron Wyden (D-OR) which are redirected to a US Treasury Department web- and Representative Darrell Issa (R-CA) seeks to crowd- site. Likewise, Google blocks certain tools in Burma, Iran, source a digital bill of rights for the US jurisdiction. On Syria, Sudan and North Korea. June 30, 2012, the first article on the dedicated we­bsite61 stresses the notion of digital citizenship and stipulated that “digital citizens have a right to a free, uncensored internet”.

REFERENCES

1 Arctechnica (22.3.2012) 5 Reuters (28.6.2012). NZ 9 The Washington Post 13 IETF (13.6.2012). DNS ISP: Storing 25 petabytes of court finds Megaupload search (28.6.2012). Megaupload extension for autonomous Megaupload data costs us warrants illegal. warrants ruled illegal by New Internet(AIP). $9,000 a day. Zealand court. 6 Computerworld (15.6.2012). 14 IETF (2.11.2012). The Tao 2 Wired (15.6.2012). FBI or- NZ court orders US to prepare 10 IETF (2009). Overview of of IETF: A novice’s guide to dered to copy 150 terabytes of to hand over Megaupload the IETF. the Internet Engineering Task data seized from Megaupload. data. Force. 11 IEFT (13.6. 2012). DNS 3 Electronic Frontier Founda- 7 Torrent Freak (11.6.2012). extension for autonomous 15 CircleID (22.6.2012). tion (21.5.2012). Kyle Goodwin U.S. Govt: Megaupload users Internet(AIP). A Closer Look at the AIP Inter- motion for return of property. should sue Megaupload. net draft proposal. 12 Domain Incite (18.6.2012). 4 Bloomberg (29.6.2012). 8 PC World (29.6.2012). Judge China proposes to split up the 16 Computer World Megaupload Judge Defers De- considers hearing on improper DNS. (18.6.2012). Chinese operators cision on Seizing Users’ Data Megaupload seizure. hope to standardize a seg- mented Internet.

30 17 Circle ID (19.12.2012). 29 IETF (11.6.2012). A New 40 Global Voices (18.6.2012). 51 Out-law (6.6.2012). Proposed New IETF standard HTTP status code for legally- China: top domain co.jp Government would be liable would create a nationally restricted resources. blocked temporarily. for faults with individuals’ partitioned “Internet”. data under new cross-border 30 Terence Eden (8.6.2012). 41 TNW (18.6.2012). China’s electronic identification 19 Facebook (13.11.2013). There is no HTTP code for great firewall.blocks its first proposals. Statement of rights and re- censorship (but perhaps there top-level domain, as co.jp sponsibilities. should be). sites go down for 30 hours. 52 Google (6.6.2012). Google transparency report. 20 Reuters (22.6.2012). Louisi- 31 The Guardian (22.6.2012). 42 Scribd (20.6.2012). ana sex offenders must soon Call for Ray Bradbury to be [TechCrunch] Facebook 53 EDRI (6.6.2012). Google post their status on Facebook. honoured with internet error sponsored stories class-action search link deleted. message. lawsuit settlement. 21 CNN (21.6.2012). New Loui- 54 PC Magazine (12.6.2014). siana law: Sex offenders must 32 ITWorld (14.6.2012). Error 43 TechCrunch (21.6.2012). U.K. law would unmask anony- list status on Facebook, other code would warn of web Problems for monetization: mous commenters. social media. censorship. Lawsuit forces facebook to let you opt out of sponsored 55 TorrentFreak (24.6.2012). 22 The Atlantic (22.6.2012). 33 Boing Boing (13.6.2012). story ads. Jail for file-sharing not Scarlet-letter status: should Error Code 451: an HTTP error enough, labels want ISP-level sex offenders admit crimes on for censorship. 44 Reuters (21.6.2012). Face- spying regime. Facebook? book will change ad service to 34 The New York Times settle lawsuit. 56 TheVerge (21.6.2012). 23 CNet (22.6.2012). Louisiana (8.6.2012). Facebook holds a Google Analytics blocked in law says sex offenders must vote and turnout is low. 45 Out-Law (18.6.2012). Se- Cuba because of US sanctions. state status on Facebook. curity of personal data in the 35 TechCrunch (11.5.2012). cloud more important than 57 The Daily News (10.6.2012) 24 InfoCuria (21.6.2012). Case Facebook fleshes out privacy where it is stored, EU official Iran to crack down on web C‑173/11. policy to comply with data says. censor-beating software. protection audits, will hold 25 Harbottle & Lewis Q&A on Monday. 46 The Register (13.6.2012). 58 EDRI (8.6.2012). Global (11.6.2012). Database Rights All of Europe’s data in US serv- Alliance against child sexual and Location of Infringement 36 Reuters (1.6.2012). Older ers? We’re OK with that - EC abuse online. – Football Dataco/Sportradar and bigger, Facebook rethinks bod. Case Referred to ECJ. a youthful flirtation with user 59 European Commission democracy. 47 European Commission (21.6.2012). EU and U.S. launch 26 Out-Law (25.6.2012). (25.1.2012). Commission pro- Global Alliance to fight child Internet publishing occurs 37 Reuters (8.6.2012). Swiss poses a comprehensive reform sexual abuse online. where it is served from as well court eases terms for Google’s of the data protection rules. as where it is read, EU legal Street View. 60 The Verge (12.6.2012) US advisor says. 48 Foreign Policy (13.6.2012) lawmakers create website to 38 The New York Times Ruling Facebookistan. crowd-source a ‘digital bill of 27 IPKAT (21.6.2012). Dataco v (9.6.2012). Swiss court orders rights’. Sportradar: liability for send- modifications to Google 49 Africa Review (12.6.2012). ing and receiving sui generis Street view. New Ethiopian law crimi- 61 Keep the Web (12.6.2012). databases. nalises Skype, installs Internet A Digital citizen’s bill of rights. 39 Federal Administrative filters. 28 The IT Law Community Court (8.6.2012). Privacy ques- (26.6.2012). Football Dataco/ tions about Google Street 50 European Commission Sportradar case: Attorney View: Federal Court upholds (6.6.2012). Trust Services and general’s opinion. Complaint by Google partially eID good.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-june-references

31 JULY

1. UN Human Rights Council 2. Californian judges disagree and civil society call for on personal jurisdiction Internet Freedom over foreign citizens who use On July 5, 2012, the UN Human Rights Council adopted US-based online platforms a landmark resolution on “The promotion, protection Two Californian judges disagreed about whether a US and enjoyment of human rights on the Internet”1. The court can assert personal jurisdiction over foreign citizens Council’s 47 member states affirmed that “the same rights only because they used US-based online platforms. The that people have offline must also be protected online, Korean plaintiff DFSB Kollective, a music-copyrights in particular freedom of expression, which is applicable holder with no operations in the US, sued two defendants regardless of frontiers and through any media of one’s based in Australia, who uploaded protected content on choice”. Moreover, the “global and open nature of the In- linking sites for a global audience and used US-based ternet” was recognized as “driving force towards develop- online services, in the Northern District of California. ment”. The document is the first UN resolution on digital In 2011, a judge asserted personal jurisdiction6 over a human rights and was supported by 85 state co-sponsors. man in Australia and awarded statutory damages and an Meanwhile, a movement rooted in the anti-SOPA/PIPA injunction to DFSB, arguing that since the defendant used protests in the US published a “Declaration of Internet “California companies Facebook, Twitter, and YouTube to Freedom”2, which stresses five basic principles: Expression, promote the websites he operates” and a California-based Access, Openness, Innovation and Privacy. It is endorsed privacy service, “it appears that Defendant’s activities by a number of companies, NGOs and individuals. are expressly aimed at California”. In a different ruling, another judge now disagreed7 that “using the Internet Read further: accounts of companies based in California is sufficient European Journal of International Law Blog: UN Human to support a finding that a defendant expressly aimed his Rights Council Confirms that Human Rights Apply to the conduct at California”, since this reasoning “would subject Internet3 millions of persons around the globe to personal jurisdic- New York Times: UN affirms Internet Freedom as basic tion in California”. right4 ArsTechnica: Anti-SOPA veterans issue declaration of Read further: Internet freedom5 Eric Goldman Blog: Can Korean copyright owners sue Aus- tralian defendants in California? Judges disagree – DFSB Kollective v. Bourne8

32 Forbes: Having a Facebook or Twitter account shouldn’t Read further: mean mandatory California Vacations if you get sued9 CitizenLab: Routing gone wild: documenting upstream TechDirt: Copyright Tourism: Korean Companies sue guy filtering in Oman via India19 from Australia for copyright infringement… in California10 ArsTechnica: Internet content blocking travels down- stream, affects unwary users20 3. US Department of Commerce Harvard Herdict Blog: Omani users subject to India’s con- awards new three years IANA tent filtering due to “upstream filtering”21 contract to ICANN 5. ACTA rejected by European The Internet Corporation for Assigned Names and Num- Parliament, provisions bers (ICANN), a private non-profit organization incor- porated in California, will continue to coordinate the returned in new EU-Canada domain name space and IP addresses of the Internet. On trade treaty CETA July 2, 2012, the US Department of Commerce’s National On July 4, 2012, the European Parliament rejected the Telecommunications and Information Administration multinational Anti-Counterfeiting Trade Agreement22 (NTIA) accepted ICANN’s bid11 to manage the Internet’s (ACTA) in the European jurisdiction with 478 of 682 votes critical Internet Assigned Numbers Authority (IANA) against the treaty. ACTA’s provisions to guarantee intellec- functions, after the agency refused12 an earlier applica- tual copyrights in cyberspace were criticized for violating tion in March 2012 that did not meet “the requirements fundamental human rights. The vote came before the requested by the global community”. The new contract European Court of Justice23, which was asked by the Euro- under US jurisdiction starts on October 1, 2012 and will pean Commission to rule on the legality of ACTA, could run for an initial period of three years until September express its opinion. Other signatories of the treaty are 2015. It can be renewed twice to run for a total duration prone to continue its implementation, including the US of seven years and is the longest IANA contract ICANN and Japan. A leaked February version of the EU-Canadian ever received. Comprehensive Economic and Trade Agreement (CETA)24, which is currently negotiated, revealed however that this Read further: new bilateral treaty contains certain provisions that are The Register: ICANN’s overlordship of the Internet con- very similar to ACTA in its IP chapter. The European Com- firmed again by US gov13 mission announced on July 11, 201225 that two contested PC World: ICANN keeps control over IANA Internet root14 paragraphs concerning the “co-operative efforts within ZDNet: ICANN resumes responsibility for Internet num- the business community” and the disclosure of pirating bering functions15 ISP customers were meanwhile deleted.

4. Internet content filtering Read further: in Indian jurisdiction affects The Guardian: ACTA down, nut not out, as Europe votes Omani citizens against controversial treaty26 Michael Geist Blog: ACTA lives: How the EU & Canada are Omani Internet users who are customers of the ISP Om- using CETA as backdoor mechanisms to revive ACTA27 antel are subject to the ISP content filters implemented TechDirt: CETA is now slightly less like ACTA (But still in the Indian jurisdiction. This case of so-called “upstream similar, and still secret)28 filtering” was discovered by researchers of the Canadian Citizen Lab16. Due to peering-agreements between an 6. European Commission is Indian and an Omani ISP, Indian content restrictions travel downstream in the transit traffic via fiber-optic cables finalizing its cloud strategy: that connect the two countries physically. As a conse- jurisdictional questions still quence, affected citizens in Oman are unable to access unresolved a number of entertainment sites, political blogs and file- The European Commission is finalizing its cloud-comput- sharing sites that might be perfectly legal in the jurisdic- ing framework that seeks to promote the adoption of tion of the Omani Sultanate. In theory, Omani Internet cloud services in Europe and develops principles on data users could even be restricted to access content pub- security, copyright and standardization. Yet, the Com- lished in Oman itself. Similar cases have been reported in mission did not resolve the question of determining the 17 Kyrgyzstan , where citizens were subject to filters in the applicable jurisdiction29 for non-European users of Euro- 18 Kazakh jurisdiction and Uzbekistan , where Internet users pean cloud services or for non-European cloud operators were subject to Chinese content filters. offering its services to European customers. According to the draft, the final strategy will “provide guidance on the application of European data protection law and practice as regards definitions, jurisdiction and applicable law”.

33 7. Applicable jurisdiction of 11. Twitter’s first European privacy audit of transparency report sheds Google’s updated global lights on requests from Terms of Service questioned national jurisdictions The European data protection authorities are currently US-based global micro-blogging service Twitter re- verifying30 the legality of the updated global privacy poli- leased its first transparency report37 on July 2, 2012. The cies of Google, which is incorporated in the US, under the report sheds light on requests38 for user information, lead of the French agency CNIL. Google now asked the content withholding and DMCA takedown requests for CNIL to identify the “law you are applying to this review, copyright infringements. During the first half of 2012, and the nature of the legal basis for any recommenda- the US issued 679 requests out of 849 demands from 24 tions or conclusions”31. The final report is expected for jurisdictions. September 2012. Moreover, Twitter Inc. “is part of the list” of online platforms whose privacy policies are under 12. Cooperation with law review by the CNIL. enforcement: Facebook monitors chats and posts 8. Websites accessible on US for criminal activities territory must potentially comply with Americans with Facebook uses an internal software to scan chats and Disabilities Act posts39 of its global users in order to detect criminal activities. Suspicious behavior is flagged and under certain A US judge ruled in a case involving close captioning on circumstance reported to the police. Reuters reported Netflix videos that websites are a place of public accom- about a cooperation with US authorities. Facebook’s modation and therefore must comply with the Americans information on Law Enforcement and Third-Party Matters with Disabilities Act (ADA)32. This decision, if upheld in and Information for Law Enforcement Authorities40 does other courts, could potentially mean that foreign web- not further specify the modalities and applicable jurisdic- sites viewed in the US jurisdiction would need to comply tion of the platform monitoring, but its Data Use Policy with the corresponding ADA provisions33. states that user data can be processed to keep “Facebook products, services and integrations safe and secure”41. 9. Council of Europe’s ministers call for 13. “Notice and takedown” international jurisdictional or “notice and staydown”? standards to prevent libel German and French courts tourism disagree on ISP responsibility The Council of Europe’s Committee of Ministers has Two recent decisions in Germany and French took differ- called for jurisdictional standards in a Declaration on July ent stances with regard to the responsibility of ISPs and 4, 2012 to prevent forum shopping in defamation cases. file-hosting services42 in dealing with pirated content. In a It stressed that the legal uncertainty due to different case involving game producer Atari and the Swiss file- standards for the assertion of jurisdictions is “especially locker Rapidshare, the German Federal Court of Justice true for web-based publications” and refers to the prin- ruled43 that though Rapidshare is not directly liable for ciples outlined in the 2011 Joint Declaration on Freedom copyright infringements by its users and does not gener- of Expression on the Internet34 (UN, OSCE, OAS, ACHPR), ally have to monitor user uploads, it must take “techni- which stipulates that jurisdiction in Internet content cally and economically reasonable precautions (without cases “should be restricted to States to which those cases compromising its business model)” to guarantee that have a real and substantial connection”. flagged content stays down. In contrast, the French Su- preme Court ruled that “take-down, stay-down” decisions 10. President of Panama plans by lower courts violate EU and French law.44 to propose global regulation of IP numbers to United 14. Brazil might adopt ‘right Nations to be forgotten’ in its jurisdiction During a speech at the ITU Connect Americas Summit35 2012 in Panama City, Panama’s President R. Martinelli A ‘right to be forgotten’ could be adopted in Brazil’s Mar- announced he would propose to the United Nations to co Civil da Internet45, a comprehensive bill to establish a regulate global IP numbers36 in order to guarantee that regulatory framework for the use of the Internet, which is publications on the Internet can be traced back to the currently discussed in Parliament. A. Molon, a key author publisher. Moreover, he stressed the need to establish of the Marco Civil, recently amended46 the proposed a right to be forgotten in form of an expiration date for legislation after public consultations and added the right posts on the Internet. of users to have their personal data deleted upon their request. 34 15. Hungary calls upon US 18. Irish Data Protection authorities to shut-down an Authority reviews if Facebook anti-Semitic website outside adopted recommendations its jurisdiction The Irish Office of the Data Protection Commissioner Hungary’s Prime Minister called upon US authorities to conducted an on-site audit in Facebook’s global Dublin shut down the right-wing extremist website kuruc.info, headquarters51 to control the implementation of “a wide which is the “Hungarian centre of anti-Semitism”. Since range of best-practice improvements”. According to Busi- the site’s Top-Level Domain .info is operated by Afilias, nessweek, this second privacy audit by Irish authorities which is headquartered in Ireland, and its servers are has been triggered by pressure from the French regulator based in the US, Hungary cannot assert executive jurisdic- CNIL52, which currently reviews Google’s and tion47 to shut-down the website. policies. The Irish report is expected for September 2012. 16. WordPress-based Pirate Bay 19. Proposed US bill couples proxy shut down in Dutch US-Russian trade relations jurisdiction with free access to US digital The Court of The Hague obliged Dutch hosting company goods and services Greenhost to shut down a WordPress-based proxy site it In response to a new law in the Russian jurisdiction53 that ran. The proxy allowed users to cybertravel48 and access allows to blacklist and shut down illegal websites, US the torrent link library The Pirate Bay, despite currently Senator R. Wayden amended a proposed bill on perma- established ISP blocks in the Dutch jurisdiction49. nent normal trade relations with Russia. The new draft stipulates annual audits to control if Russia restricts the 17. Online video platforms access54 to US digital goods and services, including online need to filter videos ex-ante platforms such as YouTube. in Chinese jurisdiction 20. Terms of Use of London Under a new rule issued by the State Administration of Olympics website forbid Radio, Film and Television and the State Internet Infor- mation Office, Internet video platforms operating in defamatory links to it China are obliged to pre-screen videos uploaded by their The Terms of Use55 of the website of the London Olym- users50. The rules do not further specify standards or ap- pics, london2012.com, stipulate that persons creating plicable penalties. links to the site “agree that no such link shall portray us or any other official London 2012 organisations (or our or their activities, products or services) in a false, misleading, derogatory or otherwise objectionable manner”. Visitors of the website are furthermore automatically “legally bound”56 to its Terms of Use, which are established under the jurisdiction of England and Wales.

REFERENCES

1 UN Human Rights Council 4 The New York Times 7 Justia US Law (22.6.2012). California vacations if you (5.7.2012) The promotion, (6.7.2012). The United Nations DFSB Kollective Co. Ltd. et al get sued. protection and enjoyment of affirms Internet freedom as a v. Bourne et al - document 46. human rights on the Internet” basic right, now what? 10 TechDirt (28.12.2011). 8 Technology & Market- Copyright tourism: Korean 2 Internet Declaration 5 Arstechnica (2.7.2012).Anti- ing Law Blog (29.6.2012). Can companies sue guy from Aus- (5.7.2012). Declaration of Inter- SOPA veterans issue declara- Korean copyright owners sue tralia for copyright infringe- net freedom. tion of Internet freedom. Australian defendants in Cali- ment... In California. fornia? Judges disagree–DFSB 3 European Journal of Inter- 6 Technology & Marketing Kollective v. Bourne. 11 NTIA (2.7.2012). Commerce national Law Blog (23.7.2012). Law Blog (28.12.2011). Why are department awards contract UN human rights council con- Korean copyright owners suing 9 Forbes (7.11.2012). Having a for management of key inter- firms that human rights apply an Australian infringer in San Facebook or Twitter account net functions to ICANN. to the Internet. Jose, California? shouldn’t mean mandatory

35 12 NTIA (10.3.2012). Notice - 23 ZDNet (14.5.2012). ACTA 34 Council of Europe data on the Internet, accord- Cancelled Internet Assigned sees official referral to ECJ (4.7.2012). Declaration of the ing to Civil Framework. Numbers Authority (IANA) over rights. Committee of Ministers on Functions - Request for the desirability of interna- 46 Telegeography (13.6.2012). Proposal (RFP) SA1301-12-RP- 24 Micheal Geist (11.7.2012). tional standards dealing with Brazilian legislator amends net IANA. Opinion. forum in respect of defama- neutrality rules; commission tion, “libel tourism”, to ensure to vote on draft soon. 13 The Register (3.7.2012). 25 ZDNet (11.7.2012). Canada freedom of expression. ICANN’s overlordship of the trade deal no longer borrows 47 Diplo Internet Gover- internet confirmed again by from ACTA: EU. 35 ITU (2.7.2012) ITU Connect nance (6.7.2012). Debate rages US gov. Americas. in Hungary over who has the 26 The Guardian (4.7.2012). power to shut down a website. 14 PCWorld (3.7.2012). ICANN Acta down, but not out, as 36 Telemetro.com (2.7.2012). keeps control over IANA Europe votes against contro- Martinelli proposed control IP 48 Wikipedia (27.3.2014). Internet root. versial treaty. numbers to the UN. Proxy server.

15 ZDNet (3.7.2012). ICANN 27 Micheal Geist (9.7.2012). 37 Twitter (2.7.2012). Twitter 49 TorrentFreak (5.7.2012). resumes responsibility for ACTA lives: How the EU & transparency report. ISP: Bittorent traffic increased internet numbering function. Canada are using CETA as after PirateBay blockade. backdoor mechanism to revive 38 DigitalTrends (2.7.2012). 16 Bloomberg (10.7.2012). ACTA Twitter ‘transparency report’: 50 Bloomberg Businessweek Google privacy report due in U.S. government tops user (11.7.2012). China wants to cen- September, France’s CNIL Says. 28 TechDirt (11.7.2012). CETA data requests. sor online video. is now slightly less like ACTA 17 Net Initiative (18.12.2010). (but still similar, and still 39 CNet (13.7.2012). Facebook 51 Bloomberg (9.7.2012). Face- Kyrgzstan. secret). scans chats and posts for book gets Ireland audit over criminal activity. changes after privacy probe. 18 Net Initiative (2007). Inter- 29 EurActiv (19.7.2012). net filtering in the common- Brussels to unveil EU cloud 40 Facebook (16.7.2012). 52 Bloomberg (10.7.2012). wealth of independent states computing strategy. Information for law enforce- Google privacy report due in 2006-2007. ment authorities. september, France’s CNIL Says. 30 ZDNet (1.3.2012). Google’s 19 CitizenLab (12.7.2012). privacy policy comes under 41 Facebook (16.7.2012). Data 53 CNet (11.7.2012). Russia’s Routing gone wild: Document- EU probe. use policy. parliament approves Internet ing upstream filtering in Oman blacklist law. via India. 31 Bloomberg (10.7.2012). 42 PC World (16.7.2012). Ger- Google privacy report due in man, French courts disagree 54 National Journal 20 ArsTechnica (12.7.2012). September, France’s CNIL says. on responsibility of ISPs for (17.7.2012). Trade bill takes aim Internet content blocking illegal content. at Russian net censorship. travels downstream, affects 32 Technology & Market- unwary users. ing Blog (26.6.2012). Will the 43 TorrentFreak (14.7.2012). 55 Olympic.org (13.7.2012). floodgates open up for Ameri- Supreme court: Rapidshare London Olympics 21 Herdict Blog (18.7.2012), cans with Disabilities Act liable for copyright infringe- Omani users subject to India’s (ADA) claims against websites? ment – sometimes. 56 Tech Dirt (13.7.2012). content filterin due to “up- National Association of the Olympic level ridiculousness: stream filtering”). Deaf v. Netflix. 44 Edri (16.7.2012). French You can’t link to the Olympics supreme court decisions. website if you say something 22 European Parliament 33 Forbes (6.7.2012). A judge mean about them. (4.7.2012). European Parliament just broke the Internet. 45 Bol Noticias (4.7.2012). rejects ACTA. User can request to delete

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-july-references

36 AUGUST

1. India cracks down on 2. South Korean court online content that stirs declares real-name online violence in its jurisdiction, law unconstitutional needs US assistance to trace The South Korean Constitutional Court ruled on August origins 23, 2012 that the real name obligations under the 2007 10 Indian authorities have blocked 245 webpages and asked Information Communications Law were unconstitutional US based online platforms to take down “inflammatory since they violate the freedom of speech. The law re- content” 1. Doctored images and videos that circulated quired websites with over 100.000 daily visitors to verify mainly on YouTube, Facebook and Twitter2 created panic their identity by entering their resident ID number. The among migrants from the northeastern Assam state in rule, which also applied to certain popular newspaper other Indian regions, who feared retaliations for clashes sites, was intended to limit the spread of false rumors and between tribes in Assam. Google and Facebook3, which defamatory content online. According to the Court, there have offices in India, quickly begun cooperating with the was however no significant drop in illegal online posts local authorities to delete the sites in question. Microb- since the law has been enacted. Moreover, it was noted logging service Twitter, which has no offices or servers in that the law was detrimental to local online platforms, the Indian jurisdiction4, later agreed to delete six ac- since many South Koreans chose to rather use online plat- counts that pretended to be the Prime Minister’s Office. forms based in third countries. US-based online platform According to information provided by the online plat- Google, for example, refused in 2011 to implement the 11 forms in question, the inflammatory posts were coming law on its services, except for Google Plus, and advised from Pakistani Internet users. Unable to identify the per- Korean YouTube users to upload videos via the YouTube petrators themselves, India officially asked US authorities5 portal of another country. for assistance to track down their identity. The Indian government demands a permanent solution to manage Read further: 12 the relations with online platforms incorporated in third BBC: South Korea’s real-name net law is rejected by court countries and proposed a United Nations Committee for Wall Street Journal: South Korea Court Knocks Down 13 Internet-Related Policies that would provide arbitration Online Real-Name Rule and dispute resolution6 between platforms and states in New York Times: South Korean Court Rejects Online 14 similar cases. Name Verification Law

Read further: 3. New generic TLDs: Saudi Times of India: India to seek US help to track down origins Arabia objects to 163 strings of offensive web pages7 including .gay, .sex and .islam New York Times: After violence in India, a Crackdown The Kingdom of Saudi Arabia has filed 163 official objec- online 8 tions at ICANN15 to the proposed new generic Top Level Mail Online India: Google tweets get in touch with Uncle Domains (gTLDs). ICANN received 1930 applications for Sam: Social networking sites don’t give government de- new strings that can be commented until September 26, tails on North East hate sites9 2012. Among the strings that the Saudi Arabian Commu- nication and Information Technology Commission (CITC)

37 under the user name “Abdulmjid” objects are .gay16, .sex, 5. Irish audit not enough .porn, .islam or .bible. The CITC argues, for example, that .wine would promote “substances detrimental to public – Germany reopens order and morals and prohibited in a number of religions investigations in Facebook’s and cultures.” or that .catholic should not be attributed facial recognition to the Catholic Church. Other governments are equally technology 17 objecting certain new strings : Argentina filed a complaint The German Data Protection Commissioner of the state with regard to .patagonia, claiming it should relate to the Hamburg, Johannes Caspers, relaunched the German region and not the company. Australia is opposing .navy investigation in Facebook’s facial recognition technology29 and .oldnavy due to a national law that prohibits anyone after prior investigations were suspended in June 2012. who is not a navy member to use the word without prior Ongoing audits in the Irish jurisdiction, where Facebook’s permission. ICANN has set up a dispute resolution pro- international headquarters are located, resulted in an 18 cess that will consider the formal objections after the agreement that the biometric tagging feature remains comments period closes. temporally disabled for European users who joined the network after July 1, 2012. Although the biometric data- Read further: base appears to be legal in the Irish jurisdiction30, Germa- 19 ICANN: Overview of gTLD application comments ny claims it is illegal under German and EU law. Moreover, Wired: Saudi Arabia contests 160 TLDs, including .catho- Caspers demands the deletion of biometric data collect- 20 lic, .islam and .baby ed in Germany. The investigation was reopened after the Reuters: Religious groups vie for new Web domain dialogue with Facebook officials did not result in changes 21 names of the platform’s Terms of Service and opt-out policy.

4. Facebook reluctant to take Read further: down racist page that likely CNET: Why you should be worried about facial-recogni- breached Australian law tion technology31 Forbes: Germany Is Freaking Out About Facebook’s Facial US-based social network Facebook was reluctant to take Recognition Feature (Again)32 down a Facebook page that was probably operated by ZDnet: Facebook must destroy facial recognition data – an Australian user and contained racist content about or get users’ approval, Germany decides33 Aboriginals.22 Only after the Australian Communications and Media Authority and the Australian Human Rights Commission began investigations on grounds of a poten- 6. US authorities give back tial breach of Australia’s Racial Discrimination Act and seized domains of Spanish public protest increased, the owner of the site “Aboriginal Rojadirecta site 23 Memes” took down the contested images . The Facebook As part of the US Immigration and Customs Enforcement’s page itself was deleted on August 8, but reappeared on “Operations in Our Sites” crackdown on US-registered do- August 31 under the same name, attracting over 10.000 mains, the .org and .com domains of the Spanish sports- likes. Facebook initially argued that the page did not TV link library Rojadirecta, which were bought via a US- violate its internal platform rules on hate speech, as laid based registrar, were seized in 2011. It was not clear if the down in the Terms of Service “Statement of Rights and page was illegal under Spanish copyright law. On August 24 Responsibilities” . Prior to this controversy, the Australian 2012 the case was dismissed in the US jurisdiction and Advertising Standards Bureau ruled that companies are the domains handed back34, after the Spanish operators responsible for the public comments users left on their appealed the seizure in a US court. It is unknown if the 25 Facebook page . This raised questions about the culpa- US will be held accountable for the seizure on improper bility of non-Australian companies under Australian law criminal copyright infringement charges. for user-generated content that can be accessed on the Australian territory. 7. Wikipedia does not operate Read further: servers in UK jurisdiction due SBS World News: Racism laws fail in the world wild web26 to strict libel laws : Racist Facebook page labelled ‘humour’27 Wikipedia does not operate any servers on British ter- Sydney Morning Herald: Contents removed from racist ritory35. Its founder Jim Wales stated at a conference in Facebook page28 London that it would have been impossible to found Wikipedia in the UK. Having servers located in the British jurisdiction would be an unpredictable risk that could cause “friction” for a global platform like Wikipedia due to the strict libel laws and high financial penalties.

38 8. Pakistan orders ISPs to 12. Google changes its block numerous scandalous search algorithm to punish websites in its jurisdiction copyright infringing websites The Pakistani Telecommunications Authority has obliged Google Search’s newly updated algorithm is processing all Pakistani ISPs36 to block 15 websites that were deemed the number of valid copyright removal notices the plat- to be “scandalous”. Among these websites was one page form receives from various national jurisdictions to calcu- that hosted the recordings of a “sensual” conversation late the ranking position43 of a given website. Takedown between two sitting parliamentarians. Activists detect a requests for other Google services including YouTube and change in Pakistan’s censorship regime37 from pornography Blogger are not included44 in the new ranking methodol- and blasphemy towards blocking for political purposes. ogy. 9. Ukrainian authorities seize 13. Order to block Facebook servers of large Bittorrent in Brazilian jurisdiction site operated from Mexico for non-compliance with The Ukrainian Ministry of Internal Affairs has raided the national election law servers of the popular Bittorent site Demonoid38 that was dropped after 24h operated from Mexico and stored its data at the Ukrai- A judge of an electoral court in Florianopolis ruled on Au- nian ISP Colocall. The news site TorrentFreak states that gust 10, 2012 that Facebook should be blocked in Brazil45. 39 Demonoid did probably not contravene Ukrainian law The US-based online platform allegedly refused to take and claims that the seizure was provoked by pressure down a page that contained offensive content against a 40 from the US. In the past, Demonoid changed its TLD local politician who is running for reelection. The defama- from US-based .com to Montenegro’s .me and later to the tory information was negative and anonymous, which is Philippine .ph to escape the US jurisdiction. illegal under Brazilian electoral law46. 24 hours after the initial ruling, another judge reversed the order to block 10. German ISPs must disclose Facebook. identity of illegal filesharers to rights owners, Federal 14. New Zealand Law Court rules Commission demands Germany’s Federal Court of Justice ruled that ISPs are criminalizing cyberbullying obliged to reveal the identity of illegal filesharers41 upon The Law Commission of New Zealand has called for the request by the respective copyright holders. Prior to this criminalization of cyberbullying in its jurisdiction, similar ruling, ISPs had to reveal the identity of pirates only if to measures undertaken in the USA, UK and Australia. copyright-protected material was shared for profit or at a The Commission suggests the establishment of a Com- commercial extent. munications Tribunal that would not only have the power to name-and-shame offenders, but also to force ISPs and 11. New York Judge rules that websites to takedown content47 that causes serious dis- Facebook friends can share tress and mental harm. Moreover, ISPs would be obliged others’ profiles with law to reveal the identity of offenders. The proposed legisla- enforcement tion is targeting persons aged over 14 years. A US District Judge ruled on August 10, 2012 in a New 15. German Cabinet in favor York City racketeering trial that Facebook friends can of draft law that charges legally share their friends’ profiles with law enforcement agencies: The defendant’s “legitimate expectation of pri- fees to news aggregators in vacy ended when he disseminated posts to his “friends” German jurisdiction because those “friends” were free to use the informa- The German government approved a new copyright bill tion however they wanted-including sharing it with the that would require Google News and other news aggrega- Government”42, the judge concluded. The ruling sets new tors to pay a fee for reproducing snippets of news articles standards for defining privacy and civil liberties with on their portals.48 The draft law aims at better protecting regards to the usage of social media platforms in the US publishing houses by redistributing revenues from the ag- jurisdiction. gregators to newspapers. Simple links aggregations as on Twitter or RSS feeds and the quoting of published articles should remain legal and free of charge in the German jurisdiction.

39 16. FTC settles with Facebook Era by the Appropriate Treatment of Users’ Information and Improvement of IT literacy” that defines standards in US jurisdiction on privacy for the governance of personal data on mobile apps. In standards for global users the absence of specific laws in the Japanese jurisdiction, The US Federal Trade Commission (FTC) has approved a the guidelines recommend what information and ele- final settlement49 with Facebook over its privacy policies50 ments the Terms of Service of mobile apps providers that will have an impact on Facebook’s global users be- should include54. yond the US jurisdiction. The settlement states that Face- book needs to obtain the “affirmative express consent” 19. Jordan’s Communications from its users before sharing their personal data with Ministry urges ISPs to block third parties, including Facebook apps, if the information pornographic websites sharing ”materially exceeds the restrictions imposed by a user’s privacy setting(s)”. It rests unclear what is meant by In response to a Facebook campaign with over 10,500 “materially exceeds”.51 supporters against online pornography, the Ministry of Information and Communications Technology urged Jor- 17. Malaysian websites and Bar danian ISPs to block porn sites55. A new draft legislation would provide the Jordanian government with far-reach- protest against Evidence Act ing powers to censor and block56 online content. Activists amendments on liability for organized an Internet blackout day to protest against the online publications new policies. A number of Malaysian websites52 and the Malaysian Bar53 have protested against the new Section 114A amendment 20. Google Inc sued for to the Evidence Act. The law is designed to facilitate the defamatory search results in identification of anonymous publishers and states that “A Hong-Kong person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host, A Hong-Kong based entrepreneur is suing Google Inc administrator, editor or sub-editor, or who in any man- for defamation in its English and Chinese search re- 57 ner facilitates to publish or re-publish the publication is sults . Although search engines are usually not liable for presumed to have published or re-published the contents algorithmically generated search results, inaction upon of the publication unless the contrary is proved.” legal requests to delete results may result in a secondary liability. Google.com.uk has already removed three search items. The new search result indicates the number of de- 18. Japan publishes privacy leted items. It informs the user that Google responded to policy guidelines for mobile a legal request and refers to Chillingeffects.org for more apps information. The Japanese Ministry of Internal Affairs and Communica- tions has published a report titled “Innovation in the New

REFERENCES

1 BBC (22.8.2012). India 5 The Register (21.8.2011). 9 Daily Mail (22.8.2012). 12 BBC (23.8.2012). South targets social media sites after India shutters sites and social Google tweets get in touch Korea’s real-name net law is Assam violence. media accounts. with Uncle Sam: Social rejected by court. networking sites don’t give 2 The Center for Internet and 6 The Times of India government details on North 13 The Wall Street Journal Society (22.8.2012). Analys- (25.8.2012). Internet regulation East hate sites. (24.8.2012). South Korea court ing latest list of blocked body on India’s agenda at UN. knocks down online real-name sites (communalism & rioting 10 The Korea Times rule. edition). 7 The Times of India (23.8.2012). Online real-name (21.8.2012). India to seek US system unconstitutional. 14 The New York Times 3 Reuters (21.8.2012). India help to track down origins of (24.8.2012). South Korean cracks down on Internet after offensive web pages. 11 ZDNet (9.8.2011). Google court rejects online name communal violence. refuses compliance with verification law. 8 The New York Times Korean real-name law but 4 The Hindu (25.8.2012). (26.8.2012). After violence in imposes it on G+ users. 15 Computerworld (15.8.2012). Twitter removes fake PMO India, a crackdown online. .gay, .wine, .porn and .sexy accounts. among gTLDs objected to by Saudi Arabia.

40 16 BBC (14.8.2012). Saudi 28 The Sunday Morning 38 BBC (7.8.2012). Large 48 Spiegel (30.8.2012). As- Arabia opposes .gay internet Herald (8.8.2012) Contents Ukraine-based BitTorrent site sault on Google News: Berlin domain name. removed from racist Facebook Demonoid shut down. cabinet approves new web page. copyright law. 17 CNN (14.8.2012). Saudi Ara- 39 TorrentFreak (6.8.2012). bia objects to .gay and .islam 29 The New York Times Demonoid busted as a gift to 49 Federal Trade Commission domain names (15.8.2012). Germans reopen the United States government. (10.8.2012). Facebook Inc. investigation on Facebook 18 ICANN (15.8.2012). Objec- privacy. 40 TorrentFreak (2.12.2012). 50 The New York Times tion and dispute resolution. Sensing danger, demonoid Bit- (11.8.2012). Letting companies 30 ArsTechnica (15.8.2012). torrent tracker ditches .com settle while denying guilt. 19 ICANN (15.8.2012). Com- Germany: Facebook must domain. ment forum. destroy facial recognition 51 Out-Law (13.8.2012). US database. 41 Music Week (15.8.2012). regulator unclear as to Face- 20 Wired (15.8.2012). Saudi German ISPs must disclose book’s third party data sharing Arabia contests 160 TLDs, 31 CNet (30.8.2012). Why pirate identities to copyright obligations. including .catholic, .islam and you should be worried about holders, court rules. .baby. facial-recognition technology. 52 The Register (15.8.2012). 42 Gigaom (25.8.2012). Malaysian websites go dark to 21 Reuters (31.8.2012). Reli- 32 Forbes (16.8.2012). Ger- ‘Friends’ can share your Face- protest Evidence Act. gious groups vie for new Web many is freaking out about book profile with the govern- domain names. Facebook’s facial recognition ment, court rules. 53 Malaysia Chronicle feature (again). (13.8.2012). Repeal Section 22 The Age (8.8.2012). Con- 43 Google (10.8.2012). An up- 114A of Evidence Act - Malay- tents removed from racist 33 ZDNet (16.8.2012). Face- date to our search algorithms. sian Bar tells govt. Facebook. book must destroy facial recognition data - or get users’ 44 Search Engine Land 54 DataGuidance (23.8.2012). 23 Daily Mail (9.8.2012). approval, Germany decides. (10.12.2012). The Pirate update: Japan: New guidelines help Facebook forced to take down Google will penalize sites re- mobile apps set up their pri- racist page which branded 34 Arstechnica (29.12.2012). peatedly accused of copyright vacy policies. Aborigines ‘petrol-sniffing Government admits defeat, infringement. drunks’. gives back seized Rojadirecta 55 MENAFN (1.8.2012). Jordan domains. 45 The Times of India Internet freedom activists 24 Facebook (15.11.2013). (11.8.2012). Facebook case slam ministry’s call to block Statement of rights and re- 35 The Register (8.8.2012). dropped by Brazilian court. porn sites. sponsibilities. Jimbo Wales: Wikipedia serv- ers in UK? No way, not with 46 DCI (11.8.2012). Judge 56 Techpresident (31.8.2012). 25 The Huffington Post your libel law. suspends decision to take Jordanian websites go dark in (9.8.2012). ‘Aboriginal memes’ Facebook off air protest of proposed legisla- Facebook page deemed racist 36 The News (11.8.2012). PTA tion to censor internet. in Australia; social network orders blocking of scandalous 47 The National Business Re- pressured to take it down. stuff on internet. view (15.8.2012). Law Commis- 57 Global Voices (12.8.2012). sion wants name-and-shame, Hong Kong: Google search 26 SBS News (26.8.20123). 37 Electronic Frontier Foun- take-down measures against engine sued for defamation. Racism laws fail in the world dation (16.8.2012). Pakistan’s cyberbullies. wild web. internet censorship worsens... again. 27 Stuff.co.nz (8.8.2012). Racist Facebook page labelled ‘humour’.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-august-references

41 SEPTEMBER

1. YouTube complies with 2. File-sharing for personal electoral court order in use declared legal in Brazil Portuguese jurisdiction Google Brazil removed two YouTube videos1 that In January 2011, the Portuguese entertainment industry infringed the 1965 Electoral Code, after its final appeal group APACOR filed a complaint9 with the Portuguese De- was denied. An electoral judge in Mato Grosso do Sul partment of Investigation and Penal Action against 2000 state ruled2 that two user-uploaded YouTube videos unknown users of peer-to-peer networks based on their contravened the strict pre-electoral Brazilian law since IP-address for pirating movies. A Portuguese prosecutor they offended the “dignity or decorum” of a candidate decided that the non-commercial sharing of copyright- running for local elections. Google’s country director was protected files for personal use does not infringe Portu- shortly detained after the company refused to comply3 guese law10 and argued11 that the protection of copyright with the initial court order arguing4 that the video did needs to be balanced with the “right to education, culture not violate the YouTube Community Guidelines5 and and freedom of action in cyberspace”. Moreover, the pros- that the platform should not be liable for user-generated ecutor came to the conclusion that IP-addresses are not content. YouTube was recently involved in two similar sufficient evidence to identify a person. Judges in Florida pre-electoral cases. A judge in Parana state ordered and California12 pronounced recently similar rulings on that Google Brazil should pay $500.000 per day until the use of IP-addresses. APACOR intends to overturn the it removed a video. Another ruling in Paraiba state that prosecutor’s decision by launching new legal actions. ordered the arrest of another Google executive for not removing a video was overturned by a higher court 24 Read further: hours later. TorrentFreak: File-sharing for personal use declared legal in Portugal13 Read further: ZDNet: P2P files-sharing for private use is legal in Portugal, Reuters: Google exec in Brazil faces arrest over elections court rules14 law6 ArsTechnica: Personal file-sharing is legal in Portugal, CircleID: Understanding the Brazilian court decision to prosecutor says15 arrest Google’s representative7 Times of India: Google blocks YouTube’s political video in Brazil8

42 3. Anti-Islam YouTube video 5. Six strikes system to be blocked and taken down in implemented by ISPs in US multiple jurisdictions jurisdiction in 2012 The anti-Islam video “Innocence of Muslims” that was The alliance of five major US ISPs (AT&T, Cablevision, Com- produced by a US citizen and uploaded on YouTube cast, Time Warner Cable and Verizon) and the rightshold- stirred up protests and riots in multiple countries around ers groups Motion Picture Association of America (MPAA) the world. Google initially decided to take down the and Recording Industry Association of America (RIAA) video in Egypt and Libya16 to prevent further escalations. has announced that the Copyright Alert System will be However, the company refused to comply with a demand launched in 201237. Also known as “six strikes” system, it by the White House17 to shut down the video globally, be- will be administered by the Center for Copyright Infor- cause it does not infringe YouTube’s Terms of Service and mation. The participating ISPs cover collectively three- community guidelines for hate speech. As a reaction, Af- fourths of all US Internet users. The service providers ghanistan18, Pakistan and Bangladesh19 blocked the entire will implement monitoring measures to allow third-party platform in their jurisdictions. Google complied with lo- companies to detect copyright infringements of their cli- cal demands by courts and governments after a “through ents. Users will be warned to trigger behavioral changes. review”20 and blocked the access to the video in various Once they reach the fifth and sixth warning rounds, ISPs jurisdictions including Malaysia21, Singapore22, Jordan23, are going to resort to so-called “Mitigation Measures” Russia24, India25 and Brazil26. A Californian judge27 affirmed that are developed at the discretion of the different ISPs. that the video can remain online in the US jurisdiction. These can include reduced bandwidth or automatic start- pages with educational information. Moreover, rights- Read further: holders could file lawsuits against the users. It is possible New York Times: Google has no plans to rethink video that ISPs might even choose to ultimately disconnect38 status28 their clients, similar to the HADOPI39 three strikes system Economist: Internet freedom: free to choose29 implemented by law in the French jurisdiction. Foreign Policy: The innocence of YouTube30 Read further: 4. Linking can constitute Center for Copyright Information: Memorandum of Un- a form of copyright derstanding40 infringement, Dutch court Center for Copyright Information: Copyright Alert Sys- rules tem41 ArsTechnica: “Six strikes” Internet warning system will The Court of Amsterdam decided31 that hyperlinks to come to US this year42 copyright-protected content constitutes under certain circumstance a violation of the copyright law in the 6. Argentinian Court Dutch jurisdiction. In October 2011, the Dutch website orders Google to remove GeenStijl32 published a link to a zip file on its website that defamatory search results contained Playboy pictures of a Dutch model. The file was hosted on the Australian platform FileFactory.com and The Argentinian Court of First Instance ordered Google uploaded by an unknown user. The leaked pictures were Inc.43 to remove the search results that connected a planned to appear in the Dutch December 2011 Playboy model with sexual images “permanently”, stressing that issue. When FileFactory removed the file, GeenSijl pro- this kind of filtering is technically feasible. The court ar- vided links to further copies33. The judge decided that the gued that Google Inc. made unauthorized commercial use hyperlinks constituted a “publication” as they fulfilled the of the model’s erotic images and violated her personal following criteria: intervention (without the publication rights. The US-based company was obliged to pay a com- of the link, the URL would have remained unknown), audi- pensation of 35.000 USD in the Argentinian jurisdiction. ence (GeenStijl created an audience for the protected images) and profit (the website generated revenues with 7. Philippine’s Cybercrime the attracted traffic). Prevention Act has broad definition of jurisdiction Read further: Future of Copyright: Dutch Court: hyperlinks on website The new Philippine Cybercrime Prevention Act of 2012 44 can constitute copyright infringement34 assumes jurisdiction “over any violation of the provi- PC World: Linking to infringing material can violate copy- sions of this Act including any violation committed by right, says Dutch court35 a Filipino national regardless of the place of commis- TechDirt: Dutch Court Says Linking Can Be A Form of sion… if any of the elements was committed within the Copyright Infringement36 Philippines or committed with the use of any computer system wholly or partly situated in the country, or when

43 by such commission any damage is caused to a natural or 12. European Court of Justice juridical person who, at the time the offense was com- mitted, was in the Philippines.” The law includes a variety to rule on legality of of provisions regarding cybercrime and libel, and outlaws downloading copyright- “cybersex”. protected material for personal use 8. Irish DPA orders The Dutch Supreme Court asked the European Court of Facebook to suspend facial Justice51 to decide if the download of copyright-protected recognition feature in EU material, including the download from illegal sources, is jurisdiction legal for personal use. Whereas the Dutch jurisprudence considers that these downloads might be legal, the Eu- Facebook’s international headquarters, located in Dublin, ropean Copyright Directive could stipulate that making has agreed with the request by the Office of the Irish Data personal copies from illegal sources is illegal. Protection Commissioner45 (ODPC) to delete all image “templates” of EU citizens, which are stored by the com- pany to enable the facial recognition feature that sug- 13. Iran blocked Google Mail gests tags in images. The ODPC’s request went beyond the and Search in its jurisdiction requirements stipulated in its initial recommendations in Iran blocked for one week52 the access to the Google ser- response to demands from other European DPAs that lack vices Gmail and Google Search. Iran’s telecommunication jurisdiction over Facebook’s headquarters. ministry argued the block of the two Google services was “involuntary”and due to a lack of technical sophistication 9. Russian parliamentarians in implementing the block of YouTube, which is active want to ban online since 2009. anonymizers 14. Wikipedia threatens to A group of members of the Duma are planning to pro- pose amendments46 to the Federal Law “On Information, encrypt traffic to UK-based Information Technology and Information Security” and users if London passes the law “On the protection of children from information “snooper’s charter” harmful to their health and development”. They intend Wikipedia founder Jimmy Wales announced53 in front of UK to outlaw online tools like VPNs47 and proxies48 that mask parliamentarians that the platform would probably encrypt online activities and allow the circumvention of national all traffic to UK-based users if the draft Communications Internet blocks through cybertravel. Data Bill were to become implemented in the British juris- diction and ISPs be forced to monitor their users’ online 10. UK Health Department says activities. The encryption would ensure “that the local ISP IPSs should block suicide would only be able to see that you are speaking to Wikipe- websites dia, not what you are reading”, Wales said54. The UK Department of Health suggests49 in a new suicide prevention strategy to either oblige ISPs to offer Internet 15. Kyrgyzstan will monitor users the active choice to disable “harmful suicide-related .kg registered sites for hate content” or to introduce mandatory default blocks in the speech and discuss further UK jurisdiction. child protection measures Kyrgyzstan is about to introduce new measures to control 11. EU public consultation online activities in its jurisdictions. The State Committee reviews intermediary liability for National Security announced55 to implement a system and notice-and-action by April 2013 that scans .kg registered websites for hate notion in E-Commerce speech. Moreover, a bill to protect children56 from harm- Directive ful information on the Internet is currently discussed, which is modeled upon a law adopted in Russia57 in July The European Commission conducted a public consulta- 2012. tion50 called “A clean and open Internet: Public consulta- tion on procedures for notifying and acting on illegal 16. US state New York declares content hosted by online intermediaries”. The consulta- “viewing” pedophilia on the tion process reviews the intermediary liability provisions under the E-Commerce Directive that regulates cross- Internet illegal border online activities in the EU jurisdiction. It focuses A new bill was passed58 in the US state New York, which specifically on the notion of notice-and-action. outlaws the knowingly access of online child pornography “with intend to view”. The law was introduced after a New York state court came to the conclusion that “viewing”

44 child pornography online was not illegal under the exist- he did not “affirmatively assent” to the Terms when he ing 1996 law against the possession of pedophilia, since bought the contested item in the store and succeeded in files were not directly downloaded on a computer, but bringing Barnes & Nobles before a court. only stored temporally. 19. Google removes torrent 17. Indian government library The Pirate Bay from initiates talks with all Autocomplete and Instant stakeholders on censorship search results after Assam riots In its efforts to decrease online copyright infringement, Google Search added the Swedish torrent links library As a consequence of the wake of sites that Indian authori- The Pirate Bay to its blacklist62 of blocked Autocomplete ties blocked59 in their jurisdiction after the outbreak of and Instant search results. The blacklist measures result in the Assam riots, the Indian Department of Telecommuni- a noticeable traffic drop for concerned sites. cations and the Department of Electronics and Informa- tion Technology organized a multi-stakeholder consulta- 20. Uruguay receives adequate tion60 on legitimate censorship. The participating entities data protection label from include companies like Facebook and Google, ISPs, European Commission lawyers, civil society and the technical community. Uruguay succeeded in being recognized by the European Commission as having adequate data protection stan- 18. Terms of Service of dards63 in its jurisdiction that correspond to the EU Data an online store only Protection Directive. The decision opens the doors for enforceable with proof of European IT investment in the country. Other approved jurisdictions are Argentina, Andorra, Canada, Switzerland, notice in US jurisdiction? Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey and A US judge decided61 that Barnes & Nobles online store’s the US Safe Harbor regime. Terms of Service, which featured an “arbitration only” clause, are not enforceable without evidence that the customer took “notice of the terms”. The plaintiff argued

REFERENCES

1 BBC (28.9.2012). Google Bra- 7 Circle ID (27.9.2012). Under- 12 TorrentFreak (15.5.2012). 17 Mashable (15.9.2012). zil to take down controversial standing the Brazilian Court IP-address can’t even identify Google refuses to remove Brazil video. Decision to Arrest Google’s a state, Bittorrent judge rules. anti-Muslim YouTube video. Representative. 2 The Washington Post 13 TorrentFreak (27.9.2012). 18 Reuters (12.9.2012). (25.9.2012) Judge orders ar- 8 Times of India (27.3.2012). Files sharing for personal use Afghanistan bans YouTube rest of president of Google’s Google blocks YouTube’s declared legal in Portugal. to prevent viewing of anti- operation in Brazil. political video in Brazil. Muslim film. 14 ZDNet (27.9.2012). P2P file- 3 AP (26.9.2012). Google’s Bra- 9 TorrentFreak (7.1.2011). sharing for private use is legal 19 Computer World zil chief detained in YouTube Pirate party slams anti-piracy in Portugal, court rules. (18.9.2012). YouTube blocked in case. outfit for filing ‘illegal’ com- Pakistan and Bangladesh over plaints. 15 Arstechnica (27.9.2012). controversial video. 4 Google Brazil (27.9.2012). Personal file-sharing is legal in YouTube in Brazil. 10 The Register (27.9.2012). Portugal, prosecutor says. 20 Fox News (17.9.2012). Portugal’s prosecutor punts YouTube expands blocks to 5 YouTube (27.3.2012). Re- P2P case. 16 The New York Times anti-Islam film. porting center. (14.9.2012). As violence spreads 11 Exame Informatica in Arab world, Google blocks 21 Malaysia Chronicle 6 Reuters (26.9.2012).Google (26.9.2012). Prosecutor says access to inflammatory video. (18.9.2012) Anti-Islam film still exec in Brazil faces arrest over that it is legal to copy music online in Malaysia, despite elections law. and movies on the Net. Google promises.

45 22 The Times of India 34 Future of Copyright 44 Arstechnica (19.9.2012). 55 Net Prophet (27.8.2012). (15.9.2012). Google blocks (13.9.2012). Dutch Court: New Philippine law outlaws Kyrgyzstan’s secret service to access to anti-Islam film in hyperlinks on website can cybersex. scour Internet for hate speech. Singapore. constitute copyright infringe- ment. 45 Out-law (21.9.2012). Face- 56 Net Prophet (17.9.2012). 23 Jordan Times (22.9.2012). book agrees to delete facial Net freedom under fire in Google blocks access to anti- 35 PC World (14.9.2012). Link- recognition image ‘templates’ Kyrgyzstan. Islam film trailer in Jordan. ing to infringing material can in response to EU privacy violate copyright, says Dutch concerns. 57 The New York Times 24 Reuters (1.10.2012). Russia court. (10.7.2012). Bill to restrict web bans controversial anti-Islam 46 Izvestia (21.9.2012). MPs content is assailed in Russia. video. 36 TechDirt (14.9.2012). Dutch ban anonymity on the Inter- court says linking can be a net. 58 WPTZ.com (7.9.2012). NY 25 The Times of India form of copyright infringe- law outlaws viewing child (1.10.2012). YouTube blocks ment. 47 Wikipedia (26.3.2014). vir- porn on Internet. anti-Islam video in India. tual private network (VPN). 37 TorrentFreak (28.9.2012). 59 The Times of India 26 Reuters (26.9.2012). Brazil ISPs and tracking company 48 Wikipedia (27.3.2014). (23.8.2012). Names of websites court orders YouTube to ready to start six-strikes anti- Proxy server. blocked by government leaked remove anti-Islam film. piracy scheme. online. 49 ISP Preview (10.9.2012). 27 Reuters (20.9.2013). Cali- 38 DigitalTrends (14.9.2012). New UK government strategy 60 The Hindu (4.9.2012). fornia judge rules anti-Islam The Copyright alert system: demands ISPs block suicide Government to hold talks film can stay on YouTube. What you need to know websites. with stakeholders on Internet censorship. 28 The New York Times 39 PCWorld (14.9.2012). 50 ComputerWorld (3.9.2012). (15.9.2012). Google has no French piracy law claims first EU wants to sneak in a mini- 61 TechDirt (10.9.2012). Barnes plans to rethink video status. (innocent) victim. ACTA by the backdoor – & Noble’s web terms of service Update. not enforceable without evi- 29 The Economist (6.10.2012). 40 TorrentFreak (3.9.2012). dence that they were seen. Free to chose. CCI-MOU 51 TorrentFreak (25.9.2012). EU court asked to rule on 62 TorrentFreak (10.9.2012). 30 Foreign Policy (5.10.2012). 41 Center for Copyright legality of downloading from Google adds PirateBay do- The innocence of YouTube. Information (11.9.2012). What is illegal sources. mains to censorship list. a copyright alert? 31 Andrea Sudo (12.9.2012). 52 BBC (1.10.2012). Gmail ac- 63 DataGuidance (4.9.2012). Sanoma, Playboy en Britt 42 Arstechnica (11.9.2012). cess restored inside Iran. Latin America: Uruguay re- Dekker tegen GeenStijl. “Six strikes” Internet warning ceives adequacy recognition system will come to US this 53 The Guardian (5.9.2012). from EU Commission. 32 Arstechnica (14.9.2012). year. Wikipedia founder Jimmy Dutch court rules linking to Wales attacks government’s photos is copyright infringe- 43 Diario Judicial (27.9.2012). ‘snooper’s charter’. ment. “Not all information on the Internet has the matching 54 Huffington Post (6.9.2012). 33 Kens5 (12.9.2012). Court: policy to guarantee freedom Jimmy Wales: Wikipedia will Dutch website hyperlink of expression”. encrypt uk users’ web history infringed copyright. if ‘snooper’s charter’ passed.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-september-references

46 OCTOBER

1. After US Megaupload 2. EU privacy watchdogs ask seizure, platforms opt Google to modify policies to for distributed server comply with European law architectures The French data protection authority CNIL, mandated by A US judge gave green light for a hearing concerning the Article 29 Working Party that unites European privacy the seizure of 1103 Megaupload servers located on US watchdogs, published the findings10 of its investigation territory that also contain legal content. Megaupload’s of Google’s privacy policy that was updated globally defense claims the seizure of the cloud-based file locker, on March 1, 2012 to create a unified standard across all incorporated in Hong-Kong, was a violation of due pro- Google services. Data protection authorities in Croatia, cess1 rights and potentially overbroad2. Since the location Lichtenstein, Canada and some Asian countries equally of the servers of cross-border online platforms such as participated in the coordinated European investigation. cloud-services can potentially determine the applicable For the first time, the Article 29 Working Group sent a jurisdiction, Megaupload founder Schmitz announced to joint letter11 to a company. They asked Google for modifi- launch a new service with automatic data encryption and cations of its privacy policy within the next four months a distributed server architecture3 across multiple territo- and outlined a number of recommendations12. Google’s ries to prevent one jurisdiction from unilaterally shutting policy to gather and combine user data13 from different down the platform. Likewise, The Pirate Bay announced Google services without the explicit consent of the users after a police raid4 at its Swedish hosting company to opt without a “valid legal basis” was highlighted among the for a server structure based on virtual machines in the list of flaws according to EU data protection standards. cloud5. The location of the cloud providers will be hidden since The Pirate Bay continues to operate the load bal- Read further: ancer6, located in a third country, and transit-routers. CNIL: Google’s new privacy policy: incomplete infor- mation and uncontrolled combination of data across Read further: services14 TorrentFreak: Megaupload seized data case will get a Guardian: Google privacy policy slammed by EU data hearing, court rules7 protection chiefs15 Wired: Megaupload is dead. Long live !8 New York Times: Europe Presses Google to Change Pri- ArsTechnica: The Pirate Bay ditches its servers, sets sail for vacy Policy16 the cloud9

47 3. Twitter uses geo-IP filtering 5. Beijing-based search engine for the first time to block Baidu asks to dismiss filtering Nazi account in Germany lawsuit in US jurisdiction On October 18, 2012 Twitter deployed for the first time In May 2011 eight residents of New York City filed a law- its geo-IP filtering technology. The micro-blogging plat- suit31 in the US District Court of Manhattan against .com form announced in January 2012 that the country-based registered Baidu.Inc and the Chinese government. Ac- filtering technology was ready17 to be implemented. cording to the complaint, the plaintiffs allege32 “a private Complying with a request from the Hanover police, Twit- company is acting as the arm and agent of a foreign state ter blocked the account of a neo-Nazi18 group for users to suppress political speech, and permeate U.S. borders with German IP addresses. According to Twitter’s policy, to violate the First Amendment” under federal US law and German users can still change their country setting to New York state law. They claimed a $17.44 million default “worldwide”19 to circumvent the automatic IP filter. Prior judgment33 in April 2012. The Chinese Ministry of Justice to the selective location filtering, Twitter already took stressed that the “execution of the request would infringe down content to comply with requests from local juris- the sovereignty or security of the People’s Republic of dictions. Earlier this year, Brazil filed an injunction20 to China”. In October 2012, Baidu’s defense argued for the remove tweets that warned drivers of police controls. In dismissal of the case since the Chinese government was France, the student union UEJF files a lawsuit21 against the not properly served according to international law: the US-based company to force the platform to remove racist Hague Convention does not authorize the delivery of tweets with the hashtag #unbonjuif, which was among the judicial documents with FedEx34. top trending topics of October in France. Read further: Read further: Reuters: Uphill fight for Baidu, China censorship lawsuit35 Spiegel: Twitter blocks Neo-nazi account in Germany^22 IP Osgoode: The Great Firewall of China in American New York Times: Twitter blocks German’s access to neo- court36 Nazi group23 Guardian: New Yorkers sue China over internet censor- ArsTechnica: Twitter blocks neo-Nazi account in Germa- ship37 ny—but not in rest of world24 6. US-based rating site 4. Defamation and takedown TripAdvisor could be liable requests: Facebook held liable for reputation damages in in Brazil, Google in Australia Scottish jurisdiction Facebook Brazil was held liable for the “moral dam- The review portal TripAdvisor, incorporated in Massa- age” caused by a fake profile of a Brazilian woman. The chusetts under US jurisdiction, could be held liable in the Brazilian court ruled that the Facebook Brazil failed to British jurisdiction for negative recommendations that a promptly remove the account, which contained images Scottish bed and breakfast received. The owner demands and personal data of the plaintiff, upon request. The court that allegedly false criticism be deleted from the plat- rejected Facebook Brazil’s argument that as the local sub- form. On October 10, 2012, TripAdvisor dropped the argu- sidiary of the US-based company it was not administering ment that it could not be brought before a Scottish small the platform and therefore the takedown request should claims court and conceded that it is subject to the local have been send to Facebook.com. The judge stressed25 Scottish jurisdiction38. that if a local subsidiary receives benefits from its Brazil- ian market presence, it should face the consequences of 7. Definition of “personal its conduct. In the Australian jurisdiction, Google was data” should include IP held liable by the Victoria Supreme Court26 for de- addresses and cookie famatory pictures that showed up next to the plaintiff’s company name in the search results despite his takedown identifiers, says EU privacy request. In a similar case in the Spanish jurisdiction27, body Google Spain was not held liable for defamation since the In its opinion39 concerning the planned EU General Data search engine is operated by Google’s headquarters in the Protection Regulation, the Article 29 Working Group US jurisdiction. demands to amend the definition of “personal data”40. In a proposed modification of a recital, the privacy body sug- Read further: gests to also consider “Internet Protocol addresses” and Times of India: Facebook fined $1500 for “moral damage”28 “cookie identifiers” that can lead to the identification of Search Engine Land: Google loses Australian defamation Internet users as personal data. case, awaiting decision on damages29 BBC: Google loses Australia “gangland” defamation law- suit30

48 8. Canadian and German 12. Cybertravel via web proxies data protection authorities blocked in Uzbekistan’s launch cooperation between jurisdiction jurisdictions The Uzbek ISP Uztelecom, which has the monopoly on In order to ensure a better protection of personal data connections to international networks, began blocking in cross-border online activities, Canadian and German the access45 to proxy servers that allow Uzbek Internet us- data protection commissioners signed an agreement41 ers to circumvent national content filters. The web prox- on October 15, 2012 that establishes a formal collabora- ies block has been installed in late September and initially tion between the two countries. The agencies agreed to only includes servers that contain the word “proxy” in collaborate on specific cases and share information on their domain. Uzbek authorities are planning to extend events and complaints. They plan to extend their collab- the block to all available proxies. orative model to other countries. 13. EU Commission works 9. Audio and video files stored on model terms for cloud- on foreign servers blocked in computing services Iranian jurisdiction As part of the EU cloud computing strategy, the Com- Iran began blocking certain audio and video files (MP3, mission plans to develop “model terms for cloud com- MP4, SWF, FLV)42 that are stored on servers in foreign puting46 service level agreements for contracts between jurisdictions. According to reports collected by the BBC, cloud providers and professional cloud users” by the end sites that contain embedded audio or video files are of 2013. Moreover, Brussels suggested that national data either displayed without multimedia content, or blocked protection authorities develop Binding Corporate Rules entirely. Audio and video files stored on servers based on for cloud operators and announced to work on an EU- Iranian territory can be accessed without restrictions by wide voluntary certification scheme that will be imple- Iranian residents. mented by 2014. 10. Google Inc. could face 14. Saudi Arabia calls for potential privacy class international cooperation action in Canadian province to filter the Internet for British Columbia public order A lawsuit, filed on October 4, 2012 in the British Colum- In the aftermath of the “Innocence of Muslims” video, bia Supreme Court, claims that the Gmail service of the Saudi Arabia highlighted in a submission to the UN World US-based company Google violates, among others, the Telecommunications Policy Forum47 the “need for inter- Privacy Act43 through the “interception, copying, scanning, national collaboration to address ‘freedom of expression’ retention and use of private email communications”. The which clearly disregards public order” plaintiff proposes a class action and seeks damages based on Google’s revenues generated with the alleged actions, 15. Brussels explores the use as well as an injunction to stop Gmail from using these of DNS blocks in European technologies without the consent of both email senders jurisdiction to fight illegal and receivers. online gambling 11. US Department of Justice The European Commission outlined its Action Plan on on- educates foreign judges and line gambling48 and announced to “enhance exchange of information and best practice on enforcement measures investigators on copyright and explore the benefits and possible limits of responsive theft enforcement measures, such as payment blocking and Announcing a new $2,4 billion US Justice Department disabling access to websites at EU level”. budget to fight Intellectual Property theft, US Attorney General Eric Holder said the US has “trained, educated, 16. Pakistan blocks 20.000 and met with thousands of foreign judges, prosecutors, websites with objectionable investigators, and policymakers” in over 100 different content jurisdictions. Furthermore, Holder stressed that since copyright crime is “global in nature”, increasing interna- The Pakistan Telecommunications Authority has blocked 49 tional engagement became a priority44. over 20.000 objectionable websites and blogs . Among these are sites that host content related to the “In- nocence of Muslims” movie. YouTube remains entirely blocked in the country, which interferes also with the ac- cess of other Google services from the Pakistani jurisdic- tion. 49 17. US music association 19. US authorities seize 686 targets foreign download websites for alleged sale of portals via WHOIS in US court fake drugs The US Recording Industry Association of America (RIAA) As part of the Operation in Our Sites initiative, US Home- obtained subpoenas in the US District Court of Colum- land Security and the US Department of Justice seized bia50 that order the WHOIS51 privacy services WhoisGuard, 686 websites53 that were registered with a US-based do- Protected Domain Services and GKG.net to reveal the IP main and accused of selling counterfeit and illegal drugs. and email addresses and other identity information of the The operation involved 100 jurisdictions and was coordi- operators of three music download portals. The websites nated by Interpol. in question are registered under .net, .com and .me do- mains and target Dutch and Spanish language audiences. 20. Automation errors: Microsoft DMCA notices 18. Turkish draft bill requires asked Google to block BBC ID and password to access and Wikipedia the Internet In order to prevent the unauthorized distribution of A Commission headed by the General Directorate of Windows 8 Beta, Microsoft used an automatic system Security upon instructions of the Turkish Prime Minister to identify infringing websites and submit DMCA take- proposed a “Draft Law on the Regulation of Informatics down notices to Google Search54. The filter did however Network Services and Informatics Crime”52 that would not distinguish piracy sites from news outlets and asked require Turkish Internet users to enter their ID and a pass- Google to censor websites like BBC, Wikipedia or the word to access the Internet “so that all the operations of Washington Post in various jurisdictions. Only websites Internet users can be recorded”. that appear to be whitelisted by Google were exempted from the automatic execution of DMCA requests.

REFERENCES

1 The National Business 7 TorrentFreak (5.10.2012). data protection previewed in 19 Twitter (10.10.2012). Twit- (11.10.2012). Dotcom lawyer Megaupload seized data case Google privacy policy investi- ter settings. makes new bid to have case will get a hearing, court rules. gation, says expert. thrown out, this time citing 20 Huffington Post (9.2.2012). delays. 8 Wired (18.10.2012). Megaup- 14 CNIL (16.10.2012). Google’s Brazil files Twitter injunction load is dead. Long live Mega! new privacy policy : incom- to take down roadblock warn- 2 TorrentFreak (23.10.2012). plete information and uncon- ing tweets. U.S. Court asked to release 9 Arstechnica (17.10.2012). trolled combination of data Megaupload search warrants. The Pirate Bay ditches its serv- across services. 21 Radio Netherlands ers, sets sail for the cloud. Worldwide (19.10.2012). French 3 TorrentFreak (18.10.2012). 15 The Guardian (16.10.2012). Jews to sue Twitter over anti- New Megaupload will deflect 10 ZDNET (16.10.2012). Google privacy policy Semitic tweets. copyright liability and become Google must review privacy slammed by EU data protec- raid-proof. policy, EU data regulators rule. tion chiefs. 22 Spiegel Online (18.10.2012). Micro-blogging first: twit- 4 Forbes (1.10.2012). PRQ, 11 CNIL (16.10.2012). Article 16 The New York Times ter blocks neo-nazi account in Web host for WikiLeaks and 29 data protection working (17.10.2012). Europe presses Germany. once for The Pirate Bay, raided party Google to change privacy by Swedish Police. policy. 23 The New York Times 12 CNIL (12.10.2012). Google (18.10.2012). Twitter blocks 5 Torrent Freak (17.10.2012). privacy policy: main findings 17 Twitter (26.1.2012). Tweets Germans’ access to neo-nazi Pirate Bay moves to cloud, and recommendations. still must flow. group. becomes raid-proof. 13 Out-Law (16.10.2012). 18 The Guardian (18.10.2012). 24 Arstechnica (18.10.2012). 6 Wikipedia (22.3.2014). Load Future of EU regulation of Twitter blocks neo-Nazi ac- Twitter blocks neo-Nazi ac- balancing. count in Germany. count in Germany—but not in rest of world. 50 25 terra (25.09.2012). 33 Reuters (25.4.2012). Law- dividuals should be classed as 48 European Commission Facebook terá de indenizar suit in NYC vs China, Baidu ‘personal data’, says EU privacy (23.10.2012). Online gambling brasileira por uso indevido de asks $17.44 mln. watchdog. in the Internal Market - Fre- imagem. quently asked questions. 34 Businessweek (2.10.2012). 41 CIO (15.10.2012). Cana- 26 The Times of India Baidu.Com Seeks to end suit dian, German data protection 49 Times of India (8.10.2012). (27.10.2012). Google held liable by Chinese American writers. watchdogs join forces. ‘Pakistan blocks 20,000 objec- by Victorian supreme court. tionable websites’. 35 Reuters (19.5.2011). 42 BBC (12.10.2012). Audio 27 ISP Liability (27.02.2012). Analysis: Uphill fight for Baidu, and video format blocked in 50 TorrentFreak (2.10.2014). Google Spain wins lawsuit China censorship lawsuit. Iran. RIAA targets foreign music over the “right to be forgot- download portals. ten” 36 Osgoode (3.6.2011). The 43 Calgary Herald (5.10.2012). great firewall of China In Google faces potential class- 51 Wikipedia (22.3.2014). 28 The Times of India American court. action over privacy concerns WHOIS (30.10.2012). Facebook fined in B.C. $1500 for moral damage. 37 The Guardian (19.5.2011). 52 Edri.org (19.10.2012). Turk- New Yorkers sue China over 44 TorrentFreak (5.10.2012) ish plans to use IDs for access- 29 Search Engine Land Internet censorship. Justice department educates ing the Internet (31.10.2012). Google loses foreign judges on piracy is- Australian defamation case, 38 The Herald (11.10.2012). sues. 53 ComputerWorld awaiting decision on damages. Victory over web reviews (4.10.2012). US agencies seize could lead to more legal ac- 45 UzNews.Net (11.10.2012) 686 websites accused of sell- 30 BBC (31.10.2012). Google tion. Uzbekistan toughens Internet ing fake drugs. loses Australia ‘gangland’ defa- censorship. mation lawsuit. 39 European Commission 54 TorrentFreak (7.10.2012). (5.10.2012). Opinion 08/2012 46 DataGuidance (12.10.2012). Microsoft DMCA notice 31 Justia.com (18.5.2011). providing further input on EU: Commission to issue ‘mistakenly’ targets BBC, Zhang et al v. Baidu.Com Inc. the data protection reform model cloud computing terms TechCrunch, Wikipedia and et al. discussions. by end of 2013. U.S. Govt.

32 The Globe and Mail 40 Out-Law.com (15.10.2012). 47 The Telegraph (11.10.2012). (19.5.2011). Baidu, China sued in Cookie identifiers and IP Anti-Islam film prompts Saudi U.S. for Internet censorship. addresses that single out in- call for net censorship body.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-october-references

51 NOVEMBER

1. Dutch government wants 2. Pakistani YouTube block to allow police to hack remains intact due to absence computers located in foreign of MLAT with US jurisdiction jurisdictions On September 17, 2012, the inter-ministerial committee The Dutch Minister of Security and Justice announced that includes the Inter-Services Intelligence, the ministry in a letter1 to the parliament the plan to draft a bill that of religious affairs and the IT ministry ordered the block would enlarge the investigative jurisdiction of the Dutch of YouTube in the Pakistani jurisdiction7 to render the law enforcement beyond the physical borders of the anti-Islam video “Innocence of Muslims” inaccessible. An Netherlands for serious cybercrime cases such as online official of the Pakistani IT ministry explained the ongoing pedophilia. According to the Dutch government, exist- block of the entire platform on grounds of one objection- ing national law has shortcomings2 to tackle cybercrime able video with the absence of a mutual legal assistance if data is stored on foreign servers and cybercriminals treaty (MLAT)8 between the Pakistani and US jurisdiction. are using anonymity networks such as The Onion Router3 Since Google judges that the video does not infringe (TOR). If the location of a server or computer related to its Terms of Service or Community Guidelines on hate an ongoing investigation can be identified, police forces speech, takedown requests under local law to YouTube, would still need to ask the respective countries for help which is incorporated in California, can only be enforced via mutual legal assistance treaties (MLATs). However, if through this mechanism. Therefore, Pakistani officials the location would be masked through anonymizers, the intend to prolong the platform block for an unspecific projected draft bill would allow police forces to hack into amount of time. MLAT procedures are potentially lengthy foreign computers and servers with corresponding court and the negotiation of the details of bilateral treaties orders. Dutch law enforcement could gather evidence on assistance in public and criminal law matters can take through the installation of monitoring software and years. render data stored in foreign jurisdictions inaccessible, or even delete it. Read further: The Express Tribune: Anti-Islam video: Government un- Read further: likely to lift YouTube ban9 Computerworld: Dutch government seeks to let law en- Washington Post: YouTube blocked in Pakistan 10 forcement hack foreign computers4 Vsocio: YouTube ban will continue due to lack of MLAT Slate: The Netherlands wants the power to “render inac- between Pakistan and the US11 cessible” data on foreign servers5 Radio Netherlands Worldwide: Dutch officials: waging cyber war or fighting crime?6

52 3. Localized cloud: Google 5. ICANN’s Government offers cloud SQL on servers Advisory Committee members in EU or US Jurisdiction issue Early Warnings on new Google announced12 that its revamped Cloud SQL offer gTLDs allows the choice for localized cloud architectures. Cus- Members of the Government Advisory Committee (GAC) tomers can now opt for data centers located either in the of ICANN have submitted 242 Early Warnings26 concerning European or US jurisdiction. Beyond increasing the speed 145 of the 1.930 applications27 for new generic Top Level of the cloud service for European customers through the Domains (gTLDs). The Australian Department of Broad- use of EU data centers, the geographic limitation to the band, Communications and the Digital Economy issued storage and processing of data is also a response to strict 130 warnings alone. India reacted to .islam and Argentina European data protection laws13. If European compa- to .patagonia. Other commented extensions include nies rely on cloud-based services outside the European .health, .sucks or .army. Some warnings also specified Economic Area to store and process personal data, they preferred jurisdictions for certain gTLDs. These submis- need to make sure that the servers involved are located in sions by GAC members from about 50 countries are not jurisdictions that provide adequate data protections. The binding for ICANN, but an information for the applicants. burden to “verify whether the cloud provider can guaran- More formal “GAC Advice” may be issued at a later stage. tee the lawfulness of any cross-border international data ICANN’s Board will then have to take these into consider- transfers”, as the EU Article 29 Working Group demands14, ation, but can, under certain conditions, overrule them. can hamper considerably the adoption of cloud services based on globally distributed server architectures. Read further: ICANN: GAC Early Warnings28 Read further: Guardian: Global government panel files web domain OutLaw: Google’s cloud database management service objections29 offers EU-only data storage and processing15 Intellectual Property Watch: Governments’ early warning Computing: Google allows customers to store data in notes issues on new Internet domains30 Europe16 GigaOM: Cloud players try to make sense of European 6. Facebook proposes to its data laws17 users to replace Terms of 4. New Megaupload registered Service votes in upcoming under New Zealand cc-TLD, policy changes after rejected Me.ga Facebook envisages to modify its Terms of Service docu- ments Statement of Rights and Responsibilities31 and Data Kim Schmitz envisages to relaunch Megaupload after the Use Policy32. As part of the policy changes, the platform platform has been sized in January 2012 in the US jurisdic- suggests to replace its current site governance structure33 tion where the .com TLD of the platform was registered with a new system based on direct feedback, instead and its data hosted. To escape the reach of the US juris- of votes. Under the current system, users can vote on diction, Schmitz tried to register the new service Mega policy changes if over 7.000 comments are registered on under the Gabon cc-TLD .ga. However, Gabon’s Commu- proposals. 89.000 posts34 from various jurisdictions were 18 nication Minister rejected me.ga since “Gabon cannot registered after a seven days comment period. Moreover, serve as a platform for committing acts aimed at violating Ireland35 demanded urgent clarifications on the proposed copyrights, nor be used by unscrupulous people”. Mega policy changes. will now be registered under New Zealand’s cc-TLD .co. nz19 and therefore be subject to New Zealand’s jurisdic- 7. New Google Transparency tion. Moreover, the platform will probably use servers lo- report shows increasing cated in the German jurisdiction20 to store uploaded and encrypted21 content, since a court in Frankfurt am Main requests from multiple declined legal assistance22 to the US for the investigation jurisdictions of Megaupload infringements. During the first half of 2012, Google received 20.938 re- quests for user data36, especially from the US, India Brazil, Read further: France, Germany and the UK. Content removal requests ArsTechnica: Kim Dotcom has new “Mega” domain, says by governments have increased by 70 percent between this one won’t be shut down23 2011 and 2012 to 1.791. A number of jurisdictions includ- ZDNet: Dotcom picks up New Zealand domain for storage ing Azerbaijan, Hungary and South Africa sent takedown site relaunch24 requests for the first time. Weekly requests for copyright The Register: Kim Dotcom’s new Mega site barred by take-downs37 increased by 1.600 percent between January Gabon25 and November 2012.

53 8. Russian Supreme Court 12. Skype discloses personal rules that ISPs are liable for information of Dutch providing access to illegal teenager to private company content A private Dutch security company, hired by PayPal to ISPs could loose their license in the Russian jurisdiction if investigate into cyberattacks related to the refusal of they provide access to content that is illegal under fed- Wikileaks donations, identified the Skype account of an eral law, the Russian Supreme Court ruled38. The decision implicated Dutch citizen. Skype disclosed the personal implies that in order to minimize legal risks, ISPs need to information46 of the 16 year old teenager without a court adopt proactive measures to ensure that illegal content is order, although its policy is “not to provide customer blocked, even before this content is added to the official data unless we are served with valid request from legal blacklist39 that was launched in November 2012. authorities, or when legally required to do so, or in the event of a threat to physical safety”. 9. US sanctions Iran for Internet censorship in its 13. Israeli Defense Force’s jurisdiction social media warfare might violate platforms’ Terms of The US State Department imposed sanctions40 on five public and private entities, as well as four individuals for Service restricting the Internet access in the Iranian jurisdiction in The Israeli army’s social media campaign that accompa- order to prevent the creation of an “electronic curtain”41. nied the interventions against Hamas might have violated Targets are, among others, the Ministry of Culture and the Terms of Service of the used cross-border platforms47. Islamic Guidance and the Center to Investigate Organized The Israeli Defense Force actively engaged on Twitter, Crime, as well as companies that monitor traffic and block Facebook and Flickr by posting updates and pictures of access to Facebook and YouTube in Iran. attacks. It remains questionable if social warfare infringes the platform policies on hate speech and incitement of 10. Plans for mandatory ISP violence.48 filtering scheme in Australian jurisdiction abandoned 14. Enforcement of Terms of Service: Facebook mistakenly The Australian government will no longer pursue the plan42 to introduce a mandatory filtering scheme in its removes picture of unveiled jurisdiction for websites that were rated “refused clas- woman sification” by the Australian Classifications Board. Instead, In reaction to reports on controversial content, Face- the government will oblige ISPs to block websites that book’s review team mistakenly deleted the picture49 of an are part of Interpol’s “Worst of” list43 of crimes against unveiled Syrian woman protesting for female rights in the children. group “The Uprising of Women in the Arab World”. More- over, Facebook suspended related accounts. Afterwards, 11. 132 domain names of the company stressed that the picture did not violate its counterfeit sites seized in US Terms of Service and pointed to multiple errors that oc- and EU jurisdiction curred within its content moderation procedures. Under the title “Project Transatlantic”44, the US Immigra- 15. Law Enforcement can tion and Customs Enforcement, Europol and law enforce- ment agencies from Belgium, Denmark, France, Romania access 180-day-old emails and the UK seized 132 domains45. The operation was part without court order in US of the Cyber Monday crackdown of the US law enforce- jurisdiction ment initiative “Operation in Our Sites”: over 1.630 According to the 1986 Electronic Privacy Communications domains under TLD registries located in the US ( including Act, US law enforcement agents can issue subpoenas to .com, .tv and .net) were seized since June 2010. The coop- service providers50 to hand over emails and other elec- erating European authorities took down 31 domain names tronic communications if they are older than six months. registered under .eu, .be, .dk, .fr, .ro and .uk. Therefore, the author of the 26-year-old bill proposes amendments51 to ensure due process and require warrants to access emails or Facebook messages.52

54 16. Twitter “withholds” DMCA involved are located in Manchester56. The defendants ac- cessed the servers from Singapore where they worked for flagged tweets, instead of a Dutch consultancy. They therefore claim that the case removing them should be heard in the Netherlands, not the UK. In order to increase the transparency of take-down requests53 and subsequent content removals, Twitter 19. Defamation and viral updated54 its policy. From now on, a placeholder tweet tweets: former UK politician informs readers that the original post has been removed demands apologies and due to “a report from the copyright holder”. Twitter with- compensation holds the tweet “until such time as we get (if we ever do) a valid counter-response from the user”. The former Tory treasurer Lord McAlpine filed a for- mal complaint against up to 10.000 Twitter users57 who 17. In German jurisdiction, tweeted false rumors about him being a pedophile. users who are exit nodes are The plaintiff’s lawyers claim that the 1.000 defamatory tweets and their 9.000 retweets are criminal offenses and liable for encrypted traffic in demands that Twitter users with less than 500 followers darknets formally apologize and donate58 a “sensible and modest A court in Hamburg ruled that a user of the file-sharing amount” to charity. Other users are “a separate matter“59. darknet RetroShare, a private and encrypted network, is It remains unclear if Twitter users outside the UK jurisdic- liable for copyright infringement since he acted as an exit tion will also be pursued. Requests for personal identifica- node55. The court argued that therefore, he passed on an tion data60 have to be issued to California-based Twitter encrypted and copyright protected song shared in the via the UK-US mutual legal assistance treaty. network. 20. Apple refuses to market 18. English High Court Danish Hippie bestseller as claims jurisdiction over e-book due to nude pictures infringements due to server Apple rejected the e-books and iPad apps61 of a bestsell- location in Manchester ing Danish author. The book on hippie culture features In a case involving former employees of a British com- nude pictures, which have been censored with red apples pany who illegally used the contacts database of their old by the publisher after Apple’s first refusal on grounds of employer, the High Court of England and Wales assumed its Terms of Service. However, Apple removed the adapt- adjudicatory jurisdiction over the breach of database ed e-books and apps after four days again from iTunes rights, confidence and copyrights, since the servers without further explanation and due process.

REFERENCES

1 Rijksoverheid (15.11.2012). 6 Radio Netherlands 11 VSocio (17.5.2011). Veena 16 Computing (27.11.2012). Wetgeving bestrijding cyber- (26.10.2012). Dutch officials: Malik is out of danger. Google allows customers to crime. waging cyber war or fighting store data in Europe. crime? 12 Google (8.11.2012). Get 2 Nu.nl (15.10.2012). Minister started at no cost with a fast- 17 Gigaom (26.9.2012). Fight- wants police to hack. 7 The Globe and Mail er, larger Cloud SQL database. ing FUD: cloud players try to (17.16.2012). Pakistan blocks make sense of European data 3 Wikipedia (26.3.2014). The YouTube over anti-Islam film. 13 Forbes (1.2.2012). Can laws. Onion Router. European firms legally use U.S. 8 Wikipedia (24.12.2012). clouds to store data? 18 BBC (7.11.2012). Megaup- 4 ComputerWorld Mutual legal assistance treaty load sequel faces Gabon’s (19.10.2012). Dutch government (MLAT). 14 European Commission suspension order setback. seeks to let law enforcement (12.11.2012). Data protection: hack foreign computers. 9 The Tribune (28.11.2012). Opinion and recommenda- 19 @KimDotcom (12.11.2012). Anti-Islam video: Govt un- tions. New Zealand will be the home 5 Slate (25.10.2012). The likely to lift YouTube ban. of our new website. Netherlands wants the power 15 Out-law (12.11.2012). to “render inaccessible” data 10 The Washington Post Google’s cloud database 20 Stuff (13.11.2012). Dotcom on foreign servers. (12.9.2012). YouTube blocked in management service offers seeks Kiwi domain for site Pakistan. EU-only data storage and relaunch. processing.

55 21 The Guardian (1.11.2012). 33 Tech Crunch (21.11.2012). agencies and Europol seize 132 tweets pulled down for copy- Kim Dotcom announces Mega, Facebook asks users if it can domain names selling coun- right (Update). successor to Megaupload. abolish their right to vote terfeit merchandise in ‘Project on future site governance Cyber Monday 3’ and ‘Project 54 @Jer (2.11.2012). We now 22 Kanzlei Dr. Bahr changes. Transatlantic’ operations. offer more #transparency in (9.11.2012). LG Frankfurt a.M: processing copyright reports Rechtshilfeersuchen wegen 34 Facebook (15.11.2013). Face- 45 Arstechnica (26.11.2012). by withholding Tweets, not Megaupload-Strafverfahren in book site governance. Feds seize 101 domains for removing. Deutschland unbegründet. counterfeiting in “Cyber Mon- 35 Bloomberg (22.11.2012). Pri- day” operation. 55 Torrent Freak (23.11.2012). 23 Arstechnica (12.11.2012). vacy watchdog seeks ‘urgent’ “Anonymous” file-sharing Kim Dotcom has new “Mega” details of Facebook changes. 46 Nu.nl (4.11.2012). Skype Darknet ruled illegal by Ger- domain, says this one won’t be hands 16-year-old’s personal man court. shut down. 36 Google (26.11.2012). Secu- information to IT company. rity and privacy. 56 Out-Law (12.11.2012). 24 ZDNet (12.11.2012). Dot- 47 All Things D (14.11.2012). Database supported by UK com picks up New Zealand 37 Google (26.11.2012). Trans- Social warfare: Israel live- servers means High Court can domain for storage site parency report. tweets its military campaign rule over alleged claims of relaunch. against Hamas. infringement, says judge. 38 The Moscow Times 25 The Register (7.11.2012). (26.11.2012). Court ruling ramps 48 The Atlantic (15.11.2012). 57 The Daily Mail (20.11.2012). Kim Dotcom’s new Mega site up pressure on internet pro- Does the Israel-Hamas inter- Lord McAlpine to ask police barred by Gabon. viders to block content. net war violate twitter’s terms to investigate Twitter gossips of service? who linked him to child abuse 26 ZDNet (21.11.2012). Gov- 39 BBC (1.11.2012). Russia scandal. ernment advisory agency files Internet blacklist law takes 49 Foreign Policy (14.12.2012). domain name protests effect. Why did Facebook censor this 58 The Guardian (20.11.2012). photograph? Lord McAlpine to donate 27 ICANN (20.11.2012). Ap- 40 U.S. Department of State tweeters’ payouts to Children plication status. (8.11.2012). Designations of 50 The Washington Post in Need. Iranian individuals and entities (29.11.2012). Keeping email 28 ICANN (20.11.2012). GAC for censorship activities under private. 59 The Independent early warnings. the Iran threat reduction and (19.11.2012). Can Lord McAlpine Syria human rights act and 51 Patrick Leahy (26.11.2012). the ‘technophobe treasurer’ 29 The Guardian (21.11.2012). executive order 13628. Comment of senator leahy really beat the Twitterati? Global government panel files on committee consideration web domain objections. 41 Arstechnica (9.11.2012). US of legislative updates to the 60 Wall Street Journal imposes sanctions on Iran for video privacy protection act (15.11.2012). Thousands May Be 30 Intellectual Property Internet censorship. and the electronic communi- Sued Over Twitter McAlpine Watch (21.11.2012). Govern- cations privacy act and release Allegations. ments’ early warning notes is- 42 ZDNet (8.11.2012). Aust of text of manager’s amend- sued on new Internet domains. govt dumps broad mandatory ment. 61 The Globe and Mail filter for Interpol block. (21.11.2012). Nudity, e-books 31 Facebook (15.11.2013). 52 The Hill (27.11.2012). Leahy and censorship: How Apple Statement of rights and re- 43 Interpol (26.11.2012). Ac- keeps tough protections in became Big Brother. sponsibilities. cess blocking. email privacy bill.

32 Facebook (15.11.2013). Data 44 ICE (26.11.2012). ICE, 53 Gigaom (4.11.2012). New use policy. European law enforcement Twitter policy lets users see

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-november-references

56 DECEMBER

1. WCIT divided over 2. Google Sites block in ITU’s AUTHORITY on Turkish jurisdiction violated telecommunications and the freedom of expression, Internet European Court of Human Rights ruled Representatives of 193 jurisdictions, who gathered in Dubai for the World Conference on International Tele- On December 18, 2012, the European Court of Human 11 communication (WCIT) to negotiate a new International Rights pronounced its judgment in the case Ahmet Telecommunications Regulations (ITR) treaty under the Yildirim v. Turkey. The court decided that Turkey’s deci- auspice of the ITU, could not agree on a common text. sion to block Google Sites in its jurisdiction was violating Diverging conceptions of the role of the ITU and national the freedom of expression provisions of the European 12 sovereignty in the regulation of the Internet led to new Convention on Human Rights’ Article 10 . On June 23, ITR provisions1 that were not signed by a number of coun- 2009, the Denizli court ordered to block the entire tries including2: US, UK, Canada, Japan, Australia, Germa- service Google Sites to enforce local laws over one blog, ny, France, Kenya, Sweden, the Netherlands, Qatar, Poland which insulted Mustafa Kemal Atatürk – a criminal of- and the Philippines. Among the hotly debated topics were fense in Turkey. As a consequence of this measure, Ahmet three issues that caused particular tension: The definition Yilidirim’s legal Google Sites blog was rendered inacces- of “operating agencies”3, the notion of “the sender pays”4 sible, too. The European Court of Human Rights issued a and a proposal on the sovereign right to regulate “the na- 8.500 Euros fine for Turkey and stressed the need for a tional Internet segment”5. The negotiations stalled further “strict legal framework regulating the scope of the ban as the chair asked for the “sense of the room” on a resolu- and affording the guarantee of judicial review to prevent tion about non-discriminatory access to networks, which possible abuses”. many countries perceived afterwards as a disguised vote. Prior to the WCIT meeting, both the European Parliament6 Read further: 13 and the US Congress7 issued resolutions that called for Hürriyet: Euro court fines Turkey for Internet restriction the ITU’s non-interference in Internet governance. EFF: European Human Rights Court finds Turkey in viola- tion of Freedom of Expression14 Read further: TechDirt: European Court of Human Rights Reinforces 15 The Register: UN telecoms talks founder as US, UK, right to access online content Canada and Aussies quit8 CNET: U.N. summit’s meltdown ignites new Internet Cold War9 IP Watch: WCIT split after split “vote” on Internet Gover- nance10

57 3. Facebook’s privacy policy: 5. China targets VPNs to Austrian student group prevent cybertravel out of its prepares to challenge Irish jurisdiction DPA in court China upgraded its national blocking system. It now can The Austrian privacy association “europe v. facebook” discover and prevent connections via virtual private announced on December 4, 2012 its intention to chal- networks (VPNs)28, which allow users to bypass national lenge the Office of the Irish Data Protection Commis- content blocks. Chinese ISPs are cutting off detected sioner (DPCI) over Facebook’s privacy policy in court. The unauthorized VPN connections, which are illegal in the student group led by Max Schrems has not been satisfied China29. Companies that want to operate a VPN service by the audit16 the Irish regulator conducted of Facebook’s for Chinese users are obliged to register with the Chinese Dublin based global headquarters. They plan to appeal Ministry of Industry and Information Technology. Popular the DPCI’s decisions, claiming the privacy watchdog “has VPN services incorporated in foreign jurisdictions did not not always delivered solid and fact based results”17 and do this in the past. The new policy not only impacts upon did not yet resolve the list of 22 complaints18 issued by the ability of users to cybertravel to foreign, blocked Schrems. According to the association, such a process websites, but also affects businesses that work via VPNs. could reach the European Court of Justice and lead to a landmark decision on privacy regulation. A crowd-funding Read further: website19 was created to collect the necessary resources Guardian: China tightens ‘Great Firewall’ Internet control for the student group. with new technology30 TechCrunch: China is cracking down on VPNs31 Read further: Bloomberg: How China is sealing holes in its Internet New York Times: Law students in Austria challenge Face- firewall32 book privacy policy20 Reuters: Student group to go to court over Facebook 6. EU’s privacy regulators privacy policy.21 envisage enforcing local Wired: How much data did Facebook have on one man?22 laws based on data center locations 4. UK Pirate Party shuts down circumvention proxy in The European Article 29 Working Party apparently consid- ers the possibility to enforce national privacy laws via the British jurisdiction after location of data centers in a given jurisdiction33. This move legal threats could be part of the ongoing investigation in Google’s The British Pirate Party decided on December 19, 2012 to privacy policy that was updated in March 2012. Ireland, shut down a proxy on its website23 that offered Internet Belgium, as well as Finland could be possible jurisdictions users within the British jurisdiction the possibility to for new examinations, since the company operates serv- circumvent the country-wide ISP domain block of the ers on their territory. torrent search engine “The Pirate Bay”. After ignoring a first demand by the British Phonographic Industry (BPI) in 7. With low turnout, November 2012 to close the web proxy, it was taken of- Facebook users abolish their fline after the BPI threatened to file legal actions against right to vote on Terms of the party leaders. However, shortly after the British web Service changes proxy disappeared, new ones were created by the Pirate Parties of Argentina and Luxemburg24, which equally allow On December 10, Facebook closed the vote on a pro- British residents to access the blocked website. posed change to its privacy policies. Over 580.000 users opposed the new policies and 80.000 users were in favor Read further: of them. The update included the replacement of the Arstechnica: BPI requests UK Pirate Party shut down Pirate platform’s vote on policy changes34 with a new feedback Bay proxy25 mechanism. With 0.07 percent, the turnout remained BBC: Pirate Party threatened with legal action over Pirate largely below the required threshold of 30 percent of all Bay proxy26 global Facebook users and was therefore not binding. TorrentFreak: Music industry threatens to bankrupt Pirate Party members27

58 8. Schleswig-Holstein’s DPA diction. According to the DPA it is ”unacceptable that a concerned about potential US portal like Facebook violates German data protection EU privacy laws breach of law”. Facebook could be fined €20.000 in case of non- Google Maps for iOS compliance within two weeks. The Independent Center for Privacy Protection of the 13. Italian ISPs ordered to German state Schleswig-Holstein says a new Google Maps block two torrent websites application for Apple’s iOS may violate European data The Vallo della Lucania Court has ordered Italian ISPs41 to protection laws35. The DPA criticizes that Google sets on block both the domain names and IP-addresses of the two the option of sharing anonymized location data with the popular torrent websites torrentreactor.net and torrents. company by default, which contravenes EU laws. More- net. Three other torrent libraries are already blocked in over, the watchdog claims that Google cannot guarantee the Italian jurisdiction. complete anonymity to its users. 9. Facebook aides US law 14. European Registry of enforcement to bust Internet Domain Names puts cybercrime rings in seven torrent websites on hold jurisdictions After the Novmber 2012 piracy crackdown42 on the DNS by US and Europe, EURid, the manager of the .eu TLD, has The security team of Facebook supported an ongoing in- put several torrent websites “on hold”43. Although the 36 vestigation by the FBI in cooperation with other national domains remain online, they “may not be traded or trans- law enforcement agencies to bust cybercrime rings in Bos- ferred pending the outcome of legal activity”. nia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the U.K. and the U.S. The criminals used the malware “Yahos” to infect 11 million computers. Facebook helped 15. Automation errors: Movie “to identify the root cause, the perpetrators, and those companies issue DMCA notices affected by the malware” that also targeted accounts on on own online content its platform. Several movie studios, which employ automatic filters to issue DMCA takedown notices, have requested Google 10. US law for warrantless to de-index44 not only legal copies of their films, but also electronic surveillance their official Facebook pages and news pieces on their of communications with activities. It rests unclear if the notices are fraudulent. foreigners re-approved 16. Web designer convicted The US Senate voted for the five-years extension37 of the FISA Amendments Act,38 which allows US authorities to for building torrent website intercept electronically and without a warrant all com- for clients in Swedish munications via email or phone from US soil with non-US jurisdiction residents, as long as the privacy of US citizens involved in A Swedish web designer, who was hired to create a tor- the monitoring is protected. rent website that shared e-textbooks for students, was sentenced by the Court of Appeal45 to 75 hours of unpaid 11. Irish High Court to decide work and 42.000 kronor in damages for assisting in copy- about ISP blocks of The Pirate right infringement. In April 2012, a District Court argued Bay for his innocence since he did not actively operate the website. Major record labels are pressuring ISPs in the Irish jurisdic- tion to block The Pirate Bay to combat online piracy. New proceedings39 before the Irish High Court are seeking an 17. Crowdsourced Magna injunction to force four local ISPs to block the website. Carta for Internet Freedom The ISP UPC refuses to comply with the demands without proposed in Philippine a court order. jurisdiction A senator has proposed46 a “Magna Carta for Philippine 12. Facebook ordered by Internet Freedom”. The bill that could become the first German privacy watchdog to crowdsourced law47 in the Philippines is a response to allow PSEUDONYMS the controversial Cybercrime Prevention Act, which was stopped by the Supreme Court. It foresees, among others, On December 18, 2012, Facebook has been ordered by the mandatory court orders to take down websites and treats Independent Center for Privacy Protection of the Ger- online defamation as a civil liability. man state Schleswig-Holstein to allow pseudonyms for its online service40, as required by law in the German juris-

59 18. Tajikistan blocks Facebook which is operated by US-based company Verisign. Moore in its jurisdiction therefore intends to benefit from local legal protections: Section 230 of the US Communications Decency Act Authorities in Tajikistan have decided to block Facebook48 exempts website owners from liability for content that is in their jurisdiction to prevent the spread of “mud and posted by third parties. slander”. Tajikistan already blocked the social network in March 2012 for 10 days. 20. German consumer group sues Facebook Ireland over 19. Hunter Moore launches App Center in Berlin court new highly controversial The Federation of German Consumer Organizations is website under US law taking legal action against Facebook Ireland50, the Dublin Hunter Moore, the creator of isanyoneup.com has based entity that is responsible for all users outside the launched a new website49 under huntermoore.tv that is US and Canada, before a regional court in Berlin. They designed to post nude pictures, often without the con- claim that Facebook continues sharing personal data with sent of potential victims. The globally available website the operators of third-party applications without the is registered in the US jurisdiction under Tuvalu’s cc-TLD, explicit consent of Facebook users.

REFERENCES

1 World Conference on 10 Intellectual Property 17 Register (4.12.2012). Irish 26 BBC News (10.12.2012). International Telecommunica- Watch (13.12.2012). WCIT split data-cops ‘fooled’ by Face- Pirate Party threatened with tions (WCIT-12) (14.12.2012). after split “vote” on internet book, claims Austrian privacy legal action over Pirate Bay International telecommunica- governance resolution. group. proxy. tion regulations. 11 European Court of Human 18 Facebook (4.12.2012). Re- 27 TorrentFreak (15.12.2012). 2 Techdirt (14.12.2012). Who Rights (18.12.2012). Restriction sponse to “Audit”. Music industry threatens to signed the ITU treaty… and of Internet access without a bankrupt pirate party mem- who didn’t. strict legal framework regulat- 19 Crowd4Privacy (2012). bers (updated). ing the scope of the ban and Joining forces for online 3 .Nxt (10.12.2012). WCIT affording the guarantee of privacy! 28 CNet (17.12.2012). China splits over the issue of “oper- judicial review to prevent reinforces its ‘Great Firewall’ ating agencies”. possible abuses amounts to 20 The New York Times to prevent encryption. a violation of freedom of (4.12.2012). Law students in 4 The Guardian. (3.12.12). ITU expression Austria challenge Facebook 29 Global Times (14.12.2012). and Google face off at Dubai Privacy Policy. Foreign-run VPNs illegal in conference over the future of 12 Council of Europe. China: govt. the internet. (1.6.2010). Convention for the 21 Reuters (4.12.2012). protection of human rights corrected-update 2-Student 30 The Guardian (14.12.2012). 5 Deutsche Welle (3.12.12). and fundamental freedoms. group to go to court over China tightens ‘Great Firewall’ UN’s WCIT summit opens, dis- Facebook privacy policy internet control with new cussing Internet regulation. 13 Daily News (19.12.2012). technology. Euro court fines Turkey for 22 Wired (28.12.2012). How 6 PCWorld (22.12.2012). Euro- Internet restriction. much data did Facebook have 31 Tech Crunch (19.12.2012). pean Parliament: Stop the ITU on one man? 1,200 pages of China is cracking down on taking over the Internet. 14 Electronic Frontier Foun- data in 57 categories. VPNs (but Xinhua news is still dation (18.12.2012). European Tweeting). 7 The Register (5.12.2012). En- human rights court finds tur- 23 Wired (20.12.2012). Pirate tire US Congress votes against key in violation of freedom of Party permanently pulls plug 32 Bloomberg View. ITU control of Internet. expression. on Pirate Bay proxy. (30.12.2012). How China is sealing holes in its Internet 8 The Register (14.12.2012). 15 Techdirt (21.12.2012) Euro- 24 Gizmodo (24.12.2012). firewall. UN telecoms talks founder as pean court of human rights Surprise! Chopping Down One US, UK, Canada and Aussies reinforces right to access Pirate Proxy Makes Two More 33 The New York Times quit. online content. Appear. (7.12.2012). Dismayed at Google’s Privacy Policy, 9 CNET (17.12.2012). U.N. sum- 16 Edri.org (26.9.2012). Face- 25 Arstechnica (1.12.2012). BPI European group is weighing mit’s meltdown ignites new book gives up face recognition requests UK Pirate Party shut censure. Internet Cold War. in Europe. down Pirate Bay proxy.

60 34 ComputerWorld 38 FISA Act (10.07.2008). 43 TorrentFreak (1.12.2012). 47 Global Voices (12.12.2012). (10.12.2012). Vote ends on Foreign intelligence surveil- Top Bittorrent sites have Netizen report: Magna Carta Facebok privacy changes, for lance act of 1978 amendments domains put on hold pending Edition. good. act of 2008. legal action. 48 Reuters (27.11.2012). Tajiki- 35 ComputerWorld 39 The Irish Times (12.7.2012). 44 TorrentFreak (3.12.2012). stan blocks Facebook access (14.12.2012). Google Maps ISP blocks for The Pirate Bay. Movie studios ask Google to to silence critics. for iPhone violates European censor their own films, Face- data protection law, German 40 BBC News (18.12.2012). book and Wikipedia (updated). 49 The Guardian (6.12.12). watchdog says. Germany orders changes to Hunter Moore of IsAnyoneUp. Facebook real name policy. 45 TorrentFreak (20.12.2012). com announced new revenge 36 ComputerWorld Court sentences web designer porn website. (12.12.2012). US law enforce- 41 TorrentFreak (4.12.2012). for creating infringing torrent ment busts cybercrime rings Italian court orders nation- site. 50 ComputerWorld (7.12.12). with help from Facebook. wide block of torrentreactor Facebook sued over App Cen- and torrents.net. 46 Inquirer.net (1.12.2012). ter data sharing in Germany. 37 Wired.com (28.12.2012). Santiago proposes Magna Senate approves warrantless 42 CNet (27.12.2012). Feds Carta for Internet. electronic spy powers. kick off Cyber Monday coun- terfeit crackdown.

FIND ALL LINKS TO THESE ENDNOTES ON OUR WEBSITE: www.internetjurisdiction.net/observatory/ retrospect/2012-december-references DESIGN: ANDREAS B. KRUEGER – www.andreasbkrueger.com A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS A GLOBAL MULTI-STAKEHOLDER DIALOGUE PROCESS

INTERNET & ABOUT JURISDICTION OBSERVATORY

The Internet & Jurisdiction Project facili- The members of the Internet & Jurisdiction Observatory tates a global multi-stakeholder dialogue network provide expert input into the global multi- process to address the tension between stakeholder dialogue process and help the Internet the cross-border nature of the Internet & Jurisdiction Project to detect trends related to the and geographically defined national ju- tension between the cross-border nature of the Internet risdictions. It provides a neutral platform and national jurisdictions around the world. Based on a for international organizations, states, progressive crowd-based filtering process, they identify business and civil society to discuss the most relevant cases. This ranking is the backbone the elaboration of a transnational due of the Internet & Jurisdiction Retrospect, our monthly process framework to handle the digital newsletter that informs the different stakeholders coexistence of diverse national laws in who participate in the ongoing dialogue process about shared cross-border online spaces. emerging trends.

download the pdf of 2012 in Retrospect: www.internetjurisdiction.net/observatory/2012-retrospect.pdf

The Internet & Jurisdiction Project is a not-for-profit project. Since its launch in 2012, it has been made possible thanks to contributions by: AFNIC (France’s ccTLD .fr), auDA (Australia’s ccTLD .au), CGI.br (Brazilian Internet Steering Committee) /NIC.br (Brazil’s ccTLD .br), CIRA (Canada’s ccTLD .ca), Facebook, Google, Internet Society (ISOC), Public Interest Registry (Manager of .org), Sigrid Rausing Trust, Swiss Confederation – Federal Office of Communications OFCOM, Verizon, Walt Disney Company

www.internetjurisdiction.net Twitter : @IJurisdiction 64